This is most likely old news for many. But because I have not published this before I finally took the time to publish this as many people often contacting me regarding this issues. Nowdays specially problems With password promps on iPhone and iPads.
I have worked a lot with Exchange and used ISA/TMG to publish OWA, ActiveSync and Outlook Anywhere. This also from time to time include publish Lync trough ISA/TMG
I remember way back ago, when we first started to publish Outlook Anywhere with KCD. Single Sing on (SSO) trough ISA. That was cool, but other application integrating with Autodiscover or Outlook anywhere often complained:) I remember Communicator R1 (Office Communication Server 2007 R1) had big problems. With Communicator R2 and Lync, it was better, but not perfect.
If you not configure this right you will most likely see one or more of the following dialog/password promps (you will also have integration error on Lync client:
But with some hotfixes and VBS scripts on ISA/TMG it works like a charm. See how I usually configure this further down.
The later days there has been many issues with IOS devices like iPhone, iPad connecting with ActiveSync and Autodiscover.
1. Autodiscover that is configured with KCD and SSO does not support IOS devices. You will see this because the Server URL is blank on the IOS
2. When changing password on user accounts, the user gets locked out because of numerous fail password attempts from the IOS device. You get password prompt on the IOS device, but changing password does not work.
Three issues needs to be resolved:
1. The way ISA/TMG handles POST requests without POST body. See KB for information and fix: (On ISA 2006 you must also install the hotfix)http://support.microsoft.com/default.aspx?scid=kb;EN-US;942638.
2. Authentication fail because TMG/ISA cannot validate the Kerberos ticket.
3. Basic authentication needs to be available for Autodiscover use from IOS devices.
To resolve Lync password prompts, integration error and problems with IOS devices I usually follow the steps bellow. I will focus on TMG2010, and will not go in detail on how to set up KCD for Outlook Anywhere etc. The steps is almost identical with ISA 2006 but ISA2006 requires some hotfixes aswell (http://support.microsoft.com/kb/939455/, http://support.microsoft.com/hotfix/KBHotfix.aspx?kbnum=927265&kbln=en-us and http://support.microsoft.com/kb/942639 )
- Install latest Service pack to both Windows and TMG
- Install latest hotfixes
- Configure the Web listener used for Autodiscover and Outlook Anywhere KCD with both “Basic” and “Integrated”
- Run the VBScript as described in: http://support.microsoft.com/default.aspx?scid=kb;EN-US;942638
- Run the VBScript as described in: http://support.microsoft.com/kb/927265/en-us