Lync 2013 Deployment - External Connection Error's
Hey Experts,
We are currently upgrading our MS Lync 2010 environment to MS Lync 2013 and are having some challenges with it.
The setup is:
AD Domain: domain.local
Web/Email: domain.net
Old 2010 Server (com01.domain.local) - Server 2008R2
CA Server (dc01.domain.local) - Server 2008R2
New 2013 Front End Pool (lync01.domain.local) - Server 2012R2
New 2013 Edge Server (lync02.domain.local) - Server 2012R2
Internal Certs set (lync01.domain.local / lync02.domain.local)
External UCC SSL Cert (access.domain.net, av.domain.net, webconf.domain.net)
DNS/CNAME/SRV Records Applied / All Correct Ports Open - everything is talking to everything (tested extensively).
So everything works but when I run the MS Connectivity Tester on port 5061 I get this error on the Front End Pool Server:
"The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is lync02.domain.local. The SSL connection request has failed. The attached data contains the server certificate."
I don't get the same error when running it on Port 443?
It seems like the Front End Pool doesn't recognize the Edge Server or the CNAME/Alias from access.domain.net to lync02.domain.local - these are all set and working?
Any help would be great, thank you! Alex.
We are currently upgrading our MS Lync 2010 environment to MS Lync 2013 and are having some challenges with it.
The setup is:
AD Domain: domain.local
Web/Email: domain.net
Old 2010 Server (com01.domain.local) - Server 2008R2
CA Server (dc01.domain.local) - Server 2008R2
New 2013 Front End Pool (lync01.domain.local) - Server 2012R2
New 2013 Edge Server (lync02.domain.local) - Server 2012R2
Internal Certs set (lync01.domain.local / lync02.domain.local)
External UCC SSL Cert (access.domain.net, av.domain.net, webconf.domain.net)
DNS/CNAME/SRV Records Applied / All Correct Ports Open - everything is talking to everything (tested extensively).
So everything works but when I run the MS Connectivity Tester on port 5061 I get this error on the Front End Pool Server:
"The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is lync02.domain.local. The SSL connection request has failed. The attached data contains the server certificate."
I don't get the same error when running it on Port 443?
It seems like the Front End Pool doesn't recognize the Edge Server or the CNAME/Alias from access.domain.net to lync02.domain.local - these are all set and working?
Any help would be great, thank you! Alex.
Jakob Digranes
could you please post the EDGE server part from topology builder?
ASKER
So the Edge Server part is;
General
Internal server FQDN: lync02.domain.local
Internal IPv4 address: 10.1.1.27
Federation (port 5061): Enabled
XMPP federation (port 5269): Disabled
Internal Configuration Replication Port (HTTPS): 4443
Net hop selection
Next hop pool: lync01.domain.local (Business)
External settings
Access Edge service
FQDN: access.domain.net
IPv4 address: 10.1.1.28
Port: 443
Protocol: TLS
Web Conferencing Edge service
FQDN: webconf.domain.net
IPv4 address: 10.1.1.29
Port: 443
Protocol: TLS
A/V Edge service
FQDN: av.domain.net
NAT: Disabled
IPv4 address: 10.1.1.30
Port: 443
Protocol: TCP
General
Internal server FQDN: lync02.domain.local
Internal IPv4 address: 10.1.1.27
Federation (port 5061): Enabled
XMPP federation (port 5269): Disabled
Internal Configuration Replication Port (HTTPS): 4443
Net hop selection
Next hop pool: lync01.domain.local (Business)
External settings
Access Edge service
FQDN: access.domain.net
IPv4 address: 10.1.1.28
Port: 443
Protocol: TLS
Web Conferencing Edge service
FQDN: webconf.domain.net
IPv4 address: 10.1.1.29
Port: 443
Protocol: TLS
A/V Edge service
FQDN: av.domain.net
NAT: Disabled
IPv4 address: 10.1.1.30
Port: 443
Protocol: TCP
it the Internal interface for Edge on the same Subnet as the Edge interfaces?
10.1.1.0 network
10.1.1.0 network
ASKER
Hi Jakob_di,
Sorry for the delay, yes it is on the same subnet. Is that a problem?
Thanks, Alex.
Sorry for the delay, yes it is on the same subnet. Is that a problem?
Thanks, Alex.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.