larspanky
asked on
Lync 2010 Mobile Client Fails to Login From Outside the Network
Hi,
I have a Lync 2010 setup deployed, Linux Reverse Proxy for web services. All of it seems to work outside of the iPhones, logging into Lync from OUTSIDE the network.
Android devices are able to connect inside and outside the network, the MS Lync Connectivity Analyzer reports positive outside the network as does the remoteconnectivity online tool.
If I connect an iPhone while on the inside LAN, and disconnect or leave the office while logged in the client will remain connected normally. If I disconnect, or try to login from outside the network it will fail. "Failed to process the server response. Please try again. If the problem persists, contact your support team"
The Client log reports from the iPhone
</style></head><body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container"> <fieldset>
<h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2>
<h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3> </fieldset></div>
</div>
</body></html>
/Users/comobuildadmin/icom o/private/ se_wave1_i dx/src/dev /CoMo/appl icationLay er/_buildI os/../infr astructure /private/C LogonSessi on.cpp/107 9:Auto-dis covery failed, aborting sign-in!
Lync[107:907] is not a valid email address.
On the reverse Proxy I can see access denied errors.
/webticket/webticketservic e.svc HTTP/1.1" 401 1165
/groupexpansion/service.sv c/mex HTTP/1.1" 400 312
I had this working with an older ISA server, wildcard certificate on the outside interface and an internal certificate on the Lync Server. This was for testing. When I replaced the internal certificate with the Public SAN certificate I could not longer use the ISA server because the SAN certificate has the TLD name as its subject and did not match the FQDN.
The linux reverse proxy has the same SAN certificate as the Lync Front End server and includes both Lyncdiscover, and the FQDN of the front end.
This strikes me as a certificate problem because it worked before. I am not sure why only the iPhone cant login from the outside. I have adjusted the timeout values, rechecked the keys and the certificate chain. If I use the manual server entry option on the mobile client, it will not login or error. It just hangs.
Thoughts?
Thank You
I have a Lync 2010 setup deployed, Linux Reverse Proxy for web services. All of it seems to work outside of the iPhones, logging into Lync from OUTSIDE the network.
Android devices are able to connect inside and outside the network, the MS Lync Connectivity Analyzer reports positive outside the network as does the remoteconnectivity online tool.
If I connect an iPhone while on the inside LAN, and disconnect or leave the office while logged in the client will remain connected normally. If I disconnect, or try to login from outside the network it will fail. "Failed to process the server response. Please try again. If the problem persists, contact your support team"
The Client log reports from the iPhone
</style></head><body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container">
<h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2>
<h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3> </fieldset></div>
</div>
</body></html>
/Users/comobuildadmin/icom
Lync[107:907] is not a valid email address.
On the reverse Proxy I can see access denied errors.
/webticket/webticketservic
/groupexpansion/service.sv
I had this working with an older ISA server, wildcard certificate on the outside interface and an internal certificate on the Lync Server. This was for testing. When I replaced the internal certificate with the Public SAN certificate I could not longer use the ISA server because the SAN certificate has the TLD name as its subject and did not match the FQDN.
The linux reverse proxy has the same SAN certificate as the Lync Front End server and includes both Lyncdiscover, and the FQDN of the front end.
This strikes me as a certificate problem because it worked before. I am not sure why only the iPhone cant login from the outside. I have adjusted the timeout values, rechecked the keys and the certificate chain. If I use the manual server entry option on the mobile client, it will not login or error. It just hangs.
Thoughts?
Thank You
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Try the RUCT Tool, it shows more than the LYNC test web site.
If you have results, just come back :-)
If you have results, just come back :-)
ASKER
The tool is showing the certificates properly, its inline with what I was expecting to see. You mentioned that there may be a trust problem between the proxy and the FE server so I will look at that closely next.
I feel like the FQDN not being the subject of the certificate on the FE servers contributing to this problem but I have read that others have used a similar setup and it worked.
Ill get back, thanks
I feel like the FQDN not being the subject of the certificate on the FE servers contributing to this problem but I have read that others have used a similar setup and it worked.
Ill get back, thanks
ASKER
Still working on this. Ill keep you posted.
ASKER
Ill get back.