Scenario: You have verified that everything is working and setup correctly. You have confirmed this using the Lync Connectivity Analyzer but you are having login issues. This may even manifest itself where Windows Phone and Android Lync 2013 Mobile client can login without any issues but iOS devices are unable to login.
Issue: Looking into the logs of the iOS device that isn’t able to login, we see the following information in the log:
Search for INFO TRANSPORT CMetaDataRequest.cpp/90:MEX response received.
Below that section, you should see POST https://lws.domain.com/webticket/webticketservice.svc
And then right below that we get the following:
<!DOCTYPE html PUBLIC “-//W3C//DTD XHTML 1.0 Strict//EN” “http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd“>
<meta http-equiv=”Content-Type” content=”text/html; charset=iso-8859-1″/>
<title>401 – Unauthorized: Access is denied due to invalid credentials.</title>
If you open your browser and go to https://lws.domain.com/webticket/webticketservice.svc you receive a 401 unauthorized. This is not the behavior you should expect. You should be getting prompted for credentials.
Solution: On all of your front-end servers, launch the IIS Manager. Expand out Lync Server External Web Services and find WebTicket. Double click on Authentication.
Here you will see the options enabled for WebTicket. Yours should look like this:
I found that in our deployment, Windows Authentication was disabled. Once this was Enabled again, iOS devices immediately were able to login again.
What I don’t know is how this got turned off but it’s definitely supposed to be turned on.