Solved

lync 2013 connectivity issue

Posted on 2014-10-27
6
1,853 Views
Last Modified: 2014-10-28
I'm confused maybe someone can help me. My internal domain is ad.domain.com while the external just shows domain.com. When I visit lyncdiscover.domain.com from outside I can see the following.

This XML file does not appear to have any style information associated with it. The document tree is shown below.
<resource xmlns="http://schemas.microsoft.com/rtc/2012/03/ucwa" rel="root" href="https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root?originalDomain=domain.com">
<link rel="user" href="https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root/oauth/user?originalDomain=domain.com"/>
<link rel="xframe" href="https://lync.domain.com/Autodiscover/XFrame/XFrame.html"/>
</resource>

Should the originalDomain be "ad.domain.com" since its querying internal user domain? I'm using TMG 2010 by the way and lync 2013.

This is the logs I get from Microsoft Lync Connectivity Analyzer.

[10/23/2014 9:14:39 PM] Created log file
[10/27/2014 7:08:47 PM] [DEBUG] Logging test parameters:
[10/27/2014 7:08:47 PM] [DEBUG] SIP Uri: me@ad.domain.com
[10/27/2014 7:08:47 PM] [DEBUG] User Name:
[10/27/2014 7:08:47 PM] [DEBUG] Discovery Type: Manual Discovery
[10/27/2014 7:08:47 PM] [DEBUG] Server FQDN: lync.domain.com
[10/27/2014 7:08:47 PM] [DEBUG] Network access: NetworkAccessExternal
[10/27/2014 7:08:47 PM] [DEBUG] Selected client: ApplicationLMX
[10/27/2014 7:08:47 PM] [SUBHEADING] Starting manual Lync server discovery
[10/27/2014 7:08:47 PM] [INFO] Please wait; this test may take several minutes to complete...
[10/27/2014 7:08:47 PM] [SUBHEADING] Starting server discovery for secure (HTTPS) channel
[10/27/2014 7:08:47 PM] [INFO] Server discovery started for https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root
[10/27/2014 7:08:47 PM] [DEBUG] Sending HTTP request to https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root?sipuri=me@ad.domain.com
[10/27/2014 7:08:48 PM] [DEBUG] Cookie  found in autodiscover response: StatusCode: 200, ReasonPhrase: 'OK', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
  Connection: Keep-Alive
  Pragma: no-cache
  X-MS-Server-Fqdn: lyncserverinternal.ad.domain.com <--internal server actual name is this normal?
  X-Content-Type-Options: nosniff
  Cache-Control: no-cache
  Date: Tue, 28 Oct 2014 02:07:35 GMT
  Server: Microsoft-IIS/8.5
  X-AspNet-Version: 4.0.30319
  X-Powered-By: ASP.NET
  Content-Length: 951
  Content-Type: application/vnd.microsoft.rtc.autodiscover+xml; v=1
  Expires: -1
}
[10/27/2014 7:08:48 PM] [DEBUG] Parsing the response for URL https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root?sipuri=me@ad.domain.com.  Full response: <?xml version="1.0" encoding="utf-8"?><AutodiscoverResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" AccessLocation="External"><Root><Link token="Domain" href="https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root/domain" /><Link token="User" href="https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root/user" /><Link token="Self" href="https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root" /><Link token="OAuth" href="https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root/oauth/user" /><Link token="External/XFrame" href="https://lync.domain.com/Autodiscover/XFrame/XFrame.html" /><Link token="Internal/XFrame" href="https://internalserver.ad.domain.com/Autodiscover/XFrame/XFrame.html" /><Link token="XFrame" href="https://lync.domain.com/Autodiscover/XFrame/XFrame.html" /></Root></AutodiscoverResponse>
[10/27/2014 7:08:48 PM] [DEBUG] Autodiscover URL https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root?sipuri=me@ad.domain.com redirected to https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root/user
[10/27/2014 7:08:48 PM] [DEBUG] Sending HTTP request to https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root/user?sipuri=me@ad.domain.com
[10/27/2014 7:08:48 PM] [DEBUG] Cookie  found in autodiscover response: StatusCode: 403, ReasonPhrase: 'Forbidden ( The server denied the specified Uniform Resource Locator (URL). Contact the server administrator.  )', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
  Connection: close
  Pragma: no-cache
  Cache-Control: no-cache
  Content-Length: 2040
  Content-Type: text/html
}
[10/27/2014 7:08:48 PM] [DEBUG] Autodiscover: SendRequest(): the URL https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root/user?sipuri=me@ad.domain.com couldn't be connected.  Complete HTTP headers:\r\n Connection: close
Pragma: no-cache
Cache-Control: no-cache

[10/27/2014 7:08:48 PM] [CRITICAL] Couldn't connect to URL https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root/user?sipuri=me@ad.domain.com (HTTP status code Forbidden)
[10/27/2014 7:08:48 PM]

[10/27/2014 7:08:48 PM] [DEBUG] System.Exception: Couldn't connect to URL https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root/user?sipuri=me@ad.domain.com (HTTP status code Forbidden)
   at Microsoft.LyncServer.WebServices.AutoDiscoverManager.TerminateAD(String mesg)
   at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<SendRequest>d__d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<TryNextUrl>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<ParseResponse>d__16.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<TryNextUrl>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<StartDiscoveryJourney>d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
   at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
   at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
   at LyncConnectivityAnalyzerCore.Utilities.<RetrieveUserLocation>d__3e.MoveNext()
[10/27/2014 7:08:48 PM] [INFO] Total server discovery time: 0.4 seconds
[10/27/2014 7:08:48 PM] [SUMMARY_ERROR] Server discovery failed for secured  channel against https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root
[10/27/2014 7:08:48 PM] [INFO] Server discovery ended for https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root
[10/27/2014 7:08:48 PM] [DEBUG] None, AutoInternalDNSFail, AutoExternalDNSFail, AutoInternalSecureD, AutoInternalUnsecureD, AutoExternalSecureD, AutoExternalUnsecureD, ManualSecureD, ManualUnsecureD, AuthBrokerInternalLMXCheckGET, AuthBrokerInternalLMXCheckPOST, AuthBrokerExternalLMXCheckGET, AuthBrokerExternalLMXCheckPOST, MobilityMCXInternalLMXCheckGET, MobilityMCXInternalLMXCheckPOST, MobilityMCXExternalLMXCheckGET, MobilityMCXExternalLMXCheckPOST, LMXSIPServerInternalDNS, LMXSIPServerExternalDNS, MobilityUCWAInternalCheckPOST, MobilityUCWAExternalCheckPOST
[10/27/2014 7:08:48 PM] [SUMMARY]
[10/27/2014 7:08:48 PM] [SUMMARY_ERROR] Server discovery failed using lync.domain.com. Please verify the server requirements at http://go.microsoft.com/fwlink/?LinkId=278998 
[10/27/2014 7:08:48 PM] [SUMMARY_ERROR]
Microsoft Lync Connectivity Analyzer cannot analyze deployment readiness until a discovery test has completed successfully.
0
Comment
Question by:SuperRoot
  • 3
  • 3
6 Comments
 
LVL 23

Expert Comment

by:Mohammed Hamada
ID: 40408783
On internal dns lyncdiscover should be lyncdiscoverinternal.domain.com and point to the local IP of Lync front end
on public it should be lyncdiscover.doman.com and pointing to your TMG's public IP and on TMG it should be reversing to Lync Front end's Internal IP but you should use public domain name on TMG rule.

You might also wanna consider checking  if you have correctly configured the web services on Lync topology.
0
 
LVL 1

Author Comment

by:SuperRoot
ID: 40409921
HI Mohammed! Thanks for the advise! In order to make a passive auhentication, do I need to setup ADFS? also, do I need to setup ADFS on another server or can I just install it on the current standalone lync server?

I already have TMG server, Edge, and stand alone standard lync server. Just wondering if I can get away of not setting up another server.
0
 
LVL 23

Accepted Solution

by:
Mohammed Hamada earned 500 total points
ID: 40410016
For passive authentication you will need an ADFS 2.0 or Higher and you can use this website for the configuration guide.

And Yes, ADFS must be installed on a separate server, You can't install anything else on Lync front end.

http://blogs.technet.com/b/jenstr/archive/2013/10/09/microsoft-lync-2013-for-mobile-and-passive-authentication.aspx

As for Lync web services, you need to make sure that your TMG rule is configured properly.

Could you post a screenshot of the "To" "Listener" , "Public Name" , "Authentication Delegation", "Link Translation" "Bridging" tabs in your TMG rule for Lync.

Also from Lync front end , open the topology and right click on your Pool FQDN and click "Edit Properties" and take a screenshot of your web services settings ..

there could be something wrong in the configuration.
0
Complete VMware vSphere® ESX(i) & Hyper-V Backup

Capture your entire system, including the host, with patented disk imaging integrated with VMware VADP / Microsoft VSS and RCT. RTOs is as low as 15 seconds with Acronis Active Restore™. You can enjoy unlimited P2V/V2V migrations from any source (even from a different hypervisor)

 
LVL 1

Author Comment

by:SuperRoot
ID: 40410018
I called Microsoft and they said my configuration is correct. I cant believe I have to pay $120 for an hour support and they said I need ADFS.
0
 
LVL 23

Expert Comment

by:Mohammed Hamada
ID: 40410023
Sorry I answered you too quickly. didn't read the passive authentication part. read my comment again.
0
 
LVL 1

Author Closing Comment

by:SuperRoot
ID: 40410028
Thanks!
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Problem to search 5 41
Does Radius Server need to be AD server? 3 39
Locating a GPO setting 3 27
Where to find file on SBS 2008 4 24
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This article explains how to install and use the NTBackup utility that comes with Windows Server.
This tutorial will show how to configure a new Backup Exec 2012 server and move an existing database to that server with the use of the BEUtility. Install Backup Exec 2012 on the new server and apply all of the latest hotfixes and service packs. The…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

776 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question