none
New 2010 Edge in existing topology connectivity issues RRS feed

  • Question

  • Hello all,

    We have been running Lync 2010 on premise for a while. We never had an edge server deployed, and we are needing to federate with O365. I updated Lync Front End to the latest CU available, remade topology and added an edge server. FE is running on 2008 R2

    Edge is running on Server 2016. Internal and external NICs as required. Configuration works. Certificates passed for internal and external interface with all servers and external addresses as SANs. The NAT IP configured in topolgy is the VIP of the external interface of our F5, not public IP.

    External interface is behind an F5 HLB that also acts as reverse proxy. 2 public IP addresses are used:

    Public IP 1 pointing to access to the F5 VIP that passes to Edge:

    Sip.

    av.

    webconf.

    Public IP 2 points to VIP that runs reverse proxy and sends to Front End from 443 to 4443:

    dialin.

    lyncdiscover.

    meet.

    System errors on FE: An TLS 1.0 connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.

    and: The following fatal alert was generated: 40. The internal error state is 1205.

    Confirmed all protocols and ciphers are available on FE and Edge and F5

    Microsoft connectivity test error: 

    Exception details:
    Message: The underlying connection was closed: An unexpected error occurred on a receive.
    Type: System.Net.WebException
    Stack trace:
    at System.Net.HttpWebRequest.GetResponse()
    at Microsoft.Exchange.Tools.ExRca.Extensions.RcaHttpRequest.GetResponse()
    Exception details:
    Message: Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
    Type: System.IO.IOException
    Stack trace:
    at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)
    at System.Net.FixedSizeReader.ReadPacket(Byte[] buffer, Int32 offset, Int32 count)
    at System.Net.Security._SslStream.StartFrameHeader(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
    at System.Net.Security._SslStream.StartReading(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
    at System.Net.Security._SslStream.ProcessRead(Byte[] buffer, Int32 offset, Int32 count, AsyncProtocolRequest asyncRequest)
    at System.Net.TlsStream.Read(Byte[] buffer, Int32 offset, Int32 size)
    at System.Net.PooledStream.Read(Byte[] buffer, Int32 offset, Int32 size)
    at System.Net.Connection.SyncRead(HttpWebRequest request, Boolean userRetrievedStream, Boolean probeRead)
    Exception details:
    Message: An existing connection was forcibly closed by the remote host
    Type: System.Net.Sockets.SocketException
    Stack trace:
    at System.Net.Sockets.NetworkStream.Read(Byte[] buffer, Int32 offset, Int32 size)

    Elapsed Time: 634 ms.

    and:

    Couldn't sign in. Error: Error Message: Unable to establish a connection..
    Error Type: ConnectionFailureException.

    Confirmed all certs are working and tested. Ciphers are all available. Protocols all available. Addresses are responding internally no problem. Certificates are being seen in all tests externally.  Traffic is sending through all interfaces on the F5. Packets are hitting the servers.

    I am completely stumped. Any ideas?

    Thursday, May 24, 2018 3:00 PM

All replies

  • Hi,

    Based on your description, I understand that you want to deploy Edge server in your environment, but you encounter error, right?

    For this please check the edge server certificate, please refer to the following
    https://technet.microsoft.com/en-us/library/gg398920%28v=ocs.15%29.aspx?f=255&MSPPError=-2147217396

    Also, I notice that you use single public IP for access edge service, web conference service and A/V conference, please make sure that you use different port for these services.

    I will share a document about how to deploy edge server for your environment
    http://blog.schertz.name/2016/03/skype-for-business-2015-edge-server-deployment/

     Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.


    Best Regards,
    Alice Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Friday, May 25, 2018 6:41 AM
    Moderator
  • Hi,

     

    Are there any update for this issue, if the reply is helpful to you, please try to mark it as an answer, it will help others who has similar issue.


    Best Regards,
    Leon Lu


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Wednesday, May 30, 2018 10:09 AM
    Moderator