Lync Server 2013 - Mobile devices Problem

Dear all,
We’re having some tiny issues with Lync 2013 server, and after several days reading and checking the most common Lync blogs/website for troubleshooting we still have an issue with mobile devices (only). Your help will be really appreciated! (And maybe save my job)

On our actual situation:
All laptop and computers can log to lync, and we chat only, on the LAN or from a remote location (no vpn required from wan to login). All good.
Mobile devices (iphone/ipad/android) can basically not log-on to the system.
Architecture:
1* front lync server
1* edge lync server
1*reverse proxy server (windows based)
All our servers are running under windows 2012srv.
SSL certs are the following, for the internal side, PKI has been implemented and delivers a SSL. For the external websites Digicert SSL has been configured.

Here are some results after test with lync connectivity analyzer: (from WAN)
 result-wan.png(FQDN: even with a manual configuration doesn’t work)







From LAN:
 result-lan.png
We notice that when we try to check the content of the Autodiscovery IIS we have error 403 or 500.
IIS-issue.png
On the actuall situation we basically can't understand we're to start and push forward our troubleshooting researches :/

Thank you
NalioAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

systechadminConsultantCommented:
Kindly test the lync connectivity

https://testconnectivity.microsoft.com/
systechadminConsultantCommented:
Also check the certificate of the lync is not expired. refer the below link

http://blogs.technet.com/b/nexthop/archive/2012/04/25/lync-server-2010-mobility-deep-dive-autodiscover-service.aspx

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
NalioAuthor Commented:
Dear Gaurav,

thank you for your quick reply, truly appreciated.

SSL are ok untill october 2016.
Here's the result of the test from https://testconnectivity.microsoft.com/.

test-exchange-external-testing.png
its in french.. but is says " Can not validate SSL certificate due to the negotiation of failure. This may be due to a network error or a problem installing the certificate."

internally we are newbies in lync, installation was done by a consultant that dind't left any documentation or info. Thanks
Check Out How Miercom Evaluates Wi-Fi Security!

It's not just about Wi-Fi connectivity anymore. A wireless security breach can cost your business large amounts of time, trouble, and expense. Plus, hear first-hand from Miercom on how WatchGuard's Wi-Fi security stacks up against the competition plus a LIVE demo!

systechadminConsultantCommented:
It seems that SSL certificate is not properly installed on edge server check port 443. Kindly refer the article to check what you need to check

https://social.technet.microsoft.com/Forums/en-US/6adeb611-0814-472f-bf8d-caaf82db6dc3/lync-edge-the-certificate-couldnt-be-validated-because-ssl-negotiation-wasnt-successful?forum=lyncdeploy
NalioAuthor Commented:
Ok thank you Gaurav, we check with the team and keep you inform!!
Mohammed HamadaSenior IT ConsultantCommented:
Hi Nalio,

I just checked the document you attached, your External NIC on your IIS should have a gateway pointing to your Firewall.
only the Internal one shouldn't have Gateway or DNS. and you should edit the hostfile so you can add the DC ip and FQDN, Lync Front end FQDN and IP too and try to ping from the IIS server to Lync FE FQDN and DC.

Change the Binding order of the NICs so that the External NIC is on top and LAN is in the bottom.
SIP shouldn't be configured in IIS. the Web Services FQDN (In the topology is configured) must be set.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Chat / IM

From novice to tech pro — start learning today.