Hello,

We have an issue with one of our users. He is able to use Lync through OWA but not with Lync 2010 client. Our infrastructure is Lync Server 2013 On-Premise + Exchange 2010 On-Premise.

I tried to sign-in my own computer with his account without success.

I got this error :

"Sign-in didn't work.

You didn't get signed in. It might be your sign-in address or logon credentials."

I already deleted then recreated his Lync account with the Lync Control Panel, but it did not resolve the issue. I know that this user has a previous Lync account on another domain on our AD forest that has been deleted.

Does anyone have an idea or where to look for ?

Thank you

Jonatan

Hi,

Please login this issued Lync account on another Lync client from other computer, check if the issue happen again or not.

Please try to delete the Lync user information as following path:

1. Lync user profile:

UserProfile%\AppData\Local\Microsoft\Office\15.0\Lync

2. Lync user configuration in Registry:

HKCU\Software\Microsoft\Office\15.0\Lync\sip@domain.com

3. Lync user Certificate and Credential

Open Windows Certificate Manager. To do this, click Start, click Run, type certmgr.msc, and then click OK.

Double-click Personal, and then double-click Certificates.

Sort by the Issued By column, and then look for a certificate that is issued by Communications Server.

Right-click the certificate, and then click Delete

Best Regards,

Eason Huang

Good troubleshooting steps, Eason, but I am wondering if they may be unnecessary since Jonatan has already tried logging in with the problematic user account on his own computer (where your login presumabley works without issue?).

At any rate, this does indeed sound tricky. I am having a hard time thinking of why a user account would be unable to sign in from a desktop client, but not have issue in OWA. Is it possible to also try signing him in on a mobile device, assuming you have Edge access setup and the user is allowed External access via policy? Also, my advice at this point is to take a good look at the 'Lync-UccApi-0.UccApilog' log file in this directory: 'C:\Users\<username>\AppData\Local\Microsoft\Office\15.0\Lync\Tracing\.' If the file looks too big and cumbersome, try deleting the file with the user logged out, and then have them try the login again. The file should be recreated, and will only have the data relating to his sign-on attempt. If you find anything interesting in it, but need further help with interpreting what you found, feel free to copy it here, and I will do my best to assist!

Hi,is users UPN and sip the same?

If not,do you get question about entering username (domain\user1) ?

Could be that users computer doesnt have companys Root certificate installed.

Is issue same on internal and external network?

What does https://testconnectivity.microsoft.com/ say when testing his user account?

Hello Josh,

Thank you for your reply. As you said, I tried to log in to my computer with the problematic user account without success. We have an edge server and the user is allowed.

I followed your advice and I opened the Communicator-uccapi-0.uccapilog file and I found this

ms-diagnostics: 4004;reason="Credentials provided are not authorized to act as specified from URI";AuthenticatedIdentity="DOMAIN\user";source="FRONTEND-FQDN.lan"

ms-diagnostics-public: 4004;reason="Credentials provided are not authorized to act as specified from URI";AuthenticatedIdentity="DOMAIN\user"

So I'm starting to look for SQL issues following this thread : Stale user entry in Lync database?

But I didn't find the solution yet.

Jonatan.

I would suggest as requested above to check and validate the UPN

Here is a link to check UPN via ADSI Edit SIP UPN

Hello Robert,

In our company UPN and sip aren't the  same. We use domain\user to authenticate on smartphones.

J.

Hello,

Using Microsoft RCA, Everything goes well, it end without errors, all green.