locked
On Prem Skype For Business Server 2015 Mobility Connectivity Issue RRS feed

  • Question

  • Good Day,

    My setup is as follows:

    • Single Standard FE SFB 2015 Server
    • Single Standard Edge SFB 2015 Server
    • Single ADFS Server (Server 2016)
    • Single WAP Server (Server 2016)

    I have setup Skype federation with external partners and all federated functionality is working fine (IM, Video Calls, Teleconferencing, etc.).  So now I was moving on to trying to get the mobility piece working as I have configured the WAP server with published urls for lyncdiscover, meet, dialin, fs, and websvcs (not using office web apps server at the moment).

    Basically my issue appears to be that when I try to login via the mobile app I can't and get the "can't sign in check sign in info blah blah blah....".   I check the IIS logs on the FE server for the External Website and all I see if the IP from the WAP server nothing from the ADFS server trying to connect.  Then I look at the logs on the mobile app on my phone and it's making mention of not being able to connect to lyncdiscover eventhough I have confirmed the ports are open and listening. 

    When I try to browse to lyncdiscover via a browser I get the 500 error.  When I browse to dialin.domain.com I get prompted with a sign on box and am able to successfully login as it shows me the contents in that directory.  When I browse to meet.domain.com I get presented with the SFB meetings page asp expected.  When I browse to the web-svcs.domain.com url I get the login prompt and same results as when I hit the dialin url, I get prompted for credentials and then can login. 

    From everything that I have been reading, the SFB mobile app only uses lyncdisvoer for the discovery process and of course thats the only url I can't reach.  

    QUESTIONS:

    1)Does anyone know of any documents that clearly outline "Configuring ADFS 4.0 for SFB 2015 Mobility (or external) access?  I have not been able to find any document/post/blog that specificaly references configuring the ADFS 4.0 server for SFB 2015 mobile connectivity.  The only posts I find seem to all involve O365, old Lync Server versions and none of my customers services are on either of those platforms.

    2) Is the flow of traffic when WAP and ADFS is in play the following: WAP receives traffic, automatically pass-through (that's the option selected) to the ADFS server, the ADFS server then passes authentication calls over to SFB FE server and then user is authenticated?

    3) Where is the best place to look for logs when troubleshooting?  (i.e. WAP server, ADFS server, or SFB FE server).

    4) Should IIS logs be showing connection attempts from ADFS server or from the WAP server?  I keep seeing the WAP server IP in the logs but not the ADFS server IP.

    5) When adding Relying Party Trust I have added one for the Federated Service, is that correct? 

    • Am I also supposed to add one for the Skype FE server?  If so, each time I try and add the url for the SFB metadata (https://ServerName.domain.com/metadata/json/1) I keep getting the error message that I attached here.  I even get a similar error when I try to add it via Powershell.

    Any insight would be appreciated as I'm sure I'm missing something minor since all of the other urls seem to be functioning properly.  Also, I can browse to my federation sevices page from the internet and successfully sign in.  

    Let me know if I left out any information that could be useful.  Otherwise I'm sure answering the questions above will get me on the right path.  Thankx IN Advance.

    BigPlay,


    Wednesday, October 30, 2019 12:06 AM

All replies

  • Hi BigPlayfromMD,

    Do you configure the external web services?

    Please Ping these servers’ IP in WAP Server.

    The workflow of WAP and ADFS with Skype for Business is as below:

    Besides, I found some articles about Using WAP and ADFS with Skype for Business for your reference.

    The link is:

    https://www.admin-enclave.com/de/articles-by-year/36-data-articles/website_articles/articles/skypeforbusiness_articles/224-use-ms-web-application-proxy-as-reverse-proxy-and-adfs-with-skype-for-business.html

    http://www.mistercloudtech.com/2015/11/25/how-to-install-and-configure-web-application-proxy-for-adfs/

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.


    Best Regards,
    Sharon Zhao


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Wednesday, October 30, 2019 9:38 AM
  • Thankx Sharon,

    I've already been working from both of those links.  They just show basic install steps, I'm looking for something a bit more in depth that could answer my questions I have above, mainly #'s 3, 4, and 5.  Or atleast an article that covers SFB, ADFS and WAP all in one post that directly speaks to integrating the three, and possibly how to test after.  

    At the moement I'm using the SFB app from the Android store and using those logs as well but as I mentioned they ony mention they couldn't connect to lyncdiscover.  

    Thankx again.

    BigPlay,

    Wednesday, October 30, 2019 2:58 PM
  • Hi BigPlayfromMD,

    In my understanding, mobility is mostly related to WAP server. So, you can search logs in WAP server.

    According to your description, you can’t open lyncdiscover URL in the browser. So, I suggest you make sure that you configure the DNS records correctly in WAP server.

    There are four DNS records related to Reverse Proxy server – WAP server. Please check them as below:


    Best Regards,
    Sharon Zhao


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.



    Monday, November 4, 2019 9:26 AM
  • Hi BigPlayfromMD,

    Is there any update on this case?

    Please feel free to drop us a note if there is any update.

    Have a nice day!


    Best Regards,
    Sharon Zhao


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Tuesday, November 12, 2019 7:57 AM
  • Here I will provide a brief and temporary summary of this post.

     

    <Issue Symptom>:

    User environment:

        Single Standard FE SFB 2015 Server

        Single Standard Edge SFB 2015 Server

        Single ADFS Server (Server 2016)

        Single WAP Server (Server 2016)

    Federation works well, such as IM, Video Calls, Telepconferencing, etc.

    Can’t log in mobile device. It shows that unable to connect to lyncdiscover url.

        

    <(Possible) Cause>:

    It seems related to WAP server because it can’t reach the mobility service.

     

    <Troubleshooting Steps so far>:

    Check the deployment of WAP and ADFS with Skype for Business.

     

    <Next Step>:

    Check the DNS records in WAP server.

       

    <Reference Links>:

    https://www.admin-enclave.com/de/articles-by-year/36-data-articles/website_articles/articles/skypeforbusiness_articles/224-use-ms-web-application-proxy-as-reverse-proxy-and-adfs-with-skype-for-business.html

    http://www.mistercloudtech.com/2015/11/25/how-to-install-and-configure-web-application-proxy-for-adfs/

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.


    Best Regards,
    Sharon Zhao


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Thursday, November 14, 2019 9:58 AM