locked
Can sign with iPhone externally but not over wifi internally or from an external client. RRS feed

  • Question

  • After gettign some trial certs from DigiCert I was able to get our Edge and Proxy servers up for my Lync test install. With that done I was finally able to connect to lync on my iPhone. Unfortunately I cannot connect externally from desktop or laptop with the lync client. It gives me an error saying the server is unavailable. Also after running Microsofts remote connectivity test and manually entering in the FQDN of the access edge (sip.domain.com) i get this....

    Testing remote connectivity to Microsoft Lync server through the Lync Access Edge server sip.lauterbachgroup.com on port 5061 to verify user mjakachira@lauterbachgroup.com can connect remotely.
      Specified remote connectivity test(s) to Microsoft Lync server failed. See details below for specific failure reasons.
     
    Additional Details
      Elapsed Time: 21289 ms.
     
    Test Steps
     
    Attempting to resolve the host name sip.lauterbachgroup.com in DNS.
      The host name resolved successfully.
     
    Additional Details
     
    IP addresses returned: 207.250.40.191
    Elapsed Time: 189 ms.
    Testing TCP port 5061 on host sip.lauterbachgroup.com to ensure it's listening and open.
      The specified port is either blocked, not listening, or not producing the expected response.
       <label for="testSelectWizard_ctl12_ctl06_ctl01_tmmArrow">Tell me more about this issue and how to resolve it</label>
     
    Additional Details
     
    A network error occurred while communicating with the remote host.
    Elapsed Time: 21099 ms.

    If set to autodiscover then I get this ....

    Testing remote connectivity for user mjakachira@lauterbachgroup.com to the Microsoft Lync server.
      An unexpected error has occurred in the application. An event has been logged for the system administrator. If you continue to experience this error, please send us feedback.
     
    Additional Details
     

    Exception details:
    Message: The name isn't a valid DNS name.
    Parameter name: domainName
    Type: System.ArgumentException
    Stack trace:

    Server stack trace: 
    at Microsoft.Exchange.Tools.ExRca.Tests.RcaWorkflowInvoker.PerformTestReally()
    at Microsoft.Exchange.Tools.ExRca.Tests.Test.PerformTest()
    at Microsoft.Exchange.Tools.ExRca.Tests.Test.PerformTest()
    at Microsoft.Exchange.Tools.ExRca.Tests.Test.PerformChildren()
    at Microsoft.Exchange.Tools.ExRca.Tests.Test.PerformTest()
    at Microsoft.Exchange.Tools.ExRca.Tests.TopLevelTest.PerformTest()
    at System.Runtime.Remoting.Messaging.StackBuilderSink._PrivateProcessMessage(IntPtr md, Object[] args, Object server, Object[]& outArgs)
    at System.Runtime.Remoting.Messaging.StackBuilderSink.AsyncProcessMessage(IMessage msg, IMessageSink replySink)

    Exception rethrown at [0]: 
    at System.Runtime.Remoting.Proxies.RealProxy.EndInvokeHelper(Message reqMsg, Boolean bProxyCase)
    at System.Runtime.Remoting.Proxies.RemotingProxy.Invoke(Object NotUsed, MessageData& msgData)
    at Microsoft.Exchange.Tools.ExRca.Website.PerformTestAsyncDelegate.EndInvoke(IAsyncResult result)
    at Microsoft.Exchange.Tools.ExRca.Website.TestExecutionManager.<>c__DisplayClass8.<TestCompleted>b__6()
    at Microsoft.Exchange.Common.IL.ILUtil.DoTryFilterCatch(TryDelegate tryDelegate, FilterDelegate filterDelegate, CatchDelegate catchDelegate)
    at Microsoft.Exchange.Tools.ExRca.Website.TestExecutionManager.TestCompleted(IAsyncResult asyncResult)

    Originally thrown at:
    at Microsoft.Exchange.Net.Dns.BeginResolveToAddresses(String domainName, AddressFamily type, DnsServerList list, DnsQueryOptions options, AsyncCallback requestCallback, Object state)
    at Microsoft.Exchange.Tools.ExRca.Extensions.RcaDns.ResolveToAddresses(String name, IPAddress[]& resolvedAddresses)
    at Microsoft.Exchange.Tools.ExRca.Activities.ResolveHostTestActivity.PerformTest(ActivityExecutionContext context)
    at Microsoft.Exchange.Tools.ExRca.Activities.RcaTestActivity.Execute(ActivityExecutionContext executionContext)
    at System.Workflow.ComponentModel.ActivityExecutor`1.Execute(T activity, ActivityExecutionContext executionContext)
    at System.Workflow.ComponentModel.ActivityExecutorOperation.Run(IWorkflowCoreRuntime workflowCoreRuntime)
    at System.Workflow.Runtime.Scheduler.Run()

    This second issue I am guessing has something to with our external dns srv records, i am waiting to hear back from our registrar to see if they entered them in correctly. The closed port issue makes no sense everything seems to ttraversing the firewall ok since currently those two connections have all ports open. So I checked the firewalls of each VM and everything looked good.

    What do I look at next? Pretty new to Lync so troubleshooting has been fun but pretty frustrating and this one has me somewhat stumped.

    Any and all help is greatly appreciated. 

    Thursday, June 26, 2014 5:17 PM

Answers

  • Or the internal NAT'd interface of the reverse proxy (RP).

    There's a couple reasons, firstly the FE listens on 8080 & 4443 and the RP does the translation from 80 to 8080 and/or 443 to 4443.

    The second reason has to do with session persistence so that when you leave the office, you maintain the session through the same end point. Take a look here on the Technical Requirements for Mobility: http://technet.microsoft.com/en-us/library/hh690030.aspx (specifically this bit: "All Mobility Service traffic goes through the reverse proxy, regardless of where the origination point is—internal or external")


    If this helped you please click "Vote As Helpful" if it answered your question please click "Mark As Answer"

    Georg Thomas | Lync MVP
    Blog www.lynced.com.au | Twitter @georgathomas
    Lync Edge Port Check (Beta)

    This forum post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.


    • Edited by Georg Thomas Monday, June 30, 2014 2:39 PM
    • Marked as answer by Eason Huang Sunday, July 6, 2014 2:36 PM
    Monday, June 30, 2014 2:37 PM

All replies

  • Hi there,

    A couple things off hand. 

    • It doesn't appear that your Access Edge is accessible. (btw it doesn't respond to pings, but your Reverse Proxy does)
    • Your SRV records don't appear to have the correct host specified. They appear to return root not the address of your access edge.

    So make sure that your Access Edge external interface is accessible from the internet, is the default gateway set properly? Also make sure all the Lync services are started on it. Finally Make sure the firewall isn't blocking TCP 443, 5061 and UDP 3478 to it.

    Your iPhones connect through the Lync web services, rather than the Edge, however they do use Edge for A/V so you'll find that despite you being able to sign-in and IM/view presence through the iPhone, you won't be able to do a Lync voice/video call.


    If this helped you please click "Vote As Helpful" if it answered your question please click "Mark As Answer"

    Georg Thomas | Lync MVP
    Blog www.lynced.com.au | Twitter @georgathomas
    Lync Edge Port Check (Beta)

    This forum post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.


    Thursday, June 26, 2014 6:42 PM
  • Hi there,

    A couple things off hand. 

    • It doesn't appear that your Access Edge is accessible. (btw it doesn't respond to pings, but your Reverse Proxy does)
    • Your SRV records don't appear to have the correct host specified. They appear to return root not the address of your access edge.

    So make sure that your Access Edge external interface is accessible from the internet, is the default gateway set properly? Also make sure all the Lync services are started on it. Finally Make sure the firewall isn't blocking TCP 443, 5061 and UDP 3478 to it.

    Your iPhones connect through the Lync web services, rather than the Edge, however they do use Edge for A/V so you'll find that despite you being able to sign-in and IM/view presence through the iPhone, you won't be able to do a Lync voice/video call.


    If this helped you please click "Vote As Helpful" if it answered your question please click "Mark As Answer"

    Georg Thomas | Lync MVP
    Blog www.lynced.com.au | Twitter @georgathomas
    Lync Edge Port Check (Beta)

    This forum post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.


    Thanks for the info that may have helped me with where to look. The autodiscover setting is something I believe our registrar setup wrong instead of the sip.domain.com address he put root not sure why. Also, for some reason one of the ip's on the edge server is not working correctly it wont pass anything through firewall for that address even though the other two are working fine. 

    Thursday, June 26, 2014 7:38 PM
  • It appears you have 2 different issues here.   For your mobility login issue, what is the external web service FQDN resolving to in your internal network?  Point that to the external Public IP of your reverse proxy also internally. 
    Friday, June 27, 2014 3:55 AM
  • So internally my web service should be pointing to the public IP of the reverse proxy server? Why is that? I assumed internally on wifi clients would connect directly to the front end. 
    Monday, June 30, 2014 2:32 PM
  • Or the internal NAT'd interface of the reverse proxy (RP).

    There's a couple reasons, firstly the FE listens on 8080 & 4443 and the RP does the translation from 80 to 8080 and/or 443 to 4443.

    The second reason has to do with session persistence so that when you leave the office, you maintain the session through the same end point. Take a look here on the Technical Requirements for Mobility: http://technet.microsoft.com/en-us/library/hh690030.aspx (specifically this bit: "All Mobility Service traffic goes through the reverse proxy, regardless of where the origination point is—internal or external")


    If this helped you please click "Vote As Helpful" if it answered your question please click "Mark As Answer"

    Georg Thomas | Lync MVP
    Blog www.lynced.com.au | Twitter @georgathomas
    Lync Edge Port Check (Beta)

    This forum post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.


    • Edited by Georg Thomas Monday, June 30, 2014 2:39 PM
    • Marked as answer by Eason Huang Sunday, July 6, 2014 2:36 PM
    Monday, June 30, 2014 2:37 PM
  • They do, they will use lyncdiscoverinternal that will point to your front end(s).

    TTMing is talking about your external web services pointing to your reverse proxy public IP. Mobile clients, even when internal, will use this record and must be steered towards the external interface of your RP.

    Kind regards
    Ben


    Monday, June 30, 2014 2:46 PM
  • Lync 2013 mobile client will always use the external web services to authenticate even if you are on the internal network.

    http://stoknes.wordpress.com/2013/07/31/lync-server-2013-mobility-revisited/

    Monday, June 30, 2014 2:47 PM