Doing the autodiscover check through Microsoft connectivity web tool, it works great going through port 443. But this is what I get going through port 5061 on the manual check:
Also, this is the message from the sametime gateway that is trying to connect to our edge server:
[9/21/12 11:44:07:578 EDT] 00000016 SipProxyConne W CWSPX0030W: Unable to connect to client: address = sip.domain.com:5061.
Any help would be great.
I am kind of new at this, so as far as I know the cert is valid. It is up to date and public. It does not expire until next year.
The cert prop service is started.
And the _sipfederationtls._tcp SRV record returns port 5061, the svr hostname is sip.domain.com, and the IP it returns is the internet address that we are using.
Hope that helps.
ok, then we start with the configuration.
Your edge server configuration, 2 Nics one going towards your FE Lync server on the inside and one published to the Internet.
Two certificates deployed to the different nics. The one facing the internet should be the one saying sip.domain.com and the one on the internal Nic should say the name of the edge server.
Also add the fqdn on the edge server.
Disable IP6 on the edge server.
Ports opened on the fw for communication, both to the Internet and facing the internal Lync server.
Edge Server config:
Internal NIC on the internal DMZ with a route to FE network. Internal cert set on internal NIC.
External NIC on the external DMZ, NAT'd to outside address. Public cert, named sip.domain.com, on external NIC.
IPv6 is disabled on edge.
Confirmed that all ports are open.
Can you clarify a little bit on the fqdn on the edge server? I believe I have that done as well, just want to make sure.
Ok, lets go back to basics. On the edge server, in Lync management shell, run Stop-CsWindowsService. Once completed, Open Even Viewer, navigate to Application and Service Logs, Lync Server, and clean all events. Run Start-CsWindowsService in Lync shell, make sure all services have started (or failed to start), go back to even viewer and examine the startup events. Look for obvious errors, especially ones related to Access Edge service. Look for proper binding on IPs, ports and certificates.
Would you please check the port you specified for the SRV record sip.domain.com?I supposed it was 443,if so when you perform remote connectivity test manaully you should change the default port 5061 to 443 in "Specify Lync Access Edge Server Port Number". Also you can verify the Access Edge port you defined in the topology.
TechNet Community Support
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question.
- Proposed as answer by Sharon.ShenMicrosoft contingent staff, Moderator Thursday, October 04, 2012 9:33 AM
what do you mean by 'They did not have a public cert on their end'?
We have a wildcard Thawte certificate for more then 10 years now. I cannot believe that MS can't check that...
Also: why is it working with the test on 443 and not 5061?
I have the same problem over here....
Kind regards / Met vriendelijke groet, IS Group Rob Mulder Kantoorautomatiseerder Wielingenstraat 8 T 0299 476 185 1441 ZR Purmerend F 0299 476 288 www.is.nl / www.isenterprise.com KvK Hoorn 36049256