• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 931
  • Last Modified:

Lync 2010 services sign in issue

Service Sign In
Lync 2010 services sign in asks for credentials. when the information is entered, it comes back asking for the info again and again. no luck.

the exact requirements are attached. I have no idea why this happens. we have a lync edge server 2010, and lync 2010 front end server

any assistance in understanding this and how to resolve it will be appreciated. most of anything I have found on the web relates to some 365 office service. We don't use this 365 service. so please no resolves for that.

The embedded image was one i found on the web

Thanks
0
Ancients
Asked:
Ancients
  • 6
  • 4
  • 3
  • +1
1 Solution
 
Cliff GaliherCommented:
A couple of questions. Does your AD domain name match SIP domain name? Does the certificate subject name domain suffix you installed on the FE match the SIP domain name? Are you seeing this on internal clients, external clients, or both?
0
 
BembiCEOCommented:
And another one...
Have you tried to log on with DOMAIN\Username for the "User Name" (not for the account)...
0
 
Antonio VargasMicrosoft Senior Cloud ConsultantCommented:
this is most likely for signing in to the exchange web services. so, are these users internal or external? does your sip domain matches your e-mail domain? have you tried it with outlook open and outlook closed? just to compare both behaviors.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
AncientsAuthor Commented:
First to the admins,

thanks for your assistance with this request

I have a FE which has cert issued by Domain PKI server, the external lync edge that is located on the dmz has a SAN cert raised.

we notice this only on the inside of our network and not on external. I will test if this is an issue when outlook is open, and perhaps that is why we have issues.

the Lync edge has an internal and an external Network interface with IPs for each.

it has its own public IP and separate

AJ
0
 
AncientsAuthor Commented:
also our internal domain domain.local is very different to our pubilc domain.com
0
 
Cliff GaliherCommented:
Des your configured SIP domain match your internal domain or external domain?
0
 
AncientsAuthor Commented:
external domain. SIP.externalpublicdomain.com
0
 
Cliff GaliherCommented:
That is slightly unusual. I'd like to see the configuration of a lync client when it is exhibiting the issue.

Ctrl-right-click on the lync icon in the notification center and one of the menu options is configuration information. That screen has a copy button and you can then paste it into a text file. So they don't need to be large screen grabs.
0
 
BembiCEOCommented:
Just some additionalgeneral comments:
1.) Lync client (internal and external) searches some common names in DNS to find the Lync front end pool (intern) or the edge (extern).
To see these entries, there are two tools MUCLogin an RUCT, which shows you, what the client searches for and what it takes, and certificates and more.
(My connection is very slow at the moment, so no links, but easily to find via google).

Also you just can type ipconfig /flushdns, try to login and then ipconfig /displaydns, there you see, which DNS names the client tries to find.

Last option is to config the client manually.

2.) The client uses encrypted communication by default, so ports 443, 5061 and a certificate on the server. There is no default fall back to unecrypted connection like in OCS. The name the client grabs from DNS or is manuallyconfigured has to be in the certificate, which is installed on the access-point (internally the pool, externally the edge). If the certificate do not contain the name, the login is denied.

3.) The user has to have a valid SIP configuration, so has to be in the LYnc Users configuration page and has to be enabled (including some policies, what he is allowed to do).  

4.) If the SIP domain is different than the user domain (i.e. user domain is mycompany.local and sip domain is sip.mydomain.local, then you need a subdomain sip in your DNS configuration, so that the client can find the server by asking the sip.mydomain.local settings. Nevertheless the servers can reside in the user domain.
Logon to the server is then with the account from sip.mydomain.local, but the username and password are from the userdomain.

5.) Lync does not directly support kerberos authentication out of the box. You find an instruction with a dedicated user account for the pool identity of the Lync in technet. So if this is not implemented, logon with user@userdomain may fails, use DOMAIN\User instead.

All over all: Most of such logon problems are DNS or certificate related.
0
 
AncientsAuthor Commented:
thanks

ill get on this in within the next two days and get back to you
0
 
AncientsAuthor Commented:
I have to put this on hold, as I have another issue now

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Q_27875676.html

sorry. once this is figured out I will then continue with this.
0
 
BembiCEOCommented:
No problem, just respond again if you are ready with the other issues...
0
 
Cliff GaliherCommented:
I suspect the two may in fact be related. I am beginning to believe you have some larger Lync configuration issues with interrelated symptoms. Between this and the other question, I get the impression you are new to Lync. It is an extensive product with many configuration options and troubleshooting takes a fair amount of familiarity with Active Directory, the way the Central Store works for configuration, SIP log management, and multi-network topologies. If you aren't intimately familiar with those core subjects, you will have issues and there are too many facets to accurately cover in an EE post.

Honestly, while I'd be happy if I were wrong, I looked at your other question and I am not sure you'll get much traction or resolution there. I know when I read it I thought of over a dozen possible explanations and writing them all out would have been more than a text field on a web page can readily handle. You may be better off calling in a Lync specialist that is familiar with these types of deployments and can work with you on the troubleshooting and configuration aspects. You'll solve multiple issues in one go with that approach.

-Cliff
0
 
AncientsAuthor Commented:
one of our engineers made changes to DNS to fit routing. discovered same ip used with another service. <br /><br />works a treat now.
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 6
  • 4
  • 3
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now