After migrating to Lync 2010 server some of my client users where not able to log in using OCS 2007 R2 clients due an incompatibility in the Authentication Service version.
I have checked the OCS 2007 R2 client logs, by browsing to %userprofile%\tracing\Communicator-uccapi-0.uccapilog and noticed the following error
010/08/2010|11:51:55.781 E0C:14A8 INFO :: SIP/2.0 401 Unauthorized
WWW-Authenticate: NTLM realm=”SIP Communications Service”, targetname=”ucpool01.domain.local”, version=3
WWW-Authenticate: Kerberos realm=”SIP Communications Service”, targetname=”sip/ucpool01.domain.local”, version=3
CSeq: 3 REGISTER
Via: SIP/2.0/TLS xx3.xx8.75.25:8221;received=zz9.6.zz2.43;ms-received-port=8221;ms-received-cid=670EF00
ms-diagnostics: 1000;reason=”Final handshake failed”;source=”ucpool01.domain.local”;HRESULT=”C3E93EC3(SIP_E_AUTH_UNAUTHORIZED)”.
my researches showed that this behaviour is related to the authentication mechanism that is being used with the Lync server.
since the lync server is installed on windows 200 R2 the windows 2008 R2 by default has NTLM 128 bit requirement enbaled and doesn’t accept NTLM v2 requests. this wasn’t the case with windows xp and windows server 2003 so in order to solve the issue I had to do the one of the following
– Enable NTLM v2 on the client side
– Disable NTLM 128 bit requirements on the Server side
for detailed steps how this can be done please follow the following link