lunedì 11 giugno 2012 19:39
I feel like Im very close to having my Edge servers set up. I've got two load balanced through an F5 but when I run ocs connectivity it fails on the very last step but doesnt give any additional details as to why. So I tried running the OCS connectivty connecting directly to one of the Egde servers access service IP and it fails on the last step of trying to log the user in. This time though it does return additional details:
User failed to signinFatal error: Register exception: Response Code 504, Deregister Reason None, Response Text Server time-out, Diagnostic Header
Everything I've read points this to the routes not setup where the server cannot reach the edge pool. But that is not the case here. All routes are set up and I can ping the lync edge front end pool. Setting up logging and using snooper I get this:
It successfully resolves the DNS name of the lync front end pool but then it gets the Receive failed. And yes I can telnet from this server to the lync front end pool over 5061. Also the user is an enabled remote access user.
The first error, the Receive failed error, if I highlight it here is the output:
TL_ERROR(TF_COMPONENT) 06EC.0C8C::06/11/2012-18:50:44.532.000011ab (SIPStack,CRecvContext::ProcessCompletion:RecvContext.cpp(147))( 000000000336CCF0 ) Receive failed
I've researched this to no end. Has anyone seen this before? I feel like I am really close to getting this external piece working. One last hurdle hopeully...
- Modificato rich8722 lunedì 11 giugno 2012 19:43
Tutte le risposte
lunedì 11 giugno 2012 20:16
I know you said that you can ping from the Edge internal interface to the FE Pool but are you certain that you added the static route correctly on the Edge server? For example:
route -p add x.x.x.x mask y.y.y.y z.z.z.z
lunedì 11 giugno 2012 22:42
My internal front end pool VIP is 10.110.40.254, my internal nic IP is 10.110.50.145. Here is the command I used to add the route:
route -p add 10.110.40.0 mask 255.255.255.0 10.110.50.1
is this correct?
lunedì 11 giugno 2012 23:43
Also here is screenshots of the errors, using snooper to view:
lunedì 11 giugno 2012 23:44
lunedì 11 giugno 2012 23:54Yes that is correct assuming 50.1 is your gateway. So everything looks okay as far as the network routing is concerned. The only thing I can suggest is making sure you can telnet to port 5061 on the Lync internal edge from the FE pool. I know you said you did it from the Edge to the Pool but i don't see anything suggesting you did the reverse. Since you should be using a HLB on the internal edge you should test connecting to port 5061 on the VIP of the HLB as well as the individual IPs of the Edge servers.
martedì 12 giugno 2012 01:17I can telnet from the front end servers to the internal nic of the edge server but I cannot telnet to the external IP of the edge server using port 5061.
martedì 12 giugno 2012 10:12Moderatore
Try to add the name of the frontend server and frontend pool to the host file of the Edge server.
martedì 12 giugno 2012 10:13Moderatore
Here are some suggestions:
1)Are you using different sip domain for your internal and external users?Check http://technet.microsoft.com/en-us/library/gg398758.aspx for the DNS requirements .
2)Please check the certificates you assigned for Lync Edge server are correct,they should be as follow:
SN=Internal Edge FQDN=Edgepool.domain.com
SN=Access Edge FQDN or the vip of Hardware load balancer(In your case,it should be the VIP of HLB)
SAN=Access Edge FQDN or the vip of Hardware load balancer(In your case,it should be the VIP of HLB)
=Webcon Edge FQDN or VIP of Hardware load balancer(In your case,it should be the VIP of HLB for web conferencing Edge)
=Sip.domain.com(If you use autoconfig for external users)
Details you can check http://technet.microsoft.com/en-us/library/gg398920.aspx
3)Please make sure you have enable remote access for your external users on Access Edge
4)Please try to add FE server FQDN and IP address to the host file on your Edge server to see if it works
5)Some other information for your reference.
TechNet Community Support
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question.
martedì 12 giugno 2012 11:26Thanks but I have had both of those in there for the beginning.
martedì 12 giugno 2012 11:55
2.) private cert has edge pool name as SN, but also has edge pool servers, and fqdns for av, webconf and sip listed as SANs, wasnt sure if they needed to be in there when I created the cert but I did not think it would hurt anything if they were in there
For the external cert I am using the same cert that is on my front end servers. I've read where this is possible if you have everything listed as SANs which I do. so all my VIP fqdns for the edge pool are listed as sans as well as the fqdn of the edge pool.
3.) All users are enabled as remote users.
4.) I've got my font end server VIP fqdn and IP listed in the local host file as well as all three of the front end servers and their IPs. Static routes are set.
5.) I've been to all these sites, while very informative I havent been able to find a solution.
From the logs (screenshots posted above) this seems to be a TLS negotiation issue which would point to a cert issue correct? I'm at my wits end.
martedì 12 giugno 2012 22:33This is resolved. We had an issue with SNAT not working properly on our F5. Once that was resolved, I can now access our Lync Edge servers externally. Thanks to everyone who responded.
- Contrassegnato come risposta rich8722 martedì 12 giugno 2012 22:34