none
LYNC 2013 publishing not working with IOS devices using WAPS as reverse proxy RRS feed

  • Question

  • Recently we have implemented AD FS and WAPS in our environment. both 2012 R2. we published LYNC 2013 web services through WAPS.
    its working fine for Android devices but none of the IOS device able to connect including ipad or iPhones. we are using internal CA certificates. 

    its sound really weird that WAPS configured in pass-through mode and URL tested through lync connectivity analyzer found ok.
    on the other hand our current production running for both type of devices through TMG. 

    this we are trying to move on with WAPS.

    Guys if any body implemented WAPS and IOS devices working in their environment , please guide us also.

    • Edited by USER RMS Tuesday, July 26, 2016 1:54 PM
    Tuesday, July 26, 2016 1:53 PM

All replies

  • I've implemented this without any issue.  Are you using internal certificates when connecting from the Internet as well?  Are the phones connecting using cellular data plans or are they on internal Wifi?

    Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer". SWC Unified Communications This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Tuesday, July 26, 2016 3:26 PM
  • Hi Anthony,

    Yes, I am using internal CA certificate. I tried to connect through mobile data also same result.

    with external desktop/laptop and android it is connecting with auto discovery but for Ipad and IPhones it is not connecting even I tried with copying root CA ipad and IPhones.

    after few seconds its give straight message on mobile that " cannot find server ...etc..."

    I tried to check iPhone logs are also ..1st I have seen its looking for http url which is not possible as we are using WAPS which support only https. then its through few more errors. like 2_2_11 and 2_2_32 in lync mobile client logs.

    somewhere I am feeling it will only works with public certificate. ??

     

    Wednesday, July 27, 2016 5:11 AM
  • Hi USER RMS,

    On iPhone Skype for Business, did you try to manually type the address?

    Mobile devices support manual discovery of services. In this case, each user must configure the mobile device settings with the full internal and external Autodiscover Service URIs, including the protocol and path, as follows:

    • https://<ExtPoolFQDN>/Autodiscover/autodiscoverservice.svc/Root for external access
    • https://<IntPoolFQDN>/AutoDiscover/AutoDiscover.svc/Root for internal access

    When doing the maunal configuration, is there any error message? Please tell us.

    Click “Show Advanced Options”, then uncheck “Auto-Detect Server”. Then type the Internal Url and External Url.

    Additionally, please refer to following document to install the Root Certificate on iPhone:

    http://www.lyncinsider.com/lync-server-2013/iphone-cant-verify-your-lyncskype-for-business-certificate-how-to-resolve/

    Hope the reply helptul to you.


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Wednesday, July 27, 2016 12:50 PM
  • HI ,

    I Have given manually URL in mobile client and tried again, and also collected logs from mob client.

    I found few things ....

    1) its giving error 2_2_1 and The operation couldn’t be completed. (OSStatus error -9807.)

    In Apple OSStatus.com when I enter this numbe I found below message

    Platform
    Framework
    Error Name Error Code Description
    Security
    SecureTransport.h
    errSSLXCertChainInvalid -9807

    Invalid certificate chain.

     how and where to find chain related things now...

    thanks and regards

    Yashvardhan

    Wednesday, July 27, 2016 1:52 PM
  • Definitely cert related, self signed should work, but it's a pain to use anyway. Why not use the same cert that was working on the production TMG?

    Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer". SWC Unified Communications This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

    Wednesday, July 27, 2016 3:44 PM
  • As you aware after 31st dec-2016 SHA1 will be no more useful . and currently in production we are running with SHA1 and on New WAPS server we are using SHA256.

    Even New certificate at FE server running with SHA256 , so no use if I will use old SHA1 again in WAPS.

    I think may be I will try to use same cert which I am using at FE could solve my issue.

    WAPS should be inside DMZ or in domain . what is best practice.


    • Edited by USER RMS Thursday, July 28, 2016 4:44 AM
    Thursday, July 28, 2016 4:43 AM