locked
Problem with Internal URL in SFB 2015 Server RRS feed

  • Question

  • Here is my scenario:

    - Microsoft SFB 2015 , Front End Server 6.0.9319.510
    - WebComponent Server 6.0.9319.510
    - Server OS Windows Server 2012 R2

    - AddressBookAvailability WebSearchOnly
    - Clients Skype For Business 16.0.4266.1001 (32 bits)
    - Clients OS Windows 10 14393.1358


    Here is my situation:

    I have noticed a lot of traffic between my SFB server and my LAN clients that was provoking the saturation of the WAN link of my remote users. I checked the log files of my SFB server and watched a lot of lines with this information:/groupexpansion/service.svc/WebTicket_Bearer - 443 - "Ip Address of the Client" OC/16.0.4266.1001+(Skype+for+Business) - 500 0 0 732.

    If I stop the Skype for Business Server Internal Web Site, everything gets normal. This pointed me to think something is wrong with the Internal Web Site.

    I have uninstall the IIS, the Skype Web Component, reinstall everything but the issue persist. I have checked the NTFS permissions against the  Skype for Business Server External Web Site and they are exactly the same.

    I have checked everything related with internal certificates and they are all correct.
    It is worth mentioning that I think this issue is provoking users can not search their contacts using just a part of their SIP address. Before this issue I was able to find contacts writing just part of their SIP address, like just the name, or last name, but now if I want to find a user in the contacts I must write the whole SIP address.

    Another thing, when I try to access the Internal URL from web browser https://Lync pool FQDN:443/abs/handler I receive a 500 - Internal server error. I used the fiddler application to capture the traffic between the client and the server and I got the error 401 - Unauthorized: Access is denied due to invalid credentials

    But if I access the external URL from web browser, everything is ok.

    I hope someone gives me some light in this matter, cause I don't really know what could be happening.

    Thanks in advance.
    Tuesday, February 20, 2018 3:42 PM

Answers

All replies

  • Hi Ruben_O_Garcia,

     

    make sure that Certificate Based Authentication is enabled in Lync.

    You could run this cmd(Test-CsAddressBookService) to check  addressbook.if you get the error :(404) Not Found.please refer to the following ways.

     

    1.Checked replication under the Topology tab in SFB control pannel.

     

    2.Reinstalled .net 4.5 via add/remove programs

     

    3.Registed .net by running the following from an elevated cmd (run from .net folder) : aspnet_regiss.exe -I

     

    4.uninstalled Lync webcomponents from add/remove programs

     

    5.From SFB install media- reinstalled webcomponents.msi (browse to \Setup\amd64\Setup)

     

    6.Checked IIS>Application Pool and ensured all ASP.NET and Lync components are set to v4.0 of the .Net Framework Version

     

    7.Launched the SFB setup and reran step 2: Stetup or Remove SFB Server Components.


    Best Regards,
    Leon Lu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Wednesday, February 21, 2018 7:12 AM
  • Ok. Just for clarification I want to let people know the problem with  "a lot of traffic between my SFB server and my LAN clients that was provoking the saturation of the WAN link of my remote users. I checked the log files of my SFB server and watched a lot of lines with this information:/groupexpansion/service.svc/WebTicket_Bearer - 443 - "Ip Address of the Client" OC/16.0.4266.1001+(Skype+for+Business) - 500 0 0 732" was finally solved. 

    I just deleted the Internal Web Service SSL Certificate and regenerated it through SFB 2015 Deployment Wizard. After that the Test-CsAddressBookService is showing me a Result: Success.

    The second part of the problem still remain:

    Another thing, when I try to access the Internal URL from web browser https://Lync pool FQDN:443/abs/handler I receive a 500 - Internal server error. I used the fiddler application to capture the traffic between the client and the server and I got the error 401 - Unauthorized: Access is denied due to invalid credentials


    But if I access the external URL from web browser, everything is ok.

    Wednesday, February 21, 2018 2:37 PM
  • Hi Leon:

    Thanks for your reply. 

    - Certificate Based authentication is enabled in Lync. 

    - Replication under the Topology tab in SFB control pannel is OK

    - I already did the steps suggested by you (Uninstall WebComponent, reinstalled it, etc)

    Wednesday, February 21, 2018 2:38 PM
  • Hi Ruben_O_Garcia,

    Thanks for your waiting.

    According my research, this https://Lync pool FQDN:443/abs/handler URL is related to Addressbook file download.

    I think you may try to this URL as such format https://Lync pool FQDN:443/abs/handler/ C-185a-1875.lsabs to see if you can get the following result:

    C-185a-1875.lsabs is the Addressbook file name in FileShare location:

    \\xxx\Fileshare\1-WebServices-1\ABFiles\00000000-0000-0000-0000-000000000000\00000000-0000-0000-0000-000000000000

    If you can download the file, I think the URL works well.


    Best Regards,
    Leon Lu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Friday, February 23, 2018 5:58 AM
  • Yes, It is working. Thanks. 
    Friday, February 23, 2018 6:34 PM