[2 days left] What’s wrong with your cloud strategy? Learn why multicloud solutions matter with Nimble Storage.Register Now

x
?
Solved

LYNC 2010 Edge Issue

Posted on 2013-01-13
17
Medium Priority
?
4,314 Views
Last Modified: 2013-02-21
We have recently setup a lync 2010 enviroment.  We have a lync server (Standard Edition) and a lync edge server.  The communication between internal clients performs as expected.  External clients can connect and use the IM feature.  The connection immediatly drops with a network error when we attempt to initiate a call.

The network is as follows:
Lync Server -- 10.104.220.178/24
Lync Edge Server -- 10.104.220.64/24 (Internal)
Lync Edge Server -- 10.104.250.2/24 (External)

We are NATing a public IP to the External address.
We are using internally assigned certificates for the LYNC and LYNC Edge Internal and a public SAN certificate.  We get the following error when we start a lync communication session on the LYNC edge server.  We believe that this may be the issue on why external client cannot communicate with our internal client.
Certificate error Message
0
Comment
Question by:ButlerTechnology
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 4
  • 3
  • +1
17 Comments
 
LVL 59

Expert Comment

by:Cliff Galiher
ID: 38773263
What client are you using to start the session? And what are your port configurations on your NAT device? It sounds like a breakdown on the AV side of things.
0
 
LVL 26

Accepted Solution

by:
Leon Fester earned 501 total points
ID: 38777726
You can enable logging on the Lync/OCS client so that you can see what is causing the connection to drop.
http://technet.microsoft.com/en-us/library/gg195661(v=ocs.14).aspx

Another logging tool is the Lync Server logging tool:
http://technet.microsoft.com/en-us/library/gg558599(v=ocs.14).aspx

Another test from external can be found on:
https://www.testocsconnectivity.com/
Click on the tab "Lync/OCS Server" and use the "Lync Server Remote Connectivity Test"

This should give you more detailed error reporting.
0
 
LVL 6

Author Comment

by:ButlerTechnology
ID: 38796150
We are using Lync 2010 client.  We have the following ports open: 5061, 5060, 443, 3478, 1152, 44.
0
Veeam Task Manager for Hyper-V

Task Manager for Hyper-V provides critical information that allows you to monitor Hyper-V performance by displaying real-time views of CPU and memory at the individual VM-level, so you can quickly identify which VMs are using host resources.

 
LVL 59

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 501 total points
ID: 38796188
44and 1152 should not be necessary for lync services. Everything looks good for the external side though. On the internal side, 5062 is also necessary and if that is blocked, would generate the symptoms you describe,
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 38800261
Did you take this test yet?
https://www.testocsconnectivity.com/
Click on the tab "Lync/OCS Server" and use the "Lync Server Remote Connectivity Test"

It is a site provided by Microsoft themselves and the error reporting is much more detailed than the information you've provided here...
0
 
LVL 6

Author Comment

by:ButlerTechnology
ID: 38801038
We are waiting for our ISP to update our DNS entries.  We will run the OCS test as soon as that happens.
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 38801188
You only need the DNS entries for the autodiscovery tests.
Run them manually and enter the IP adderss of your Edge Server.

In fact, I actually posted 3 different tests that you could use.
0
 
LVL 6

Author Comment

by:ButlerTechnology
ID: 38812692
I tried the TestOCSConnectivity, but it requires a FQDN to process.  I am hoping that once our records get updated to use that test.

I used the client logging and reviewed the log under the trace folder.  I did not notice any entries that would identify a failure.  I will be quiet honest that I may not be sure what I would be looking for.

I won't be able to test the logs on the server till the weekend.
0
 
LVL 18

Assisted Solution

by:Netflo
Netflo earned 498 total points
ID: 38833472
Hi,

I would take a look at the following link: http://technet.microsoft.com/en-us/library/gg425891(v=ocs.14).aspx which may prove useful to double check that all ports required are open to your DMZ and from the DMZ to your LAN, assuming LAN and DMZ outbound are open.

Have  you also setup your correct DNS - including SRV records? I believe this may be your issue, as this would have a direct impact on what you're trying to achieve. Have a look at this link: http://technet.microsoft.com/en-us/library/gg412787(v=ocs.14).aspx

Hope this helps, let us know how you get along.
0
 
LVL 6

Author Comment

by:ButlerTechnology
ID: 38868335
I have been testing using the Remote Connectivty Analyzer.  

It displays a "Operations time out" when testing remote connectivity using the auto-discover area.

It connects successfull when using the FQDN of the server on port 5061.

It does not connect successfully when using the FQDN of the server on port 443.  The same message when using auto-discovery is displayed.  The test does show that the port (443) was opened successfully.

Other information that may/may not be helpful.  The Lync Server Audio/Video Edge service is set to start automatically, but is not started.  I start the service and it starts and stops.  The IIS Default Web Site is bound to the same certificate as the External Lync Connection.
0
 
LVL 18

Expert Comment

by:Netflo
ID: 38872085
On your Lync servers run the installation media and perform the 'setup or remove Lync server components' this should apply and changes to your infrastructure that is pending or not working. Reboot your servers following this change and does all services start up correctly?
0
 
LVL 6

Author Comment

by:ButlerTechnology
ID: 38873342
Netflo

I took your recommendation and the Lync Server Audio/Video Edge service is now starting up as one would expect.  The certificate error moves forward a bit.
I am getting the following error:

Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server sip.company.com on port 443.
ExRCA wasn't able to obtain the remote SSL certificate.
Additional Details
The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.

The certificate is a SAN issued by godaddy.  The certificate has the following entires:

sip.company.com
lyncedge.company.com
0
 
LVL 18

Expert Comment

by:Netflo
ID: 38886765
Considering the error being received can you try and initiate a call via Lync from external to internal? Do you get the network error?
0
 
LVL 6

Author Comment

by:ButlerTechnology
ID: 38897145
We are able to communicate with IM between internal and external clients.  We get a error message when we attempt to initiate a phone or video call.  It attempts to make the connection and then fails with a network error.
0
 
LVL 18

Expert Comment

by:Netflo
ID: 38897349
Disable your AV on the remote clients and try again.

I personally had this problem and this was due to Kaspersky blocking TURN packets, hence the error when trying to make a call.
Work around for me was to tell Kaspersky not to scan network traffic for Communicator.exe.
0
 
LVL 6

Author Comment

by:ButlerTechnology
ID: 38916001
NetFlo
I took your recommendation and we have success.  I then tried several other machines without adjusting the AV and they are working.  I tried the LYC/OCS Test site and it is still failing on the certificate issue.   I spoke with our network manager and he has been making tweaks and such.  The bottom line is that we are working without a clear understanding of what was the actual solution.

We are still having some issues the meeting stuff that I will post in a new thread since this one has clear up the initial issues.  I will be awarding points to all since there was no clear solution.
0
 
LVL 6

Author Closing Comment

by:ButlerTechnology
ID: 38916013
It is unknown what the the issues was, but the advise from all is greatly appreciated and very helpful.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You might have come across a situation when you have Exchange 2013 server in two different sites (Production and DR). After adding the Database copy in ECP console it displays Database copy status unknown for the DR exchange server. Issue is strange…
For anyone that has accidentally used newSID with Server 2008 R2 (like I did) and hasn't been able to get the server running again because you were unlucky (as I was) and had no backups - I was able to get things working by doing a Registry Hive rec…
This tutorial will give a an overview on how to deploy remote agents in Backup Exec 2012 to new servers. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as connecting to a remote Back…
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

649 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question