Plantronics + Polycom. Now together as Poly Logo

Skype for Business Pairing - Incorrect entry locks AD account.

SR_MCSE
Frequent Advisor

Skype for Business Pairing - Incorrect entry locks AD account.

When BToE starts the pairing process with SfB, is there any way to have the SfB pairing dialog box re-prompt for credentials if they are entered incorrectly the first time? 

 

We find that you have 1 chance to enter your correct password, otherwise, your domain account locks out. End users don't realize this until other apps start to prompt for credentials.

 

We've seen this to be a problem since we started using VVX phones running 5.4.5 all the way up to 5.7.0 and BToE 3.40-3.7.

 

 

 

Message 1 of 3
2 REPLIES 2
SteffenBaierUK
Polycom Employee & Community Manager

Re: Skype for Business Pairing - Incorrect entry locks AD account.

Hello

I am quite sure this is a setting on your Microsoft end as the Application should prompt you again if the password was wrong the first time.

Replied via a mobile device
----------------
The title Poly Employee & Community Manager is a community setting and does not reflect my role. I am just a simple volunteer in the community like everybody else. All posts and words are my own & do not represent the views of Employer.

----------------

Notice: This community forum is not an official Poly support resource, thus responses from Poly employees, partners, and customers alike are best-effort in attempts to share learned knowledge. If you need immediate and/or official assistance please open a service ticket through your proper support channels.
Please also ensure you always check the VoIP , Video Endpoint , Skype for Business , PSTN or RPM FAQ's
Message 2 of 3
SR_MCSE
Frequent Advisor

Re: Skype for Business Pairing - Incorrect entry locks AD account.

To All who were experiencing this issue, we've worked with Polycom and Microsoft to get it fixed in the 5.7.2 release. 

 

Application EN-68765 The server responds with 500 Internal Error instead of 401 when you enter incorrect password on the phone

 

We learned through a lot of troubleshooting that ADFS would send back an error 500 code to the phone, however, the VVX wouldn't see it as a problem, rather a server error message and try again. This process would continue on until it hit our account lockout policy. 

 

Now in 5.7.2, the behavior will now re-prompt for the password if entered in incorrectly into the SfB/BToE password prompt and also display a message on the screen of the phone that it failed and to retry. 

 

In our scenario where we have users logged into to multiple phones when a monthly AD password change is done, no further attempts are made from a phone logged in using the previous password. 

 

We've just rolled this release out, however, it's looking promising that our user community will have a much better experience after they change their password and not have to worry about account lockouts.  

 

 

Message 3 of 3