Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

lync 2013 connectivity issue

Posted on 2014-10-27
6
Medium Priority
?
2,255 Views
Last Modified: 2014-10-28
I'm confused maybe someone can help me. My internal domain is ad.domain.com while the external just shows domain.com. When I visit lyncdiscover.domain.com from outside I can see the following.

This XML file does not appear to have any style information associated with it. The document tree is shown below.
<resource xmlns="http://schemas.microsoft.com/rtc/2012/03/ucwa" rel="root" href="https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root?originalDomain=domain.com">
<link rel="user" href="https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root/oauth/user?originalDomain=domain.com"/>
<link rel="xframe" href="https://lync.domain.com/Autodiscover/XFrame/XFrame.html"/>
</resource>

Should the originalDomain be "ad.domain.com" since its querying internal user domain? I'm using TMG 2010 by the way and lync 2013.

This is the logs I get from Microsoft Lync Connectivity Analyzer.

[10/23/2014 9:14:39 PM] Created log file
[10/27/2014 7:08:47 PM] [DEBUG] Logging test parameters:
[10/27/2014 7:08:47 PM] [DEBUG] SIP Uri: me@ad.domain.com
[10/27/2014 7:08:47 PM] [DEBUG] User Name:
[10/27/2014 7:08:47 PM] [DEBUG] Discovery Type: Manual Discovery
[10/27/2014 7:08:47 PM] [DEBUG] Server FQDN: lync.domain.com
[10/27/2014 7:08:47 PM] [DEBUG] Network access: NetworkAccessExternal
[10/27/2014 7:08:47 PM] [DEBUG] Selected client: ApplicationLMX
[10/27/2014 7:08:47 PM] [SUBHEADING] Starting manual Lync server discovery
[10/27/2014 7:08:47 PM] [INFO] Please wait; this test may take several minutes to complete...
[10/27/2014 7:08:47 PM] [SUBHEADING] Starting server discovery for secure (HTTPS) channel
[10/27/2014 7:08:47 PM] [INFO] Server discovery started for https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root
[10/27/2014 7:08:47 PM] [DEBUG] Sending HTTP request to https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root?sipuri=me@ad.domain.com
[10/27/2014 7:08:48 PM] [DEBUG] Cookie  found in autodiscover response: StatusCode: 200, ReasonPhrase: 'OK', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
  Connection: Keep-Alive
  Pragma: no-cache
  X-MS-Server-Fqdn: lyncserverinternal.ad.domain.com <--internal server actual name is this normal?
  X-Content-Type-Options: nosniff
  Cache-Control: no-cache
  Date: Tue, 28 Oct 2014 02:07:35 GMT
  Server: Microsoft-IIS/8.5
  X-AspNet-Version: 4.0.30319
  X-Powered-By: ASP.NET
  Content-Length: 951
  Content-Type: application/vnd.microsoft.rtc.autodiscover+xml; v=1
  Expires: -1
}
[10/27/2014 7:08:48 PM] [DEBUG] Parsing the response for URL https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root?sipuri=me@ad.domain.com.  Full response: <?xml version="1.0" encoding="utf-8"?><AutodiscoverResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" AccessLocation="External"><Root><Link token="Domain" href="https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root/domain" /><Link token="User" href="https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root/user" /><Link token="Self" href="https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root" /><Link token="OAuth" href="https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root/oauth/user" /><Link token="External/XFrame" href="https://lync.domain.com/Autodiscover/XFrame/XFrame.html" /><Link token="Internal/XFrame" href="https://internalserver.ad.domain.com/Autodiscover/XFrame/XFrame.html" /><Link token="XFrame" href="https://lync.domain.com/Autodiscover/XFrame/XFrame.html" /></Root></AutodiscoverResponse>
[10/27/2014 7:08:48 PM] [DEBUG] Autodiscover URL https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root?sipuri=me@ad.domain.com redirected to https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root/user
[10/27/2014 7:08:48 PM] [DEBUG] Sending HTTP request to https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root/user?sipuri=me@ad.domain.com
[10/27/2014 7:08:48 PM] [DEBUG] Cookie  found in autodiscover response: StatusCode: 403, ReasonPhrase: 'Forbidden ( The server denied the specified Uniform Resource Locator (URL). Contact the server administrator.  )', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
  Connection: close
  Pragma: no-cache
  Cache-Control: no-cache
  Content-Length: 2040
  Content-Type: text/html
}
[10/27/2014 7:08:48 PM] [DEBUG] Autodiscover: SendRequest(): the URL https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root/user?sipuri=me@ad.domain.com couldn't be connected.  Complete HTTP headers:\r\n Connection: close
Pragma: no-cache
Cache-Control: no-cache

[10/27/2014 7:08:48 PM] [CRITICAL] Couldn't connect to URL https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root/user?sipuri=me@ad.domain.com (HTTP status code Forbidden)
[10/27/2014 7:08:48 PM]

[10/27/2014 7:08:48 PM] [DEBUG] System.Exception: Couldn't connect to URL https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root/user?sipuri=me@ad.domain.com (HTTP status code Forbidden)
   at Microsoft.LyncServer.WebServices.AutoDiscoverManager.TerminateAD(String mesg)
   at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<SendRequest>d__d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<TryNextUrl>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<ParseResponse>d__16.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<TryNextUrl>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<StartDiscoveryJourney>d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at LyncConnectivityAnalyzerCore.Utilities.<RetrieveUserLocation>d__3e.MoveNext()
[10/27/2014 7:08:48 PM] [INFO] Total server discovery time: 0.4 seconds
[10/27/2014 7:08:48 PM] [SUMMARY_ERROR] Server discovery failed for secured  channel against https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root
[10/27/2014 7:08:48 PM] [INFO] Server discovery ended for https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root
[10/27/2014 7:08:48 PM] [DEBUG] None, AutoInternalDNSFail, AutoExternalDNSFail, AutoInternalSecureD, AutoInternalUnsecureD, AutoExternalSecureD, AutoExternalUnsecureD, ManualSecureD, ManualUnsecureD, AuthBrokerInternalLMXCheckGET, AuthBrokerInternalLMXCheckPOST, AuthBrokerExternalLMXCheckGET, AuthBrokerExternalLMXCheckPOST, MobilityMCXInternalLMXCheckGET, MobilityMCXInternalLMXCheckPOST, MobilityMCXExternalLMXCheckGET, MobilityMCXExternalLMXCheckPOST, LMXSIPServerInternalDNS, LMXSIPServerExternalDNS, MobilityUCWAInternalCheckPOST, MobilityUCWAExternalCheckPOST
[10/27/2014 7:08:48 PM] [SUMMARY]
[10/27/2014 7:08:48 PM] [SUMMARY_ERROR] Server discovery failed using lync.domain.com. Please verify the server requirements at http://go.microsoft.com/fwlink/?LinkId=278998 
[10/27/2014 7:08:48 PM] [SUMMARY_ERROR]
Microsoft Lync Connectivity Analyzer cannot analyze deployment readiness until a discovery test has completed successfully.
0
Comment
Question by:SuperRoot
  • 3
  • 3
6 Comments
 
LVL 24

Expert Comment

by:Mohammed Hamada
ID: 40408783
On internal dns lyncdiscover should be lyncdiscoverinternal.domain.com and point to the local IP of Lync front end
on public it should be lyncdiscover.doman.com and pointing to your TMG's public IP and on TMG it should be reversing to Lync Front end's Internal IP but you should use public domain name on TMG rule.

You might also wanna consider checking  if you have correctly configured the web services on Lync topology.
0
 
LVL 1

Author Comment

by:SuperRoot
ID: 40409921
HI Mohammed! Thanks for the advise! In order to make a passive auhentication, do I need to setup ADFS? also, do I need to setup ADFS on another server or can I just install it on the current standalone lync server?

I already have TMG server, Edge, and stand alone standard lync server. Just wondering if I can get away of not setting up another server.
0
 
LVL 24

Accepted Solution

by:
Mohammed Hamada earned 2000 total points
ID: 40410016
For passive authentication you will need an ADFS 2.0 or Higher and you can use this website for the configuration guide.

And Yes, ADFS must be installed on a separate server, You can't install anything else on Lync front end.

http://blogs.technet.com/b/jenstr/archive/2013/10/09/microsoft-lync-2013-for-mobile-and-passive-authentication.aspx

As for Lync web services, you need to make sure that your TMG rule is configured properly.

Could you post a screenshot of the "To" "Listener" , "Public Name" , "Authentication Delegation", "Link Translation" "Bridging" tabs in your TMG rule for Lync.

Also from Lync front end , open the topology and right click on your Pool FQDN and click "Edit Properties" and take a screenshot of your web services settings ..

there could be something wrong in the configuration.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 1

Author Comment

by:SuperRoot
ID: 40410018
I called Microsoft and they said my configuration is correct. I cant believe I have to pay $120 for an hour support and they said I need ADFS.
0
 
LVL 24

Expert Comment

by:Mohammed Hamada
ID: 40410023
Sorry I answered you too quickly. didn't read the passive authentication part. read my comment again.
0
 
LVL 1

Author Closing Comment

by:SuperRoot
ID: 40410028
Thanks!
0

Featured Post

Upgrade your Question Security!

Your question, your audience. Choose who sees your identity—and your question—with question security.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Messaging apps are amazing tools with the power to do a lot of good, but the truth is the process of collaborating with coworkers requires relationships established through meaningful communication - the kind of communication that only happens face-…
Social messanging services like WhatsApp and Facebook can help businesses in ways that many owners don't even imagine, giving new opportunities to connect with customers. Discover some of the most innovative things they can do for your company.
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …

564 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question