Solved

Lync 2013 Deployment DNS, Mobile Clients and Conferencing Issues

Posted on 2014-02-05
8
605 Views
Last Modified: 2014-05-05
The deployment is:

1 F.E. Server 2008r2 Lync 2013 fully patched single nic internal network
1 Reverse proxy- 2008r2 with TMG 2010 fully patched two nics, one internal one on DMZ
1 Edge server 2008r2 fully patched 4 nics one internal, one for access, one for av and one for webconf
1 Webapp server 2008r2 fully patched single nic on internal network no external dns entries
2 mediation servers 2012 fully patch single internal nic (used for enterprise voice) they share a VIP for the mediation pool services
1 2012 server that has 2012 SQL Enterprise installed as I will be moving the central management store off the F.E. so I can deploy a front end enterprise pool for LB across multiple sites

I can test all urls from reverse proxy and the rules pass.

I think my issues with mobile phones not connecting, as this does not have anything to do with edge, is with the DNS records. Id like someone to verify the internal DNS entries that are needed maybe I have one pointing to the wrong server. Its possible.

Conferencing fails once more than two people are chatting or sharing their desktops. If a third person is invited or joins ID 504 event 239 is display in the chat box.

Eventually I will have four F.E. servers in a Enterprise pool as well as four edge servers. This started as a single server deployment just for internal IM purposes. Then they wanted external (edge) then external without the need for VPN (reverse proxy and edge) now finally Enterprise voice so they can have dial in conferencing. so its roll has expanded four times in less than a year.

Any help is greatly appreciated.
0
Comment
Question by:MXadmin
  • 5
  • 3
8 Comments
 
LVL 12

Expert Comment

by:Jeff_Schertz
ID: 39836279
It's hard to say without knowing your numbers but on the surface this looks a little over-scaled.  For example, 4 physical NICs in each Edge server is most likely overkill; 2 NICs would be the best approach.

The mobile clients do not use Edge for connections, only media relay you should look more closely at the reverse proxy configuration.
0
 

Author Comment

by:MXadmin
ID: 39836377
these are VMS. Its four IPS not Nics, my apologies, its two nices with the external nic on the DMZ having three seperate ips for services. What on the RP should be looked at? All the rules pass, I am forwarding the header and the authentication is set to client can auth direct.
0
 
LVL 12

Expert Comment

by:Jeff_Schertz
ID: 39836554
OK, that makes more sense.

Do the mobile clients sign-in but media fails, or do they not even sign-in in at all?  Could be Lyncdiscover related in the latter.
0
Are your AD admin tools letting you down?

Managing Active Directory can get complicated.  Often, the native tools for managing AD are just not up to the task.  The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

 

Author Comment

by:MXadmin
ID: 39836682
They actually cant sign in. They were working just fine when I had a FE with an Edge, I just put in a ton of direct routes and host file enteries and everything worked fine. Once they said put in the reverse proxy and the host files went away on the edge is when things started to break. The internal DNS records right now I have the lyncdiscover and lyncdiscoverinternal pointing to the external IP of the reverse proxy. One thing noticed is the RP with TMG is using the SSL cert on its listner, this should ideally be the domain cert from the FE server so im going to export out that cert install and reboot the RP and test. Im concerned about the internal DNS records not being correct as this was not part of my implementation and wanted to double check prior to changing the enteries.
0
 
LVL 12

Expert Comment

by:Jeff_Schertz
ID: 39836855
I shouldn't have both lyncdiscover and Lyncdiscoverinternal deployed in the internal DNS.  Also the fact that it worked prior to publishing tells me that the deployment was incorrect as Lync 2013 mobile clients are ONLY supported as external clients.

I recommend reading through these two articles as they address all your questions:
http://blog.schertz.name/2013/07/understanding-lync-2013-mobility
http://blog.schertz.name/2013/11/lync-mobility-media-paths
0
 

Author Comment

by:MXadmin
ID: 39845713
Ive read those blogs a few times. I have mobility working just fine. The issue was certificates which an ssl on all boxes resolved. My issue now is still confercing failing. Users get 504 event id 239 when doing a multi person chat.
0
 

Accepted Solution

by:
MXadmin earned 0 total points
ID: 40032258
I was able to resolve the issues by changing the configuration of the reverse proxy and adjusting the firewall rules that I was not aware was in place....thanks to the network "Gurus" :)
0
 

Author Closing Comment

by:MXadmin
ID: 40041610
The network admins had NAT rules affecting the proxy services. Since the server should have been place outward facing, ie in the dmz, which I was given an associated IP block to use for that purpose. Once the VLAN was adjusted to place the proxy outside the internal network the translation rules on the reverse proxy were properly resolving and pointing to the front end pool and not the BE servers.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The article will show you how you can maintain a simple logfile of all Startup and Shutdown events on Windows servers and desktops with PowerShell. The script can be easily adapted into doing more like gracefully silencing/updating your monitoring s…
A safe way to clean winsxs folder from your windows server 2008 R2 editions
This tutorial will walk an individual through the process of installing the necessary services and then configuring a Windows Server 2012 system as an iSCSI target. To install the necessary roles, go to Server Manager, and select Add Roles and Featu…
This tutorial will show how to configure a single USB drive with a separate folder for each day of the week. This will allow each of the backups to be kept separate preventing the previous day’s backup from being overwritten. The USB drive must be s…

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question