locked
EWS Status ok but empty internal & external URL RRS feed

  • Question

  • Hello ,

    i finished installation for s server Skype for business server with Edge server and working with exchange 2016 

    everything working good "calls, messages, share, video and sending files" but i can't see in chat history i make a lot of tests every thing is good.

    on mobile everything is working good and chat history sync with exchange mailbox and i can see all history

    but on desktop top EWS is ok but empty internal and external URL and can't sync any messages

    this image for my Skype configuration information

    img2.brain3.photobox.com/27556645bae4dfc8c21b1d9c3de58662a3710d215660abb5fdb51040222401485f56a348.jpg

    also when i trace the connection using Fiddler i see HTTP/1.1 401 Unauthorized in autodiscover XML

    img2.brain3.photobox.com/302250018ce9ec98685d2c067ed90dace308ce3c04a58a272c7bee51d669d80d70cdcbad.jpg

    please any one can help me for this problem

    Thanks 

    Sunday, March 26, 2017 7:19 AM

All replies

  • Do you have dns record autodiscover.yourdomain.com in your internal dns zone? May be your lync client tries to connect to external autodiscover exchange record?

    Lync client uses one of the next dns records to autodiscover exchange services, so check your internal dns:

    • https://<SMTP-Domain>/autodiscover/autodiscover.xml
    • https://autodiscover.<SMTP-Domain>/autodiscover/autodiscover.xml
    • http://autodiscover.<SMTP-Domain>/autodiscover/autodiscover.xml
    • _autodiscover._tcp.<SMTP-Domain> (SRV record)

    If you want to use 'autodiscover.<SMTP-Domain>' (and you internal exchange autodiscover is different), it must be present in alternative names in certificate, so it may be prerferred to use srv dns record in this situation.

    Also check that you have all lync\exchange records in IE proxy exception list

    If you have different email and sip domains, you have to run Set-CsClientPolicy -DisableEmailComparisonCheck $true



    Sunday, March 26, 2017 7:23 PM
  • Hello .as 

    thanks for your reply 

    i have autodiscover.domain.com dns record in my internal network and it's same as external dns the both records internal and external point to exchange public ip 

    Note:

    the exchange server and skype server not in my network location it's hosted in other location 

    also i have wildcard SSL "*.domain.com"

    and email and sip domain is same 

    Monday, March 27, 2017 6:48 AM
  • As your internal autodiscover points to external ip address, and if you use proxy, you must exclude from IE proxy exception list exchange autodiscover address (and if you don't have direct access to external autodiscover from internal).

    >>also i have wildcard SSL "*.domain.com"

    where? on exchange or on skype services? SFB supports wildcard entry only in SAN, not in subject.

    check you exchange\lync installation and authentication methods for EWS\autodiscover with http://www.uclabs.blog/2013/01/lync-and-exchange-web-services-ews-and.html



    Monday, March 27, 2017 7:25 AM
  • Hello .as

    yes my internal autodiscover points  to external ip address and i'n not use proxy i have a direct access 

    the wildcard ssl is working on exchange and SFB and EWS/autodisccover working correcllty from SFB on mobile but on desktop no 

    the ssl SANs have *.domain.com and domain.com only are  this a problem ?

    but if i have a problem is SSL why working on mobile 

    Monday, March 27, 2017 12:27 PM
  • Your SfB server must have a certificate with common name = FQDN of the pool.

    Wildcard certificates are not supported for the common name with Lync for any role.  Wildcards are only supported as a SAN entry for the Simple URLs. Maybe it will work, but what problems can appear from this, i dont know.

    Here you can find information about certificate requirements: https://technet.microsoft.com/en-us/library/dn933910.aspx#Certs

    https://technet.microsoft.com/en-us/library/hh202161.aspx

    Monday, March 27, 2017 1:42 PM
  • Hello

    now i have SAN SSL where i must install it in Skype ?

    iis or Skype deployment wizard ?

    also i must install it in exchange too or no ?

    Thanks for your continuous support

    Tuesday, March 28, 2017 3:04 PM
  • You must install certificate with Skype deployment wizard and after this restart lync services: Stop-CsWindowsService and Start-CsWindowsService. No actions required with iis or exchange.
    Also before install the new cert check in deployment wizard or run Get-CsCertificate - do you use one certificate for all services (default, internal web services and external web services)?
    And in first place: how does outlook connect to exchange? Via external ip address too? Show result of 'Get-ClientAccessService | fl AutoDiscoverServiceInternalUri' and 'Get-WebServicesVirtualDirectory | fl *internal*, *external*' in exchange shell. May be you need to add dns record for exchange autodiscover in internal dns zone?
    • Edited by Artem S. Smirnov Tuesday, March 28, 2017 6:52 PM
    • Proposed as answer by jim-xu Thursday, March 30, 2017 2:24 AM
    Tuesday, March 28, 2017 6:52 PM