Lync Common Area Phone Login fail

Hi,

i set up a test common area phone with the guide from jeff schertz (http://blog.schertz.name/2011/04/common-area-phone-configuration-in-lync/).

but when i make start a test login with "Test-CsPhoneBootstrap -PhoneOrExt 7521 -PIN 1234" i get the following error:

TargetUri  : https://lyncpool.intdomain.local:443/CertProv/CertProvisioningService.svc
TargetFqdn : lyncpool.intdomain.local
Result     : Failure
Latency    : 00:00:02.5211487
Error      : ERROR - No response received for Web-Ticket service.
             Inner Exception:The HTTP request is unauthorized with client authentication scheme 'Basic'. The authentica
             tion header received from the server was 'Basic realm ="LYNCServer01"'.
             Inner Exception:The remote server returned an error: (401) Unauthorized.

Diagnosis  :

Basic Auth Feature is installed in IIS WebServer Role and /CertProv IIS WebSiteDirectory is als activated for Basic Auth with DefaultDomain: intdomain and Realm: intdomain.

Thanks in advance for help!

March 5th, 2012 9:51am
If you run a 'Get-CsWebServiceConfiguration' cmdlet in the Lync Server Management Shell what is the current value of the UseWindowsAuth setting?  It should be at the default value of Negotiate but it yours set to NTLM by chance?
Free Windows Admin Tool Kit Click here and download it now
March 6th, 2012 7:36pm

Hi Jeff,

thanks for reply. Yes mey UseWindowsAuth Value is set ti Negotiate.

Get-CsWebServiceConfiguration
Identity                             : Global
TrustedCACerts                       : {}
MaxGroupSizeToExpand                 : 100
EnableGroupExpansion                 : True
UseWindowsAuth                       : Negotiate
UseCertificateAuth                   : True
UsePinAuth                           : True
AllowAnonymousAccessToLWAConference  : True
EnableCertChainDownload              : True
InferCertChainFromSSL                : True
CASigningKeyLength                   : 2048
MaxCSRKeySize                        : 16384
MinCSRKeySize                        : 1024
MaxValidityPeriodHours               : 8760
MinValidityPeriodHours               : 8
DefaultValidityPeriodHours           : 4320
MACResolverUrl                       :
SecondaryLocationSourceUrl           :
ShowJoinUsingLegacyClientLink        : False
ShowDownloadCommunicatorAttendeeLink : False
March 6th, 2012 8:55pm

Hi,

Please make sure the Basic Authentication is disabled in WebTicket Authentication. If it is enabled, you will get this error. Please check it.

Please make sure you use DHCPUtil to Configure DHCP options successfully.

Free Windows Admin Tool Kit Click here and download it now
March 7th, 2012 3:08am

Hi Sean,

on the /webTicket WebDirectory Basic Auth is deactivated. DHCPUtil had successful configured the DHCP Option, the our CX600 can all successfully sign in with Extension + PIN Auth and USB Tethering

March 7th, 2012 11:22am

Upon closer inspection I see you are using my example command verbatim from my article which would not work unless you defined the same Extension and PIN to the user.  The (401 Unauthorized) error usually means exactly that, the user authentication failed.  You need to setup an account and then define the PIN to use the Test cmdlet.

Free Windows Admin Tool Kit Click here and download it now
March 7th, 2012 4:16pm

hi Jeff,

i your post this only as example.

i use "Test-CsPhoneBootstrap -PhoneOrExt 428 -PIN 131590" in my enviroment

March 7th, 2012 4:18pm
OK, I would suggest resetting the PIN just to make sure due to the 'Unauthorized' error.
Free Windows Admin Tool Kit Click here and download it now
March 7th, 2012 4:25pm

sometimes the simplest things are the best ;-)

reset if the pin works, now the

Test-CsPhoneBootstrap was successfully!

TargetUri  : https://lyncpool.indomain.local:443/CertProv/CertProvisioningService.svc
TargetFqdn : lyncpool.intdomain.local
Result     : Success
Latency    : 00:00:13.8159090
Error      :

Thanks Jeff!

March 7th, 2012 4:29pm

Hi Jeff,

Pin reset idnot work in our case, even we reset and try with the correct pin it says incorrecct pin or ext and when we run the bootstrap command this is what we get

Result     : Failure
Latency    : 00:00:02.2693758
Error      : ERROR - No response received for Web-Ticket service.
             Inner Exception:The HTTP request is unauthorized with client authen
             tication scheme 'Basic'. The authentication header received from th
             e server was 'Basic realm ="LYNCSERVER"'.
             Inner Exception:The remote server returned an error: (401) Unauthor
             ized.

Any suggestion what can be done next?

Free Windows Admin Tool Kit Click here and download it now
May 15th, 2015 5:15am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics