Lync 2013 on a single lable root domain
Hello All
my enviroemnt is in a child root let say its "contoso.local" the root is .local and the child is contoso.local , with this configuration can I install lync 2013? if not is there any workaround other than rename my domain? your help is much
appreciated.
THX
Hi Mado,
Unfortunately, installing Lync in a Forest with a single label root domain is not supported;
"Lync Server does not support single-labeled domains. For example, a forest with a root domain named
contoso.local is supported, but a root domain named
local is not supported. For details, see Microsoft Knowledge Base article 300684, “Information about configuring Windows for domains with single-label DNS names,” at
http://go.microsoft.com/fwlink/p/?linkId=143752."
This is not to say it would not work, but I would never put this into a production environment based on Microsofts stance on this.
Kind regards
Ben
Similar Messages
-
Understanding Lync 2013 Deployment for Single forest multiple domain Infrastructure
Hello Everyone,
I have an issue in understanding a deployment scenario of Lync 2013 Enterprise edition.
We have a single forest multiple domain infra.
My My question here is, while AD prep, do we need to run Domainprep on every domain in the forest.
Thanks!
Thank You!!! BR, Ammi.Hi Ammi,
To prepare Active Directory Domain Services for your Lync Server 2013 deployment, you must perform three steps in a specific sequence.
1.
Preparing the Active Directory schema in Lync Server 2013
Extends the Active Directory schema by adding new classes and attributes that are used by Lync Server.
Run once for each forest in your deployment where Lync Server will be deployed.
2. Preparing the forest for Lync Server 2013
Creates global settings and universal groups that are used by Lync Server.
Run once for each forest in your deployment where Lync Server will be deployed.
3. Preparing domains for Lync Server 2013
Adds permissions on objects to be used by members of universal groups.
Run once per user domain or server domain.
Hope it can be helpful.
Best regards,
Eric -
Lync 2013 federation failing for a specific domain
Hello,
We have recently migrated to Lync 2013 and noticed that one of the domains we federate with is unable to federate with us.
we are getting the following error:
Log Name: Lync Server Source: LS Protocol Stack Event ID: 14428 Task Category: (1001)
Level: Error Keywords: Classic User: N/A Computer: server.fqdn.com Description: TLS outgoing connection
failures.
Over the past 28 minutes, Lync Server has experienced TLS outgoing connection failures 4 time(s). The error code of the last failure is 0x80090325(SEC_E_UNTRUSTED_ROOT) while trying
to connect to the server "sip.example.com" at address [10.10.10.10:5061], and the display name in the peer certificate is "Unavailable". Cause: Most often a problem with the peer certificate or perhaps the host name (DNS) record used to
reach the peer server. Target principal name is incorrect means that the peer certificate does not contain the name that the local server used to connect. Certificate root not trusted error means that the peer certificate was issued by a remote CA that is
not trusted by the local machine. Resolution: Check that the address and port matches the FQDN used to connect, and that the peer certificate contains this FQDN somewhere in its subject or SAN fields. If the FQDN refers to a DNS load balanced pool then check
that all addresses returned by DNS refer to a server in the same pool. For untrusted root errors, ensure that the remote CA certificate chain is installed locally. If you have already installed the remote CA certificate chain, then try rebooting the local
machine.
ThanksThanks Michael.
That worked for one of two issues I'm seeing, I did use the same steps for the second issue but it didn't seem to work, I have imported the CA of the domain we would like to federate with to the trusted root certification authorities and the intermediate
certification authorities per the certificate issuer's website guidelines. I did learn that the federated partner is also using OCS 2007 R2, not sure if this may have to do with this.
Over the past 30 minutes, Lync Server has experienced TLS outgoing connection failures 1 time(s). The error code of the last failure is 0x80072746 while trying to connect to
the server "ocs.example.com" at address [10.10.10.10:5061], and the display name in the peer certificate is "ocs.example.com". Cause: Most often a problem with the peer certificate or perhaps the host name (DNS) record used to reach the peer server. Target
principal name is incorrect means that the peer certificate does not contain the name that the local server used to connect. Certificate root not trusted error means that the peer certificate was issued by a remote CA that is not trusted by the local machine.
Resolution: Check that the address and port matches the FQDN used to connect, and that the peer certificate contains this FQDN somewhere in its subject or SAN fields. If the FQDN refers to a DNS load balanced pool then check that all addresses returned by
DNS refer to a server in the same pool. For untrusted root errors, ensure that the remote CA certificate chain is installed locally. If you have already installed the remote CA certificate chain, then try rebooting the local machine. -
Lync 2013 certificate requirements for multiple SIP domains
Hi All,
I am engaged with a client in respect of a Lync 2013 implementation initially as a conferencing platform with a view to enabling EV functions (inc. PSTN conferencing) in the future. They initially need to support 30 SIP domains and eventually
around 100 SIP domains which is proving to be either not possible or severely cost prohibitive. Their current certificate provider, Thawte, can only support up to 25 SANs and have quoted them 5 figures. We tend to use GeoTrust as they are cheaper but they
appear to have a limit of 25 SANs. GoDaddy appear to support up to 100 SANs for a pretty reasonable cost. My questions are as follows:
Is there a way that I’m missing of reducing the number of SANs required on the Edge server?
Use aliases for access edge FQDNs - Supported by desktop client but not by other devices so not really workable
Don’t support XMPP federation therefore removing the need for domain name FQDNs for each SIP domain
Is there a way that I’m missing of reducing the number of SANs required on the Reverse Proxy server?
Friendly URL option 3 from this page:
http://technet.microsoft.com/en-us/library/gg398287.aspx
Client auto-configuration:
i.
Don’t support mobile client auto-configuration in which case no lyncdiscover.sipdomain1.com DNS records or SANs would be required.
ii.
Support mobile client auto-configuration over HTTP only in which case CNAME records are required for each SIP domain (lyncdiscover.sipdomain1.com, etc. pointing to lyncdiscover.designateddomain.com) but no SANs are required.
iii.
Support mobile client auto-configuration over HTTPS in which case DNS records are required for each SIP domain and a SAN entry for each SIP domains is also required. This is because a DNS CNAME to another domain is not supported over
HTTPS.
If the answer to 1 and/or 2 is no, are there certificate providers that support over 100 SANs?
How do certificate requirements differ when using the Lync 2013 hosting pack? I would think that this issue is something that a hosting provider would need to overcome.
Would the Lync 2013 Hosting Pack work for this customer? The customer uses SPLA licensing so I think is eligible to use the hosting pack but not 100% sure it will work in their environment given that client connections are supposed
to all come through the Edge where their tenants will be internal and also given the requirement for an ACP for PSTN conferencing.
Many thanks,Many thanks for the response.
I was already planning to use option 3 from the below page for simple URLs to cut down on SAN requirement.
http://technet.microsoft.com/en-us/library/gg398287.aspx
What are the security concerns for publishing autodiscover over port 80? I.e. Is this only used for the initial download of the discovery record and then HTTPS is used for authentication? This seems to be the case from the following note on the below page:
http://technet.microsoft.com/en-gb/library/hh690030.aspx
Mobile device clients do not support multiple Secure Sockets Layer (SSL) certificates from different domains. Therefore, CNAME redirection to different domains is not supported over HTTPS. For example, a DNS CNAME record for lyncdiscover.contoso.com that redirects
to an address of director.contoso.net is not supported over HTTPS.
In such a topology, a mobile device client needs to use HTTP for the first request, so that the CNAME redirection is resolved over HTTP. Subsequent requests then use HTTPS. To support this scenario, you need to configure your reverse proxy with a web publishing
rule for port 80 (HTTP).
For details, see "To create a web publishing rule for port 80" in Configuring the Reverse Proxy for Mobility. CNAME redirection to the same domain is supported over HTTPS. In this case, the destination domain's certificate covers the originating
domain.”
I don’t think SRV records for additional SIP domain access edge is a workable solution as this is not supported by some devices.
As per the below article:
http://blog.schertz.name/2012/07/lync-edge-server-best-practices/
“The recommended approach for external client Automatic Sign-In when supporting multiple SIP domains is to include a unique Access Edge FQDN for each domain name in the SAN field. This is no longer a requirement (it was in OCS) as it is possible to
create a DNS Service Locator Record (SRV) for each additional SIP domain yet have them all point back to the same original FQDN for the Access Edge service (e.g. sip.mslync.net).
This approach will trigger a security alert in Windows Lync clients which can be accepted by the user, but some other clients and devices are unable to connect when the Automatic Sign-In process returns a pair of SRV and Host (A) records which do not share
the same domain namespace. Thus it is still best practice to define a unique FQDN for each additional SIP domain and include that hostname in the external Edge certificate’s SAN field”.
===================
1. Basically the requirement is to initially provide Lync conferencing services (minus PSTN conferencing) to internal, external, federated and anonymous participants with a view to providing PSTN conferencing and therefore enterprise voice services later.
2. The customer currently supports close to 100 SMTP domains and wants to align their SIP domains with these existing domains. The structure of their business is such that “XXX IT Services” provide the IT infrastructure for a collection of companies who
fall under the XXX umbrella but are very much run as individual entities.
Question:
Would you agree that I’m going to need a SAN for every SIP domain’s access edge FQDN?
Thanks. -
Is it possible Lync 2013 to be installed on a Domain Controller?
I run a small infrastructure with two servers only,
Both Domain Controllers with Windows 2008 R2 and the one is a file server too. I would like to know if I can install Lync 2013 Standard Server to any of them? I have not found a clear answer anywhere as I found for 2010.
Thank You in advance
AlexiosHi,
Agree with Michael,
You can't install Lync server on DC. You should use another server.
Here is a similar may help you, it is for Lync server 2010 but similar for Lync server 2013:
http://social.technet.microsoft.com/Forums/lync/en-US/0fa9f538-c076-4fdf-9c84-bd00499136ec/why-cant-lync-server-2010-be-installed-on-a-dc?forum=ocsplanningdeployment
Best Regards,
Eason Huang
Eason Huang
TechNet Community Support -
Lync 2013 mobility and external access not working
Hi all.
I installed and configured Lync Server 2013 Front End and Lync Server 2013 Edge on Windows Server 2012 R2.
Internal lync clients (not mobile) can successfully connect to server and everything works fine for them. External users can connect only with manual configuration of address of external lync server in lync client, autodiscovery doesn't work.
I also installed and configured IIS ARR Reverse Proxy on Windows Server 2012 R2 using this article -
http://blogs.technet.com/b/nexthop/archive/2013/02/19/using-iis-arr-as-a-reverse-proxy-for-lync-server-2013.aspx. But it doesn't work too. When I try to connect I get 'Unable to connect to the server. Check your network connection or the server address and
try again'.
I configured dns records in the external dns zone.
For Edge:
sip.extdomain.ru – IP1
lyncwebconf.extdomain.ru – IP2
lyncav.extdomain.ru – IP3
For Reverse Proxy:
lyncdialin.extdomain.ru - IP4
lyncmeet.extdomain.ru - IP4
lyncextweb.extdomain.ru - IP4
lyncdiscover.extdomain.ru - IP4
I issued all needed certificates by the internal CA and added following alternative names.
For FE certificate:
sip.cherry.loc
lync.cherry.loc
dialin.cherry.loc
meet.cherry.loc
admin.cherry.loc
lyncdiscoverinternal.cherry.loc
lyncdiscover.cherry.loc
lyncdialin.extdomain.ru
lyncmeet.extdomain.ru
lyncextweb.extdomain.ru
lyncdiscover.extdomain.ru
For Edge external and Reverse Proxy:
lyncav.extdomain.ru
sip.extdomain.ru
lyncwebconf.extdomain.ru
lyncdialin.extdomain.ru
lyncmeet.extdomain.ru
lyncextweb.extdomain.ru
lyncdiscover.extdomain.ru
cherry.loc
The root certificate of internal CA installed on all servers and client devices.
Using Wireshark I see that Reverse Proxy communicating with FE on port 4443.
Here is an excerpt from mobile client log.
GET https://lyncdiscover.extdomain.ru/?sipuri=sip:[email protected]
Request Id: 0x6f54648
HttpHeader:Cache-Control no-cache
HttpHeader:Content-Length 1006
HttpHeader:Content-Type application/vnd.microsoft.rtc.autodiscover+xml; v=1
HttpHeader:Date Mon, 22 Sep 2014 11:17:45 GMT
HttpHeader:Expires -1
HttpHeader:Pragma no-cache
HttpHeader:Server Microsoft-IIS/8.5
HttpHeader:StatusCode 200
HttpHeader:X-AspNet-Version 4.0.30319
HttpHeader:X-Content-Type-Options nosniff
HttpHeader:X-MS-Server-Fqdn lync.cherry.loc
HttpHeader:X-Powered-By ASP.NET, ARR/2.5
Ôªø<?xml version="1.0" encoding="utf-8"?><AutodiscoverResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-
instance" AccessLocation="External"><Root><Link token="Domain" href="https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/domain?originalDomain=extdomain.ru" /><Link token="User" href="https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru"
/><Link token="Self" href="https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root?originalDomain=extdomain.ru" /><Link token="OAuth"
href="https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/oauth/user?originalDomain=extdomain.ru" /><Link token="External/XFrame" href="https://lync.cherry.loc/Autodiscover/XFrame/XFrame.html" /><Link
token="Internal/XFrame" href="https://lync.cherry.loc/Autodiscover/XFrame/XFrame.html"
/><Link token="XFrame" href="https://lync.cherry.loc/Autodiscover/XFrame/XFrame.html" /></Root></AutodiscoverResponse>
</ReceivedResponse>
2014-09-22 15:17:53.041 Lync[299:715a000] INFO TRANSPORT CUcwaAutoDiscoveryResponse.cpp/119:location value is external
2014-09-22 15:17:53.042 Lync[299:715a000] INFO TRANSPORT CUcwaAutoDiscoveryResponse.cpp/195:User url is
https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru
2014-09-22 15:17:53.042 Lync[299:715a000] INFO TRANSPORT CHttpRequestProcessor.cpp/266:Sending event to main thread for request(0x6f54648)
2014-09-22 15:17:53.042 Lync[299:3c2a218c] INFO APPLICATION CTransportRequestRetrialQueue.cpp/822:Req. completed, Stopping timer.
2014-09-22 15:17:53.043 Lync[299:3c2a218c] INFO APPLICATION CUcwaAutoDiscoveryGetUserUrlOperation.cpp/290:Received a root response
2014-09-22 15:17:53.043 Lync[299:3c2a218c] INFO APPLICATION CUcwaAutoDiscoveryGetUserUrlOperation.cpp/224:UcwaAutoDiscoveryGetUserUrlOperation completed with
url = https://lyncdiscover.extdomain.ru/?sipuri=sip:[email protected], userUrl = https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru, status = S_OK (S0-0-0)
2014-09-22 15:17:53.043 Lync[299:3c2a218c] INFO APPLICATION CTransportRequestRetrialQueue.cpp/725:Response received for req. GET-UnAuthenticatedGet(0x6f54648): S_OK (S0-0-0) (Success); Done with req.; Stopping resend timer
2014-09-22 15:17:53.044 Lync[299:3c2a218c] INFO TRANSPORT CCredentialManager.cpp/176:getSpecificCredential for serviceId(1) returning: credType (1) signInName ([email protected]) domain (cherry) username (user) password.empty() (0) certificate.isValid() (0)
privateKey.empty() (1) compatibleServiceIds(1)
2014-09-22 15:17:53.044 Lync[299:3c2a218c] INFO TRANSPORT CMetaDataManager.cpp/403:Received a request to get the meta data of type 0 for url
https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru
2014-09-22 15:17:53.044 Lync[299:3c2a218c] INFO TRANSPORT CMetaDataManager.cpp/458:Sending Unauthenticated get to get the web-ticket url
2014-09-22 15:17:53.044 Lync[299:3c2a218c] INFO TRANSPORT CTransportThread.cpp/135:Added Request() to Request Processor queue
2014-09-22 15:17:53.045 Lync[299:3c2a218c] INFO TRANSPORT CAuthenticationResolver.cpp/109:Waiting on Meta Data from https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru
2014-09-22 15:17:53.045 Lync[299:659a000] INFO TRANSPORT CTransportThread.cpp/347:Sent Request() to Request Processor
2014-09-22 15:17:53.045 Lync[299:3c2a218c] INFO APPLICATION CTransportRequestRetrialQueue.cpp/385:Submitting new req. GET-AuthenticatedUserGetRequest(0x6e83da8)
2014-09-22 15:17:53.045 Lync[299:659a000] WARNING TRANSPORT CCredentialManager.cpp/317:CCredentialManager::getSpecificCredential returning NULL credential
for serviceId (4) type (1)!
2014-09-22 15:17:53.046 Lync[299:3c2a218c] INFO APPLICATION CUcwaAutoDiscoveryService.cpp/1263:Submitting Authenticated AutoDiscovery request to
https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru
2014-09-22 15:17:53.046 Lync[299:659a000] INFO TRANSPORT TransportUtilityFunctions.cpp/689:<SentRequest>
GET https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru
Request Id: 0x133b6a8
HttpHeader:Accept
</SentRequest>
2014-09-22 15:17:53.046 Lync[299:659a000] INFO UTILITIES CHttpStreamPool.cpp/399:Allocating stream 0x6e73850 for url - https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user with persistent id as 16
2014-09-22 15:17:53.047 Lync[299:659a000] VERBOSE TRANSPORT CHttpProxyHelper.cpp/435:CHttpProxyHelper::discoverProxy : No proxy found for url
https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru. Sending over direct connection.
2014-09-22 15:17:53.050 Lync[299:659a000] ERROR TRANSPORT CHttpConnection.cpp/1029:Request Type = 0x%u0x6e743a0 Error domain = kCFErrorDomainCFNetwork code = 0x2 ErrorDescription = The operation couldn’t be completed. (kCFErrorDomainCFNetwork error 2.) ErrorFailureReason
= ErrorRecoverySuggestion =
2014-09-22 15:17:53.050 Lync[299:659a000] ERROR UTILITIES CHttpConnection.cpp/958:GetAddrInfo returned error 0x8
2014-09-22 15:17:53.050 Lync[299:659a000] INFO UTILITIES CHttpStreamPool.cpp/467:Releasing stream 0x6e73850.
2014-09-22 15:17:53.050 Lync[299:659a000] INFO UTILITIES CHttpStreamPool.cpp/599:Releasing stream 0x6e73850.
2014-09-22 15:17:53.051 Lync[299:659a000] INFO TRANSPORT CHttpRequestProcessor.cpp/173:Received response of request() with status = 0x22020001
2014-09-22 15:17:53.051 Lync[299:659a000] INFO TRANSPORT CHttpRequestProcessor.cpp/201:Request resulted in E_ConnectionError (E2-2-1). The retry counter is: 0
2014-09-22 15:17:53.051 Lync[299:659a000] WARNING TRANSPORT CCredentialManager.cpp/317:CCredentialManager::getSpecificCredential returning NULL credential
for serviceId (4) type (1)!
2014-09-22 15:17:53.052 Lync[299:659a000] INFO TRANSPORT TransportUtilityFunctions.cpp/689:<SentRequest>
GET https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru
Request Id: 0x133b6a8
HttpHeader:Accept
</SentRequest>
2014-09-22 15:17:53.052 Lync[299:659a000] INFO UTILITIES CHttpStreamPool.cpp/399:Allocating stream 0x14102a0 for url - https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user with persistent id as 16
2014-09-22 15:17:53.053 Lync[299:659a000] VERBOSE TRANSPORT CHttpProxyHelper.cpp/435:CHttpProxyHelper::discoverProxy : No proxy found for url
https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru. Sending over direct connection.
2014-09-22 15:17:53.056 Lync[299:659a000] ERROR TRANSPORT CHttpConnection.cpp/1029:Request Type = 0x%u0x14080f0 Error domain = kCFErrorDomainCFNetwork code =
0x2 ErrorDescription = The operation couldn’t be completed. (kCFErrorDomainCFNetwork error 2.) ErrorFailureReason = ErrorRecoverySuggestion =
2014-09-22 15:17:53.056 Lync[299:659a000] ERROR UTILITIES CHttpConnection.cpp/958:GetAddrInfo returned error 0x8
2014-09-22 15:17:53.056 Lync[299:659a000] INFO UTILITIES CHttpStreamPool.cpp/467:Releasing stream 0x14102a0.
2014-09-22 15:17:53.056 Lync[299:659a000] INFO UTILITIES CHttpStreamPool.cpp/599:Releasing stream 0x14102a0.
2014-09-22 15:17:53.057 Lync[299:659a000] INFO TRANSPORT CHttpRequestProcessor.cpp/173:Received response of request() with status = 0x22020001
2014-09-22 15:17:53.057 Lync[299:659a000] INFO TRANSPORT CHttpRequestProcessor.cpp/201:Request resulted in E_ConnectionError (E2-2-1). The retry counter is: 1
2014-09-22 15:17:53.057 Lync[299:659a000] INFO TRANSPORT CHttpRequestProcessor.cpp/266:Sending event to main thread for request(0x133b6a8)
2014-09-22 15:17:53.058 Lync[299:3c2a218c] INFO TRANSPORT CMetaDataManager.cpp/572:Received response for meta data request of type 60 with status 570556417
2014-09-22 15:17:53.058 Lync[299:3c2a218c] ERROR TRANSPORT CMetaDataManager.cpp/588:Unable to get a response to an unauthenticated get to url
https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru
2014-09-22 15:17:53.059 Lync[299:3c2a218c] INFO TRANSPORT CAuthenticationResolver.cpp/208:MetaData retrieval for url https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru completed with status 570556417
2014-09-22 15:17:53.059 Lync[299:3c2a218c] INFO TRANSPORT CAuthenticationResolver.cpp/238:Deleting 1 pended Meta data requests for url
https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru
2014-09-22 15:17:53.059 Lync[299:3c2a218c] ERROR TRANSPORT CAuthenticationResolver.cpp/334:Unable to get the meta data for server url
https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru
2014-09-22 15:17:53.059 Lync[299:3c2a218c] INFO TRANSPORT CAuthenticationResolver.cpp/337:Failing request to the request manager
2014-09-22 15:17:53.060 Lync[299:3c2a218c] INFO TRANSPORT CRequestManager.cpp/284:Failing secure request UcwaAutoDiscoveryRequest with status E_ConnectionError (E2-2-1)
2014-09-22 15:17:53.060 Lync[299:3c2a218c] INFO APPLICATION CTransportRequestRetrialQueue.cpp/822:Req. completed, Stopping timer.
2014-09-22 15:17:53.060 Lync[299:3c2a218c] INFO APPLICATION CUcwaAutoDiscoveryService.cpp/1358:Received autodiscovery response with status E_ConnectionError (E2-2-1)
2014-09-22 15:17:53.060 Lync[299:3c2a218c] INFO APPLICATION CUcwaAutoDiscoveryService.cpp/1316:Raising Autodiscovery event with status E_ConnectionError (E2-2-1) for eventType 0
2014-09-22 15:17:53.061 Lync[299:3c2a218c] INFO APPLICATION CUcwaAutoDiscoveryServiceRetrialWrapper.cpp/417:Received event for type 0 with status E_ConnectionError (E2-2-1)
2014-09-22 15:17:53.061 Lync[299:3c2a218c] INFO APPLICATION CUcwaAutoDiscoveryServiceRetrialWrapper.cpp/539:Autodiscovery scheduled retrial timer. Timer 0.000000 seconds
2014-09-22 15:17:53.061 Lync[299:3c2a218c] INFO APPLICATION CAlertReporter.cpp/64:Alert received! Category 1, Type 201, level 0, error E_ConnectionError (E2-2-1), context '', hasAction=false
2014-09-22 15:17:53.061 Lync[299:3c2a218c] INFO APPLICATION CAlertReporter.cpp/117:Alert cleared of Category 1, Type 201, cleared 0 alerts
2014-09-22 15:17:53.062 Lync[299:3c2a218c] INFO APPLICATION CTransportRequestRetrialQueue.cpp/725:Response received for req. GET-AuthenticatedUserGetRequest (0x6e83da8): E_ConnectionError (E2-2-1) (RemoteNetworkTemporaryError); Done with req.; Stopping resend
timer
2014-09-22 15:17:53.062 Lync[299:3c2a218c] INFO UI CMAlertViewController.mm/87:ObservableListItem Added event received
2014-09-22 15:17:53.062 Lync[299:3c2a218c] INFO UI CMAlertViewController.mm/97:showalert is 1
2014-09-22 15:17:53.063 Lync[299:3c2a218c] INFO UI CMConversationCommon.mm/43:not signed in
2014-09-22 15:17:53.063 Lync[299:3c2a218c] INFO UI CMConversationCommon.mm/43:not signed in
2014-09-22 15:17:53.063 Lync[299:3c2a218c] INFO UI CMConversationCommon.mm/43:not signed in
2014-09-22 15:17:53.063 Lync[299:3c2a218c] INFO UI CMConversationCommon.mm/43:not signed in
2014-09-22 15:17:53.063 Lync[299:3c2a218c] INFO UI CMConversationCommon.mm/43:not signed in
2014-09-22 15:17:53.064 Lync[299:3c2a218c] INFO UI CMNotificationManager.mm/697:desired view is alert, size 1
2014-09-22 15:17:53.064 Lync[299:3c2a218c] INFO UI CMNotificationManager.mm/737:adding the desired view
2014-09-22 15:17:53.065 Lync[299:3c2a218c] INFO UI CMNotificationManager.mm/472:reposition floating views
2014-09-22 15:17:53.065 Lync[299:3c2a218c] INFO UI CMAlertViewController.mm/104:showalert is 1
2014-09-22 15:17:53.065 Lync[299:3c2a218c] INFO UI CMAlertViewController.mm/108:showalert is 0
2014-09-22 15:17:53.066 Lync[299:3c2a218c] INFO UI CMUIUtil.mm/410:Mapping error code = 0x22020001, context = , type = 201
2014-09-22 15:17:53.066 Lync[299:3c2a218c] INFO UI CMUIUtil.mm/1708:Mapped error message is 'Unable to connect to the server. Check your network connection or the server address and try again.Result of Lync Connectivity Analyzer.
External Auto discover service : https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root
Starting Lync server autodiscovery
Please wait; this test may take several minutes to complete...
Starting automatic discovery for secure (HTTPS) internal channel
lyncdiscoverinternal.extdomain.ru can't be resolved by the DNS server. Skipping internal discovery.
Starting automatic discovery for secure (HTTPS) external channel
Server discovery has completed for https://lyncdiscover.extdomain.ru/.
Automatic discovery results for https://lyncdiscover.extdomain.ru/
Access Location : Internal
SIP Server Internal Access : lync.cherry.loc
SIP Server External Access : sip.extdomain.ru
SIP Client Internal Access : lync.cherry.loc
SIP Client External Access : sip.extdomain.ru
Internal Auth broker service : https://lync.cherry.loc/Reach/sip.svc
External Auth broker service : https://lync.cherry.loc/Reach/sip.svc
Internal Auto discover service : https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root
External Auto discover service : https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root
Internal MCX service : https://lync.cherry.loc/Mcx/McxService.svc
External MCX service : https://lync.cherry.loc/Mcx/McxService.svc
Internal UCWA service : https://lync.cherry.loc/ucwa/v1/applications
External UCWA service : https://lync.cherry.loc/ucwa/v1/applications
Internal Webscheduler service : https://lync.cherry.loc/Scheduler
External Webscheduler service : https://lync.cherry.loc/Scheduler
Total server discovery time: 5,0 seconds
Server discovery succeeded for secure (HTTPS) external channel against URL https://lyncdiscover.extdomain.ru/
Starting automatic discovery for unsecure (HTTP) external channel
Couldn't connect to URL http://lyncdiscover.extdomain.ru/[email protected] (HTTP status code NotAcceptable)
Server discovery failed for unsecured external channel against http://lyncdiscover.extdomain.ru/
Starting the requirement tests for Lync Mobile 2013 App
Please wait; this test may take several minutes to complete...
Testing the app requirements using the following discovery response:
Access Location : Internal
SIP Server Internal Access : lync.cherry.loc
SIP Server External Access : sip.extdomain.ru
SIP Client Internal Access : lync.cherry.loc
SIP Client External Access : sip.extdomain.ru
Internal Auth broker service : https://lync.cherry.loc/Reach/sip.svc
External Auth broker service : https://lync.cherry.loc/Reach/sip.svc
Internal Auto discover service : https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root
Internal MCX service : https://lync.cherry.loc/Mcx/McxService.svc
External MCX service : https://lync.cherry.loc/Mcx/McxService.svc
Internal UCWA service : https://lync.cherry.loc/ucwa/v1/applications
External UCWA service : https://lync.cherry.loc/ucwa/v1/applications
Internal Webscheduler service : https://lync.cherry.loc/Scheduler
External Webscheduler service : https://lync.cherry.loc/Scheduler
Starting tests for Mobility (UCWA) service
Verifying internal Ucwa service: https://lync.cherry.loc/ucwa/v1/applications
Successfully created the UCWA service
Completed tests for Mobility (UCWA) service
Verification failed for Mobility (UCWA) service. The service could not be reached from an external network.
Select All results above for more information about the failures. Detailed information can also be found in the log file.
Your deployment meets the minimum requirements for Lync Mobile 2013 App. -
Lync 2013 client doesn't read proxy.pac file Lync exclusions
Hi all,
I have a very annoying issue where by the Lync 2013 client ignores the proxy.pac file exclusions set below:
(host == "lync.test.domain") || (host == "lyncdiscoverinternal.test.domain") ||
(host == "lyncwacdca.test.domain") ||
(host == "lyncwacdcb.test.domain") ||
(host == "lyncwebintdca.test.domain") ||
(host == "lyncwebintdcb.test.domain")
IE is set to use automatic configuration script of
http://proxy.test.domain:8083/proxy.pac This file can be reached through and IE browser, downloaded and it's syntax read.
If I set my proxy server and exclusions manually within IE9 then they are adhered to. That is Lync 2013 is able to read.
My thinking: that some application may be iterferring with Lync 2013 getting to
http://proxy.test.domain:8083/proxy.pac or reading in the exclusions set within the file.
If I enter https://lync.test.domain into the browser URL search field I can see that it is being sent straight out to the proxy as opposed to bypassing it.
Does anyone have an example of their proxy.pac exclusion set for Lync 2013 just in case my syntax is not looking the best.
CheersUpdate to this issue - solution was to move the proxy exclusions to the top of the proxy.pac
Outcome resulted in Windows WinHTTP processing the the Lync proxy exclusions prior to the Lync.exe firing during logon. I don't believe you would see this in a typical infrastructure. Since initially looking into this issue I have been
able to show through packet traces, large periods of latency in delivery of desktop profile items due to backend profile storage issues.
In eddition this moving the exclusions to the top of the pac file I made use of substrings. I don't believe the use of substrings is any better or worst, but just easier for others to understand what the exclusion allows specifically.
Example of pac exclusion now:
if (url.substring(0,39) == "http://lyncdiscoverinternal.testdomain.") { return "DIRECT"; } //matches 31 characters including last . or period
I entered similar entries for all required exclusions. The result was Lync signing in within 6 seconds as opposed to the 40 second (through the user of legacy SRV records). -
Dear All,
It is always come to be a confusing, about certificate when it comes to lync 2013 and edge. suppose i have domain abc.com and i have to plan to add additional sip domain like xyz.com, abc.com, dfg.com etc. and my default domain would be abc.com so my naming
option would be like this meet.abc.com/sipdomain/meet. I am little confuse how this is teckle in frontend and edge role. Do i have to get new request in edge or have to just import certificate generated in frontend and import into edge.Thanks Eric and Thamara,
So for internal CA, which means i have to install active directory certiificate and no need to buy certificate from public authority. and which include following entries on first front end server admin.defaultsipdomain.com, dialin.defaultsipdomain,
lyncdiscoverinternal.defaultsipdomain, lyncdiscover.defaultsipdomain.com
Or i should i get it from public authority and add all edge and front end requirement and reverse proxy in ucc certificate and use same to import into front end and edge and reverse proxy. -
New lync 2013 , 2 subdomains ,ad one domain in foreign country
As you can see in the picture below, I have the main AD called main.prod and two child1 and child2 subdomains. What is more I have AD called international.prod placed in foreign country. I have mbox, cas using child1.main.prod domain and
lync 2010 with UM funcion. The more I have 2way trust between child2.main.prod subdomain and international.prod domain. Now what I would like to do is : make CAS in subdomain child2.main.prod which is authorising people from domain international.prod
and have mailboxes on mbox from subdomain child1.main.prod as it is shown in the picture. Do you think it make sense? Or I have to make mbox in subdomain child2.main.prod????
WHat else: I would like resign Lync 2010 and install new Lync 2013 and make people from subdomains: child1 and child2 and domain international.prod using this new Lync ,and move UM funcionality from old 2010 lync into new 2013.
Any contraindications, suggestions??Lync Server supports the following topologies for Exchange UM integration:
Multiple domain (that is, a root domain with one or more child domains). Lync Server, and Microsoft Exchange servers are deployed in different domains from the domain where you create users. Exchange UM servers can be deployed in different
domains from the Lync Server pool they support.
Lisa Zheng
TechNet Community Support -
Lync 2013 & Active Directory Intra Domain Migrations
Hi all,
Hopefully this is the correction forum to ask. Suppose the following scenario
Parent Domain containing Lync 2013 Servers
Child domains consisting of user accounts
It is intended that child domains containing Lync 2013 enabled users be migrated to the parent domain.
A few questions
Is it possible to migrate user accounts to another domain and configure the migrated (technically new) account to link back to Lync so as to retain contact information?
Or prior to migration have contacts exported so they can be imported into the new Lync 2013 accounts?
Thanks,Within a single forest it quite possible to have Lync installed in one domain and User a part of another domain
All we have to do during the Lync server install process run the domain prepaerationn wizard for all the domain weher we shall either have Lync user object or Lync server object
Please refer http://technet.microsoft.com/en-us/library/gg398630.aspx
I believe As long as the user SIP URI Doesn't change you can export the user data information and after the migration if you can import in user information
Please refer http://technet.microsoft.com/en-us/library/jj204897.aspx
PLEASE REMEMBER, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answered" -
SCCM 2012 R2 and single lable domain
Hello,
we have a followng case: root forest domain is single label domain such as ABC, it has child domain CORP.ABC. In the technet article just a little information about it, it says what SCCM supports site systems and clients, can we install SCCM in the single
lable domain? Or in the child domain when forest domain is single label domain? Will schema be extended without problems and MP data published?Extending the schema is independent of the domain being single labled.
SLD restrictions are listed here:
http://technet.microsoft.com/de-de/library/gg682077.aspx#BKMK_SupConfigSLD
Torsten Meringer | http://www.mssccmfaq.de -
Hey All, I am really stumped on this one.
Environment - Is using split DNS
Forest Root Domain - Contains new Lync 2013 Server Standard, ADDS, DNS, Enterprise CA, Workstations
Clients in this domain connect and work beautifully. No errors.
Child Domain - ADDS, DNS, Workstation, Lync 2013 client
Client autodiscovers, and then asks for a password. Enter the password and this comes up...
Can't sign in to Lync, You didnt get signed in, It might be your sign-in address or logon credentials.. blah blah blah"
Client log shows
Error:
There was an error communicating with the endpoint at 'https://domainlync13srv.Domain.net/WebTicket/WebTicketService.svc'.
The server returned HTTP status code '403 (0x193)' with text 'Forbidden'.
The server understood the request, but cannot fulfill it.
As far as i can tell certificates are correctly configured with all the SAN's possible in my forest. The user is correctly set up in Lync control panel. Autodiscovery seems to be working as it should. EWS is working correctly.
Repaired client, removed cached creds, has all lync 2013 updates no dice
Thank you all!I am an IDIOT.
I did not prepare the child domain with the LYNC setup tool. Logged on to a file server in the child domain with domain admin rights and sure enough the setup said the domain was "partial". Ran the setup and bam it all started working. -
Lync 2013 FE server certificate - different domain name
Hi,
I am implementing a small Lync infrastructure with the following components in a Resource Forest - Account Forest type implementation with a bi-directional Trust between the two forests:
1 x Lync 2013 FE Standard, 1 x Mediation server and 1 x Office Web App server
Both AD forests have their PKI CAs, the certificate on the FE server is signed by the CA from the Account domain. All servers and workstations have both Root certificates implemented.
User’s SIP domain name (account forest) is different from the FE server (resource forest) domain name.
Question: When internal users sign-in to Lync they get a warning prompt as follows:
“Lync cannot verify that the server is trusted for your sign-in address. Connect anyway?”
Users can select to connect and everything functions correctly, however, I would like to get rid of the warning message at the beginning.
Any idea what may be wrong, is something missing on the certificate ?
Thanks for your help,
LucaYou can try to edit the internal web services FQDN and ensure your other populated DNS records point to a FQDN that matches the sip domain, or use the TrustModelData workaround here:http://support.microsoft.com/kb/2833618
Here are a couple extra articles that dive in to what's happening: http://terenceluk.blogspot.com/2013/04/signing-into-lync-2013-client-presents.html?m=1
http://blogs.technet.com/b/jenstr/archive/2011/02/10/lync-cannot-verify-that-the-server-is-trusted-for-your-sign-in-address.aspx
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question please click "Mark As Answer".
SWC Unified Communications
This forum post is based upon my personal experience and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs. -
Hi,
I've got some issues with a Lync 2013 setup.
The config consists of 2 lync servers. One FE and one Edge. All seems to work except audio in meetings and Sip.
The setup is like this (fake ip's used):
Front End:
Internal IP: 172.16.0.10
External IP: x.x.185.10
All ports open in Cisco ASA
internal AD DNS: dialin/lync/meet/lyncdiscover to Front end internal ip. edge/lsedge/sip points to edge internal ip
EDGE:
Interal IP: 172.16.0.11 (no gateway configured)
External IPS: x.x.185.11, x.x.185.12, x.x.185.13
All external IP's are direct internet facing, no NAT (a firewall is in place).
All external interfaces are using a wildcard certificate.
All server are running in a remote data center, so basically no internal users. We all connect to the external interfaces. The Windows domain name (AD) is the same as our External DNS (companyname.com).
Autodiscover works, we can logon, chat but there is no audio. The audio test failes. Also SIP is not working with a sip trunk.
External DNS: sip/webconf/av are pointing to their external ip's. sipexternal is a cname to sip. lyncdiscover/lync/dialin/meet all point to the Frond end External ip.
_sip._tls/_sipfederationtls.tcp/_xmpp-server.tcp all point to the sip.companyname.com ip.
I just can't figure out what is wrong.@PSingh123 I'll try the logs in a minute and get back with the results.
@PaulB_NZ Thanks for the input. In my opinion the FE does need an external IP. How else will you be able to connect if you are a remote worker?
The Edge is (asfar as i know) needed for Enterprise voice and Federation with other (external) sip domains. It's not needed for basic (chat/video/whiteboard etc) Lync functionality for both internal and external (remote) users.
The Edge is to communicate with services/users outside the origanisation.
I do still think that the basic topology (FE with internal IP and Nat'ed external ip working with an Edge with internal IP and 1 external IP nat'ed to 3 DMZ ip's) is correct in this case.
I can be wrong and in that case would like to be pointed to the correct configuration.
75
Points
Top 15
PSingh123
Partner
Joined Jun 2007
9
PSingh123's threads
Show activity -
Can I add a two way trusted but in different forest domain to My existing Lync 2013 Topology !
HI !
We have an installed Lync 2013 Std Edt. setup and its working perfectly for one domain. Our network infrastructure ( LAN ) is being shared with our sister company. They have their own forest and domain and a two ways trust relationship with our domain. I
want to add them in our Lync 2013 topology, is it possible ?? if yes, thn what are the requirements and which changes i need to consider.
Response from experts would be greatly appreciated.Yes, You must establish a two-way trust between the central forest and user forests to enable distribution group expansion when groups from user forests are synchronized as contacts to the central forest.
Also you can refer below link
http://technet.microsoft.com/en-us/library/gg670909%28v=ocs.14%29.aspx
Please remember, if you see a post that helped you please click "Vote As Helpful" and if it answered your question, please click "Mark As Answer"
Mai Ali | My blog: Technical
Maybe you are looking for
-
Issues with the Albums tab in iTunes on iPhone 5
I am running the latest version of iTunes of my Macbook Air and OS 6.1.2 on my iPhone 5. I synced about 60 albums by 24 artists to the iPhone. I open up Music app on the Iphone and see five tabs on the bottom -- Artists, Albums, Audiobooks, Compila
-
I sent an iMessage, but it was not delivered as the receiver didn't have wifi or 3/4g coverage at that time, so I sent it as text. However I was out of coverage when I sent as text and was therefore wondering does the iMessage still send?
-
My Iphone vibrates after upgrading to IO6 even with vibration off
After upgradin my Iphon 4 to io6 it vibrates even with vibration turned off. What gives?
-
Hi, I have a application with some simple database activity. and the table structure are very very simple. So i think if i use mysql for the simple / minor database activity then it not simple to install the software. So if possible to do some simple
-
Photoshop Elements 13 Architecture
I just downloaded photoshop elements 13 to my notebook only to find that it was 32-bit version and wouldn't install due to 64-bit PC. When I went to repeat the process to see if I missed a question on architecture preference there was none (i.e. it l