Lync 2013 Office 365

We have an Office 365 setup with Lync.  I am able to sign in to Lync on PCs not on the Domain, but on my Laptop at home or on the office guest connection.  When attempting on a Domain connected PC we get the error

"The Server is temporarily unavailable, if the problem continues please contact your support team."

Microsoft support have confirmed that all out DNS settings are correct and since it works from an other machine they must be, they have had the logs but can't see what is wrong, I've been in contact with them for about 10 days and most days they don't make sense, they certainly haven't progressed the incident at all.

I wondered if anyone else had any ideas.   The Firewall I'm sure will allow any traffic over any port out so I don't think that is it.
LVL 1
edwaltersAsked:
Who is Participating?
 
epohlCommented:
Here is an article that covers lync connectivity through the firewall. Run the connectivity test under "More Information" "How to verify that all network requirements for Lync Online are met" and see if anything fails.


http://support.microsoft.com/kb/2409256
0
 
Peter HausslSoftware DeveloperCommented:
Can you send mentioned logfiles in order to be able to have a closer look? Maybe the LYNC at that point is requiring incoming traffic allowed as well.
0
 
Peter HausslSoftware DeveloperCommented:
Additionally ...

can you crosscheck against  following table in order to check external FW rules

Anschluss      Protokoll      Richtung      Verwendung
443              STUN/TCP      Ausgehende      Audio, video, Anwendungsfreigabesitzungen
443          PSOM/TLS      Ausgehende      Datenfreigabesitzungen
3478      STUN/UDP      Ausgehende      Audio / video-Sitzungen
5223      TCP                      Ausgehende      Lync Mobile Push-Benachrichtigungen
50000 – 50039      UDP/TCP      Ausgehende      Medien
50000 – 50019      UDP/TCP      Ausgehende      Audio
50020 – 50039      UDP/TCP      Ausgehende      Video
50040 – 50059      TCP      Ausgehende      Gemeinsame Nutzung von Anwendungen
50040 – 50059      TCP      Ausgehende      Dateiübertragung

based on article
http://support.microsoft.com/kb/2409256/en
0
Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

 
Vasil Michev (MVP)Commented:
Does this happen for your account only or others as well? Do you have issues accessing any other Office 365 related resources on a domain joined machine? Do you have SSO configured (AD FS server)? In addition to the Lync logs, collect the ones from the Sign In Assistant:

http://social.technet.microsoft.com/wiki/contents/articles/18103.microsoft-online-services-sign-in-assistant-how-to-enable-debug-tracing.aspx
0
 
epohlCommented:
Sounds like it might be a DNS issue. Can you try hard coding the server settings into a domain joined machine LYNC client and see if it will connect. If it does connect with the settings manually you will need to check internal dns and verify you have all the correct lync records.

¿Internal server name or IP address: sipdir.online.lync.com:443
¿External server name or IP address: sipdir.online.lync.com:443
0
 
edwaltersAuthor Commented:
We have tried using the manual settings for the Lync servers and that makes no difference.  I'm confident that the required Ports are open for Lync as detailed above.

I'm uneasy about posting the logs since I don't know what information is contained within them and obviously I have to consider security.
0
 
Peter HausslSoftware DeveloperCommented:
Hi,

I see. One more try you can give the client also, which i had lately myself. If credentials are stored on the client disconnect completely and follow the link in order to forget the credentials (i remember you told that you already got a connect from home network).

After start connection from the scratch and have a look if it is connecting.

One more thing ...

If you enable Lync within Office 365 setup is asking to configure proper DNS settings and is testing them also.

You should beside your normal ones also some SRV or TXT entiries specific to your subscription. In examples i'm posting you will find output from nslookup tool related to my domain. Surely yours should have yours included

C:\Users\Peter>nslookup
Standardserver:  viedns09.chello.at
Address:  195.34.133.21

> set query=all
> _sip._tls.haussl.at
Server:  viedns09.chello.at
Address:  195.34.133.21

Nicht autorisierende Antwort:
_sip._tls.haussl.at     SRV service location:
          priority       = 50
          weight         = 5
          port           = 443
          svr hostname   = sipdir.online.lync.com
> _sipfederationtls._tcp.haussl.at
Server:  viedns09.chello.at
Address:  195.34.133.21

Nicht autorisierende Antwort:
_sipfederationtls._tcp.haussl.at        SRV service location:
          priority       = 5
          weight         = 25
          port           = 5061
          svr hostname   = sipfed.online.lync.com
> autodiscover.haussl.at
Server:  viedns09.chello.at
Address:  195.34.133.21

Nicht autorisierende Antwort:
autodiscover.haussl.at  canonical name = autodiscover.outlook.com
autodiscover.outlook.com        canonical name = autodiscover.outlook.com.glbdns
.microsoft.com
autodiscover.outlook.com.glbdns.microsoft.com   canonical name = autodiscover-em
eacenter.outlook.com
autodiscover-emeacenter.outlook.com     internet address = 157.56.252.41
autodiscover-emeacenter.outlook.com     internet address = 157.56.248.169
autodiscover-emeacenter.outlook.com     internet address = 157.56.252.185
autodiscover-emeacenter.outlook.com     internet address = 157.56.248.9
> lyncdiscover.haussl.at
Server:  viedns09.chello.at
Address:  195.34.133.21

Nicht autorisierende Antwort:
lyncdiscover.haussl.at  canonical name = webdir.online.lync.com
webdir.online.lync.com  AAAA IPv6 address = 2a01:111:f404:8003::38
webdir.online.lync.com  internet address = 132.245.193.24
>

If you (as you told) have already talken to MS support i doubt that they are not existing but worth to check anyway. Maybe you can also compare outputs from working client and those none working behind your firewall.

By using

br
Peter
0
 
edwaltersAuthor Commented:
I've found the error, if I run it as a local admin it runs fine, if I run it as a Domain User (even if it's part of the local admin group) it doesn't.

So I know it's not the Firewall, the DNS, all the connectivity checks passed ages ago, it's the local security of the Domain PCs.
0
 
Peter HausslSoftware DeveloperCommented:
Thanks for letting us know the solution....
0
 
edwaltersAuthor Commented:
I've ticked the solutions that Microsoft had me try as well, as they could also be the reasons.  They weren't in my case.  Up to yet I've only managed to work around the issue but I'm hoping to sort it out properly.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.