Lync Connectivity Analyzer - Proxy Authentication Required
-
Monday, February 11, 2013 11:26 PM
The new Lync Connectivity Analyzer is really cool!
http://blogs.technet.com/b/nexthop/archive/2013/02/08/the-new-lync-connectivity-analyzer.aspx
Testing my environment, it keeps failing on the steps to connect to lyncdiscover.domain.com
It is logging: The remote server returned an error: (407) Proxy Authentication Required.
Logging on the TMG matches this.
NetMon shows when the Lync Connectivity Analyzer hits the TMG web proxy, and the TMG sends back '(407) Proxy Authentication Required', the Lync Connectivity Analyzer does not authenticate.
Opening the exact same URL in a browser works fine, as it authenticates to the TMG.
Why is the Lync Connectivity Analyzer tool not compatible with TMG web proxy?
All Replies
-
Monday, February 11, 2013 11:29 PM
Here is the section from the LCAT.log file:
[2/11/2013 2:44:45 PM] [DEBUG] Sending HTTP request to https://lyncdiscover.domain.com/?sipuri=john.doe@domain.com
[2/11/2013 2:44:45 PM] [DEBUG] Exception encountered while sending an HTTP request to https://lyncdiscover.domain.com/?sipuri=john.doe@domain.com: An error occurred while sending the request.. Complete Exception: \r\nSystem.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The remote server returned an error: (407) Proxy Authentication Required.
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)
--- End of inner exception stack trace ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<SendHttpRequest>d__9.MoveNext()
[2/11/2013 2:44:45 PM] [ERROR] An error occurred while sending the request.
The remote server returned an error: (407) Proxy Authentication Required.
[2/11/2013 2:44:45 PM] [INFO] For troubleshooting, try using a browser to open the server discovery URL https://lyncdiscover.domain.com/?sipuri=john.doe@domain.com
[2/11/2013 2:44:45 PM] [DEBUG] System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: The remote server returned an error: (407) Proxy Authentication Required.
at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
at System.Net.Http.HttpClientHandler.GetResponseCallback(IAsyncResult ar)
--- End of inner exception stack trace ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<SendHttpRequest>d__9.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<SendRequest>d__d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<TryNextUrl>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<StartDiscoveryJourney>d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at LyncConnectivityAnalyzerCore.Utilities.<RetrieveUserLocation>d__40.MoveNext()
[2/11/2013 2:44:45 PM] [SUMMARY_ERROR] Server discovery failed for secured external channel against https://lyncdiscover.domain.com/
[2/11/2013 2:44:45 PM] [SUBHEADING] Starting automatic discovery for unsecure (HTTP) external channel
[2/11/2013 2:44:45 PM] [DEBUG] Sending HTTP request to http://lyncdiscover.domain.com/?sipuri=john.doe@domain.com
[2/11/2013 2:44:45 PM] [DEBUG] Cookie found in autodiscover response: StatusCode: 407, ReasonPhrase: 'Proxy Authentication Required ( Forefront TMG requires authorization to fulfill the request. Access to the Web Proxy filter is denied. )', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
Proxy-Authenticate: Negotiate
Proxy-Authenticate: Kerberos
Proxy-Authenticate: NTLM
Via: 1.1 SRV124
Connection: Keep-Alive
Proxy-Connection: Keep-Alive
Pragma: no-cache
Cache-Control: no-cache
Content-Length: 4135
Content-Type: text/html
}
[2/11/2013 2:44:45 PM] [DEBUG] Autodiscover: SendRequest(): the URL http://lyncdiscover.domain.com/?sipuri=john.doe@domain.com couldn't be connected. Complete HTTP headers:\r\n Proxy-Authenticate: Negotiate, Kerberos, NTLM
Via: 1.1 SRV124
Connection: Keep-Alive
Proxy-Connection: Keep-Alive
Pragma: no-cache
Cache-Control: no-cache
[2/11/2013 2:44:45 PM] [CRITICAL] Couldn't connect to URL http://lyncdiscover.domain.com/?sipuri=john.doe@domain.com (HTTP status code ProxyAuthenticationRequired)
[2/11/2013 2:44:45 PM] [ERROR]
[2/11/2013 2:44:45 PM] [DEBUG] System.Exception: Couldn't connect to URL http://lyncdiscover.domain.com/?sipuri=john.doe@domain.com (HTTP status code ProxyAuthenticationRequired)
at Microsoft.LyncServer.WebServices.AutoDiscoverManager.TerminateAD(String mesg)
at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<SendRequest>d__d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<TryNextUrl>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<StartDiscoveryJourney>d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at LyncConnectivityAnalyzerCore.Utilities.<RetrieveUserLocation>d__40.MoveNext()
[2/11/2013 2:44:45 PM] [SUMMARY_ERROR] Server discovery failed for unsecured external channel against http://lyncdiscover.domain.com/ -
Wednesday, February 13, 2013 7:30 AMModerator
Hello,
Can you manually access the https://lyncdiscover.domain.com properly?
If so, it seems to be the lync server side settings are fine. You may consult the TMG support to see whether it is a compatibility issue or any configuration issue.
Thanks,
Simon Wu
TechNet Community Support
-
Wednesday, February 13, 2013 3:35 PM
Thanks.
The logs were decieving and my diagnosis was incorrect. The problem was not authentication with the TMG, but rather a misconfigured TMG web proxy rule that was blocking access to the HTTP request. Once we resolved that, the Lync Connectivity Analyzer tool now passes the test for Automatic discovery of HTTPS external channel, but fails the HTTP external test. That does not surprise me, because our reverse proxy is not configured to support that.
- Marked As Answer by Simon_WuMicrosoft Contingent Staff, Moderator Monday, February 25, 2013 6:09 AM
.png)
