none
New Edge Setup; User failed to signinFatal error: Register exception: Response Code 504

    Domanda

  • I feel like Im very close to having my Edge servers set up.  I've got two load balanced through an F5 but when I run ocs connectivity it fails on the very last step but doesnt give any additional details as to why.  So I tried running the OCS connectivty connecting directly to one of the Egde servers access service IP and it fails on the last step of trying to log the user in.  This time though it does return additional details:

    User failed to signinFatal error: Register exception: Response Code 504, Deregister Reason None, Response Text Server time-out, Diagnostic Header

    Everything I've read points this to the routes not setup where the server cannot reach the edge pool.  But that is not the case here.  All routes are set up and I can ping the lync edge front end pool.  Setting up logging and using snooper I get this:

    It successfully resolves the DNS name of the lync front end pool  but then it gets the Receive failed.  And yes I can telnet from this server to the lync front end pool over 5061.  Also the user is an enabled remote access user.

    The first error, the Receive failed error, if I highlight it here is the output:

    TL_ERROR(TF_COMPONENT) [1]06EC.0C8C::06/11/2012-18:50:44.532.000011ab (SIPStack,CRecvContext::ProcessCompletion:RecvContext.cpp(147))( 000000000336CCF0 ) Receive failed

    I've researched this to no end.  Has anyone seen this before?  I feel like I am really close to getting this external piece working.  One last hurdle hopeully...


    Rich


    • Modificato rich8722 lunedì 11 giugno 2012 19:43
    lunedì 11 giugno 2012 19:39

Risposte

  • This is resolved.  We had an issue with SNAT not working properly on our F5.  Once that was resolved, I can now access our Lync Edge servers externally.  Thanks to everyone who responded.

    Rich

    • Contrassegnato come risposta rich8722 martedì 12 giugno 2012 22:34
    martedì 12 giugno 2012 22:33

Tutte le risposte

  • I know you said that you can ping from the Edge internal interface to the FE Pool but are you certain that you added the static route correctly on the Edge server? For example:

    route -p add x.x.x.x mask y.y.y.y z.z.z.z

    lunedì 11 giugno 2012 20:16
  • My internal front end pool VIP is 10.110.40.254, my internal nic IP is 10.110.50.145.  Here is the command I used to add the route:

    route -p add 10.110.40.0 mask 255.255.255.0 10.110.50.1

    is this correct?


    Rich

    lunedì 11 giugno 2012 22:42
  • Also here is screenshots of the errors, using snooper to view:

    


    Rich

    lunedì 11 giugno 2012 23:43

  • Rich

    lunedì 11 giugno 2012 23:44
  • Yes that is correct assuming 50.1 is your gateway. So everything looks okay as far as the network routing is concerned. The only thing I can suggest is making sure you can telnet to port 5061 on the Lync internal edge from the FE pool. I know you said you did it from the Edge to the Pool but i don't see anything suggesting you did the reverse. Since you should be using a HLB on the internal edge you should test connecting to port 5061 on the VIP of the HLB as well as the individual IPs of the Edge servers.
    lunedì 11 giugno 2012 23:54
  • I can telnet from the front end servers to the internal nic of the edge server but I cannot telnet to the external IP of the edge server using port 5061.  

    Rich

    martedì 12 giugno 2012 01:17
  • Try to add the name of the frontend server and frontend pool to the host file of the Edge server.

    martedì 12 giugno 2012 10:12
  • Hi,Rich8722,

    Here are some suggestions:

    1)Are you using different sip domain for your internal and external users?Check http://technet.microsoft.com/en-us/library/gg398758.aspx for the DNS requirements .

    2)Please check the certificates you assigned for Lync Edge server are correct,they should be as follow:

    Edge internal(Private):

    SN=Internal Edge FQDN=Edgepool.domain.com

    SAN=NULL

    Edge external(Public)

    SN=Access Edge FQDN or the vip of Hardware load balancer(In your case,it should be the VIP of HLB)

    SAN=Access Edge FQDN or the vip of Hardware load balancer(In your case,it should be the VIP of HLB)

         =Webcon Edge FQDN or VIP of Hardware load balancer(In your case,it should be the VIP of HLB for web conferencing Edge)

         =Sip.domain.com(If you use autoconfig for external users)

    Details you can check http://technet.microsoft.com/en-us/library/gg398920.aspx 

    3)Please make sure you have enable remote access for your external users on Access Edge

    4)Please try to add FE server FQDN and IP address to the host file on your Edge server to see if it works

    5)Some other information for your reference.

    http://social.technet.microsoft.com/Forums/en/ocsedge/thread/63571b22-f838-4815-acfc-8c88edef0b2e

    http://infotechguyz.com/denny/?p=43

    http://blog.insidelync.com/2011/11/the-remote-uc-troubleshooting-tool-ruct/

    B/R

    Sharon


    Sharon Shen

    TechNet Community Support

    ************************************************************************************************************************

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question.

    martedì 12 giugno 2012 10:13
  • Thanks but I have had both of those in there for the beginning.

    Rich

    martedì 12 giugno 2012 11:26
  • 1.) no

    2.) private cert has edge pool name as SN, but also has edge pool servers, and fqdns for av, webconf and sip listed as SANs, wasnt sure if they needed to be in there when I created the cert but I did not think it would hurt anything if they were in there

    For the external cert I am using the same cert that is on my front end servers.  I've read  where this is possible if you have everything listed as SANs which I do.  so all my VIP fqdns for the edge pool are listed as sans as well as the fqdn of the edge pool.

    3.)   All users are enabled as remote users.

    4.) I've got my font end server VIP fqdn and IP listed in the local host file as well as all three of the front end servers and their IPs.  Static routes are set.

    5.) I've been to all these sites, while very informative I havent been able to find a solution.

    From the logs (screenshots posted above) this seems to be a TLS negotiation issue which would point to a cert issue correct?  I'm at my wits end.


    Rich

    martedì 12 giugno 2012 11:55
  • This is resolved.  We had an issue with SNAT not working properly on our F5.  Once that was resolved, I can now access our Lync Edge servers externally.  Thanks to everyone who responded.

    Rich

    • Contrassegnato come risposta rich8722 martedì 12 giugno 2012 22:34
    martedì 12 giugno 2012 22:33