Lync 2013 Client and Proxy Prompting issue

~ northernuc

Good Afternoon All

Following the addition and implementation of your Lync 2013 estate.

What is seen to becoming an annoyance for a lot of customers and people is the forthcoming Lync 2013 client deployment and the new adhoc ‘feature’ which is when you log onto the client and your company uses a web proxy OR has a proxy pac working internally, your user is prompted for additional higher privileged credentials. If the user simply ignores this prompt it will continue to plague them until they do enter the higher AD user privileges.

This is a new ‘feature’ which wasn’t seen with Lync 2010, so why is it happening now with Lync 2013.?

Simple answer is Microsoft has changed the logic for the client login routing. Now with Lync 2013 it firstly checks some HTTP addresses to locate the Lync 2013 registrar information, then if that fails it then by design it goes away and looks for the DNS records. (The DNS way is the way Lync 2010 works by default).

So why the change? Im not 100% sure why MS changed the logic, but all I know is the issue, its cause, and more importantly how to fix the issue and stop the prompting.

Firstly how to replicate the issue, so that you can retest after the fix.

Log into the client, then sign out and you will be back at the login page with the option to delete your sign in information like below

Image

Once the users information has been deleted, then sign in again.. at this point you will be prompted with your proxy auth dialogue box.

Now using your proxy pac amend/Match the URLS below to exclude/ignore

http://lyncdiscover.<sipdomain&gt; ie: http://lyncdiscover.northernlync.co.uk

now do the same for the other two addresses, so I total it should look like this

http://lyncdiscover@<sipdomain>

http://lyncdiscoverinternal@<sipdomain>

http://autodiscover@<sipdomain>

If you exclude these from your proxy checking the issue simply goes away.

As for Lync 2010 on start-up the client doesn’t check for any of the above HTTP addresses.

My gut feeling (I could be wrong) is MS have gone with one code base for the 2013 desktop client and the mobile client for windows 8 which would use these settings remotely

****UPDATE 5th July 2013

excluding lyncdiscover, lyncdiscoverinternal and autodiscover from your proxy authentication process is not sufficient in some cases.
You also need to exclude following urls:
– front end pool fqdn
– sip domain
– sqm.microsoft.com
A url http://sqm.microsoft.com/sqm/wm/sqmserver.dll is called during Lync 2013 client startup process.

Regards

Iain Smith

Published by northernuc

8 thoughts on “Lync 2013 Client and Proxy Prompting issue

  2. Good Morning
    what you need to do is add the detailed URL’s as exceptions to your Proxy-authenticfication. Once youve done this rerun fiddler and you should see all the URL’s routing successfully.
    Regards
    Iain Smith

    Reply

  4. We use Lync as part of the O365 offering (Lync 2013 clients installed locally on PCs). Since our exchange online mailboxes have been upgraded by MS to 2013 we are having issues with the Lync clients connecting to EWS which results in an inability to see contacts or add contacts. We point all our clients out over a proxy with only ports 80 and 443 opened on our firewall.

    Do you have any experience of Lync on O365 over a proxy?

    Reply

      1. Syncing. The issue seems to be that the client is trying to go direct to the internet rather than over the proxy for it’s EWS info. Once the client has that info it caches it and everything is fine after that – it’s that initial communication that is not getting through.

        I’ve set a registry value on the client to force it over the proxy but I can still see attempts to go direct using Netmon.

  5. Pingback: Lync 2013 – Removing the Proxy Authentication Prompt at login — Fixed in Septembers Lync Client Update– | NorthernLync
  6. Pingback: Lync 2013 und Client Proxy… | MSLync

Leave a comment