none
WebTicket and access denied RRS feed

  • Question

  • Hi,

    Need to ask if anybody on here has had similar issue.

    I have a Skype pool, working just fine. But started to seen situation where some users has started to not able to sign-in. When I have read the client logs I could see that when client is requesting WebTicket from that pool, that is were it fails.

    Basically when I go with browser to https://brokenPoolWS.domain.com/WebTicket/WebTicketService.svc I get the login prompt. If I go to some another pool on our environment, there are no troubles at all.

    What makes this interesting is, if I use https://FrontEndFromBrokenPool.domain.com/WebTicket/WebTicketService.svc, then that is working smoothly.

    Yes I have the Load Balancer front of the pool, but if I bypass the LB using the local host file, I still get the problem. So it feels like problem is with the web ticket and its connection to pools web service name.


    Petri

    Tuesday, May 14, 2019 8:53 PM

All replies

  • Hi Petri,

    I suggest you could try to run the following command to check whether user could get client certificate and be authenticated: 
    $cred1 = Get-Credential "litwareinc\kenmyer"
    Test-CsClientAuthentication -TargetFqdn atl-cs-001.litwareinc.com -UserSipAddress "sip:kenmyer@litwareinc.com" -UserCredential $cred1
    Details please refer to Test-CsClientAuthentication.

    In addition, according to your description, when you type FE pool FQDN in the webticket URL, it will have issue. However, with FE Servers in the Pool, there’s no issue. Please check the DNS records in your internal DNS zone. 

    Best Regards,
    Evan Jiang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Wednesday, May 15, 2019 6:13 AM
    Moderator
  • hi Evan,

    Thank you for sharing this, but Test-CsClientAuthentication in my mind does not test the web ticket service. The results from working and broken pool where the same:

    Target Fqdn   : BrokenPool.domain.com
    Target Uri    : https://BrokenPoolWS.domain.com:443/CertProv/CertProvisioningService.svc
    Result        : Success
    Latency       : 00:00:02.2386690

    Not sure what do you mean by the DNS. The trick I do to by pass the LB is to add to the local host file on my wks a line which Front Ends IP (e.g. 10.11.12.13) and the Web Service host like:

    10.11.12.13  BrokenPoolWS.domain.com


    Petri

    Wednesday, May 15, 2019 8:18 AM
  • Hi Petri,

    According to your description, the test commend returns Success, and it seems only one/some FE Server have issue. I suggest you could try to use local host file to point to Front End Server, then check which FE Server have issue.

    If you find the FE Server which have issue, then please try to uninstall the web conference component in the FE Server and reinstall it. After this, please remember to run Step 2 in FE Server, then check whether fix this issue. 

    Best Regards,
    Evan Jiang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Friday, May 17, 2019 7:26 AM
    Moderator
  • :D

    I tried to say: "The trick I do to by pass the LB is to add to the local host file on my wks a line which Front Ends IP" and the problem looks to be on every FE on that pool.

    Need to continue the investigation more.


    Petri

    Friday, May 17, 2019 2:00 PM
  • Hi Petri,

    If there's any update, please let us know.

    In addition, if you could not find which FE Server has problems in the pool, or it looks like every FE Server has the problem. You could try to uninstall uninstall the web conference component in each FE Server and reinstall it. Then check whether fix this issue. 


    Best Regards,
    Evan Jiang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Tuesday, May 21, 2019 7:57 AM
    Moderator
  • Hi Petri,

    Is there any update for this issue? If the reply is helpful to you, please try to mark it as an answer, it will help others who have the similar issue.

    Best Regards,
    Evan Jiang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Monday, May 27, 2019 6:45 AM
    Moderator