locked
error in testing connectivity RRS feed

  • Question

  • Hello

    I have set up evrything I get the below error in my testing

    Testing TCP port 443 on host sip.domain.com to ensure it's listening and open.
      The specified port is either blocked, not listening, or not producing the expected response.
       <label for="testSelectWizard_ctl12_ctl06_ctl01_tmmArrow">Tell me more about this issue and how to resolve it</label>
     
    Additional Details
     
    A network error occurred while communicating with the remote host.
    Elapsed Time: 21133 ms. 

    Can someone please help me sort out the issue..I am really stuck with this installation since months and now when I am done setting up it shows error and also I cannot connect to sfb using my laptop remotely

    FYI- I am using TMG as RP from a guide

    • Edited by Lexi Mace Thursday, December 1, 2016 1:24 PM
    Thursday, December 1, 2016 12:59 PM

All replies

  • Hi Lexi,

    Are you using TMG as a firewall and / or reverse proxy ?

    If using TMG as a firewall do you the ports open for the edge server and routing through your firewall to your Edge Server  ? Have you done any logging on the firewall to see if the traffic is getting blocked ?

    A good guide from Lync 2013 on firewall rules https://technet.microsoft.com/en-us/library/gg425891(v=ocs.15).aspx. 

    Heres Randy SfB diagram as well http://lynciverse.blogspot.com/2015/05/skype-for-business-server-2015-firewall.html

    thanks,

    Martin


    Please remember, if you see a post that helped you please click &quot;Vote As Helpful&quot; and if it answered your question please click &quot;Mark As Answer&quot;. Thank you. This forum post is based upon my personal experience and does not reflect the opinion or view of my employer.

    Thursday, December 1, 2016 1:43 PM
  • https://technet.microsoft.com/en-us/library/gg425891(v=ocs.15).aspx....this page doesnot open

    and I set up exactly like it explains in this guide below

    https://gallery.technet.microsoft.com/Installing-Skype-for-78703118?redir=0

    please help me out

    Thursday, December 1, 2016 1:48 PM
  • Hi Lexi,

    This guide uses TMG for reverse proxy, TMG is used for published web service of Skype for Business. Do you have an architecture diagram that shows your deployment ? Please use dummy public ip address and domain names etc, id like to try and understand what you have so far to try and help more.

    Thanks,

    Martin


    Please remember, if you see a post that helped you please click &quot;Vote As Helpful&quot; and if it answered your question please click &quot;Mark As Answer&quot;. Thank you. This forum post is based upon my personal experience and does not reflect the opinion or view of my employer.

    Thursday, December 1, 2016 1:57 PM
  • Hi Lexi,

    Correct me if I'm wrong but I believe you're trying to connect to the SfB Access Edge, right?

    Just as Martin suggested, you may want to provide us a high level illustration or basically you can email me your Topology Builder and I'll look into it with you.

    Meanwhile, here's a reference guide take you can use Port Summary - Single Consolidated Edge with Private IP Address using NAT in Lync Server 2013

    Few key important things that you need to make sure at this point of time:

    1. Firewall Ports open to the correct NAT IP Address of your Access Edge
    2. Certificate Subject Name and Subject Alternative Name matches the FQDN that you've configured on your Topology Builder

    Hope this helps!


    James Ooi MCITP Lync Server 2010 | Blog: http://jamesosw.wordpress.com | Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread

    Thursday, December 1, 2016 3:29 PM
  • Thanks a lot James plz give me ur email address..
    Friday, December 2, 2016 8:48 AM
  • Can someone plzz look ta the baove set up and tell me whats wrong????????

    In TMg id idnot do much except above 1 listener created thats all

    • Edited by Lexi Mace Friday, December 2, 2016 8:50 AM
    Friday, December 2, 2016 8:49 AM
  • Hi Lexi,

    Welcome to our forum.

    From this error, we suggest you check firewall policy for port 443 on TMG and make sure this policy has been applied. Please refer to the following link:
    http://www.wadeware.net/it-infrastructure/how-to-publish-lync-server-2010-urls-with-forefront-tmg-2010/
    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.

    If there are any questions or issues, please be free to let me know.   

    Best Regards,
    Jim Xu
    TechNet Community Support


    Please remember to mark the replies as answers if they helped.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.
    • Edited by jim-xu Wednesday, December 7, 2016 5:42 AM
    Wednesday, December 7, 2016 5:41 AM
  • I did check it and sort it out but now below error comes up

    Testing the SSL certificate to make sure it's valid.
      The SSL certificate failed one or more certificate validation checks.
     
    Additional Details
      Elapsed Time: 412 ms.
     
    Test Steps
     
    The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server sip.abc.com on port 443.
      The Microsoft Connectivity Analyzer wasn't able to obtain the remote SSL certificate.
     
    Additional Details
     
    The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
    Elapsed Time: 384 ms. 

    Wednesday, December 7, 2016 9:12 AM
  • Hi Lexi,

    My apologies for the delay.

    james_shyhwei [at] hotmail dot com

    Thanks.


    James Ooi MCITP Lync Server 2010 | Blog: http://jamesosw.wordpress.com | Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread

    Wednesday, December 7, 2016 9:15 AM
  • Hi Lexi,

    Perhaps its worth checking the certificate on your edge server. Digicert have a great utility that will allow you check your certificate and test cert keys.

    https://www.digicert.com/util/

    Could you run this and see if you get any errors on your public certificate please ?

    Thanks,

    Martin


    Please remember, if you see a post that helped you please click &quot;Vote As Helpful&quot; and if it answered your question please click &quot;Mark As Answer&quot;. Thank you. This forum post is based upon my personal experience and does not reflect the opinion or view of my employer.

    Wednesday, December 7, 2016 9:36 AM
  • For me it looks like a firewall issue. Are you sure, that all ports are open? The error message says that the analyzer cannot check the SSL certificate. 

    Here the rule set for the external NIC:

    Role/Protocol/TCP   or UDP/Port Source IP   address Destination IP   address
    XMPP/TCP/5269 Any   (internet) XMPP   Proxy service (shares IP address with Access Edge service)
    Access/HTTP/TCP/80 Edge   Server Access Edge service public IP address Any   (internet)
    Access/DNS/TCP/53 Edge   Server Access Edge service public IP address Any   (internet)
    Access/DNS/UDP/53 Edge   Server Access Edge service public IP address Any   (internet)
    Access/SIP(TLS)/TCP/443 Any   (internet) Edge   Server Access Edge service public IP address
    Access/SIP(MTLS)/TCP/5061 Any   (internet) Edge   Server Access Edge service public IP address
    Access/SIP(MTLS)/TCP/5061 Edge   Server Access Edge service public IP address Any   (internet)
    Web Conferencing/PSOM(TLS)TCP/443 Any   (internet) Edge   Server Web Conferencing Edge service public IP address
    A/V/RTP/TCP/50,000-59,999 Edge   Server A/V Edge service public IP address Any   (internet)
    A/V/STUN,MSTURN/UDP/3478 Edge   Server A/V Edge service public IP address Any   (internet)
    A/V/STUN,MSTURN/UDP/3478 Any   (internet) Edge   Server A/V Edge service public IP address
    A/V/STUN,MSTURN/TCP/443 Any   (internet) Edge   Server A/V Edge service public IP address
    A/V/STUN,MSTURN/TCP/443 Edge   Server A/V Edge service Any   (internet)

    And here the rule set for the internal NIC:

    Protocol/TCP   or UDP/Port Source IP   address Destination IP   address
    XMPP/MTLS/TCP/23456 Internal Net Edge   Server internal interface
    SIP/MTLS/TCP/5061 Internal Net Edge   Server internal interface
    SIP/MTLS/TCP/5061 Edge   Server internal interface Internal Net
    PSOM/MTLS/TCP/8057 Internal Net Edge   Server internal interface
    SIP/MTLS/TCP/5062 Internal Net Edge   Server internal interface
    STUN/MSTURN/UDP/3478 Internal Net Edge   Server internal interface
    STUN/MSTURN/TCP/443 Internal Net Edge   Server internal interface
    HTTPS/TCP/4443 Internal Net Edge   Server internal interface
    MTLS/TCP/50001 Internal Net Edge   Server internal interface
    MTLS/TCP/50002 Internal Net Edge   Server internal interface
    MTLS/TCP/50003 Internal Net Edge   Server internal interface


    Wednesday, December 7, 2016 10:47 AM
  • Ooops are all these to be set up on network adapteDo I have to ask my network provider something?as he is the one who has given me these public ips and gateway

    Wednesday, December 7, 2016 11:28 AM
  • Wednesday, December 7, 2016 11:51 AM
  • Think might be more than just the IP addressing - NAT, Static Route and also the configuration.

    @Lexi, have you send me the Topology Builder?

    Thanks!


    James Ooi MCITP Lync Server 2010 | Blog: http://jamesosw.wordpress.com | Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread

    Wednesday, December 7, 2016 4:13 PM
  • Hi Lexi,

    For this certificate error, I have replied you in another thread, please refer to the following link:

    https://social.technet.microsoft.com/Forums/lync/en-US/b9f02768-6ae0-47ff-b893-e6a2b1fc9703/help-with-this-ssl-error-please?forum=sfbfr

    If there are any questions or issues, please be free to let me know.   


    Best Regards,
    Jim Xu
    TechNet Community Support


    Please remember to mark the replies as answers if they helped.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by jim-xu Friday, December 30, 2016 9:45 AM
    Thursday, December 8, 2016 4:46 AM