Accessibility Hopp til innhold
Artikkel-ID: 000048028
Last Modified Date: 10/12/2021
Access Level: Public

Lync / OCS NTLM registration fails with HDX Series system when Lync / OCS Server is configured to enforce NTLM

When the Local Security Policy on the Microsoft OCS or Lync Server is set to the non-default behavior of enforcing NTLMv2 authentication, the Polycom HDX Series systems will fail to register even though it does support NTLMv2. The default behavior in Windows is to offer and accept both NTLM v1 and v2, in which the HDX system will accept and negotiate v2. But when v2 is enforced on the server, the HDX system will fail to register.  See attached image for the specific setting in Windows Server.    
 
 
Steps to Reproduce: Configure the following policies in the Lync / OCS Server:   1.     Network Security: LAN Manager Authentication Level – Send NTLMv2 response only. Refuse LM   2.     Network security: Minimum session security for NTLM SSP based (including secure RPC) clients – Enabled
a. Require NTLMv2 session security - Enabled
b. Require 128-bit encryption – Enabled
  3.     Network security: Minimum session security for NTLM SSP based (including secure RPC) servers – Enabled a. Require NTLMv2 session security - Enabled
b. Require 128-bit encryption – Enabled
  4.    Attempt to register the HDX system to the Lync / OCS Server.   EXPECTED RESULTS:  HDX system should register and negotiate NTLMv2. ACTUAL RESULTS:  HDX system will fail to register to the server.  
This issue has been resolved in HDX v3.0.3-14451.   Workaround :  Configure Server to offer and accept both NTLMv1 and NTLMv2. (default).   REFERENCE:  SR# 1-125417025 / VIDESC-7476 / VIDEO-92663