none
Lync on Amazon AWS - Can't put Edge server to work

    Domanda

  • Hello,

    I am deploying a test Lync Server on Amazon ec2 and I can't put Edge server to work. All looks fine but I can't connect. Environment:

    1 Edge with 2 NICs. 1 on private subnet and 1 "DMZ" (public by Amazon) with NAT. If the problem continues, please contact your support team.

    Client error:

    Cannot sign in because the server is temporarily unavailable. 

    Client Log errors:

    06/07/2012|18:01:47.603 1F34:1920 ERROR :: CSIPClientConnection::OnConnect (80072745) this: 05290E98
    06/07/2012|18:01:47.603 1F34:1920 ERROR :: Releasing connection and notifying transactions
    06/07/2012|18:01:47.603 1F34:1920 ERROR :: SIP_MSG_PROCESSOR::NotifyRequestConnectionConnectComplete - Error: 80072745
    06/07/2012|18:01:47.603 1F34:1920 ERROR :: OUTGOING_TRANSACTION::OnRequestConnectionConnectComplete - connection failed error 80072745
    06/07/2012|18:01:47.603 1F34:1920 ERROR :: HRESULT API failed: 80ee0061 = hr. DisableServManager
    06/07/2012|18:02:02.642 1F34:978 ERROR :: SECURE_SOCKET: negotiation failed

    Test OCS connectivity:

    Testing the Remote Connectivity of user dario@affiliphone.com to the Microsoft Lync Server.
    Specified Remote Connectivity test(s) to Microsoft Lync Server failed. Please examine below details of specific reason for failure.

    Note: I read about voip-connections.com deployment so this should work.

    Thanks,


    Dario Woitasen | MCITP: Enterprise Messaging Administrator 2007/2010 | MCTS: Microsoft Lync Server 2010, Configuring


    giovedì 7 giugno 2012 21:18

Risposte

  • Sorry, I fixed it, this was stupid thing as I thought. External Access for the organization was disabled, I think that I check that more than once but no :-)

    Dario Woitasen | MCITP: Enterprise Messaging Administrator 2007/2010 | MCTS: Microsoft Lync Server 2010, Configuring

    martedì 12 giugno 2012 19:30

Tutte le risposte

  • Have you assigned a certificate to the external and internal interfaces of the Edge server? If Yes, is the external certificate a public cert?
    giovedì 7 giugno 2012 23:24
  • Yes thanks, I have assigned the cert to the ext and int interfaces. It's not a public cert because it's a lab environment. I have the internal CA cert on my Trusted CA repository, so I think that it's not a cert issue. Really I forgot to export and import the CA cert but I had a "cert error" issue so I fix it immediatly.

    I need a expert help or review, or someone who do a Lync test on ec2, because I have knowledge about Lync server and I tried a lot of things (check DNS certs, certs, no event logs warnings or error, telnet to ports, etc).

    Anyway if you want to suggest some basic things it will be accepted because maybe I forgot something to try.

    Thank you very much,


    Dario Woitasen | MCITP: Enterprise Messaging Administrator 2007/2010 | MCTS: Microsoft Lync Server 2010, Configuring

    venerdì 8 giugno 2012 02:08
  • Here’re some tips for you.

    • Because these DNS entries are public, they need to resolve externally for all users. To test this functionality, run a simple NSLookup from any machine on a public network.
    • Run a series of simple Telnet tests to verify that the firewall ports are open and accepting connections.
    • From outside your network ping each of the external FQDN’s of your Edge or Edge pool. Even if the ping fails you will see the IP addresses, which you can compare to the ones you have assigned.

    In addition, provide this article for reference. Hope helps.


    Noya Lau

    TechNet Community Support

    lunedì 11 giugno 2012 08:54
    Moderatore
  • Thanks a lot Noya. I checked all the things in the article before and I checked it again very careful and all things are fine:

    - DNS records

    - Certificate

    - Ports

    I don't know what else to check. More information about my configuration:

    - Single FQDN and IP with ports 443, 444 and 5000 with NAT

    - Not public certificates, I added the internal CA certificate to the Trusted Certification Authorities repository on my test machine

    - Two NICs on the Edge on different routable subnets (all subnets are routable on Amazon AWS I think) but with ACL restriction between Edge private subnet and public subnet

    Thanks a lot again!


    Dario Woitasen | MCITP: Enterprise Messaging Administrator 2007/2010 | MCTS: Microsoft Lync Server 2010, Configuring

    martedì 12 giugno 2012 17:28
  • Sorry, I fixed it, this was stupid thing as I thought. External Access for the organization was disabled, I think that I check that more than once but no :-)

    Dario Woitasen | MCITP: Enterprise Messaging Administrator 2007/2010 | MCTS: Microsoft Lync Server 2010, Configuring

    martedì 12 giugno 2012 19:30