Symptoms

Consider the following scenario:

  • You deploy a Microsoft Lync Server 2013 environment.

  • You enable Virtual Desktop Infrastructure (VDI) for all the users in the environment by running the following command:Set-CsClientPolicy -Identity Global -EnableMediaRedirection $true

  • You install the Lync 2013 VDI plug-in on a local computer.

  • You install Lync 2013 on a Remote Desktop Session Host server that joins the same domain as the local computer.

  • You create a user account in Active Directory Domain Services (AD DS) and enables the user for Lync 2013.

  • The user logs on to the local computer and to the Remote Desktop Session Host server by using the same account.

  • The user connects to the Remote Desktop Session Host server from the local computer, and then starts Lync 2013 in the Remote Desktop session.

  • The Lync 2013 VDI plug-in begins to pair with the Lync 2013 client.

In this scenario, you might encounter the following issues:

  • The value of the badPwdAttempt attribute in AD DS is incremented by 1.

  • The badPwdTime attribute contains a time stamp for the VDI pairing.

  • You receive event ID 4771 that states one authentication attempt fails in the domain controller (DC) security audit trail.

Additionally, the user account might be locked.

Workaround

To work around this issue, you must increase the value of the account lockout threshold and reduce the size of the lockout observation window. For example, you can set the value of the account lockout threshold to 20 and set the size of the lockout observation window to 30 minutes. 

Resolution

To resolve this issue, install the following update:

2889860 September 2014 update for Lync 2013 (KB2889860)

Need more help?

Expand your skills
Explore Training
Get new features first
Join Microsoft Insiders

Was this information helpful?

What affected your experience?

Thank you for your feedback!

×