Lync 2013 Hosting Pack - cannot join external non federated meetings anonymously with desktop client
Hello,
I Have a setup of LHP 2013. We have been testing federation and connections to external on-premises meetings.
Right now users with lync desktop client (2013 and patched) cannot connect to external 3rd party meetings without using the ?SL=1 and using the Wep App.
Desktop Client gives error on log file:
ms-user-logon-data: RemoteUser
Authentication-Info: TLS-DSK qop="auth", opaque="58FBAFA0", srand="0B8651AD", snum="15", rspauth="b63e033e6376b48ec973718f7369e3b90b0d75ba", targetname="lyncfe2.hoster.fi", realm="SIP Communications
Service", version=4
Content-Length: 0
Via: SIP/2.0/TLS 172.20.10.7:49680;received="public.ip";ms-received-port=55863;ms-received-cid=48400
From: "cloud.testuser"<sip:[email protected]>;tag=8f59b0fb81;epid=c7d2e31185
To: <sip:[email protected];gruu;opaque=app:conf:focus:id:5P20J0SK>;tag=C258840F87FD8713D4ADE01307F32C5B
Call-ID: 386e091eb7794fb286b858984349fccd
CSeq: 1 INVITE
ms-diagnostics: 27000;reason="To-Uri Domain is not in the sender-tenant allow list";source="LYNCFE2.hoster.fi";appName="OutgoingFederation"
Server: OutgoingFederation/5.0.0.0
From some old post I have read that was a bug in Lync client that did not allow fail-back to anonymous login with non-federated lync organization, but this has been fixed long ago.
If I do setup a federation beetween the organizations the meetings connect ok.
Thanks for help!
BR, Jouni
Hi Johan,
Lync client in test has been fully updated.
I Think I found what was causing this. In my tests, I added and removed domains from allowed and blocked domains list, in tenant config.
First after tenant organization has been provisioned the AllowedDomains looks like this:
Get-CsTenantFederationConfiguration -Tenant 10828ff2-165d-440f-9c00-6ce374ff0c6d
Identity : Global
AllowedDomains : Microsoft.Rtc.Management.WritableConfig.Settings.Edge.AllowAllKnownDomains
BlockedDomains : {}
AllowFederatedUsers : True
AllowPublicUsers : True
SharedSipAddressSpace : False
And joining to non-federated meetings works correctly.
After fiddling with the allowed and blocked domains settings (adding and removing domains) settings look like this:
Identity : Global
AllowedDomains : Microsoft.Rtc.Management.WritableConfig.Settings.Edge.AllowList
BlockedDomains : {}
AllowFederatedUsers : True
AllowPublicUsers : True
SharedSipAddressSpace : False
When I check what the "AllowList" keeps in, it is empty as it should:
$tenant = Get-CsTenant | Where-Object {$_.Name -eq "tenantname"}
$x = Get-CsTenantFederationConfiguration -Tenant $tenant.TenantId
$x.AllowedDomains
AllowedDomain : {}
If I set the AllowedDomain backup to original form meeting connections begin to work.
$all = New-CsEdgeAllowAllKnownDomains
Set-CsTenantFederationConfiguration -Tenant 10828ff2-165d-440f-9c00-6ce374ff0c6d -AllowedDomains $all
But now im just not very sure how I should setup the federation settings as per tenant/ExternalAccesspolicy/AccessEdgeConfiguration.. hmm..
BR, Jouni
Similar Messages
-
Lync 2013 hosting pack - CU July 2013 Support
Does the Lync 2013 Hosting Pack support the cumulative update of July?
What are the known issues?My experience was running the LyncServerUpdateInstaller and run Install-CsDatabase on the servers. I haven't had it break mobility though.
With that in mind so far you only do that when you first install it because there hasn't been any further updates to Lync 2013 Hosting since it was released.
I have a ticket opened right now about the bad documentation on the deployment guide. My simple url wasn't working because the document says to provide -Tenant $GUID for the meeting URL but it didn't work 100%. However it worked sometimes!!
The Microsoft tech pointed me to a guys blog (yes thats right.. a non-microsoft blog) that shows to drop the -Tenant $GUID from the meeting URL but make sure you keep the -Tenant $GUID for the dialin url.
I basically wined and told them I wanted the 100% right way to do it. I wanted them to tell me either the deployment guide was wrong or there was a bug. Two weeks and no reply yet and they just update to say "They are still looking into it"
Not to mention when I opened the ticket they tried saying "Well this is still a new product". I said its been out for almost a freakin year and its not a NEW product. -
Lync 2013 Hosting Pack v2 Skype integration
I have a Lync 2013 Hosting deployment. Hosting Pack v2 supports public IM with Skype, but in the guide the setup steps are missing. I configured the Federation
(federated provider ect.) like an on premise deployment and enabled Public IM connectivity on the Tenant:
Identity
: Global
AllowedDomains
: Microsoft.Rtc.Management.WritableConfig.Settings.Edge.AllowList
BlockedDomains
AllowFederatedUsers : True
AllowPublicUsers
: True
SharedSipAddressSpace : False
When I add a skype user to my buddy list, I cannot see the presence and in the Lync Front End Logs I get the following failure that the domain is not part of the tenant allow list.
Message-Body: <reportError xmlns="http://schemas.microsoft.com/2006/09/sip/error-reporting"><error toUri="sip:***[email protected]"
callId="c46a551b0e28439482edd9f3cbbc4a78" fromTag="eeef2d866f" toTag="F89423B3CF5DDBEF396B7A8FD53211EF" contentType="application/sdp;call-type=im" responseCode="403" requestType="INVITE"><diagHeader>27000;reason="To-Uri
Domain is not in the sender-tenant allow list";source="FRONTEND.DOMAIN.COM";appName="OutgoingFederation";OriginalPresenceState="0";CurrentPresenceState="0";MeInsideUser="Yes";ConversationInitiatedBy="6";SourceNetwork="5";RemotePartyCanDoIM="Yes"</diagHeader><progressReports/></error></reportError>$$end_record
What can I do to enable public connectivity on the tenant without adding the skype Domain (could be any Live ID) to the tenant allow list?
GreetingsDid you provision Skype Federation for the specific domain?
https://pic.lync.com/provision
Download Provisioning Guide for Lync-Skype Connectivity
http://www.pro-lync.be/blogs/lync2013/archive/2013/05/31/download-provisioning-guide-for-lync-skype-connectivity.aspx
Howto enable audio between Lync & Skype (What the Skype provisioning guide
is not telling you)
http://www.pro-lync.be/blogs/lync2013/archive/2013/06/06/howto-enable-audio-between-lync-amp-skype-what-the-skype-provisioning-guide-is-not-telling-you.aspx
- Belgian Unified Communications Community : http://www.pro-lync.be - MCM/MVP/MCT -
Lync 2013 Hosting pack tenant meet url returns 404
Hi all,
I have a 2 problems in the Hosting pack:
1. Meet urls are correctly generated for tenants (IE https://meet.hoster.com/tenantdomain/user/confID) but they return a 404 when browsing to the meeting from a browser
2. Office web apps presentations just never work. It just says that it cannot connect to the presentation server.
For problem 1, what I tried was:
1. Set Set-Cssimpleconfiguration -UseBackendDatabase $True -Tenant <TenantID>
2. Tried repairing the IIS Rewrite module as per http://social.technet.microsoft.com/Forums/lync/en-US/e1fbdaa9-0961-4171-ab51-91b8d37432de/action?threadDisplayName=lync-meetings-not-available-404-for-every-url
3. Made sure all my domain maps are correct
4. All certs seem 100% fine.
What is weird is:
https://dialin.hoster.com/dialin - works
https://meet.hoster.com/meet - works (Default cannot join the meeting page)
https://meet.hoster.com/tenantdomain/tenantuser/confid - Does not work
Any help will be greatly appreciated.
\\Tjopsta// http://www.tjopsta.netHi,
For first question, try the following steps:
Remove IIS URL Rewrite Module 2 in Control Panel.
Run Step 2: Setup or Remove Lync Server Components with Lync Server Deployment Wizard.
For second question, check if you can access Office Web Apps Server discovery URL via browser.
Check if you associate Office Web Apps Server with Front End pool.
Regards,
Lisa Zheng
Lisa Zheng
TechNet Community Support -
Hi,
I want to host a lync 2013 server for my external clients and users. What would be the considerations, and requirements and server roles to host a server?
My requirement is Web scheduling, meetings. Sharing, Text chats only for external users.
Now we have a local domain testdomain.local using Active Directory.
One live domain which is mydomain.com
Please suggest me the solution for Lync 2013 Hosting for external users.
Thanksyes as Thamara said you have to install the Edge Role in order to login Externally.
check this for installing Edge server
http://social.technet.microsoft.com/wiki/contents/articles/16931.installing-lync-2013-edge-server.aspx
http://www.orcsweb.com/blog/cory-granata/installing-lync-2013-edge-server/
For installing Reverse proxy
http://blogs.technet.com/b/nexthop/archive/2013/02/19/using-iis-arr-as-a-reverse-proxy-for-lync-server-2013.aspx
http://jaapwesselius.com/2014/03/16/using-arr-for-reverse-proxy-with-lync-2013/
SAN
Certificate Requirements
check
for SAN certificate requirements for External access
https://technet.microsoft.com/en-us/library/gg398094.aspx
you required this names to be included in your san certificate
SN = sip.domain.com
SAN = meet.domain.com
SAN= admin.domain.com
SAN= dialin.domain.com
DNS
Records which needs to be created.
check
this for creating External DNS records.
https://technet.microsoft.com/en-us/library/gg398758.aspx
Check
this for adding Routable domain to Lync
http://blog.ucitsimple.com/2011/10/04/adding-new-sip-domains-to-lync/
For
detailed explanation check this great detailed blog how the Dns works for Internal domain and external domain. If your internal domain is different than external Domain
http://msunified.net/2013/08/07/lync-client-sign-in-and-dns-records-recommendations/
Whenever you see a helpful reply, click on Vote As Helpful & click on Mark As Answer if a post answers your question. -
What is the best way to integrate 'External non-SAP Purchasing Application' with SAP SD for third party purchasing/ drop shipping?
Details about expected process Flow.
Receive PO from customer into SAP > SAP SD creates Sales Order > ?? SAP Integrate with External non-SAP Purchasing Application to trigger purchasing > External non-SAP Purchasing Application creates PO, Ships Material to Customer Ship to address (drop ship), Sends Shipping confirmation (FCR) & Invoices to SAP> ??Receive FCR and Invoice in SAP > ?? Initiate SAP Accounts Payable (Vendor Payments) and Accounts Receivable (Customer Invoice) > ?? Update SAP SD Sales Order with shipping status>
Questions we need to answer;
- How to achieve '??' steps from above process.
- What type of Master Data we will need to configure (Say Materials Item Category, Type etc.)
- Any standards options to configure SAP SD (Type of Sales Order)
- We certainly don’t want to trigger SAP MM Purchasing (i.e. PR, PO etc.). How can we bypass it.
- How to make statistical receipts against sales order line items so that SO status will be updated.
- How to receive Invoice and FCR from External non-SAP app to trigger AP and AR transactions.
- Are there any SAP standard configurations/ BAPIs/ BADIs available to achieve this integration.
Any inputs on above questions are appreciable.
Anand.This question is resolved. We ended up activating purchasing module and used purchasing documents PR/ PO to integrate with third party purchasing system.
Anand. -
Lync multitenant hosting pack install guide
Hi
any one have Lync multitenant pack for hosting installation/deployment guide to setup for lab, tried Microsoft deployment guide but that is not more usfull. if some one have the guide or step by step share the details.For Lync Server 2013 Multitenant Hosting Pack, you should check the deployment guide below:
http://www.microsoft.com/en-in/download/details.aspx?id=39101
Lisa Zheng
TechNet Community Support -
Texting to non-iPhones has been difficult. In fact, it is not possible from my phones. There are family members that I would like to contact on non-iPhones, but on my same calling net work.
I would contact your phone carrier as they handle text messaging.
Or look at this link troubleshooting message http://support.apple.com/kb/ts2755 -
In post http://social.technet.microsoft.com/Forums/lync/en-US/8a22eed7-cc63-4f9e-b422-3c5a57fb32b0/lync-2013-multitenant-pack-and-lync-2010?forum=lyncdeploy , which was already answered, the answer is no, you cannot migrate from 2010 on-prem. to lync 2013
hosted pack.
Trying to get my head around #1 -why, and #2 -what other alternatives are available.
Lisa answered that there can only be 1 CMS per forest. Is it one CMS per forest, or
one CMS per front end pool in a forest? Meaning you can have different CMS pools. If that were true, we could migrate users to a different front end pool in a coexistence scenario between 2010 on-prem to 2013 hosted pack.
Has anyone done this?
This is tough. I guess a cutover then from 2010 to 2013 multitenant hosted pack would be what?
1. Uninstall 2010, decommission users, decom environment/servers.
2. Fresh install in same AD environment of 2013 hosted pack.
That's tough for our users to make such a transition and have potentially days of downtime.
Is there no other way to do this?
JoshIt is one CMS per forest.
There is no official guide to move from Microsoft Lync Server to Microsoft Lync Server Multitenant Hosting Pack.
This topic has been discussed several times before:
http://social.technet.microsoft.com/Forums/lync/en-US/9d438b55-ec53-478a-9247-6d355abedb78/started-installing-lync-2010-enterprise-discovered-multitenant-hosting-pack-do-i-need-to-uninstall?forum=ocsplanningdeployment
http://social.technet.microsoft.com/Forums/lync/en-US/ad0b77ca-d47e-457b-8f77-33f84409a119/schema-update-lync-hosting-pack?forum=ocsplanningdeployment
Lisa Zheng
TechNet Community Support -
Lync 2013 Multitenant hosting meeting URL
I have a Lync 2013 multitenant hosting environment. Lync Meeting Add-in for Microsoft Outlook 2013 closes itself a split second after it opens, no
error, no pop-up, and no message to say what’s going on. Yet within the Lync client, I can still start an ad-hoc meeting (“Meet Now”), But the
Meeting Entry Info URL looks like this conf:sip:bongani@......... Instead of a norma https link. I also have the event below on the Lync server event
viewer. but the meeting URL are configured in the format https://meet.hosterdomain.co.za/tenantdomain.co.za
Event ID 32148 – LS User Service
A user tried to create a conference with no Simple URL of type Meet available. This configuration will not work for scheduled conferences. Ad-hoc
conferences may be created but join functionality will be impaired.
And if I do a Set-CsSimpleUrlConfiguration -UseBackEndDatabase $false as recommended. I get the following when I run enable-cscomputer.
WARNING: No patterns found. Skipping rewrite rules creation for Meet simple URLs.
WARNING: No patterns found. Skipping rewrite rule creation for dial-in conferencing.
WARNING: No patterns found. Skipping rewrite rule creation for Web Scheduler.
WARNING: No patterns found. Skipping rewrite rule creation for dial-in conferencing.
WARNING: No patterns found. Skipping rewrite rule creation for Web Scheduler.
WARNING: "Enable-CsComputer" processing has completed with warnings. "5" warnings were recorded during this run.
WARNING: Detailed results can be found at "C:\Users\xxx\AppData\Local\Temp\Enable-CsComputer-26374787-f6b5-4a07-b8f4-7bd819d3ffc3.html".
I tried following http://www.lyncexch.co.uk/lync-2013-hosting-pack-tenant-meet-dialin-urls/ but the URL doesnt change.
Not sure if all these are related or what needs to be corrected please assist.For Event ID 32148 – LS User Service, you can refer below links
http://www.lyncexch.co.uk/lync-2013-hosting-pack-tenant-meet-dialin-urls/
http://www.lyncexch.co.uk/2014/02/
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
Mai Ali | My blog: Technical | Twitter:
Mai Ali -
Exchange AA transfer to extension to Lync 2013
I'm having issues getting the Exchange AA to transfer to extensions when using key mapping. Basically you can say a person's name and it will transfer to their extension just fine but not with the key mapping.
We are using Exchange 2010 SP3 RU4 with Lync 2013 Hosting Pack.
I found the issue but not sure how to go about resolving it.
Lync User: [email protected]
Lync Extension: +15554443333;ext=151
Exchange Extension: 151
Dial plan in Lync 2013 will convert 3-digit numbers to: +15554443333;ext=$1 for these users
Each company has their own dial plan. This particular dial plan in Lync translates the 3-digit to the full number. The problem is the transfer from Exchange AA to Lync doesn't seem to use the user's dial plan. I also cannot put a translation on the Exchange
side to do this type of format: +15554443333;ext=$1
It looks like with the key mapping it is trying to transfer to this:
REFER-TO: <sip:151;[email protected];user=phone>
P-ASSERTED-IDENTITY: <sip:[email protected]>
But of course that doesn't exist. The SIP for this user is sip:[email protected]
I ran the Lync Debugging utility and saw this:
ms-diagnostics: 14011;reason="Called Number translated";source="LYNCFE0101.COMPSYSCLOUD.COM";RuleName="Keep All";CalledNumber="151";TranslatedNumber="151";appName="TranslationService"
Start-Line: SIP/2.0 403 Forbidden
From: <sip:[email protected];user=phone>;epid=786443AA96;tag=61bfdb74d3
To: <sip:151;[email protected];user=phone>;tag=7C193436618B4C0FD1DD5B0D9EA788A5
Call-ID: d71f8c3b-0b1e-45c5-b917-0bb71ab9e240
CSeq: 16062 INVITE
Via: SIP/2.0/TLS 10.1.15.6:50244;branch=z9hG4bKf79f7414;ms-received-port=50244;ms-received-cid=BC2600
Content-Length: 0
ms-diagnostics: 12004;reason="The user is not authorized to call the specified number or none of the
routes have a valid gateway configured.";source="LYNCFE0101.DOMAIN.COM";appName="OutboundRouting"
To: <sip:151;[email protected];user=phone>;tag=4FFA2DD9248FE7799456F95533983128
Call-ID: 92f65e8040e1453e85a09ef45bc27c18
CSeq: 16063 SERVICE
Via: SIP/2.0/TLS 10.1.15.1:61309;branch=z9hG4bK957FF7E7.C2D462B71F179899;branched=FALSE;ms-received-port=61309;ms-received-cid=AFA00
Via: SIP/2.0/TLS 10.1.15.6:50244;branch=z9hG4bK488849d7;ms-received-port=50244;ms-received-cid=BC2600
Content-Length: 0
ms-diagnostics: 1003;reason="User does not exist";destination="151;[email protected]";source="sip.domain.com"
ms-edge-proxy-message-trust: ms-source-type=EdgeProxyGenerated;ms-ep-fqdn=edge.domain.com;ms-source-verified-user=verifiedHi,
You need create a UM auto-attendant for each Lync Server dial plan with the following command:
New-umautoattendant -name <auto attendant name> -umdialplan < name of dial plan created in step 1> -PilotIdentifierList <auto attendant phone number in E.164 format> -SpeechEnabled $true -Status
Enabled
You can refer to the link of “Configure Unified Messaging on Microsoft Exchange”:
http://technet.microsoft.com/en-us/library/gg398129.aspx
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support -
Lync 2013 certificate requirements for multiple SIP domains
Hi All,
I am engaged with a client in respect of a Lync 2013 implementation initially as a conferencing platform with a view to enabling EV functions (inc. PSTN conferencing) in the future. They initially need to support 30 SIP domains and eventually
around 100 SIP domains which is proving to be either not possible or severely cost prohibitive. Their current certificate provider, Thawte, can only support up to 25 SANs and have quoted them 5 figures. We tend to use GeoTrust as they are cheaper but they
appear to have a limit of 25 SANs. GoDaddy appear to support up to 100 SANs for a pretty reasonable cost. My questions are as follows:
Is there a way that I’m missing of reducing the number of SANs required on the Edge server?
Use aliases for access edge FQDNs - Supported by desktop client but not by other devices so not really workable
Don’t support XMPP federation therefore removing the need for domain name FQDNs for each SIP domain
Is there a way that I’m missing of reducing the number of SANs required on the Reverse Proxy server?
Friendly URL option 3 from this page:
http://technet.microsoft.com/en-us/library/gg398287.aspx
Client auto-configuration:
i.
Don’t support mobile client auto-configuration in which case no lyncdiscover.sipdomain1.com DNS records or SANs would be required.
ii.
Support mobile client auto-configuration over HTTP only in which case CNAME records are required for each SIP domain (lyncdiscover.sipdomain1.com, etc. pointing to lyncdiscover.designateddomain.com) but no SANs are required.
iii.
Support mobile client auto-configuration over HTTPS in which case DNS records are required for each SIP domain and a SAN entry for each SIP domains is also required. This is because a DNS CNAME to another domain is not supported over
HTTPS.
If the answer to 1 and/or 2 is no, are there certificate providers that support over 100 SANs?
How do certificate requirements differ when using the Lync 2013 hosting pack? I would think that this issue is something that a hosting provider would need to overcome.
Would the Lync 2013 Hosting Pack work for this customer? The customer uses SPLA licensing so I think is eligible to use the hosting pack but not 100% sure it will work in their environment given that client connections are supposed
to all come through the Edge where their tenants will be internal and also given the requirement for an ACP for PSTN conferencing.
Many thanks,Many thanks for the response.
I was already planning to use option 3 from the below page for simple URLs to cut down on SAN requirement.
http://technet.microsoft.com/en-us/library/gg398287.aspx
What are the security concerns for publishing autodiscover over port 80? I.e. Is this only used for the initial download of the discovery record and then HTTPS is used for authentication? This seems to be the case from the following note on the below page:
http://technet.microsoft.com/en-gb/library/hh690030.aspx
Mobile device clients do not support multiple Secure Sockets Layer (SSL) certificates from different domains. Therefore, CNAME redirection to different domains is not supported over HTTPS. For example, a DNS CNAME record for lyncdiscover.contoso.com that redirects
to an address of director.contoso.net is not supported over HTTPS.
In such a topology, a mobile device client needs to use HTTP for the first request, so that the CNAME redirection is resolved over HTTP. Subsequent requests then use HTTPS. To support this scenario, you need to configure your reverse proxy with a web publishing
rule for port 80 (HTTP).
For details, see "To create a web publishing rule for port 80" in Configuring the Reverse Proxy for Mobility. CNAME redirection to the same domain is supported over HTTPS. In this case, the destination domain's certificate covers the originating
domain.”
I don’t think SRV records for additional SIP domain access edge is a workable solution as this is not supported by some devices.
As per the below article:
http://blog.schertz.name/2012/07/lync-edge-server-best-practices/
“The recommended approach for external client Automatic Sign-In when supporting multiple SIP domains is to include a unique Access Edge FQDN for each domain name in the SAN field. This is no longer a requirement (it was in OCS) as it is possible to
create a DNS Service Locator Record (SRV) for each additional SIP domain yet have them all point back to the same original FQDN for the Access Edge service (e.g. sip.mslync.net).
This approach will trigger a security alert in Windows Lync clients which can be accepted by the user, but some other clients and devices are unable to connect when the Automatic Sign-In process returns a pair of SRV and Host (A) records which do not share
the same domain namespace. Thus it is still best practice to define a unique FQDN for each additional SIP domain and include that hostname in the external Edge certificate’s SAN field”.
===================
1. Basically the requirement is to initially provide Lync conferencing services (minus PSTN conferencing) to internal, external, federated and anonymous participants with a view to providing PSTN conferencing and therefore enterprise voice services later.
2. The customer currently supports close to 100 SMTP domains and wants to align their SIP domains with these existing domains. The structure of their business is such that “XXX IT Services” provide the IT infrastructure for a collection of companies who
fall under the XXX umbrella but are very much run as individual entities.
Question:
Would you agree that I’m going to need a SAN for every SIP domain’s access edge FQDN?
Thanks. -
Lync 2013 for iPad & Windows Mobile Sign in Issue
Hi,
I hope someone can help with a very frustrating issue I'm having with Lync 2013 on iOS & Windows Mobile - it won't sign in with an error message saying 'We can't sign you in. Please check your account info and try again'
I know my account info is right as I use it to sign in to the desktop client when working remotely, and it also works fine on an Android client.
The Lync remote connectivity analyser passes all the tests, I can get to the xml file using https://lyncdiscover.domain.org/autodiscover/autodiscoverservice.svc/root from a laptop, but from the iPad it's just a blank screen.
I've tried using auto detect, and entering details manually, but still no luck. I'm completely stumped. I've trawled blogs, form posts etc, but nothing. HELP!!!
Some details - we have a FE server, and an Edge Server, both running Lync 2013 with latest updates. We use nGinX as the RP and that all seems to be fine. It just doesn't want to authenticate me (or anyone else).
See below part of log file from my iPad that shows an error on the FE server.
</SentRequest>
2014-03-07 08:19:36.200 Lync[1615:74c6000] INFO UTILITIES CHttpStreamPool.cpp/409:Allocating stream 0x589d0a0 for url - http://lyncdiscover.domain.org/ with persistent id as 7
2014-03-07 08:19:36.200 Lync[1615:74c6000] VERBOSE TRANSPORT CHttpProxyHelper.cpp/436:CHttpProxyHelper::discoverProxy : No proxy found for url http://lyncdiscover.domain.org/. Sending over direct connection.
2014-03-07 08:19:36.200 Lync[1615:74c6000] INFO TRANSPORT CHttpStreamPool.cpp/556:Not setting TLS as the url(http://lyncdiscover.domain.org/) is not https
2014-03-07 08:19:36.205 Lync[1615:3bc6218c] INFO UI CMConversationCommon.mm/43:not signed in
2014-03-07 08:19:36.206 Lync[1615:3bc6218c] INFO UI CMConversationCommon.mm/43:not signed in
2014-03-07 08:19:36.206 Lync[1615:3bc6218c] INFO UI CMConversationCommon.mm/43:not signed in
2014-03-07 08:19:36.206 Lync[1615:3bc6218c] INFO UI CMConversationCommon.mm/43:not signed in
2014-03-07 08:19:36.206 Lync[1615:3bc6218c] INFO UI CMConversationCommon.mm/43:not signed in
2014-03-07 08:19:36.595 Lync[1615:74c6000] INFO UTILITIES CHttpConnection.cpp/577:Received kCFStreamEventEndEncountered (UcwaAutoDiscoveryRequest)isHeadersAvailable = true responseHeadersHandle = 58b1930
2014-03-07 08:19:36.596 Lync[1615:74c6000] INFO UTILITIES CHttpConnection.cpp/651:Response status = 200 for request UcwaAutoDiscoveryRequest
2014-03-07 08:19:36.597 Lync[1615:74c6000] INFO UTILITIES CHttpStreamPool.cpp/455:Scheduling stream 0x58812c0 for release.
2014-03-07 08:19:36.597 Lync[1615:74c6000] INFO TRANSPORT CHttpRequestProcessor.cpp/173:Received response of request(UcwaAutoDiscoveryRequest) with status = 0x0
2014-03-07 08:19:36.598 Lync[1615:74c6000] INFO TRANSPORT TransportUtilityFunctions.cpp/925:<ReceivedResponse>
GET https://lyncdiscover.domain.org/?sipuri=sip:[email protected]
Request Id: 0x11d4988
HttpHeader:Cache-Control no-cache
HttpHeader:Connection keep-alive
HttpHeader:Content-Length 1025
HttpHeader:Content-Type application/vnd.microsoft.rtc.autodiscover+xml; v=1
HttpHeader:Date Fri, 07 Mar 2014 08:19:34 GMT
HttpHeader:Expires -1
HttpHeader:Pragma no-cache
HttpHeader:Server nginx/1.4.1
HttpHeader:StatusCode 200
HttpHeader:X-AspNet-Version 4.0.30319
HttpHeader:X-Content-Type-Options nosniff
HttpHeader:X-MS-Server-Fqdn KPPLYN04.ad.domain.org
HttpHeader:X-Powered-By ASP.NET
Ôªø<?xml version="1.0" encoding="utf-8"?><AutodiscoverResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" AccessLocation="External"><Root><Link
token="Domain" href="https://extwebsvc01.domain.org/Autodiscover/AutodiscoverService.svc/root/domain?originalDomain=domain.org" /><Link token="User" href="https://extwebsvc01.domain.org/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=domain.org"
/><Link token="Self" href="https://extwebsvc01.domain.org/Autodiscover/AutodiscoverService.svc/root?originalDomain=domain.org" /><Link token="OAuth" href="https://extwebsvc01.domain.org/Autodiscover/AutodiscoverService.svc/root/oauth/user?originalDomain=domain.org"
/><Link token="External/XFrame" href="https://extwebsvc01.domain.org/Autodiscover/XFrame/XFrame.html" /><Link token="Internal/XFrame" href="https://ly13webpool.ad.domain.org/Autodiscover/XFrame/XFrame.html"
/><Link token="XFrame" href="https://extwebsvc01.domain.org/Autodiscover/XFrame/XFrame.html" /></Root></AutodiscoverResponse>
</ReceivedResponse>
2014-03-07 08:19:36.599 Lync[1615:74c6000] INFO TRANSPORT CUcwaAutoDiscoveryResponse.cpp/119:location value is external
2014-03-07 08:19:36.600 Lync[1615:74c6000] INFO TRANSPORT CUcwaAutoDiscoveryResponse.cpp/195:User url is https://extwebsvc01.domain.org/autodiscover/autodiscoverservice.svc/root/user?originaldomain=domain.org
2014-03-07 08:19:36.601 Lync[1615:74c6000] INFO TRANSPORT CHttpRequestProcessor.cpp/266:Sending event to main thread for request(0x11d4988)
2014-03-07 08:19:36.602 Lync[1615:3bc6218c] INFO APPLICATION CTransportRequestRetrialQueue.cpp/822:Req. completed, Stopping timer.
2014-03-07 08:19:36.602 Lync[1615:3bc6218c] INFO APPLICATION CUcwaAutoDiscoveryGetUserUrlOperation.cpp/290:Received a root response
2014-03-07 08:19:36.602 Lync[1615:3bc6218c] INFO APPLICATION CUcwaAutoDiscoveryGetUserUrlOperation.cpp/224:UcwaAutoDiscoveryGetUserUrlOperation completed with url = https://lyncdiscover.domain.org/?sipuri=sip:[email protected], userUrl = https://extwebsvc01.domain.org/autodiscover/autodiscoverservice.svc/root/user?originaldomain=domain.org,
status = S_OK (S0-0-0)
2014-03-07 08:19:36.603 Lync[1615:3bc6218c] INFO APPLICATION CTransportRequestRetrialQueue.cpp/725:Response received for req. GET-UnAuthenticatedGet(0x11d4988): S_OK (S0-0-0) (Success); Done with req.; Stopping resend timer
2014-03-07 08:19:36.603 Lync[1615:3bc6218c] INFO APPLICATION CTransportRequestRetrialQueue.cpp/399:Cancelling all requests
2014-03-07 08:19:36.603 Lync[1615:3bc6218c] INFO APPLICATION CTransportRequestRetrialQueue.cpp/409:Cancelling request: 0x1124488
2014-03-07 08:19:36.604 Lync[1615:3bc6218c] INFO TRANSPORT CSessionBase.hxx/158:Cancelling request: 0x1124488
2014-03-07 08:19:36.604 Lync[1615:3bc6218c] INFO TRANSPORT CTransportThread.cpp/163:Added Request(UcwaAutoDiscoveryRequest) to Request Processor queue
2014-03-07 08:19:36.604 Lync[1615:3bc6218c] INFO APPLICATION CUrlRedirectAndTrustResolver.cpp/610:UrlRedirectAndTrustResolver complete with url = http://lyncdiscover.domain.org/, Hops = 1, status = W_Cancelled (W0-0-6)
2014-03-07 08:19:36.605 Lync[1615:74c6000] INFO TRANSPORT CTransportThread.cpp/343:Sent Request(UcwaAutoDiscoveryRequest) to Request Processor
2014-03-07 08:19:36.605 Lync[1615:3bc6218c] INFO APPLICATION CUcwaAutoDiscoveryGetUserUrlOperation.cpp/224:UcwaAutoDiscoveryGetUserUrlOperation completed with url = http://lyncdiscover.domain.org/?sipuri=sip:[email protected], userUrl = , status = W_Cancelled
(W0-0-6)
2014-03-07 08:19:36.605 Lync[1615:74c6000] INFO UTILITIES CHttpStreamPool.cpp/455:Scheduling stream 0x589d0a0 for release.
2014-03-07 08:19:36.606 Lync[1615:3bc6218c] INFO TRANSPORT CCredentialManager.cpp/176:getSpecificCredential for serviceId(1) returning: credType (1) signInName ([email protected]) domain (ad) username (ab00wk) password.empty() (0) certificate.isValid() (0)
privateKey.empty() (1) compatibleServiceIds(1)
2014-03-07 08:19:36.606 Lync[1615:3bc6218c] INFO TRANSPORT CMetaDataManager.cpp/403:Received a request to get the meta data of type 0 for url https://extwebsvc01.domain.org/autodiscover/autodiscoverservice.svc/root/user?originaldomain=domain.org
2014-03-07 08:19:36.606 Lync[1615:3bc6218c] INFO TRANSPORT CMetaDataManager.cpp/467:Sending Unauthenticated get to get the web-ticket url
2014-03-07 08:19:36.607 Lync[1615:3bc6218c] INFO TRANSPORT CTransportThread.cpp/131:Added Request() to Request Processor queue
2014-03-07 08:19:36.607 Lync[1615:3bc6218c] INFO TRANSPORT CAuthenticationResolver.cpp/108:Waiting on Meta Data from https://extwebsvc01.domain.org/autodiscover/autodiscoverservice.svc/root/user?originaldomain=domain.org
2014-03-07 08:19:36.607 Lync[1615:6081000] INFO TRANSPORT CTransportThread.cpp/343:Sent Request() to Request Processor
2014-03-07 08:19:36.607 Lync[1615:3bc6218c] INFO APPLICATION CTransportRequestRetrialQueue.cpp/385:Submitting new req. GET-AuthenticatedUserGetRequest(0x11e6bf8)
2014-03-07 08:19:36.608 Lync[1615:6081000] WARNING TRANSPORT CCredentialManager.cpp/317:CCredentialManager::getSpecificCredential returning NULL credential for serviceId (4) type (1)!
2014-03-07 08:19:36.608 Lync[1615:3bc6218c] INFO APPLICATION CUcwaAutoDiscoveryService.cpp/1194:Submitting Authenticated AutoDiscovery request to https://extwebsvc01.domain.org/autodiscover/autodiscoverservice.svc/root/user?originaldomain=domain.org
2014-03-07 08:19:36.609 Lync[1615:6081000] INFO TRANSPORT TransportUtilityFunctions.cpp/631:<SentRequest>
GET https://extwebsvc01.domain.org/autodiscover/autodiscoverservice.svc/root/user?originaldomain=domain.org
Request Id: 0x1124488
HttpHeader:Accept
HttpHeader:X-MS-WebTicket xxxxxxxxxx
</SentRequest>
2014-03-07 08:19:36.609 Lync[1615:3bc6218c] INFO APPLICATION CUcwaAutoDiscoveryService.cpp/1688:Ignoring GetUserUrlOperation event as current state is 6
2014-03-07 08:19:36.610 Lync[1615:3bc6218c] INFO APPLICATION CUcwaAutoDiscoveryService.cpp/1690:Request url was http://lyncdiscover.domain.org/?sipuri=sip:[email protected]
2014-03-07 08:19:36.610 Lync[1615:6081000] INFO UTILITIES CHttpStreamPool.cpp/409:Allocating stream 0x58bf6c0 for url - https://extwebsvc01.domain.org/autodiscover/autodiscoverservice.svc/root/user with persistent id as 15
2014-03-07 08:19:36.610 Lync[1615:6081000] VERBOSE TRANSPORT CHttpProxyHelper.cpp/436:CHttpProxyHelper::discoverProxy : No proxy found for url https://extwebsvc01.domain.org/autodiscover/autodiscoverservice.svc/root/user?originaldomain=domain.org. Sending over
direct connection.
2014-03-07 08:19:36.941 Lync[1615:6081000] INFO UTILITIES CHttpConnection.cpp/577:Received kCFStreamEventEndEncountered (0x%u0x104bc00)isHeadersAvailable = true responseHeadersHandle = 58b6bd0
2014-03-07 08:19:36.942 Lync[1615:6081000] INFO UTILITIES CHttpConnection.cpp/651:Response status = 401 for request 0x%u0x104bc00
2014-03-07 08:19:36.943 Lync[1615:6081000] INFO UTILITIES CHttpConnection.cpp/718:Not send authenticating request(0x%u0x104bc00). isAuthObjectValid - 0, areCredentialsValid - 0, resendRequestCounter - 1
2014-03-07 08:19:36.943 Lync[1615:6081000] INFO UTILITIES CHttpStreamPool.cpp/455:Scheduling stream 0x58bf6c0 for release.
2014-03-07 08:19:36.943 Lync[1615:6081000] INFO TRANSPORT CHttpRequestProcessor.cpp/173:Received response of request() with status = 0x0
2014-03-07 08:19:36.944 Lync[1615:6081000] INFO TRANSPORT TransportUtilityFunctions.cpp/925:<ReceivedResponse>
GET https://extwebsvc01.domain.org/autodiscover/autodiscoverservice.svc/root/user?originaldomain=domain.org
Request Id: 0x1124488
HttpHeader:Cache-Control no-cache
HttpHeader:Connection keep-alive
HttpHeader:Content-Length 1293
HttpHeader:Content-Type text/html
HttpHeader:Date Fri, 07 Mar 2014 08:19:35 GMT
HttpHeader:Server nginx/1.4.1
HttpHeader:StatusCode 401
HttpHeader:X-Content-Type-Options nosniff
HttpHeader:X-MS-Server-Fqdn KPPLYN04.ad.domain.org
HttpHeader:X-MS-WebTicketSupported cwt,saml
HttpHeader:X-MS-WebTicketURL https://extwebsvc01.domain.org/WebTicket/WebTicketService.svc
HttpHeader:X-Powered-By ASP.NET
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
<title>401 - Unauthorized: Access is denied due to invalid credentials.</title>
<style type="text/css">
<!--
body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;}
fieldset{padding:0 15px 10px 15px;}
h1{font-size:2.4em;margin:0;color:#FFF;}
h2{font-size:1.7em;margin:0;color:#CC0000;}
h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;}
#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;
background-color:#555555;}
#content{margin:0 0 0 2%;;}
.content-container{background:#FFF;width:96%;margin-top:8px;padding:10px;;}
-->
</style>
</head>
<body>
<div id="header"><h1>Server Error</h1></div>
<div id="content">
<div class="content-container"><fieldset>
<h2>401 - Unauthorized: Access is denied due to invalid credentials.</h2>
<h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3>
</fieldset></div>
</div>
</body>
</html>
If you need any further info, please let me know.
Thanks in advance
AronHi,
Did the sip address name match with User Principle Name?
If not, when you enter the login information please also populate the Username filed using the format domainusername and test again.
Here is a blog may help you, it is for Lync server 2010 but similar for Lync server 2013:
http://blogs.perficient.com/microsoft/2011/12/lync-mobility-understanding-sip-sign-in-address-vs-user-principle-name-upn/
Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make
sure that you completely understand the risk before retrieving any suggestions from the above link.
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support -
No coexistence, Totally decom Lync 2010, then install Lync 2013
I have went through decomming Lync 2010 Enterprise on prem with the desire to go to Lync 2013 Hosted Multi-Tenancy, using the same domain.
So, as you can imagine doing this in a test env. (mirroring the prod env.) I have uninstalled Lync 2010, followed all best practices, made sure ADSI ref. were gone to Lync 2010 (to my knowledge).
Now that I have uninstalled the last Lync 2010 boxes, Installed Lync 2013 on the first frontend server, fired up the setup and went through the topology builder wizards, and after filling out Edge server pools, etc, I have a topology showing Lync 2010 and
2013. Is that correct? This is my first time installing 2013 Lync. Is Lync 2010 supposed to be showing in the topology?
Maybe this is normal for 2013, maybe this doesnt matter for me to continue. I'd just like to cleanly get rid of any 2013 references or leftovers.
JoshHi,
Agree with Anthony and Rodolfo.
Here is Lync server 2013 topology (I didn't deploy Lync server 2010):
What's more, please check if you remove all Lync server 2010 information from AD.
If you meet error about remanent Lync information in AD, you can refer to the link of "Remove Lync from Active Directory":
http://blog.armgasys.com/?p=320
Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make
sure that you completely understand the risk before retrieving any suggestions from the above link.
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support -
Hi,
Can we monitor Lync 2013 with SCOM 2007 R2 ?
My RMS is windows 2003 R2 64 bit
ThanksTry to Import Lync 2013 MP for below link
http://www.microsoft.com/en-eg/download/details.aspx?id=35842
This Lync 2013 MP support • Operating Systems: Windows Server® R2 (64-bit) and Windows Server 2012 (64-bit). • System Center Operations Manager: System Center Operations Manager 2007 R2 and System Center Operations Manager 2012; 64-bit agents only.
For how to configure Lync 2013 management pack , you can refer below link
http://technet.microsoft.com/en-us/library/jj205052.aspx
Please remember, if you see a post that helped you please click (Vote As Helpful) and if it answered your question, please click (Mark As Answer).
Maybe you are looking for
-
MDM Approval Workflow - Send to previous step using API
Hi, I am working on MDM 7.1 SP 07. I have integrated MDM workflow with UWL. I have written a custom web dynpro application to approve the workflow record using MDM APIs. I am able to accept the workflow task, mark it as APPROVED, mark as DONE and sen
-
Hi All, I would like to pros and cons of BPM. Performance point of view, and Maintenance point of view. Please give me suggestion, <u>when should i use/avoid BPM?</u> Thanking you in advance. Regards Piyush
-
Uplaod Adobe form from application server
I've a requirement where the Adobe interactive from files will be located in the application server directory and need to be uploaded from there. I'm using "open data set... in binary mode" comment to open the file and then read it and store in the
-
SIS - Re-organization of info structure data
Hi, can anyone advise if there's std SAP transaction to re-organise SIS data if there are errors due to update rules or master data such that we would like to re-update the values in the info structures? Thanks PP
-
I turned on my Powerbook G4 today and was amazed to find that the lower lefthand corner on my screen is about 10x brighter than the rest of my display. I looks like somone erased about a 3 inch hole in my display. I can still see everything behind th