Solved

lync 2013 connectivity issue

Posted on 2014-10-27
6
2,018 Views
Last Modified: 2014-10-28
I'm confused maybe someone can help me. My internal domain is ad.domain.com while the external just shows domain.com. When I visit lyncdiscover.domain.com from outside I can see the following.

This XML file does not appear to have any style information associated with it. The document tree is shown below.
<resource xmlns="http://schemas.microsoft.com/rtc/2012/03/ucwa" rel="root" href="https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root?originalDomain=domain.com">
<link rel="user" href="https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root/oauth/user?originalDomain=domain.com"/>
<link rel="xframe" href="https://lync.domain.com/Autodiscover/XFrame/XFrame.html"/>
</resource>

Should the originalDomain be "ad.domain.com" since its querying internal user domain? I'm using TMG 2010 by the way and lync 2013.

This is the logs I get from Microsoft Lync Connectivity Analyzer.

[10/23/2014 9:14:39 PM] Created log file
[10/27/2014 7:08:47 PM] [DEBUG] Logging test parameters:
[10/27/2014 7:08:47 PM] [DEBUG] SIP Uri: me@ad.domain.com
[10/27/2014 7:08:47 PM] [DEBUG] User Name:
[10/27/2014 7:08:47 PM] [DEBUG] Discovery Type: Manual Discovery
[10/27/2014 7:08:47 PM] [DEBUG] Server FQDN: lync.domain.com
[10/27/2014 7:08:47 PM] [DEBUG] Network access: NetworkAccessExternal
[10/27/2014 7:08:47 PM] [DEBUG] Selected client: ApplicationLMX
[10/27/2014 7:08:47 PM] [SUBHEADING] Starting manual Lync server discovery
[10/27/2014 7:08:47 PM] [INFO] Please wait; this test may take several minutes to complete...
[10/27/2014 7:08:47 PM] [SUBHEADING] Starting server discovery for secure (HTTPS) channel
[10/27/2014 7:08:47 PM] [INFO] Server discovery started for https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root
[10/27/2014 7:08:47 PM] [DEBUG] Sending HTTP request to https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root?sipuri=me@ad.domain.com
[10/27/2014 7:08:48 PM] [DEBUG] Cookie  found in autodiscover response: StatusCode: 200, ReasonPhrase: 'OK', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
  Connection: Keep-Alive
  Pragma: no-cache
  X-MS-Server-Fqdn: lyncserverinternal.ad.domain.com <--internal server actual name is this normal?
  X-Content-Type-Options: nosniff
  Cache-Control: no-cache
  Date: Tue, 28 Oct 2014 02:07:35 GMT
  Server: Microsoft-IIS/8.5
  X-AspNet-Version: 4.0.30319
  X-Powered-By: ASP.NET
  Content-Length: 951
  Content-Type: application/vnd.microsoft.rtc.autodiscover+xml; v=1
  Expires: -1
}
[10/27/2014 7:08:48 PM] [DEBUG] Parsing the response for URL https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root?sipuri=me@ad.domain.com.  Full response: <?xml version="1.0" encoding="utf-8"?><AutodiscoverResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" AccessLocation="External"><Root><Link token="Domain" href="https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root/domain" /><Link token="User" href="https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root/user" /><Link token="Self" href="https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root" /><Link token="OAuth" href="https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root/oauth/user" /><Link token="External/XFrame" href="https://lync.domain.com/Autodiscover/XFrame/XFrame.html" /><Link token="Internal/XFrame" href="https://internalserver.ad.domain.com/Autodiscover/XFrame/XFrame.html" /><Link token="XFrame" href="https://lync.domain.com/Autodiscover/XFrame/XFrame.html" /></Root></AutodiscoverResponse>
[10/27/2014 7:08:48 PM] [DEBUG] Autodiscover URL https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root?sipuri=me@ad.domain.com redirected to https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root/user
[10/27/2014 7:08:48 PM] [DEBUG] Sending HTTP request to https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root/user?sipuri=me@ad.domain.com
[10/27/2014 7:08:48 PM] [DEBUG] Cookie  found in autodiscover response: StatusCode: 403, ReasonPhrase: 'Forbidden ( The server denied the specified Uniform Resource Locator (URL). Contact the server administrator.  )', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
  Connection: close
  Pragma: no-cache
  Cache-Control: no-cache
  Content-Length: 2040
  Content-Type: text/html
}
[10/27/2014 7:08:48 PM] [DEBUG] Autodiscover: SendRequest(): the URL https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root/user?sipuri=me@ad.domain.com couldn't be connected.  Complete HTTP headers:\r\n Connection: close
Pragma: no-cache
Cache-Control: no-cache

[10/27/2014 7:08:48 PM] [CRITICAL] Couldn't connect to URL https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root/user?sipuri=me@ad.domain.com (HTTP status code Forbidden)
[10/27/2014 7:08:48 PM]

[10/27/2014 7:08:48 PM] [DEBUG] System.Exception: Couldn't connect to URL https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root/user?sipuri=me@ad.domain.com (HTTP status code Forbidden)
   at Microsoft.LyncServer.WebServices.AutoDiscoverManager.TerminateAD(String mesg)
   at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<SendRequest>d__d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<TryNextUrl>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<ParseResponse>d__16.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<TryNextUrl>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<StartDiscoveryJourney>d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at LyncConnectivityAnalyzerCore.Utilities.<RetrieveUserLocation>d__3e.MoveNext()
[10/27/2014 7:08:48 PM] [INFO] Total server discovery time: 0.4 seconds
[10/27/2014 7:08:48 PM] [SUMMARY_ERROR] Server discovery failed for secured  channel against https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root
[10/27/2014 7:08:48 PM] [INFO] Server discovery ended for https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root
[10/27/2014 7:08:48 PM] [DEBUG] None, AutoInternalDNSFail, AutoExternalDNSFail, AutoInternalSecureD, AutoInternalUnsecureD, AutoExternalSecureD, AutoExternalUnsecureD, ManualSecureD, ManualUnsecureD, AuthBrokerInternalLMXCheckGET, AuthBrokerInternalLMXCheckPOST, AuthBrokerExternalLMXCheckGET, AuthBrokerExternalLMXCheckPOST, MobilityMCXInternalLMXCheckGET, MobilityMCXInternalLMXCheckPOST, MobilityMCXExternalLMXCheckGET, MobilityMCXExternalLMXCheckPOST, LMXSIPServerInternalDNS, LMXSIPServerExternalDNS, MobilityUCWAInternalCheckPOST, MobilityUCWAExternalCheckPOST
[10/27/2014 7:08:48 PM] [SUMMARY]
[10/27/2014 7:08:48 PM] [SUMMARY_ERROR] Server discovery failed using lync.domain.com. Please verify the server requirements at http://go.microsoft.com/fwlink/?LinkId=278998 
[10/27/2014 7:08:48 PM] [SUMMARY_ERROR]
Microsoft Lync Connectivity Analyzer cannot analyze deployment readiness until a discovery test has completed successfully.
0
Comment
Question by:SuperRoot
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 24

Expert Comment

by:Mohammed Hamada
ID: 40408783
On internal dns lyncdiscover should be lyncdiscoverinternal.domain.com and point to the local IP of Lync front end
on public it should be lyncdiscover.doman.com and pointing to your TMG's public IP and on TMG it should be reversing to Lync Front end's Internal IP but you should use public domain name on TMG rule.

You might also wanna consider checking  if you have correctly configured the web services on Lync topology.
0
 
LVL 1

Author Comment

by:SuperRoot
ID: 40409921
HI Mohammed! Thanks for the advise! In order to make a passive auhentication, do I need to setup ADFS? also, do I need to setup ADFS on another server or can I just install it on the current standalone lync server?

I already have TMG server, Edge, and stand alone standard lync server. Just wondering if I can get away of not setting up another server.
0
 
LVL 24

Accepted Solution

by:
Mohammed Hamada earned 500 total points
ID: 40410016
For passive authentication you will need an ADFS 2.0 or Higher and you can use this website for the configuration guide.

And Yes, ADFS must be installed on a separate server, You can't install anything else on Lync front end.

http://blogs.technet.com/b/jenstr/archive/2013/10/09/microsoft-lync-2013-for-mobile-and-passive-authentication.aspx

As for Lync web services, you need to make sure that your TMG rule is configured properly.

Could you post a screenshot of the "To" "Listener" , "Public Name" , "Authentication Delegation", "Link Translation" "Bridging" tabs in your TMG rule for Lync.

Also from Lync front end , open the topology and right click on your Pool FQDN and click "Edit Properties" and take a screenshot of your web services settings ..

there could be something wrong in the configuration.
0
Free eBook: Backup on AWS

Everything you need to know about backup and disaster recovery with AWS, for FREE!

 
LVL 1

Author Comment

by:SuperRoot
ID: 40410018
I called Microsoft and they said my configuration is correct. I cant believe I have to pay $120 for an hour support and they said I need ADFS.
0
 
LVL 24

Expert Comment

by:Mohammed Hamada
ID: 40410023
Sorry I answered you too quickly. didn't read the passive authentication part. read my comment again.
0
 
LVL 1

Author Closing Comment

by:SuperRoot
ID: 40410028
Thanks!
0

Featured Post

Visualize your virtual and backup environments

Create well-organized and polished visualizations of your virtual and backup environments when planning VMware vSphere, Microsoft Hyper-V or Veeam deployments. It helps you to gain better visibility and valuable business insights.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The recent Microsoft changes on update philosophy for Windows pre-10 and their impact on existing WSUS implementations.
Popular third-party chat platforms like Slack, Discord, and Telegram are just a few of the many new productivity applications that are being hijacked by cybercriminals to create command-and-control (C&C) communications infrastructures for their malw…
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question