?
Solved

LYNC 2010 Edge Issue

Posted on 2013-01-13
17
Medium Priority
?
4,238 Views
Last Modified: 2013-02-21
We have recently setup a lync 2010 enviroment.  We have a lync server (Standard Edition) and a lync edge server.  The communication between internal clients performs as expected.  External clients can connect and use the IM feature.  The connection immediatly drops with a network error when we attempt to initiate a call.

The network is as follows:
Lync Server -- 10.104.220.178/24
Lync Edge Server -- 10.104.220.64/24 (Internal)
Lync Edge Server -- 10.104.250.2/24 (External)

We are NATing a public IP to the External address.
We are using internally assigned certificates for the LYNC and LYNC Edge Internal and a public SAN certificate.  We get the following error when we start a lync communication session on the LYNC edge server.  We believe that this may be the issue on why external client cannot communicate with our internal client.
Certificate error Message
0
Comment
Question by:ButlerTechnology
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 8
  • 4
  • 3
  • +1
17 Comments
 
LVL 59

Expert Comment

by:Cliff Galiher
ID: 38773263
What client are you using to start the session? And what are your port configurations on your NAT device? It sounds like a breakdown on the AV side of things.
0
 
LVL 26

Accepted Solution

by:
Leon Fester earned 501 total points
ID: 38777726
You can enable logging on the Lync/OCS client so that you can see what is causing the connection to drop.
http://technet.microsoft.com/en-us/library/gg195661(v=ocs.14).aspx

Another logging tool is the Lync Server logging tool:
http://technet.microsoft.com/en-us/library/gg558599(v=ocs.14).aspx

Another test from external can be found on:
https://www.testocsconnectivity.com/
Click on the tab "Lync/OCS Server" and use the "Lync Server Remote Connectivity Test"

This should give you more detailed error reporting.
0
 
LVL 6

Author Comment

by:ButlerTechnology
ID: 38796150
We are using Lync 2010 client.  We have the following ports open: 5061, 5060, 443, 3478, 1152, 44.
0
Prepare for your VMware VCP6-DCV exam.

Josh Coen and Jason Langer have prepared the latest edition of VCP study guide. Both authors have been working in the IT field for more than a decade, and both hold VMware certifications. This 163-page guide covers all 10 of the exam blueprint sections.

 
LVL 59

Assisted Solution

by:Cliff Galiher
Cliff Galiher earned 501 total points
ID: 38796188
44and 1152 should not be necessary for lync services. Everything looks good for the external side though. On the internal side, 5062 is also necessary and if that is blocked, would generate the symptoms you describe,
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 38800261
Did you take this test yet?
https://www.testocsconnectivity.com/
Click on the tab "Lync/OCS Server" and use the "Lync Server Remote Connectivity Test"

It is a site provided by Microsoft themselves and the error reporting is much more detailed than the information you've provided here...
0
 
LVL 6

Author Comment

by:ButlerTechnology
ID: 38801038
We are waiting for our ISP to update our DNS entries.  We will run the OCS test as soon as that happens.
0
 
LVL 26

Expert Comment

by:Leon Fester
ID: 38801188
You only need the DNS entries for the autodiscovery tests.
Run them manually and enter the IP adderss of your Edge Server.

In fact, I actually posted 3 different tests that you could use.
0
 
LVL 6

Author Comment

by:ButlerTechnology
ID: 38812692
I tried the TestOCSConnectivity, but it requires a FQDN to process.  I am hoping that once our records get updated to use that test.

I used the client logging and reviewed the log under the trace folder.  I did not notice any entries that would identify a failure.  I will be quiet honest that I may not be sure what I would be looking for.

I won't be able to test the logs on the server till the weekend.
0
 
LVL 18

Assisted Solution

by:Netflo
Netflo earned 498 total points
ID: 38833472
Hi,

I would take a look at the following link: http://technet.microsoft.com/en-us/library/gg425891(v=ocs.14).aspx which may prove useful to double check that all ports required are open to your DMZ and from the DMZ to your LAN, assuming LAN and DMZ outbound are open.

Have  you also setup your correct DNS - including SRV records? I believe this may be your issue, as this would have a direct impact on what you're trying to achieve. Have a look at this link: http://technet.microsoft.com/en-us/library/gg412787(v=ocs.14).aspx

Hope this helps, let us know how you get along.
0
 
LVL 6

Author Comment

by:ButlerTechnology
ID: 38868335
I have been testing using the Remote Connectivty Analyzer.  

It displays a "Operations time out" when testing remote connectivity using the auto-discover area.

It connects successfull when using the FQDN of the server on port 5061.

It does not connect successfully when using the FQDN of the server on port 443.  The same message when using auto-discovery is displayed.  The test does show that the port (443) was opened successfully.

Other information that may/may not be helpful.  The Lync Server Audio/Video Edge service is set to start automatically, but is not started.  I start the service and it starts and stops.  The IIS Default Web Site is bound to the same certificate as the External Lync Connection.
0
 
LVL 18

Expert Comment

by:Netflo
ID: 38872085
On your Lync servers run the installation media and perform the 'setup or remove Lync server components' this should apply and changes to your infrastructure that is pending or not working. Reboot your servers following this change and does all services start up correctly?
0
 
LVL 6

Author Comment

by:ButlerTechnology
ID: 38873342
Netflo

I took your recommendation and the Lync Server Audio/Video Edge service is now starting up as one would expect.  The certificate error moves forward a bit.
I am getting the following error:

Testing the SSL certificate to make sure it's valid.
The SSL certificate failed one or more certificate validation checks.
Test Steps
ExRCA is attempting to obtain the SSL certificate from remote server sip.company.com on port 443.
ExRCA wasn't able to obtain the remote SSL certificate.
Additional Details
The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.

The certificate is a SAN issued by godaddy.  The certificate has the following entires:

sip.company.com
lyncedge.company.com
0
 
LVL 18

Expert Comment

by:Netflo
ID: 38886765
Considering the error being received can you try and initiate a call via Lync from external to internal? Do you get the network error?
0
 
LVL 6

Author Comment

by:ButlerTechnology
ID: 38897145
We are able to communicate with IM between internal and external clients.  We get a error message when we attempt to initiate a phone or video call.  It attempts to make the connection and then fails with a network error.
0
 
LVL 18

Expert Comment

by:Netflo
ID: 38897349
Disable your AV on the remote clients and try again.

I personally had this problem and this was due to Kaspersky blocking TURN packets, hence the error when trying to make a call.
Work around for me was to tell Kaspersky not to scan network traffic for Communicator.exe.
0
 
LVL 6

Author Comment

by:ButlerTechnology
ID: 38916001
NetFlo
I took your recommendation and we have success.  I then tried several other machines without adjusting the AV and they are working.  I tried the LYC/OCS Test site and it is still failing on the certificate issue.   I spoke with our network manager and he has been making tweaks and such.  The bottom line is that we are working without a clear understanding of what was the actual solution.

We are still having some issues the meeting stuff that I will post in a new thread since this one has clear up the initial issues.  I will be awarding points to all since there was no clear solution.
0
 
LVL 6

Author Closing Comment

by:ButlerTechnology
ID: 38916013
It is unknown what the the issues was, but the advise from all is greatly appreciated and very helpful.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will show how to push an installation of Backup Exec to an additional server in both 2012 and 2014 versions of the software. Click on the Backup Exec button in the upper left corner. From here, select Installation and Licensing, then I…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Suggested Courses

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question