Go Premium for a chance to win a PS4. Enter to Win


Lync 2013 Deployment DNS, Mobile Clients and Conferencing Issues

Posted on 2014-02-05
Medium Priority
Last Modified: 2014-05-05
The deployment is:

1 F.E. Server 2008r2 Lync 2013 fully patched single nic internal network
1 Reverse proxy- 2008r2 with TMG 2010 fully patched two nics, one internal one on DMZ
1 Edge server 2008r2 fully patched 4 nics one internal, one for access, one for av and one for webconf
1 Webapp server 2008r2 fully patched single nic on internal network no external dns entries
2 mediation servers 2012 fully patch single internal nic (used for enterprise voice) they share a VIP for the mediation pool services
1 2012 server that has 2012 SQL Enterprise installed as I will be moving the central management store off the F.E. so I can deploy a front end enterprise pool for LB across multiple sites

I can test all urls from reverse proxy and the rules pass.

I think my issues with mobile phones not connecting, as this does not have anything to do with edge, is with the DNS records. Id like someone to verify the internal DNS entries that are needed maybe I have one pointing to the wrong server. Its possible.

Conferencing fails once more than two people are chatting or sharing their desktops. If a third person is invited or joins ID 504 event 239 is display in the chat box.

Eventually I will have four F.E. servers in a Enterprise pool as well as four edge servers. This started as a single server deployment just for internal IM purposes. Then they wanted external (edge) then external without the need for VPN (reverse proxy and edge) now finally Enterprise voice so they can have dial in conferencing. so its roll has expanded four times in less than a year.

Any help is greatly appreciated.
Question by:MXadmin
  • 5
  • 3
LVL 12

Expert Comment

ID: 39836279
It's hard to say without knowing your numbers but on the surface this looks a little over-scaled.  For example, 4 physical NICs in each Edge server is most likely overkill; 2 NICs would be the best approach.

The mobile clients do not use Edge for connections, only media relay you should look more closely at the reverse proxy configuration.

Author Comment

ID: 39836377
these are VMS. Its four IPS not Nics, my apologies, its two nices with the external nic on the DMZ having three seperate ips for services. What on the RP should be looked at? All the rules pass, I am forwarding the header and the authentication is set to client can auth direct.
LVL 12

Expert Comment

ID: 39836554
OK, that makes more sense.

Do the mobile clients sign-in but media fails, or do they not even sign-in in at all?  Could be Lyncdiscover related in the latter.
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.


Author Comment

ID: 39836682
They actually cant sign in. They were working just fine when I had a FE with an Edge, I just put in a ton of direct routes and host file enteries and everything worked fine. Once they said put in the reverse proxy and the host files went away on the edge is when things started to break. The internal DNS records right now I have the lyncdiscover and lyncdiscoverinternal pointing to the external IP of the reverse proxy. One thing noticed is the RP with TMG is using the SSL cert on its listner, this should ideally be the domain cert from the FE server so im going to export out that cert install and reboot the RP and test. Im concerned about the internal DNS records not being correct as this was not part of my implementation and wanted to double check prior to changing the enteries.
LVL 12

Expert Comment

ID: 39836855
I shouldn't have both lyncdiscover and Lyncdiscoverinternal deployed in the internal DNS.  Also the fact that it worked prior to publishing tells me that the deployment was incorrect as Lync 2013 mobile clients are ONLY supported as external clients.

I recommend reading through these two articles as they address all your questions:

Author Comment

ID: 39845713
Ive read those blogs a few times. I have mobility working just fine. The issue was certificates which an ssl on all boxes resolved. My issue now is still confercing failing. Users get 504 event id 239 when doing a multi person chat.

Accepted Solution

MXadmin earned 0 total points
ID: 40032258
I was able to resolve the issues by changing the configuration of the reverse proxy and adjusting the firewall rules that I was not aware was in place....thanks to the network "Gurus" :)

Author Closing Comment

ID: 40041610
The network admins had NAT rules affecting the proxy services. Since the server should have been place outward facing, ie in the dmz, which I was given an associated IP block to use for that purpose. Once the VLAN was adjusted to place the proxy outside the internal network the translation rules on the reverse proxy were properly resolving and pointing to the front end pool and not the BE servers.

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

New Windows 7 Installations take days for Windows-Updates to show up and install. This can easily be fixed. I have finally decided to write an article because this seems to get asked several times a day lately. This Article and the Links apply to…
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…

927 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question