OCS 2007 R2 Clients cannot connect to Lync Server due to authentication Service incompatibility

After migrating to Lync 2010 server some of my client users where not able to log in using OCS 2007 R2 clients due an incompatibility in the Authentication Service version.

I have checked the OCS 2007 R2 client logs, by browsing to %userprofile%\tracing\Communicator-uccapi-0.uccapilog and noticed the following error

010/08/2010|11:51:55.781 E0C:14A8 INFO :: SIP/2.0 401 Unauthorized

WWW-Authenticate: NTLM realm=”SIP Communications Service”, targetname=”ucpool01.domain.local”, version=3

WWW-Authenticate: Kerberos realm=”SIP Communications Service”, targetname=”sip/ucpool01.domain.local”, version=3

From: ;tag=0dfd67a1ae;epid=25146a3d89

To: ;tag=FE8330E7938421099565E2F826F50152

Call-ID: bfd8ba7df3a14c8d942c29ae1b6650f6


Via: SIP/2.0/TLS xx3.xx8.75.25:8221;received=zz9.6.zz2.43;ms-received-port=8221;ms-received-cid=670EF00

ms-diagnostics: 1000;reason=”Final handshake failed”;source=”ucpool01.domain.local”;HRESULT=”C3E93EC3(SIP_E_AUTH_UNAUTHORIZED)”.

Content-Length: 0

my researches showed that this behaviour is related to the authentication mechanism that is being used with the Lync server.

since the lync server is installed on windows 200 R2 the windows 2008 R2 by default has NTLM 128 bit requirement enbaled and doesn’t accept NTLM v2 requests. this wasn’t the case with windows xp and windows server 2003 so in order to solve the issue I had to do the one of the following

– Enable NTLM v2 on the client side

– Disable NTLM 128 bit requirements on the Server side

for detailed steps how this can be done please follow the following link


Experienced Consultant Team Lead with a demonstrated history of working in the information technology and services industry. Skilled in Azure, Skype for Business, SQL Server, Iaas, Saas, PaaS, ITIL, Microsoft Solutions, and Servers. Strong information technology professional, technology passionate.

Posted in Messaging & Collaboration Tagged with: , , , ,

Leave a Reply

Your email address will not be published. Required fields are marked *