Lync 2013 Mobile unable to login from wifi

Similar Messages

• Lync 2013 Mobility Issue

  Hello,
  I have a Lync 2013 server installed with CU1.
  I can connect to it perfectly with the windows client and the mobile Lync 2010 client. However when i try to login to the server with the Lync 2013 mobile client, i get : "An error occured in Lync. Please retry. If the problem persists, contact your
  support team."

  Hi Barry,
  i have fixed the certificate issue, now i get an xml file when going to the web address.
  This XML file does not appear to have any style information associated with it. The document tree is shown below.
  <resource xmlns="http://schemas.microsoft.com/rtc/2012/03/ucwa" rel="root" href="https://lync.'domain'.local/Autodiscover/AutodiscoverService.svc/root?originalDomain='domain'.com.au">
  <link rel="user" href="https://lync.'domain'.com.au/Autodiscover/AutodiscoverService.svc/root/oauth/user?originalDomain='domain'.com.au"/>
  <link rel="xframe" href="https://lync.'domain'.com.au/Autodiscover/XFrame/XFrame.html"/>
  </resource>

• I am unable to login from my login page after I restarted my mini mac running snow leopard 10.6 server. I am a new user. Need help

  I am unable to login from my login page after I restarted my mini mac running snow leopard 10.6 server. I am a new user. Need help

  Try clearing your cache, [https://support.mozilla.org/en-US/kb/How to clear the cache Instructions here]. Then, try going to [https://accounts.google.com Google Accounts]. If there is currently an account singed in, sign out, then back in. After that, try going to Google Adwords.

• Lync 2013 mobile client can't see all fields in contact card

  We have deployed Lync 2013 infra in our organization, now we observed, mobile Lync client users are not able to see other users mobile number on contact card rest all information is visible.
  Is there  any workaround or fix to resolve this issue. Appreciate quick help.

  That's effectively by design (but a popular complaint).  The workaround is to put the users who's mobile numbers you need in your Outlook contact list.  There's another workaround related to setting the privacy relationship, but you have to coordinate
  it with many people which is not too feasible.
  Here are others upset about it:
  http://ammarhasayen.com/2013/09/25/lync-2013-mobile-contact-card-not-showing-mobile-number/
  Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
  SWC Unified Communications

• Lync 2013 Mobility Upgrade

  Hi,
  Im currently upgrading Lync 2010 to 2013. 
  Is it possible to coexist Lync 2010 Mobility Users with Lync 2013 Mobility users?
  I realise that the 2010 users will still need to use the 2010 client and the 2013 users use the 2013 client. Is it true mobility does not actually use edge and just uses the Reverse Proxy?
  Any help greatly appreciated.

  Each Lync Front End pool has it's own unique Lync external web services url. You can point Lyncdiscover.domain.com to either 2010 or 2013, but the response will redirect the mobile client to the correct external web services FQDN for their homed pool. 
  Please mark posts as answers/helpful if it answers your question.
  Blog
  Lync Validator - Used to assist in the validation and documentation of Lync Server 2013.

• Lync 2013 mobile client. Can't verify the certificate from the server. Please contact your support team

  We upgraded Lync Server 2010 to Lync 2013.
  Users are able to login on desktop clients but unable to connect on mobile client. We get following error message:
  Can't verify the certificate from the server.
  Please contact your support team

  Please check the Root CA is installed on your mobile device.
  Can you sign in externally?
  Please check you have updated the DNS records for Lync mobile autodiscover service.
  Lisa Zheng
  TechNet Community Support

• Lync 2013 Mobility not working in MultiSite Topology

  Dear All,
  I have Lync 2013 Server running in my environment. Below are the details,
  1) We have one Lync FrontEnd server as well as one Lync Edge Server installed in Egypt Site & one Lync FrontEnd server as well as one Lync Edge Server installed in Dubai Site in a Single domain.
  Users who are in Egypt site pool are able to login through Lync Mobility but unfortunately users in Dubai Site pool are unable to login through Lync mobility.
  External webservices are published on both Sites. Furthermore Dubai Site Pool users are able to login through Lync Client from external but they are unable to login through Lync Mobille Client.
  Anyone help would be highly appreciated.
  Thanks & Regards,
  ZB

  Is lws.abc.com external web url for Egypt site?
  How about lyncaepool.abc.com and communication.abc.com?
  I would like to confirm if you pasted two URLs in IE directly. Here are some tips for troubleshooting the issue.
  For multiple pools, the Autodiscover traffic can be routed to a single Front End pool as long as both pools have their external Web services published. Once a client connects to the Autodiscover service it will be returned the external web service FQDN for
  either pool, depending on which pool the user account belongs to.
  Thus, you must have external Lyncdiscover record pointed to Egypt site. Once Dubai external user connects to Egypt Autodiscover service, it will be returned the external web service for Dubai Site Pool and user connects to Dubai Site Autodiscover service(https://<Dubai
  ExtPoolFQDN>/Autodiscover/autodiscoverservice.svc/Root) and UCWA. We can check if mobile client is able to resolve Autodiscover service URL of Dubai Site by typing the URL into manual configuration of Lync mobile client.
  Here is a great blog about Lync mobility Autodiscover process.
  http://blogs.technet.com/b/nexthop/archive/2012/04/25/lync-server-2010-mobility-deep-dive-autodiscover-service.aspx
  If the issue persists, please paste the result of Lync Connectivity Analyzer for further troubleshooting.
  Kent Huang
  TechNet Community Support

• Lync 2013 Mobility not working

  Dear All,
  I have Lync 2013 Server running in my environment. Below are the details,
  1) We have one Lync FrontEnd server as well as one Lync Edge Server installed in Egypt Site & one Lync FrontEnd server as well as one Lync Edge Server installed in Dubai Site in a Single domain.
  Users who are in Egypt site pool are able to login through Lync Mobility but unfortunately users in Dubai Site pool are unable to login through Lync mobility.
  Anyone help would be highly appreciated.
  Thanks & Regards,
  Zeeshan Butt

  Hi Zeeshan Butt,
  You can try to test in the internal network in site Dubai.
  If a user in site Dubai login with mobile externally, the user will connect to the Reverse Proxy. The autodiscover service on Egypt site will search the user information about which pool he belongs and return the right
  external Web service URL of that pool. Then the user will connect to the right pool (Site Dubai) through the Reverse Proxy belongs of Site Dubai.
  You can use Lync Connectivity Analyzer to check if the correct URL of web services have been returned from autodiscover service:
  http://blogs.technet.com/b/nexthop/archive/2013/02/08/the-new-lync-connectivity-analyzer.aspx
  Please also try to login mobile manually to have a test:
  https://<ExtPoolFQDN>/Autodiscover/autodiscoverservice.svc/Root for external access
  https://<IntPoolFQDN>/AutoDiscover/AutoDiscover.svc/Root for internal access
  Note: the ExtPoolFQDN is the External web FQDN of Site Dubai.
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• Voice problems with Lync 2013 Mobile

  Hi
  I have a situation where Lync 2013 on both iPhone & Android has started giving problems with making and receiving voice calls. There are no problems with Windows, Mac or Phone Edition clients that I'm aware of. I have not tested anything over the VPN,
  but this should not be a factor.
  For receiving calls - If the user is connected to the LAN via Wi-Fi AND the call is from an internal user, all works fine. If the call is from an external user OR the user is connected via 3G, then the call just shows "Connecting" indefinitely.
  This includes transferred calls.
  For making calls - If the user is connected to the LAN via Wi-FI and calls either an internal or external users, all works fine. If the user is connected via 3G and calls either an internal or external user, the phone rings, but when it's answered it shows
  call ended.
  I have ran RUCT on a computer outside the network, with the following findings:
  DNS:
  Record
  Type
  Hostname
  IP Address
  Port
  Weight
  Priority
  _sip._tls.domain.com
  SRV
  sip.domain.com
  Edge External IP
  443
  100
  0
  sip.domain.com
  A
  sip.domain.com
  Edge External IP
  sipexternal.domain.com
  A
  sipexternal.domain.com
  Edge External IP
  meet.domain.com
  A
  meet.domain.com
  <null>
  _ntp._udp.domain.com
  SRV
  pool.ntp.org
  NTP Server IP
  123
  100
  0
  _sipfederationtls._tcp.domain.com
  SRV
  sip.domain.com
  Edge External IP
  5061
  100
  0
  lyncdiscover.domain.com
  A
  sip.domain.com
  Edge External IP
  lyncdiscover.domain.com
  CNAME
  sip.domain.com
  I have ran Test Port on each entry where there is a port with successful results. Ping works on all entries.
  If I query Certificate Information on sip.domain.com with port 5061 or 444, it succeeds and returns the certificate with subject sip.domain.com. If I query 443, it fails with error "An error occurred while retrieving the certificate. Unable to read
  data from the transport connection: An existing connection was forcibly closed by the remote host."
  On Microsoft Remote Connectivity Analyzer, all tests pass except for the certificate test:
  The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server sip.domain.com on port 443
  The Microsoft Connectivity Analyzer wasn't able to obtain the remote SSL certificate.
  Running netstat on Lync Edge gives me the following with regards to port 443:
  TCP   <Internal IP>:443   Lync2:0   LISTENING
  TCP   <External IP>:443   Lync2:0   LISTENING
  Firewall allows connections on port 443 and I've tried disabling the firewall as well. Trying to open https://sip.domain.com in the browser on the Lync Edge fails also, telnet succeeds, but no data is returned.
  I've restarted the AV service and also rebooted the Lync Edge server, no change. In the topology builder, I can see that AV is configured to listen on port 443.
  Any ideas would be most welcome.
  Regards
  Lionel
  MCP Windows Server MCTS .NET

  I have ran a large amount of additional tests. On my latest round of testing, I have obtained the following results:
  Call received via PSTN gateway on user DID, answered by desktop client inside LAN - works.
  Call received via PSTN gateway on response group, answered by desktop client inside LAN - works.
  Call received via PSTN gateway on user DID, answered by desktop client outside LAN (behind NAT, DSL router) - works.
  Call received via PSTN gateway on response group, answered by desktop client outside LAN (behind NAT, DSL router) - works.
  Call received via PSTN gateway on user DID, answered by mobile client inside LAN - does not work.
  Call received via PSTN gateway on response group, answered by mobile client inside LAN - does not work.
  Call received via PSTN gateway on user DID, answered by mobile client outside LAN (behind NAT, DSL router) - works.
  Call received via PSTN gateway on response group, answered by mobile client outside LAN (behind NAT, DSL router) - works.
  Call received via PSTN gateway on user DID, answered by mobile client outside LAN (3G) - does not work.
  Call received via PSTN gateway on response group, answered by mobile client outside LAN (3G) - does not work.
  Call received via PSTN gateway on user DID, answered by desktop client inside LAN and transferred to mobile client inside LAN - does not work.
  Call received via PSTN gateway on response group, answered by desktop client inside LAN and transferred to mobile client inside LAN - does not work.
  Call received via PSTN gateway on user DID, answered by desktop client inside LAN and transferred to mobile client outside LAN (behind NAT, DSL router) - works.
  Call received via PSTN gateway on response group, answered by desktop client inside LAN and transferred to mobile client outside LAN (behind NAT, DSL router) - works.
  Call received via PSTN gateway on user DID, answered by desktop client inside LAN and transferred to mobile client outside LAN (3G) - does not work.
  Call received via PSTN gateway on response group, answered by desktop client inside LAN and transferred to mobile client outside LAN (3G) - does not work.
  Call made through PSTN gateway from desktop client inside LAN - works.
  Call made through PSTN gateway from desktop client outside LAN (behind NAT, DSL router) - works.
  Call made through PSTN gateway from mobile client inside LAN - does not work.
  Call made through PSTN gateway from mobile client outside LAN (behind NAT, DSL router) - works.
  Call made through PSTN gateway from mobile client outside LAN (3G) - does not work.
  Call from desktop client inside LAN to desktop or mobile client (regardless of location) - works.
  Call from desktop or mobile client (regardless of location) to desktop client inside LAN - works.
  Call from desktop or mobile client (regardless of location) to desktop or mobile client (regardless of location) - works.
  There is no difference in behaviour between normal calls and conference calls. Reproducing the problem seems to require the following:
  1. PSTN gateway needs to be involved
  2. One party needs to be on mobile client
  3. The mobile client needs to be inside the LAN or on a 3G connection, but not behind NAT on a DSL connection
  The only conclusion I can make is that somehow NAT makes the problem go away, but it does not affect desktop clients (on the LAN or Wi-Fi at least, I do not have a way to test them on 3G).
  The PSTN gateway (Cisco UCM) could also be the problem, but it works fine in all other cases. It has 4 trunks and makes all kinds of routing decisions, but once a call is routed to/from Lync, it should not make a difference on what type of device it is answered.
  I'm really baffled by this one. Perhaps the 3G thing is a service provider issue and the issue on the LAN has something to do with the internal DNS combined with the behaviour of the mobile client. Just not sure exactly what.
  MCP Windows Server MCTS .NET

• Lync 2013 mobile client (android/windows phone) can't sing in

  Hello
  We have deployed Lync 2013 Server (no CU)in our Organization, wehn we use desktop client or Metro App, all works fine. But when we trying to connect from android or windows phone App, we get notice:
  "We cannot log you in beacuse your organization don't support this produkt version"
  Some one can advice ?

  Hi,
  Agree with Michael.
  What’s more, did you deploy Reverse Proxy on DMZ zone to support mobility devices to login Lync client?
  If not, you need to deploy a Reverse Proxy firstly with the help of the link below:
  http://technet.microsoft.com/en-us/library/gg398069.aspx
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• Lync 2013 mobility / AV problem over web proxy

  Hi,
  We use Corporate Wi-fi network in our company and users going away to internet over web proxy. Lync mobility users use https connection to connect  this corporate network but calling is unsuccesfull  because of A/V ports can’t pass over web proxy,
  Is there any solution for this ?
  Mmst of hotels  give internet conntection to their customers by web proxy thats why our users can’ t use their Mobile device for A/V call  during at hotel. Because A/V media ports are blocked by hotels web proxy . How can we overcome this issue?  Is
  it posible to send all of the media traffic on HTTPS port?
  Thanks in advance.
  Bugra Keskin

  Hi,
  Did you deploy an Edge server in DMZ zone?
  If the internal Lync clients are unable to negotiate media directly, then the clients will rely on the Edge Server to tunnel the media for them. The mobile client will connect to and send its media session to the external Edge interface.
  More details:
  http://blog.schertz.name/2013/11/lync-mobility-media-paths/
  Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make
  sure that you completely understand the risk before retrieving any suggestions from the above link.
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support

• Lync 2013 Mobility continues to not work

  Having issues getting mobility to work.
  Simple environment:
  Single server Edge pool
  Single server EE pool
  SQL clustered backend
  All Lync 2013 CU1 at this point in time.
  Potentially required reading:
  Deploying Mobility (Technet)
  Lync Mobility Deep dive
  (based on 2010, but nearly the same in 2013)
  http://masteringlync.com/2011/08/13/using-fiddler-to-troubleshoot-address-book-download-issues/
  http://blogs.technet.com/b/nexthop/archive/2012/11/09/understanding-lync-server-autodiscover-to-support-the-lync-windows-store-app.aspx
  Windows RT app uses the same method as IOS, and is more wiresharkable/tracable, so I am using that.
  Client end errors:
  Windows RT app (15.0.4481.1503) -  this client version cannot log in.
  iOS - Can't sign in.  Please check your account information and try again.
  I don't have a windows phone or android, so working with the clients I have.  (I understand these also do not work)
  Fiddler trace of Windows RT app session:
   From the W3svc logs:
  2013-03-20 03:53:17 1.2.3.4 GET /Autodiscover/AutodiscoverService.svc/root/user [email protected] 4443 - 75.122.79.199
  LyncImm/15.0.4481.1503+(Microsoft+Lync) 401 0 0 35
  LyncImm is
  NOT a user agent listed in the CSCP - google "user agent" +lyncIMM turned up nothing.  Dead lead?
  Lync connectivity analyzer shows it repeats the same webticket 401 over and over with:
  Cookie  found in autodiscover response: StatusCode: 401, ReasonPhrase: 'Unauthorized', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
    X-Ms-diagnostics: 28032;source="LyncFE.company.local";reason="The web ticket is invalid.";faultcode="wsse:InvalidSecurityToken"
    X-MS-WebTicketURL:
  https://lyncweb.company.com/WebTicket/WebTicketService.svc
    X-MS-WebTicketSupported: cwt,saml
    X-MS-Server-Fqdn: LyncFE.company.local
    X-Content-Type-Options: nosniff
    Cache-Control: no-cache
    Date: Wed, 20 Mar 2013 04:12:20 GMT
    Server: Microsoft-IIS/7.5
    X-Powered-By: ASP.NET
    Content-Length: 1293
    Content-Type: text/html
  LCA:  from inside, choosing Windows App - success!
  LCA: from inside, choosing Lync Mobile Apps- fail:
  Failed to obtain the WS-Metadata Exchange (MEX) document using GET for
  https://lyncweb.company.com/Mcx/McxService.svc/mex.
  The service did not require authorization.
  LCA, from outside, choosing Windows App - hangs repeatedly on the HTTPS external channel.  (repeating 401's on webticket service)
  LCA, from outside, choosing Choosing Lync Mobile apps  - failed, same as from inside #2
  Here's what the LCA failure looked like:
  2013-03-20 04:59:12
  1.2.3.4 POST /WebTicket/WebTicketService.svc/mex - 4443 - 75.122.79.199 - 200 0
  0 134
  2013-03-20 04:59:12
  1.2.3.4 POST /WebTicket/WebTicketService.svc/Auth - 4443 - 75.122.79.199 - 200
  0 0 155
  2013-03-20 04:59:12
  1.2.3.4 GET /Autodiscover/AutodiscoverService.svc/root/user
  [email protected] 4443 - 75.122.79.199 -
  401 0 0 35
  2013-03-20 04:59:13
  1.2.3.4 POST /WebTicket/WebTicketService.svc/mex - 4443 - 75.122.79.199 - 200 0
  0 126
  2013-03-20 04:59:13
  1.2.3.4 POST /WebTicket/WebTicketService.svc/Auth - 4443 - 75.122.79.199 - 200
  0 0 158
  2013-03-20 04:59:13
  1.2.3.4 GET /Autodiscover/AutodiscoverService.svc/root/user
  [email protected] 4443 - 75.122.79.199 -
  401 0 0 31
  2013-03-20 04:59:13
  1.2.3.4 POST /WebTicket/WebTicketService.svc/mex - 4443 - 75.122.79.199 - 200 0
  0 126
  2013-03-20 04:59:13
  1.2.3.4 POST /WebTicket/WebTicketService.svc/Auth - 4443 - 75.122.79.199 - 200
  0 0 148
  2013-03-20 04:59:13
  1.2.3.4 GET /Autodiscover/AutodiscoverService.svc/root/user
  [email protected] 4443 - 75.122.79.199 -
  401 0 0 33
  2013-03-20 04:59:13
  1.2.3.4 POST /WebTicket/WebTicketService.svc/mex - 4443 - 75.122.79.199 - 200 0
  0 121
  2013-03-20 04:59:13
  1.2.3.4 POST /WebTicket/WebTicketService.svc/Auth - 4443 - 75.122.79.199 - 200
  0 0 155
  2013-03-20 04:59:13
  1.2.3.4 GET /Autodiscover/AutodiscoverService.svc/root/user
  [email protected] 4443 - 75.122.79.199 -
  401 0 0 31
  2013-03-20 04:59:15
  1.2.3.4 POST /WebTicket/WebTicketService.svc/mex - 4443 - 75.122.79.199 - 200 0
  0 125
  2013-03-20 04:59:15
  1.2.3.4 POST /WebTicket/WebTicketService.svc/Auth - 4443 - 75.122.79.199 - 200
  0 0 147
  2013-03-20 04:59:15
  1.2.3.4 GET /Autodiscover/AutodiscoverService.svc/root/user
  [email protected] 4443 - 75.122.79.199 -
  401 0 0 32
  2013-03-20 04:59:15
  1.2.3.4 POST /WebTicket/WebTicketService.svc/mex - 4443 - 75.122.79.199 - 200 0
  0 120
  2013-03-20 04:59:15
  1.2.3.4 POST /WebTicket/WebTicketService.svc/Auth - 4443 - 75.122.79.199 - 200
  0 0 151
  Similar thread:
  http://social.technet.microsoft.com/Forums/en-US/ocsmobility/thread/96c3fc3a-2f80-435a-8368-1a83dcd56e55/
  http://msdn.microsoft.com/en-us/library/ff595929%28v=office.12%29.aspx
  IOS attempt at sign on (version 4.3.8000.0000)
  IIS log files:
  2013-03-20 04:26:08
  1.2.3.4 GET / sipuri=sip:[email protected] 4443 - 166.137.151.211
  Lync%202010/1.6+CFNetwork/609.1.4+Darwin/13.0.0 200 0 0 1382013-03-20 04:26:08
  1.2.3.4 POST /webticket/webticketservice.svc - 4443 - 166.137.151.211
  Lync%202010/1.6+CFNetwork/609.1.4+Darwin/13.0.0 401 0 0 802013-03-20 04:26:08
  1.2.3.4 POST /webticket/webticketservice.svc - 4443 - 166.137.151.211
  Lync%202010/1.6+CFNetwork/609.1.4+Darwin/13.0.0 401 1 2148074254 1292013-03-20 04:26:08
  1.2.3.4 POST /webticket/webticketservice.svc - 4443 - 166.137.151.211
  Lync%202010/1.6+CFNetwork/609.1.4+Darwin/13.0.0 401 1 2148074252 882013-03-20 04:26:08
  1.2.3.4 POST /webticket/webticketservice.svc - 4443 - 166.137.151.211
  Lync%202010/1.6+CFNetwork/609.1.4+Darwin/13.0.0 401 1 2148074254 782013-03-20 04:26:08
  1.2.3.4 POST /webticket/webticketservice.svc - 4443 - 166.137.151.211
  Lync%202010/1.6+CFNetwork/609.1.4+Darwin/13.0.0 401 1 2148074252 882013-03-20 04:26:09
  1.2.3.4 POST /webticket/webticketservice.svc - 4443 - 166.137.151.211
  Lync%202010/1.6+CFNetwork/609.1.4+Darwin/13.0.0 401 1 2148074254 782013-03-20 04:26:09
  1.2.3.4 POST /webticket/webticketservice.svc - 4443 - 166.137.151.211
  Lync%202010/1.6+CFNetwork/609.1.4+Darwin/13.0.0 401 1 2148074252 84
  IOS log file was too large to post in message.
  Running test-cmdlets:
  $passwd1 = ConvertTo-SecureString "supersecure" -AsPlainText -Force $passwd2 = ConvertTo-SecureString "notontheinternet" -AsPlainText -Force $tuc1 = New-Object Management.Automation.PSCredential("domain\user1",
  $passwd1) $tuc2 = New-Object Management.Automation.PSCredential("domain\user2", $passwd2) Test-CsMcxP2PIM -TargetFqdn lyncfe.company.local -Authentication Negotiate -SenderSipAddress sip:[email protected] -SenderCredential $tuc1 -ReceiverSipAddress
  sip:[email protected] -ReceiverCredential $tuc2 -v
  From <http://technet.microsoft.com/en-us/library/hh690024.aspx>
  Results:
  Target Fqdn   : lyncfe.company.com
  Target Uri    :
  https://lyncfe.company.com:443/mcx
  Result        : Failure
  Latency       : 00:00:00
  Error Message : No response received for Web-Ticket service.
                  Inner Exception:The HTTP request is unauthorized with client
                  authentication scheme 'Ntlm'. The authentication header
                  received from the server was 'Negotiate,NTLM'.
                  Inner Exception:The remote server returned an error: (401)
                  Unauthorized.
  Diagnosis     :
                  Inner Diagnosis:X-MS-Server-Fqdn : lyncfe.company.com
                  Cache-Control : private
                  Content-Type : text/html; charset=utf-8
                  Server : Microsoft-IIS/7.5
                  WWW-Authenticate : Negotiate,NTLM
                  X-Powered-By : ASP.NET
                  X-Content-Type-Options : nosniff
                  Date : Wed, 20 Mar 2013 04:39:44 GMT
                  Content-Length : 6639
  Verbose comments on it:
  Trying to get web ticket.
  Web Service Url :
  https://lyncfe.company.com:443/WebTicket/WebTicketService.svc
  Using NTLM\Kerberos authentication.
  Could not get a web ticket
  CHECK:
   - Web service Url is valid and the web services are functional
   - If using Phone Number\PIN to authenticate, make sure they match the user uri
   - If using NTLM\Kerberos authentication, make sure you provided valid
  credentials
  URLs and ports all look OK, all services started.
  Not using phone/PIN
  I provided valid creds - the virtual directories show anon/NTLM for the Webticket vdir.
  Any help is welcome - really want this issue put to bed!

  I know this is an old thread, but I was struggling with the same error for mobility, and I hope this may help others in the same situation. 
  On my scenario the issue was caused because the customer didn't use any reverse-proxy solution, instead the FE external website was directly published using a FortiGate box.
  Given that scenario, there were 2 different certs installed on the FE server, 1 (internal RootCA) certificate was applied to the internal website, and another one issued by Godaddy was assigned to the external website manually from IIS console.
  ---I know this is far from a supported solution, but I was able to get it working after some investigation---
  To solve the issue I use this article:
  http://technet.microsoft.com/en-us/library/jj205253.aspx it explains how to check and assign the certificates for oAuth and I used these cmdlets to specify the Godaddy cert to the "WebServiceExternal" & "OAuthTokenIssuer" websites.
  After that the mobility access for internal and external users started to work as expected, I've validated it with "Lync Connectivity Analyzer" and with different mobile clients on Android, IOS and Windows Store.
  Hope this information may be useful.
  Performance, Security & Design

• Lync 2013 Photos will not update from AD

  I recently joined a company who has Lync 2013, Exchange 2010 and AD is at a 2003 functional level. We are experiencing issues where Lync photos are not updating from AD correctly. I have checked the pre-reqs;  Replicate this attribute to the Global
  Catalog is set for the ThumbnailPhoto attribute. We are also forcing photos from AD only (or no photo) by setting the following:
  "Set-CsClientPolicy -Identity PhotosControl -DisplayPhoto PhotosFromADOnly"  
  and finally we are setting the photo in ad using:
  "Import-RecipientDataProperty -Identity "Test User" -Picture -FileData ([Byte[]]$(Get-Content -Path "C:\pictures\testuser.jpg" -Encoding Byte -ReadCount 0))"
  The pictures being uploaded are under 10KB and update within Outlook but never updates on Lync. I have also manually tried running the "Update-CsAddressBook" command from Lync and waiting 24hours + but the photo will not update in Lync. I have
  also tried a 3rd party utility that grabs the attribute directly from each DC individually and each node is displaying the correct photo. Any Ideas?
  EDIT: I did some more testing and can say with quite a bit of certainty there is something not quite right on the Lync side of things. I started with the company over a month ago and although users can see my original photo that was added to AD, I myself
  do not even see it loaded in my client yet. I've completly dumped my local Lync cache but no change. Is there a specific Lync Server service that handles retrieving/pushing photos to the Lync clients?

  Thank you so much for your reply, it was very helpful in understanding how the service is suppose to work however I have still not been able to correct the issue.
  What I have found by using your article may have narrowed down the scope of the problem. I was able to find that on our Lync file store, the cached contacts/photos are being updated daily (as expected) and actually contain the correct photos. I confirmed
  this be using abserver.exe on the .lsabs file and then locating the contactID for a few users I know are not updating properly. Once I have their contact ID I simply look for their .photo file in the cached files, copy it out to a different location and change
  it to a .jpeg. To my surprise the photos are actually the correctly updated ones, so why are these no getting to the users/clients? I have gone through and deleted my local cache folder as well as the registry key HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Lync
  but unfortunately no change on my Client. I still see these users original photos.
  Another piece of the puzzle; We are also working on letting mobile devices connect to our Lync infrasructure as well. This is not fully functional yet however during my testing I did get Lync client for android running for a little while and low and behold
  the pictures are actually correct on my mobile device!! Surely this must give some kind of clue?
  We are planning to upgrade Exchange from 2010 to 2013 and I hoping that leveraging the HiDef photo capabilities for Lync 2013 with Exchange 2013 may fix this issue. What do you guys think?
  More info on the environment:
  4 main sites + remote users
  ~7DC's - 2003 DFL (1 at each site + a few at HQ)
  3 Lync Front end servers (2013) (All located at central HQ)
  2 Lync edge server (2013) (All located at central HQ)
  1 - 2010 Exchange server (Located at central HQ)
  2013 Lync Client version 15.0.4675.1000 MSO 15.0.4675.1002 64bit
  About 100 HP 4110 Lync Edition Desk phones
  Users's workstations are either Windows 7 Enterprise or Windows 8.1 Enterprise

• Lync 2013 Mobility in coexistense with Lync 2010

  Hi
  I am facing Issue when connecting my internal mobile client with Lync Server 2013. The Mobile Client doesn't sign in to Lync Server 2013.
  Currently we are in co-existence phase with Lync 2010.
  There was no mobility service configured or installed in Lync 2010 environment before when we deployed Lync Server 2013 Enterprise pool with only one front end server.
  The SRV record _sipinternalts is currently pointing to Lync server 2010 pool and the lyncdiscoverinternal.domain.com is point to the IP of Lync Front End Server.
  Is it necessary to configure and deploy mobility service on Lync 2010 front end server in order to allow Lync Server 2013 users to connect using mobile client??

  Hi Abdullah Salam,
  For WP8 root certificates need to have HTTP URLs in the CRL (Certificate Revocation List). If root certs doesn’t contain these CRL attributes than the certificate won’t be accepted by WP8
  and sign-in would fail.
  Same cases for your reference.
  https://social.technet.microsoft.com/Forums/en-US/cd6c1558-02e4-4ad8-86af-c6aee82a4ff0/passive-authentication-redirection-fails-for-wp81?forum=lyncint
  https://social.technet.microsoft.com/Forums/en-US/70932e7d-4df5-4f48-8f33-b0e19e2a02f9/unable-to-sign-with-windows-phone-lumia-925-windows-81-to-lync-2013?forum=lyncprofile
  Best regards,
  Eric<o:p></o:p>

• Lync 2013 mobile sign in error

  I try sign in to Lync in my Windows Phone, and get error - Check my password. My password correct. For diagnose I enable "Failed Request Tracing Rules" on IIS on Lync 2013 Server and view only one warning from DirectoryListingModule - HttpStatus
  403 Forbidden. I try reinstall web components on Server but no relult. How I can fix this?
  If I create file "C:\Program Files\Microsoft Lync Server 2013\Web Components\External Website\default.aspx", I view blank page for
  https://lyncdiscover.mydomain.com
  If I enable Directory Browsing for Lync Server External Web Site, I view folder content for
  https://lyncdiscover.mydomain.com and in "Failed Request Tracing Logs" I see OCSAuthModule - HttpStatus 401 Unauthorized

  Hi,
  The error message indicate the client is having an issue authenticating with Lync Server 2013. Please double check that Authentication Delegation is verified on the reverse proxy publishing rule configuration.
  Client may authenticate directly. If the reverse proxy publishing rules are set to No delegate and client cannot authenticate directly, it fails to sign-in when it reaches the step to provide credentials to request a token after MEX retrieval.
  More details you can refer to the link below, it is for Lync server 2010 but similar for Lync server 2013:
  http://blogs.technet.com/b/nexthop/archive/2012/02/21/troubleshooting-external-lync-mobility-connectivity-issues-step-by-step.aspx
  Best Regards,
  Eason Huang
  Eason Huang
  TechNet Community Support