none
External client meeting problems

    Question

  • Hi everyone,

    I have a couple problems with external clients and the web app.  Everything works internally without a problem.  Externally, users with the client or through web app can connect to each other/meetings and use IM.  Anything after that, video call, desktop sharing, program, PowerPoint, whiteboard, polls, people are unable to share.

    Video, it starts connecting and 10 seconds later, it says "You've left the call." and it give me an option to rejoin.  When looking through the logs collected from the Lync debugging tool, according to the system I cancelled the INVITE before the remote party answered.

    Desktop sharing starts connecting but returns the error is "An error occurred during the screen presentation."

    PowerPoint asks to upload a file but returns "We can't connect to the server for presenting right now." and "Network issues are keeping you from sharing notes and presenting."

    Whiteboard, polls returns "We can't connect to the server for presenting right now." and "Network issues are keeping you from sharing notes and presenting."

    It sounds like I have many unrelated problems but I am not sure of where else the problem could be.  I have gone through our environment verifying everything 3 times.  Everything is working internally from within our network, only external users have problems.  I am out of ideas and any help would be greatly appreciated.  We have Lync 2013 Standard Server and Lync 2013 Edge Server.

    Friday, May 10, 2013 2:19 PM

All replies

  • Hi

    Check this Thread

    http://social.technet.microsoft.com/Forums/en-US/lyncconferencing/thread/71fca51a-64ed-41c3-8079-0f290588a716


    Whenever you see a helpful reply, click on Vote As Helpful & click on Mark As Answer if a post answers your question.

    Friday, May 10, 2013 3:16 PM
  • This fixed my problem with desktop sharing internally already.  2 updates, I couldn't believe it.  However, it did not change anything when my users are external.

    Friday, May 10, 2013 3:52 PM
  • As the problem is only relate with external user, it is related with Lync Edge Server.

    Please check all the services are started on Lync Edge Server.

    Check whether there are any errors on Lync Edge Server.

    Use the following link to test your remote connectivity.

    https://www.testexchangeconnectivity.com/


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

    Tuesday, May 14, 2013 7:13 AM
    Moderator
  • I believe I found part of my problem.  After running Get-OfficeWebAppsFarm on the OWA server, I found that there is not an ExternalURL set.  During the installation, this never came up.  This should explain why people cannot share PowerPoints, whiteboards while external and everything works internal.  It doesn't explain the video problem.  People can connect and chat.

    All services are started.

    No errors on the Edge server

    My DNS is correct, everything resolved correctly.  Strange, this time I ran the test it failed because "The certificate couldn't be validated because SSL negotiation wasn't successful."

    I'll look into this and post back.

    Tuesday, May 14, 2013 11:10 AM
  • Hi

    What type of certificate you are used for Lync Edge external interface?

    Please make sure the SAN of certificate includes SIP domain FQDN used within your company. (for example, sip.contoso.com, sip.fabrikam.com).

    You can also use this tool to test your Edge configuration

    http://www.insideocs.com/Tools/RUCT/RUCT.htm

    Also check you Dns Srv records for your Edge server.


    Whenever you see a helpful reply, click on Vote As Helpful & click on Mark As Answer if a post answers your question.

    Friday, May 17, 2013 7:35 AM
  • We are using a GoDaddy certificate.  It does have our SIP domain FQDN.

    The DNS SRV records, would they be the reason we can connect and IM externally but not share video, desktop, PowerPoint, whiteboard, polls externally?  At the moment, our DNS provider does not support SRV records.

    I used the RUTC tool and everything checks out. 

    Wednesday, May 22, 2013 5:42 PM
  • Yes. you need to create DNS SRV records. Did you created lyncdiscover.<domain> record.

    Check this required DNS Records

    http://technet.microsoft.com/en-us/library/gg398758.aspx

    http://technet.microsoft.com/en-us/library/gg398680.aspx


    Whenever you see a helpful reply, click on Vote As Helpful & click on Mark As Answer if a post answers your question.

    Thursday, May 23, 2013 12:33 PM
  • We created lyncdiscover. 

    We have made some progress.  Now we are able to share our desktops externally (found out it was the firewall).  Still no video.

    We are close for PowerPoints.  We published an ExteranlURL for OWA.  We are able to go to https://server.mydomain.com/m/present_2_0.asmx but are unable to share PowerPoint using the client.  I am wondering if it is not published correctly in the topology or if I need to rerun setup?  Do you know the port requirements for OWA, are there more than 80 and 443? 

    Thursday, May 23, 2013 12:42 PM
  • Hi

    Port 443 - remember from TMG you will need to open port 4443 to Lync FE

    check this

    http://technet.microsoft.com/en-us/library/jj204665.aspx

    http://social.technet.microsoft.com/wiki/contents/articles/13168.integrating-exchange-2013-owa-and-lync-server-2013.aspx

    Ports need to open

    http://www.stoknes.net/runesblog/Lists/Posts/Post.aspx?ID=4&mobile=0

    http://technet.microsoft.com/en-us/library/gg398833.aspx

    Here is the link for New update for lync client

    http://support.microsoft.com/kb/2768004?wa=wsignin1.0


    Whenever you see a helpful reply, click on Vote As Helpful & click on Mark As Answer if a post answers your question.

    Thursday, May 23, 2013 1:53 PM
  • Hi,

    We have not yet solved our problem.  First, we ran a packet capture of a computer with the Lync client that was outside of our network and it appears that they never try to go to av.domain.com or to wc.domain.com.  They do go to sip.domain.com.  Is this behavior normal or should we see traffic to av.domain.com and wc.domain.com? 

    We believe the problem is with the edge server or something in the topology is incorrect.  We are considering starting over with the edge server.  We know it is not the ports because we put the computer on the same outside network as the edge server with the same result.  This is why I am leaning towards it being a problem with the topology or the edge server.  It had a direct connection to the edge and it didn't know it existed or the edge didn't respond.

    Any suggestions?

    Thank you for the help so far.

    Thursday, June 06, 2013 1:10 PM
  • Do you have the client log? Can you post it?

    We should find the INVITE and the related audio/video (IP) candidates


    PT4OCS

    Thursday, June 13, 2013 8:31 PM
  • I've ran into a quite similar situation as well. During my trouble shooting I used the MSTurnPing application (can be found in the Lync Resource Kit). Using this tool I found that the A/V authentication service wasn't responding in the right way. This was fixed by changing the certificate on the edge internal interface. In the new certificate I included the EdgePool FQDN and the Server FQDN.

    I also wrote a blog on how to use the MSTurnPing application and about the certificate requirements: http://joostvanlier.wordpress.com/2013/06/10/lync-2013-certificate-requirements-for-lync-2013-edge-server/.

    Hope this helps!

    Monday, June 17, 2013 8:44 PM
  • Well we got more of it working than we had before.  It looks like everything externally with the client is working correctly.

    What we ended up doing was creating a new Edge server and a new edge pool.  This time I named the pool something different from the edge server.  We installed the Edge server on a fresh load, gave it the same IP addresses.  We keep the FQDN the same as our previous server so we didn't have to purchase a new cert for the external interface.  We are using a new internal interface certificate that does include the EdgePool FQDN and server FQDN.  Maybe that was all we needed.

    Right now our problems are

    • The meet.domain.com url
    • The Lync app for the Windows Phone and Windows 8
    • External clients are unable to use web app server.  "Sorry, PowerPoint Web App ran into a problem opening this presentation.  To view this presentation please open it in Microsoft PowerPoint."  It works internally.  This error is for anyone trying to present or view the presentation while externally.
    • Edited by SubNet.Zero Thursday, June 27, 2013 1:49 PM Further clairfication
    Thursday, June 27, 2013 12:35 PM
  • We fixed the meet.domain.com URL by taking UAG out of the picture.  This appears to be working correctly.

    The Lync app for Windows Phone and Windows 8 do not sign in.

    There has been progress made with  PowerPoint.  Externally, everything is working as it should.  The problem we are encountering is with the client internally now (before internally worked without problems).  Whenever we try to share a PowerPoint presentation, the client internally has "There was a problem verifying the certificate from the server.  Please contact your support team."  The OWA server has a publicly trusted cert from GoDaddy assigned to it.  It is a wildcard cert.  The reason we changed the cert is before we had a cert assigned by the internal CA and any external client would receive "There was a problem verifying the certificate from the server.  Please contact your support team." 

    The OWA server FQDN is owa.domain.local.  Both the internal and external URL are set to owa.publicdomain.com.  Internally I cannot access the /hosting/discovery.  Externally I receive the xml from /hosting/discovery. 

    Is there a better way to set the OWA server up? 

    What am I missing?


    • Edited by SubNet.Zero Tuesday, July 23, 2013 5:56 PM further explaination
    Tuesday, July 23, 2013 5:54 PM
  • We resolved the problem with OWA.  Figured I would post what worked. 

    1. Set the internal and external URL to something that is not the server name.  e.g. owa.domain.com.  Assign a public certificate with the external URL in the SAN.  As long as it is in the SAN it should work, wildcards will not work.
    2. Update the topology hosting URL to what was set previously, publish topology.
    3. Update the name that was set in the first step on internal and external DNS to your IP address of reverse proxy/server directly (depending on your setup).

    Thursday, July 25, 2013 6:02 PM