Solved

Lync 2013 Deployment - External Connection Error's

Posted on 2014-02-02
5
1,319 Views
Last Modified: 2014-02-09
Hey Experts,

We are currently upgrading our MS Lync 2010 environment to MS Lync 2013 and are having some challenges with it.

The setup is:
AD Domain: domain.local
Web/Email: domain.net

Old 2010 Server (com01.domain.local) - Server 2008R2

CA Server (dc01.domain.local) - Server 2008R2

New 2013 Front End Pool (lync01.domain.local) - Server 2012R2
New 2013 Edge Server (lync02.domain.local) - Server 2012R2

Internal Certs set (lync01.domain.local / lync02.domain.local)
External UCC SSL Cert (access.domain.net, av.domain.net, webconf.domain.net)

DNS/CNAME/SRV Records Applied / All Correct Ports Open - everything is talking to everything (tested extensively).

So everything works but when I run the MS Connectivity Tester on port 5061 I get this error on the Front End Pool Server:

"The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is lync02.domain.local. The SSL connection request has failed. The attached data contains the server certificate."

I don't get the same error when running it on Port 443?

It seems like the Front End Pool doesn't recognize the Edge Server or the CNAME/Alias from access.domain.net to lync02.domain.local - these are all set and working?

Any help would be great, thank you! Alex.
0
Comment
Question by:alexball
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 2
5 Comments
 
LVL 22

Expert Comment

by:Jakob Digranes
ID: 39829436
could you please post the EDGE server part from topology builder?
0
 

Author Comment

by:alexball
ID: 39831629
So the Edge Server part is;

General
Internal server FQDN: lync02.domain.local
Internal IPv4 address: 10.1.1.27
Federation (port 5061): Enabled
XMPP federation (port 5269): Disabled
Internal Configuration Replication Port (HTTPS): 4443

Net hop selection
Next hop pool: lync01.domain.local (Business)

External settings

Access Edge service
FQDN: access.domain.net
IPv4 address: 10.1.1.28
Port: 443
Protocol: TLS

Web Conferencing Edge service
FQDN: webconf.domain.net
IPv4 address: 10.1.1.29
Port: 443
Protocol: TLS

A/V Edge service
FQDN: av.domain.net
NAT: Disabled
IPv4 address: 10.1.1.30
Port: 443
Protocol: TCP
0
 
LVL 22

Expert Comment

by:Jakob Digranes
ID: 39831909
it the Internal interface for Edge on the same Subnet as the Edge interfaces?
10.1.1.0 network
0
 

Author Comment

by:alexball
ID: 39843420
Hi Jakob_di,

Sorry for the delay, yes it is on the same subnet. Is that a problem?

Thanks, Alex.
0
 
LVL 22

Accepted Solution

by:
Jakob Digranes earned 500 total points
ID: 39846124
yes - it needs to network cards, in different zones)
http://technet.microsoft.com/en-us/library/gg412847.aspx
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to resolve IMCEAEX NDRs in Exchange or Exchange Online related to invalid X500 addresses.
A couple of months ago we ran into an issue that necessitated re-creating our Edge Subscriptions. However, when we attempted to execute the command: New-EdgeSubscription -filename C:\NewEdgeSub_01.xml we received an error indicating that the LDAP se…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
In this video we show how to create an Accepted Domain in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Ac…
Suggested Courses

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question