locked
Polycom user can not login by PIN after migrating (side by side) from Lync 2010 to SfB 2015 (internal error) RRS feed

  • Question

  • Hello,

    I got signed in problem after migrated from Lync2010 to SfB2015. If the Lync2010 front end was shutdown, all users who signed-out and signed-in again from Polycom phone will not able to signed-in if using PIN (internal server error). But users are able to signed-in if using Credential.

    In fact, all the Lync 2010 users already moved to SfB 2015. Either users in SfB FE or SfB SBS, both can not signed-in.

    Regards,
    Sinjo

    Monday, August 20, 2018 10:24 AM

All replies

  • Hi Sinjo,

    About this issue, you could try to do the following steps to check whether fix this issue:
    1. In the SFB FE server, run Get-CsWebServiceConfiguration command to verify the value of the UsePinAuth setting is ‘True’.
    2. Try to reset the PIN and try again.
    3. Run Test-CsPhoneBootstrap command to verify the DHCP options whether set correctly.
    4. Try to restart the IIS in the SFB Server.

    In addition, you could refer to the following blog to check the details about Configuring Lync Server for Phone Edition Devices:
    http://blog.schertz.name/2010/12/configuring-lync-server-for-phone-edition-devices/ 

    Best Regard,
    Evan
    • Proposed as answer by woshixiaobai Wednesday, August 22, 2018 2:08 AM
    Tuesday, August 21, 2018 2:16 AM
  • Hi Sinjo,

    Is there any update for this issue, if the reply is helpful to you, please try to mark it as an answer, it will help others who have the similar issue.

    Best Regard,
    Evan
    Wednesday, August 22, 2018 2:08 AM
  • Hi Evan,

    Sorry, i just want to do today since we have public holiday yesterdfay.

    Thank you.

    Regards,
    Sinjo

    Thursday, August 23, 2018 4:06 AM
  • Hi Evan,

    1. The Get-CsWebServiceConfiguration result shown that UsePinAuth is TRUE

    2. Alreadfy reset the PIN

    3. Result of Test-CsPhoneBootstrap as attached

    4. Already reset the IIS.

    But the problem still remain.

    Regards.

    Sinjo

    Thursday, August 23, 2018 4:27 AM
  • Hi Evan,

    This is the test-csphonebootstrap result :

    ��PS C:\Users\ssbadmin> Test-CsPhoneBootstrap -PhoneOrExtension 52369 -PIN 54321 -Verbose | Export-Csv c:\temp\CSPhoneBoot.txt

    VERBOSE: Workflow Instance Id '8a12d9a5-acd5-454e-9f51-e7783d8a0b76', started.

    VERBOSE: Command line executed is 'Test-CsPhoneBootstrap -PhoneOrExtension 52369 -PIN 54321 -Verbose | Export-Csv c:\temp\CSPhoneBoot.txt'.

    VERBOSE: Workflow 'Microsoft.Rtc.SyntheticTransactions.Workflows.STPhoneBootstrapWorkflow' started.

    Workflow 'Microsoft.Rtc.SyntheticTransactions.Workflows.STPhoneBootstrapWorkflow' completed in '4.8E-05' seconds.

    Target server Fqdn or web service Url not provided. Will have to do DHCP Registrar Discovery.

    An exception 'Unable to perform authentication of credentials.' occurred during Workflow Microsoft.Rtc.SyntheticTransactions.Workflows.STPhoneBootstrapWorkflow

    execution.

    Exception Call Stack: at Microsoft.Rtc.Signaling.SipAsyncResult`1.ThrowIfFailed()

    at Microsoft.Rtc.Signaling.Helper.EndAsyncOperation[T](Object owner, IAsyncResult result)

    at Microsoft.Rtc.SyntheticTransactions.Activities.RegisterActivity.InternalExecute(ActivityExecutionContext executionContext)

    at Microsoft.Rtc.SyntheticTransactions.Activities.SyntheticTransactionsActivity.Execute(ActivityExecutionContext executionContext)

    at System.Workflow.ComponentModel.ActivityExecutorOperation.Run(IWorkflowCoreRuntime workflowCoreRuntime)

    at System.Workflow.Runtime.Scheduler.Run()

    at Microsoft.Rtc.Internal.Sip.SipAuthenticationHelper.SignString(SecurityAssociationBase sa, String stringToSign, String& signatureString)

    at Microsoft.Rtc.Internal.Sip.ProtocolAuth.SignStringWithSA(String signatureString, SecurityAssociation sa)

    at Microsoft.Rtc.Internal.Sip.ProtocolAuth.DoProtocolOutgoingNegotiation(SecurityAssociation sa, SipMessage message, ChallengeData challengeData)

    at Microsoft.Rtc.Internal.Sip.AuthenticationControlModule.NegotiateSecurityAssociation(SecurityAssociation sa, SipMessage message, NegotiateArgs

    negotiateArguments)

    'DHCPDiscover' activity started.

    Starting DHCP registrar discovery...

    Constructing a DHCP packet.

    Adding DHCP option PARAMETER_REQUEST_LIST.

    Successfully added DHCP option.

    Adding DHCP option VENDOR_CLASS_IDENTIFIER.

    Successfully added DHCP option.

    Successfully constructed DHCP packet.

    Trying to open an udp connection.

    Remote IP : 255.255.255.255.

    Local IP : xx.xx.x.xx

    Creating a new UDP client.

    Udp connection successfully created.

    Sending packet.

    Remote IP : 255.255.255.255.

    Remote Port : 67.

    Packet sent successfully.

    DHCP discovery message send. Waiting for DHCP servers to respond.

    Data received successfully.

    Remote IP : xx.xx.x.xx

    Remote Port : 67.

    Response received for the DHCP Discovery message.

    Constructing a DHCP packet from received raw data.

    Extracting DHCP Options.

    Successfully constructed DHCP packet.

    Return value for DHCP option : SIP_SERVER.

    Found registrar Fqdn : LSSFBFE.domain.com.

    Searching for DHCP sub option : VENDOR_SPECIFIC_INFORMATION.1.

    Return value for DHCP option : VENDOR_SPECIFIC_INFORMATION.

    Found DHCP sub option : VENDOR_SPECIFIC_INFORMATION.1 - MS-UC-Client.

    Successfully extracted sub option value.

    Searching for DHCP sub option : VENDOR_SPECIFIC_INFORMATION.2.

    Return value for DHCP option : VENDOR_SPECIFIC_INFORMATION.

    Found DHCP sub option : VENDOR_SPECIFIC_INFORMATION.2 - https.

    Successfully extracted sub option value.

    Searching for DHCP sub option : VENDOR_SPECIFIC_INFORMATION.3.

    Return value for DHCP option : VENDOR_SPECIFIC_INFORMATION.

    Found DHCP sub option : VENDOR_SPECIFIC_INFORMATION.3 - LSSFBFE.domain.com.

    Successfully extracted sub option value.

    Searching for DHCP sub option : VENDOR_SPECIFIC_INFORMATION.4.

    Return value for DHCP option : VENDOR_SPECIFIC_INFORMATION.

    Found DHCP sub option : VENDOR_SPECIFIC_INFORMATION.4 - 443.

    Successfully extracted sub option value.

    Searching for DHCP sub option : VENDOR_SPECIFIC_INFORMATION.5.

    Return value for DHCP option : VENDOR_SPECIFIC_INFORMATION.

    Found DHCP sub option : VENDOR_SPECIFIC_INFORMATION.5 - /CertProv/CertProvisioningService.svc.

    Successfully extracted sub option value.

    Found web service Url : https://LSSFBFE.domain.com:443/CertProv/CertProvisioningService.svc.

    Disconnecting.

    DHCP registrar discovery activity completed successfully.

    'DHCPDiscover' activity completed in '1.0366536' seconds.

    'GetRootCertChains' activity started.

    Trying to download a certificate chain from web service.

    Web Service Url : http://LSSFBFE.domain.com/CertProv/CertProvisioningService.svc

    Certificate chain downloaded successfully.

    'GetRootCertChains' activity completed in '0.0131718' seconds.

    'GetWebTicket' activity started.

    Trying to get web ticket.

    Web Service Url : https://LSSFBFE.domain.com:443/WebTicket/WebTicketService.svc

    Using PIN authentication with Phone\Ext : 52369 Pin : 54321

    Webticket response headers:



    Content-Encoding:



    Vary:Accept-Encoding



    X-MS-Server-Fqdn:LSSFBFE.domain.com



    X-MS-Correlation-Id:2147484526



    client-request-id:48540d20-2026-4f97-b327-3c3aea791185



    Strict-Transport-Security:max-age=31536000; includeSubDomains



    X-Content-Type-Options:nosniff



    Content-Length:2230



    Cache-Control:private



    Content-Type:text/xml; charset=utf-8



    Date:Thu, 23 Aug 2018 04:43:32 GMT



    GetWebTicketActivity completed.

    'GetWebTicket' activity completed in '0.1160851' seconds.

    'ResolveUser' activity started.

    Starting ResolveUser activity using Web Ticket.

    Web Service Url : https://LSSFBFE.domain.com:443/CertProv/CertProvisioningService.svc

    Found user : sip:sundiono@domain.com

    Setting sip uri 'sip:sundiono@domain.com' back to parent workflow.

    ResolveUser activity completed.

    'ResolveUser' activity completed in '0.0180021' seconds.

    'GetWebTicket' activity started.

    Trying to get web ticket.

    Web Service Url : https://LSSFBFE.domain.com:443/WebTicket/WebTicketService.svc

    Using PIN authentication with Phone\Ext : 52369 Pin : 54321

    Webticket response headers:



    Content-Encoding:



    Vary:Accept-Encoding



    X-MS-Server-Fqdn:LSSFBFE.domain.com



    X-MS-Correlation-Id:2147484528



    client-request-id:8dee38a5-81b8-4cf0-a867-c8ad5d52236d



    Strict-Transport-Security:max-age=31536000; includeSubDomains



    X-Content-Type-Options:nosniff



    Content-Length:2211



    Cache-Control:private



    Content-Type:text/xml; charset=utf-8



    Date:Thu, 23 Aug 2018 04:43:32 GMT



    GetWebTicketActivity completed.

    'GetWebTicket' activity completed in '0.0732893' seconds.

    'GetCSCertificate' activity started.

    Trying to download a CS certificate for User : sundiono@domain.com endpoint : STEpid

    Web Service Url : https://LSSFBFE.domain.com:443/CertProv/CertProvisioningService.svc

    Cert Provisioning response headers:



    Content-Encoding:



    Vary:Accept-Encoding



    X-MS-Server-Fqdn:LSSFBFE.domain.com



    X-MS-Correlation-Id:2147484529



    client-request-id:ebbd70b9-546b-4163-8a6a-b6ad3b863117



    Strict-Transport-Security:max-age=31536000; includeSubDomains



    Content-Length:3238



    Cache-Control:private



    Content-Type:text/xml; charset=utf-8



    Date:Thu, 23 Aug 2018 04:43:32 GMT



    GetCSCertificate activity completed.

    'GetCSCertificate' activity completed in '0.0916826' seconds.

    'Register' activity started.

    Sending Registration request:

    Target Fqdn = LSSFBFE.domain.com

    User Sip Address = sip:sundiono@domain.com

    Registrar Port = No Port is provided..

    Authentication Type 'Certificate' is selected.

    'UnRegister' activity started.

    'UnRegister' activity completed in '0.0003825' seconds.

    VERBOSE: Workflow Instance ID '8a12d9a5-acd5-454e-9f51-e7783d8a0b76' completed.

    VERBOSE: Workflow run-time (sec): 1.4582115.

    PS C:\Users\ssbadmin>

    Regards,
    Sinjo

    Thursday, August 23, 2018 5:09 AM
  • Hi Sinjo,

    According to the information you provided, I found it shows 'Unable to perform authentication of credentials.'

    Based on my research, you could try to check the following settings:
    1. Make sure that the phones are able to reach the Lync FE Server on HTTP 80 in addition to HTTPS 443 as Lync Phone Edition device use TCP 80 initially to connect to the Lync web services to download the root certificate chain.
    2. Check if you set AlternateSignatureAlgorithm=1 in the file CAPolicy.inf, if yes, try to change the registry key on your Enterprise CA server. HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\CertSvc\Configuration\Your Cert Authority\CSPvalue AlternateSignatureAlgorithm from 1 to 0 and restart CA service

    Best Regard,
    Evan
    Monday, August 27, 2018 8:41 AM
  • Hi Evan,

    Ok. I will check those items. But this is not at Lync 2010 but at Sfb 2015. Supposed when Lync 2010 shutdown to uninstall, users can login at SfB 2015. 

    Regards,
    Sinjo

    Monday, August 27, 2018 5:04 PM