[Solved] Single sign-on users in Office 365 can’t sign in to Lync Online from inside their corporate network

Lync 2013 Fails to connect to service.

You installed Lync 2013 on a domain computer and it fails to connect to the Office365 Lync service. Users who connect from inside their corporate network can’t sign in to Lync Online from Lync 2013, and they receive the following error message: Cannot sign in because the server is temporarily unavailable.  This issue only applies to Enterprise SSO users who sign in to Microsoft Lync Online by using Microsoft Lync 2013 from inside their corporate network.   If you modify the DNS of the computer to use a public DNS address the lync client connects for 8 hours and then fails if DNS is pushed back to the domain level DNS. All internal computers have this problem with connecting where external systems do not.

AD FS 2.0 utilizes the HOST service type for SPN registration because of default Windows Communication Foundation (WCF) SPN requirements. While HTTP makes sense for web-based applications, it does not satisfy rich clients who use the WS-Trust protocol.

 

When you deploy an AD FS 2.0 Federation Server farm, you must specify a domain-based service account that needs a registered SPN to enable Kerberos authentication to function correctly.

Log in to you ADFS server and set a HOST SPN.

setspn -s host/{your_Federation_Service_name} {domain_name}\{service_account}

Make sure that the AD FS 2.0 service is running under the domain-based service account that was mentioned in the previous step. Afterwards you will need to set the service account on the ADFS service to use the same domain service account and restart the ADFS2 services.

Configure the AD FS 2.0 server to accept request headers that are larger than 40 kilobytes (KB). Microsoft says -> The HTTP request that the user sends to the Internet Information Services (IIS) server contains the Kerberos token in the WWW-Authenticate header. Therefore, the header size increases as the number of groups increases. If the HTTP header or packet size increases beyond the limits that are configured in IIS, IIS may reject the request and send an error as the response. If the previous solutions didn’t resolve the problem, downgrade to Lync 2010 or try running Lync2013 as a Local administraor.

 

 

 

Sign in to Microsoft Lync failed because the service is not available or you may not be connected to the Internet on a Mac

How to get Lync to connect

Your company has setup an local or Office 365 Microsoft Lync service and you are having a hard time connecting to it using your Mac. When you put in your information you receive the following error back – “”Sign in to Microsoft Lync failed because the service is not available or you may not be connected to the Internet“.

I had a similar problem recently and found through digging around that actually I was having a SSL failure where the Mac was rejecting the unknown CA authority that signed Microsofts “sipdir.online.lync.com” URL used to connect to Office 365’s Lync services. We had to import the SSL into our key ring manually and then assign the always trust to the certificate.

 

By default the SSL imported into “Microsoft Intermediate Certificates” inside of the Key Ring Manager , you need to double click this certificate to pop the information box on the certificate, find the Trust drop down which should expose the selection boxes that will allows you to set the trust level on the certificate. Set it to Always Trust, now 2 finger click on SSL certificate and select copy certificate.  Next select the System folder inside of the Key Ring Manager then 2 finger click in the right panel of the System Folder view and select paste “certificate name” so that the certificate is now in both places.

 

Launch Lync, place Active Directory email address in the email box and in the user ID box and your domain password to log in.

 

How to import the SSL cert from Microsoft.

You can download here or from a Windows box, Goto https://sipdir.online.lync.com/  in Chrome and the following should appear.

mac-lync-cert-chrome1

 

Now click the green pad lock to bring up the Permissions and Connections property box. and select the Connection tab. Then select the Certificate Information link.

mac-lync-cert-chrome

 

 

This properties box should appear, select the details tab and then the copy to file button to launch the export wizard and export the SSL (using the defaults only) to a file.

mac-lync-cert

 

Now copy that file over to your Mac or zip it up and email it to an account accessible via the Mac system and follow the import process above on all Mac systems that have issues connecting.