Common problems while logging into Lync 2010/2013

Sometimes Lync 2010/2013 client cannot login to the server. You may be sure that user account enabled in Lync Server, all caches are cleared, but anyway Lync client give error.

Lync 2010 login issues

Lync 2010 have less issues, so we'll deal with it first.

First af all, you must clear local cache in user profile: C:\Users\<username>\AppData\Local\Microsoft\Communicator\. You can completely delete this folder.

Second, Lync 2010 have issue, when user try to login before it was enabled in Lync Server, something in client goes wrong and after it was enabled in Server, client still cannot login. The same issues can occur when some fields in Active Direcotry user account is changed.

To fix this issue you mush reset account settings in Lync 2010 client:

@echo off
taskkill /F /IM communicator.exe 2>nul >nul
reg delete HKEY_CURRENT_USER\Software\Microsoft\Shared\UcClient /f 2>nul >nul
if defined ProgramFiles(x86) (
 start "" "%ProgramFiles(x86)%\Microsoft Lync\communicator.exe"
) else (
 start "" "%ProgramFiles%\Microsoft Lync\communicator.exe"
)

Lync 2013 login issues

As with Lync 2010, you must first try to clear local cache which is located in: C:\Users\<username>\AppData\Local\Microsoft\Office\15.0\Lync\. You can completely delete this folder.

If problem lies deeper, to check Event Log on Lync Server (front-end) - in most of my cases, in Security Log, Deny Access events were logged with following content:

An account failed to log on.

Subject:
	Security ID:		NULL SID
	Account Name:		-
	Account Domain:		-
	Logon ID:		0x0

Logon Type:			3

Account For Which Logon Failed:
	Security ID:		NULL SID
	Account Name:		<username>
	Account Domain:		<domain>

Failure Information:
	Failure Reason:		An Error occured during Logon.
	Status:			0xC000035B
	Sub Status:		0x0

Process Information:
	Caller Process ID:	0x0
	Caller Process Name:	-

Network Information:
	Workstation Name:	<workstation name>
	Source Network Address:	<workstation IP>
	Source Port:		49479

Detailed Authentication Information:
	Logon Process:		
	Authentication Package:	NTLM
	Transited Services:	-
	Package Name (NTLM only):	-
	Key Length:		0

I think (but not sure), that the key info in this log is the Failure Status: 0xC000035B. Try the following solution:

Go to the Local Policy Editor (run -> gpedit.msc). There drill down to the Computer Configuration -> Windows Settings -> Security Settings -> Lolcal Policies -> Security Options. Change options for three settings:

Network security: Minimum session security for NTLM SSP based (including secure RPC) clients -> No Minimum

Network security: Minimum session security for NTLM SSP based (including secure RPC) servers -> No Minimum

Network security: LAN Manager authentication level -> Send LM & NTLM - use NTLMv2 session security if negotiated

Then you will have to reboot computer or apply policies by running gpupdate /force.