none
server temporarily unavailable RRS feed

  • Question

  • I have successfully installed my lync2010 server.

    Installed the client.

    However, I cannot login.



    The respective user settings in the Lync CP are:



    Display Name: Mark Fulton

    SIP Address: sip:mark.fulton@domain.local

    Registrar Pool: pgclync.domain.local

    P.S:

    Point to be noted here are:



    Our DOmain: domain.com


    Email address id: mark.fulton@domain.com



    However, I could only get the lync server to be deployed with the domain.local settings.



    Now while logging on to the client,



    1. I am not sure what my sign in address must be, should it be mark.fulton@domain.com or mark.fulton@domain.local? I have tried both but does not work.

    - when i try mark.fulton@domain.com & mark.fulton@domain.local - i get the error "Lync was unable to sign-in. Please verify your logon crednetials and try again. if the problem continues, please contact the support team."



    2. Under Advanced Connection Settings I have added under "manual configuration" the "Internal" IP address of the lync server. Now when I login using mark.fulton@domain.local or mark.fulton@domain.com, i get the error " there was a problem verifying the certificate from the server."

    3. when i select "auto configuration" & try to login I get "server temporarily unavailable".



    Now, please advise on how can I correct these errors & login successfully into lync.

    Also, do I need to create a new certificate & SIP domain for domain.com? if so, please advise on how to do this.

    I have added the A Record _sipinternaltls in the DNS server.

    Also, i ran the get-cscerticate and the output below:


    Issuer           : CN=domain-PGCLYNC-CA, DC=domain, DC=local
    NotAfter         : 17-Oct-13 3:43:04 PM
    NotBefore        : 18-Oct-11 3:43:04 PM
    SerialNumber     : 61DA2CF7000000000008
    Subject          : CN=PGCLYNC.domain.local, OU=IT, O=domain, L=Dubai, S=Dub
                       ai, C=AE
    AlternativeNames : {}
    Thumbprint       : 5D9ECFFC65C4E88EE154F5D11C59C89A281555CF
    Use              : Default

    Issuer           : CN=domain-PGCLYNC-CA, DC=domain, DC=local
    NotAfter         : 17-Oct-13 3:43:04 PM
    NotBefore        : 18-Oct-11 3:43:04 PM
    SerialNumber     : 61DA2CF7000000000008
    Subject          : CN=PGCLYNC.domain.local, OU=IT, O=domain, L=Dubai, S=Dub
                       ai, C=AE
    AlternativeNames : {}
    Thumbprint       : 5D9ECFFC65C4E88EE154F5D11C59C89A281555CF
    Use              : WebServicesInternal

    Issuer           : CN=domain-PGCLYNC-CA, DC=domain, DC=local
    NotAfter         : 17-Oct-13 3:43:04 PM
    NotBefore        : 18-Oct-11 3:43:04 PM
    SerialNumber     : 61DA2CF7000000000008
    Subject          : CN=PGCLYNC.domain.local, OU=IT, O=domain, L=Dubai, S=Dub
                       ai, C=AE
    AlternativeNames : {}
    Thumbprint       : 5D9ECFFC65C4E88EE154F5D11C59C89A281555CF
    Use              : WebServicesExternal

    Thank You & Best Regards



    Philip

    Tuesday, October 25, 2011 10:21 AM

Answers

  • Hi,psunmat

    Bascially,you should sign in Lync using the sip address mark.fulton@domain.local  with the AD domain account as Chris and Thamara said,and you must use the Lync server FQDN other than the IP address when you use manual configuration.

    But what is "Domain.local"?Would you please elaborate on your AD topology and Lync environment?
    Generally when you added Lync server to your domain the server's FQDN must be consistent as your AD domain. I noticed your Lync Regitrar pool FQDN is pgclync.domain.local, so your Lync server isn't deployed in the same domain as your AD domain domain.com,right? 

    Regardless of these,here are some suggestions:

    1)Please check all your Lync service are starting successfully.

    2)Please try to use Lync sign in tool to diagnose client sign in issues.

    3)Please check your DNS requirements with the  Technet Document and DNS requirements(For Standard Edtion server)

    4)Please check your certificate requirements with the Certificate Requirements for Internal Servers,it seems you didn't use a SSL certificate with SAN(Subject Alternative Name),you also can check the certificate with the following link http://www.digicert.com/help/ for more information.

    5)Please run Lync Best Practise Analyzer to check your Configuration.

    Regards,

    Sharon

    • Proposed as answer by Sharon.ShenModerator Monday, November 7, 2011 2:01 AM
    • Marked as answer by psunmat Thursday, November 17, 2011 8:04 AM
    Thursday, October 27, 2011 6:13 AM
    Moderator

All replies

  • I have successfully installed my lync2010 server.

    Installed the client.

    However, I cannot login.



    The respective user settings in the Lync CP are:



    Display Name: Mark Fulton

    SIP Address: sip:mark.fulton@domain.local

    Registrar Pool: pgclync.domain.local

    P.S:

    Point to be noted here are:



    Our DOmain: domain.com


    Email address id: mark.fulton@domain.com



    However, I could only get the lync server to be deployed with the domain.local settings.



    Now while logging on to the client,



    1. I am not sure what my sign in address must be, should it be mark.fulton@domain.com or mark.fulton@domain.local? I have tried both but does not work.

    - when i try mark.fulton@domain.com & mark.fulton@domain.local - i get the error "Lync was unable to sign-in. Please verify your logon crednetials and try again. if the problem continues, please contact the support team."



    2. Under Advanced Connection Settings I have added under "manual configuration" the "Internal" IP address of the lync server. Now when I login using mark.fulton@domain.local or mark.fulton@domain.com, i get the error " there was a problem verifying the certificate from the server."

    3. when i select "auto configuration" & try to login I get "server temporarily unavailable".



    Now, please advise on how can I correct these errors & login successfully into lync.

    Also, do I need to create a new certificate & SIP domain for domain.com? if so, please advise on how to do this.

    I have added the A Record _sipinternaltls in the DNS server.

    Also, i ran the get-cscerticate and the output below:


    Issuer           : CN=domain-PGCLYNC-CA, DC=domain, DC=local
    NotAfter         : 17-Oct-13 3:43:04 PM
    NotBefore        : 18-Oct-11 3:43:04 PM
    SerialNumber     : 61DA2CF7000000000008
    Subject          : CN=PGCLYNC.domain.local, OU=IT, O=domain, L=Dubai, S=Dub
                       ai, C=AE
    AlternativeNames : {}
    Thumbprint       : 5D9ECFFC65C4E88EE154F5D11C59C89A281555CF
    Use              : Default

    Issuer           : CN=domain-PGCLYNC-CA, DC=domain, DC=local
    NotAfter         : 17-Oct-13 3:43:04 PM
    NotBefore        : 18-Oct-11 3:43:04 PM
    SerialNumber     : 61DA2CF7000000000008
    Subject          : CN=PGCLYNC.domain.local, OU=IT, O=domain, L=Dubai, S=Dub
                       ai, C=AE
    AlternativeNames : {}
    Thumbprint       : 5D9ECFFC65C4E88EE154F5D11C59C89A281555CF
    Use              : WebServicesInternal

    Issuer           : CN=domain-PGCLYNC-CA, DC=domain, DC=local
    NotAfter         : 17-Oct-13 3:43:04 PM
    NotBefore        : 18-Oct-11 3:43:04 PM
    SerialNumber     : 61DA2CF7000000000008
    Subject          : CN=PGCLYNC.domain.local, OU=IT, O=domain, L=Dubai, S=Dub
                       ai, C=AE
    AlternativeNames : {}
    Thumbprint       : 5D9ECFFC65C4E88EE154F5D11C59C89A281555CF
    Use              : WebServicesExternal

    Thank You & Best Regards



    Philip

    Tuesday, October 25, 2011 10:20 AM
  • Hi Philip ,

    Few checkpoints ,

    1. Port 5061 is working from client machine towards pool FQDN ?

    2. Verify your pool certificate SN and SAN and ensure that they are correct .

    3. Have mentioned additional sip domain in topology builder during the installtion , verify the settings once again .

    4. Check DNS resolution for Pool and other FQDNs are working as expected .

    5. Also check user provisioned correctly on Lync control pannel .

     

     

    Tuesday, October 25, 2011 10:38 AM
  • Dear Friend,

      To connect a Lync Client,

        1) Check lync server resolve or not (nslookup) from client side

        2) DNS A records which have done by you in the deployment (admin.abc.com, meet.abc.com, dialin.abc.com) and _sipinternaltls should point lync server  with 5061 port (Hint: check the port)

        3) Client should enable from Lync control Panel ( Hint:check which is the way you enable to login Address - UPN, Email Address etc)

        4) Middle of this should have up and running the CA (certificate Authority)

     

    Please check and let me know the Result

     

     

     

     


    Madushka Dias : MCITP(Lync Server 2010 Administrator) & MCTS - Active Directory) - http://uctechi.blogspot.com/ | Live - madushka@live.com | If got your answer don't forget to Rate as an Answer
    Tuesday, October 25, 2011 10:41 AM
  • Looking at what you have said there are a number of things wrong:

    _sipinternaltls dns record should be an SRV record pointing to the pool on port 5061. You do not want to use the manual configuration so best to get DNS correct.

    When you logon to Lync you should use your SIP URI mark.fulton@domain.local as the sign in address. The username and password you get prompted for will be addomain\username and ad password

    Note that as you have used the sip domain of domain.local you cannot use this for external use as you will need external DNS records to point to these to enable federation. It is good practice in most cases to match the sip domain to the email domain. Even if you don't require the functionality today it will save a change potentally in the future.

    Do you have the root certificate for the CA in your trusted roots?

     


    Chris Clark - | MCTS:OCS & UC Voice Specialization | MCSE | MCSA | CCNA http://www.unitycomms.com
    Tuesday, October 25, 2011 11:11 AM

  • psunmat as Madushka Dias said i believe your problem is related entirely with certificates, but you can also test your DNS configurations.
    Unless you have your certificates correctly configured you isn't able to login.
    use this article http://technet.microsoft.com/en-us/library/gg398094.aspx if you have any doubt.
    Tuesday, October 25, 2011 11:32 AM
  • Hi,

    1. You can never use the IP Address in "Internal" Server configuration. Getting the certificate error is normal if you try with the IP. Try with the FE Server FQDN.

    2. Your internal SIP domain is @domai.local so the user sign in address must be mark.fulton@domain.local. check in the control panel that you have enabled the user as this format.

    3. Your certificate seems to be Ok. and it seems issued by your Internal root CA. As far as i can see you have to double confirm the user sign in address and put the Server FQDN as internal Server in advanced option. This will work.

    Thamara. 

    Tuesday, October 25, 2011 1:52 PM
  • Hi,psunmat

    Bascially,you should sign in Lync using the sip address mark.fulton@domain.local  with the AD domain account as Chris and Thamara said,and you must use the Lync server FQDN other than the IP address when you use manual configuration.

    But what is "Domain.local"?Would you please elaborate on your AD topology and Lync environment?
    Generally when you added Lync server to your domain the server's FQDN must be consistent as your AD domain. I noticed your Lync Regitrar pool FQDN is pgclync.domain.local, so your Lync server isn't deployed in the same domain as your AD domain domain.com,right? 

    Regardless of these,here are some suggestions:

    1)Please check all your Lync service are starting successfully.

    2)Please try to use Lync sign in tool to diagnose client sign in issues.

    3)Please check your DNS requirements with the  Technet Document and DNS requirements(For Standard Edtion server)

    4)Please check your certificate requirements with the Certificate Requirements for Internal Servers,it seems you didn't use a SSL certificate with SAN(Subject Alternative Name),you also can check the certificate with the following link http://www.digicert.com/help/ for more information.

    5)Please run Lync Best Practise Analyzer to check your Configuration.

    Regards,

    Sharon

    • Proposed as answer by Sharon.ShenModerator Monday, November 7, 2011 2:01 AM
    • Marked as answer by psunmat Thursday, November 17, 2011 8:04 AM
    Thursday, October 27, 2011 6:13 AM
    Moderator