Lync Attendee or Live Meeting Clients “cannot sign in because server is temporarily unavailable” via an authentication-based proxy

Uncovering a last minute inability to join a Lync online meeting (or Live Meeting) can be incredibly frustrating, fumbling around for PSTN dial-in details and then switching from the “richer client” or Lync Attendee to the audio/video challenged Lync Web App a disappointment.

That is why I have spent that last couple of months (on and off) looking into an issue with both the Lync Attendee  and Live Meeting Clients when joining via an authenticated web proxy – in my case a Cisco IronPort, but the proxy vendor is immaterial – if it isn’t anonymous then you’ll hit a similar stumbling block.

The first thing you’ll notice when you try to join is a failure (see below) and the inability to make it into the meeting lobby.

If we examine a network capture we’ll see why, pay particular reference to the “Using NTLM Authorization” (see below)

Whilst both clients support web proxies and obtain server settings via the Internet Explorer settings, they do not support any form of proxy authentication. Fear not there is a way around this, my workplace defined a group on our proxy for specific domains that we want to permit without content filtering or the need to enforce A/D authentication (IronPort examples below).

AccessNoAuth group definition:

The only drawback with this method, is that it requires you maintain a list of “white-listed” domains, for Microsoft we added livemeeting.com (Live Meeting) and sip.microsoft.com (Lync), the domains can easily be determined within a network trace.

I hope this helps!