{"id":1527,"date":"2014-06-10T19:18:00","date_gmt":"2014-06-11T02:18:00","guid":{"rendered":"https:\/\/thebeagle.itgroove.net\/?p=1527"},"modified":"2023-02-24T21:48:27","modified_gmt":"2023-02-24T21:48:27","slug":"a-little-weirndess-with-o365-two-factor-authentication","status":"publish","type":"post","link":"https:\/\/regroove.ca\/archive\/2014\/06\/10\/a-little-weirndess-with-o365-two-factor-authentication\/","title":{"rendered":"A little \u201cweirndess\u201d with O365 two-factor authentication"},"content":{"rendered":"<p>This is an admittedly weird and probably not very prevalent problem that I stumbled on to today but it might help you if you are in a similar situation.<\/p>\n<p>We (itgroove) have recently moved from in-house Exchange and in-house Lync to Exchange on Office365 and a hosted Lync platform that links back to O365.\u00a0 We are on hosted Lync as we use Lync as our phone system and we didn\u2019t want to have to deal any longer with the additional servers required to host Lync as a phone system.\u00a0 We could not take advantage of the full-meal-deal Lync available with O365 as Microsoft does not provide the enterprise phone bits for Lync in Canada so we did the next best thing and partnered with ThinkTel who do provide the full meal deal in Canada.\u00a0 ThinkTel\u2019s system, in turn, is linked back to O365 so that we can properly federate with other Lync users on O365 (or other fully federated Lync systems).\u00a0 For us it\u2019s been pretty much a win-win as the ThinkTel service has been pretty decent.<\/p>\n<p>But, as we have both O365 and hosted Lync, we actually have two completely different domains in the backend (ThinkTel has to do the full domain \u201cthing\u201d with Enterprise Lync and, of course, we have our full domain inside O365).\u00a0 This means that we have to jump through a few hoops as users to make it all work nicely, specially so as we have not yet gone done the route of implementing DirSync or any of the other \u201csingle sign on\/easy sign on\u201d features of O365.\u00a0 For the most part this means setting up our user accounts so that we have the same passwords in O365 and Lync and then setting our client software (Outlook, Lync, etc) to \u201cremember\u201d our logins and passwords.\u00a0 It all works pretty well, actually.\u00a0 Well, that is it does until you throw a spanner into the works \u2026<\/p>\n<p>I wanted to try out the two-factor authentication piece that Microsoft integrated into O365 and Azure (PhoneFactor) so I modified my O365 account settings to use the two-factor authentication (this was all done after I had already set up Outlook and Lync).\u00a0 The two-factor authentication worked brilliantly (see <a href=\"https:\/\/thebeagle.itgroove.net\/2014\/05\/07\/o365-multifactor-authentication-in-depthpart-1what-is-multifactor-authentication\/\" target=\"_blank\" rel=\"noopener noreferrer\">post 1<\/a> and <a href=\"http:\/\/thebeagle.itgroove.net\/2014\/05\/07\/o365-multifactor-authentication-in-depthpart-2how-it-works-inside-o365\/\" target=\"_blank\" rel=\"noopener noreferrer\">post 2<\/a> for more details) and I never thought much more about it as it only appeared to kick in whenever I logged in online; my local Outlook and Lync never caused it to fire off.\u00a0 Everything was peachy for a month or so until something changed in our Lync backend that caused our clients to update.\u00a0 From that point forward I lost Outlook connectivity from Lync and I started getting the dreaded prompt for email credentials from Lync that appeared to do nothing even when I supplied the correct credentials.\u00a0 Doing some digging I found out that by CTRL-right clicking on Lync in the taskbar that I could display all of my Lync configuration info and by doing so I discovered that Lync had no \u201cEWS External URL\u201d info which is critical to the Lync\/Outlook connection (the bit highlighted in yellow in the following was missing):<\/p>\n<p><a href=\"https:\/\/thebeagle.itgroove.net\/wp-content\/uploads\/thebeagle\/2014\/06\/image.png\"><img loading=\"lazy\" decoding=\"async\" style=\"padding-top: 0px;padding-left: 0px;padding-right: 0px;border: 0px\" title=\"image\" src=\"http:\/\/thebeagle.itgroove.net\/wp-content\/uploads\/thebeagle\/2014\/06\/image_thumb.png\" alt=\"image\" width=\"677\" height=\"374\" border=\"0\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p>To put it mildly, I went nuts trying to solve the problem.\u00a0 My good friends Mr Google and Mr Bing provided me with a zillion hits about similar problems, all seemingly tied back to incorrect Lync server configurations.\u00a0 As it was only me having the problem and as our Lync is hosted I pretty much ruled out the problem being on the server side and I concentrated on \u201cfixes\u201d for the client side.\u00a0 Well, I gotta tell ya that nothing worked.\u00a0 More to the point, there seemed to be a lot of info about similar problems with Lync2010 but very little about Lync2013.\u00a0 And the more I dug the more I realised that it had to be something to do with my local Lync installation rather than anything else as, again, it was only me having the problem.<\/p>\n<p>When my brain finally collapsed in on itself, and I still hadn\u2019t solved the problem, I decided to take a step back and look at the problem from a slightly higher level.\u00a0 I asked myself what was the difference between my O365 account and everyone else in the office?\u00a0 I am an O365 admin but so are Louis, Sean and Steph and they weren\u2019t having problems.\u00a0 What else could it be?\u00a0 Then, <strong>DOH!<\/strong> it hit me!\u00a0 I was the only one with two-factor authentication enabled on my account!!\u00a0 I disabled two-factor authentication and restarted my Lync and lo and behold my problem disappeared.\u00a0 Lync happily made connections to Outlook and I was <em>not<\/em> prompted for email credentials.\u00a0 I also checked my Lync install on my home machine (which had broken about the same time as Lync on my office machine) and it was also a happy camper.<\/p>\n<p>I\u2019m not 100% sure why I hit this problem as I did follow Microsoft\u2019s two-factor instructions and provided Outlook with the special password that is generated by the two-factor authentication system for Outlook (and other apps) that are <em>not <\/em>two-factor enabled.\u00a0\u00a0 And as I type this the thought occurs to me that I might have had to provide <em>that <\/em>password (the special one) to the Lync email credential challenge as Lync would have been trying to logion to the EWS on O365.\u00a0 I guess this is another DOH! and something I will have to check.\u00a0 I\u2019ll update this post when I do.<\/p>\n<p>In the meantime, if you use two-factor auth you might want to keep this post in mind if you start having Lync\/Outlook issues.<\/p>\n<p><strong>UPDATE<\/strong><\/p>\n<p>As I suspected, I&#8217;m a bit of an idiot. \u00a0The problem I described was my own fault as I did NOT supply Lync with the &#8220;special&#8221; O365 password that is supplied for use with apps that are NOT two-factor aware. \u00a0If I had supplied the Lync Outlook connector with the proper password I would have had no problem. \u00a0So, keep this in mind when using two-factor auth; you need to keep your &#8220;special password&#8221; handy for cases like this.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This is an admittedly weird and probably not very prevalent problem that I stumbled on to today but it might help you if you are in a similar situation. We (itgroove) have recently moved from in-house Exchange and in-house Lync to Exchange on Office365 and a hosted Lync platform that links back to O365.\u00a0 We &hellip; <a href=\"https:\/\/regroove.ca\/archive\/2014\/06\/10\/a-little-weirndess-with-o365-two-factor-authentication\/\"><\/a><\/p>\n","protected":false},"author":10,"featured_media":1529,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"inline_featured_image":false,"footnotes":""},"categories":[241,247],"tags":[444,492,609],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v23.0 - https:\/\/yoast.com\/wordpress\/plugins\/seo\/ -->\n<title>A little \u201cweirndess\u201d with O365 two-factor authentication - Archive<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/regroove.ca\/archive\/2014\/06\/10\/a-little-weirndess-with-o365-two-factor-authentication\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"A little \u201cweirndess\u201d with O365 two-factor authentication - Archive\" \/>\n<meta property=\"og:description\" content=\"This is an admittedly weird and probably not very prevalent problem that I stumbled on to today but it might help you if you are in a similar situation. We (itgroove) have recently moved from in-house Exchange and in-house Lync to Exchange on Office365 and a hosted Lync platform that links back to O365.\u00a0 We &hellip;\" \/>\n<meta property=\"og:url\" content=\"https:\/\/regroove.ca\/archive\/2014\/06\/10\/a-little-weirndess-with-o365-two-factor-authentication\/\" \/>\n<meta property=\"og:site_name\" content=\"Archive\" \/>\n<meta property=\"article:published_time\" content=\"2014-06-11T02:18:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2023-02-24T21:48:27+00:00\" \/>\n<meta name=\"author\" content=\"Sean Wallbridge\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Sean Wallbridge\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\/\/regroove.ca\/archive\/2014\/06\/10\/a-little-weirndess-with-o365-two-factor-authentication\/\",\"url\":\"https:\/\/regroove.ca\/archive\/2014\/06\/10\/a-little-weirndess-with-o365-two-factor-authentication\/\",\"name\":\"A little \u201cweirndess\u201d with O365 two-factor authentication - Archive\",\"isPartOf\":{\"@id\":\"https:\/\/regroove.ca\/archive\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/regroove.ca\/archive\/2014\/06\/10\/a-little-weirndess-with-o365-two-factor-authentication\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/regroove.ca\/archive\/2014\/06\/10\/a-little-weirndess-with-o365-two-factor-authentication\/#primaryimage\"},\"thumbnailUrl\":\"\",\"datePublished\":\"2014-06-11T02:18:00+00:00\",\"dateModified\":\"2023-02-24T21:48:27+00:00\",\"author\":{\"@id\":\"https:\/\/regroove.ca\/archive\/#\/schema\/person\/74e1c0def190f181c1394c2b6d883e77\"},\"breadcrumb\":{\"@id\":\"https:\/\/regroove.ca\/archive\/2014\/06\/10\/a-little-weirndess-with-o365-two-factor-authentication\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/regroove.ca\/archive\/2014\/06\/10\/a-little-weirndess-with-o365-two-factor-authentication\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/regroove.ca\/archive\/2014\/06\/10\/a-little-weirndess-with-o365-two-factor-authentication\/#primaryimage\",\"url\":\"\",\"contentUrl\":\"\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/regroove.ca\/archive\/2014\/06\/10\/a-little-weirndess-with-o365-two-factor-authentication\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Blog Archive\",\"item\":\"https:\/\/regroove.ca\/archive\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"A little \u201cweirndess\u201d with O365 two-factor authentication\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/regroove.ca\/archive\/#website\",\"url\":\"https:\/\/regroove.ca\/archive\/\",\"name\":\"Archive\",\"description\":\"\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/regroove.ca\/archive\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/regroove.ca\/archive\/#\/schema\/person\/74e1c0def190f181c1394c2b6d883e77\",\"name\":\"Sean Wallbridge\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/regroove.ca\/archive\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/adf8cea6291c39d166616f2148d919a6?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/adf8cea6291c39d166616f2148d919a6?s=96&d=mm&r=g\",\"caption\":\"Sean Wallbridge\"},\"url\":\"https:\/\/regroove.ca\/archive\/author\/swallbridge\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"A little \u201cweirndess\u201d with O365 two-factor authentication - Archive","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/regroove.ca\/archive\/2014\/06\/10\/a-little-weirndess-with-o365-two-factor-authentication\/","og_locale":"en_US","og_type":"article","og_title":"A little \u201cweirndess\u201d with O365 two-factor authentication - Archive","og_description":"This is an admittedly weird and probably not very prevalent problem that I stumbled on to today but it might help you if you are in a similar situation. We (itgroove) have recently moved from in-house Exchange and in-house Lync to Exchange on Office365 and a hosted Lync platform that links back to O365.\u00a0 We &hellip;","og_url":"https:\/\/regroove.ca\/archive\/2014\/06\/10\/a-little-weirndess-with-o365-two-factor-authentication\/","og_site_name":"Archive","article_published_time":"2014-06-11T02:18:00+00:00","article_modified_time":"2023-02-24T21:48:27+00:00","author":"Sean Wallbridge","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Sean Wallbridge","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/regroove.ca\/archive\/2014\/06\/10\/a-little-weirndess-with-o365-two-factor-authentication\/","url":"https:\/\/regroove.ca\/archive\/2014\/06\/10\/a-little-weirndess-with-o365-two-factor-authentication\/","name":"A little \u201cweirndess\u201d with O365 two-factor authentication - Archive","isPartOf":{"@id":"https:\/\/regroove.ca\/archive\/#website"},"primaryImageOfPage":{"@id":"https:\/\/regroove.ca\/archive\/2014\/06\/10\/a-little-weirndess-with-o365-two-factor-authentication\/#primaryimage"},"image":{"@id":"https:\/\/regroove.ca\/archive\/2014\/06\/10\/a-little-weirndess-with-o365-two-factor-authentication\/#primaryimage"},"thumbnailUrl":"","datePublished":"2014-06-11T02:18:00+00:00","dateModified":"2023-02-24T21:48:27+00:00","author":{"@id":"https:\/\/regroove.ca\/archive\/#\/schema\/person\/74e1c0def190f181c1394c2b6d883e77"},"breadcrumb":{"@id":"https:\/\/regroove.ca\/archive\/2014\/06\/10\/a-little-weirndess-with-o365-two-factor-authentication\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/regroove.ca\/archive\/2014\/06\/10\/a-little-weirndess-with-o365-two-factor-authentication\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/regroove.ca\/archive\/2014\/06\/10\/a-little-weirndess-with-o365-two-factor-authentication\/#primaryimage","url":"","contentUrl":""},{"@type":"BreadcrumbList","@id":"https:\/\/regroove.ca\/archive\/2014\/06\/10\/a-little-weirndess-with-o365-two-factor-authentication\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Blog Archive","item":"https:\/\/regroove.ca\/archive\/"},{"@type":"ListItem","position":2,"name":"A little \u201cweirndess\u201d with O365 two-factor authentication"}]},{"@type":"WebSite","@id":"https:\/\/regroove.ca\/archive\/#website","url":"https:\/\/regroove.ca\/archive\/","name":"Archive","description":"","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/regroove.ca\/archive\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/regroove.ca\/archive\/#\/schema\/person\/74e1c0def190f181c1394c2b6d883e77","name":"Sean Wallbridge","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/regroove.ca\/archive\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/adf8cea6291c39d166616f2148d919a6?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/adf8cea6291c39d166616f2148d919a6?s=96&d=mm&r=g","caption":"Sean Wallbridge"},"url":"https:\/\/regroove.ca\/archive\/author\/swallbridge\/"}]}},"_links":{"self":[{"href":"https:\/\/regroove.ca\/archive\/wp-json\/wp\/v2\/posts\/1527"}],"collection":[{"href":"https:\/\/regroove.ca\/archive\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/regroove.ca\/archive\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/regroove.ca\/archive\/wp-json\/wp\/v2\/users\/10"}],"replies":[{"embeddable":true,"href":"https:\/\/regroove.ca\/archive\/wp-json\/wp\/v2\/comments?post=1527"}],"version-history":[{"count":1,"href":"https:\/\/regroove.ca\/archive\/wp-json\/wp\/v2\/posts\/1527\/revisions"}],"predecessor-version":[{"id":2900,"href":"https:\/\/regroove.ca\/archive\/wp-json\/wp\/v2\/posts\/1527\/revisions\/2900"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/regroove.ca\/archive\/wp-json\/"}],"wp:attachment":[{"href":"https:\/\/regroove.ca\/archive\/wp-json\/wp\/v2\/media?parent=1527"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/regroove.ca\/archive\/wp-json\/wp\/v2\/categories?post=1527"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/regroove.ca\/archive\/wp-json\/wp\/v2\/tags?post=1527"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}