After the recent in-place upgrade of the primary server pool to SfB version (the one that hosts all the simple URLs), we started getting calls from our sizable Mac user-base about not being able to login to the https://dialin.domain.com page any more.
Just the Mac clients were seeing this issue. Tested on Safari and Chrome and Firefox, and all behaved the same exact way, but the issue could not be duplicated on a Windows PC.
Can't login to the dialin page means the user can't set or update their PINs, or reset their conference IDs.
Either there was no "sign-in" link on the page, or it was replaced with a cryptic message "Cannot sign in because your Web Browser does not support the authentication method used by the server. Contact your system administrator for assistance"
Now, if the same Mac client accesses the "external" dialin page, all's well and normal. Issue only happens when the Internal dialin page is accessed (which is the default for users on the internal domain).
Called in a case with our favorite support team, and it turns out that this is a know issue ever since SfB was RTM'ed (April 2015 I believe) :-(. Something about the javascript code on the page hiding the sign-in URL if the browser does not support integrated windows authentication.
So till the product group can fix this issue the only workarounds available seem to be:
- Switch out the Mac's with Windows PCs (just kidding).
- Have Mac users login to the dialin page thru a Windows PC/ Citrix.
- In Safari, switch the user-agent to IE before accessing the page (need to enable Developer mode to see this option).
- The Internal dialin page could temporarily be redirected to reverse proxy so it can be proxied to 4443 instead.
- Use Powershell to set user's PINs with "Set-CsClientPin -Identity userA -Pin 1234"
Take your pick..