The Problem
Lync password prompts when connecting over Edge server : “Lync needs your user name and password to connect for retrieving calendar data from Outlook”
When the Lync client signs in, it also attempts to retrieve availability data via Exchange Web Services. It does so via the Autodiscover functionality built into Exchange.
Lync Communicator will issue SOAP requests (over HTTPS) to the published Autodiscover server, who returns the URLs for the Microsoft Exchange Client Access Server(s) that will feed the availability data back to Lync Communicator.
The additional prompt for authentication comes from Communicator being hard-wired to authenticate using NTLM. When IIS (on the Exchange CAS machines) returns it’s WWW-Authenticate headers, it does so in the form of:
WWW-Authenticate: Negotiate
WWW-Authenticate: NTLM
When Communicator attempts to negotiate authentication using your cached credentials (over the Internet), it will fail with a “401.2 Unauthorized”, and subsequently prompt you for authentication as above.
How do we do that?
Client side
From Internet Explorer – Tools, Internet Options, Advanced, scroll down to the “Security” section, un-check “Enable Integrated Windows Authentication”, you should no longer receive the additional authentication prompt from Lync
Server Side
I prefer the server side fix as it solves the problem for everyone in a single swoop
In this fix we are instructing IIS on the Exchange CAS server(s) to offer NTLM as the first authentication provider (with Negotiate as the fallback provider) in the WWW-Authenticate header.
On the CAS Server do the following:
- Open the IISmanager
- expand the Default Web site
- Select EWS and Autodicover and click on authentication
- Select Windows Authentication
- on the right hand pane select ” providers”
- Move the “NTLM” to the top
- Click ok
- Close IIS manager
- open command prompt
- type “iisreset /noforce”
- make sure IIS admin service and WWW services are started.
I did have one final prompt for credentials, probably cause the cache had been altered by my endless testing, but this time adding my credentials was successful.
Smarter Together 
Hi,I was happy to find this article as I have exactly this problem. But after trying both solutions first client solution then server side solution nothing of this prevents the Credential pop-up. It just keeps popping up all the time. I somehow suspect that Internet Explorer 11 is causing the problem. Do you have already more information about that?Thank you!Robert
LikeLike
Did you also take a look at your Reverse Proxy rule for EWS traffic as I have found this to often be a cause as well. Lync does not support pre-authentication (currently) so the Reverse Proxy rule should not ask the user to authenticate but rather to allow the client to authenticate directly.
LikeLike
Hi Paul,yes I did. As I’m testing those things in our test environment I just bypassed my reverse proxy and directed external traffic to my CAS server directly just to exclude reverse proxy as problem source. I also have to say that this credential question comes only once. When I type my AD credentials and select save my credentials it does not ask anymore. But when users are changing passwords it asks for sure again. So I would like to prevent this at the first place.CheersRobert
LikeLike