Lync 2013 Mobile unable to login from wifi
Dear All,
Many thanks in advance.
My Lync 2013 mobile client is unable to login via internal network.
I have tried to provide external web directory and lyncdiscover by giving way through internal leg of reverseproxy(TMG).
I think I'm missing something from the basic. Will appreciate your reply. :)
You are not missing something basic, this is a real issue with using Lync mobile while on internal corpnet. A known feature (issue) with Lync mobile is that has to connect to the external web services. So when internal it will hairpin out your FW and connect
to the web services:
http://technet.microsoft.com/en-us/library/hh690030.aspx
Some more info:
http://blog.schertz.name/2013/07/understanding-lync-2013-mobility/
A lot of Firewalls do not allow this sort of "hairpinning".
Thom Foreman, MCSE, MCSA, MCTS
Similar Messages
-
Hello,
I have a Lync 2013 server installed with CU1.
I can connect to it perfectly with the windows client and the mobile Lync 2010 client. However when i try to login to the server with the Lync 2013 mobile client, i get : "An error occured in Lync. Please retry. If the problem persists, contact your
support team."Hi Barry,
i have fixed the certificate issue, now i get an xml file when going to the web address.
This XML file does not appear to have any style information associated with it. The document tree is shown below.
<resource xmlns="http://schemas.microsoft.com/rtc/2012/03/ucwa" rel="root" href="https://lync.'domain'.local/Autodiscover/AutodiscoverService.svc/root?originalDomain='domain'.com.au">
<link rel="user" href="https://lync.'domain'.com.au/Autodiscover/AutodiscoverService.svc/root/oauth/user?originalDomain='domain'.com.au"/>
<link rel="xframe" href="https://lync.'domain'.com.au/Autodiscover/XFrame/XFrame.html"/>
</resource> -
I am unable to login from my login page after I restarted my mini mac running snow leopard 10.6 server. I am a new user. Need help
Try clearing your cache, [https://support.mozilla.org/en-US/kb/How to clear the cache Instructions here]. Then, try going to [https://accounts.google.com Google Accounts]. If there is currently an account singed in, sign out, then back in. After that, try going to Google Adwords.
-
Lync 2013 mobile client can't see all fields in contact card
We have deployed Lync 2013 infra in our organization, now we observed, mobile Lync client users are not able to see other users mobile number on contact card rest all information is visible.
Is there any workaround or fix to resolve this issue. Appreciate quick help.That's effectively by design (but a popular complaint). The workaround is to put the users who's mobile numbers you need in your Outlook contact list. There's another workaround related to setting the privacy relationship, but you have to coordinate
it with many people which is not too feasible.
Here are others upset about it:
http://ammarhasayen.com/2013/09/25/lync-2013-mobile-contact-card-not-showing-mobile-number/
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
SWC Unified Communications -
Hi,
Im currently upgrading Lync 2010 to 2013.
Is it possible to coexist Lync 2010 Mobility Users with Lync 2013 Mobility users?
I realise that the 2010 users will still need to use the 2010 client and the 2013 users use the 2013 client. Is it true mobility does not actually use edge and just uses the Reverse Proxy?
Any help greatly appreciated.Each Lync Front End pool has it's own unique Lync external web services url. You can point Lyncdiscover.domain.com to either 2010 or 2013, but the response will redirect the mobile client to the correct external web services FQDN for their homed pool.
Please mark posts as answers/helpful if it answers your question.
Blog
Lync Validator - Used to assist in the validation and documentation of Lync Server 2013. -
We upgraded Lync Server 2010 to Lync 2013.
Users are able to login on desktop clients but unable to connect on mobile client. We get following error message:
Can't verify the certificate from the server.
Please contact your support teamPlease check the Root CA is installed on your mobile device.
Can you sign in externally?
Please check you have updated the DNS records for Lync mobile autodiscover service.
Lisa Zheng
TechNet Community Support -
Lync 2013 Mobility not working in MultiSite Topology
Dear All,
I have Lync 2013 Server running in my environment. Below are the details,
1) We have one Lync FrontEnd server as well as one Lync Edge Server installed in Egypt Site & one Lync FrontEnd server as well as one Lync Edge Server installed in Dubai Site in a Single domain.
Users who are in Egypt site pool are able to login through Lync Mobility but unfortunately users in Dubai Site pool are unable to login through Lync mobility.
External webservices are published on both Sites. Furthermore Dubai Site Pool users are able to login through Lync Client from external but they are unable to login through Lync Mobille Client.
Anyone help would be highly appreciated.
Thanks & Regards,
ZBIs lws.abc.com external web url for Egypt site?
How about lyncaepool.abc.com and communication.abc.com?
I would like to confirm if you pasted two URLs in IE directly. Here are some tips for troubleshooting the issue.
For multiple pools, the Autodiscover traffic can be routed to a single Front End pool as long as both pools have their external Web services published. Once a client connects to the Autodiscover service it will be returned the external web service FQDN for
either pool, depending on which pool the user account belongs to.
Thus, you must have external Lyncdiscover record pointed to Egypt site. Once Dubai external user connects to Egypt Autodiscover service, it will be returned the external web service for Dubai Site Pool and user connects to Dubai Site Autodiscover service(https://<Dubai
ExtPoolFQDN>/Autodiscover/autodiscoverservice.svc/Root) and UCWA. We can check if mobile client is able to resolve Autodiscover service URL of Dubai Site by typing the URL into manual configuration of Lync mobile client.
Here is a great blog about Lync mobility Autodiscover process.
http://blogs.technet.com/b/nexthop/archive/2012/04/25/lync-server-2010-mobility-deep-dive-autodiscover-service.aspx
If the issue persists, please paste the result of Lync Connectivity Analyzer for further troubleshooting.
Kent Huang
TechNet Community Support -
Lync 2013 Mobility not working
Dear All,
I have Lync 2013 Server running in my environment. Below are the details,
1) We have one Lync FrontEnd server as well as one Lync Edge Server installed in Egypt Site & one Lync FrontEnd server as well as one Lync Edge Server installed in Dubai Site in a Single domain.
Users who are in Egypt site pool are able to login through Lync Mobility but unfortunately users in Dubai Site pool are unable to login through Lync mobility.
Anyone help would be highly appreciated.
Thanks & Regards,
Zeeshan ButtHi Zeeshan Butt,
You can try to test in the internal network in site Dubai.
If a user in site Dubai login with mobile externally, the user will connect to the Reverse Proxy. The autodiscover service on Egypt site will search the user information about which pool he belongs and return the right
external Web service URL of that pool. Then the user will connect to the right pool (Site Dubai) through the Reverse Proxy belongs of Site Dubai.
You can use Lync Connectivity Analyzer to check if the correct URL of web services have been returned from autodiscover service:
http://blogs.technet.com/b/nexthop/archive/2013/02/08/the-new-lync-connectivity-analyzer.aspx
Please also try to login mobile manually to have a test:
https://<ExtPoolFQDN>/Autodiscover/autodiscoverservice.svc/Root for external access
https://<IntPoolFQDN>/AutoDiscover/AutoDiscover.svc/Root for internal access
Note: the ExtPoolFQDN is the External web FQDN of Site Dubai.
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support -
Voice problems with Lync 2013 Mobile
Hi
I have a situation where Lync 2013 on both iPhone & Android has started giving problems with making and receiving voice calls. There are no problems with Windows, Mac or Phone Edition clients that I'm aware of. I have not tested anything over the VPN,
but this should not be a factor.
For receiving calls - If the user is connected to the LAN via Wi-Fi AND the call is from an internal user, all works fine. If the call is from an external user OR the user is connected via 3G, then the call just shows "Connecting" indefinitely.
This includes transferred calls.
For making calls - If the user is connected to the LAN via Wi-FI and calls either an internal or external users, all works fine. If the user is connected via 3G and calls either an internal or external user, the phone rings, but when it's answered it shows
call ended.
I have ran RUCT on a computer outside the network, with the following findings:
DNS:
Record
Type
Hostname
IP Address
Port
Weight
Priority
_sip._tls.domain.com
SRV
sip.domain.com
Edge External IP
443
100
0
sip.domain.com
A
sip.domain.com
Edge External IP
sipexternal.domain.com
A
sipexternal.domain.com
Edge External IP
meet.domain.com
A
meet.domain.com
<null>
_ntp._udp.domain.com
SRV
pool.ntp.org
NTP Server IP
123
100
0
_sipfederationtls._tcp.domain.com
SRV
sip.domain.com
Edge External IP
5061
100
0
lyncdiscover.domain.com
A
sip.domain.com
Edge External IP
lyncdiscover.domain.com
CNAME
sip.domain.com
I have ran Test Port on each entry where there is a port with successful results. Ping works on all entries.
If I query Certificate Information on sip.domain.com with port 5061 or 444, it succeeds and returns the certificate with subject sip.domain.com. If I query 443, it fails with error "An error occurred while retrieving the certificate. Unable to read
data from the transport connection: An existing connection was forcibly closed by the remote host."
On Microsoft Remote Connectivity Analyzer, all tests pass except for the certificate test:
The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server sip.domain.com on port 443
The Microsoft Connectivity Analyzer wasn't able to obtain the remote SSL certificate.
Running netstat on Lync Edge gives me the following with regards to port 443:
TCP <Internal IP>:443 Lync2:0 LISTENING
TCP <External IP>:443 Lync2:0 LISTENING
Firewall allows connections on port 443 and I've tried disabling the firewall as well. Trying to open https://sip.domain.com in the browser on the Lync Edge fails also, telnet succeeds, but no data is returned.
I've restarted the AV service and also rebooted the Lync Edge server, no change. In the topology builder, I can see that AV is configured to listen on port 443.
Any ideas would be most welcome.
Regards
Lionel
MCP Windows Server MCTS .NETI have ran a large amount of additional tests. On my latest round of testing, I have obtained the following results:
Call received via PSTN gateway on user DID, answered by desktop client inside LAN - works.
Call received via PSTN gateway on response group, answered by desktop client inside LAN - works.
Call received via PSTN gateway on user DID, answered by desktop client outside LAN (behind NAT, DSL router) - works.
Call received via PSTN gateway on response group, answered by desktop client outside LAN (behind NAT, DSL router) - works.
Call received via PSTN gateway on user DID, answered by mobile client inside LAN - does not work.
Call received via PSTN gateway on response group, answered by mobile client inside LAN - does not work.
Call received via PSTN gateway on user DID, answered by mobile client outside LAN (behind NAT, DSL router) - works.
Call received via PSTN gateway on response group, answered by mobile client outside LAN (behind NAT, DSL router) - works.
Call received via PSTN gateway on user DID, answered by mobile client outside LAN (3G) - does not work.
Call received via PSTN gateway on response group, answered by mobile client outside LAN (3G) - does not work.
Call received via PSTN gateway on user DID, answered by desktop client inside LAN and transferred to mobile client inside LAN - does not work.
Call received via PSTN gateway on response group, answered by desktop client inside LAN and transferred to mobile client inside LAN - does not work.
Call received via PSTN gateway on user DID, answered by desktop client inside LAN and transferred to mobile client outside LAN (behind NAT, DSL router) - works.
Call received via PSTN gateway on response group, answered by desktop client inside LAN and transferred to mobile client outside LAN (behind NAT, DSL router) - works.
Call received via PSTN gateway on user DID, answered by desktop client inside LAN and transferred to mobile client outside LAN (3G) - does not work.
Call received via PSTN gateway on response group, answered by desktop client inside LAN and transferred to mobile client outside LAN (3G) - does not work.
Call made through PSTN gateway from desktop client inside LAN - works.
Call made through PSTN gateway from desktop client outside LAN (behind NAT, DSL router) - works.
Call made through PSTN gateway from mobile client inside LAN - does not work.
Call made through PSTN gateway from mobile client outside LAN (behind NAT, DSL router) - works.
Call made through PSTN gateway from mobile client outside LAN (3G) - does not work.
Call from desktop client inside LAN to desktop or mobile client (regardless of location) - works.
Call from desktop or mobile client (regardless of location) to desktop client inside LAN - works.
Call from desktop or mobile client (regardless of location) to desktop or mobile client (regardless of location) - works.
There is no difference in behaviour between normal calls and conference calls. Reproducing the problem seems to require the following:
1. PSTN gateway needs to be involved
2. One party needs to be on mobile client
3. The mobile client needs to be inside the LAN or on a 3G connection, but not behind NAT on a DSL connection
The only conclusion I can make is that somehow NAT makes the problem go away, but it does not affect desktop clients (on the LAN or Wi-Fi at least, I do not have a way to test them on 3G).
The PSTN gateway (Cisco UCM) could also be the problem, but it works fine in all other cases. It has 4 trunks and makes all kinds of routing decisions, but once a call is routed to/from Lync, it should not make a difference on what type of device it is answered.
I'm really baffled by this one. Perhaps the 3G thing is a service provider issue and the issue on the LAN has something to do with the internal DNS combined with the behaviour of the mobile client. Just not sure exactly what.
MCP Windows Server MCTS .NET -
Lync 2013 mobile client (android/windows phone) can't sing in
Hello
We have deployed Lync 2013 Server (no CU)in our Organization, wehn we use desktop client or Metro App, all works fine. But when we trying to connect from android or windows phone App, we get notice:
"We cannot log you in beacuse your organization don't support this produkt version"
Some one can advice ?Hi,
Agree with Michael.
What’s more, did you deploy Reverse Proxy on DMZ zone to support mobility devices to login Lync client?
If not, you need to deploy a Reverse Proxy firstly with the help of the link below:
http://technet.microsoft.com/en-us/library/gg398069.aspx
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support -
Lync 2013 mobility / AV problem over web proxy
Hi,
We use Corporate Wi-fi network in our company and users going away to internet over web proxy. Lync mobility users use https connection to connect this corporate network but calling is unsuccesfull because of A/V ports can’t pass over web proxy,
Is there any solution for this ?
Mmst of hotels give internet conntection to their customers by web proxy thats why our users can’ t use their Mobile device for A/V call during at hotel. Because A/V media ports are blocked by hotels web proxy . How can we overcome this issue? Is
it posible to send all of the media traffic on HTTPS port?
Thanks in advance.
Bugra KeskinHi,
Did you deploy an Edge server in DMZ zone?
If the internal Lync clients are unable to negotiate media directly, then the clients will rely on the Edge Server to tunnel the media for them. The mobile client will connect to and send its media session to the external Edge interface.
More details:
http://blog.schertz.name/2013/11/lync-mobility-media-paths/
Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make
sure that you completely understand the risk before retrieving any suggestions from the above link.
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support -
Lync 2013 Mobility continues to not work
Having issues getting mobility to work.
Simple environment:
Single server Edge pool
Single server EE pool
SQL clustered backend
All Lync 2013 CU1 at this point in time.
Potentially required reading:
Deploying Mobility (Technet)
Lync Mobility Deep dive
(based on 2010, but nearly the same in 2013)
http://masteringlync.com/2011/08/13/using-fiddler-to-troubleshoot-address-book-download-issues/
http://blogs.technet.com/b/nexthop/archive/2012/11/09/understanding-lync-server-autodiscover-to-support-the-lync-windows-store-app.aspx
Windows RT app uses the same method as IOS, and is more wiresharkable/tracable, so I am using that.
Client end errors:
Windows RT app (15.0.4481.1503) - this client version cannot log in.
iOS - Can't sign in. Please check your account information and try again.
I don't have a windows phone or android, so working with the clients I have. (I understand these also do not work)
Fiddler trace of Windows RT app session:
From the W3svc logs:
2013-03-20 03:53:17 1.2.3.4 GET /Autodiscover/AutodiscoverService.svc/root/user [email protected] 4443 - 75.122.79.199
LyncImm/15.0.4481.1503+(Microsoft+Lync) 401 0 0 35
LyncImm is
NOT a user agent listed in the CSCP - google "user agent" +lyncIMM turned up nothing. Dead lead?
Lync connectivity analyzer shows it repeats the same webticket 401 over and over with:
Cookie found in autodiscover response: StatusCode: 401, ReasonPhrase: 'Unauthorized', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
X-Ms-diagnostics: 28032;source="LyncFE.company.local";reason="The web ticket is invalid.";faultcode="wsse:InvalidSecurityToken"
X-MS-WebTicketURL:
https://lyncweb.company.com/WebTicket/WebTicketService.svc
X-MS-WebTicketSupported: cwt,saml
X-MS-Server-Fqdn: LyncFE.company.local
X-Content-Type-Options: nosniff
Cache-Control: no-cache
Date: Wed, 20 Mar 2013 04:12:20 GMT
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
Content-Length: 1293
Content-Type: text/html
LCA: from inside, choosing Windows App - success!
LCA: from inside, choosing Lync Mobile Apps- fail:
Failed to obtain the WS-Metadata Exchange (MEX) document using GET for
https://lyncweb.company.com/Mcx/McxService.svc/mex.
The service did not require authorization.
LCA, from outside, choosing Windows App - hangs repeatedly on the HTTPS external channel. (repeating 401's on webticket service)
LCA, from outside, choosing Choosing Lync Mobile apps - failed, same as from inside #2
Here's what the LCA failure looked like:
2013-03-20 04:59:12
1.2.3.4 POST /WebTicket/WebTicketService.svc/mex - 4443 - 75.122.79.199 - 200 0
0 134
2013-03-20 04:59:12
1.2.3.4 POST /WebTicket/WebTicketService.svc/Auth - 4443 - 75.122.79.199 - 200
0 0 155
2013-03-20 04:59:12
1.2.3.4 GET /Autodiscover/AutodiscoverService.svc/root/user
[email protected] 4443 - 75.122.79.199 -
401 0 0 35
2013-03-20 04:59:13
1.2.3.4 POST /WebTicket/WebTicketService.svc/mex - 4443 - 75.122.79.199 - 200 0
0 126
2013-03-20 04:59:13
1.2.3.4 POST /WebTicket/WebTicketService.svc/Auth - 4443 - 75.122.79.199 - 200
0 0 158
2013-03-20 04:59:13
1.2.3.4 GET /Autodiscover/AutodiscoverService.svc/root/user
[email protected] 4443 - 75.122.79.199 -
401 0 0 31
2013-03-20 04:59:13
1.2.3.4 POST /WebTicket/WebTicketService.svc/mex - 4443 - 75.122.79.199 - 200 0
0 126
2013-03-20 04:59:13
1.2.3.4 POST /WebTicket/WebTicketService.svc/Auth - 4443 - 75.122.79.199 - 200
0 0 148
2013-03-20 04:59:13
1.2.3.4 GET /Autodiscover/AutodiscoverService.svc/root/user
[email protected] 4443 - 75.122.79.199 -
401 0 0 33
2013-03-20 04:59:13
1.2.3.4 POST /WebTicket/WebTicketService.svc/mex - 4443 - 75.122.79.199 - 200 0
0 121
2013-03-20 04:59:13
1.2.3.4 POST /WebTicket/WebTicketService.svc/Auth - 4443 - 75.122.79.199 - 200
0 0 155
2013-03-20 04:59:13
1.2.3.4 GET /Autodiscover/AutodiscoverService.svc/root/user
[email protected] 4443 - 75.122.79.199 -
401 0 0 31
2013-03-20 04:59:15
1.2.3.4 POST /WebTicket/WebTicketService.svc/mex - 4443 - 75.122.79.199 - 200 0
0 125
2013-03-20 04:59:15
1.2.3.4 POST /WebTicket/WebTicketService.svc/Auth - 4443 - 75.122.79.199 - 200
0 0 147
2013-03-20 04:59:15
1.2.3.4 GET /Autodiscover/AutodiscoverService.svc/root/user
[email protected] 4443 - 75.122.79.199 -
401 0 0 32
2013-03-20 04:59:15
1.2.3.4 POST /WebTicket/WebTicketService.svc/mex - 4443 - 75.122.79.199 - 200 0
0 120
2013-03-20 04:59:15
1.2.3.4 POST /WebTicket/WebTicketService.svc/Auth - 4443 - 75.122.79.199 - 200
0 0 151
Similar thread:
http://social.technet.microsoft.com/Forums/en-US/ocsmobility/thread/96c3fc3a-2f80-435a-8368-1a83dcd56e55/
http://msdn.microsoft.com/en-us/library/ff595929%28v=office.12%29.aspx
IOS attempt at sign on (version 4.3.8000.0000)
IIS log files:
2013-03-20 04:26:08
1.2.3.4 GET / sipuri=sip:[email protected] 4443 - 166.137.151.211
Lync%202010/1.6+CFNetwork/609.1.4+Darwin/13.0.0 200 0 0 1382013-03-20 04:26:08
1.2.3.4 POST /webticket/webticketservice.svc - 4443 - 166.137.151.211
Lync%202010/1.6+CFNetwork/609.1.4+Darwin/13.0.0 401 0 0 802013-03-20 04:26:08
1.2.3.4 POST /webticket/webticketservice.svc - 4443 - 166.137.151.211
Lync%202010/1.6+CFNetwork/609.1.4+Darwin/13.0.0 401 1 2148074254 1292013-03-20 04:26:08
1.2.3.4 POST /webticket/webticketservice.svc - 4443 - 166.137.151.211
Lync%202010/1.6+CFNetwork/609.1.4+Darwin/13.0.0 401 1 2148074252 882013-03-20 04:26:08
1.2.3.4 POST /webticket/webticketservice.svc - 4443 - 166.137.151.211
Lync%202010/1.6+CFNetwork/609.1.4+Darwin/13.0.0 401 1 2148074254 782013-03-20 04:26:08
1.2.3.4 POST /webticket/webticketservice.svc - 4443 - 166.137.151.211
Lync%202010/1.6+CFNetwork/609.1.4+Darwin/13.0.0 401 1 2148074252 882013-03-20 04:26:09
1.2.3.4 POST /webticket/webticketservice.svc - 4443 - 166.137.151.211
Lync%202010/1.6+CFNetwork/609.1.4+Darwin/13.0.0 401 1 2148074254 782013-03-20 04:26:09
1.2.3.4 POST /webticket/webticketservice.svc - 4443 - 166.137.151.211
Lync%202010/1.6+CFNetwork/609.1.4+Darwin/13.0.0 401 1 2148074252 84
IOS log file was too large to post in message.
Running test-cmdlets:
$passwd1 = ConvertTo-SecureString "supersecure" -AsPlainText -Force $passwd2 = ConvertTo-SecureString "notontheinternet" -AsPlainText -Force $tuc1 = New-Object Management.Automation.PSCredential("domain\user1",
$passwd1) $tuc2 = New-Object Management.Automation.PSCredential("domain\user2", $passwd2) Test-CsMcxP2PIM -TargetFqdn lyncfe.company.local -Authentication Negotiate -SenderSipAddress sip:[email protected] -SenderCredential $tuc1 -ReceiverSipAddress
sip:[email protected] -ReceiverCredential $tuc2 -v
From <http://technet.microsoft.com/en-us/library/hh690024.aspx>
Results:
Target Fqdn : lyncfe.company.com
Target Uri :
https://lyncfe.company.com:443/mcx
Result : Failure
Latency : 00:00:00
Error Message : No response received for Web-Ticket service.
Inner Exception:The HTTP request is unauthorized with client
authentication scheme 'Ntlm'. The authentication header
received from the server was 'Negotiate,NTLM'.
Inner Exception:The remote server returned an error: (401)
Unauthorized.
Diagnosis :
Inner Diagnosis:X-MS-Server-Fqdn : lyncfe.company.com
Cache-Control : private
Content-Type : text/html; charset=utf-8
Server : Microsoft-IIS/7.5
WWW-Authenticate : Negotiate,NTLM
X-Powered-By : ASP.NET
X-Content-Type-Options : nosniff
Date : Wed, 20 Mar 2013 04:39:44 GMT
Content-Length : 6639
Verbose comments on it:
Trying to get web ticket.
Web Service Url :
https://lyncfe.company.com:443/WebTicket/WebTicketService.svc
Using NTLM\Kerberos authentication.
Could not get a web ticket
CHECK:
- Web service Url is valid and the web services are functional
- If using Phone Number\PIN to authenticate, make sure they match the user uri
- If using NTLM\Kerberos authentication, make sure you provided valid
credentials
URLs and ports all look OK, all services started.
Not using phone/PIN
I provided valid creds - the virtual directories show anon/NTLM for the Webticket vdir.
Any help is welcome - really want this issue put to bed!I know this is an old thread, but I was struggling with the same error for mobility, and I hope this may help others in the same situation.
On my scenario the issue was caused because the customer didn't use any reverse-proxy solution, instead the FE external website was directly published using a FortiGate box.
Given that scenario, there were 2 different certs installed on the FE server, 1 (internal RootCA) certificate was applied to the internal website, and another one issued by Godaddy was assigned to the external website manually from IIS console.
---I know this is far from a supported solution, but I was able to get it working after some investigation---
To solve the issue I use this article:
http://technet.microsoft.com/en-us/library/jj205253.aspx it explains how to check and assign the certificates for oAuth and I used these cmdlets to specify the Godaddy cert to the "WebServiceExternal" & "OAuthTokenIssuer" websites.
After that the mobility access for internal and external users started to work as expected, I've validated it with "Lync Connectivity Analyzer" and with different mobile clients on Android, IOS and Windows Store.
Hope this information may be useful.
Performance, Security & Design -
Lync 2013 Photos will not update from AD
I recently joined a company who has Lync 2013, Exchange 2010 and AD is at a 2003 functional level. We are experiencing issues where Lync photos are not updating from AD correctly. I have checked the pre-reqs; Replicate this attribute to the Global
Catalog is set for the ThumbnailPhoto attribute. We are also forcing photos from AD only (or no photo) by setting the following:
"Set-CsClientPolicy -Identity PhotosControl -DisplayPhoto PhotosFromADOnly"
and finally we are setting the photo in ad using:
"Import-RecipientDataProperty -Identity "Test User" -Picture -FileData ([Byte[]]$(Get-Content -Path "C:\pictures\testuser.jpg" -Encoding Byte -ReadCount 0))"
The pictures being uploaded are under 10KB and update within Outlook but never updates on Lync. I have also manually tried running the "Update-CsAddressBook" command from Lync and waiting 24hours + but the photo will not update in Lync. I have
also tried a 3rd party utility that grabs the attribute directly from each DC individually and each node is displaying the correct photo. Any Ideas?
EDIT: I did some more testing and can say with quite a bit of certainty there is something not quite right on the Lync side of things. I started with the company over a month ago and although users can see my original photo that was added to AD, I myself
do not even see it loaded in my client yet. I've completly dumped my local Lync cache but no change. Is there a specific Lync Server service that handles retrieving/pushing photos to the Lync clients?Thank you so much for your reply, it was very helpful in understanding how the service is suppose to work however I have still not been able to correct the issue.
What I have found by using your article may have narrowed down the scope of the problem. I was able to find that on our Lync file store, the cached contacts/photos are being updated daily (as expected) and actually contain the correct photos. I confirmed
this be using abserver.exe on the .lsabs file and then locating the contactID for a few users I know are not updating properly. Once I have their contact ID I simply look for their .photo file in the cached files, copy it out to a different location and change
it to a .jpeg. To my surprise the photos are actually the correctly updated ones, so why are these no getting to the users/clients? I have gone through and deleted my local cache folder as well as the registry key HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Lync
but unfortunately no change on my Client. I still see these users original photos.
Another piece of the puzzle; We are also working on letting mobile devices connect to our Lync infrasructure as well. This is not fully functional yet however during my testing I did get Lync client for android running for a little while and low and behold
the pictures are actually correct on my mobile device!! Surely this must give some kind of clue?
We are planning to upgrade Exchange from 2010 to 2013 and I hoping that leveraging the HiDef photo capabilities for Lync 2013 with Exchange 2013 may fix this issue. What do you guys think?
More info on the environment:
4 main sites + remote users
~7DC's - 2003 DFL (1 at each site + a few at HQ)
3 Lync Front end servers (2013) (All located at central HQ)
2 Lync edge server (2013) (All located at central HQ)
1 - 2010 Exchange server (Located at central HQ)
2013 Lync Client version 15.0.4675.1000 MSO 15.0.4675.1002 64bit
About 100 HP 4110 Lync Edition Desk phones
Users's workstations are either Windows 7 Enterprise or Windows 8.1 Enterprise -
Lync 2013 Mobility in coexistense with Lync 2010
Hi
I am facing Issue when connecting my internal mobile client with Lync Server 2013. The Mobile Client doesn't sign in to Lync Server 2013.
Currently we are in co-existence phase with Lync 2010.
There was no mobility service configured or installed in Lync 2010 environment before when we deployed Lync Server 2013 Enterprise pool with only one front end server.
The SRV record _sipinternalts is currently pointing to Lync server 2010 pool and the lyncdiscoverinternal.domain.com is point to the IP of Lync Front End Server.
Is it necessary to configure and deploy mobility service on Lync 2010 front end server in order to allow Lync Server 2013 users to connect using mobile client??Hi Abdullah Salam,
For WP8 root certificates need to have HTTP URLs in the CRL (Certificate Revocation List). If root certs doesn’t contain these CRL attributes than the certificate won’t be accepted by WP8
and sign-in would fail.
Same cases for your reference.
https://social.technet.microsoft.com/Forums/en-US/cd6c1558-02e4-4ad8-86af-c6aee82a4ff0/passive-authentication-redirection-fails-for-wp81?forum=lyncint
https://social.technet.microsoft.com/Forums/en-US/70932e7d-4df5-4f48-8f33-b0e19e2a02f9/unable-to-sign-with-windows-phone-lumia-925-windows-81-to-lync-2013?forum=lyncprofile
Best regards,
Eric<o:p></o:p> -
Lync 2013 mobile sign in error
I try sign in to Lync in my Windows Phone, and get error - Check my password. My password correct. For diagnose I enable "Failed Request Tracing Rules" on IIS on Lync 2013 Server and view only one warning from DirectoryListingModule - HttpStatus
403 Forbidden. I try reinstall web components on Server but no relult. How I can fix this?
If I create file "C:\Program Files\Microsoft Lync Server 2013\Web Components\External Website\default.aspx", I view blank page for
https://lyncdiscover.mydomain.com
If I enable Directory Browsing for Lync Server External Web Site, I view folder content for
https://lyncdiscover.mydomain.com and in "Failed Request Tracing Logs" I see OCSAuthModule - HttpStatus 401 UnauthorizedHi,
The error message indicate the client is having an issue authenticating with Lync Server 2013. Please double check that Authentication Delegation is verified on the reverse proxy publishing rule configuration.
Client may authenticate directly. If the reverse proxy publishing rules are set to No delegate and client cannot authenticate directly, it fails to sign-in when it reaches the step to provide credentials to request a token after MEX retrieval.
More details you can refer to the link below, it is for Lync server 2010 but similar for Lync server 2013:
http://blogs.technet.com/b/nexthop/archive/2012/02/21/troubleshooting-external-lync-mobility-connectivity-issues-step-by-step.aspx
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support
Maybe you are looking for
-
Using JSTL variables in JSP or Javascript. Possible ?
Hi All, Is it possible to share or use the variables which are declared are used by JSTL in JSP expression or scriplet code and in Java Script. Example: This Works: <fmt:set var="test" value="JSTL" /> <fmt:out value="${test}" /> But, this gives error
-
Hi, trying to sync/connect my iPhone 6 with my /mac, not charging or coming up in iTunes/iphoto..... Any suggestions??
-
Can't tap on Camera Roll in Photos
Camera Roll is hidden and can not be tapped on to access. Even trying to scroll it down to touch - it still just bounces back up under the Albums gray area and can not be tapped on. The only way I can access the Camera Roll is in the Camera app. Does
-
I use my ipod as a storage unit and I am having trouble transfering files. It wants to take hours uploading what shouldn't take that long to upload. I transfered some small video clips to my ipod and it only took a few minutes, but uploading them tak
-
[SOLVED] Dropbox - can't run as normal user, but as root
I have problems with running dropbox as normal user. I installed dropbox from AUR. It is successfully installed. But when I type in terminal dropboxd I get: WARNING: Cannot write to "/home/USERNAME/.dropbox/dropbox.pid" I can run dropboxd as root fro