Article ID: 2672927 - View products that this article applies to.
This article discusses a new rule for Microsoft Lync Server , Best Practices Analyzer to warn if the Front-end server, Director, or Edge server is running Windows Server 2008 R2 and still has the default setting for NTLM SSP set to Requires 128-bit encryption.
Assume that you have a Lync Server environment. The Front End server, the Edge Server, or the Director is running on a Windows Server 2008 R2-based computer. In this situation, a Microsoft Lync client that is running on a Windows Vista-based or Windows XP-based computer may be unable to join an online meeting.
To make sure that the security setting for NTLM SSP is not set to Requires 128-bit encryption on the Windows Server 2008 R2-based computer, apply the following update, and then use Lync Server, Best Practices Analyzer to scan the environment:
(http://support.microsoft.com/kb/2672346/ )Description of the cumulative update for Lync Server 2010, Best Practices Analyzer: February 2013
If the Requires 128-bit encryption option is enabled, you receive the following alert title and alert text for each computer that is affected:
Lync users may not be able to join Live Meetings
Lync Server on Windows Server 2008 R2 with NTLM SSP set to "Require 128-bit encryption" detected. Older clients running on Windows Vista or Windows XP will not be able to join online meetings. To resolve this issue and allow clients running on down level operating systems to connect you must set the NTLM Authentication level to "No Minimum." For more information please refer to KB 982021.
To resolve the issue in which the Lync client cannot join a Lync online meeting, change the security setting for NTLM SSP to No Minimum. Be aware that you need perform these steps on each computer that is affected. To change the security setting, follow these steps on the Windows Server 2008 R2-based computer:
322756If you want to change the NTLM setting by using registry keys, follow these steps:
(http://support.microsoft.com/kb/322756/ )How to back up and restore the registry in Windows
982021For more information about the changes in NTLM authentication, visit the following Microsoft website:
(http://support.microsoft.com/kb/982021/ )Supportability is available for Office Communications Server 2007 R2 member server role on a Windows Server 2008 R2 operating system
General information about the changes in NTLM authentication