Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Lync 2013 Deployment DNS, Mobile Clients and Conferencing Issues

Posted on 2014-02-05
Medium Priority
Last Modified: 2014-05-05
The deployment is:

1 F.E. Server 2008r2 Lync 2013 fully patched single nic internal network
1 Reverse proxy- 2008r2 with TMG 2010 fully patched two nics, one internal one on DMZ
1 Edge server 2008r2 fully patched 4 nics one internal, one for access, one for av and one for webconf
1 Webapp server 2008r2 fully patched single nic on internal network no external dns entries
2 mediation servers 2012 fully patch single internal nic (used for enterprise voice) they share a VIP for the mediation pool services
1 2012 server that has 2012 SQL Enterprise installed as I will be moving the central management store off the F.E. so I can deploy a front end enterprise pool for LB across multiple sites

I can test all urls from reverse proxy and the rules pass.

I think my issues with mobile phones not connecting, as this does not have anything to do with edge, is with the DNS records. Id like someone to verify the internal DNS entries that are needed maybe I have one pointing to the wrong server. Its possible.

Conferencing fails once more than two people are chatting or sharing their desktops. If a third person is invited or joins ID 504 event 239 is display in the chat box.

Eventually I will have four F.E. servers in a Enterprise pool as well as four edge servers. This started as a single server deployment just for internal IM purposes. Then they wanted external (edge) then external without the need for VPN (reverse proxy and edge) now finally Enterprise voice so they can have dial in conferencing. so its roll has expanded four times in less than a year.

Any help is greatly appreciated.
Question by:MXadmin
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 3
LVL 12

Expert Comment

ID: 39836279
It's hard to say without knowing your numbers but on the surface this looks a little over-scaled.  For example, 4 physical NICs in each Edge server is most likely overkill; 2 NICs would be the best approach.

The mobile clients do not use Edge for connections, only media relay you should look more closely at the reverse proxy configuration.

Author Comment

ID: 39836377
these are VMS. Its four IPS not Nics, my apologies, its two nices with the external nic on the DMZ having three seperate ips for services. What on the RP should be looked at? All the rules pass, I am forwarding the header and the authentication is set to client can auth direct.
LVL 12

Expert Comment

ID: 39836554
OK, that makes more sense.

Do the mobile clients sign-in but media fails, or do they not even sign-in in at all?  Could be Lyncdiscover related in the latter.
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!


Author Comment

ID: 39836682
They actually cant sign in. They were working just fine when I had a FE with an Edge, I just put in a ton of direct routes and host file enteries and everything worked fine. Once they said put in the reverse proxy and the host files went away on the edge is when things started to break. The internal DNS records right now I have the lyncdiscover and lyncdiscoverinternal pointing to the external IP of the reverse proxy. One thing noticed is the RP with TMG is using the SSL cert on its listner, this should ideally be the domain cert from the FE server so im going to export out that cert install and reboot the RP and test. Im concerned about the internal DNS records not being correct as this was not part of my implementation and wanted to double check prior to changing the enteries.
LVL 12

Expert Comment

ID: 39836855
I shouldn't have both lyncdiscover and Lyncdiscoverinternal deployed in the internal DNS.  Also the fact that it worked prior to publishing tells me that the deployment was incorrect as Lync 2013 mobile clients are ONLY supported as external clients.

I recommend reading through these two articles as they address all your questions:

Author Comment

ID: 39845713
Ive read those blogs a few times. I have mobility working just fine. The issue was certificates which an ssl on all boxes resolved. My issue now is still confercing failing. Users get 504 event id 239 when doing a multi person chat.

Accepted Solution

MXadmin earned 0 total points
ID: 40032258
I was able to resolve the issues by changing the configuration of the reverse proxy and adjusting the firewall rules that I was not aware was in place....thanks to the network "Gurus" :)

Author Closing Comment

ID: 40041610
The network admins had NAT rules affecting the proxy services. Since the server should have been place outward facing, ie in the dmz, which I was given an associated IP block to use for that purpose. Once the VLAN was adjusted to place the proxy outside the internal network the translation rules on the reverse proxy were properly resolving and pointing to the front end pool and not the BE servers.

Featured Post

Enroll in September's Course of the Month

This month’s featured course covers 16 hours of training in installation, management, and deployment of VMware vSphere virtualization environments. It's free for Premium Members, Team Accounts, and Qualified Experts!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A procedure for exporting installed hotfix details of remote computers using powershell
Popular third-party chat platforms like Slack, Discord, and Telegram are just a few of the many new productivity applications that are being hijacked by cybercriminals to create command-and-control (C&C) communications infrastructures for their malw…
This tutorial will walk an individual through the steps necessary to install and configure the Windows Server Backup Utility. Directly connect an external storage device such as a USB drive, or CD\DVD burner: If the device is a USB drive, ensure i…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question