locked
Issues with Skype for Business iOS app connecting to on Premise Server RRS feed

  • Question

  • Dear Technet Forum Experts,

    I researched this issue all over the search engines, and I couldn't find a solution. I have a couple of questions about getting the SFB phone app to work (IOS & Android). 

    Background Info: 

    I have one SFB Front End Server Standard Edition 

    I have one SFB Edge Server 

    I have one Reverse Proxy that I used to publish SFB links. It uses WAP introduced with Win SVR 2012 R2. 

    Issue: 

    SFB Links are published and I can access the simple URL's from an outside network. However, I can't use the SFB iOS  or Android app. I thought publishing links through a Reverse Proxy will enable me to use the app and continue the conversation on the go. Is it not True? When I try to sign to SFB IOS app, sometimes it gets stuck at the screen that say "Skype for Business is signing in" Sometime it sign me into Skype for Business online, instead of on premise server. Any ideas? 

    Additional Info: Lyncdiscover CName record is pointing to connect.domain.com which is an A record pointing to the external IP address of Reverse Proxy server on Public DNS

    Thanks in advance for any help. 

    -M


    Friday, June 3, 2016 8:26 PM

Answers

  • Guess nobody has an answer to this problem. It will be awesome if a Microsoft MVP could chime in... 

    M

    Nevermind, I figured it out. On the iPhone app, I had to add domain\username before signing in. I think it is redundant to type both email and username to login to the app. 

    M

    • Marked as answer by Matt Rudolf Tuesday, June 14, 2016 6:24 PM
    Tuesday, June 14, 2016 6:24 PM

All replies

  • Looks like, you have a misconfiguration.

    If you open https://lyncdiscover.yourdomain.com, you should receive an Configuration file on your browser with the full address of the configurastion.

    Your mobile use this Configuration file to get the full Configuration info and will Login through the Edge Server.

    All othe clients can Login from External?

    You can use this Website to check your configuration

    https://testconnectivity.microsoft.com/

    Here are also some good hionts

    https://msunified.net/2011/12/23/lync-server-mobility-troubleshooting-tips/


    regards Holger Technical Specialist UC

    • Proposed as answer by Eason Huang Monday, June 6, 2016 2:42 AM
    Sunday, June 5, 2016 1:55 PM
  • Hi,

    You can use the Microsoft Lync Connectivity Analyzer to check which step SFB mobile client fail:

    https://www.microsoft.com/en-ph/download/details.aspx?id=36536

    Also, you can check the certificate, rule for the WAP Reverse Proxy with the help of the link below:

    https://blogs.technet.microsoft.com/dodeitte/2013/10/29/how-to-publish-lync-server-2013-web-services-with-windows-server-2012-r2-web-application-proxy/

    Best Regards


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Eason Huang
    TechNet Community Support

    Monday, June 6, 2016 2:45 AM
  • Looks like, you have a misconfiguration.

    If you open https://lyncdiscover.yourdomain.com, you should receive an Configuration file on your browser with the full address of the configurastion.

    Your mobile use this Configuration file to get the full Configuration info and will Login through the Edge Server.

    All othe clients can Login from External?

    You can use this Website to check your configuration

    https://testconnectivity.microsoft.com/

    Here are also some good hionts

    https://msunified.net/2011/12/23/lync-server-mobility-troubleshooting-tips/


    regards Holger Technical Specialist UC

    Hi Holger, 

    I can access lyncdiscover.domain.com from outside and it brings me to an XML page. In the XML page I see that it is pointing to csweb.domain.com. In my public DNS I have a CNAME record for lyncdiscover.domain.com and it is pointing to csweb.domain.com which by itself is an A record pointing to the IP address of WAP server. I also have an A record for lyncdiscoveinternal.domain.com on my internal DNS which is directly pointing to the IP address of the front end server. Perhaps I am missing something on the DNS side? 


    M

    Tuesday, June 7, 2016 5:46 PM
  • Hi,

    You can use the Microsoft Lync Connectivity Analyzer to check which step SFB mobile client fail:

    https://www.microsoft.com/en-ph/download/details.aspx?id=36536

    Also, you can check the certificate, rule for the WAP Reverse Proxy with the help of the link below:

    https://blogs.technet.microsoft.com/dodeitte/2013/10/29/how-to-publish-lync-server-2013-web-services-with-windows-server-2012-r2-web-application-proxy/

    Best Regards


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Eason Huang
    TechNet Community Support

    Hi Eason, 

    I installed Lync Connectivity Analyzer and ran it. A picture of the results are attached. I am not sure why it can't reach lyncdiscover.domain.com even though I can ping it, and access it via the web. 


    M

    Tuesday, June 7, 2016 7:13 PM
  • Hi,

    From your description above, it could be the issue for the public certificate of the Reverse Proxy.

    Please double check if the Reverse Proxy public certificate including the DNS A record lyncdiscover and SFB external web service A record.

    Best Regards


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Eason Huang
    TechNet Community Support

    Wednesday, June 8, 2016 2:25 AM
  • Hi, from your attached picture, it does not point to any csweb.domain.com but connect.domain.com ?

    Is csweb.domain.com external url defined on your officeweb app server or is it external url for your Lync webservices?

    Lyncdiscoverinternal should point to your reverse proxy, in this case your WAP server.

    Please confirm your DNS and certificate is correct by looking at workload poster: https://www.microsoft.com/en-us/download/details.aspx?id=46448


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

    Wednesday, June 8, 2016 4:49 AM
  • Hi, from your attached picture, it does not point to any csweb.domain.com but connect.domain.com ?

    Is csweb.domain.com external url defined on your officeweb app server or is it external url for your Lync webservices?

    Lyncdiscoverinternal should point to your reverse proxy, in this case your WAP server.

    Please confirm your DNS and certificate is correct by looking at workload poster: https://www.microsoft.com/en-us/download/details.aspx?id=46448


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

    Hi, 

    My mistake... It should be connect.domain.com and it is the URL for Lync/SFB Web Services. I looked at the workload poster and made certain corrections to external and internal DNS. 

    When you said to point lyncdiscoverinternal to the WAP server, is that on internal DNS or external. In internal DNS it is currently pointed to the IP address of Front End Server. Also out of curiosity I pointed lyncdiscoverinternal to the public IP of Reverse proxy, it still didn't help. As a side note I tried to access https://connect.domain.com via the web and I get 403-Forbidden Access is Denied error... I get that both on internal and external network. Is that normal? or there a is a problem? 


    M

    Wednesday, June 8, 2016 2:49 PM
  • Hi Eason, 

    I looked at the certificate on the WAP server and everything looked fine. I have attached a pic of the details of the certificate that is on the WAP server. This is a multidomain cert. 


    M

    Wednesday, June 8, 2016 3:13 PM
  • Hi,

    Did you deploy a ADFS Server for WAP as the Reverse Proxy?

    To use the Web Application Proxy you will need two servers – an ADFS server on the internal network and the WAP server in the DMZ.

    You can refer to the link below to check the Revese Proxy and the ADFS settings:

    http://exchangepro.dk/2013/11/15/use-web-application-proxy-to-publish-lync-server-2013/

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.

    Best Regards



    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Eason Huang
    TechNet Community Support

    Wednesday, June 8, 2016 3:34 PM
  • Hi,

    Did you deploy a ADFS Server for WAP as the Reverse Proxy?

    To use the Web Application Proxy you will need two servers – an ADFS server on the internal network and the WAP server in the DMZ.

    You can refer to the link below to check the Revese Proxy and the ADFS settings:

    http://exchangepro.dk/2013/11/15/use-web-application-proxy-to-publish-lync-server-2013/

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.

    Best Regards



    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Eason Huang
    TechNet Community Support

    Hi Eason, 

    Yes ADFS is deployed as part of the reverse proxy, and they both communicate. I can see in the info in the event logs. 


    M

    Wednesday, June 8, 2016 3:53 PM
  • Hi,

    lyncdiscoverinternal.domain.com should point to reverse proxy on internal dns.No record for this on external dns.

    on both public and internal dns, lyncdiscover.domain.com should point to external IP of your reverse proxy.

    can you do nslookup connect.domain.com on internal and external network to see which ip it hits?

    lync webservices (in your case connect.domain.com) should  point to internal and external ip of your reverse proxy


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

    Wednesday, June 8, 2016 4:42 PM
  • Hi,

    lyncdiscoverinternal.domain.com should point to reverse proxy on internal dns.No record for this on external dns.

    on both public and internal dns, lyncdiscover.domain.com should point to external IP of your reverse proxy.

    can you do nslookup connect.domain.com on internal and external network to see which ip it hits?

    lync webservices (in your case connect.domain.com) should  point to internal and external ip of your reverse proxy


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

    lyncdiscoverinternal.domain.com should point to reverse proxy on internal dns. No record for this on external dns. -Check 

    on both public and internal dns, lyncdiscover.domain.com should point to external IP of your reverse proxy. -Check

    I nslookedup connect.domain.com on internal network and it hits the inernal IP of the reverse proxy. 

    I nslookedup connect.domain,.com on external network and it hits the external IP of the reverse proxy

    I looked at the event viewer on the WAP server and saw event ID 13006. It was a warning and the error details are below. I highlighted the token issue which has me confused.... Also I have attached a copy of the results from Lync Analyzer, again I got the same "no security token found error" and I have highlighted it. 



    M

    Wednesday, June 8, 2016 9:04 PM
  • Guess nobody has an answer to this problem. It will be awesome if a Microsoft MVP could chime in... 

    M

    Tuesday, June 14, 2016 4:05 PM
  • Guess nobody has an answer to this problem. It will be awesome if a Microsoft MVP could chime in... 

    M

    Nevermind, I figured it out. On the iPhone app, I had to add domain\username before signing in. I think it is redundant to type both email and username to login to the app. 

    M

    • Marked as answer by Matt Rudolf Tuesday, June 14, 2016 6:24 PM
    Tuesday, June 14, 2016 6:24 PM