Solved

lync 2013 connectivity issue

Posted on 2014-10-27
6
1,734 Views
Last Modified: 2014-10-28
I'm confused maybe someone can help me. My internal domain is ad.domain.com while the external just shows domain.com. When I visit lyncdiscover.domain.com from outside I can see the following.

This XML file does not appear to have any style information associated with it. The document tree is shown below.
<resource xmlns="http://schemas.microsoft.com/rtc/2012/03/ucwa" rel="root" href="https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root?originalDomain=domain.com">
<link rel="user" href="https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root/oauth/user?originalDomain=domain.com"/>
<link rel="xframe" href="https://lync.domain.com/Autodiscover/XFrame/XFrame.html"/>
</resource>

Should the originalDomain be "ad.domain.com" since its querying internal user domain? I'm using TMG 2010 by the way and lync 2013.

This is the logs I get from Microsoft Lync Connectivity Analyzer.

[10/23/2014 9:14:39 PM] Created log file
[10/27/2014 7:08:47 PM] [DEBUG] Logging test parameters:
[10/27/2014 7:08:47 PM] [DEBUG] SIP Uri: me@ad.domain.com
[10/27/2014 7:08:47 PM] [DEBUG] User Name:
[10/27/2014 7:08:47 PM] [DEBUG] Discovery Type: Manual Discovery
[10/27/2014 7:08:47 PM] [DEBUG] Server FQDN: lync.domain.com
[10/27/2014 7:08:47 PM] [DEBUG] Network access: NetworkAccessExternal
[10/27/2014 7:08:47 PM] [DEBUG] Selected client: ApplicationLMX
[10/27/2014 7:08:47 PM] [SUBHEADING] Starting manual Lync server discovery
[10/27/2014 7:08:47 PM] [INFO] Please wait; this test may take several minutes to complete...
[10/27/2014 7:08:47 PM] [SUBHEADING] Starting server discovery for secure (HTTPS) channel
[10/27/2014 7:08:47 PM] [INFO] Server discovery started for https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root
[10/27/2014 7:08:47 PM] [DEBUG] Sending HTTP request to https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root?sipuri=me@ad.domain.com
[10/27/2014 7:08:48 PM] [DEBUG] Cookie  found in autodiscover response: StatusCode: 200, ReasonPhrase: 'OK', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
  Connection: Keep-Alive
  Pragma: no-cache
  X-MS-Server-Fqdn: lyncserverinternal.ad.domain.com <--internal server actual name is this normal?
  X-Content-Type-Options: nosniff
  Cache-Control: no-cache
  Date: Tue, 28 Oct 2014 02:07:35 GMT
  Server: Microsoft-IIS/8.5
  X-AspNet-Version: 4.0.30319
  X-Powered-By: ASP.NET
  Content-Length: 951
  Content-Type: application/vnd.microsoft.rtc.autodiscover+xml; v=1
  Expires: -1
}
[10/27/2014 7:08:48 PM] [DEBUG] Parsing the response for URL https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root?sipuri=me@ad.domain.com.  Full response: <?xml version="1.0" encoding="utf-8"?><AutodiscoverResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" AccessLocation="External"><Root><Link token="Domain" href="https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root/domain" /><Link token="User" href="https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root/user" /><Link token="Self" href="https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root" /><Link token="OAuth" href="https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root/oauth/user" /><Link token="External/XFrame" href="https://lync.domain.com/Autodiscover/XFrame/XFrame.html" /><Link token="Internal/XFrame" href="https://internalserver.ad.domain.com/Autodiscover/XFrame/XFrame.html" /><Link token="XFrame" href="https://lync.domain.com/Autodiscover/XFrame/XFrame.html" /></Root></AutodiscoverResponse>
[10/27/2014 7:08:48 PM] [DEBUG] Autodiscover URL https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root?sipuri=me@ad.domain.com redirected to https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root/user
[10/27/2014 7:08:48 PM] [DEBUG] Sending HTTP request to https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root/user?sipuri=me@ad.domain.com
[10/27/2014 7:08:48 PM] [DEBUG] Cookie  found in autodiscover response: StatusCode: 403, ReasonPhrase: 'Forbidden ( The server denied the specified Uniform Resource Locator (URL). Contact the server administrator.  )', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
  Connection: close
  Pragma: no-cache
  Cache-Control: no-cache
  Content-Length: 2040
  Content-Type: text/html
}
[10/27/2014 7:08:48 PM] [DEBUG] Autodiscover: SendRequest(): the URL https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root/user?sipuri=me@ad.domain.com couldn't be connected.  Complete HTTP headers:\r\n Connection: close
Pragma: no-cache
Cache-Control: no-cache

[10/27/2014 7:08:48 PM] [CRITICAL] Couldn't connect to URL https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root/user?sipuri=me@ad.domain.com (HTTP status code Forbidden)
[10/27/2014 7:08:48 PM]

[10/27/2014 7:08:48 PM] [DEBUG] System.Exception: Couldn't connect to URL https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root/user?sipuri=me@ad.domain.com (HTTP status code Forbidden)
   at Microsoft.LyncServer.WebServices.AutoDiscoverManager.TerminateAD(String mesg)
   at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<SendRequest>d__d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<TryNextUrl>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<ParseResponse>d__16.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<TryNextUrl>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<StartDiscoveryJourney>d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at LyncConnectivityAnalyzerCore.Utilities.<RetrieveUserLocation>d__3e.MoveNext()
[10/27/2014 7:08:48 PM] [INFO] Total server discovery time: 0.4 seconds
[10/27/2014 7:08:48 PM] [SUMMARY_ERROR] Server discovery failed for secured  channel against https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root
[10/27/2014 7:08:48 PM] [INFO] Server discovery ended for https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root
[10/27/2014 7:08:48 PM] [DEBUG] None, AutoInternalDNSFail, AutoExternalDNSFail, AutoInternalSecureD, AutoInternalUnsecureD, AutoExternalSecureD, AutoExternalUnsecureD, ManualSecureD, ManualUnsecureD, AuthBrokerInternalLMXCheckGET, AuthBrokerInternalLMXCheckPOST, AuthBrokerExternalLMXCheckGET, AuthBrokerExternalLMXCheckPOST, MobilityMCXInternalLMXCheckGET, MobilityMCXInternalLMXCheckPOST, MobilityMCXExternalLMXCheckGET, MobilityMCXExternalLMXCheckPOST, LMXSIPServerInternalDNS, LMXSIPServerExternalDNS, MobilityUCWAInternalCheckPOST, MobilityUCWAExternalCheckPOST
[10/27/2014 7:08:48 PM] [SUMMARY]
[10/27/2014 7:08:48 PM] [SUMMARY_ERROR] Server discovery failed using lync.domain.com. Please verify the server requirements at http://go.microsoft.com/fwlink/?LinkId=278998
[10/27/2014 7:08:48 PM] [SUMMARY_ERROR]
Microsoft Lync Connectivity Analyzer cannot analyze deployment readiness until a discovery test has completed successfully.
0
Comment
Question by:SuperRoot
  • 3
  • 3
6 Comments
 
LVL 23

Expert Comment

by:Mohammed Hamada
Comment Utility
On internal dns lyncdiscover should be lyncdiscoverinternal.domain.com and point to the local IP of Lync front end
on public it should be lyncdiscover.doman.com and pointing to your TMG's public IP and on TMG it should be reversing to Lync Front end's Internal IP but you should use public domain name on TMG rule.

You might also wanna consider checking  if you have correctly configured the web services on Lync topology.
0
 
LVL 1

Author Comment

by:SuperRoot
Comment Utility
HI Mohammed! Thanks for the advise! In order to make a passive auhentication, do I need to setup ADFS? also, do I need to setup ADFS on another server or can I just install it on the current standalone lync server?

I already have TMG server, Edge, and stand alone standard lync server. Just wondering if I can get away of not setting up another server.
0
 
LVL 23

Accepted Solution

by:
Mohammed Hamada earned 500 total points
Comment Utility
For passive authentication you will need an ADFS 2.0 or Higher and you can use this website for the configuration guide.

And Yes, ADFS must be installed on a separate server, You can't install anything else on Lync front end.

http://blogs.technet.com/b/jenstr/archive/2013/10/09/microsoft-lync-2013-for-mobile-and-passive-authentication.aspx

As for Lync web services, you need to make sure that your TMG rule is configured properly.

Could you post a screenshot of the "To" "Listener" , "Public Name" , "Authentication Delegation", "Link Translation" "Bridging" tabs in your TMG rule for Lync.

Also from Lync front end , open the topology and right click on your Pool FQDN and click "Edit Properties" and take a screenshot of your web services settings ..

there could be something wrong in the configuration.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 1

Author Comment

by:SuperRoot
Comment Utility
I called Microsoft and they said my configuration is correct. I cant believe I have to pay $120 for an hour support and they said I need ADFS.
0
 
LVL 23

Expert Comment

by:Mohammed Hamada
Comment Utility
Sorry I answered you too quickly. didn't read the passive authentication part. read my comment again.
0
 
LVL 1

Author Closing Comment

by:SuperRoot
Comment Utility
Thanks!
0

Featured Post

How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

Join & Write a Comment

Article by: Ahmedn1
Introduction Some developers today tend to use Skypekit in their applications to make it more interactive with the user. Skype API is very awesome indeed but the problem is it is only available in C++, Java and Python. I can't understand why Micr…
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through locating and launching the BEUtility application to properly change the service account username and\or password in situation where it may be necessary or where the password has been inadvertently change…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now