locked
Lync Server 2010 RTM WebTicket Service RRS feed

  • Question

  • When I try this script

    $x = get-credential "localdomain\user"
    Test-CsAddressBookService -TargetFqdn lync-01.localdomain.local -external  -usercredential $x -usersipaddress "sip:user@domain.ru"

    The script is executed with an error

    Connecting to web service : https://lync.domain.ru:443/WebTicket/WebTicketService.svc
            Using IWA authentication
            Successfully created connection proxy and website bindings
            Requesting new web ticket
            Sending Web-Ticket Request: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
      <s:Header>
        <Action s:mustUnderstand="1" xmlns="http://schemas.microsoft.com/ws/2005/05/addressing/none">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</Action>
      </s:Header>
      <s:Body>
        <RequestSecurityToken xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/200512">
          <TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1#SAMLV1.1</TokenType>
          <RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</RequestType>
          <AppliesTo xmlns="http://schemas.xmlsoap.org/ws/2004/09/policy">
            <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
              <Address>https://lync.softmagazin.ru/WebTicket/WebTicketService.svc</Address>
            </EndpointReference>
          </AppliesTo>
          <Entropy>
            <BinarySecret>v+NJNNL8ghGxHn7cXeyh2Hj3H03ySyUb7z2QT0SClWo=</BinarySecret>
          </Entropy>
          <KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</KeyType>
        </RequestSecurityToken>
      </s:Body>
    </s:Envelope>
            ERROR communicating with GetWebTicket() service
    System.ServiceModel.Security.MessageSecurityException: The HTTP request is unauthorized with client authentication scheme 'NTLM'. The authentication header received from server was "NTLM". ---> System.Net.WebException:The remote server returned an error: (401) Unauthorized.

       в System.Net.HttpWebRequest.GetResponse()
       в System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChan
    nelRequest.WaitForReply(TimeSpan timeout)
       --- Конец трассировки внутреннего стека исключений ---

    Server stack trace:
       в System.ServiceModel.Channels.HttpChannelUtilities.ValidateAuthentication(Ht
    tpWebRequest request, HttpWebResponse response, WebException responseException,
    HttpChannelFactory factory)
       в System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyRespo
    nse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory factory
    , WebException responseException, ChannelBinding channelBinding)
       в System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpChan
    nelRequest.WaitForReply(TimeSpan timeout)
       в System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSp
    an timeout)
       в System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message
    , TimeSpan timeout)
       в System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean one
    way, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan time
    out)
       в System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallM
    essage methodCall, ProxyOperationRuntime operation)
       в System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

    Exception rethrown at [0]:
       в System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqM
    sg, IMessage retMsg)
       в System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgDat
    a, Int32 type)
       в IWebTicketService.IssueToken(Message request)
       в Microsoft.Rtc.SyntheticTransactions.WebServicesHelper.GetWebTicket()


    TargetUri  : https://lync.domain.ru:443/abs/handler
    TargetFqdn : lync-01.localdomain.local
    Result     : Failure
    Latency    : 00:00:00
    Error      : ERROR - No response received for Web-Ticket service.

    Thursday, March 17, 2011 4:40 PM

All replies

  • Hi

    Can you verify if you get a certificate on your client in the personal cert store from the Communications Server.
    By looking in the MMC, certificate, current user on your local computer.

    Best Regards


    Best Regards // Tommy Clarke - Please follow me @ Blog
    and Twitter
    Saturday, April 2, 2011 12:14 PM
  • I'm getting this same error and I can confirm the certifcate is installed...

    There has got to be some kind of IIS settings that are off...

    The client is Win7 x64 / Outlook x64

    Server is Windows 2008 Std SP2.

    From the client

     

    From the Server, testing... ( i've removed the full name as much as possible)

    PS C:\Users\18> Test-CsAddressBookService -TargetFqdn commserver.selfregiona
    .org -UserCredential $cred1 -UserSipAddress "sip:jharte@s.org"
            Connecting to web service : https://commserver.:443/Web
    icket/WebTicketService.svc
            Using IWA authentication
            Successfully created connection proxy and website bindings
            Requesting new web ticket
            Sending Web-Ticket Request: <s:Envelope xmlns:s="http://schemas.xmlsoap
    org/soap/envelope/">
      <s:Header>
        <Action s:mustUnderstand="1" xmlns="http://schemas.microsoft.com/ws/2005/05
    addressing/none">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</Ac
    ion>
      </s:Header>
      <s:Body>
        <RequestSecurityToken xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/2005
    2">
          <TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.
    #SAMLV1.1</TokenType>
          <RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</RequestTy
    e>
          <AppliesTo xmlns="http://schemas.xmlsoap.org/ws/2004/09/policy">
            <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
              <Address>https://commserver.sl.org/WebTicket/WebTicketServi
    e.svc</Address>
            </EndpointReference>
          </AppliesTo>
          <Entropy>
            <BinarySecret>bNtnoVlhYAmGElZAUyxhZjdKum8VM2OUjcDvOqcWHQY=</BinarySecre
    >
          </Entropy>
          <KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</K
    yType>
        </RequestSecurityToken>
      </s:Body>
    </s:Envelope>
            ERROR communicating with GetWebTicket() service
    System.ServiceModel.ProtocolException: The content type text/html; charset=utf-
     of the response message does not match the content type of the binding (text/x
    l; charset=utf-8). If using a custom encoder, be sure that the IsContentTypeSup
    orted method is implemented properly. The first 1024 bytes of the response were
     '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/T
    /xhtml1/DTD/xhtml1-strict.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <title>IIS 7.0 Detailed Error - 500.0 - Internal Server Error</title>
    <style type="text/css">
    <!--
    body{margin:0;font-size:.7em;font-family:Verdana,Arial,Helvetica,sans-serif;bac
    ground:#CBE1EF;}
    code{margin:0;color:#006600;font-size:1.1em;font-weight:bold;}
    .config_source code{font-size:.8em;color:#000000;}
    pre{margin:0;font-size:1.4em;word-wrap:break-word;}
    ul,ol{margin:10px 0 10px 40px;}
    ul.first,ol.first{margin-top:5px;}
    fieldset{padding:0 15px 10px 15px;}
    .summary-container fieldset{padding-bottom:5px;margin-top:4px;}
    legend.no-expand-all{padding:2px 15px 4px 10px;margin:0 0 0 -12px;}
    legend{color:#333333;padding:4px 15px 4px 10px;margin:4px 0 8px -12px;_margin-t
    p:0px;
     border-top:1px solid #EDEDED;border-left:1px solid #EDEDED;border-right:1px so
    id #969696;
     border-bottom:1px solid #969696;background:#E7ECF0;font-weight:bold;f'. ---> S
    stem.Net.WebException: The remote server returned an error: (500) Internal Serv
    r Error.
       at System.Net.HttpWebRequest.GetResponse()
       at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpCh
    nnelRequest.WaitForReply(TimeSpan timeout)
       --- End of inner exception stack trace ---

    Server stack trace:
       at System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyRes
    onse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory facto
    y, WebException responseException, ChannelBinding channelBinding)
       at System.ServiceModel.Channels.HttpChannelFactory.HttpRequestChannel.HttpCh
    nnelRequest.WaitForReply(TimeSpan timeout)
       at System.ServiceModel.Channels.RequestChannel.Request(Message message, Time
    pan timeout)
       at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message messa
    e, TimeSpan timeout)
       at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean o
    eway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan ti
    eout)
       at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCal
    Message methodCall, ProxyOperationRuntime operation)
       at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)

    Exception rethrown at [0]:
       at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage re
    Msg, IMessage retMsg)
       at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgD
    ta, Int32 type)
       at IWebTicketService.IssueToken(Message request)
       at Microsoft.Rtc.SyntheticTransactions.WebServicesHelper.GetWebTicket()


    TargetUri  : https://commserver.sl.org:443/abs/handler
    TargetFqdn : commserver.sl.org
    Result     : Failure
    Latency    : 00:00:00
    Error      : ERROR - No response received for Web-Ticket service.

    Diagnosis  :



    Friday, August 5, 2011 1:25 PM
  • I should also say, it's a 4 day old install.  Lync Server 2010 Standard.
    Very simple, just IT users, about 15.

    I just re-ran the PS for all the correct IIS modules...they are all there.
    I'm going back and reading again about what all the IIS settings should be for authentciation...ect...

    PS C:\Users\18> ServerManagerCmd -i Web-Static-Content Web-Default-Doc Web-Di r-Browsing Web-Http-Errors Web-Http-Redirect Web-Asp-Net Web-Http-Logging Web-Lo g-Libraries Web-Request-Monitor Web-Http-Tracing Web-Windows-Auth Web-Client-Aut h Web-Filtering Web-Stat-Compression Web-Mgmt-Console Web-Scripting-Tools ... NoChange: No changes were made because the roles and features specified in the a nswer file are already installed, or have already been removed from the local co mputer.

     


    JH
    Friday, August 5, 2011 1:32 PM
  • One more thing...

    Here is the valid IIS SSL Cert... that's the first thing I checked based of the KB articles out there:

     

    Maybe related but I'm getting the response groups prompt when lync launches...


    JH
    Friday, August 5, 2011 1:44 PM
  • I'm really hating this issue.... I think I've got it slimmed down to the Web-Ticket Service...

    https://myserver:443/abs/handler

    When I run the ps test Test-CSAddressBookService with all the proper details.. I get this:

    Result : Failure Latency : 00:00:00 Error : ERROR - No response received for Web-Ticket service.

    AT the start of the Address Book test...
    Connecting to web service : https://commserver:443/WebTicket/WebTicketService.svc
    Using IWA authentication Successfully created connection proxy and website bindings Requesting new web ticket Sending Web-Ticket Request: http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1 #SAMLV1.1 http://schemas.xmlsoap.org/ws/2005/02/trust/Issue

    https://commserver/WebTicket/WebTicketService.svc

    rS97gp6/SXBuNXPOvdNgytgvksBGXSbRNsaVeDmAG8U= http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey

    ERROR communicating with GetWebTicket() service System.ServiceModel.ProtocolException: The content type text/html; charset=utf-8 of the response message does not match the content type of the binding (text/xm l; charset=utf-8). If using a custom encoder, be sure that the IsContentTypeSupp orted method is implemented properly. The first 1024 bytes of the response were:

    IIS 7.0 Detailed Error - 500.0 - Internal Server Error</title>

    I'm getting a 500 service error... for that handler... sigh...


    JH
    Monday, August 8, 2011 12:46 PM
  • I am struggling wit the same error.

     

    Test-CsAddressBookService gives me back a 401 error.  "The HTTP request is unathorized with client authentication scheme 'Ntlm'.  The authentication header received from the server was 'Negotiate, NTLM'.

     

    Error - No response received for Web-Ticket service.

     

    I went through the whole add-csKerberos process and my Test-CsTopology is all green. 

     

    Please help!!

    Friday, September 9, 2011 4:38 PM
  • I'm still having this error with Lync. 

    Still need to spend the hours it takes to get MS Support on the phone.

    Since this isn't  a production deployment yet (only IT - 30 people) I'm not wanting to spend that time yet.

    Can only say it makes no sense.

    It has to be an IIS setting since my meeting site isnt' workign either...

    Server Error in '/meet' Application.

     

    Invalid 'LS Join Launcher Web Service' registry key under Services\EventLog\Lync Server - Error Code: 5

     


    JH
    Thursday, November 17, 2011 12:48 PM
  • John, getting same 500 error. How did you end up resolving the issue? Please, let me know!

    Happy New Year!

    Thanks!

    Tuesday, January 1, 2013 9:41 PM
  • Anyone ever figure this out? I'm having the same problem but I am using the new LHPv2. My SSL looks like but I can't figure out why it isn't working correctly.
    Thursday, July 4, 2013 2:54 AM
  • I was dealing with the same problem(s), Address book not syncing and response groups logon screen while starting my Lync client.  test-csaddressbookservice failed .This is how i solved it

    Check if you can open the web ticket service URL in your browser . If anonymous authentication is the problem and is not enabled in IIS web ticket website ,then you will get the error message saying " Server error in web ticket application"  "Security settings for the service requires anonymous authentication but is not enabled for the IIS application that hosts this service."

    Enabled Anonymous authentication in IIS for the webticket application ,stop/start IIS and both problems are solved (in my case).


    Monday, October 28, 2013 1:25 PM