Few days ago I had a situation with some collegues. User´s wich don´t have their computer in domain, only in Workgroup.
When they install the Microsoft Lync 2010 client in their computers and tried to login with the same behavior as mail using DOMAIN\UID, they not be able to log on , they received the below event log warning:
“Communicator was unable to authenticate because an authenticating authority was not reachable.”
The server may be asking for Kerberos authentication and Communicator is not able to find the Kerberos Domain Controller in order to generate credentials and authenticate. The network administrator will need to change the configuration on the server to utilize only NTLM authentication before Communicator can login from this location properly, or connectivity will need to be made available to an authenticating authority”
I know it is not supported scenario. After installed the certificate, the user was able to login but it disconnects after 10 seconds then reconnects again , it keep in this loop. I also found the same warning in the event log.
I know why this is happening and I know it would have been solved from the beginning if i forced the OCS to use NTLM only rather than Kerberos but this was not something i can force.
So in the end the Solution was this problem was simple:
Ensure that the users when singing in to communicator 2007 or Lync 2010 to include the “.local” in the domain.local\username part of the authentication and not DOMAIN\username.