OCS user cant login when OCS is enabled for "Kerberos and NTLM Authentication"

=================================================================

Office Communications Server is deployed in one forest, a resource forest that hosts Office Communications Servers but does not host any logon enabled user accounts.

Outside of the resource forest, user forests hosts enabled user accounts but no Office Communications Servers. Within the resource forest, a corresponding disabled user account or contact exits for each user account in the user forests. (You use the MIIS, IIFP etc to create corresponding disabled account or a contact in different forest.)

When the user tries to login in Office Communicator in user forest, it can't. When you change the authentication type of LCS or OCS server to "NTLM", it works fine. If LCS or OCS is configured with "Kerberos and NTLM", it makes the user to fail during login in Office Communicator.

When communicator tries to login, it gets following error...

Communicator was unable to authenticate to the server...

It happens due to the trust type between these two forests.

If it is an external trust, they will be able to use only NTLM. If they will have forest trust (Both side Windows 2003 native functional level), then they can use NTLM and Kerberos both.

External trust doesn’t support Kerberos.

http://technet.microsoft.com/en-us/library/cc755700.aspx 

In order to enable Kerberos authentication, you need to enable forest trusts. Please see the following link about how to do that.

http://technet.microsoft.com/en-us/library/cc776940.aspx

Related Links:

Inter forest LCS\OCS deployment without identity integration application (MIIS, IIFP etc...)