"Cannot sign in because the server is temporarily unavailable" error when you try to sign in to Lync Online in Office 365 dedicated

Article translations Article translations
Article ID: 2619522 - View products that this article applies to.
Expand all | Collapse all

Symptoms

You cannot sign in to Microsoft Lync Online in Microsoft Office 365 dedicated. Additionally, you receive the following error message:

Cannot sign in because the server is temporarily unavailable. If the problem persists, contact your system administrator.

Cause

This issue occurs for one of the following reasons:

Cause 1

You are not entitled for Lync Online.

Cause 2

You lack connectivity to the Lync Online service.

Cause 3

You are running a 64-bit Windows operating system.

Note This cause only applies to Communicator 2007 R2.

Resolution

To resolve this issue, use the appropriate method for your situation:

Resolution for Cause 1

Microsoft Managed Services Service Provisioning Provider (MMSSPP) provisions managed account objects for Lync. Organizations use an entitlement attribute (such as extensionattribute5) in their Active Directory to signal MMSSPP to provision that user for Lync.

Note If you are unsure which entitlement attribute your organization uses, contact your subject matter expert or a Service Delivery Manager (SDM) according to the terms of your support agreement.

Make sure that your account is entitled for Lync Online. If it is entitled for Lync Online, continue with the following resolutions.

Resolution for Cause 2
  1. Validate the Internet Explorer proxy address settings according to your organization's standards. 
  2. Make sure that the AddToFirewallExceptionList registry entry under the following registry key is set to 1:
    HKEY_CURRENT_USER\Software\Microsoft\Communicator
  3. The OCS and Lync client systematically tries to contact the Lync Online service by querying certain DNS records until one is resolved or the client times out. If the client can resolve one of the DNS records, the client tries to register against the service and then start the authentication process. (SIP traffic begins.) The client reads the suffix of the user's sign-in address to perform DNS queries by using the following commands:
    • _sipinternaltls._tcp.microsoft.com - SRV Record 
      Typically points to sipint1.microsoft.com - A Record
    • _sip._tls.microsoft.com - SRV Record 
      Typically points to sipint2.microsoft.com - A Record
    • sipinternal.microsoft.com - A Record
    • sip.microsoft.com - A Record
    • sipexternal.microsoft.com - A Record

    Which DNS record the client is first able to resolve and connect to depends largely on the user's connection method. Typical OCS or Lync deployments publish an SRV record to internal DNS servers and to external DNS servers. Both SRV records point to an A Record and specify the appropriate port: 5061 for internal port and 443 for external port. If the client cannot resolve an SRV record, the client moves on to the A Records. Typically, OCS or Lync deployments publish the A Record, sipinternal.<sipdomain>.com, only to internal DNS servers. Similarly, the A Record, sipexternal.<sipdomain>.com, is only published to external DNS servers. However, the A Record, sip.<sipdomain>.com, is typically published to both internal and external DNS servers. Also, the A Record is frequently in associated SRV records. When the client tries to connect to the A Record, sip.<sipdomain>.com, the client will always do so over port 5061 first. If that fails, the client will try port 443. All external traffic must come in on port 443, but internal traffic will use port 5061.

    Connectivity tests for troubleshooting client authentication issues are different because they depend on your organization's deployment and on the user's connection method. The following are some common examples of valid troubleshooting tests.

    Note By default, Windows Vista and Windows 7 do not have the telnet feature installed. To install the feature, open Control Panel, click Programs and Features, click Turn Windows Features On or Off, and then select the Telnet Client check box. After several minutes, the installation is completed.

    Internally connected (including VPN)
    • To perform a valid troubleshooting test, follow these steps:
      1. At a command prompt, type Nslookup, and then press Enter.
      2. Type Set type=srv, and then press Enter.
      3. Type _sipinternaltls._tcp.sipdomain.com, and then press Enter.
      4. Record referenced A Record and port number, and then type Exit.
      5. Type telnet <A Record> <port>, and then press Enter.
      Note The expected result of the telnet command is a blank screen.
    • To perform a valid troubleshooting test, follow these steps:
      1. At a command prompt, type Nslookup, and then press Enter.
      2. Type Set type=srv, and then press Enter.
      3. Type _sip._tls.<sipdomain>.com, and then press Enter.
      4. Record referenced A Record and port number, and then type Exit.
      5. Type telnet <A Record> <port>, and then press Enter.

      Note The expected result of the telnet command is a blank screen.
    • At a command prompt, type telnet sipinternal.<sipdomain>.com 5061, and then press Enter.

      Note The expected result of the telnet command is a blank screen.
    • At a command prompt, type telnet sip.<sipdomain>.com 5061, and then press Enter.

      Note The expected result of the telnet command is a blank screen.

    Externally connected (Remote Access) 
    • To perform a valid troubleshooting test, follow these steps:
      1. At a command prompt, type Nslookup, and then press Enter.
      2. Type Set type=srv, and then press Enter.
      3. Type _sip._tls.<sipdomain>.com, and then press Enter.
      4. Record referenced A Record and port number, and then type Exit.
      5. Type telnet <A Record> <port>, and then press Enter. 

      Note The expected result of the telnet command is a blank screen.
    • At a command prompt, type telnet sipexternal.<sipdomain>.com 443, and then press Enter. 

      Note The expected result of the telnet command is a blank screen.
    • At a command prompt, type telnet sip.<sipdomain>.com 443, and then press Enter.

      Note The expected result of the telnet command is a blank screen.

  4. If you can resolve a particular DNS record but still cannot telnet to the address on the correct port (5061 as internal portal and 443 as external port), you should troubleshoot the basic network connectivity. To do this, follow these steps:
    1. Validate connectivity to known good Internet sites.
    2. Validate connectivity to known good Intranet sites (internally connected).
    3. Verify that the user's proxy settings are set according to the organization's standards. To do this, start Internet Explorer, click Tools, click Internet Options, click Connections, and then click LAN Settings.
    4. Validate that Communicator or Lync is added to the Windows Firewall Exceptions List.
    5. Make sure that you are not running any third-party firewall applications.

  5. If all settings are validated, perform a tracert to collect the failed connection and escalate the incident. To do this, run tracert sip.microsoft.com at a command prompt.
  6. The client should successfully authenticate. But then it randomly signs the user out and in again. This may also indicate a network connectivity issue. To troubleshoot this, follow these steps: 
    1. Verify that the user is not using a WLAN connection. If the user is using a wired LAN connection, disable the user's WLAN adapter for troubleshooting.
    2. Using the precious DNS queries to determine the A Record to which the client is resolving and connecting, run the following command on the affected workstation until the issue is reproduced:

      ping –t -l 750 <A Record from step 1> > c:\ping.txt
    3. After the issue is reproduced and the client signs out, use CTRL+C to stop the ping command.
    4. Send the ping results from step B to Microsoft according to the terms of your support agreement.
Resolution for Cause 3

There is a known issue with Office Communicator 2007 and 64-bit operating systems that prevents Communicator from being able to successfully authenticate. To resolve this issue, update the user's registry as follows:

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows
  1. Start Notepad.
  2. Copy the following text exactly as it is into the notepad file:
    Windows Registry Editor Version 5.00[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]"LmCompatibilityLevel"=dword:00000002
  3. Save the notepad file as 64bitfix.reg.
  4. Shut down Office Communicator and verify communicator.exe process is not running from the Task Manager.
  5. Execute the file by double-clicking the 64bitfix.reg file.
  6. Restart the computer and then start Office Communicator again.

Properties

Article ID: 2619522 - Last Review: April 10, 2013 - Revision: 9.0
Applies to
  • Microsoft Business Productivity Online Dedicated
  • Microsoft Business Productivity Online Suite Federal
  • Microsoft Office Communicator 2007
  • Microsoft Office Communicator 2007 R2
  • Microsoft Office Communications Online Dedicated
  • Microsoft Lync 2010
Keywords: 
vkbportal226 KB2619522

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com