Exchange server is unavailable error from a CX 600 Lync Phone

Error:  Exchange server is unavailable error from a CX 600 Lync Phone

Synopsis: This error is expected. No matter which Lync Phone Edition - Information Worker (Aastra 6725ip, HP 4120 and Polycom CX600) or Common Area device that supports "PIN and Extension Login" you like to use. This is because the Authentication Method that really is used when PIN & Extension Login is performed is: the new Lync TLS-DSK, a kind of certificate based (Derived Session Key - DSK) authentication.

TLS-DSK is not supported by the Exchange Webservices (EWS,UM, OAB, etc.). So a device that only has a Derived Session Key (an not the full AD user credentials, for e.g. NTLM Authentication, which is supported by Exchange Webservices), will never be able to Logon to Exchange, till Exchange also supports TLS-DSK.

When tethering an Information Worker Phone via USB, you provide your full AD user credentials to the device (via a Lync client POP-UP-Dialog). This credentials allow the device to use NTLM Authentication when it logs into Exchange Webservices. The same, if you use a Tanjay (CX700 or LG Nortel IP8540) and enter your full credentials via the full quertz keyboard in Touch-Display. But no matter if you use devices or the Lync client itself, all of them support TLS-DSK, cause it is the only authentication method that can work without an DC (Domain Controller) available. In case of outages or SBA (Branch Survivabilty) scenarios, TLS-DSK will continue to work, while NTLM or Kerberos will stop till a DC becomes available again.

Resolution: Plug usb port of lync phone to a computer with Lync enter AD credentials when prompted. USB cable can unplugged given that the AD credentials will now be cached on the Lync phone