Link to home
Start Free TrialLog in
Avatar of it_medcomp
it_medcompFlag for United States Minor Outlying Islands

asked on

Cannot sign in to lync 2013 while VPN is connected via laptop

I am running Lync 2013 with a single frontend server. I have all the DNS records properly created in the right zones.If I am connected externally with no VPN connected, I can sign in just fine. However if I connect the VPN, I cannot sign in. If I sign in before connecting via VPN, the connection to Lync stays up. Any idea what's going on? I have included my failed sign-in logs from a laptop:
1 Login: FAIL (hr = 0x1)
Executing wws method with windows auth auth, asyncContext=24D1A558,
 context: WebRequest context@ :654951288
  MethodType:4
  ExecutionComplete? :1
  Callback@ :26A64A7C
  AsyncHResult:80f10041
  TargetUri:https://mylyncserver.corp.local/WebTicket/WebTicketService.svc
  OperationName:http://tempuri.org/:IWebTicketService
 Error:
The server returned a trust fault: 'The request scope is invalid or unsupported'.
The fault reason was: 'The AppliesTo element of web ticket request points to a different web server or site.'.

.CLogonCredentialManager::QueryForSpecificCreds() Credential user 0x10B36540 id=15 querying for specific credentials, credSuccess=2, targetName=Microsoft_OC1:uri=dspahn@medcompnet.com:specific:LAD:1, upn=
1.1 ExecuteWithWindowsOrNoAuthInternal: FAIL (hr = 0x3d0000)
Executing wws method with windows auth auth, asyncContext=24D1A558,
 context: WebRequest context@ :654951288
  MethodType:4
  ExecutionComplete? :1
  Callback@ :26A64A7C
  AsyncHResult:80f10041
  TargetUri:https://mylyncserver.corp.local/WebTicket/WebTicketService.svc
  OperationName:http://tempuri.org/:IWebTicketService
 Error:
The server returned a trust fault: 'The request scope is invalid or unsupported'.
The fault reason was: 'The AppliesTo element of web ticket request points to a different web server or site.'.

.
1.2 ExecuteWithWindowsOrNoAuthInternal: FAIL (hr = 0x3d0000)
CLogonCredentialManager::QueryForSpecificCreds() Credential user 0x10B36540 id=15 querying for specific credentials, credSuccess=2, targetName=Microsoft_OC1:uri=dspahn@medcompnet.com:specific:LAD:1, upn=
Avatar of Kaibuk
Kaibuk
Flag of Germany image
Hi it_medcomp

About VPN the first thing you want to check is if your VPN is not doing any SSL inspection between your SfB Clients and the Front End Server. The communication between your Client and Server is already encrypted so any SSL inspection on VPN can break t.

What will tell you know what's happening on your machine when connecting to SfB is Wireshark.

1. Install on your machine wireshark
2. Connect to VPN
3. Start tracing logs and reproduce issue
4. Stop tracing and filter the logs by ip.addr == ip address of your fron end.

If you want you can post privately me the log file to help you find the issue. Don't share any Wireshark logs in public.
Avatar of Jakob Digranes
Jakob Digranes
Flag of Norway image
@Krzysztof have a good point in terms of SSL inspection

also .
Login internally from LAN works ok?
When connecting through VPN - all DNS points to Internal DNS?
Make sure this applies to all DNS records - it may look like you get a webticket for authentication for internal web site, but connecting to external
this error:

The server returned a trust fault: 'The request scope is invalid or unsupported'.
The fault reason was: 'The AppliesTo element of web ticket request points to a different web server or site.'.

more here: https://docs.microsoft.com/en-us/openspecs/office_protocols/ms-ocauthws/70f0c7e9-dad1-425c-a9ed-ab0822c65aac 

Also - do trace to sip records and internal and external web site URLs
This question needs an answer!
Become an EE member today
7 DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform.
View membership options
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.