none
403.18 error

    Question

  • Greetings,

    I wonder if anybody encountered the error 403.18 while setting up Lync mobility service. I've setup everything as per the guide but yet still cannot sign-in from iPad.

    The following error is popping up on the iPad: Can't sign in. Please check your account information and try again.

    At the same time I see the following trace on the IIS:

    get /sipuri=sip:user@domain.com 4443 200 0 0
    POST /webticket/webticketservice.svc/mex 4443 403 18 0

    and error in the iPad log

      <h2>403 - Forbidden: Access is denied.</h2>

      <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>

     

    Please advise I'm lost here.


    • Edited by Sergei M Friday, January 06, 2012 7:20 AM
    Friday, January 06, 2012 7:18 AM

Answers

  • Hello Sergei,

    We're seeing the same issue here and can verify we see the issues flagged in this article:

    http://social.technet.microsoft.com/Forums/en-AU/ocsmobility/thread/06eda9ed-53bc-4ec7-9d44-681725272fac

    (specifically IIS errors, and Lync logging tool.)

    When we run Get-CsAutodiscoverConfiguration we get:

    Identity : Global

    WebLinks : {}

     

    I'm sort of expecting to see something returned in WebLinks - what do you or others see?

    I'm struggling to understand how to see the iPad logs - any hints?

     

    My instincts with this were originally certificate related, although we think we've set this up correctly - I do remember seeing similar issues around lync phone authentication which were resolved by completely removing the web components server, re-booting then re-running bootstrap.msi to initialise all the web directories and their permissions, but I'm running a small setup so it feels like a radical step on a production server.

    Jeremy

    • Marked as answer by Sergei M Monday, January 09, 2012 3:13 PM
    Monday, January 09, 2012 2:55 PM

All replies

  •  

    Are you trying to use HTTP or HTTPS?

    connecting from inside the corp network or outside?

    Using a reverse proxy? Which one and how is it setup?

    thanks


    Tom Arbuthnot, Consultant Modality Systems
    Blog: Lync'd Up Blog Subscribe for updates: Email or RSS
    Twitter @tomarbuthnot
    Friday, January 06, 2012 8:35 AM
  • Hi Tom. I'm trying to use HTTPS outside (only!). I have multihome TMG acting as a reverse proxy with web publishing rule for lyncdiscover . Basically I have lyncdiscover.domain.com & lyncweb.domain.com URLs in it, certificate with both those SANs. Rule is allowing to pass direct authentication requests and weblistener itself is setup with 'no authentication'. I have bridging for both HTTP & HTTPS. Singe Lync standard server. I would like to use this setup only for IM (no conference,sharing etc.) Regards, Sergei
    Friday, January 06, 2012 9:08 AM
  • Please read the following document about how to use and troubleshoot issues with Lync Mobile on Apple iPhone and iPad mobile devices:

    http://support.microsoft.com/kb/2636320


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Monday, January 09, 2012 6:10 AM
  • Thank you for the tip, however, I've already read this KB atricle through and did not find anything useful for my case. Yet, this article mostly focuses on/applies to Lync mobile through Office365 and I have on-premises installation.
    Monday, January 09, 2012 8:10 AM
  • Hello Sergei,

    We're seeing the same issue here and can verify we see the issues flagged in this article:

    http://social.technet.microsoft.com/Forums/en-AU/ocsmobility/thread/06eda9ed-53bc-4ec7-9d44-681725272fac

    (specifically IIS errors, and Lync logging tool.)

    When we run Get-CsAutodiscoverConfiguration we get:

    Identity : Global

    WebLinks : {}

     

    I'm sort of expecting to see something returned in WebLinks - what do you or others see?

    I'm struggling to understand how to see the iPad logs - any hints?

     

    My instincts with this were originally certificate related, although we think we've set this up correctly - I do remember seeing similar issues around lync phone authentication which were resolved by completely removing the web components server, re-booting then re-running bootstrap.msi to initialise all the web directories and their permissions, but I'm running a small setup so it feels like a radical step on a production server.

    Jeremy

    • Marked as answer by Sergei M Monday, January 09, 2012 3:13 PM
    Monday, January 09, 2012 2:55 PM
  • Hi Jeremy,

    The link you provided does not precisely describe my case... but close. That's why I decided to open a new thread and not to post in the existing.

    I also get empty Weblinks:{}

     

    iPad logs should be sent via email (to yourself) where you can open them in notepad and review.

     

    You know what?! You actually gave me a great hint and it worked! ;-)

    I've completely removed web components (and updates); reinstalled components via bootstrap and reinstalled updates on top ... Agree, that doing something like this on the prod server a little risky....mine is production server as well. Though I'm running it in VM so I had a chance to quickly rollback via snapshot.

    Anyway, I thought I'd give it a try (I was all out of ideas anyway :-))) Did all this afterhours - went smooth.

    Respect!

    Sergei 

     


    • Edited by Sergei M Monday, January 09, 2012 3:17 PM
    Monday, January 09, 2012 3:13 PM
  • Sergei, you're a braver man than me! 

    (Plus although we're also on a VM, its office hours over here (UK))

    Glad it worked for you - so you're seeing mobile lync on iPad fine?

    So, to clarify, remove web components server and updates - specifically which ones? the CU4 and the Mobility components or just Mobility?

     

    Jeremy

    Monday, January 09, 2012 3:19 PM
  • Jeremy,

    Yes both iPad and iPhone work ok.

    Remove update related to Web components (it's shown as KB 22652446 in updates list) and then remove Web components (in Uninstall program list). I did not touch Mobility or other updates/components .

     

    Sergei


    • Edited by Sergei M Monday, January 09, 2012 3:29 PM
    Monday, January 09, 2012 3:29 PM
  • Sergei,

    I realize this is after a year since you've had that problem, but I'm now facing the exact same problems you experienced, the empty Weblinks (), the 403.18 error pages, etc.
    I guess the root problem is the mobilty directories of IIS are corrupted somehow.

    I wanted to try removing web components & updates (my Lync environment is in VMs too), but it's not working.
    I removed the update, (its a different KB now), but it's not letting me uninstall the web components server.

    The update won't even reinstall again after this... luckily i had a snapshot so no harm done.

    Could you please tell me how did you exactly remove the web components server in order to install it back again using bootstrapper?

    Saturday, March 16, 2013 10:55 PM