The Lync client uses Exchange Web Services (EWS) to provide client integration features such as conversation history and voicemail access.
How does Lync discover Exchange Web Services?
The Lync client uses the following process to discover EWS:
- SRV record – _autodiscover._tcp.<smtpdomain>
A users SMTP domain is determined by the Active Directory “E-mail” address field which is populated by Exchange when a user is mail enabled.
NOTE: Unlike Lync, Outlook will query Active Directory for a Service Connection Point (SCP) when connected internally.
- You can check that you can get to the autodiscover service and that the certificate is OK by browsing to the following URL – http(s)://autodiscover.smtpdomain.com/autodiscover/autodiscover.xml. If you are prompted for authentication enter a user account which has an Exchange mailbox. An Xml document should be returned stating the request was invalid – this is normal.
- Lync caches information about EWS so it is important that you delete Lync sign-in information when any changes are made. This can be done in the Lync 2013 client before sign-in, or you can delete the %userprofile%AppDataLocalMicrosoftOutlook<string> – Autodiscover.xml
- The Lync 2013 client does not appear to support forms based authentication when using ISA/TMG. Make sure /Autodiscover/* and /EWS/* virtual directories in ISA/TMG are published as such.
- Wildcard certificates used for Exchange Web Services will stop Exchange integration for Lync Phone Edition devices.
- In extreme cases you may need to reset your Exchange virtual directories for AutoDiscover and/or EWS. Resetting a virtual directory will result in all settings being lost, so make sure you take note of the current configuration so you can reconfigure. See this TechNet article for more information.
What exactly is EWS required for?
- Unified Contact Store
- High resolution photos (stored in Exchange)
- Meeting tab
- Presence based on calendar information
- Conversation history
- Voicemail playback
"Wildcard certificates used for Exchange Web Services will stop Exchange integration for Lync Phone Edition devices."
This is not true since 2012 June, CU6 for Lync phone edition:
Also the Lync server 2013 documentation states this clearly:
As the wildcard cert NO-GO was for such long time advertised, its now time to re-flash that part of our brain with new rules!
Hey Ricardo, thanks for your feedback. Do you know whether a "true" wildcard certificate (i.e. one without SAN's) works and/or is supported? The TechNet documentation states that to be supported the subject name cannot be a wildcard, but the KB doesn't mention this.
Thats hell of a good question to ask the MS PSS 😀