none
Unable to use Distribution Groups in Lync Client

    Question

  • Hello,

    We have a simple Lync Server 2013 setup with a single Front End and an Edge server. When users try to add Distribution Groups to their contact list, the following error shows up: "Cannot use the distribution group service because the address is incorrect, although the service is available. Contact your support team with this information".

    When opening the Lync Configuration Information it shows the EWS status as OK and the DG URL looks OK (https://frontendserver.domain.nl:443/groupexpansion/service.svc) . However, when I manually navigate to the DG URL I get "Server Error in '/GroupExpansion' Application." and the IIS logs show the following request: "2013-11-13 10:50:11 x.x.x.x GET /groupexpansion/service.svc/mex - 443 - x.x.x.x Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:25.0)+Gecko/20100101+Firefox/25.0 500 0 0 404".

    The Lync clients connect via the Edge server but currently use the internal Front End server for web URL's. Thus the DG URL points to the internal server. Reverse Proxy is planned to be set up later.

    Lastly, the "Lync server 2013 Logging tool" shows nothing for the "Dlx".

    Does anyone have ideas as to what might be wrongly configured, or where I should look next?

    With kind regards,

    Vincent

    Wednesday, November 13, 2013 11:09 AM

Answers

  • Thank you very much for all the suggestions.

    It turned out to be a fault in Web Components *somewhere*. After reinstalling Web Components, the errors from the eventlog (specifically under the Lync Server category) disappeared. And distribution groups worked, for the first time.

    • Marked as answer by Vincent Spaa Thursday, November 28, 2013 8:47 AM
    Thursday, November 28, 2013 8:45 AM

All replies

  • The reverse proxy is required for Lync web services for external users. Your external site is usually configured with a 4443 port setting and the reverse proxy takes the external clients request over 443 and sends it to the external site on 4443 or whatever port you have it set to. For remote users to expand distro groups a reverse proxy is required.

    --Mike-- Network/Systems Administrator

    Wednesday, November 13, 2013 2:31 PM
  • Agree with Mike.

    Please check you have this issue with internal users.

    It is recommended to set the Front End Pool internal Web FQDN different from Front End pool external Web FQDN.

    It is a prerequisite for Lync mobility feature.


    Lisa Zheng
    TechNet Community Support

    Thursday, November 14, 2013 3:05 AM
  • Thank you both for the quick replies.

    The problem persists even if I log into the front end pool directly (i.e. force my Lync client to connect with the front end via settings). The client still claims the following: "Cannot use the distribution group service because the address is incorrect, although the service is available. Contact your support team with this information". In other words, internal users have the same problem.

    Do you have any more suggestions that I could try out?

    Thursday, November 14, 2013 7:48 AM
  • From an internal computer what happens when you access the groupexpansion service directly for both the internal site and the external site?

    Example: https://YourLyncserver.com/groupexpansion/service.svc and then check https://YourLyncserver.com:4443/groupexpansion/services.svc

    Make sure you get the service created message. If not start by checking your IIS logs for both the internal and external site to see if your still getting the 404 file not found issue or if the issue is different. post back your results we can go from there.


    --Mike-- Network/Systems Administrator

    Thursday, November 14, 2013 6:50 PM
  • Hello Mike,

    Both pages give me a runtime error when I try to access them from an office PC, via firefox.

    The IIS logs show the following lines for 443:
    "2013-11-15 07:36:55 x.x.x.x GET /groupexpansion/service.svc - 443 - x.x.x.x Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:25.0)+Gecko/20100101+Firefox/25.0 500 0 0 6"

    And for 4443:

    "2013-11-15 07:36:43 x.x.x.x GET /groupexpansion/services.svc - 4443 - x.x.x.x Mozilla/5.0+(Windows+NT+6.1;+WOW64;+rv:25.0)+Gecko/20100101+Firefox/25.0 500 0 0 2595"

    This is the stacktrace I'm getting for both requests:

    Server Error in '/GroupExpansion' Application.

    Auth framework failed to initialize service consumer.  See server log for details.

    Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

    Exception Details: Microsoft.Rtc.Internal.WebServicesAuthFramework.AuthFrameworkInitializationException: Auth framework failed to initialize service consumer.  See server log for details.

    Source Error:
    An unhandled exception was generated during the execution of the current web request. Information regarding the origin and location of the exception can be identified using the exception stack trace below.

    Stack Trace:
    [AuthFrameworkInitializationException: Auth framework failed to initialize service consumer.  See server log for details.]
       Microsoft.Rtc.Internal.WebServicesAuthFramework.OCSAuthModule.InitializeAuthModule() +1821
       Microsoft.Rtc.Internal.WebServicesAuthFramework.ProviderManager.get_ProofTokenKeySetResolver() +144
       Microsoft.Rtc.Internal.WebServicesAuthFramework.ProofWebTicketTokenResolver.InternalInitialize() +37
       Microsoft.Rtc.Internal.WebServicesAuthFramework.OCSAuthModule..cctor() +517
    
    [TypeInitializationException: The type initializer for 'Microsoft.Rtc.Internal.WebServicesAuthFramework.OCSAuthModule' threw an exception.]
       Microsoft.Rtc.Internal.WebServicesAuthFramework.OCSAuthModule..ctor() +19
    
    [TargetInvocationException: Exception has been thrown by the target of an invocation.]
       System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandleInternal& ctor, Boolean& bNeedSecurityCheck) +0
       System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache, StackCrawlMark& stackMark) +159
       System.RuntimeType.CreateInstanceDefaultCtor(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache, StackCrawlMark& stackMark) +256
       System.Activator.CreateInstance(Type type, Boolean nonPublic) +127
       System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes, StackCrawlMark& stackMark) +14429965
       System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes) +200
       System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture) +28
       System.Web.HttpRuntime.CreateNonPublicInstance(Type type, Object[] args) +83
       System.Web.HttpApplication.BuildIntegratedModuleCollection(List`1 moduleList) +335
       System.Web.HttpApplication.GetModuleCollection(IntPtr appContext) +1262
       System.Web.HttpApplication.RegisterEventSubscriptionsWithIIS(IntPtr appContext, HttpContext context, MethodInfo[] handlers) +133
       System.Web.HttpApplication.InitSpecial(HttpApplicationState state, MethodInfo[] handlers, IntPtr appContext, HttpContext context) +304
       System.Web.HttpApplicationFactory.GetSpecialApplicationInstance(IntPtr appContext, HttpContext context) +404
       System.Web.Hosting.PipelineRuntime.InitializeApplication(IntPtr appContext) +475
    
    [HttpException (0x80004005): Exception has been thrown by the target of an invocation.]
       System.Web.HttpRuntime.FirstRequestInit(HttpContext context) +12880948
       System.Web.HttpRuntime.EnsureFirstRequestInit(HttpContext context) +159
       System.Web.HttpRuntime.ProcessRequestNotificationPrivate(IIS7WorkerRequest wr, HttpContext context) +12722137
    


    Version Information: Microsoft .NET Framework Version:4.0.30319; ASP.NET Version:4.0.30319.18055

    Friday, November 15, 2013 7:51 AM
  • What does your event log show during the error if anything?

    --Mike-- Network/Systems Administrator

    Monday, November 18, 2013 2:41 PM
  • It shows the following:

    Event code: 3005
    Event message: An unhandled exception has occurred.
    Event time: 11/19/2013 9:04:38 AM
    Event time (UTC): 11/19/2013 8:04:38 AM
    Event ID: a8c543be3e8f440e823f6a4a805ca7dd
    Event sequence: 1
    Event occurrence: 1
    Event detail code: 0
     
    Application information:
        Application domain: /LM/W3SVC/34577/ROOT/GroupExpansion-149-130293218785172850
        Trust level: Full
        Application Virtual Path: /GroupExpansion
        Application Path: C:\Program Files\Microsoft Lync Server 2013\Web Components\Group Expansion\Int\
        Machine name: SERVERNAME
     
    Process information:
        Process ID: 4224
        Process name: w3wp.exe
        Account name: NT AUTHORITY\NETWORK SERVICE
     
    Exception information:
        Exception type: TargetInvocationException
        Exception message: Exception has been thrown by the target of an invocation.
       at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandleInternal& ctor, Boolean& bNeedSecurityCheck)
       at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache, StackCrawlMark& stackMark)
       at System.RuntimeType.CreateInstanceDefaultCtor(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache, StackCrawlMark& stackMark)
       at System.Activator.CreateInstance(Type type, Boolean nonPublic)
       at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes, StackCrawlMark& stackMark)
       at System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
       at System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture)
       at System.Web.HttpRuntime.CreateNonPublicInstance(Type type, Object[] args)
       at System.Web.HttpApplication.BuildIntegratedModuleCollection(List`1 moduleList)
       at System.Web.HttpApplication.GetModuleCollection(IntPtr appContext)
       at System.Web.HttpApplication.RegisterEventSubscriptionsWithIIS(IntPtr appContext, HttpContext context, MethodInfo[] handlers)
       at System.Web.HttpApplication.InitSpecial(HttpApplicationState state, MethodInfo[] handlers, IntPtr appContext, HttpContext context)
       at System.Web.HttpApplicationFactory.GetSpecialApplicationInstance(IntPtr appContext, HttpContext context)
       at System.Web.Hosting.PipelineRuntime.InitializeApplication(IntPtr appContext)

    The type initializer for 'Microsoft.Rtc.Internal.WebServicesAuthFramework.OCSAuthModule' threw an exception.
       at Microsoft.Rtc.Internal.WebServicesAuthFramework.OCSAuthModule..ctor()

    Auth framework failed to initialize service consumer.  See server log for details.
       at Microsoft.Rtc.Internal.WebServicesAuthFramework.OCSAuthModule.InitializeAuthModule()
       at Microsoft.Rtc.Internal.WebServicesAuthFramework.ProviderManager.get_ProofTokenKeySetResolver()
       at Microsoft.Rtc.Internal.WebServicesAuthFramework.ProofWebTicketTokenResolver.InternalInitialize()
       at Microsoft.Rtc.Internal.WebServicesAuthFramework.OCSAuthModule..cctor()

     
     
    Request information:
        Request URL: https://servername:443/groupexpansion/service.svc
        Request path: /groupexpansion/service.svc
        User host address: ::1
        User:  
        Is authenticated: False
        Authentication Type:  
        Thread account name: NT AUTHORITY\NETWORK SERVICE
     
    Thread information:
        Thread ID: 28
        Thread account name: NT AUTHORITY\NETWORK SERVICE
        Is impersonating: False
        Stack trace:    at System.RuntimeTypeHandle.CreateInstance(RuntimeType type, Boolean publicOnly, Boolean noCheck, Boolean& canBeCached, RuntimeMethodHandleInternal& ctor, Boolean& bNeedSecurityCheck)
       at System.RuntimeType.CreateInstanceSlow(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache, StackCrawlMark& stackMark)
       at System.RuntimeType.CreateInstanceDefaultCtor(Boolean publicOnly, Boolean skipCheckThis, Boolean fillCache, StackCrawlMark& stackMark)
       at System.Activator.CreateInstance(Type type, Boolean nonPublic)
       at System.RuntimeType.CreateInstanceImpl(BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes, StackCrawlMark& stackMark)
       at System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
       at System.Activator.CreateInstance(Type type, BindingFlags bindingAttr, Binder binder, Object[] args, CultureInfo culture)
       at System.Web.HttpRuntime.CreateNonPublicInstance(Type type, Object[] args)
       at System.Web.HttpApplication.BuildIntegratedModuleCollection(List`1 moduleList)
       at System.Web.HttpApplication.GetModuleCollection(IntPtr appContext)
       at System.Web.HttpApplication.RegisterEventSubscriptionsWithIIS(IntPtr appContext, HttpContext context, MethodInfo[] handlers)
       at System.Web.HttpApplication.InitSpecial(HttpApplicationState state, MethodInfo[] handlers, IntPtr appContext, HttpContext context)
       at System.Web.HttpApplicationFactory.GetSpecialApplicationInstance(IntPtr appContext, HttpContext context)
       at System.Web.Hosting.PipelineRuntime.InitializeApplication(IntPtr appContext)
     
     
    Custom event details:

    Tuesday, November 19, 2013 8:28 AM
  • Have you disabled loopback check on that machine?

    
    Run regedit and browse to the following...
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa
    Create a dword with the following values
    DisableLoopbackCheck Value:1

    And what is your authentication setup NTLM and kerberos?

    --Mike-- Network/Systems Administrator

    Tuesday, November 19, 2013 1:28 PM
  • DisableLookbackCheck was already set to 1. And the Lync deployment only uses NTLM for authentication, kerberos hasn't been enabled.

    Do you have any more ideas or suggestions?

    Friday, November 22, 2013 7:46 AM
  • Is anonymous authentication enabled for the site?

    --Mike-- Network/Systems Administrator

    Friday, November 22, 2013 1:58 PM
  • Check if the DG SIP URI is in the proxyAddresses attribute in AD (sip:dg@yourdomain.com).
    • Marked as answer by Kent-Huang Monday, November 25, 2013 11:29 AM
    • Unmarked as answer by Vincent Spaa Thursday, November 28, 2013 8:43 AM
    Friday, November 22, 2013 2:20 PM
  • Try to restart your Lync Front End Server.

    Check each distribution group have a unique email address.

    Run the Test-CsGroupExpansion to test the ability of a user to employ group expansion.


    Lisa Zheng
    TechNet Community Support

    • Marked as answer by Kent-Huang Monday, November 25, 2013 11:29 AM
    • Unmarked as answer by Vincent Spaa Thursday, November 28, 2013 8:44 AM
    Monday, November 25, 2013 1:57 AM
  • Thank you very much for all the suggestions.

    It turned out to be a fault in Web Components *somewhere*. After reinstalling Web Components, the errors from the eventlog (specifically under the Lync Server category) disappeared. And distribution groups worked, for the first time.

    • Marked as answer by Vincent Spaa Thursday, November 28, 2013 8:47 AM
    Thursday, November 28, 2013 8:45 AM