Lync causing account lockouts

Did som esearching before i posted this thread but since I did not find any answers I made it.

Im having trouble with Lync causing account lockouts for domain users. This is a very big problem many users have this issue. 

The clients are mixed Windows 7 and Windows XP and both of them are affected. 

The signing in to Lync is fine and the users can use Lync as normal but after a little while the account becomes locked. I know Lync is causing this cause if you dont run Lync the account will remain unlocked. 

Also if I turn off the "Personal Information Manager" inside Lync no more failed authentications is sent, where does this feature get it's credentials?

I have compared two clients one with the problem and one without it, the client with the problem has not got the Registry value "AccountPassword" but it has the value "SavePassword" set to 1. 

Computer without the problem has got the "AccountPassword" value and "SavePassword" set to 1. 

Some computers does not have "AccountPassword" value but they have "SavePassword" set to 0.

So the client with the problem can this "SavePassword" set to 1 cause the problem since "AccountPassword" value is not set?

I can solve this problem my giving users a new profile on the local computer so the problem is definetely on a user level. Reinstall of Lync wont resolve the issue so again the question where does this Personal Information Manager get it's gredentials?

March 20th, 2013 6:15am

Hi

I've seen this issue ones and we updated the client and the problem was gone. They actually had "vanilla" installation on al of thoose clients experiencing the problem, updated to cu 4 at that time and the problem was gone.

We did a unistall of each program untill we found Lync as the common problem solver.

I'd use the Find Lync version to verify what version the clients are using.

Free Windows Admin Tool Kit Click here and download it now
March 20th, 2013 12:57pm

Unfortunately I am working in such an environment that we cannot just update the Lync client over night, 15000 clients maybe more. 

I really dont think it should be so hard to find a solution to this and fix it with group policy.

But I need some deeper knowledge about Lync and what might be causing the problem

March 28th, 2013 6:31am

Can you get snooper running on the machine and get a dump of the output. 

Are the users using roaming profiles?

What version of Lync client are you using?

Free Windows Admin Tool Kit Click here and download it now
May 1st, 2013 5:05am

Hi,

I had the same issue with one of the customer and found out that Lync was causing the account lockout.

Please follow the link.

http://community.office365.com/en-us/forums/166/t/146804.aspx

Lync will generally prompt for the following reasons: 
Outlook and Lync aren't communicating together correctly.  
The Exchange Server or the mailbox is unavailable.  
Exchange Web Services are inaccessible.  
A proxy or firewall is blocking ports that Microsoft Lync has to have open to connect to Exchange Web Services. 

Resolution for Lync 2013: Delete sign in information
=======================================
During the sign in process, Lync 2013 caches your credentials and other information about its connection to Lync Online. If you have trouble signing in to Lync Online, click Delete my sign-in information and Lync 2013 will automatically remove any saved password, certificates, and connection settings for the user account.

Resolution for Lync 2010
====================
To have us fix the problem for you, go to the "Fix it for me" section. If you prefer to fix this problem yourself, go to the "Resolutions for Lync 2010 and Lync 2103" section.

Resolutions for Lync 2010 and Lync 2103
===============================
If you're using Lync 2010, delete the Lync Online personal certificate and then download a new one. Be aware that when the user clicks Save Password in Lync 2010, this action also saves the certificate in Windows Certificate Manager.

If you're running Windows 7, remove the users stored credentials in Windows Credential Manager. 
To do this, follow these steps:
a.Open Control Panel, and then click Credential Manager. 
b.Locate the set of credentials that's used to connect to Lync Online. 
c.Expand the set of credentials, and then select Remove from Vault. 
d.Try to sign in to Lync Online again, and then type your new set of credentials.

Note: These steps aren't necessary in Lync 2013 because the steps that were previously mentioned that delete sign in information removes the certificates automatically.


May 20th, 2013 6:57am

Here is a fix that I got from the MS website and adapted. Hope it works for you!

1. Close Lync and make sure the account is not locked. 
2. Delete the certificate in Windows Certificate Manager with follow these steps:
a. Open Windows Certificate Manager. To do this, press Windows + R, type certmgr.msc, and then clickOK.
b. Expand Personal, and then expand Certificates.
c. Sort by the Issued By column, and then look for a certificate that's issued by Communications Server.
d. Delete all the certificates in the list issued by Communications Server
3. Logon on to Lync (You may be asked for password and get locked out one more time.)

Free Windows Admin Tool Kit Click here and download it now
June 23rd, 2015 10:33am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics