locked
Mobility login issue RRS feed

  • Question

  • We have S4B 2015. Using Citrix NetScaler as the reverse proxy with a wildcard certificate from Digicert. Mobility was working but stopped shortly after upgrading the certificate which was due to expire.

    The MS connectivity test shows "The certificate couldn't be validated because negotiation wasn't successful."

    I can get to the file by IP address, so I know that nothing changed at the firewall.   

    I also get the same error when tryin to use the SAN certificate from the Front End Server which has lyncdiscover as a SAN name.

    Looking for help on what to check next.

    Log from my phone has entries like:

    ErrorCode = "E_UcwaUnavailable (E2-3-48)"

    2018-05-06 14:03:36.833 00000001b3a35b80 INFO APPLICATION CUcmpMeetingsManager.cpp:1148 queryCapability fails.

    Sunday, May 6, 2018 2:45 PM

Answers

  • We have resolved the issue.  The new certificate was not bound in IIS on one of the front end servers even though I applied them through the Deployment wizard.

    • Marked as answer by IT2B Tuesday, May 8, 2018 6:42 PM
    Tuesday, May 8, 2018 6:41 PM

All replies

  • Hi,

    Based on your description, I understand after renewing the certificate of reverse proxy you can’t sign in mobile client, right?
    Did the issue only happen to specific user or multiple users had the user? Is that Android device or IOS device?
    What error message did you receive after you renewing the certificate of reverse proxy? If any, please provide it for us.

    Please help us confirm the questions above.

    Moreover, after renewing certificate, please try to reset IIS.

    If possible, please provide the entire logs for us to do troubleshooting.
    https://blogs.technet.microsoft.com/nexthop/2012/02/21/troubleshooting-external-lync-mobility-connectivity-issues-step-by-step/


    Best Regards,
    Alice Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    • Proposed as answer by Alice-Wang Monday, May 7, 2018 9:15 AM
    • Unproposed as answer by IT2B Tuesday, May 8, 2018 6:40 PM
    Monday, May 7, 2018 5:38 AM
  • After the certificate upgrade it was working for a short period. Then it stopped a couple days after.

    The issue  is affecting all phones (Android and iPhone).  The error is "We can't sign you in. Please check your account details, advanced optiond and try again."

    I restarted both Front End servers.  I can download the file from a browser.

    • Edited by IT2B Tuesday, May 8, 2018 6:40 PM
    Monday, May 7, 2018 3:20 PM
  • We have resolved the issue.  The new certificate was not bound in IIS on one of the front end servers even though I applied them through the Deployment wizard.

    • Marked as answer by IT2B Tuesday, May 8, 2018 6:42 PM
    Tuesday, May 8, 2018 6:41 PM
  • Thanks for your sharing, it is helpful for others who has similar issue

    Best Regards,
    Alice Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Wednesday, May 9, 2018 1:31 AM