Solved

lync 2013 connectivity issue

Posted on 2014-10-27
6
1,979 Views
Last Modified: 2014-10-28
I'm confused maybe someone can help me. My internal domain is ad.domain.com while the external just shows domain.com. When I visit lyncdiscover.domain.com from outside I can see the following.

This XML file does not appear to have any style information associated with it. The document tree is shown below.
<resource xmlns="http://schemas.microsoft.com/rtc/2012/03/ucwa" rel="root" href="https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root?originalDomain=domain.com">
<link rel="user" href="https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root/oauth/user?originalDomain=domain.com"/>
<link rel="xframe" href="https://lync.domain.com/Autodiscover/XFrame/XFrame.html"/>
</resource>

Should the originalDomain be "ad.domain.com" since its querying internal user domain? I'm using TMG 2010 by the way and lync 2013.

This is the logs I get from Microsoft Lync Connectivity Analyzer.

[10/23/2014 9:14:39 PM] Created log file
[10/27/2014 7:08:47 PM] [DEBUG] Logging test parameters:
[10/27/2014 7:08:47 PM] [DEBUG] SIP Uri: me@ad.domain.com
[10/27/2014 7:08:47 PM] [DEBUG] User Name:
[10/27/2014 7:08:47 PM] [DEBUG] Discovery Type: Manual Discovery
[10/27/2014 7:08:47 PM] [DEBUG] Server FQDN: lync.domain.com
[10/27/2014 7:08:47 PM] [DEBUG] Network access: NetworkAccessExternal
[10/27/2014 7:08:47 PM] [DEBUG] Selected client: ApplicationLMX
[10/27/2014 7:08:47 PM] [SUBHEADING] Starting manual Lync server discovery
[10/27/2014 7:08:47 PM] [INFO] Please wait; this test may take several minutes to complete...
[10/27/2014 7:08:47 PM] [SUBHEADING] Starting server discovery for secure (HTTPS) channel
[10/27/2014 7:08:47 PM] [INFO] Server discovery started for https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root
[10/27/2014 7:08:47 PM] [DEBUG] Sending HTTP request to https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root?sipuri=me@ad.domain.com
[10/27/2014 7:08:48 PM] [DEBUG] Cookie  found in autodiscover response: StatusCode: 200, ReasonPhrase: 'OK', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
  Connection: Keep-Alive
  Pragma: no-cache
  X-MS-Server-Fqdn: lyncserverinternal.ad.domain.com <--internal server actual name is this normal?
  X-Content-Type-Options: nosniff
  Cache-Control: no-cache
  Date: Tue, 28 Oct 2014 02:07:35 GMT
  Server: Microsoft-IIS/8.5
  X-AspNet-Version: 4.0.30319
  X-Powered-By: ASP.NET
  Content-Length: 951
  Content-Type: application/vnd.microsoft.rtc.autodiscover+xml; v=1
  Expires: -1
}
[10/27/2014 7:08:48 PM] [DEBUG] Parsing the response for URL https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root?sipuri=me@ad.domain.com.  Full response: <?xml version="1.0" encoding="utf-8"?><AutodiscoverResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" AccessLocation="External"><Root><Link token="Domain" href="https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root/domain" /><Link token="User" href="https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root/user" /><Link token="Self" href="https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root" /><Link token="OAuth" href="https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root/oauth/user" /><Link token="External/XFrame" href="https://lync.domain.com/Autodiscover/XFrame/XFrame.html" /><Link token="Internal/XFrame" href="https://internalserver.ad.domain.com/Autodiscover/XFrame/XFrame.html" /><Link token="XFrame" href="https://lync.domain.com/Autodiscover/XFrame/XFrame.html" /></Root></AutodiscoverResponse>
[10/27/2014 7:08:48 PM] [DEBUG] Autodiscover URL https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root?sipuri=me@ad.domain.com redirected to https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root/user
[10/27/2014 7:08:48 PM] [DEBUG] Sending HTTP request to https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root/user?sipuri=me@ad.domain.com
[10/27/2014 7:08:48 PM] [DEBUG] Cookie  found in autodiscover response: StatusCode: 403, ReasonPhrase: 'Forbidden ( The server denied the specified Uniform Resource Locator (URL). Contact the server administrator.  )', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
  Connection: close
  Pragma: no-cache
  Cache-Control: no-cache
  Content-Length: 2040
  Content-Type: text/html
}
[10/27/2014 7:08:48 PM] [DEBUG] Autodiscover: SendRequest(): the URL https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root/user?sipuri=me@ad.domain.com couldn't be connected.  Complete HTTP headers:\r\n Connection: close
Pragma: no-cache
Cache-Control: no-cache

[10/27/2014 7:08:48 PM] [CRITICAL] Couldn't connect to URL https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root/user?sipuri=me@ad.domain.com (HTTP status code Forbidden)
[10/27/2014 7:08:48 PM]

[10/27/2014 7:08:48 PM] [DEBUG] System.Exception: Couldn't connect to URL https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root/user?sipuri=me@ad.domain.com (HTTP status code Forbidden)
   at Microsoft.LyncServer.WebServices.AutoDiscoverManager.TerminateAD(String mesg)
   at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<SendRequest>d__d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<TryNextUrl>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<ParseResponse>d__16.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<TryNextUrl>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<StartDiscoveryJourney>d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at LyncConnectivityAnalyzerCore.Utilities.<RetrieveUserLocation>d__3e.MoveNext()
[10/27/2014 7:08:48 PM] [INFO] Total server discovery time: 0.4 seconds
[10/27/2014 7:08:48 PM] [SUMMARY_ERROR] Server discovery failed for secured  channel against https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root
[10/27/2014 7:08:48 PM] [INFO] Server discovery ended for https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root
[10/27/2014 7:08:48 PM] [DEBUG] None, AutoInternalDNSFail, AutoExternalDNSFail, AutoInternalSecureD, AutoInternalUnsecureD, AutoExternalSecureD, AutoExternalUnsecureD, ManualSecureD, ManualUnsecureD, AuthBrokerInternalLMXCheckGET, AuthBrokerInternalLMXCheckPOST, AuthBrokerExternalLMXCheckGET, AuthBrokerExternalLMXCheckPOST, MobilityMCXInternalLMXCheckGET, MobilityMCXInternalLMXCheckPOST, MobilityMCXExternalLMXCheckGET, MobilityMCXExternalLMXCheckPOST, LMXSIPServerInternalDNS, LMXSIPServerExternalDNS, MobilityUCWAInternalCheckPOST, MobilityUCWAExternalCheckPOST
[10/27/2014 7:08:48 PM] [SUMMARY]
[10/27/2014 7:08:48 PM] [SUMMARY_ERROR] Server discovery failed using lync.domain.com. Please verify the server requirements at http://go.microsoft.com/fwlink/?LinkId=278998 
[10/27/2014 7:08:48 PM] [SUMMARY_ERROR]
Microsoft Lync Connectivity Analyzer cannot analyze deployment readiness until a discovery test has completed successfully.
0
Comment
Question by:SuperRoot
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 24

Expert Comment

by:Mohammed Hamada
ID: 40408783
On internal dns lyncdiscover should be lyncdiscoverinternal.domain.com and point to the local IP of Lync front end
on public it should be lyncdiscover.doman.com and pointing to your TMG's public IP and on TMG it should be reversing to Lync Front end's Internal IP but you should use public domain name on TMG rule.

You might also wanna consider checking  if you have correctly configured the web services on Lync topology.
0
 
LVL 1

Author Comment

by:SuperRoot
ID: 40409921
HI Mohammed! Thanks for the advise! In order to make a passive auhentication, do I need to setup ADFS? also, do I need to setup ADFS on another server or can I just install it on the current standalone lync server?

I already have TMG server, Edge, and stand alone standard lync server. Just wondering if I can get away of not setting up another server.
0
 
LVL 24

Accepted Solution

by:
Mohammed Hamada earned 500 total points
ID: 40410016
For passive authentication you will need an ADFS 2.0 or Higher and you can use this website for the configuration guide.

And Yes, ADFS must be installed on a separate server, You can't install anything else on Lync front end.

http://blogs.technet.com/b/jenstr/archive/2013/10/09/microsoft-lync-2013-for-mobile-and-passive-authentication.aspx

As for Lync web services, you need to make sure that your TMG rule is configured properly.

Could you post a screenshot of the "To" "Listener" , "Public Name" , "Authentication Delegation", "Link Translation" "Bridging" tabs in your TMG rule for Lync.

Also from Lync front end , open the topology and right click on your Pool FQDN and click "Edit Properties" and take a screenshot of your web services settings ..

there could be something wrong in the configuration.
0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 1

Author Comment

by:SuperRoot
ID: 40410018
I called Microsoft and they said my configuration is correct. I cant believe I have to pay $120 for an hour support and they said I need ADFS.
0
 
LVL 24

Expert Comment

by:Mohammed Hamada
ID: 40410023
Sorry I answered you too quickly. didn't read the passive authentication part. read my comment again.
0
 
LVL 1

Author Closing Comment

by:SuperRoot
ID: 40410028
Thanks!
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Scenario:  You do full backups to a internal hard drive in either product (SBS or Server 2008).  All goes well for a very long time.  One day, backups begin to fail with a message that the disk is full.  Your disk contains many, many more backups th…
Skype is a P2P (Peer to Peer) instant messaging and VOIP (Voice over IP) service – as well as a whole lot more.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…

732 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question