Cannot call between non-domain users in public network (internet)

We set up a test lync servers. It is only a single server behind a firewall. On the firewall, we did port forwarding to send all the packets destined for a specific public IP to Lyncs private address.
The problem is that we can make calls between lync clients as long as one of them is located in the same subnet as the lync server. If both clients are on internet, the call cannot be setup.
If the clients are connecting remotely to lync; and they are both in the same private network, then that works.
If the clients are connecting remotely to lync; and they are at different locations between different firewalls, that does not work.
If one of the clients are on a mobile phone connecting to the Lync server using the DATA connection; and the other one is connecting from home (no vpn); that does not work.
If one of the clients VPN into the lync server's network and starts the lync client to talk to another client connecting to lync remotely via internet; that works.
Any ideas what might be the problem?
It is a demo Lync environment where we have everything loaded on one single server.
Please advise.

You need to deploy edge components for Microsoft Lync Server 2013 makes it possible for external users who are not logged into your organization’s internal network, including authenticated and anonymous
remote users, federated partners (including XMPP partners), mobile clients and users of public instant messaging (IM) services, to communicate with other users in your organization using Lync Server.
Please check
http://technet.microsoft.com/en-us/library/gg398918.aspx
Lisa Zheng
TechNet Community Support

Similar Messages

"Unable to check revocation" error while checking CDP from non-domain user account

Hi!
I use 3-tier PKI infrastructure:
Stand-alone offline Root CA: RootCA;
Stand-alone offline Intermediate subordinate CA: SubCA;
Enterprise CA: EntSubCA.
In certificate we have three CDP point for CRL check:
ldap:///, http:// and file://
I have Windows 2008 R2 server joined to domain.
I use command certutil –verify –urlfetch <filename.cer> >check.txt for revocation checking of certificate.
When I use domain user account for revocation checking, all OK.
I have access to any CDP and all fine.
But when i use local server user account, I haven't access to ldap:/// and process failed although all other links is OK.
My question is "why check fail with non-domain user accout while other CDP point succesfully verifed"?
Here is the logfile from local user:
Issuer:
CN=EntSubCA
DC=DED
DC=ROOT
Subject:
CN=servername.domain_name
Cert Serial Number: 5a896145000300006ee2
dwFlags = CA_VERIFY_FLAGS_ALLOW_UNTRUSTED_ROOT (0x1)
dwFlags = CA_VERIFY_FLAGS_IGNORE_OFFLINE (0x2)
dwFlags = CA_VERIFY_FLAGS_FULL_CHAIN_REVOCATION (0x8)
dwFlags = CA_VERIFY_FLAGS_CONSOLE_TRACE (0x20000000)
dwFlags = CA_VERIFY_FLAGS_DUMP_CHAIN (0x40000000)
ChainFlags = CERT_CHAIN_REVOCATION_CHECK_CHAIN (0x20000000)
HCCE_LOCAL_MACHINE
CERT_CHAIN_POLICY_BASE
-------- CERT_CHAIN_CONTEXT --------
ChainContext.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
ChainContext.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
ChainContext.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
ChainContext.dwRevocationFreshnessTime: 5 Days, 23 Hours, 15 Minutes, 48 Seconds
SimpleChain.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
SimpleChain.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
SimpleChain.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
SimpleChain.dwRevocationFreshnessTime: 5 Days, 23 Hours, 15 Minutes, 48 Seconds
CertContext[0][0]: dwInfoStatus=102 dwErrorStatus=1000040
Issuer: CN=EntSubCA, DC=DED, DC=ROOT
NotBefore: 05.02.2015 20:03
NotAfter: 05.02.2016 20:03
Subject: CN=servername.domain_name
Serial: 5a896145000300006ee2
SubjectAltName: DNS Name=servername.domain_name
Template: Machine
70 e4 6b 16 05 a1 62 e3 6d 24 96 ff 44 74 ee a2 3e ce df 18
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
Element.dwErrorStatus = CERT_TRUST_REVOCATION_STATUS_UNKNOWN (0x40)
Element.dwErrorStatus = CERT_TRUST_IS_OFFLINE_REVOCATION (0x1000000)
---------------- Certificate AIA ----------------
Failed "AIA" Time: 0
Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
ldap:///CN=EntSubCA,CN=AIA,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?cACertificate?base?objectClass=certificationAuthority
Verified "Certificate (0)" Time: 0
[1.0] file://\\ca\crl\EntSubCA.crt
Verified "Certificate (0)" Time: 4
[2.0] http://webserver/crl/EntSubCA.crt
---------------- Certificate CDP ----------------
Failed "CDP" Time: 0
Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
ldap:///CN=EntSubCA,CN=ca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?certificateRevocationList?base?objectClass=cRLDistributionPoint
Verified "Base CRL (018d)" Time: 0
[1.0] file://\\ca\crl\EntSubCA.crl
Failed "CDP" Time: 0
Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
[1.0.0] ldap:///CN=EntSubCA,CN=ca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?deltaRevocationList?base?objectClass=cRLDistributionPoint
Old Base CRL "Delta CRL (018d)" Time: 0
[1.0.1] file://\\ca\crl\EntSubCA.crl
Old Base CRL "Delta CRL (018d)" Time: 4
[1.0.2] http://webserver/crl/EntSubCA.crl
Verified "Base CRL (018d)" Time: 4
[2.0] http://webserver/crl/EntSubCA.crl
Failed "CDP" Time: 0
Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
[2.0.0] ldap:///CN=EntSubCA,CN=ca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?deltaRevocationList?base?objectClass=cRLDistributionPoint
Old Base CRL "Delta CRL (018d)" Time: 0
[2.0.1] file://\\ca\crl\EntSubCA.crl
Old Base CRL "Delta CRL (018d)" Time: 4
[2.0.2] http://webserver/crl/EntSubCA.crl
---------------- Base CRL CDP ----------------
Failed "CDP" Time: 0
Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
ldap:///CN=EntSubCA,CN=ca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?deltaRevocationList?base?objectClass=cRLDistributionPoint
OK "Base CRL (018d)" Time: 0
[1.0] file://\\ca\crl\EntSubCA.crl
Failed "CDP" Time: 0
Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
[1.0.0] ldap:///CN=EntSubCA,CN=ca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?deltaRevocationList?base?objectClass=cRLDistributionPoint
Old Base CRL "Delta CRL (018d)" Time: 0
[1.0.1] file://\\ca\crl\EntSubCA.crl
Old Base CRL "Delta CRL (018d)" Time: 4
[1.0.2] http://webserver/crl/EntSubCA.crl
OK "Base CRL (018d)" Time: 4
[2.0] http://webserver/crl/EntSubCA.crl
Failed "CDP" Time: 0
Error retrieving URL: Logon failure: unknown user name or bad password. 0x8007052e (WIN32: 1326)
[2.0.0] ldap:///CN=EntSubCA,CN=ca,CN=CDP,CN=Public%20Key%20Services,CN=Services,CN=Configuration,DC=DED,DC=ROOT?deltaRevocationList?base?objectClass=cRLDistributionPoint
Old Base CRL "Delta CRL (018d)" Time: 0
[2.0.1] file://\\ca\crl\EntSubCA.crl
Old Base CRL "Delta CRL (018d)" Time: 4
[2.0.2] http://webserver/crl/EntSubCA.crl
---------------- Certificate OCSP ----------------
No URLs "None" Time: 0
CRL 018d:
Issuer: CN=EntSubCA, DC=DED, DC=ROOT
33 af 4d be 0e 35 45 94 bc 8b 3f d9 c1 60 e7 0c c4 83 17 b6
Application[0] = 1.3.6.1.5.5.7.3.2 Client Authentication
Application[1] = 1.3.6.1.5.5.7.3.1 Server Authentication
CertContext[0][1]: dwInfoStatus=102 dwErrorStatus=0
Issuer: CN=SubCA
NotBefore: 13.11.2014 19:12
NotAfter: 13.11.2017 19:22
Subject: CN=EntSubCA, DC=DED, DC=ROOT
Serial: 6109015b000100000008
Template: SubCA
9b 04 17 9f c5 fe 52 ca a5 58 49 6c c6 18 fa db 13 b3 92 9e
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
---------------- Certificate AIA ----------------
Failed "AIA" Time: 0
Error retrieving URL: The network path was not found. 0x80070035 (WIN32: 53)
file://\\sub_ca\CertEnroll\sub_ca_SubCA(1).crt
Verified "Certificate (0)" Time: 0
[1.0] file://\\ca\crl\SubCA.crt
Verified "Certificate (0)" Time: 4
[2.0] http://webserver/crl/SubCA.crt
---------------- Certificate CDP ----------------
Verified "Base CRL (32)" Time: 0
[0.0] file://\\ca\crl\SubCA.crl
Verified "Base CRL (32)" Time: 4
[1.0] http://webserver/crl/SubCA.crl
---------------- Base CRL CDP ----------------
No URLs "None" Time: 0
---------------- Certificate OCSP ----------------
No URLs "None" Time: 0
CRL 32:
Issuer: CN=SubCA
8d a9 9d 51 65 a3 8e 77 02 22 40 57 62 70 e8 f6 c5 2e 60 1e
CertContext[0][2]: dwInfoStatus=102 dwErrorStatus=0
Issuer: CN=RootCA
NotBefore: 28.05.2008 12:09
NotAfter: 28.05.2058 12:19
Subject: CN=SubCA
Serial: 616bd19f000100000004
Template: SubCA
06 d2 47 e7 dc 8f a7 97 a2 b8 c3 92 03 19 24 0c 47 45 22 14
Element.dwInfoStatus = CERT_TRUST_HAS_KEY_MATCH_ISSUER (0x2)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
---------------- Certificate AIA ----------------
Verified "Certificate (0)" Time: 0
[0.0] file://\\ca\crl\RootCA.crt
Verified "Certificate (0)" Time: 4
[1.0] http://webserver/crl/RootCA.crt
---------------- Certificate CDP ----------------
Verified "Base CRL (1c)" Time: 4
[0.0] http://webserver/crl/RootCA.crl
Verified "Base CRL (1c)" Time: 0
[1.0] file://\\ca\crl\RootCA.crl
---------------- Base CRL CDP ----------------
No URLs "None" Time: 0
---------------- Certificate OCSP ----------------
No URLs "None" Time: 0
CRL 1c:
Issuer: CN=RootCA
dc 98 2f 8d 16 9c 64 6e b2 74 89 95 9a 6c 1b 77 fd 58 63 fb
CertContext[0][3]: dwInfoStatus=10c dwErrorStatus=0
Issuer: CN=RootCA
NotBefore: 27.05.2008 16:10
NotAfter: 27.05.2110 16:20
Subject: CN=RootCA
Serial: 258de6fbd3bbab92460530e9e9f10536
5d e4 56 38 13 0a 52 aa 66 51 25 61 19 33 c9 d7 a2 c7 dd 38
Element.dwInfoStatus = CERT_TRUST_HAS_NAME_MATCH_ISSUER (0x4)
Element.dwInfoStatus = CERT_TRUST_IS_SELF_SIGNED (0x8)
Element.dwInfoStatus = CERT_TRUST_HAS_PREFERRED_ISSUER (0x100)
---------------- Certificate AIA ----------------
Verified "Certificate (0)" Time: 0
[0.0] file://\\ca\crl\RootCA.crt
Verified "Certificate (0)" Time: 4
[1.0] http://webserver/crl/RootCA.crt
---------------- Certificate CDP ----------------
Verified "Base CRL (1c)" Time: 0
[0.0] file://\\ca\crl\RootCA.crl
Verified "Base CRL (1c)" Time: 4
[1.0] http://webserver/crl/RootCA.crl
---------------- Base CRL CDP ----------------
No URLs "None" Time: 0
---------------- Certificate OCSP ----------------
No URLs "None" Time: 0
CRL 1c:
Issuer: CN=RootCA
dc 98 2f 8d 16 9c 64 6e b2 74 89 95 9a 6c 1b 77 fd 58 63 fb
Issuance[0] = 1.2.700.113556.1.4.7000.233.28688.7.167403.1102261.1593578.2302197.1
Exclude leaf cert:
5b 8d 96 39 f8 a3 6f af f3 89 bc 8d 78 e2 da 53 21 b8 ff aa
Full chain:
ca 99 30 47 9b ad ab ce 97 cc 70 80 a5 4e 11 b3 1a 83 98 78
Verified Issuance Policies: None
Verified Application Policies:
1.3.6.1.5.5.7.3.2 Client Authentication
1.3.6.1.5.5.7.3.1 Server Authentication
ERROR: Verifying leaf certificate revocation status returned The revocation function was unable to check revocation because the revocation server was offline. 0x80092013 (-2146885613)
CertUtil: The revocation function was unable to check revocation because the revocation server was offline.
CertUtil: -verify command completed successfully.

What you have discovered is the reason to *not* use LDAP URLs for CDP and AIA extensions in your PKI. To access those URLs, the account must access to the URLs. In your output, it is quite clear that the local account does not have necessary permissions
(you also use FILE URLs for publication, which again is not recommended).
The best practice is to use a single URL for the CDP extension. It should be an HTTP URL that is hosted on a highly available (internally and externally accessible) Web cluster.
For the AIA extension, it should contain two URLs: one for the CA certificate - again to an internally and externally accessible, highly available Web cluster and one for the OCSP service - also
an internally and externally accessible, highly available Web cluster.
the other issue is that the root CA is *not* trusted when run by a non-domain account. How are you adding the trusted root CA. It is recommended to do this by running
certutil -dspublish -f RootCA.crt.
This will ensure that the computer account trusts the root CA. In your output, the root CA certificate is not trusted.
Brian

If only using wifi, will I still receive text messages and calls from non iPhone users?

If only using wifi (turning off Cellular Data) will I still receive text messages and calls from non iPhone users?

If you have cell service with a text plan, yes.

Non Domain User Access to Report Server

HI Team,
I am Back with another question. These days i am working on SSRS web services as a part of that i need to provide user access to non domain users to the report manager which is residing in a virtual machine and also when i use the report service web service
URL it is asking for virtual machine's windows credentials and as per my client's requirement i should not be prompted with VM'S windows credentials.
Also, we are providing end users with a login page and this login page is connected to a separate User's database in the VM and how to register these non domain users in the report server database
and also reort manager. please help me out of this issue.
Thank you.

Hi NB515,
In Reporting Services, if we connect to Report Manager out of domain, then we need provide a domain username and password can we access to it. If you want to skip this step, you can configure anonymous access for the report server. However,anonymous access
is not recommended as it may give direct access to your report server or report projects to any one who know the URL of your Reporting Services. But in case you still want to try it, you can refer to the link below to see it:
http://blog.quasarinc.com/ssrs/sql-server-reporting-services-2012-anonymous-access/
If you have any questions, please feel free to ask.
Regards,
Charlie Liao
TechNet Community Support

Difference between AD domain user and local user

Hello, I think the title is self explanatory. I am trying to figure out difference between AD domain user and local user. SAP Help wasnt very helpful.
Thanks.

Hi,
It's about where the user accounts are kept. Domain users are users that are entered into the domain users group on a domain controller. These domain users can be centrally managed at the server. Whereas the local users are the users created in the local system.
In BPC, you can select users from either of them or in combination as well. However, If you want to make change in the local user credentials, you need to login to the system in which the user has been created and make the changes there. On the other hand, changes to domain users can be made from any domain connected machine with the right software and the necessary rights. The changes only need to be made once.
Hope this helps.

Lync to Lync calls not working when users outside of network. But calls from Lync to external numbers do work.

Hello,
We are having the following issue: when our lync users are outside of our network, just connected to their home internet or a public WiFi and not on VPN, they cannot place calls to other
Lync users inside our network. They get a poor network connection message on the call window. But they are able to make calls from Lync to external numbers without a problem.
Inside our network, Lync to Lync calls work perfectly fine, the same for calls from Lync to external numbers.
Does anybody know what could be the cause of our issue? Perhaps I'm missing a setting on our Edge server. What should be the first thing I should check on my Lync servers?
Thanks for any help!

Have you opened up ports on your firewall from your internal clients to the edge on UDP/3478 and TCP/443? This sounds like you might have a problem there. Can you internal clients properly route to this subnet and resolve the pool name of your
edge pool?
Ports and protocols poster, check out in A/V section client traffic to edge showing UDP/3478 and TCP/443:
http://www.microsoft.com/en-us/download/details.aspx?id=39968
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
SWC Unified Communications
This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs.

Non-domain user authentication against SSAS on Active/Passive Cluster

Hello,
We have an Active/Passive SQL Server setup (DB1 & DB2 Servers) connected to a cluster for SQL & SSAS. I have a web server not on the same domain that I am trying to authenticate with SSAS. This works OK if I set the website to impersonate
myUser and I add local account myUser as an Admin on SSAS for the active server (DB1). But when this fails over to DB2 then it fails to authenticate. SSAS won't allow us to add myUser as an admin for local accounts on both DB1 & DB2 as it errors
adding the second one. Could anyone advise how such a scenario should be approached?
We have tried creating a domain user too which DB1 & DB2 can of course both share but I don't think the web server can impersonate this with being not part of the domain.
Thanks.

Hi Jcorker,
According to your description, you need to access the SQL Serve Analysis Services database which is configured as cluster for SQL & SSAS from another domain, right?
In SSAS we can use the solution below achieve the requirement.
1.Create new domain account and impersonate the web site with that.
2.Create local user account on the analysis service with same exact username/password as like domain account created in the previous step.
However, you cannot create a local account with the same name on both servers. I have tested it on my local environemnt, we can create the same local account with the same name on both servers. In your scenario, if DB1 and DB2 on different server, you can
create a local account with the same name on both servers. Please post the detail errors, so that we can make further analysis.
Besides, SSAS only allows users of the same domain or trusted domains and it does not allow users from any domain except from these two. You can configure the trust relationship between the domains.
http://technet.microsoft.com/en-us/library/cc961481.aspx
Regards,
Charlie Liao
If you have any feedback on our support, please click
here.
Charlie Liao
TechNet Community Support

Lync for Mac 2011 - non-domain user logins

How can a non-domain (external) mac user join a lync meeeting? We've installed the client, they have a live.com account (and a skype login if that can help), but we can't login using their live.com id, always returning a failed login error message (check
password, username ...).
Authentication is set to non kerberos, manual config, using TLS with this server:
sipdir.online.lync.com:443
logs follow:
Microsoft Lync 14.0.7 (131205)
MacOS version 10.9.1 (build 13B42)
2014/02/25 21:16:49.330 SIPService::OnEvent(IApplicationLayerEvent &), type: 0, HasSignedIn(): 0, HasSignedOut: 0
2014/02/25 21:16:50.075 SIPService::OnEvent(NModel::ILogonSessionEvent), hr: 0x0, oldState: 0, newState: 10, direction: 0
2014/02/25 21:16:50.082 SIPService::OnEvent(IApplicationLayerEvent &), type: 1, HasSignedIn(): 0, HasSignedOut: 0
2014/02/25 21:16:50.084 SIPService::OnEvent(IApplicationLayerEvent &), type: 3, HasSignedIn(): 0, HasSignedOut: 0
2014/02/25 21:18:00.477 Office Communications Server LOGON STARTED: USER = {[email protected]}
2014/02/25 21:18:00.478 SIPService::Logon
2014/02/25 21:18:00.514 SIPService::OnEvent(IApplicationLayerEvent &), type: 1, HasSignedIn(): 0, HasSignedOut: 0
2014/02/25 21:18:00.755 SIPService::OnEvent(IApplicationLayerEvent &), type: 3, HasSignedIn(): 0, HasSignedOut: 0
2014/02/25 21:18:00.756 SIPService::OnEvent(IApplicationLayerEvent &), type: 1, HasSignedIn(): 0, HasSignedOut: 0
2014/02/25 21:18:00.762 SIPService::OnEvent(IApplicationLayerEvent &), type: 3, HasSignedIn(): 0, HasSignedOut: 0
2014/02/25 21:18:00.762 SIPService::OnEvent(IApplicationLayerEvent &), type: 1, HasSignedIn(): 0, HasSignedOut: 0
2014/02/25 21:18:00.764 SIPService::OnEvent(IApplicationLayerEvent &), type: 3, HasSignedIn(): 0, HasSignedOut: 0
2014/02/25 21:18:00.764 SIPService::OnEvent(IApplicationLayerEvent &), type: 1, HasSignedIn(): 0, HasSignedOut: 0
2014/02/25 21:18:00.785 SIPService::OnEvent(NModel::ILogonSessionEvent), hr: 0x0, oldState: 10, newState: 20, direction: 0
2014/02/25 21:18:00.817 InternalConnect, NLResolveAddress returned: 0
2014/02/25 21:18:00.819 IsLocalAddress, 'sipdir.online.lync.com' is not a local address
2014/02/25 21:18:00.819 FShouldUseProxy, is returning 1
2014/02/25 21:18:00.819 Connecting to sipdir.online.lync.com (port 443)
2014/02/25 21:18:01.513 InternalConnect, NLCreateConnection returned: 0,
2014/02/25 21:18:01.514 InternalConnect, NLCopyConnectionBinding returned: 0,
2014/02/25 21:18:06.041 FShouldUseProxy, is returning 1
2014/02/25 21:18:06.836 FShouldUseProxy, is returning 1
2014/02/25 21:18:10.802 SIPService::OnEvent(ILogonCredentialManagerEvent), type: 0
2014/02/25 21:18:10.802 Login (1) failed with error: (0.0)
2014/02/25 21:18:10.976 SIPService::OnEvent(ILogonCredentialManagerEvent), type: 6
2014/02/25 21:18:10.983 SIPService::OnEvent(NModel::ILogonSessionEvent), hr: 0x80ef0191, oldState: 20, newState: 10, direction: 1
2014/02/25 21:18:10.983 void SIPService::OnLogoffResult(HRESULT), hr: 0x80ef0191
2014/02/25 21:18:10.986 void SIPService::LogoffEx()
2014/02/25 21:18:10.987 SIPService::OnEvent(IApplicationLayerEvent &), type: 2, HasSignedIn(): 0, HasSignedOut: 0
2014/02/25 21:18:10.987 SIPService::OnEvent(IApplicationLayerEvent &), type: 4, HasSignedIn(): 0, HasSignedOut: 0
2014/02/25 21:18:10.987 SIPService::OnEvent(IApplicationLayerEvent &), type: 6, HasSignedIn(): 0, HasSignedOut: 0
2014/02/25 21:18:10.987 SIPService::OnEvent(IApplicationLayerEvent &), type: 4, HasSignedIn(): 0, HasSignedOut: 0
2014/02/25 21:18:10.988 SIPService::OnEvent(IApplicationLayerEvent &), type: 6, HasSignedIn(): 0, HasSignedOut: 0
2014/02/25 21:18:10.988 SIPService::OnEvent(IApplicationLayerEvent &), type: 4, HasSignedIn(): 0, HasSignedOut: 0
2014/02/25 21:18:10.990 SIPService::OnEvent(IApplicationLayerEvent &), type: 8, HasSignedIn(): 0, HasSignedOut: 0
2014/02/25 21:18:10.998 SIPService::OnEvent(IApplicationLayerEvent &), type: 6, HasSignedIn(): 0, HasSignedOut: 0

Judging by your post (because you are using sipdir.online.lync.com) are you a Lync Online subscriber? Or does the user only have a Windows Live/Skype account?
Basically if you're using Lync Online, you can just sign-in using your Lync Online user name, which will either be something like [email protected] or if you have set custom domains it will just be [email protected]
It won't work with Skype/Windows Live accounts.
If you have an on-premise Lync externally you will connect through your Edge with the Mac client, or if inside the LAN you may need to install the root certificate from your internal Certificate Authority if you're using an internal issued rather than public
(GoDaddy, Verisign, Digicert, etc.) certificate.
If this helped you please click "Vote As Helpful" if it answered your question please click "Mark As Answer" | Blog
www.lynced.com.au | Twitter
@imlynced

How to allow non domain users to map to print drivers?

Greetings,
We have a Windows Server 2008 (non R2) 32 bit server that acts as print server. It's also on a domain. Users who are on the domain can easily add the print driver simply by going to device and printers and clicking Add Printer and selecting Network since
I list it in the AD.
The problem arise with well over 100 realtors that walk in and out and need to print. These users are not on the domain. They need to have the print drivers on their computers. I'm hoping we can at least get them to map to the drivers as opposed to unending
local installs.
The management does not want to hear about security, and wants the simplest possible way for their realtors to get up and printing from their computers when they arrive to the office.
Any advice is welcomed.
Thank you!

In the end they got a domain user account that they share to add printers...
Thanks for sharing in the forum. Your time and efforts are highly appreciated.
Best regards,
Justin Gu
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

Not able to install ActiveX (OCX) on Non-Admin user in Windows 7 ( internet Explorer 8/9)

I need the solution to install ActiveX controls throught CAB file (Micorsoft Cabinet) for non-admin users. Our solution is working for user accounts with adminstrator rights but not for nonadmin users.
So far we have tried solution given here: http://msdn.microsoft.com/en-us/library/dd433049(v=vs.85).aspx
and here:
http://blogs.msdn.com/b/askie/archive/2012/09/27/guidlines-on-implementing-activex-installer-service-axis.aspx
But we could not succeed. Pls Help !

Hi,
Apologize for the late reply and the misunderstanding about the ActiveX download location, we could change the location through the below registries:
Use Registry Editor to change the "ActiveXCache" value to the location you want in the following registry key:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings
Use Registry Editor to change the "0" value to the location you want in the following registry key:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ActiveX Cache
   NOTE: The values you enter in steps 1 and 2 must match.
More information, please check
How to Change the Download Location for ActiveX Files (registries exists in IE11).
Regarding the urls that download the cab files into user profile directory, would you mind to share the URL?
And here is some information regarding inf files:
About INF File Architecture
We may check the value of DestDir, DestDir can be set to 10 to place the file into the \Windows directory or to 11 to place the file into the \Windows\System directory. If no value is specified, the file is placed into the \Cache directory.
Best regards
Michael Shao
TechNet Community Support

Cannot associate between non-root to root on 1300 Bridge

I installed 4 1300 Bridges, point to multipoint configuration. One bridges is acting as root whereas the other 3 are non-root. The SSID are locked down manually. None of these non-root can associate to the root, I noticed that the wireless interface is (hardware/software) are down eventhough I enabledit. When I changed the non-root to become root, the wireless interface went up. This doesn't make sense. Pls help. Thanks.

I'm sure you have checked the required parameters needed to connect your non-root bridges, i.e. distance is set for the root, pwr settings, no encryption set for now. I've seen this issue as well on the 1310 with no solution from Cisco. It works well in a PP link. Try to establish the PP link between one bridge first. Leave the SSID as tsunami and broadcast it. Make sure you can associate with one of the non-root when you set it up for client association. I'm sure the radio is fine, but this can verify that.

How can i make a video call to non iPhone users like Noika etc in India they dont have Face time software on the devices

hi
i bought new iPhone 4 after long association with Nokia mobiles but one thing is puzzling me how to make a video call from my iPhone to my other friends who use Nokia E 5/6/7 and make video calls easily
I have 3G connection even my iPhone is not recieving or making any video call
can some one already using this facility help me out
sanjay from jaipur

I havn't got it, but have you tried the Skype for iPad app ? - http://itunes.apple.com/us/app/skype-for-ipad/id442012681?mt=8#

Set picture for non domain users

Hey,
To start I'm running Exchange 2010, not 2013. But am running Office 2013. (So Outlook 2013)
I was wondering if it was possible to set a picture for email addresses that are external.
Like any person email account (yahoo, Hotmail, live, gmail, etc)...
I tried googling but I came up so dry, literally couldn't find a single post about it...

Hi,
To hide this contact from GAL, please right-click on the contact under Recipient Configuration -> Mail Contact.
Then check the box “Hide From Exchange address lists”
Best Regards.
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
Lynn-Li
TechNet Community Support

Using TMG to prevent non windows domain users from accessing internet

Hello!
I'm using Windows server 2008 and use it to run my company's Domain and I have a copy of TMG Server 2010
My question is if I installed the TMG on the my Domain server can I use it to prevent internet access for Non-Domain computers, and how it is done, I've looked around the internet but I couldn't find a way to do it so I thought I should ask here...
Basically can TMG stop non-domain computers from accessing the internet ?
thank you!

Hi,
configure all clients to Webproxy clients and create Firewall policy rules which allows HTTP and HTTPS only for windows users and groups from your Active Directory
best regards Marc Grote - www.it-training-grote.de

How to allow access to winrs for non-admin user?

I have Windows Server 2012 (and Server 2008, but it is next priority) to monitor it using txwinrm. txwinrm library internally is using WinRS protocol. I have to monitor it using least privileged user, but don't know how to configure access for him.
All I managed to do - is to configure remote Powershell session for my user, but it's look like that winrs and powershell sessions have different security descriptors:
Invoke-Command -ComputerName 192.168.173.206 -Credential (credential Administrator $pwd) -ScriptBlock { 2 + 2}
# gives 4
Invoke-Command -ComputerName 192.168.173.206 -Credential (credential lpu1 $pwd) -ScriptBlock { 2 + 2}
# gives 4
winrs -r:192.168.173.206 -u:Administrator -p:$pwd 'powershell -command "2+2"'
# gives 4
winrs -r:192.168.173.206 -u:lpu1 -p:$pwd 'powershell -command "2+2"'
# Gives Winrs error: Access is denied.
Configuration for my user is following:
(Get-Item WSMan:\localhost\Service\RootSDDL).value
# O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;S-1-5-21-3231263931-1371906242-1889625497-1141)S:P(AU;FA;GA;;;WD)(AU;SA;GWGX;;;WD)
(Get-PSSessionConfiguration -name Microsoft.Powershell).SecurityDescriptorSddl
# O:NSG:BAD:P(A;;GA;;;BA)(A;;GA;;;S-1-5-21-3231263931-1371906242-1889625497-1149)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)
(In each security descriptor my user is given general access to protected object).
So what security descriptor should I set to make my winrs query work for non-admin user?

Hi Bunyk,
I can not recreate the erroe you posted, and please also post the screenshoot in your convenience.
I tested with a non-domain user but has the local admin permission of the remote computer, and this worked, before running the remote cmdlet in powershell, I also configured the TrustedHosts.
In addition, the access denied could be also caused to the Protocol Filtering on the remote server, for more detailed information, please refer to this thread:
winrs error:access is denied
I hope this helps.

Cannot call between non-domain users in public network (internet)

Similar Messages

Maybe you are looking for