Link to home
Create AccountLog in
Microsoft IIS Web Server

Microsoft IIS Web Server

--

Questions

--

Followers

Top Experts

Avatar of caperionllc
caperionllc🇺🇸

Lync 2013 Mobile working for Android but not iPad or iPhone
I have a Lync 2013 deployment that consists of:

1 Lync Standard Front End server
1 Lync Edge server
1 Windows 2012 server with IIS acting as a reverse proxy using URL rewrite
1 Office Web Apps server

Currently we have Lync working as it should for Lync standard clients installed on PCs inside and outside of the office.  We have a public cert from DigiCert which is a UC multi-domain certificate with SANs for every name that would be used publicly by Lync.

The problem is that from outside of the office no apple devices (iPad or iPhone) can sign into Lync via either the 2010 or 2013 client, though Android devices can without an issue using both the 2010 and 2013 clients.

There are a few known issues we are facing including:
1) For some reason the Edge server is not publishing the public certificate via the sip.domain.com public interface.  While the Topology builder says that the public cert is properly configured, the Microsoft Remote Connectivity Analyzer gives the following errors:

      Testing remote connectivity for user <a valid SIP URI> to the Microsoft Lync server.
       Specified remote connectivity test(s) to Microsoft Lync server failed. See details below for specific failure reasons.
       
      Test Steps
       
      Attempting to resolve the host name sip.consoto.com in DNS.
       The host name resolved successfully.
       
      Additional Details
       IP addresses returned: <public IP of LyncEdge server for access/sip interface>
      Testing TCP port 443 on host sip.consoto.com to ensure it's listening and open.
       The port was opened successfully.
      Testing the SSL certificate to make sure it's valid.
       The SSL certificate failed one or more certificate validation checks.
       
      Test Steps
       
      The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server sip.consoto.com on port 443.
       The Microsoft Connectivity Analyzer wasn't able to obtain the remote SSL certificate.
       
      Additional Details
       The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.

2) Microsoft Lync Connectivity Analyzer ends saying that minimum requirements are met, but still gives warnings as follows:


Starting tests for Mobility (MCX) service
Verifying internal Mobility (MCX) service: https://lync.consoto.com/Mcx/McxService.svc
Successfully obtained the WS-Metadata Exchange (MEX) document using GET. The service did not require authorization.
Verifying external Mobility (MCX) service: https://lync.consoto.com/Mcx/McxService.svc
Successfully obtained the WS-Metadata Exchange (MEX) document using GET. The service did not require authorization.
Verifying internal Mobility (MCX) service: https://lync.consoto.com/Mcx/McxService.svc
Failed to obtain the WS-Metadata Exchange (MEX) document using POST for https://lync.consoto.com/Mcx/McxService.svc/mex. The service did not require authorization.
Verifying external Mobility (MCX) service: https://lync.consoto.com/Mcx/McxService.svc
Failed to obtain the WS-Metadata Exchange (MEX) document using POST for https://lync.consoto.com/Mcx/McxService.svc/mex. The service did not require authorization.
Completed tests for Mobility (MCX) service.
None, AutoInternalDNSFail, AutoInternalSecureD, AutoInternalUnsecureD, ManualDNSFail, ManualSecureD, ManualUnsecureD, AuthBrokerInternalLMXCheckGET, AuthBrokerInternalLMXCheckPOST, AuthBrokerExternalLMXCheckGET, AuthBrokerExternalLMXCheckPOST, MobilityMCXInternalLMXCheckPOST, MobilityMCXExternalLMXCheckPOST, LMXSIPServerInternalDNS, LMXSIPServerExternalDNS

Your deployment meets the minimum requirements for Lync mobile apps.

3) an iPad connection attempt from external fails immediately displaying the message:
"Can't connect to the server.  It might be unavailable. Also please check your network connection, sign-in address and server addresses."

Then viewing the connection logs we see lines such as:
2013-08-11 21:10:07.564 Lync[28918:907] INFO APPLICATION /Users/comobuildadmin/icomo/private/icomo_ipad/src/dev/CoMo/applicationLayer/_buildIos/../infrastructure/private/CUrlRedirectAndTrustResolver.cpp/202:CUrlRedirectAndTrustResolver::processUrl called with url = http://lyncdiscoverinternal.consoto.com/, hopCount = 0, maxHops = 10
2013-08-11 21:10:07.565 Lync[28918:907] WARNING TRANSPORT /Users/comobuildadmin/icomo/private/icomo_ipad/src/dev/CoMo/transport/_buildIos/../credentialManager/private/CCredentialManager.cpp/272:CCredentialManager::getSpecificCredential returning NULL credential!

2013-08-11 21:10:07.598 Lync[28918:6613] INFO TRANSPORT /Users/comobuildadmin/icomo/private/icomo_ipad/src/dev/CoMo/transport/_buildIos/../requestProcessor/privateIos/CHttpConnection.cpp/521:Received stream event = 8 for UcwaAutoDiscoveryRequest
2013-08-11 21:10:07.599 Lync[28918:6613] ERROR TRANSPORT /Users/comobuildadmin/icomo/private/icomo_ipad/src/dev/CoMo/transport/_buildIos/../requestProcessor/privateIos/CHttpConnection.cpp/977:Request Type = UcwaAutoDiscoveryRequest Error domain = kCFErrorDomainCFNetwork code = 0x2 ErrorDescription = The operation couldn‚Äôt be completed. (kCFErrorDomainCFNetwork error 2.) ErrorFailureReason =  ErrorRecoverySuggestion =  
2013-08-11 21:10:07.601 Lync[28918:6613] ERROR TRANSPORT /Users/comobuildadmin/icomo/private/icomo_ipad/src/dev/CoMo/transport/_buildIos/../requestProcessor/privateIos/CHttpConnection.cpp/906:GetAddrInfo returned has error 0x898e70

2013-08-11 21:10:07.671 Lync[28918:907] ERROR APPLICATION /Users/comobuildadmin/icomo/private/icomo_ipad/src/dev/CoMo/applicationLayer/_buildIos/../infrastructure/private/CUcwaAutoDiscoveryGetUserUrlOperation.cpp/322:Request failed.  Error - E2-2-1

2013-08-11 21:10:07.694 Lync[28918:907] INFO APPLICATION /Users/comobuildadmin/icomo/private/icomo_ipad/src/dev/CoMo/applicationLayer/_buildIos/../infrastructure/private/CTransportRequestRetrialQueue.cpp/502:Submitting new req. <unknown>
2013-08-11 21:10:07.695 Lync[28918:6613] INFO TRANSPORT /Users/comobuildadmin/icomo/private/icomo_ipad/src/dev/CoMo/transport/_buildIos/../requestProcessor/private/CHttpRequestProcessor.cpp/380:Sending request(UcwaAutoDiscoveryRequest) to server type = 0
2013-08-11 21:10:07.696 Lync[28918:907] INFO APPLICATION /Users/comobuildadmin/icomo/private/icomo_ipad/src/dev/CoMo/applicationLayer/_buildIos/../infrastructure/private/CUcwaAutoDiscoveryService.cpp/1482:Successfully started the GetUserUrlOperation request for http://lyncdiscover.consoto.com/?sipuri=sip:test@consoto.com
2013-08-11 21:10:07.697 Lync[28918:6613] INFO TRANSPORT /Users/comobuildadmin/icomo/private/icomo_ipad/src/dev/CoMo/transport/_buildIos/../requestProcessor/privateIos/CHttpStreamPool.cpp/192:Setting url - https://lyncdiscover.consoto.com/ persistent id as 3
2013-08-11 21:10:07.700 Lync[28918:6613] INFO TRANSPORT /Users/comobuildadmin/icomo/private/icomo_ipad/src/dev/CoMo/transport/_buildIos/../common/privateIos/CTransportThread.cpp/339:Sent Request(UcwaAutoDiscoveryRequest) to Request Processor
2013-08-11 21:10:07.701 Lync[28918:6613] INFO TRANSPORT /Users/comobuildadmin/icomo/private/icomo_ipad/src/dev/CoMo/transport/_buildIos/../common/TransportUtilityFunctions.cpp/353:<SentRequest>
2013-08-11 21:10:07.702 Lync[28918:6613] INFO TRANSPORT /Users/comobuildadmin/icomo/private/icomo_ipad/src/dev/CoMo/transport/_buildIos/../common/TransportUtilityFunctions.cpp/356:To:http://lyncdiscover.consoto.com/
2013-08-11 21:10:07.702 Lync[28918:6613] INFO TRANSPORT /Users/comobuildadmin/icomo/private/icomo_ipad/src/dev/CoMo/transport/_buildIos/../common/TransportUtilityFunctions.cpp/372:HttpHeader:Accept application/vnd.microsoft.rtc.autodiscover+xml;v=1
2013-08-11 21:10:07.703 Lync[28918:6613] INFO TRANSPORT /Users/comobuildadmin/icomo/private/icomo_ipad/src/dev/CoMo/transport/_buildIos/../common/TransportUtilityFunctions.cpp/381:
2013-08-11 21:10:07.704 Lync[28918:6613] INFO TRANSPORT /Users/comobuildadmin/icomo/private/icomo_ipad/src/dev/CoMo/transport/_buildIos/../common/TransportUtilityFunctions.cpp/384:</SentRequest>
2013-08-11 21:10:07.705 Lync[28918:6613] INFO TRANSPORT /Users/comobuildadmin/icomo/private/icomo_ipad/src/dev/CoMo/transport/_buildIos/../requestProcessor/private/CHttpRequestProcessor.cpp/380:Sending request(UcwaAutoDiscoveryRequest) to server type = 0
2013-08-11 21:10:07.706 Lync[28918:6613] INFO TRANSPORT /Users/comobuildadmin/icomo/private/icomo_ipad/src/dev/CoMo/transport/_buildIos/../requestProcessor/privateIos/CHttpStreamPool.cpp/192:Setting url - http://lyncdiscover.consoto.com/ persistent id as 4
2013-08-11 21:10:07.707 Lync[28918:6613] INFO TRANSPORT /Users/comobuildadmin/icomo/private/icomo_ipad/src/dev/CoMo/transport/_buildIos/../requestProcessor/privateIos/CHttpStreamPool.cpp/314:Not setting TLS as the url(http://lyncdiscover.consoto.com/) is not https
2013-08-11 21:10:07.710 Lync[28918:6613] INFO TRANSPORT /Users/comobuildadmin/icomo/private/icomo_ipad/src/dev/CoMo/transport/_buildIos/../requestProcessor/privateIos/CHttpConnection.cpp/521:Received stream event = 8 for UcwaAutoDiscoveryRequest
2013-08-11 21:10:07.711 Lync[28918:6613] ERROR TRANSPORT /Users/comobuildadmin/icomo/private/icomo_ipad/src/dev/CoMo/transport/_buildIos/../requestProcessor/privateIos/CHttpConnection.cpp/977:Request Type = UcwaAutoDiscoveryRequest Error domain = NSPOSIXErrorDomain code = 0x20 ErrorDescription = The operation couldn‚Äôt be completed. Broken pipe ErrorFailureReason = Broken pipe ErrorRecoverySuggestion =  
2013-08-11 21:10:07.712 Lync[28918:6613] INFO TRANSPORT /Users/comobuildadmin/icomo/private/icomo_ipad/src/dev/CoMo/transport/_buildIos/../requestProcessor/private/CHttpRequestProcessor.cpp/137:Received response of request(UcwaAutoDiscoveryRequest) with status = 0x22020009

2013-08-11 21:10:07.726 Lync[28918:6613] INFO TRANSPORT /Users/comobuildadmin/icomo/private/icomo_ipad/src/dev/CoMo/transport/_buildIos/../requestProcessor/private/CHttpRequestProcessor.cpp/380:Sending request(UcwaAutoDiscoveryRequest) to server type = 0
2013-08-11 21:10:07.727 Lync[28918:6613] INFO TRANSPORT /Users/comobuildadmin/icomo/private/icomo_ipad/src/dev/CoMo/transport/_buildIos/../requestProcessor/privateIos/CHttpStreamPool.cpp/192:Setting url - https://lyncdiscover.consoto.com/ persistent id as 3
2013-08-11 21:10:33.096 Lync[28918:907] INFO APPLICATION /Users/comobuildadmin/icomo/private/icomo_ipad/src/dev/CoMo/applicationLayer/_buildIos/../infrastructure/private/CMcxDataSynchronizer.cpp/1639:Mode 1 timed out
2013-08-11 21:10:33.098 Lync[28918:907] INFO APPLICATION /Users/comobuildadmin/icomo/private/icomo_ipad/src/dev/CoMo/applicationLayer/_buildIos/../infrastructure/private/CMcxDataSynchronizer.cpp/1142:CMcxDataSynchronizer now in mode 2
2013-08-11 21:10:33.100 Lync[28918:907] INFO APPLICATION /Users/comobuildadmin/icomo/private/icomo_ipad/src/dev/CoMo/applicationLayer/_buildIos/../infrastructure/private/CMcxDataSynchronizer.cpp/1151:Mode 2 scheduled to timeout in 1200.000000s
2013-08-11 21:10:33.101 Lync[28918:907] INFO APPLICATION /Users/comobuildadmin/icomo/private/icomo_ipad/src/dev/CoMo/applicationLayer/_buildIos/../infrastructure/private/CMcxDataSynchronizer.cpp/1011:No SendUpdate schedule action. timerStarted=0, timerNeedsToRun=0, channelState=0, timerAction=0
2013-08-11 21:11:02.835 Lync[28918:6613] INFO TRANSPORT /Users/comobuildadmin/icomo/private/icomo_ipad/src/dev/CoMo/transport/_buildIos/../requestProcessor/privateIos/CHttpConnection.cpp/521:Received stream event = 2 for UcwaAutoDiscoveryRequest
2013-08-11 21:11:02.837 Lync[28918:6613] INFO TRANSPORT /Users/comobuildadmin/icomo/private/icomo_ipad/src/dev/CoMo/transport/_buildIos/../requestProcessor/privateIos/CHttpConnection.cpp/521:Received stream event = 16 for UcwaAutoDiscoveryRequest
2013-08-11 21:11:02.838 Lync[28918:6613] INFO TRANSPORT /Users/comobuildadmin/icomo/private/icomo_ipad/src/dev/CoMo/transport/_buildIos/../requestProcessor/privateIos/CHttpConnection.cpp/565:Received kCFStreamEventEndEncountered (UcwaAutoDiscoveryRequest)isHeadersAvailable = true  responseHeadersHandle = 7568650
2013-08-11 21:11:02.839 Lync[28918:6613] INFO TRANSPORT /Users/comobuildadmin/icomo/private/icomo_ipad/src/dev/CoMo/transport/_buildIos/../requestProcessor/privateIos/CHttpConnection.cpp/613:Response status = 502 for request UcwaAutoDiscoveryRequest
2013-08-11 21:11:02.840 Lync[28918:6613] INFO TRANSPORT /Users/comobuildadmin/icomo/private/icomo_ipad/src/dev/CoMo/transport/_buildIos/../requestProcessor/private/CHttpRequestProcessor.cpp/137:Received response of request(UcwaAutoDiscoveryRequest) with status = 0x0
2013-08-11 21:11:02.841 Lync[28918:6613] INFO TRANSPORT /Users/comobuildadmin/icomo/private/icomo_ipad/src/dev/CoMo/transport/_buildIos/../common/TransportUtilityFunctions.cpp/454:<ReceivedResponse>
2013-08-11 21:11:02.842 Lync[28918:6613] INFO TRANSPORT /Users/comobuildadmin/icomo/private/icomo_ipad/src/dev/CoMo/transport/_buildIos/../common/TransportUtilityFunctions.cpp/462:HttpHeader:Content-Length 1477
2013-08-11 21:11:02.842 Lync[28918:6613] INFO TRANSPORT /Users/comobuildadmin/icomo/private/icomo_ipad/src/dev/CoMo/transport/_buildIos/../common/TransportUtilityFunctions.cpp/462:HttpHeader:Content-Type text/html
2013-08-11 21:11:02.843 Lync[28918:6613] INFO TRANSPORT /Users/comobuildadmin/icomo/private/icomo_ipad/src/dev/CoMo/transport/_buildIos/../common/TransportUtilityFunctions.cpp/462:HttpHeader:Date Mon, 12 Aug 2013 01:10:56 GMT
2013-08-11 21:11:02.844 Lync[28918:6613] INFO TRANSPORT /Users/comobuildadmin/icomo/private/icomo_ipad/src/dev/CoMo/transport/_buildIos/../common/TransportUtilityFunctions.cpp/462:HttpHeader:MobileLyncInternalUse-x509-CertificateData 0Çá0Ço†[¿=¬Æ¿/dL Axp0
      *ÜHܘ
2013-08-11 21:11:02.844 Lync[28918:6613] INFO TRANSPORT /Users/comobuildadmin/icomo/private/icomo_ipad/src/dev/CoMo/transport/_buildIos/../common/TransportUtilityFunctions.cpp/462:HttpHeader:Server Microsoft-IIS/8.0
2013-08-11 21:11:02.846 Lync[28918:6613] INFO TRANSPORT /Users/comobuildadmin/icomo/private/icomo_ipad/src/dev/CoMo/transport/_buildIos/../common/TransportUtilityFunctions.cpp/462:HttpHeader:StatusCode 502
2013-08-11 21:11:02.846 Lync[28918:6613] INFO TRANSPORT /Users/comobuildadmin/icomo/private/icomo_ipad/src/dev/CoMo/transport/_buildIos/../common/TransportUtilityFunctions.cpp/467:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>502 - Web server received an invalid response while acting as a gateway or proxy server.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;position:relative;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
 <div class="content-container"><fieldset>
  <h2>502 - Web server received an invalid response while acting as a gateway or proxy server.</h2>
  <h3>There is a problem with the page you are looking for, and it cannot be displayed. When the Web server (while acting as a gateway or proxy) contacted the upstream content server, it received an invalid response from the content server.</h3>
 </fieldset></div>
</div>
</body>
</html>

Zero AI Policy

We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.

Avatar of davorindavorin🇸🇮

Hi, sorry to pigtail your question, but I'm having the same problem.
At least it looks like. (I don't use OWA and public certificates)
I can connect to Lync 2013 using Lync client on Android or WM7, but with Lync client on any IOS OS.

I'm wondering if you have came any further with resolving your problem...
ASKER CERTIFIED SOLUTION
Avatar of caperionllccaperionllc🇺🇸

ASKER

Link to home
membership
Log in or create a free account to see answer.
Signing up is free and takes 30 seconds. No credit card required.
Create Account
Avatar of davorindavorin🇸🇮

Thanks for answer.
Internal CA certificate is installed on edge and proxy server. I have also checked routes on both servers and they look fine to me.
But I could not find any sign of edge and proxy certificates on lync front end server (are they needed also in oposit way?)

At ios client logs the errors begin with:

GET https://lync.externaldomain.com/ucwa/v1/applications
HttpHeader:Server Microsoft-IIS/8.0
HttpHeader:StatusCode 401
HttpHeader:X-MS-Server-Fqdn LYNC.internaldomain.local
HttpHeader:X-MS-WebTicketSupported cwt,saml
HttpHeader:X-MS-WebTicketURL https://lync.externaldomain.com/WebTicket/WebTicketService.svc
HttpHeader:X-Powered-By ASP.NET, ARR/2.5
...
<title>401 - Unauthorized: Access is denied due to invalid credentials.</title>
...
 <div class="content-container"><fieldset>
  <h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2>
  <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
 </fieldset></div>
...

...
POST https://lync.b-s.si/webticket/webticketservice.svc
HttpHeader:Server Microsoft-IIS/8.0
HttpHeader:StatusCode 502

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<title>502 - Web server received an invalid response while acting as a gateway or proxy server.</title>
...
<div id="header"><h1>Server Error</h1></div>
  <h2>502 - Web server received an invalid response while acting as a gateway or proxy server.</h2>
  <h3>There is a problem with the page you are looking for, and it cannot be displayed. When the Web server (while acting as a gateway or proxy) contacted the upstream content server, it received an invalid response from the content server.</h3>
 </fieldset></div>

I plan to go again thru whole configuration (I hope on friday).  Have you used some links for edge and proxy configuration?
Maybe it will be the best that I open an new question and give you a link to it if you are so kind to give me some suggestions.
Avatar of davorindavorin🇸🇮

I have been a little bit busy, but finally I have managed to open a question:
https://www.experts-exchange.com/questions/28262136/Lync-2013-mobile-IOS-devices-not-working.html?anchorAnswerId=39565634#a39565634
Any ideas are welcome.
Thank you!
Reward 1Reward 2Reward 3Reward 4Reward 5Reward 6

EARN REWARDS FOR ASKING, ANSWERING, AND MORE.

Earn free swag for participating on the platform.

Avatar of Mohammed HamadaMohammed Hamada🇵🇹

Lync Mobile clients have nothing to do with the Edge's public certificate. Lync mobile gets the certificate from Reverse proxy. Lync external clients on PC use the Public certificate that's published from Edge to connect externally.

This would be mostly due to the Proxy server (ARR) that you're using! if you have got TMG i'd better recommend using TMG to configure Lync Mobility.
Avatar of caperionllccaperionllc🇺🇸

ASKER

other thoughts were posted, but not helpful
Avatar of davorindavorin🇸🇮

Hi Caperionllc,

I owe you a feedback about my problem. It was resolved by installing Hotfix for Microsoft Application Request Routing Version 2.5 for IIS7 (KB 2732764) on proxy server.
Thank you again for your support.
Hope I will have the opportunity to return you the favor.
Free T-shirt

Get a FREE t-shirt when you ask your first question.

We believe in human intelligence. Our moderation policy strictly prohibits the use of LLM content in our Q&A threads.

Microsoft IIS Web Server

Microsoft IIS Web Server

--

Questions

--

Followers

Top Experts

IIS is Internet Information Services, the web server included with Windows Server operating systems. All current versions are built on a modular architecture; modules can be added or removed individually so that those required for specific functionality are installed. The full installation of IIS includes HTTP, security, content, compression, caching, logging and diagnostics.