Unable to connect from internal Wifi on WP7 phone.
-
Friday, April 13, 2012 6:19 PM
Hi guys,
As the title says, I can connect externally with the Lync client from a WP7, but not from the internal Wifi. Android works externally and internally. Can someone please take a look at these logs and tell me what you think the issue might be? I've been beating my head against the wall on this one for days...
Here's a little overview of the deployment:
One standard edition server and one edge server. Not using TMG, but just doing PAT with a Cisco ASA.
Internal pool URL is lync2010.domain.com, external URL is lync.domain.com. In internal DNS, I have A records for lync2010 and lyncdiscoverinternal pointing to the internal private IP and lync pointing to the public external IP. External DNS has an A record for lync, and a CNAME for lyncdiscover pointing to it.
Default cert and internal cert are from our corp CA. Internal root and issuing CA certs are installed on the phone and while connected to corp wifi, I can go to https://lyncdiscoverinternal.domain.com/autodiscover/autodiscover.svc/root from the phone without a certificate error. The internal cert has a subjetct name of lync2010, with SAN's of lync2010 and lyncdiscoverinternal. External cert is from Entrust, and has lync as one of the SAN's.
Initially, I tried lyndiscoverinternal as a CNAME, but that would generate a cert error when I tried visiting it in a browser, so I changed it to an A record instead. The odd thing is that this worked for a period of hours yesterday after I made that change, but today it's back to not working again. The error message I receive upon attempting to connect is "Unable to sign in. Can't connect to the server. It may be busy or temporarily unavailable. Please try again."
Following are the logs, but one entry that seemed to jump out was:
2012-04-13 09:35:08.414-7 : Warning : 372901482 : HttpRequestPump : Got a WebException while reading the response for IssueWT.
2012-04-13 09:35:08.417-7 : Warning : 372901482 : SoapWebRequest : Found SOAP fault code {http://docs.oasis-open.org/ws-sx/ws-trust/200512}InvalidScope.
2012-04-13 09:35:08.418-7 : Warning : 372901482 : SoapWebRequest : Found SOAP fault string "The AppliesTo element of web ticket request points to a different web server or site.".
2012-04-13 09:35:08.423-7 : Warning : 372901482 : WebTicketManager : Found MsDiagnostic info in SOAP fault. Code: 28037. Reason: "The AppliesTo element of web ticket request points to a different web server or site.".
2012-04-13 09:35:08.424-7 : Error : 372901482 : HttpRequestPump : Got a failure response to request IssueWT. Status: UnknownError. Code: 500.
2012-04-13 09:35:08.424-7 : Verbose : 372901482 : HttpRequestPump : Error status description for request IssueWT is "Internal Server Error".I tried searching on this and didn't get any meaningful hits though. Below are the complete logs from a failed connection attempt, so please let me know what you think, and thanks!
ianc
2012-04-13 09:35:03.149-7 : Info : 401606554 : App : Launching 4.1.7947.0
2012-04-13 09:35:03.217-7 : Info : 401606554 : PhotoManager : StartPhotoDownloads()
2012-04-13 09:35:03.229-7 : Info : 401606554 : PresenceSubscriptionManager : Subscription context will be renewed at 0001-01-01 00:00:00Z and expires at 2012-04-13 16:37:02Z.
2012-04-13 09:35:03.259-7 : Verbose : 401606554 : CallRouting : Deserialize McxRouting:Name='rtcdefault' Version='2'
Preamble='Flags='None'
RoutingList='Name='ForwardTo''
RoutingList='Name='SimultaneousRing''
RoutingList='Name='Team''
RoutingList='Name='Delegates''
RoutingList='Name='FirstDelegate''
RoutingList='Name='AddVoice''
RoutingList='Name='ControlledDevice''
WaitTimeListItem='Name='Total' Seconds='20''
WaitTimeListItem='Name='User' Seconds='0''
WaitTimeListItem='Name='Team1' Seconds='0''
WaitTimeListItem='Name='Team2' Seconds='0''
'
2012-04-13 09:35:03.260-7 : Verbose : 401606554 : SelfContact : New call routing settings : Name='rtcdefault' Version='2'
Preamble='Flags='None'
RoutingList='Name='ForwardTo''
RoutingList='Name='SimultaneousRing''
RoutingList='Name='Team''
RoutingList='Name='Delegates''
RoutingList='Name='FirstDelegate''
RoutingList='Name='AddVoice''
RoutingList='Name='ControlledDevice''
WaitTimeListItem='Name='Total' Seconds='20''
WaitTimeListItem='Name='User' Seconds='0''
WaitTimeListItem='Name='Team1' Seconds='0''
WaitTimeListItem='Name='Team2' Seconds='0''
'
2012-04-13 09:35:03.588-7 : Info : 401606554 : InternalExternalSelector : Configuring Transport to use INTERNAL URLs
2012-04-13 09:35:03.609-7 : Info : 401606554 : PushNotificationChannel : Syncing actual=Closed to desiredOpen=False
2012-04-13 09:35:03.616-7 : Info : 401606554 : App : Launching took 892 ms
2012-04-13 09:35:04.542-7 : Info : 401606554 : MainPage : QueryString Value
2012-04-13 09:35:05.185-7 : Verbose : 401606554 : ContactView : Photo opened for sip:Ian.Campbell@domain.com
2012-04-13 09:35:07.293-7 : Info : 401606554 : LogonSession : UI invoked SignIn
2012-04-13 09:35:07.305-7 : Info : 401606554 : CredentialManager : Got a new user credential from app layer.
2012-04-13 09:35:07.307-7 : Info : 401606554 : TrustManager : Adding domain.com to trusted domain list for Autodiscovery.
2012-04-13 09:35:07.310-7 : Info : 401606554 : DiscoverySession : Uri for request IntDisc_https is https://lyncdiscoverinternal.domain.com/?sipuri=ianc@domain.com.
2012-04-13 09:35:07.312-7 : Info : 401606554 : DiscoverySession : Uri for request IntDisc_http is http://lyncdiscoverinternal.domain.com/?sipuri=ianc@domain.com.
2012-04-13 09:35:07.364-7 : Info : 401606554 : LogonSession : SignInState: SigningIn
2012-04-13 09:35:07.369-7 : Info : 401606554 : PresenceSubscriptionManager : HandleLogonSessionPropertyChange(SigningIn)
2012-04-13 09:35:07.370-7 : Info : 401606554 : McxDataSynchronizer : Signed out
2012-04-13 09:35:07.410-7 : Info : 401606554 : LogonSession : New LogonSession internal state = DiscoveringServer
2012-04-13 09:35:07.550-7 : Info : 372901482 : HttpRequestPump : Completed request IntDisc_http.
2012-04-13 09:35:07.568-7 : Info : 401606554 : ConfigurationResolver : Redirect to https://lync2010.domain.com/Autodiscover/AutodiscoverService.svc/root?sipuri=ianc@domain.com requires a trust decision.
2012-04-13 09:35:07.574-7 : Info : 401606554 : TrustManager : Trust of https://lync2010.domain.com/Autodiscover/AutodiscoverService.svc/root?sipuri=ianc@domain.com for Autodiscovery is inherited through domain.com.
2012-04-13 09:35:07.574-7 : Info : 401606554 : TrustManager : Redirection to https://lync2010.domain.com/Autodiscover/AutodiscoverService.svc/root?sipuri=ianc@domain.com is trusted for Autodiscovery.
2012-04-13 09:35:07.574-7 : Info : 401606554 : ConfigurationResolver : Redirecting discovery query for ianc@domain.com to https://lync2010.domain.com/Autodiscover/AutodiscoverService.svc/root?sipuri=ianc@domain.com.
2012-04-13 09:35:07.575-7 : Info : 401606554 : DiscoverySession : Uri for request RedirectDisc is https://lync2010.domain.com/Autodiscover/AutodiscoverService.svc/root?sipuri=ianc@domain.com.
2012-04-13 09:35:07.575-7 : Info : 401606554 : ConfigurationResolver : Sending unauthenticated discovery request for ianc@domain.com to https://lync2010.domain.com/Autodiscover/AutodiscoverService.svc/root?sipuri=ianc@domain.com.
2012-04-13 09:35:07.842-7 : Info : 388106734 : HttpRequestPump : Completed request IntDisc_https.
2012-04-13 09:35:07.842-7 : Warning : 401606554 : ConfigurationResolver : Got an unauthenticated response after state machine moved on.
2012-04-13 09:35:07.844-7 : Info : 372901482 : HttpRequestPump : Completed request RedirectDisc.
2012-04-13 09:35:07.860-7 : Info : 401606554 : ConfigurationResolver : Redirect to https://lync2010.domain.com/Autodiscover/AutodiscoverService.svc/root/user from secure link https://lync2010.domain.com/Autodiscover/AutodiscoverService.svc/root?sipuri=ianc@domain.com does not require a trust decision.
2012-04-13 09:35:07.860-7 : Info : 401606554 : ConfigurationResolver : Redirecting discovery query for ianc@domain.com to https://lync2010.domain.com/Autodiscover/AutodiscoverService.svc/root/user.
2012-04-13 09:35:07.861-7 : Info : 401606554 : ConfigurationResolver : Sending authenticated discovery request for ianc@domain.com to https://lync2010.domain.com/Autodiscover/AutodiscoverService.svc/root/user.
2012-04-13 09:35:07.861-7 : Verbose : 401606554 : HttpRequestPump : Request AuthDisc to https://lync2010.domain.com/Autodiscover/AutodiscoverService.svc/root/user requires metadata.
2012-04-13 09:35:07.863-7 : Verbose : 401606554 : MetadataManager : Got a resolve request for https://lync2010.domain.com/Autodiscover/AutodiscoverService.svc/root/user.
2012-04-13 09:35:07.885-7 : Warning : 372901482 : HttpRequestPump : Got a WebException while reading the response for UnauthGethttps://lync2010.domain.com/Autodiscover/AutodiscoverService.svc/root/user.
2012-04-13 09:35:07.893-7 : Info : 372901482 : MetadataManager : Found web ticket issuer header for unauthenticated get.
2012-04-13 09:35:07.894-7 : Error : 372901482 : HttpRequestPump : Parsed error from failed response to UnauthGethttps://lync2010.domain.com/Autodiscover/AutodiscoverService.svc/root/user. Status=AcceptErrorResponse [Error, Transport, TransportFramework].
2012-04-13 09:35:07.896-7 : Error : 372901482 : HttpRequestPump : Calling back UnauthGethttps://lync2010.domain.com/Autodiscover/AutodiscoverService.svc/root/user with error AcceptErrorResponse [Error, Transport, TransportFramework].
2012-04-13 09:35:07.897-7 : Info : 372901482 : MetadataManager : Resolved metadata for SOAP service https://lync2010.domain.com/Autodiscover/AutodiscoverService.svc/root/user. WT: , WTI: https://lync2010.domain.com/WebTicket/WebTicketService.svc, LI: , F:
2012-04-13 09:35:07.906-7 : Verbose : 372901482 : WebTicketManager : Got a web ticket request for endpoint https://lync2010.domain.com/Autodiscover/AutodiscoverService.svc/root/user. Issuer is https://lync2010.domain.com/WebTicket/WebTicketService.svc.
2012-04-13 09:35:07.910-7 : Info : 372901482 : WebTicketManager : Sending a new web ticket request for https://lync2010.domain.com/Autodiscover/AutodiscoverService.svc/root/user to issuer https://lync2010.domain.com/WebTicket/WebTicketService.svc.
2012-04-13 09:35:07.913-7 : Verbose : 372901482 : HttpRequestPump : Request IssueWT to https://lync2010.domain.com/WebTicket/WebTicketService.svc requires metadata.
2012-04-13 09:35:07.913-7 : Verbose : 372901482 : MetadataManager : Got a resolve request for https://lync2010.domain.com/WebTicket/WebTicketService.svc.
2012-04-13 09:35:07.993-7 : Warning : 388106734 : MetadataManager : Skipping policy WebTicketServiceWinNegotiate_policy because it is not an auth policy we support.
2012-04-13 09:35:07.993-7 : Warning : 388106734 : MetadataManager : Skipping policy WebTicketServiceCert_policy because it is not an auth policy we support.
2012-04-13 09:35:07.993-7 : Warning : 388106734 : MetadataManager : Skipping policy WebTicketServiceMachineCert_policy because it is not a Lync-compatible binding.
2012-04-13 09:35:07.993-7 : Warning : 388106734 : MetadataManager : Skipping policy WebTicketServicePin_policy because it is not an auth policy we support.
2012-04-13 09:35:07.999-7 : Info : 388106734 : MetadataManager : Parsed forms auth policy WebTicketServiceAuth_policy.
2012-04-13 09:35:08.000-7 : Warning : 388106734 : MetadataManager : Skipping policy WebTicketServiceAnon_policy because it is not an auth policy we support.
2012-04-13 09:35:08.008-7 : Verbose : 388106734 : MetadataManager : Discarding binding {http://tempuri.org/}WebTicketServiceWinNegotiate for missing or non-supported policy WebTicketServiceWinNegotiate_policy.
2012-04-13 09:35:08.008-7 : Verbose : 388106734 : MetadataManager : Discarding binding {http://tempuri.org/}WebTicketServiceCert for missing or non-supported policy WebTicketServiceCert_policy.
2012-04-13 09:35:08.008-7 : Verbose : 388106734 : MetadataManager : Discarding binding {http://tempuri.org/}WebTicketServiceMachineCert for missing or non-supported policy WebTicketServiceMachineCert_policy.
2012-04-13 09:35:08.008-7 : Verbose : 388106734 : MetadataManager : Discarding binding {http://tempuri.org/}WebTicketServicePin for missing or non-supported policy WebTicketServicePin_policy.
2012-04-13 09:35:08.009-7 : Verbose : 388106734 : MetadataManager : Using binding {http://tempuri.org/}WebTicketServiceAuth for auth type Forms.
2012-04-13 09:35:08.009-7 : Verbose : 388106734 : MetadataManager : Discarding binding {http://tempuri.org/}WebTicketServiceAnon for missing or non-supported policy WebTicketServiceAnon_policy.
2012-04-13 09:35:08.009-7 : Warning : 388106734 : MetadataManager : Skipping metadata section with no WSDL definitions.
2012-04-13 09:35:08.009-7 : Warning : 388106734 : MetadataManager : Skipping metadata section with no WSDL definitions.
2012-04-13 09:35:08.010-7 : Warning : 388106734 : MetadataManager : Skipping metadata section with no WSDL definitions.
2012-04-13 09:35:08.010-7 : Warning : 388106734 : MetadataManager : Skipping metadata section with no WSDL definitions.
2012-04-13 09:35:08.010-7 : Verbose : 388106734 : MetadataManager : Could not find a supported binding with name {http://tempuri.org/}WebTicketServiceWinNegotiate for endpoint https://lync2010.domain.com/WebTicket/WebTicketService.svc.
2012-04-13 09:35:08.010-7 : Verbose : 388106734 : MetadataManager : Could not find a supported binding with name {http://tempuri.org/}WebTicketServiceCert for endpoint https://lync2010.domain.com/WebTicket/WebTicketService.svc/cert.
2012-04-13 09:35:08.010-7 : Verbose : 388106734 : MetadataManager : Could not find a supported binding with name {http://tempuri.org/}WebTicketServiceMachineCert for endpoint https://lync2010.domain.com/WebTicket/WebTicketService.svc/MachineCert.
2012-04-13 09:35:08.011-7 : Verbose : 388106734 : MetadataManager : Could not find a supported binding with name {http://tempuri.org/}WebTicketServicePin for endpoint https://lync2010.domain.com/WebTicket/WebTicketService.svc/pin.
2012-04-13 09:35:08.011-7 : Verbose : 388106734 : MetadataManager : Could not find a supported binding with name {http://tempuri.org/}WebTicketServiceAnon for endpoint https://lync2010.domain.com/WebTicket/WebTicketService.svc/Anon.
2012-04-13 09:35:08.012-7 : Info : 388106734 : MetadataManager : Resolved metadata for SOAP service https://lync2010.domain.com/WebTicket/WebTicketService.svc. WT: , WTI: , LI: , F: https://lync2010.domain.com/WebTicket/WebTicketService.svc/Auth
2012-04-13 09:35:08.014-7 : Info : 388106734 : CredentialManager : Asking for user credentials from app layer.
2012-04-13 09:35:08.014-7 : Info : 388106734 : HttpRequestPump : Completed request MEXhttps://lync2010.domain.com/WebTicket/WebTicketService.svc.
2012-04-13 09:35:08.024-7 : Info : 401606554 : CredentialManager : Got a new user credential from app layer.
2012-04-13 09:35:08.149-7 : Info : 388106734 : HttpRequestPump : Completed request IssueWT.
2012-04-13 09:35:08.174-7 : Info : 388106734 : HttpRequestPump : Completed request AuthDisc.
2012-04-13 09:35:08.207-7 : Verbose : 401606554 : ConfigurationResolver : Value for internal MCX is https://lync.domain.com/Mcx/McxService.svc.
2012-04-13 09:35:08.207-7 : Verbose : 401606554 : ConfigurationResolver : Value for external MCX is https://lync.domain.com/Mcx/McxService.svc.
2012-04-13 09:35:08.208-7 : Verbose : 401606554 : ConfigurationResolver : Value for internal auto-discover is https://lync2010.domain.com/Autodiscover/AutodiscoverService.svc/root.
2012-04-13 09:35:08.208-7 : Verbose : 401606554 : ConfigurationResolver : Value for external auto-discover is https://lync.domain.com/Autodiscover/AutodiscoverService.svc/root.
2012-04-13 09:35:08.209-7 : Info : 401606554 : ConfigurationResolver : Discovery complete for ianc@domain.com. Internal MCX: https://lync.domain.com/Mcx/McxService.svc. External MCX: https://lync.domain.com/Mcx/McxService.svc. Is internal? True.
2012-04-13 09:35:08.225-7 : Info : 401606554 : InternalExternalSelector : Setting mode to INTERNAL
2012-04-13 09:35:08.225-7 : Info : 401606554 : InternalExternalSelector : Configuring Transport to use INTERNAL URLs
2012-04-13 09:35:08.225-7 : Info : 401606554 : LogonSession : Server discovery complete. Beginning sign-in.
2012-04-13 09:35:08.231-7 : Info : 401606554 : Mcx14Session : InitSession request: Culture 'en-US', UA 'WPLync/4.1.7947.0 (Microsoft Windows CE 7.10.8112; NOKIA Lumia 900 2175.1000.8112.12082)'.
2012-04-13 09:35:08.232-7 : Verbose : 401606554 : HttpRequestPump : Request InitSess to https://lync.domain.com/Mcx/McxService.svc requires metadata.
2012-04-13 09:35:08.233-7 : Verbose : 401606554 : MetadataManager : Got a resolve request for https://lync.domain.com/Mcx/McxService.svc.
2012-04-13 09:35:08.233-7 : Info : 401606554 : LogonSession : New LogonSession internal state = SigningIn
2012-04-13 09:35:08.342-7 : Info : 388106734 : MetadataManager : Parsed Web Ticket auth policy WS2007FedHttpBinding_WebTicketBearerTokenAuth_IMcxService_policy.
2012-04-13 09:35:08.343-7 : Verbose : 388106734 : MetadataManager : Using binding {http://tempuri.org/}WS2007FedHttpBinding_WebTicketBearerTokenAuth_IMcxService for auth type WebTicket.
2012-04-13 09:35:08.343-7 : Warning : 388106734 : MetadataManager : Skipping metadata section with no WSDL definitions.
2012-04-13 09:35:08.343-7 : Warning : 388106734 : MetadataManager : Skipping metadata section with no WSDL definitions.
2012-04-13 09:35:08.344-7 : Info : 388106734 : MetadataManager : Resolved metadata for SOAP service https://lync.domain.com/Mcx/McxService.svc. WT: https://lync2010.domain.com/Mcx/McxService.svc/WebTicket_Bearer, WTI: https://lync2010.domain.com/WebTicket/WebTicketService.svc, LI: , F:
2012-04-13 09:35:08.344-7 : Verbose : 388106734 : WebTicketManager : Got a web ticket request for endpoint https://lync.domain.com/Mcx/McxService.svc. Issuer is https://lync2010.domain.com/WebTicket/WebTicketService.svc.
2012-04-13 09:35:08.344-7 : Info : 388106734 : WebTicketManager : Sending a new web ticket request for https://lync.domain.com/Mcx/McxService.svc to issuer https://lync2010.domain.com/WebTicket/WebTicketService.svc.
2012-04-13 09:35:08.345-7 : Verbose : 388106734 : HttpRequestPump : Request IssueWT to https://lync2010.domain.com/WebTicket/WebTicketService.svc requires metadata.
2012-04-13 09:35:08.345-7 : Verbose : 388106734 : MetadataManager : Got a resolve request for https://lync2010.domain.com/WebTicket/WebTicketService.svc.
2012-04-13 09:35:08.345-7 : Verbose : 388106734 : MetadataManager : Using cached metadata for service https://lync2010.domain.com/WebTicket/WebTicketService.svc.
2012-04-13 09:35:08.345-7 : Info : 388106734 : CredentialManager : Returning cached user credentials.
2012-04-13 09:35:08.346-7 : Info : 388106734 : HttpRequestPump : Completed request MEXhttps://lync.domain.com/Mcx/McxService.svc.
2012-04-13 09:35:08.414-7 : Warning : 372901482 : HttpRequestPump : Got a WebException while reading the response for IssueWT.
2012-04-13 09:35:08.417-7 : Warning : 372901482 : SoapWebRequest : Found SOAP fault code {http://docs.oasis-open.org/ws-sx/ws-trust/200512}InvalidScope.
2012-04-13 09:35:08.418-7 : Warning : 372901482 : SoapWebRequest : Found SOAP fault string "The AppliesTo element of web ticket request points to a different web server or site.".
2012-04-13 09:35:08.423-7 : Warning : 372901482 : WebTicketManager : Found MsDiagnostic info in SOAP fault. Code: 28037. Reason: "The AppliesTo element of web ticket request points to a different web server or site.".
2012-04-13 09:35:08.424-7 : Error : 372901482 : HttpRequestPump : Got a failure response to request IssueWT. Status: UnknownError. Code: 500.
2012-04-13 09:35:08.424-7 : Verbose : 372901482 : HttpRequestPump : Error status description for request IssueWT is "Internal Server Error".
2012-04-13 09:35:08.425-7 : Verbose : 372901482 : HttpRequestPump : Error header collection for request IssueWT is: Cache-Control="private"; Content-Type="text/xml; charset=utf-8"; Server="Microsoft-IIS/7.5"; X-AspNet-Version="2.0.50727"; X-MS-Server-Fqdn="LYNC2010.domain.com"; X-Powered-By="ASP.NET"; Date="Fri, 13 Apr 2012 16:35:05 GMT"; Content-Length="765";
2012-04-13 09:35:08.425-7 : Error : 372901482 : HttpRequestPump : Calling back IssueWT with error HttpServiceBusyOrUnavailableError [Error, Transport, TransportFramework].
2012-04-13 09:35:08.425-7 : Error : 372901482 : WebTicketManager : Failed request for web ticket. Status=HttpServiceBusyOrUnavailableError [Error, Transport, TransportFramework].
2012-04-13 09:35:08.426-7 : Error : 372901482 : HttpRequestPump : Failed to fetch WebTicket for InitSess. Status=HttpServiceBusyOrUnavailableError [Error, Transport, TransportFramework].
2012-04-13 09:35:08.426-7 : Error : 372901482 : HttpRequestPump : Calling back InitSess with error HttpServiceBusyOrUnavailableError [Error, Transport, TransportFramework].
2012-04-13 09:35:08.439-7 : Info : 401606554 : LogonSession : SignInState: SignedOut
2012-04-13 09:35:08.439-7 : Info : 401606554 : ConversationManager : LogonSession signed in or out
2012-04-13 09:35:08.439-7 : Info : 401606554 : PresenceSubscriptionManager : HandleLogonSessionPropertyChange(SignedOut)
2012-04-13 09:35:08.440-7 : Info : 401606554 : McxDataSynchronizer : Signed out
2012-04-13 09:35:08.442-7 : Info : 401606554 : LogonSession : New LogonSession internal state = SignedOut
2012-04-13 09:35:08.443-7 : Info : 401606554 : LogonSession : Doing UI callback with HttpServiceBusyOrUnavailableError [Error, Transport, TransportFramework]
2012-04-13 09:35:08.506-7 : Error : 401606554 : AppLayerHelper : Can't connect to the server. It may be busy or temporarily unavailable. Please try again.
HttpServiceBusyOrUnavailableError [Error, Transport, TransportFramework]
2012-04-13 09:35:10.139-7 : Info : 401606554 : AppLayerHelper : SignIn completed with HttpServiceBusyOrUnavailableError [Error, Transport, TransportFramework]
2012-04-13 09:35:12.983-7 : Info : 401606554 : NavigationManager : Navigating to: /UI/Pages/About.xaml
All Replies
-
Friday, April 13, 2012 7:11 PM
So- I know you have worked really hard on this - congrats at getting it signed in externally. Awesomeness.
So, IMO - the object of having a good mobile solution here can be boiled down to the following "Have both internal AND external users sign into Lync the exact same way." The mobile clients are unique - because they go WIFI, you go to to bathroom and loose connection and it's 3G/4g ... back and forth all day.
My perception of the majority of "experts" on the forums is that they simply don't use "lyncdisoverinternal" at all. Everybody uses "lyncdiscover." The SIMPLE solution (hahaha) to this is to hairpin your users out and back in external.
So, try this - DELETE your "lyncdiscoverinternal" DNS record altogether and publish your lyncdiscover record both internally and externally (both pointing to the same IP, of course). That will also help you get past the crazy hurdles of internal certificates.
Let me know what you think - i'm pretty confident in my advise to you on this one.
if my post is helpful - please click on the green arrow. (please excuse, in advance, any perceived sarcasm/humor - as I often forget it does not translate through text) :)
- Marked As Answer by ianc3 Friday, April 13, 2012 9:58 PM
-
Friday, April 13, 2012 7:46 PM
Hi Greg, and thanks very much for the response!
I too have read some debate over whether the lyncdiscoverinternal record is really required or not, but I decided to follow the MS docs to see if I could get it working that way.
I will give your suggestion a try though; I have deleted the internal lyncdiscoverinternal A record and created a lyncdiscover CNAME pointing to lync (which resolves to the external IP address).
I think I have to use a CNAME, because if I use an A record, a lyncdiscover SAN would need to be added to the external cert?
Anyway, I just replicated the DNS, power-cycled the phone and tried again but no worky. Sometimes these things take awhile to take effect however, so I'll keep trying it and report back here; probably by Mon with an update. Thanks again,
ianc
- Edited by ianc3 Friday, April 13, 2012 7:47 PM
-
Friday, April 13, 2012 9:58 PM
Greg,
You rule! I tried again a short while ago and it looks like all is well! Will try again over the weekend, but for now I think you've cured it! Have a great weekend and thanks again,
ianc
-
Monday, April 16, 2012 1:21 PMAwesome. Glad to help. really thankful that the solution worked and that you're on your way. Great job getting as far as you did!
if my post is helpful - please click on the green arrow. (please excuse, in advance, any perceived sarcasm/humor - as I often forget it does not translate through text) :)
-
Thursday, April 26, 2012 5:07 PM
Question on this solution. If I point lyncdiscover.fqdn.com to my externally facing interface, won't that mean that all my clients will go to the internet to authenticate? I am in a similar situation in which all clients work externally (Desktop, Android, iOS and WP7). However, internally (on wifi), WP7 will not connect.
We have a growing number of WP7 users, so it would be great to allow them to be on wifi and still have Lync function without routing everyone through the Internet.
Thank you in advance.
-
Thursday, April 26, 2012 5:22 PM
Yes, all your clients will authenticate from the internet, but this is the way it must happen anyway. Traffic must be sent to the external address of the Lync server, and if you are internal, this means it must exit and be hairpinned back through.
Hope that answers your question, as I'm not 100% what you're asking. Study the mobility docs from MS for more info on this to clear up any questions though...
ianc
-
Thursday, April 26, 2012 7:15 PM
Thank you for the reply and I understand what you are saying. However, it does not make sense that I have to hairpin my users out to the internet for authentication, especially since this is for only one client type (WindowsPhone7).
.png)
