We faced a new issue recently with some users unable to sign-in Lync, they were stuck at the sign-in step.
Those users are connecting to Lync through our Edge servers as they are not in our local network and they are also joined to their own AD domain.
We found a temporary workaround by launching the Lync client as an administrator, then entering the user’s credentials make him able to connect successfully.
According to MS engineer, here is the explanation of this behavior :
I have analyzed logs captured so far and the problem seems that in scenario that is working (admin account) client is using already cached Lync certificate from credential manager. In non-working scenario client is not able to retrieve certificate from credential manager and fallback to NTLM. As client is connected externally, Kerberos can’t be used.
NTLM authentication then request for credentials if already stored credential in credential manager is not up-to-date or account just doesn’t have permissions.
So now, how can we correct this issue :
You need to create the following value: HKEY_CURRENT_USER\Software\Policies\Microsoft\Office\15.0\Lync
Name: DisableNTCredentials Type: REGDWORD Value:1
This value will force Lync to prompt for credentials in case no valid certificate can be found.