Lync 2013 federation with Skype error: 'Reference error id 504 (Source ID 239)

I have setup lync 2013, configured skype federation (http://www.techtroubleshoot.com/federate-lync-server-with-skype/) and also done Lync provisioning. Skype federation worked for a few days (2weeks) and then stopped. Currently I am getting the following
error 'Reference error id 504 (Source ID 239)'.
Ports are open on the firewall. I however still get the error.
KimaniBob

Verify from following:
you can telnet to your sip domain on port 5061 and 443 from external and resolve of nslookup to srv record of sipfederation is correct.
Certificate on Edge Server not expire or damaged.
This link had similar issue, you can check it.
http://terenceluk.blogspot.com/2013/04/unable-to-send-instant-messages-or-view.html
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"

Similar Messages

  • MS Lync 2013 federation with Cisco CUP 8.6

    Hi all,
    I am currently trying to federate CUPS 8.6 with MS Lync 2013.
    After a lot of certificate issues we finally got a one-way IM from CUPS to Lync. I can't get Presence in either direction or send an IM from Lync to CUPS user.
    I have followed the Cisco guide for inter-domain federation within an enterprise. so no edge server or Cisco ASA involved.
    The error message I am seeing on the Lync side is:
    ms-diagnostics:
    1010;reason="Certificate trust with another server could not be established";ErrorType="Refer to HRESULT code for specific security status";tls-target="CUP-A.cupdomain.co.uk";HRESULT="0x80090326(SEC_E_ILLEGAL_MESSAGE)";source="LCT-LYNCFE01.lyncdomain.net"
    On the CUP side I can see the TLS session being dropped with this error message:
    17:22:58.945 |[Wed Apr 23 17:22:58 2014] PID(24295) sip_tls_verify_callback: TLS protocol error(ssl reason code=(null) [0]),lib=(null) [0],fun=(null) [0], errno=0
    17:22:58.945 |[Wed Apr 23 17:22:58 2014] PID(24295) sip_tcp.c(2409) SSL server accept returned SSL_ERROR_SSL
    17:22:58.945 |[Wed Apr 23 17:22:58 2014] PID(24295) sip_tls_accept: TLS protocol error(ssl reason code=no certificate returned [178]),lib=SSL routines [20],fun=SSL3_GET_CLIENT_CERTIFICATE [137], errno=0
    17:22:58.945 |Wed Apr 23 17:22:58 2014] PID(24295) sip_tcp.c(1056) sip_tcp : Hard close/destroy of tcp connid 93 sock_fd 37 flags 0
    On the cisco side I have only set a TLS Peer as the LYNCPOOL server. do I need to set up a TLS Peer for all of the Lync Servers?
    The lyncpool server has client and server enhanced key usage - do I need to reissue the certs with this for ALL servers in the lync cluster?
    It seems like TLS will neogotiate successfully using the LYNCPOOL server but not with any of the other servers. Must be missing something simple.
    Many thanks for advice.
    Regards
    Lee.

    Hi,
    Please double check the listen port of Lync Server.
    In the Lync Server Management Shell enter the following command to verify the current system configuration: Get-CSRegistrarConfiguration
    More ports requirement for Lync server you can refer to the link below:
    http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/cups/8_6/english/integration_notes/IntegrationNote_CUP86_MicrosoftLyncServer2010_RCC.html
    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make
    sure that you completely understand the risk before retrieving any suggestions from the above link.
    Best Regards,
    Eason Huang
    Eason Huang
    TechNet Community Support

  • Lync 2013 federation and mobile push 504 error

    Hello,
    In our company we have deployed Lync 2013 Standard with last CU
    1. Front End - External web serwis and mobile sing by wildcard certyfikate trusted in Internet, and Internal webserwis sing by our Internal CA not trusted in internet
    In Topology is registred: LyncFE.company.local
    Default SIP domain is company.com
    2. Edge Server  - All in one server sing by our Internal CA not trusted in internet with Subject Alternative Names: sip.company.local, sip.company.com, LyncEDGE.company.com
    In Topology is registred: LyncEDGE.company.local
    3. Reversed Proxyand NAT and firewall setup our firewall with Port Translating
    LyncEDGE.comapny.local have asigned by NAT public IP Adres 10.10.10.10
    LyncFE.company.local have asingned by NAT public adres IP 10.10.10.11
    Incoming traffic for 10.10.10.10 and 10.10.10.11 Lync ports TCP/UDP from documentation
    Outgoing traffic for 10.10.10.10 (LyncEDGE) on TCP 5061 need for federation
    4. DNS setup
    We have split domain and DNS like this:
    Company.local (Internal DNS) and Company.com (External DNS)
    DNS Records in our External DNS:
    LyncEDGE.company.com record A 10.10.10.10
    LyncFE.company.com record A 10.10.10.11
    sip.comapny.com TLS --> LyncEDGE.copmany.com
    _sipfederationtls._tcp.company.com -> LyncEDGE.copmany.com
    _sipinternaltls._tcp.company.com --> -> LyncEDGE.copmany.com
    lyncdiscover.company.com --> 10.10.10.10
    In this setup works for now: Lync Audio Video, Mobile access. And now we trying setup Federation and Push notyfication and when we testing we get 504 form serwer.
    Test-CsFederatedPartner -TargetFqdn lyncedge.company.local (This is the name of our LyncEDGE server in topology)-Domain microsoft.com
    Test-CsFederatedPartner : A 504 (Server time-out) response was received from
    the network and the operation failed. See the exception details for more
    information.
    At line:1 char:1
    + Test-CsFederatedPartner -TargetFqdn lyncedge.pep.local -Domain microsoft.com
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : OperationStopped: (:) [Test-CsFederatedPartner],
        FailureResponseException
        + FullyQualifiedErrorId : WorkflowNotCompleted,Microsoft.Rtc.Management.Sy
       ntheticTransactions.TestFederatedPartnerCmdlet
    My lyncedge.company.com was add by Microsoft as Federation for Skype
    telnet form Front End server to LyncEDGE.company.local on port 5061 works
    Firewall show outbond traffic form LyncEDGE.company.com (10.10.10.10) to Microsoft site
    But still i cant get working federation and push notyfication for mobile some one can advise where problem can be? I think problem is with our certyficate setup on EDGE server that is sing by our Internal CA not trusted in Internet.

    Hi, I exchanged root certyfikates with my partner. And now he can see my status, call Video, send IM to my all account but I can't do nothink I get 504, on my logs I see below:
    I tested
    telnet sip.partnerdomian.pl 5061 -- OK
    telnet sip.partnerdomian.pl 443-- ok
    nslookup _sipfederationtls._tcp.partnerdomian.pl --> sip.partnerdomian.pl port 5061
    All is ok but still timeout, where look for problem on my site or partner site. He have 3 IP LAN adreses on Edge NAT on one public
    TL_INFO(TF_PROTOCOL) [0]0548.1970::12/30/2014-20:51:59.558.0006bc75 (SIPStack,SIPAdminLog::ProtocolRecord::Flush:ProtocolRecord.cpp(265))[441892531] $$begin_record
    Trace-Correlation-Id: 441892531
    Instance-Id: 2B8A
    Direction: outgoing;source="internal edge";destination="external edge"
    Peer: 195.0.0.1:15224
    Message-Type: response
    Start-Line: SIP/2.0 504 Server time-out
    From: "Michał Machniak"<sip:[email protected]>;tag=2f81462440;epid=2ca2532739
    To: <sip:[email protected]>;tag=FA942E991CA5A3E9E440BCB9A3FDDF44
    Call-ID: 3a1f78a7ab334baea7c31819fcbbb197
    CSeq: 1 SUBSCRIBE
    Via: SIP/2.0/TLS 172.19.19.23:59211;received=195.8.106.114;ms-received-port=15224;ms-received-cid=11600
    Content-Length: 0
    ms-diagnostics: 1034;reason="Previous hop federated peer did not report diagnostic information";Domain="partnerdomain.pl";PeerServer="sip.partnerdomain.pl";source="MyEdge.domain.pl"
    ms-edge-proxy-message-trust: ms-source-type=DirectPartner;ms-ep-fqdn=LyncEDGE.domain.local;ms-source-network=federation;ms-source-verified-user=unverified
    $$end_record
    TL_INFO(TF_DIAG) [0]0548.1970::12/30/2014-20:51:59.558.0006bc14 (SIPStack,SIPAdminLog::WriteDiagnosticEvent:SIPAdminLog.cpp(802))[441892531] $$begin_record
    Severity: information
    Text: Response successfully routed
    SIP-Start-Line: SIP/2.0 504 Server time-out
    SIP-Call-ID: 3a1f78a7ab334baea7c31819fcbbb197
    SIP-CSeq: 1 SUBSCRIBE
    Peer: 195.0.0.1:15224
    Data: destination="[email protected]"
    $$end_record
    TL_INFO(TF_PROTOCOL) [0]0548.1970::12/30/2014-20:51:59.558.0006b949 (SIPStack,SIPAdminLog::ProtocolRecord::Flush:ProtocolRecord.cpp(265))[441892531] $$begin_record
    Trace-Correlation-Id: 441892531
    Instance-Id: 2B8A
    Direction: incoming;source="internal edge";destination="external edge"
    Peer: LyncFE.domain.local:5061
    Message-Type: response
    Start-Line: SIP/2.0 504 Server time-out
    From: "Michał Machniak"<sip:[email protected]>;tag=2f81462440;epid=2ca2532739
    To: <sip:[email protected]>;tag=FA942E991CA5A3E9E440BCB9A3FDDF44
    Call-ID: 3a1f78a7ab334baea7c31819fcbbb197
    CSeq: 1 SUBSCRIBE
    Via: SIP/2.0/TLS 172.19.23.80:49973;branch=z9hG4bKC86F300B.DA568731A4B1BC2F;branched=FALSE;ms-received-port=49973;ms-received-cid=894D00
    Via: SIP/2.0/TLS 172.19.19.23:59211;received=195.0.0.1;ms-received-port=15224;ms-received-cid=11600
    Content-Length: 0
    ms-diagnostics: 1034;reason="Previous hop federated peer did not report diagnostic information";Domain="partnerdomin.pl";PeerServer="sip.partnerdomain.pl";source="MyEdge.domain.pl"
    ms-edge-proxy-message-trust: ms-source-type=DirectPartner;ms-ep-fqdn=LyncEDGE.domain.local;ms-source-verified-user=unverified;ms-source-network=federation;ms-local-fcp=yes
    $$end_record
    TL_INFO(TF_PROTOCOL) [0]0548.1970::12/30/2014-20:51:59.558.0006b769 (SIPStack,SIPAdminLog::ProtocolRecord::Flush:ProtocolRecord.cpp(265))[441892531]
    $$begin_record
    Trace-Correlation-Id: 441892531
    Instance-Id: 2B89
    Direction: outgoing;source="external edge";destination="internal edge"
    Peer: LyncFE.domain.local:65236
    Message-Type: response
    Start-Line: SIP/2.0 504 Server time-out
    From: "Michał Machniak"<sip:[email protected]>;tag=2f81462440;epid=2ca2532739
    To: <sip:[email protected]>;tag=FA942E991CA5A3E9E440BCB9A3FDDF44
    Call-ID: 3a1f78a7ab334baea7c31819fcbbb197
    CSeq: 1 SUBSCRIBE
    Via: SIP/2.0/TLS 172.19.23.75:65236;branch=z9hG4bK9FFA2BA6.757019415D97CC30;branched=FALSE;ms-received-port=65236;ms-received-cid=1400
    Via: SIP/2.0/TLS 172.19.23.80:49973;branch=z9hG4bKC86F300B.DA568731A4B1BC2F;branched=FALSE;ms-received-port=49973;ms-received-cid=894D00
    Via: SIP/2.0/TLS 172.19.19.23:59211;received=195.8.106.114;ms-received-port=15224;ms-received-cid=11600
    Content-Length: 0
    ms-diagnostics: 1034;reason="Previous hop federated peer did not report diagnostic information";Domain="partnerdomian.pl";PeerServer="sip.partnerdomian.pl";source="MyEdge.domain.pl"
    ms-edge-proxy-message-trust: ms-source-type=DirectPartner;ms-ep-fqdn=LyncEDGE.domain.local;ms-source-verified-user=unverified;ms-source-network=federation;ms-local-fcp=yes
    $$end_record
    TL_INFO(TF_DIAG) [0]0548.1970::12/30/2014-20:51:59.558.0006b704 (SIPStack,SIPAdminLog::WriteDiagnosticEvent:SIPAdminLog.cpp(802))[441892531] $$begin_record
    Severity: information
    Text: Response successfully routed
    SIP-Start-Line: SIP/2.0 504 Server time-out
    SIP-Call-ID: 3a1f78a7ab334baea7c31819fcbbb197
    SIP-CSeq: 1 SUBSCRIBE
    Peer: LyncFE.domain.local:65236
    $$end_record
    TL_INFO(TF_DIAG) [0]0548.1970::12/30/2014-20:51:59.558.0006b57a (SIPStack,SIPAdminLog::WriteDiagnosticEvent:SIPAdminLog.cpp(802))[441892531] $$begin_record
    Severity: information
    Text: The message has an Allowed Partner Server domain
    SIP-Start-Line: SIP/2.0 504 Server time-out
    SIP-Call-ID: 3a1f78a7ab334baea7c31819fcbbb197
    SIP-CSeq: 1 SUBSCRIBE
    Peer: sip.partnerdomain.pl:5061
    Data: domain="partnerdomian.pl"
    $$end_record
    TL_INFO(TF_PROTOCOL) [0]0548.1970::12/30/2014-20:51:59.558.0006b35e (SIPStack,SIPAdminLog::ProtocolRecord::Flush:ProtocolRecord.cpp(265))[441892531] $$begin_record
    Trace-Correlation-Id: 441892531
    Instance-Id: 2B89
    Direction: incoming;source="external edge";destination="internal edge"
    Peer: sip.opteam.pl:5061
    Message-Type: response
    Start-Line: SIP/2.0 504 Server time-out
    From: "Michał Machniak"<sip:[email protected]>;tag=2f81462440;epid=2ca2532739
    To: <sip:[email protected]>;tag=FA942E991CA5A3E9E440BCB9A3FDDF44
    Call-ID: 3a1f78a7ab334baea7c31819fcbbb197
    CSeq: 1 SUBSCRIBE
    Via: SIP/2.0/TLS 172.19.20.25:56348;branch=z9hG4bK62EA2C6E.CBA9E35BA4B1BC2F;branched=FALSE;ms-internal-info="bdfQfcjHqEGEYXjrThA5NV7b6oZKoU2jzjNeGxP_cA0_tb46nLxN-KzAAA";received=195.8.106.130;ms-received-port=56348;ms-received-cid=11AC00
    Via: SIP/2.0/TLS 172.19.23.75:65236;branch=z9hG4bK9FFA2BA6.757019415D97CC30;branched=FALSE;ms-received-port=65236;ms-received-cid=1400
    Via: SIP/2.0/TLS 172.19.23.80:49973;branch=z9hG4bKC86F300B.DA568731A4B1BC2F;branched=FALSE;ms-received-port=49973;ms-received-cid=894D00
    Via: SIP/2.0/TLS 172.19.19.23:59211;received=195.8.106.114;ms-received-port=15224;ms-received-cid=11600
    Content-Length: 0
    $$end_record

  • Lync 2013 Federation

    Hi,
    We are planning to Deploy Lync Server 2013 Federation with client domain.
    We have a separate domain at client location onsite (They have their own Lync environment) and Separate domain in Our offshore ODC. The Point-to-Point (Dedicated link ) enabled. So there is no DMZ. We are planning to enable lync federation with client domain.
    Can We place Edge Server in the same network where Front end Server installed? How do we go about this requirement? Please suggest.

    For configure Lync Edge, you need to have two network adapters for each Edge Server, one for the internal-facing interface and one for the external-facing interface.
    Yes, you can put internal NIC with Lync Front End
    For more details about Network interface of Lync Edge, you can check below link
    http://technet.microsoft.com/en-us/library/gg412847.aspx
    For Deploy and Configure Lync Edge
    http://technet.microsoft.com/en-us/library/gg398147.aspx
    Configuring SIP federation, XMPP federation and public instant messaging in Lync Server 2013
    http://technet.microsoft.com/en-us/library/jj205134.aspx
    Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
    Mai Ali | My blog: Technical | Twitter:
    Mai Ali

  • Lync 2013 Mirror Database fails to install - Error: DsRoleGetPrimaryDomainInformation failed with error "6BA".

    Database primary installs just fine for Lync 2013 - however fails instantly when trying to install mirror DB to mirror SQL Server.  The account has dull domain admin, Enterprise admins, and schema admins.  Full access to the share as well.  I
    get the following error:
     InstallMirrorDatabaseCmdlet.StartMirroring
    4/7/2014 10:38:56 AM
    Failed
         └ 
    Error: DsRoleGetPrimaryDomainInformation failed with error "6BA".
    ▼ Details
    └ Type: CannotGetDomainInfoException
    └ ► Stack Trace
        └  
    at Microsoft.Rtc.Management.ADConnect.NativeHelpers.NativeHelper.GetPrimaryDomainInformation(String server)
    at Microsoft.Rtc.Management.Deployment.MirrorUtils.GetSqlServerAccount(String server, String instanceName)
    at Microsoft.Rtc.Management.Deployment.TopologyParser.PopulateDatabasesForSqlInstance(ISqlInstance sqlInstance)
    at Microsoft.Rtc.Management.Deployment.TopologyParser.FindDatabasesForMachine(IMachine machine)
    at Microsoft.Rtc.Management.Deployment.TopologyParser.FindDatabasesForFqdn()
    at Microsoft.Rtc.Management.Deployment.TopologyParser.GetDbListToMirror()
    at Microsoft.Rtc.Management.Deployment.TopologyParser.get_DbInfoList()
    at Microsoft.Rtc.Management.Deployment.InstallMirrorDatabaseCmdlet.StartMirroring()
    at Microsoft.Rtc.Management.Internal.Utilities.LogWriter.InvokeAndLog(Action action)
    4/7/2014 10:38:58 AM
    Error
     └ 
    Error: An error occurred: "Microsoft.Rtc.Management.ADConnect.CannotGetDomainInfoException" "DsRoleGetPrimaryDomainInformation failed with error "6BA"."

    The issue could be a typo in the SQL server name or that the SQL server isn't allowing remote connections. If you run the Install-csmirrordatabase command from powershell you should see more details about the error.
    Take a look at Doug Deitterick's blog: http://blogs.technet.com/b/dodeitte/archive/2013/03/05/issue-configuring-sql-mirroring-for-lync-server-2013-when-sql-witness-is-defined-but-not-available.aspx
    Please mark posts as answers/helpful if it answers your question.
    Blog
    Lync Validator - Used to assist in the validation and documentation of Lync Server 2013.

  • Error when starting Lync 2013 meeting with Office 32 bit windows 8.1 64 bit.

    Hi,
    have Office pro 2013 32 bit and lync 2013 32bit on win 8.1 64 bit. And I can't start lync meeting's. Lync are working. When i start lync detting error " that lync have trouble and that the program has to be restarted." the choise
    is to repare or Close. eighter helps. Any one has any suggestions what to do. 

    Its reasonably uncommon for the client to just crash as far as I have seen. As Desmond has mentioned I would try the latest updates (ensuring that you also have the latest supporting updates for Office). If this doesnt help you may need to look deeper in
    the OS.
    Hope it helps!
    Andrew Morpeth
    Lync Server Specialist - Auckland, NZ
    Blog - http://www.lync.geek.nz
    Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"

  • Lync 2013 Attendant Response Group - Long Delay - Error ID 45019 LS Inbound Routing

    Hello,
    We have a customer who's using Lync Server 2013 with Response Groups and the SamRoxx Attendant Client. They are getting an error whereby calls made directly to users come through instantly, however attendants who take a call via the Response Group
    get a 10 second delay. We are seeing 
    Error ID 45019 LS Inbound Routing
    User ***@***.com provided a routing document with errors.
    Default call handling was applied instead. Merge conflict. Wait total present in both preambles.
    Problems with this user's routing documents will not be reported again for another hour.
    Cause: A new or experimental user agent my have published a routing document with errors.
    Resolution:
    Replace the user agent that published the defective configuration.
    Has anyone seen this before??
    Thanks
    Lync Tips Blog - [email protected] - If this post has been useful please click the green arrow to the left or click 'Propose as answer'

    Hi tomcotton,
    You can try steps below to troubleshoot the problem.
    1. Remove the affected Lync user from the Response Group and test whether the error persists.
    2. I’m not aware of
     the SamRoxx Attendant Client, can you use Lync 2013 client to test and check ?
    Best regards,
    Eric
    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]

  • Lync 2013 Step 3 - Prepare Current Forest Error

    Hello All;
    We are trying to upgrade with a side by side migration but Both in Server 2012R2 and Server 2008R2 SP1 - I'm getting stuck at the same error.
    Our current environment;
    Domain.net
       company.domain.net
       farm.domain.net
    Lync 2010 installed & running with user interaction on farm.domain.net.  "Lync2010.farm.domain.net"
    Lync 2013 is trying to install on farm.domain.net as well "Lync2013.farm.domain.net"
    I get to Step 3 running the setup on "Lync2013.farm.domain.net" and get the error:
    Error: Computer is not a member of the root domain. For security reasons, this action must be run on a root domain computer.
    ▼ Details
    └ Type: DeploymentException
    └ ▼ Stack Trace
        └  
    at Microsoft.Rtc.Management.Deployment.LcForest.PrePrepCheck()
    at Microsoft.Rtc.Management.Deployment.LcForest.PrepareForest()
    Now I've tried the "Enable-CsAdForest -GroupDomain weblynx.net" in both admin powershell and admin lync powershell. 
    http://support.microsoft.com/kb/2549544/en-us 
    Googling is basically telling me the same thing but getting the same error. 
    Any Ideas? 

    Are you running this part of the deployment from the root domain (domain.net) or just farm?  You'll need to run this step separately in the root, even if you're not deploying Lync servers there. 
    Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
    SWC Unified Communications

  • Federation with Skype

    Hello,
    I wanted to enable Skype Federation for my Lync enterprise server. I did the provisionning request, and apparently everything worked fine because I received an email from Microsoft explaining that process was successful.\o/
    I tried then to communicate from my Lync client to a Skype account, but it never worked. I never received invitation from Skype nor Lync so users cannot see them.
    I of course enabled federation on the Lync web interface. I tried this too : http://blogs.4ward.it/lync-2013-and-skype-federation-how-to with no more result.
    My Lync client is a Lync client 2010, so I do not recognize the "add" button I saw on screenshots, but I guess it has no functionnal impact.... Did I miss something ? Is there is any possible reason why the "add buddy " requests be bloqued
    somewhere ? What can I try to monitor the phenomenon ?
    Thank you very much for your help!

    I add some debugging pieces of information....
    On my Edge , I can see the SIP requests comming from the Internet. I tried to add 2 fake user from my Skype client, and 1 existing user.
    The three requests have been catched in the log files, and they all report the same error:
    " $$begin_record
    Severity: warning
    Text: Routing error occured during inbound processing; check Result-Code field for more information
    Result-Code: 0xc3e93d79 SIPPROXY_E_EPROUTING_MSG_UNKNOWN_DOMAIN
    SIP-Start-Line: SUBSCRIBE sip:[email protected];transport=tls SIP/2.0
    SIP-Call-ID: 3e9971e69737@pm
    SIP-CSeq: 1 SUBSCRIBE
    Peer: federation.messenger.msn.com:53013
    $$end_record
    $$begin_record
    Severity: warning
    Text: The domain of the message is not configured and does not appear to belong to a federated partner
    Result-Code: 0xc3e93d79 SIPPROXY_E_EPROUTING_MSG_UNKNOWN_DOMAIN
    SIP-Start-Line: SUBSCRIBE sip:[email protected];transport=tls SIP/2.0
    SIP-Call-ID: 3e9971e69737@pm
    SIP-CSeq: 1 SUBSCRIBE
    Peer: federation.messenger.msn.com:53013
    Data: domain="i-tm.com"
    $$end_record "
    [email protected] is a real user in my Company. The public domain associated to my sip domain is
    i-tm.com. So I guess that [email protected] should be a valid user. But apparently, Edge Server does not recognized it. Maybe there is a confusion between local domain and public domain...
    What do you think ? Thank you for your help.

  • Lync 2013 federation failing for a specific domain

    Hello,
    We have recently migrated to Lync 2013 and noticed that one of the domains we federate with is unable to federate with us.
    we are getting the following error:
    Log Name:      Lync Server Source:        LS Protocol Stack  Event ID:      14428 Task Category: (1001)
    Level:         Error Keywords:      Classic User:          N/A Computer:      server.fqdn.com Description: TLS outgoing connection
    failures.
    Over the past 28 minutes, Lync Server has experienced TLS outgoing connection failures 4 time(s). The error code of the last failure is 0x80090325(SEC_E_UNTRUSTED_ROOT) while trying
    to connect to the server "sip.example.com" at address [10.10.10.10:5061], and the display name in the peer certificate is "Unavailable". Cause: Most often a problem with the peer certificate or perhaps the host name (DNS) record used to
    reach the peer server. Target principal name is incorrect means that the peer certificate does not contain the name that the local server used to connect. Certificate root not trusted error means that the peer certificate was issued by a remote CA that is
    not trusted by the local machine. Resolution: Check that the address and port matches the FQDN used to connect, and that the peer certificate contains this FQDN somewhere in its subject or SAN fields. If the FQDN refers to a DNS load balanced pool then check
    that all addresses returned by DNS refer to a server in the same pool. For untrusted root errors, ensure that the remote CA certificate chain is installed locally. If you have already installed the remote CA certificate chain, then try rebooting the local
    machine.
    Thanks

    Thanks Michael.
    That worked for one of two issues I'm seeing, I did use the same steps for the second issue but it didn't seem to work, I have imported the CA of the domain we would like to federate with to the trusted root certification authorities and the intermediate
    certification authorities per the certificate issuer's website guidelines. I did learn that the federated partner is also using OCS 2007 R2, not sure if this may have to do with this.
    Over the past 30 minutes, Lync Server has experienced TLS outgoing connection failures 1 time(s). The error code of the last failure is 0x80072746 while trying to connect to
    the server "ocs.example.com" at address [10.10.10.10:5061], and the display name in the peer certificate is "ocs.example.com". Cause: Most often a problem with the peer certificate or perhaps the host name (DNS) record used to reach the peer server. Target
    principal name is incorrect means that the peer certificate does not contain the name that the local server used to connect. Certificate root not trusted error means that the peer certificate was issued by a remote CA that is not trusted by the local machine.
    Resolution: Check that the address and port matches the FQDN used to connect, and that the peer certificate contains this FQDN somewhere in its subject or SAN fields. If the FQDN refers to a DNS load balanced pool then check that all addresses returned by
    DNS refer to a server in the same pool. For untrusted root errors, ensure that the remote CA certificate chain is installed locally. If you have already installed the remote CA certificate chain, then try rebooting the local machine.

  • SIP/2.0 480 temporary unavailable federating with Skype

    Lync 2013 trying to talk to Skype users using both outlook.com and msn.com are seeing this in the logs. Is this a problem at the
    MS side or the client side? If its a pic.lync.com problem what could it be? Federation has been enabled with the pic guys sip.clientsite.com the edge server public name is sip.clientsite.com.
    TL_INFO(TF_PROTOCOL) [EdgeServer]08D4.08F4::02/04/2014-11:38:52.444.00000A58 (SIPStack,SIPAdminLog::ProtocolRecord::Flush:ProtocolRecord.cpp(265)) [1506311231] 
    Trace-Correlation-Id: 1506311231
    Instance-Id: 1B8AA8
    Direction: outgoing;source="external edge";destination="internal edge"
    Peer: lync2013pool.local:49476
    Message-Type: response
    Start-Line: SIP/2.0 480 temporary unavailable
    FROM: "Mark user"<sip:[email protected]>;tag=4d905fe173;epid=3e2026efe2
    TO: <sip:[email protected]>;tag=eg8xooh0
    CALL-ID: 9f551d7313e0486cbe204a8666ee9df0
    CSEQ: 1 INVITE
    Via: SIP/2.0/TLS 172.20.1.xxx:49476;branch=z9hG4bK93C79981.C17D7C9A7AABF9D5;branched=FALSE;ms-received-port=49476;ms-received-cid=3E2600,SIP/2.0/TLS 172.20.xxx.xxx:54034;received=172.20.1.xxx;ms-received-port=63663;ms-received-cid=5D400
    CONTENT-LENGTH: 0
    ms-diagnostics: 1035;reason="Previous hop public IM provider did not report diagnostic information";Domain="outlook.com";PeerServer="federation.messenger.msn.com";source="access.nccgroup.com"
    ms-edge-proxy-message-trust: ms-source-type=AuthorizedServer;ms-ep-fqdn=edge.clientsite.local;ms-source-verified-user=verified;ms-source-network=publiccloud;ms-remote-fqdn=federation.messenger.msn.com

    Hi,
    This work before or is a new deploy?
    Take a look on Provisioning Guide Skype-Lync
    http://www.microsoft.com/en-us/download/details.aspx?id=39071
    Please validated your Edge Deploy
    https://testconnectivity.microsoft.com/
    Did you install a public certificate on Edge Server?
    It may take a 7 days after you provisionig for the federation to work.
    Fernando Lugão Veltem
    MVP Lync Server
    **Ajude a melhorar o sistema de busca do fórum.Marque a(s) resposta(s) que foram úteis**

  • Lync 2013 integration with OWA

    Hi,
    I am integrating Lync 2013 ( with SBAs as branches)  with OWA 2010.
    The IM and presence works fine for users homed in the front end pool. However for users in the branch pool it does not work as the certificate is rejected by the CAS server.
    SBA uses same server authentication certificate ( OAuth) as the front end. ( which I believe is expected)
    Below is the error msg im seeing :
    brief error logs:
    ================
    TL_WARN(TF_PROTOCOL) [<SBA>\<SBA>]0704.11F0::06/04/2014-04:45:05.129.00001662 (UserServices,CRegister::OnClientDisconnected:register.cpp(1130)) ( 0000000002AACC20 ) Disconnecting client [[email protected]]/EndpointId
    [a9cf0cb1-b611-50ae-8652-3cab8a0c8056] as it has crashed
    TL_ERROR(TF_CONNECTION) [<SBA>\<SBA>]0704.11F0::06/04/2014-04:45:05.129.00001663 (SIPStack,SIPAdminLog::WriteConnectionEvent:SIPAdminLog.cpp(460)) [4230621814] $$begin_record
    Severity: error
    Text: The connection was closed before TLS negotiation completed. Did the remote peer accept our certificate?
    Local-IP: <SBA ip>:62858
    Peer-IP: <CAS server ip>:5075
    Connection-ID: 0x1FEB401
    Transport: TLS
    $$end_record

    Similar issue here...users homed on the SBAs can only see each other in OWA...users homed in other pools show gray presence indicators.

  • How many Public Certificate do I need for Edge federation with Skype

    Hi All,
    I am trying to setup Lync 2013 with Edge to federate with Skype.
    Now how many Public CA do i need to be able to setup Lync Edge to federate with Skype,.
    Thank you,

    Hi,
    You need to have to add the CA where you're getting the public certificate from. By default, most common Trusted CA's are included in to the Windows OS it self and does not need to be added manually.
    Z-Hire -- Automate Lync User Account creation process ( AD / Exchange / Lync )

  • Lync 2013 problem with interaction in Hyper-V

    Hello,
    during the conference in Lync 2013 does
    not work the guest interaction service,
    which has been referred to the control
    (display the
    desktop). The
    guest can move the
    cursor, but
    can't click or
    write in Hyper-V virtual
    machine. In
    a virtual machine running Windows Server 2012R2. Enhanced VM Interaction is
    on.
    What to do to give away full
    control for the guest?

    I may be confused, but it looks like you're trying to control a server VM with this capability.  Do the actions require elevated or administrator access? If so, by security design this won't work.
    "It is worthwhile mentioning that people who you gave control to in a desktop sharing session will not be able to interact with elevated prompts."
    The article below mentions this, and suggests running as Lync as administrator which we've not had great success with.
    http://blogs.technet.com/b/lync/archive/2012/11/02/presenting-your-screen-in-lync-2013.aspx
    Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
    SWC Unified Communications

  • How to connect Lync 2013 client with OCS 2007 R2 Edge server

    Hi,
    We have OCS 2007 R2 Edge server for external & OCS 2007 R2 FE Server for internal access in our environment.
    We able to access internally Lync2013 clients with OCS 2007R2 server, however from external we cannot access Lync2013 client with OCS2007 R2 server.
    Is there any patch or registry key trick to access OCS from lync2013 client externally? We cannot immediately migrate to Lync2013 server from OCS.
    Any help
    MD

    Hi,
    I suggest you still use OCS 2007 R2 client to login OCS 2007 R2 Server untill finishing migration to Lync Server 2013, as using Lync client with OCS 2007 R2 Server will offer a pretty limited experience.
    Here is a great blog about Lync 2010 Client unsupported with OCS, it is for Lync 2010 client but similar for Lync 2013 client:
    http://blog.schertz.name/2010/09/lync-client-unsupported-ocs/
    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there.
    Please make sure that you completely understand the risk before retrieving any suggestions from the above link.
    Best Regards,
    Eason Huang
    Eason Huang
    TechNet Community Support

Maybe you are looking for

  • How to access a class file outside the package?

    created a two java files Counter.java and TestCounter.java as shown below: public class Counter      public void print()           System.out.println("counter"); package foo; public class TestCounter      public static void main(String args[])       

  • Pls help - can't find contacts easily on N95 8GB

    Hi there. Just got my new N95 8GB -2 & when i add a new contact i can find it by scrolling all the way down but not by one letter. eg I have entered a contact just as M but when i go contacts> M , i get a list of everything with M starting at A!! eg

  • Tried to update deactivated original iPhone

    I have been useing my original deactivated iPhone as an iTouch. I tried to put 3.0 on it and now it is stuck in "emergency call" mode with the usb cable pic. anyway to get it working again as an iTouch??

  • ITunes won't play older purchases says the are not authorized

    SOme of the older TV shows I purchased with this account won't play on my laptop. I looked at the other posts on this issue but not of the advice is relevant. For example, one recommendation to get rid of the "this computer is not authorized" message

  • Why I can't see BDocs via SMW01 but can see via SMW3RC?

    Hi, When I user T-code SMW01 to select BDoc type "BUPA_REL" with status "I", I can not see any BDocs. But when I user T-code SMW3RC with same BDoc type and status, I can see BDoc list. Is there any difference between these 2 Tcode?Do you know why? Be