Lync Mobility getting 403 - Forbidden: Access is denied

All replies

• 

  

  0

  Sign in to vote

  That 403 to the root is normal - it's the same as if you browsed to the external web services URL. Try this format instead: http://lyncdiscover.contoso.com/autodiscover/autodiscoverservice.svc/root/domain

  If that works you should get prompted to download a small file with the autodiscover information. If not, try following the troubleshooting steps on NextHop: http://blogs.technet.com/b/nexthop/archive/2012/02/21/troubleshooting-external-lync-mobility-connectivity-issues-step-by-step.aspx

  • Proposed as answer by Vsevolod Ganyushkin Friday, November 8, 2013 1:08 AM
  • Unproposed as answer by Vsevolod Ganyushkin Friday, November 8, 2013 1:08 AM

  Monday, October 1, 2012 3:26 PM
• 

  

  0

  Sign in to vote

  This is what we get when accessing http://lyncdiscover.domain.com/autodiscover/autodiscoverservice.svc/root/domain

  {"AccessLocation":"External","Domain":{"Links":
  [{"href":"https:\/\/lyncdirweb.domain.com\/Autodiscover\/AutodiscoverService.svc\/root","token":"External\/Autodiscover"},
  {"href":"https:\/\/lyncdirweb.domain.com\/Reach\/sip.svc","token":"External\/AuthBroker"},
  {"href":"https:\/\/lyncdirweb.ldomain.com\/Mcx\/McxService.svc","token":"External\/Mcx"}],"SipClientExternalAccess":null,"SipClientInternalAccess":null,"SipServerExternalAccess":null,"SipServerInternalAccess":null}}

  According to the document in NextHop we should be seeing our edge environment and port 5061 and we don't see that

  {"fqdn":"edge.contoso.com","port":"5061"},"SipClientInternalAccess":null,"SipServerExternalAccess":{"fqdn":"edge.contoso.com","port":"5061"},"SipServerInternalAccess":null}}

  Monday, October 1, 2012 7:10 PM
• 

  

  1

  Sign in to vote

  I followed the steps and here are the results, I'm also getting a succesful result from OCS connectivity.

  When trying to log in from Android phone, I get Can't sign in. Please Check your account information and try again. I confirmed that Reverse proxy settings are correct

  1.When going to https://lyncdiscover.domain.com and open the file, it points to our external Web URl

  2.Internal WEb Services is disabled

  3.ExposedWebUrl is set to External

  4. DNS is correct

  5.Certificates are good

  6. When accessign http://lyncdiscover.contoso.com/autodiscover/autodiscoverservice.svc/root/domain

  See previous post

  7.Get-CsWebServiceConfiguration - is set to Negotiate 

  Tuesday, October 2, 2012 2:52 PM
• 

  

  0

  Sign in to vote

  Hi,cyoung03,

  Here are some suggestions:

  1)First please check if you have set the McxSipExternalListening port for your mobility service,if not run the following cmdlet Set-CsWebServer  –Identity <internal FE Pool FQDN> -McxSipPrimaryListeningPort 5086 -McxSipExternalListeningPort 5087 then re-publish the topology

  2)Verify your DNS & Certificate entries,you should make sure the  external web service FQDNs of FE server and Directors are in the external DNS records and Certificates,also make sure both of them are included in the publishing rule.

  Look through this old thread for some clews.

  http://social.technet.microsoft.com/Forums/en-US/ocsplanningdeployment/thread/36b5ca77-13dd-41f4-9549-205ec655bcf9/

  3)Check your mobility configuration with comparing sme MVPs mobility deployment guide(Especially the web services and TMG configuration)

  http://blog.schertz.name/2011/12/deploying-the-lync-2010-mobility-service/

  http://imaucblog.com/archive/2011/12/09/step-by-step-microsoft-lync-2010-lync-mobility-mcx-installation-guide/

  Regards,

  Sharon

  ---

  Sharon Shen

  TechNet Community Support

  

  ************************************************************************************************************************

  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question.

  • Proposed as answer by Sharon.Shen Wednesday, October 10, 2012 7:45 AM
  • Marked as answer by Sharon.Shen Friday, November 2, 2012 2:36 AM

  Wednesday, October 3, 2012 12:01 PM
• 

  

  0

  Sign in to vote

  Hi,cyoung03,

  Any progress on your issue?

  If you have fixed it please kindly let us know.Thanks!

  Regards,

  Sharon

  ---

  Sharon Shen

  TechNet Community Support

  

  ************************************************************************************************************************

  Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question.

  Wednesday, October 10, 2012 7:45 AM
• 

  

  0

  Sign in to vote

  I have been having the same problem 403 forbidden, what I found is that everything was setup correctly but when connecting to lyncdiscover.companyname.com it was not redirecting to lyncdiscover.companyname.com/autodiscover/autodiscoverservice.svc/root as it should.  The URL rewrite rule was configured and syntax correct as well.

  The fix was ridicously simple and noted in my blog below.

  http://www.teamas.co.uk/2012/10/lync-2010-mobility-autodiscover.html

  Tuesday, October 23, 2012 9:14 PM
• 

  

  0

  Sign in to vote

  hi

  in my case dns issue cause this problem 

  and when i change the the external nic first dns to my internal dns server it solved

  Sunday, October 21, 2018 5:05 PM