Lync Client Behind A Proxy

Similar Messages

• Can lync client use internet proxy settings to proxy edge servers, if direct access is not reachable?

  Hi everybody I am trying to Login with my lync Client out of my organization. So I am using lync as a remote user. I am in another organization, and I am using their coporate lan wired and wireless, but I cannot Login to lync in my organization.
  I see that I cannot Access my edge Server on port 443 to authenticate directly, I know that Client in this organization use Internet Proxy to browse the Internet. they have a .pac in their ie Settings.
  my question is; can lync Client use Internet Proxy Settings to reach the Destination? I mean the Access edge on port 443?
  or it can use only Client direct Access to reach the edge Servers?
  I Think that the answer is that I use tcp protocol and not http, and maybe that is the reason why I cannot use the Internet Explorer Proxy Settings to reach the Access edge Servers, different maybe is the case I Need to reach the reverse Proxy for live Meetings.
  Hope my question is clear.
  Thanks

  Proxy settings are used to tell Internet Explorer the network address of an intermediary server (known as a proxy server) that is used between the browser and the Internet on some networks.
  Lync client doesn’t use Internet Proxy Setting. You need to access the Edge service directly.
  Lisa Zheng
  TechNet Community Support

• Problems with Arrowpoint cookies for clients behind a Proxy

  I have in a WebSite clients being load balanced using Arrowpoint cookies to a virtual Server. The CSS load balance between three Apache real servers.
  I have some clients that are behind some kind of Proxy Cache and I have seen with a sniffer that the proxies causing the problem Re-use proxy to our server connections for different requests for multiple clients.
  Then, as I understand the CSS make the forwarding decission based on the cookie of the first request for the first client behind the proxy after establishing the HTTP connection, but when there is a request from other client using this same connection (that must be forwarded to other real server) the request is forwarded to the original web server and fails because we need sticky connections.
  I thought that this wasn't correct but I have read some documents that say that this is called a Proxy role as a "connection cache". Then my question is if there is any workaround for this problem.
  Thanks

  I believe your problem is that the proxy open a few persistent connections with the CSS and loadbalance your client's request over them.
  Once the CSS has associated a connection with a service, it does not look into the request anymore.
  The solution is to disable persistence on the CSS with the command 'no persistent' and 'persistence reset'.
  Find more info at :
  http://www.cisco.com/en/US/products/hw/contnetw/ps789/products_tech_note09186a0080093e06.shtml#crp
  Gilles.

• Web service client behind a proxy server connecting to web service over SSL

  Hi Friends,
  A web service is exposed by an external system over SSL. We are behind a proxy server and are trying to get connected to web service over SSL. <p>
  We are getting the following error on the test browser of workshop<p><p>
  External Service Failure: FATAL Alert:HANDSHAKE_FAILURE - The handshake handler was unable to negotiate an acceptable set of security parameters.<p><p>
  the whole trace is <p>
  <p>JDIProxy attached
  <Sep 24, 2005 9:27:25 AM EDT> <Warning> <WLW> <000000> <Id=creditCheckCtrl:salesExpertServiceControl; Method=creditcheckcontr
  ol.SalesExpertServiceControl.doCreditVerification(); Failure=com.bea.control.ServiceControlException: SERVICE FAULT:
  Code:javax.net.ssl.SSLHandshakeException
  String:FATAL Alert:HANDSHAKE_FAILURE - The handshake handler was unable to negotiate an acceptable set of security parameters
  Detail:
  END SERVICE FAULT>
  <Sep 24, 2005 9:27:26 AM EDT> <Warning> <WLW> <000000> <Id=creditCheckCtrl; Method=creditcheckcontrol.CreditCheck.testCreditC
  heck(); Failure=com.bea.control.ServiceControlException: SERVICE FAULT:
  Code:javax.net.ssl.SSLHandshakeException
  String:FATAL Alert:HANDSHAKE_FAILURE - The handshake handler was unable to negotiate an acceptable set of security parameters
  Detail:
  END SERVICE FAULT [ServiceException]>
  <Sep 24, 2005 9:27:26 AM EDT> <Warning> <WLW> <000000> <Id=top-level; Method=processes.CreditCheck_wf.$__clientRequest(); Fai
  lure=com.bea.wli.bpm.runtime.UnhandledProcessException: Unhandled process exception [ServiceException]>
  <Sep 24, 2005 9:27:26 AM EDT> <Error> <WLW> <000000> <Failure=com.bea.wli.bpm.runtime.UnhandledProcessException: Unhandled pr
  ocess exception [ServiceException]><p>
  I am not able to make out what could be possibly wrong. Please let me know if you guys have any ideas about how to resolve it.
  Thanks
  Sridhar

  did you resolve this problem. I am looking at the same issue. If you did I would really appreciate your response.
  Thanks.

• Java chat client behind the proxy or fire wall

  i am developing the chat application useing java.net.*.but i am not able to get connectivity behind the firewall or proxy on the java client.pls help me out

  to guarantee easy to use, no problem chat applet then you will need to have the chat server running on port 80 and the client use http request/response system
  first problem is that the applet will have to have been delivered from port 80 on the same ip# so you will either have to use Servlets or write your own web server with chat facilities
  you will need to maitain persistent/ pseudo persistent http connections for the server to deliver messages to clients, you can assume that a connection will remain open for ~ 5 minutes after a request from the client
  use HTTP/1.1 for reliable Connection: keep-alive and request/response pipelining
  with all that in place your client method is...
  register and send GET /chat <wait for upto 5 mins>
  if there is client activity send POST/chat <wait for upto 5 mins>
  if the above waits timeout send GET/chat <wait for upto 5mins>
  server method...
  accept GET/POST requests from client
  if there is chat to deliver, reply to most recent request from client
  if you recive another request before the previous one's reply is used, send a No Content reply to the previous request

• Connecting to DirectAccess server from a client behind proxy with authentication

  Hi,
  All our DA clients are working fine except those that are working from a client company where a proxy with authentication is used.
  Our DA server is running Windows server 2012 and clients are running Windows 7.
  I have found similar posts, where it states it is a known issue and it is fixed by a new feature in Windows 2012, however i cannot find more info:
  http://technet.microsoft.com/en-us/library/hh831416.aspx
  IP-HTTPS runs in a system context rather than a user context. This context can cause connection issues. For example, if a DirectAccess
  client computer is located in the network of a partner company that uses a proxy for Internet access, and WPAD auto detection is not used, the user must manually configure proxy settings in order to access the Internet. These settings are configured in Internet
  Explorer on a per user basis, and cannot be retrieved in an intuitive way on behalf of IP-HTTPS. In addition, if the proxy requires authentication, the client provides credentials for Internet access, but IP-HTTPS will not provide the credentials required
  to authenticate to DirectAccess. In Windows Server 2012, a new feature solves these issues. Specifically, the user can configure IP-HTTPS to work when behind a proxy that is not configured using WPAD and IP-HTTPS will request and provide the proxy credentials
  needed to IP-HTTPS request authenticated, and relay it to the DirectAccess server.

  Hello,
  As far as I know it's a feature of Windows 2012 URA with a Windows 8 client.
  Unfortunatelly you will have trouble with proxy authentication with Windows 7 client I think
  Regards,
  Follow me on Twitter http://www.twitter.com/liontux | My Blog (French/English) :
  http://security.sakuranohana.fr/

• Lync 2013 clients behind TMG 2010

  Hi
  My escenario is as follow
  Lync Client 2013 --> TMG 2010 --> ISP Router (without fillter ports)
  I have a problema with this escenario because TMG drop me the voice calls and sudendly drop me the connection with the server.In TMG i created the following rullo
  From internal to external, and URL Set (*.microsoftonline.com,
  *.microsoftonline-p.com , *.onmicrosoft.com, sharepoint.com, *.outlook.com )
  Protocols: http, htpps, RTP, SIP, Sip Server, Sips, Sips Server,
  50040-50059 TCP Outbound
  50000-50019 UDP Send Receive
  3478 UDP Send Receive
  59999 UDP Send Receive
  50020-50039 UDP Send Receive
  So what is the problema with this TMG 2010 (with all updates, SPs and rollouts)
  Thanks

  Hi,
  The following blog might help.
  http://www.jaapwesselius.com/2012/12/21/publish-lync-2013-services-in-tmg-2010/
  (Note: Microsoft provides third-party contact information to help you find technical support. This contact
  information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.)
  Best Regards,
  Joyce
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Creating a socket behind a proxy server

  How can I create a socket to a server if the client is behind a proxy server? I know java.net's HTTP-related classes have built-in proxy server support but this is not for a HTTP-based application.

  Hi,
  I also need to do this but not found any way yet. Somewhere I read that we can set the socket proxies (because mine was an application which tries to open socket connection over the network) through command line or by setting the system properties "socksProxyHost=<proxy_host_address>" and "socksPoxyPort=<proxy_port>". I tried to solve my proxy issue this way but all invain. While setting these system properties it is required that your proxy server is using the SOCKS service which I think is mostly the case but it still didn't work for me. You people try and c if it works for you. If anyhow you manage to get this issue resolved then please tell me also by posting a message.
  regards

• Using Flash's xml.sendAndLoad behind a proxy

  We have a product that uses Directory and Flash to collect
  data and then we send that data to a web server via a soap call. We
  had been using an external perl script to do the soap call for many
  years and are wanting to move the code in to Flash or Directory so
  we can give the user better feed back about what is happening with
  the soap call.
  I created som flash scripts that use the XML object and the
  sendAndLoad function to do the calls. The problem I am finding is
  that if the client is behind a proxy the call fails. Is there a way
  to fix this and correctly authenticate with the proxy server so
  that the soap call goes through?

  I don't know how you'd do this using a Flash object, but
  Director's
  built-in NetLingo xtra can handle SOAP requests as of version
  10.1 and
  this, in conjunction with the proxyServer() command, should
  be all you
  need - assuming you have access to proxy details.
  <
  http://www.adobe.com/devnet/director/articles/webservices.html>

• Lync 2013 Edge & Web proxy

  Hi Everyone
  I'm having a little trouble getting my head around the setup for Lync external access.
  I have setup an ADFS server, Lync 2013 server(works internally), 2012 web proxy server(doing nothing) and an edge server(currently doing nothing).
  My understanding is that the Edge and Web proxy server are in "parallel", I.E, they both face the WAN as they perform different tasks.
  The problem I have is that I'm unsure how to map everything correctly, I also don't understand how an external Lync client will get it's config. If my domain setup is:
  something.domain.internal, and I would like to register a DNS entry externally as something.domain.external. How do I map those correctly via the web proxy and edge server? Sending the request via the firewall is easy enough, however I'm unsure how I'm supposed
  to define them on my servers. Is the Lync server supposed to know about the external URL? Or does it not care?

  Hi,
  The Edge Servers run the services that allow external access to IM and presence, conferencing, audio/video, and other media services. You can also configure the Edge Server to federate with other Lync Server and other XMPP deployments.
  Lync Server uses the reverse proxy to publish a number of features, such as conferencing meetings, conference join locations, the address book, distribution list expansion, downloading meeting content, device updates, Mobility services, and more. Any reverse
  proxy that can meet the requirements for publishing the necessary resource locations can be used.
  You just need to define the Edge information in topology builder and publish it. Then configure the server as defined in topology and install local configuration store, setup Lync components and assign certificate. Here is a topology that
  using private IP addresses and NAT.
  http://technet.microsoft.com/en-us/library/gg399001.aspx
  Here are other resource how to publish Lync Server web services
  http://blogs.technet.com/b/dodeitte/archive/2013/10/29/how-to-publish-lync-server-2013-web-services-with-windows-server-2012-r2-web-application-proxy.aspx
  https://social.technet.microsoft.com/wiki/contents/articles/9807.how-to-configure-forefront-tmg-2010-as-reverse-proxy-for-lync-server-2010.aspx
  Kent Huang
  TechNet Community Support

• Interesting Lync client "Bug" with Timezones with Fix.

  Running Lync Client v4.0.7577.4087
  User called stating he was unable to log into Lync and was getting a message about the Clock on his PC being wrong.   He verified his time was correct but continued to get the error.
  I looked at the machine, he lived 1 timezone behind that of the Lync servers and his TZ was set correctly.   His time and date was correct based on his location.   However the "Automatically Adjust for Daylight Savings" was not checked. 
  Somehow I got the feeling to check that box, which then skewed his time up +1 hours.   I then re-adjusted his time to the correct time for his timezone and he was able to log in. 
  I'm not sure why this happened.   Because VISUALLY his time was correct for his selected TZ originally.

  Lync communication based on MTLS hence time synchronization should be correct as per the home poll. Due to the Daylight saving this was common error which was solved by changing the timezone.
  ~ Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer". ~ This forum post is based upon my personal experience and does not necessarily reflect
  the opinion or view of Microsoft, its employees, or other MVPs.

• Debug behind a proxy

  It's possible to get debug information behind a proxy?
  The client IP adress is not seen from Coldfusion because all request are from proxy.. but if i enable the proxy IP for debugging, i
  will share the debug information with all users.. there is a way to solve this?
  i already tried with the mode=debug option (http://kb2.adobe.com/cps/176/tn_17642.html) in the URL but it simply doesn't work.. i disabled "Enable Debugging " from the admin console and removed any IP from "Debugging IP Addresses" except for 127.0.0.1, and restarted Coldfusion, but also if i append "?mode=debug" to
  any URL, it doesn't display any debug information.
  is the mode=debug option available to Coldfusion 7.0.2 ?
  Thanks in advance

  Contact your ISP for instructions on how to obtain a direct connection.

• Lync Client Can't Download Address List and other problems

  We're currently in the process of testing for a production Lync Server 2010 deployment and we're run into some problems. I've been digging around on the Internet and the Technet forums but can't find a solution to this problem.
  Whenever someone logs in with the Lync Client, they are immediately presented with prompts for user credentials. No credentials work. When you cancel out, you can still chat, but there is an error that says the Address Book can't be downloaded. I've confirmed
  that the SSL certificate works, I've made sure the Kerberos Account is configured properly, I've reinstalled the Web Components, and I've tried numerous other solutions I've found for this issue. Nothing seems to fix the problem. When I try to run test-csaddressbookservice
  in the Management Shell, I get the following:
  cmdlet Test-CsAddressBookService at command pipeline position 1
  Supply values for the following parameters:
  UserSipAddress: sip:[email protected]
          Connecting to web service : https://lync-pool1.company.com:443
  /WebTicket/WebTicketService.svc
          Using IWA authentication
          Successfully created connection proxy and website bindings
          Requesting new web ticket
          Sending Web-Ticket Request: <s:Envelope xmlns:s="http://schemas.xmlsoap.
  org/soap/envelope/">
    <s:Header>
      <Action s:mustUnderstand="1" xmlns="http://schemas.microsoft.com/ws/2005/05/
  addressing/none">http://docs.oasis-open.org/ws-sx/ws-trust/200512/RST/Issue</Act
  ion>
    </s:Header>
    <s:Body>
      <RequestSecurityToken xmlns="http://docs.oasis-open.org/ws-sx/ws-trust/20051
  2">
        <TokenType>http://docs.oasis-open.org/wss/oasis-wss-saml-token-profile-1.1
  #SAMLV1.1</TokenType>
        <RequestType>http://schemas.xmlsoap.org/ws/2005/02/trust/Issue</RequestTyp
  e>
        <AppliesTo xmlns="http://schemas.xmlsoap.org/ws/2004/09/policy">
          <EndpointReference xmlns="http://www.w3.org/2005/08/addressing">
            <Address>https://lync-pool1.company.com/WebTicket/WebTicketS
  ervice.svc</Address>
          </EndpointReference>
        </AppliesTo>
        <Entropy>
          <BinarySecret>I+ZKYvJkkqcD57OPeOX7MG6Tp8S4PhvMUOI6ZPKP/vg=</BinarySecret
  >
        </Entropy>
        <KeyType>http://docs.oasis-open.org/ws-sx/ws-trust/200512/SymmetricKey</Ke
  yType>
      </RequestSecurityToken>
    </s:Body>
  </s:Envelope>
          Web-Ticket response: <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soa
  p/envelope/">
    <s:Header />
    <s:Body>
      <s:Fault>
        <faultcode xmlns:a="http://schemas.microsoft.com/net/2005/12/windowscommun
  icationfoundation/dispatcher">a:InternalServiceFault</faultcode>
        <faultstring xml:lang="en-US">The server was unable to process the request
   due to an internal error.  For more information about the error, either turn on
   IncludeExceptionDetailInFaults (either from ServiceBehaviorAttribute or from th
  e &lt;serviceDebug&gt; configuration behavior) on the server in order to send th
  e exception information back to the client, or turn on tracing as per the Micros
  oft .NET Framework 3.0 SDK documentation and inspect the server trace logs.</fau
  ltstring>
      </s:Fault>
    </s:Body>
  </s:Envelope>
  TargetUri  : https://lync-pool1.company.com:443/abs/handler
  TargetFqdn : lync-pool1.company.com
  Result     : Failure
  Latency    : 00:00:00
  Error      : Failed to get a web ticket.
  Diagnosis  :
  I'm not real sure what to make of this. Any thoughts?

  My situation was somewhat different but running Test-CsAddressBookService would fail with error:
  'The remote server returned an error: (404) Not Found.'
  All clients were unable to retrieve contact unless the full sip address was entered.
  Environment.
  Server: Lync2013 STD
  Client: Lync2010
  Did the following:
  Checked replication under the Topology tab in CSCP- mine had a green check.
  Reinstalled .net 4.5 via add/remove programs
  Registed .net by running the following from an elevated cmd (run from .net folder) : aspnet_regiss.exe -I
  uninstalled Lync webcomponents from add/remove programs
  From Lync install media- reinstalled webcomponents.msi (browse to \Setup\amd64\Setup)
  Checked IIS>Application Pool and ensured all ASP.NET and Lync components are set to v4.0 of the .Net Framework Version
  Launched the Lync setup and reran step 2: Stetup or Remove Lync Server Components.
  Reran Test-CsAddressBookService: 
  successful
  Tested Lync client: Successful

• FTP-client behind RRAS - unable to connect to external FTP servers

  FTP-client behind RRAS - unable to connect to external FTP servers
  A small network (10-20PCs) without any segmentation - one LAN with one Gateway.
  1. If the Gateway is some small hardware device, there are not any problems to make FTP-connections from LAN to Internet FTP-servers
  2. If the Gateway is Win2003+RRAS+NAT or Win2003+ISA2005, there are not any problems to make FTP-connections from LAN to Internet FTP-servers
  3. But if the gateway is Win2008+RAS+NAT or Win2012+RRAS+NAT, the computers in the LAN are not able to connect to Internet FTP-servers
  I made a few tests:
  1. On Win2012+RRAS+NAT
  TurnOff Windows Firewall for All profiles (Domain, Private, Public) - the problem disappears, it it possible to connect to external Internet FTP-servers.
  2. On Win2012+RRAS+NAT
  TurnOff Windows Firewall only for Domain profile - the problem disappears, it it possible to connect to Internet FTP-servers.
  3. On Win2012+RRAS+NAT
  TurnOn Windows Firewall for All profiles (Domain, Private, Public)
  But I excluded the Internal NIC in this list
  Windows Firewall / Properties / Domain Profile / Protected network connections 
  and the problem disappears again
  My question is:
  What new Firewall rule  I have to make and where to place it (to be able to make FTP-connection from LAN to Internet FTP-servers)?
  I made some attempts to allow port21, but any success.

  Thank you, but did you try this ? 
  Can you describe in detail "exclusion rule for FTP traffic" ?!
  In my previous post, I want to say that if you use Win 2008/2012 RAS+NAT as a network gateway, than it is not possible to make FTP-connections to external FTP servers from the computers behind that gateway.
  And the standard attempts to make "Allow"-rules for port 21 in the gateway firewall (Win 2008/2012), do not solve the problem.
  No matter which FTP-client you can try to use.
  To see this problem, just make few simple tests: 
  ">telnet <ftp-server> 21" 
  with firewall on/off  and inbound/outbound "Allow port 21 rule (All/Domain/Private/Public)"
  In my country, the Government Tax Department uses FTP-protocol to collect monthly data from companies. 
  And it is too stupid scenario (to be a small company and to) upgrade from Win 2003 to a newer 2008/2012 and than to not be able to make all your jobs.
  -------EDIT---------
  The same problem (and its solution) is described here:
  http://social.technet.microsoft.com/Forums/windowsserver/en-US/0c68aed6-e22b-4cd4-86bd-f3c767e88349/advanced-firewall-blocking-through-ftp-traffic-rras
  The magic command:
  ">netsh routing ip nat delete ftp"
  solved the problem for me.
  And here is the description of this command - "Disables the FTP proxy on the NAT server."
  http://technet.microsoft.com/en-us/library/cc754535(v=ws.10).aspx#BKMK_106

• No one has started video ( Lync Client 2010)

  I have Lync 2013 Enterprise environment with 2 FE and 3 SQL working as mirroring, and also backup sites where singel FE and SQL are running 
   P2P video conference is working fine, when it comes to multi-video conference participant's video stops one by one. Today we have done latest CU10 updates , results the same ...
  Btw, Lync server 2013 is running as on-premise and Lync client  is  lync 2010  ... 
  Thank you in advance , 

  Are the front ends behind a firewall or anything that may intercept traffic?  Is there any software on the machine such as endpoint protection software that may be an issue?  If you install the Lync 2013 basic client, do you have the issue?
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
  SWC Unified Communications
  This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.