none
Lync2013 & OCS 2007 R2 coexistence

    Question

  • If anyone can help on this:
    I have a basic OSC 2007 R2 setup, just a single standard server with no edge servers. The only feature that is being used is messaging. I installed Lync 2013 on a new server. Everything looks like it went well with the installation as I can add users to Lync 2013 and they can communicate back and forth just fine. However users from OCS can not send message to anyone on Lync and Lync users can not send message to anyone on OCS. Both show presence unknown.

    The topology is merged without any error and published.
    I created a test user on OCS and migrated it successfully to Lync2013.

    On a Windows 7 workstation event log, I see this:
    ms-diagnostics: 1039;reason=”Failed to complete TLS negotiation with a peer server…..

    Any idea?

    Wednesday, November 06, 2013 7:35 PM

All replies

  • I had a similar issue a couple months ago, however I could send messages from Lync to OCS 2007R2, just no messages and presence from OCS2007R2 to Lync. My issue was caused by a TLS issue.

    Here was my issue: http://www.lynced.com.au/2013/09/ocs-2007r2-users-are-unable-to-view.html


    Blog http://www.lynced.com.au | Twitter @imlynced

    Wednesday, November 06, 2013 8:39 PM
  • Thanks Georg,

    My OCS2007R2 is running on Windows 2008 standard. So your solution will not help mine.

    Wednesday, November 06, 2013 8:47 PM
  • Do you have any errors in the Event viewer on the Lync/OCS servers? 

    Blog http://www.lynced.com.au | Twitter @imlynced

    Wednesday, November 06, 2013 10:13 PM
  • Nope, nothing at all other than what has been there before.
    Thursday, November 07, 2013 12:34 AM
  • Hi MikeMerkato,

    Please check if the certificates on Lync Server and OCS are assigned from a single certificate authority or they are trusted among each other.

    If the issue persists, you can use the Lync server logging tool to test the process of IM, then you will find the error step of issue.

    Here is the link of using the Lync logging tool:

    http://blog.schertz.name/2011/06/using-the-lync-logging-tool/

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.

    Best Regards,

    Eason Huang


    Eason Huang
    TechNet Community Support

    Thursday, November 07, 2013 11:14 AM
  • Thanks Eason,

    Yes, they both use certificate from local CA.

    I'll try to grab the logs now.

    Thursday, November 07, 2013 2:07 PM
  • I agree that you should look at the logs, however the Lync Logging Tool is superseded in Lync 2013 by the centralized logging service.

    Whilst you still use Snooper to view and analyze the logs the method for capturing the logs is to use Lync 2013s built in Centralized logging.

    For example from Powershell run: Start-CsClsLogging -Scenario AlwaysOn

    (instead of AlwaysOn there are a variety of different scenarios "IMAndPresence" may be more suitable. Here is a list: http://www.mylynclab.com/2013/04/lync-2013-centralised-logging-deep-dive.html)

    Try messaging/viewing presence.

    You can then search the log using Search-CsClsLogging -OutputFilePath C:\yourpath\yourfilename.log

    These can be opened in Snooper for viewing/filtering/analysis.

    More information here http://technet.microsoft.com/en-us/library/jj688101.aspx


    Blog http://www.lynced.com.au | Twitter @imlynced

    Thursday, November 07, 2013 2:41 PM
  • Thanks Georg,

    This is what the logger returned. Does it tell you anything?

    TL_WARN(TF_COMPONENT) [1]117C.4518::11/07/2013-14:11:24.580.00005f4e (SIPStack,SIPRouterOutNegotiate::Resume:2523.idx(120))( 3710221342 )( 0000002558A90318 ) Exit - delete router on failed sync send 10054(WSAECONNRESET)
    TL_WARN(TF_COMPONENT) [0]117C.26D8::11/07/2013-14:23:27.979.0002148a (SIPStack,SIPRouterOutNegotiate::Resume:2523.idx(120))( 2936137218 )( 00000025589FB818 ) Exit - delete router on failed sync send 10054(WSAECONNRESET)
    TL_INFO(TF_COMPONENT) [0]117C.4518::11/07/2013-14:34:46.984.00034b04 (SIPStack,CAUTHRecord::ExpireDisconnectedEndpointContext:421.idx(449))( 0000002556937380 ) Expired 0000002553F1AE60
    TL_INFO(TF_COMPONENT) [0]117C.4518::11/07/2013-14:34:46.984.00034b07 (SIPStack,CPresenceKeepAlive::NotifySocketClosed:2592.idx(342))[332960861]( 00000025532523E8 ) Disconnecting client: lynctest1 , Call-ID: , ctx:00000025569F67D0
    TL_WARN(TF_COMPONENT) [0]117C.26D8::11/07/2013-14:34:50.058.00038b84 (SIPStack,MsDiagHeaderFactory::CreateMsWarningInfo:155.idx(48))( 00000025589B4848 ) Default ms-diagnostic code (2) inserted
    TL_WARN(TF_COMPONENT) [0]117C.26D8::11/07/2013-14:34:50.151.0003c790 (SIPStack,MsDiagHeaderFactory::CreateMsWarningInfo:155.idx(48))( 00000025589B4848 ) Default ms-diagnostic code (2) inserted

    Thursday, November 07, 2013 4:55 PM
  • Nothing glaringly obvious aside from the connection resets.

    Can you try opening it in Snooper (you may need to download it from http://www.microsoft.com/en-us/download/details.aspx?id=35453) Load up the file and click "Messages" it's much easier to read. Errors are usually highlighted in red, which helps too :)


    If this helped you please mark click "Vote As Helpful" if it answered your question please click "Mark As Answer" Blog http://www.lynced.com.au | Twitter @imlynced

    Thursday, November 07, 2013 5:16 PM
  • ok, will try that.

    Meanwhile, this is the log I see on the Lync workstation pc. Can you tell anything from this?

    ms-diagnostics:  25008;reason="Attempting to route to Primary Pool";source=Lync2013 server

    504  Server time-out

    ms-diagnostics:  1039;reason="Failed to complete TLS negotiation with a peer server";fqdn= OCS server....

    peer-type="InternalServer";winsock-code="10054";winsock-info="The peer forced closure of the connection";

    Thursday, November 07, 2013 5:26 PM
  • Ok, so this looks like your Lync client is attempting to login to the OCS2007R2 pool which then redirects it to the Lync pool. It looks like it's then timing out when it tries to sign-in to Lync because of a TLS negotiation problem.

    When you configured co-existence did you update the client policy so that Lync is not permitted to login to OCS 2007 R2? (Step 3 here http://technet.microsoft.com/en-us/library/jj688130.aspx)

    How are you specifying Lync clients connect to the Lync server? Are you using Manual configuration in Lync options and pointing them direct, or is it autodetect?



    If this helped you please mark click "Vote As Helpful" if it answered your question please click "Mark As Answer" Blog http://www.lynced.com.au | Twitter @imlynced

    Thursday, November 07, 2013 5:39 PM
  • The lync client is logging into the Lync server automatically (autodetect).

    That error/warning is being generated when the Lync user tries to IM OCS user.

    Lync user to Lync user communicate without any issue.

    Does this answer your question?

    Thursday, November 07, 2013 5:45 PM
  • I am wondering if the issue is that your Lync clients are connecting to OCS, hence why things aren't working properly, because they're unable to sign-in to Lync because of the TLS issue. 

    I've had a similar issue with Lync 2013 client connecting to Lync on Windows Server 2012 when they attempted to authenticate using TLS1.2 - the workaround was to disable TLS1.2, which caused it to fall back to TLS1.1.

    http://www.lynced.com.au/2013/09/unable-to-sign-in-to-lync-2013-client.html

    The issue with this workaround is people are reporting that Windows Update no longer works on the server and they have turn revert to use Windows update, which is also not ideal.


    If this helped you please mark click "Vote As Helpful" if it answered your question please click "Mark As Answer" Blog http://www.lynced.com.au | Twitter @imlynced

    Thursday, November 07, 2013 5:46 PM
  • & This is the log from OCS client computer. This log is being generated when an OCS user tries to talk to Lync user

    A SIP request made by Communicator failed in an unexpected manner (status code 80ef0194).

    m=message 5060 sip null

    a=accept-types:text/plain multipart/alternative image/gif text/rtf text/html application/x-ms-ink application/ms-imdn+xml text/x-msmsgsinvite

     

    Response Data:

    404  Not Found

    ms-diagnostics:  1003;reason="User does not exist";source="OCS server";TargetUri="Lyncuser"

    Thursday, November 07, 2013 5:49 PM
  • Lync clients are logging into the Lync server, both with manual configuration and with autodetect too without any issue. & they talk to each other flawless.
    Thursday, November 07, 2013 5:52 PM
  • Definitely something strange going on there. Just to check you have Windows Firewall off/exceptions made for Lync? (specifically TCP5061)

    If this helped you please mark click "Vote As Helpful" if it answered your question please click "Mark As Answer" Blog http://www.lynced.com.au | Twitter @imlynced

    Thursday, November 07, 2013 5:54 PM
  • Yeah, something strange....Yes, firewall is open end to end
    Thursday, November 07, 2013 6:18 PM
  • The only other thing you can try and do is use something like Netmon or Wireshark to try and see what's going on. See if connections are going to the correct places and if TLS is failing, you should be able to see that also.

    If this helped you please mark click "Vote As Helpful" if it answered your question please click "Mark As Answer" Blog http://www.lynced.com.au | Twitter @imlynced

    Thursday, November 07, 2013 8:52 PM
  • Thanks Georg for the follow-up.

    I just did Netmon and see that TLS and TCP are passing through to the correct IP. I don't know what else I can check

    Thursday, November 07, 2013 9:31 PM
  • I'll reboot the OCS server tonight and see if it helps
    Thursday, November 07, 2013 9:54 PM