Lync Mobile for external users not working

Similar Messages

• Lync 2013 mobility and external access not working

  Hi all.
  I installed and configured Lync Server 2013 Front End and Lync Server 2013 Edge on Windows Server 2012 R2.
  Internal lync clients (not mobile) can successfully connect to server and everything works fine for them. External users can connect only with manual configuration of address of external lync server in lync client, autodiscovery doesn't work.
  I also installed and configured IIS ARR Reverse Proxy on Windows Server 2012 R2 using this article -
  http://blogs.technet.com/b/nexthop/archive/2013/02/19/using-iis-arr-as-a-reverse-proxy-for-lync-server-2013.aspx. But it doesn't work too. When I try to connect I get 'Unable to connect to the server. Check your network connection or the server address and
  try again'.
  I configured dns records in the external dns zone.
  For Edge:
  sip.extdomain.ru – IP1
  lyncwebconf.extdomain.ru – IP2
  lyncav.extdomain.ru – IP3
  For Reverse Proxy:
  lyncdialin.extdomain.ru - IP4
  lyncmeet.extdomain.ru - IP4
  lyncextweb.extdomain.ru - IP4
  lyncdiscover.extdomain.ru - IP4
  I issued all needed certificates by the internal CA and added following alternative names.
  For FE certificate:
  sip.cherry.loc
  lync.cherry.loc
  dialin.cherry.loc
  meet.cherry.loc
  admin.cherry.loc
  lyncdiscoverinternal.cherry.loc
  lyncdiscover.cherry.loc
  lyncdialin.extdomain.ru
  lyncmeet.extdomain.ru
  lyncextweb.extdomain.ru
  lyncdiscover.extdomain.ru
  For Edge external and Reverse Proxy:
  lyncav.extdomain.ru
  sip.extdomain.ru
  lyncwebconf.extdomain.ru
  lyncdialin.extdomain.ru
  lyncmeet.extdomain.ru
  lyncextweb.extdomain.ru
  lyncdiscover.extdomain.ru
  cherry.loc
  The root certificate of internal CA installed on all servers and client devices.
  Using Wireshark I see that Reverse Proxy communicating with FE on port 4443.
  Here is an excerpt from mobile client log.
  GET https://lyncdiscover.extdomain.ru/?sipuri=sip:[email protected]
  Request Id: 0x6f54648
  HttpHeader:Cache-Control no-cache
  HttpHeader:Content-Length 1006
  HttpHeader:Content-Type application/vnd.microsoft.rtc.autodiscover+xml; v=1
  HttpHeader:Date Mon, 22 Sep 2014 11:17:45 GMT
  HttpHeader:Expires -1
  HttpHeader:Pragma no-cache
  HttpHeader:Server Microsoft-IIS/8.5
  HttpHeader:StatusCode 200
  HttpHeader:X-AspNet-Version 4.0.30319
  HttpHeader:X-Content-Type-Options nosniff
  HttpHeader:X-MS-Server-Fqdn lync.cherry.loc
  HttpHeader:X-Powered-By ASP.NET, ARR/2.5
  Ôªø<?xml version="1.0" encoding="utf-8"?><AutodiscoverResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-
  instance" AccessLocation="External"><Root><Link token="Domain" href="https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/domain?originalDomain=extdomain.ru" /><Link token="User" href="https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru" 
  /><Link token="Self" href="https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root?originalDomain=extdomain.ru" /><Link token="OAuth"
  href="https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/oauth/user?originalDomain=extdomain.ru" /><Link token="External/XFrame" href="https://lync.cherry.loc/Autodiscover/XFrame/XFrame.html" /><Link
  token="Internal/XFrame" href="https://lync.cherry.loc/Autodiscover/XFrame/XFrame.html" 
  /><Link token="XFrame" href="https://lync.cherry.loc/Autodiscover/XFrame/XFrame.html" /></Root></AutodiscoverResponse>
  </ReceivedResponse>
  2014-09-22 15:17:53.041 Lync[299:715a000] INFO TRANSPORT CUcwaAutoDiscoveryResponse.cpp/119:location value is external
  2014-09-22 15:17:53.042 Lync[299:715a000] INFO TRANSPORT CUcwaAutoDiscoveryResponse.cpp/195:User url is
  https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru
  2014-09-22 15:17:53.042 Lync[299:715a000] INFO TRANSPORT CHttpRequestProcessor.cpp/266:Sending event to main thread for request(0x6f54648)
  2014-09-22 15:17:53.042 Lync[299:3c2a218c] INFO APPLICATION CTransportRequestRetrialQueue.cpp/822:Req. completed, Stopping timer.
  2014-09-22 15:17:53.043 Lync[299:3c2a218c] INFO APPLICATION CUcwaAutoDiscoveryGetUserUrlOperation.cpp/290:Received a root response
  2014-09-22 15:17:53.043 Lync[299:3c2a218c] INFO APPLICATION CUcwaAutoDiscoveryGetUserUrlOperation.cpp/224:UcwaAutoDiscoveryGetUserUrlOperation completed with
  url = https://lyncdiscover.extdomain.ru/?sipuri=sip:[email protected], userUrl = https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru, status = S_OK (S0-0-0)
  2014-09-22 15:17:53.043 Lync[299:3c2a218c] INFO APPLICATION CTransportRequestRetrialQueue.cpp/725:Response received for req. GET-UnAuthenticatedGet(0x6f54648): S_OK (S0-0-0) (Success); Done with req.; Stopping resend timer
  2014-09-22 15:17:53.044 Lync[299:3c2a218c] INFO TRANSPORT CCredentialManager.cpp/176:getSpecificCredential for serviceId(1) returning: credType (1) signInName ([email protected]) domain (cherry) username (user) password.empty() (0) certificate.isValid() (0)
  privateKey.empty() (1) compatibleServiceIds(1)
  2014-09-22 15:17:53.044 Lync[299:3c2a218c] INFO TRANSPORT CMetaDataManager.cpp/403:Received a request to get the meta data of type 0 for url
  https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru
  2014-09-22 15:17:53.044 Lync[299:3c2a218c] INFO TRANSPORT CMetaDataManager.cpp/458:Sending Unauthenticated get to get the web-ticket url
  2014-09-22 15:17:53.044 Lync[299:3c2a218c] INFO TRANSPORT CTransportThread.cpp/135:Added Request() to Request Processor queue
  2014-09-22 15:17:53.045 Lync[299:3c2a218c] INFO TRANSPORT CAuthenticationResolver.cpp/109:Waiting on Meta Data from https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru
  2014-09-22 15:17:53.045 Lync[299:659a000] INFO TRANSPORT CTransportThread.cpp/347:Sent Request() to Request Processor
  2014-09-22 15:17:53.045 Lync[299:3c2a218c] INFO APPLICATION CTransportRequestRetrialQueue.cpp/385:Submitting new req. GET-AuthenticatedUserGetRequest(0x6e83da8)
  2014-09-22 15:17:53.045 Lync[299:659a000] WARNING TRANSPORT CCredentialManager.cpp/317:CCredentialManager::getSpecificCredential returning NULL credential
  for serviceId (4) type (1)!
  2014-09-22 15:17:53.046 Lync[299:3c2a218c] INFO APPLICATION CUcwaAutoDiscoveryService.cpp/1263:Submitting Authenticated AutoDiscovery request to
  https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru
  2014-09-22 15:17:53.046 Lync[299:659a000] INFO TRANSPORT TransportUtilityFunctions.cpp/689:<SentRequest>
  GET https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru
  Request Id: 0x133b6a8
  HttpHeader:Accept
  </SentRequest>
  2014-09-22 15:17:53.046 Lync[299:659a000] INFO UTILITIES CHttpStreamPool.cpp/399:Allocating stream 0x6e73850 for url - https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user with persistent id as 16
  2014-09-22 15:17:53.047 Lync[299:659a000] VERBOSE TRANSPORT CHttpProxyHelper.cpp/435:CHttpProxyHelper::discoverProxy : No proxy found for url 
  https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru. Sending over direct connection.
  2014-09-22 15:17:53.050 Lync[299:659a000] ERROR TRANSPORT CHttpConnection.cpp/1029:Request Type = 0x%u0x6e743a0 Error domain = kCFErrorDomainCFNetwork code = 0x2 ErrorDescription = The operation couldn’t be completed. (kCFErrorDomainCFNetwork error 2.) ErrorFailureReason
  = ErrorRecoverySuggestion =  
  2014-09-22 15:17:53.050 Lync[299:659a000] ERROR UTILITIES CHttpConnection.cpp/958:GetAddrInfo returned error 0x8
  2014-09-22 15:17:53.050 Lync[299:659a000] INFO UTILITIES CHttpStreamPool.cpp/467:Releasing stream 0x6e73850.
  2014-09-22 15:17:53.050 Lync[299:659a000] INFO UTILITIES CHttpStreamPool.cpp/599:Releasing stream 0x6e73850.
  2014-09-22 15:17:53.051 Lync[299:659a000] INFO TRANSPORT CHttpRequestProcessor.cpp/173:Received response of request() with status = 0x22020001
  2014-09-22 15:17:53.051 Lync[299:659a000] INFO TRANSPORT CHttpRequestProcessor.cpp/201:Request resulted in E_ConnectionError (E2-2-1). The retry counter is: 0
  2014-09-22 15:17:53.051 Lync[299:659a000] WARNING TRANSPORT CCredentialManager.cpp/317:CCredentialManager::getSpecificCredential returning NULL credential
  for serviceId (4) type (1)!
  2014-09-22 15:17:53.052 Lync[299:659a000] INFO TRANSPORT TransportUtilityFunctions.cpp/689:<SentRequest>
  GET https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru
  Request Id: 0x133b6a8
  HttpHeader:Accept
  </SentRequest>
  2014-09-22 15:17:53.052 Lync[299:659a000] INFO UTILITIES CHttpStreamPool.cpp/399:Allocating stream 0x14102a0 for url - https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user with persistent id as 16
  2014-09-22 15:17:53.053 Lync[299:659a000] VERBOSE TRANSPORT CHttpProxyHelper.cpp/435:CHttpProxyHelper::discoverProxy : No proxy found for url
  https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru. Sending over direct connection.
  2014-09-22 15:17:53.056 Lync[299:659a000] ERROR TRANSPORT CHttpConnection.cpp/1029:Request Type = 0x%u0x14080f0 Error domain = kCFErrorDomainCFNetwork code =
  0x2 ErrorDescription = The operation couldn’t be completed. (kCFErrorDomainCFNetwork error 2.) ErrorFailureReason = ErrorRecoverySuggestion =
  2014-09-22 15:17:53.056 Lync[299:659a000] ERROR UTILITIES CHttpConnection.cpp/958:GetAddrInfo returned error 0x8
  2014-09-22 15:17:53.056 Lync[299:659a000] INFO UTILITIES CHttpStreamPool.cpp/467:Releasing stream 0x14102a0.
  2014-09-22 15:17:53.056 Lync[299:659a000] INFO UTILITIES CHttpStreamPool.cpp/599:Releasing stream 0x14102a0.
  2014-09-22 15:17:53.057 Lync[299:659a000] INFO TRANSPORT CHttpRequestProcessor.cpp/173:Received response of request() with status = 0x22020001
  2014-09-22 15:17:53.057 Lync[299:659a000] INFO TRANSPORT CHttpRequestProcessor.cpp/201:Request resulted in E_ConnectionError (E2-2-1). The retry counter is: 1
  2014-09-22 15:17:53.057 Lync[299:659a000] INFO TRANSPORT CHttpRequestProcessor.cpp/266:Sending event to main thread for request(0x133b6a8)
  2014-09-22 15:17:53.058 Lync[299:3c2a218c] INFO TRANSPORT CMetaDataManager.cpp/572:Received response for meta data request of type 60 with status 570556417
  2014-09-22 15:17:53.058 Lync[299:3c2a218c] ERROR TRANSPORT CMetaDataManager.cpp/588:Unable to get a response to an unauthenticated get to url
  https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru
  2014-09-22 15:17:53.059 Lync[299:3c2a218c] INFO TRANSPORT CAuthenticationResolver.cpp/208:MetaData retrieval for url https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru completed with status 570556417
  2014-09-22 15:17:53.059 Lync[299:3c2a218c] INFO TRANSPORT CAuthenticationResolver.cpp/238:Deleting 1 pended Meta data requests for url
  https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru
  2014-09-22 15:17:53.059 Lync[299:3c2a218c] ERROR TRANSPORT CAuthenticationResolver.cpp/334:Unable to get the meta data for server url
  https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=extdomain.ru
  2014-09-22 15:17:53.059 Lync[299:3c2a218c] INFO TRANSPORT CAuthenticationResolver.cpp/337:Failing request to the request manager
  2014-09-22 15:17:53.060 Lync[299:3c2a218c] INFO TRANSPORT CRequestManager.cpp/284:Failing secure request UcwaAutoDiscoveryRequest with status E_ConnectionError (E2-2-1)
  2014-09-22 15:17:53.060 Lync[299:3c2a218c] INFO APPLICATION CTransportRequestRetrialQueue.cpp/822:Req. completed, Stopping timer.
  2014-09-22 15:17:53.060 Lync[299:3c2a218c] INFO APPLICATION CUcwaAutoDiscoveryService.cpp/1358:Received autodiscovery response with status E_ConnectionError (E2-2-1)
  2014-09-22 15:17:53.060 Lync[299:3c2a218c] INFO APPLICATION CUcwaAutoDiscoveryService.cpp/1316:Raising Autodiscovery event with status E_ConnectionError (E2-2-1) for eventType 0
  2014-09-22 15:17:53.061 Lync[299:3c2a218c] INFO APPLICATION CUcwaAutoDiscoveryServiceRetrialWrapper.cpp/417:Received event for type 0 with status E_ConnectionError (E2-2-1)
  2014-09-22 15:17:53.061 Lync[299:3c2a218c] INFO APPLICATION CUcwaAutoDiscoveryServiceRetrialWrapper.cpp/539:Autodiscovery scheduled retrial timer. Timer 0.000000 seconds
  2014-09-22 15:17:53.061 Lync[299:3c2a218c] INFO APPLICATION CAlertReporter.cpp/64:Alert received! Category 1, Type 201, level 0, error E_ConnectionError (E2-2-1), context '', hasAction=false
  2014-09-22 15:17:53.061 Lync[299:3c2a218c] INFO APPLICATION CAlertReporter.cpp/117:Alert cleared of Category 1, Type 201, cleared 0 alerts
  2014-09-22 15:17:53.062 Lync[299:3c2a218c] INFO APPLICATION CTransportRequestRetrialQueue.cpp/725:Response received for req. GET-AuthenticatedUserGetRequest (0x6e83da8): E_ConnectionError (E2-2-1) (RemoteNetworkTemporaryError); Done with req.; Stopping resend
  timer
  2014-09-22 15:17:53.062 Lync[299:3c2a218c] INFO UI CMAlertViewController.mm/87:ObservableListItem Added event received
  2014-09-22 15:17:53.062 Lync[299:3c2a218c] INFO UI CMAlertViewController.mm/97:showalert is 1
  2014-09-22 15:17:53.063 Lync[299:3c2a218c] INFO UI CMConversationCommon.mm/43:not signed in
  2014-09-22 15:17:53.063 Lync[299:3c2a218c] INFO UI CMConversationCommon.mm/43:not signed in
  2014-09-22 15:17:53.063 Lync[299:3c2a218c] INFO UI CMConversationCommon.mm/43:not signed in
  2014-09-22 15:17:53.063 Lync[299:3c2a218c] INFO UI CMConversationCommon.mm/43:not signed in
  2014-09-22 15:17:53.063 Lync[299:3c2a218c] INFO UI CMConversationCommon.mm/43:not signed in
  2014-09-22 15:17:53.064 Lync[299:3c2a218c] INFO UI CMNotificationManager.mm/697:desired view is alert, size 1
  2014-09-22 15:17:53.064 Lync[299:3c2a218c] INFO UI CMNotificationManager.mm/737:adding the desired view
  2014-09-22 15:17:53.065 Lync[299:3c2a218c] INFO UI CMNotificationManager.mm/472:reposition floating views
  2014-09-22 15:17:53.065 Lync[299:3c2a218c] INFO UI CMAlertViewController.mm/104:showalert is 1
  2014-09-22 15:17:53.065 Lync[299:3c2a218c] INFO UI CMAlertViewController.mm/108:showalert is 0
  2014-09-22 15:17:53.066 Lync[299:3c2a218c] INFO UI CMUIUtil.mm/410:Mapping error code = 0x22020001, context = , type = 201
  2014-09-22 15:17:53.066 Lync[299:3c2a218c] INFO UI CMUIUtil.mm/1708:Mapped error message is 'Unable to connect to the server. Check your network connection or the server address and try again. 

  Result of Lync Connectivity Analyzer.
  External Auto discover service : https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root
  Starting Lync server autodiscovery
  Please wait; this test may take several minutes to complete...
  Starting automatic discovery for secure (HTTPS) internal channel
  lyncdiscoverinternal.extdomain.ru can't be resolved by the DNS server. Skipping internal discovery.
  Starting automatic discovery for secure (HTTPS) external channel
  Server discovery has completed for https://lyncdiscover.extdomain.ru/.
  Automatic discovery results for https://lyncdiscover.extdomain.ru/
  Access Location : Internal
  SIP Server Internal Access : lync.cherry.loc
  SIP Server External Access : sip.extdomain.ru
  SIP Client Internal Access : lync.cherry.loc
  SIP Client External Access : sip.extdomain.ru
  Internal Auth broker service : https://lync.cherry.loc/Reach/sip.svc
  External Auth broker service : https://lync.cherry.loc/Reach/sip.svc
  Internal Auto discover service : https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root
  External Auto discover service : https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root
  Internal MCX service : https://lync.cherry.loc/Mcx/McxService.svc
  External MCX service : https://lync.cherry.loc/Mcx/McxService.svc
  Internal UCWA service : https://lync.cherry.loc/ucwa/v1/applications
  External UCWA service : https://lync.cherry.loc/ucwa/v1/applications
  Internal Webscheduler service : https://lync.cherry.loc/Scheduler
  External Webscheduler service : https://lync.cherry.loc/Scheduler
  Total server discovery time: 5,0 seconds
  Server discovery succeeded for secure (HTTPS) external channel against URL https://lyncdiscover.extdomain.ru/
  Starting automatic discovery for unsecure (HTTP) external channel
  Couldn't connect to URL http://lyncdiscover.extdomain.ru/[email protected] (HTTP status code NotAcceptable)
  Server discovery failed for unsecured external channel against http://lyncdiscover.extdomain.ru/
  Starting the requirement tests for Lync Mobile 2013 App
  Please wait; this test may take several minutes to complete...
  Testing the app requirements using the following discovery response:
  Access Location : Internal
  SIP Server Internal Access : lync.cherry.loc
  SIP Server External Access : sip.extdomain.ru
  SIP Client Internal Access : lync.cherry.loc
  SIP Client External Access : sip.extdomain.ru
  Internal Auth broker service : https://lync.cherry.loc/Reach/sip.svc
  External Auth broker service : https://lync.cherry.loc/Reach/sip.svc
  Internal Auto discover service : https://lync.cherry.loc/Autodiscover/AutodiscoverService.svc/root
  Internal MCX service : https://lync.cherry.loc/Mcx/McxService.svc
  External MCX service : https://lync.cherry.loc/Mcx/McxService.svc
  Internal UCWA service : https://lync.cherry.loc/ucwa/v1/applications
  External UCWA service : https://lync.cherry.loc/ucwa/v1/applications
  Internal Webscheduler service : https://lync.cherry.loc/Scheduler
  External Webscheduler service : https://lync.cherry.loc/Scheduler
  Starting tests for Mobility (UCWA) service
  Verifying internal Ucwa service: https://lync.cherry.loc/ucwa/v1/applications
  Successfully created the UCWA service
  Completed tests for Mobility (UCWA) service
  Verification failed for Mobility (UCWA) service. The service could not be reached from an external network.
  Select All results above for more information about the failures. Detailed information can also be found in the log file.
  Your deployment meets the minimum requirements for Lync Mobile 2013 App.

• Save for all users not working

  I created a query in the rich client and selected "save for all users", but still cannot open it on another server.  Has anyone else experienced this?  I am on version 12.3.1 build 684.

  I just did a Save As and checked the "Save for all users" box.  I think I have to check "Remove document security", but that's grayed out); Deski only had the one option and it worked fine.  There error I received is:
  The document has been secured on another cluster. You cannot open this document on the current cluster. To open it, log on the right cluster and save it as unsecured. If the cluster is not reachable, try to connect to the following system : '<server>'. If this system is not reachable or not online, try the previous offline session with the connection ''. (WIS 30910)

• [SOLVED ]Automatic Xsession starting for two users not working

  Trying to have two Xsession running in the same time, started automatically after login on two consoles. When I start the second manually at tty8, it is running flawless. When trying to do the same with .xinitrc, it is completelly ignored and still talks bullshit about Xsession running for display 0.
  Make me feel there is some configuration file somewhere where it should not definitelly exist which takes controll everytime but when starting Xsession manually…
  Last edited by Behemot (2011-10-15 18:55:37)

  karol wrote:Not sure I get it, but .bashrc_profile!is executed when you log in, so you basically want to start X every time, right?
  Yep exactly, computer for lames, the second user is just for english-speaking, first one will be for native Czech. As soon as this will work, I will even set automatic logon with mingetty for both users.
  karol wrote:
  exec ck-launch-session dbus-launch startxfce4 -- :1 tty7
  For the second user change this to
  exec ck-launch-session dbus-launch startxfce4 -- :0 tty8
  :0 instead of :1 (or you can use :2 etc.)
  I think I've already tried, tried again now and still the same result.
  Last edited by Behemot (2011-10-15 14:25:46)

• FBA for AD users not working

  I have an external AD domain with no trust. I am trying to set up FBA with AD. This is not involving SQL server but involving the AD directly with account and populating them. SP admin before me had set it up for Novell E directory. I had opened another
  thread regarding this with some info but since that thread has been marked as answered i am opening this new one.
  The last thread is here:http://social.msdn.microsoft.com/Forums/en-US/43f2b263-d8de-4d2f-8d41-82e919c9377f/can-we-have-more-than-1-memebrship-provider-in-sts-token-service?forum=sharepointadmin
  I am following the steps defined in the following article: http://mirzafarhan.wordpress.com/2014/02/07/sharepoint-2013-configuring-claim-based-authentication-for-use-with-active-directory-ldap/
  External domain: ext.oma.edu
  User inputs following while registering: First Name , Last name and email id. User gets user name and password.
  My code for STS
  <membership>
  <providers>
  <add name=”EXTMember“
  type=”Microsoft.Office.Server.Security.LdapMembershipProvider,
  Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral,
  PublicKeyToken=71e9bce111e9429c”
  server=”ext.oma.edu“
  port=”389″
  useSSL=”false”
  userDNAttribute=”distinguishedName”
  userNameAttribute=”sAMAccountName”
  userContainer=”CN=Users,OU=SharePoint,OU=Managed,DC=oma,DC=edu“
  userObjectClass=”person”
  userFilter=”(ObjectClass=person)”
  scope=”Subtree”
  otherRequiredUserAttributes=”sn,givenname,cn”
  connectionUsername=”ext\admin“
  connectionPassword=”password” />
  </providers>
  </membership>
  <roleManager enabled=”true” defaultProvider=”AspNetWindowsTokenRoleProvider” >
  <providers>
  <add name=”EXTRole“
  type=”Microsoft.Office.Server.Security.LdapRoleProvider,
  Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral,
  PublicKeyToken=71e9bce111e9429c”
  server=”ext.oma.edu“
  port=”389″
  useSSL=”false”
  groupContainer=”CN=Users,OU=SharePoint,OU=Managed,DC=oma,DC=edu“
  groupNameAttribute=”cn”
  groupNameAlternateSearchAttribute=”samAccountName”
  groupMemberAttribute=”member”
  userNameAttribute=”sAMAccountName”
  dnAttribute=”distinguishedName”
  groupFilter=”(ObjectClass=group)”
  userFilter=”(ObjectClass=person)”
  scope=”Subtree”
  connectionUsername=”ext\admin“
  connectionPassword=”password” />
  </providers>
  </roleManager>
  Is everything i am doing correct. Two questions: What do i pass for CN? Is it plain user or connectionusername admin?
  Also do i create new <system.web> section to add this or i use the existing section where another fba has been configured? As soon as i add this another fba stops functioning? Please provide me with some idea.
  Adit

  How to query multiple OUs using FBA connection ? 
  <add name=”EXTMember“
  type=”Microsoft.Office.Server.Security.LdapMembershipProvider,
  Microsoft.Office.Server, Version=15.0.0.0, Culture=neutral,
  PublicKeyToken=71e9bce111e9429c”
  server=”ext.oma.edu“
  port=”389″
  useSSL=”false”
  userDNAttribute=”distinguishedName”
  userNameAttribute=”sAMAccountName”
  userContainer=”DC=oma,DC=edu“
  userObjectClass=”person”
  userFilter=”(ObjectClass=person)(|(ou=staff)(ou=manged))”
  scope=”Subtree”
  otherRequiredUserAttributes=”sn,givenname,cn”
  connectionUsername=”ext\admin“
  connectionPassword=”password” />
  </providers>
  Adit

• Lync 2013 - Address Book Synchronization Issues for External Users

  I recently deployed Lync Server 2013 in my organization. Everything works fine except for the address book synchronizing issues and the mobility access. I would really appreciate if someone could share their knowledge as I have done lot of troubleshooting,
  not sure if I have missed something. Please note my setup below for the External Web Services.
  Lync Front End:
  Listening: 8080 4443
  Published: 80 443
  I have published my External Web Services URL and the following ports are open: 4443, 443, 8080
  When I look at the Lync Client Configuration, ABS Server External URL is pointing to https://lyncexternalweb.domain.com:443/abs/handler. However, GAL Status is still pointing to my internal Front End FQDN: https://internal.domain.com:443/abs/handler.  
  For machines that are joined to the domain, the address books synchronizes with no issues. For machines that are not joined to the domain and for external users, GALContacts and GALContacts.DB files are not event generated for the users profiles. 

  Hi Anthony,
  Please note the findings below:
  1. I was checking the Lync Client configuration on one of the PC that is not joined to the domain, still on the domain network via site to site VPN connection. I noticed that the Connected Lync Server varies: sipinternal.domain.com, sipexternal.domain.com,
  lync.domain.com (Pointing to the Edge Server IP).  
  2. Edge Server External Settings: Single IP address with the FQDN set to lync.domain.com for all 3 services and the following ports configured. Access Edge Service: 5061, Web Conferencing Edge Service: 444, A/V Edge Service: 443 with NAT enabled public
  IPv4 address. I have checked the replication status between the Front End and Edge Server, it is up to date.
  3. In regard to the https://lyncdiscover.domain.com, I don't have the lyncdiscover.domain.com published, but it is pointing to the NAT enabled public IPv4 address which is assigned for A/V Edge Services.
  4. For the port forwarding, I am using the Cisco Meraki router. 
  Please advise if there are there is something that I am missing.
  Thanks!

• I have an iMac with OS Lion. The Smartart feature for Office for Mac will not work when I am logged on to my personal user account. It works with other user accounts on the same computer, and it works after "safe start". How can I fix the problem?

  The Smartart feature of Office for Mac will not work in my user account. It works for all other user accounts on the same computer, and it works after a "safe start". How can I fix the problem?

  You may also want to search/ask in the forums run by the people who make the product which is causing you problems:
  http://answers.microsoft.com/en-us/mac/forum/macoffice2011

• Access to my Office 365 third-party app for external user : "a User account is not registered for the account"

  In my third-party web application of Office 365, I want to have access to the contacts, events and emails of all the users from the organizations who installed my app. The thing is I don't want that all these users have to grant me access, I just want one
  admin of the org to grant access for my app and then be able to retrieve the data I need for all the users.
  To test for one organization, I logged in as the admin and proceed to the Oauth2 authentication to retrieve the access token and in the first request (the GET one to retrieve an authorization code) i add the parameter
  prompt=admin_consent.
  With this access token, I can access the data (emails, contact, event) of the admin
  for instance for the contacts
  uri: https://outlook.office365.com/ews/odata/Users(adminemail)/Contacts
  but not the data of the other users of this org with this uri
  uri: https://outlook.office365.com/ews/odata/Users(useremail)/Contacts
  The only thing I can do is retrieve an access token for each user but it supposed that each user has to authorize the access to the app but it's very cumbersome. So, i don't see what enables the parameter prompt=admin_consent and how to use it. Does anybody
  know what it does?
  And my question is: how can I do to access the data of all the users of one organization when the access has been granted by one admin?
  Thank you!

      
  This was answered on StackOverflow by Dushyant Gill.  http://stackoverflow.com/questions/25316175/access-to-my-office-365-third-party-app-for-external-user-a-user-account-is-n/25316678#25316678
  You are sending the OAuth request to a tenant specific endpoint of Azure AD. Note the {key_provided} part of your Url - that part represents the tenantid or a registered domain name of an Azure AD tenant. Azure AD throws this error is the user signing in
  is not a user in that tenant.
  Multi-tenant applications like yours have two options:
  Perform home realm discovery yourself and send the SSO request to the correct tenant-specific endpoint of Azure AD: when a new Azure AD organization signs-up for your application, record its tenant ID, and registered domain names. On your login page, ask
  the user for their email and try to discover what Org they belong to using the suffix the email.
  Use the common endpoint of Azure AD. Instead of the {key_provided} part of the URL, use 'common'. In this case Azure AD will determine the user's tenant and sign-in the user. The token that your application will receive will still be from the user's tenant
  (iss claim).
  2 is more convenient for apps. However #1 has an advantage when the user's Organization has customized their sign-in page with the company logo etc - in the case of #1 the user will directly be taken to the customized and familiar sign-in page.
  I recommend a combination of the two: try determining the user's organization and sending them to the tenant specific SSO endpoint. If you're not able to - send them to the common endpoint.

• Lyncdiscover reports HTTP 500 Internal Server Error for external users

  Hello,
  I have a problem providing lyncdiscover information for external Lync users. The same address works internal (prompts for file download) so I believe the problem is UAG/TMG providing the site which is not my cup of tea. I have a working external lyncdiscover
  for other domain in the same Lync + UAG/TMG server environment. I have also checked the public DNS records few times and everything should be fine. Firewall also shouldn't be an issue since it reports the internal server error, right? Any suggestions what
  should I check?

  more information based on Lync Autodiscover Web Service Remote Connectivity Test.
  Testing HTTP authentication methods for URL https://lyncdiscover.domain1.com/Autodiscover/AutodiscoverService.svc/root/user.
  HTTP authentication methods successful.
  Additional Details
  Testing HTTP content for URL https://lyncdiscover.domain1.comi/?sipuri=[email protected] has
  token="User".
  HTTP content isn't verified.
   <label for="testSelectWizard_ctl12_ctl06_ctl00_ctl04_tmmArrow">Tell
  me more about this issue and how to resolve it</label>
  Additional Details
  HTTP 200 status received from server, but no token="User".
  Elapsed Time: 203 ms.
  The same result goes for the other domain that provides the lyncdiscover information correctly for external users. It doesn't seem to solve the root cause but might help to understand
  the problem.

• How to secure BSP applications for external users on the internet?

  I posted this question under Enterprise Portal forum but got no response. I am hoping some of you experts in this area can help.
  We have developed BSP applications and set them up as iViews in Enterprise Portal 6. Our portal implementation will be used by external users.
  We have security concerns that the access to the BSPs  allows external users direct access to the R/3 system. We were told that we should use ITS application instead of BSP application for external users.
  Do any of you have any insight into how we could work around the security problem with BSP applications, or BSP applications in EP6? Your help will be greatly appreciated.

  In sense they are correct as to whether it is more secure or not would have to be a call by people who are more of an expert than myself.
  But I can see there point the BSP runs directly on the system and uses the system security where as the ITS is basically just an RFC call. However for us we use a 620 server with BSP's and make RFC calls to our R/3 systems thus keeping people of the R/3 directly - however we are not opened to the Internet.
  If your message is answered please remember to mark it solved so others searching in the future can find the solved ones quicker - just click on the yellow star.

• Outlook Anywhere proxy changed from Basic to NTLM for external users

  I have a Exchange 2013 environment that is also running Exchange 2010 coexistence (migrating). What is happening is autodiscover is handing out NTLM for the proxy settings and not basic. However when it is using NTLM we seem to get the password prompt over
  and over. If I manually changed it to Basic then it works fine, but when autodiscover goes again it changes back to NTLM and prompts that the Administrator made a change and you need to restart Outlook.
  I checked Outlook Anywhere and all my servers have Basic set for external users and NTLM set for internal.
  I only have a few mailboxes on 2013 and 2010 mailboxes seem not to have a problem.
  Here is an output for Outlook Anywhere on all six servers:
  Identity                           : CAS01\Rpc (Default Web Site)
  ExchangeVersion                    : 0.10 (14.0.100.0)
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm}
  Identity                           : CAS02\Rpc (Default Web Site)
  ExchangeVersion                    : 0.10 (14.0.100.0)
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm}
  Identity                           : CAS03\Rpc (Default Web Site)
  ExchangeVersion                    : 0.10 (14.0.100.0)
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm}
  Identity                           : EXCH2K13-01\Rpc (Default Web Site)
  ExchangeVersion                    : 0.20 (15.0.0.0)
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}
  Identity                           : EXCH2K13-02\Rpc (Default Web Site)
  ExchangeVersion                    : 0.20 (15.0.0.0)
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}
  Identity                           : EXCH2K13-03\Rpc (Default Web Site)
  ExchangeVersion                    : 0.20 (15.0.0.0)
  ExternalClientAuthenticationMethod : Basic
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}

  Hi,
  Please refer to the following KB to set the Outlook Anywhere settings on Exchange Server 2013 Client Access servers:
  http://support.microsoft.com/en-us/kb/2834139
  If it doesn’t work with the resolution above, please do the following checking in ADSI Edit:
  1. In Adsiedit, expand Configuration-->CN=Services -> CN=Microsoft Exchange -> CN=domain -> CN=Administrative Groups -> CN=Exchange Administrative Group -> CN=Databases.
  2. Right-click the listed database > Properties.
  3. Check whether the msExchHomePublicMDB value is set to an available value. Please change the value to <not set>.
  4. Click OK.
  Then check whether the issue persists.
  Regards,
  Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
  Winnie Liang
  TechNet Community Support

• In my mobile 2g internet is not working properly

  in my mobile 2g internet is not working properly

  Hi seenupooni,
  If your mobile Internet was working before but isn't now, see if the steps in this article help.
  iPhone: Troubleshooting a cellular data connection
  http://support.apple.com/kb/ts3780
  As it states, test as you go through the steps.
  Thank you for using Apple Support Communities.
  Nubz

• Error Message For BISystemUser: User not authenticated

  We have migrated from DEV to PROD env.(11.1.1.1 -> 11.1.1.3). Along problems with bipublisher - there are some strange thingths: we successfully loging using weblogic account into AdminConsole и Enterprise Manager, but in Answers we get an error: invalid username or password.
  nqserver.log:
  ...[ERROR:1] [] [] ... [tid: 1090] Error Message For BISystemUser: User not authenticated.
  ...[ERROR:1] [] [] ... [tid: 1090] [nQSError: 43126] Authentication failed: invalid user/password.
  In oracle support we found such issue (Doc ID 1308389.1):
  OBIEE 11g Error: "Unable to Sign in. invalid username or password was entered" After Changing Repository, Deleting BISystem User, Adding it Back (Doc ID 1308389.1)
  Applies to: Business Intelligence Server Enterprise Edition - Version: 11.1.1.3.0 [1905] to 11.1.1.5.0 [1308] - Release: 11g to 11g
  Symptoms: In OBIEE 11.1.1.3.0 using default authenticator, it is not possible to log in to OBIEE after changing repository. To troubleshoot, BIsystemuser was removed from global roles and added back again.
  Getting error: Unable to Sign in. invalid username or password was entered
  Changes: Changed repository, deleted BISystemuser, added the user back
  Cause: Several changes e.g changing rpd, deleting bisystem user, adding the user back etc. occurred in the environment and caused log in to OBIEE to stop working
  Solution: After a lot of troubleshooting e.g re-starting system in the correct order, refreshing GUIDs, re-start OBIEE with default SampleAppLite.rpd and web catalog, the error persists. The system was uninstalled and re-installed to avoid further corruption and configuration problems in the new installation. This resolved the problem
  Does we have to 'reinstall or make a lot of troubleshooting e.g re-starting system ' to solve this error?
  It seem to be funny for PROD environment. How we cam resolve this problem?

  Are you saying you upgraded both dev and prod from 11.1.1.1 to 11.1.1.3 or that you migrated a dev 11.1.1.1 to a prod 11.1.1.3? What did you migrate?
  At a rough guess the BISystemUser password is different in dev and prod (created by system on install) and in your 'migration' you've moved the dev credential across to prod.
  If that's the case you need to change the bisystemuser password to something known and update the credential store password.
  Another possibility might just be that you need to regenerate the GUIDs:
  http://download.oracle.com/docs/cd/E21764_01/bi.1111/e10543/privileges.htm#BIESC721

• The file to download the app for Android is not working from my phone--it says that the file isn't there. However it does see the one for the Iphone (even though it can't use it). I'm very computer literate and am pretty sure the problem is on your end.

  The file to download the app for Android is not working from my phone--it says that the file isn't there. However it does see the one for the Iphone (even though it can't use it). I've tried it multiple times and continue to get the same message: "NOT FOUND The requested item could not be found". I also tried through the Market application on the phone but ended-up with the same result.
  I'm very computer literate and am pretty sure the problem is on your end. If this is the case then no one can download the app. I considered that perhaps because it's still in Beta that it was removed due to some other type of software issue. I would really like to use Firefox on my new Droid (2.0); when with this be available?

  Firefox will not appear in the Market for most phones with incompatible hardware. You can check if your phone is supported here:
  https://wiki.mozilla.org/Mobile/Platforms/Android
  Even on some supported devices, a bug in the Market software prevents Firefox from showing up. This may be related to the fairly recent Android Market app update. If you go to Settings/Applications/Market and choose "Uninstall" you can uninstall the update, and then search for and install Firefox from the marketplace.
  Or, if you have a supported phone, you can download the app directly by typing this address into your phone's browser: http://bit.ly/fxbeta3
  (Note: To download the app directly for an AT&T phone, you will have to search for instructions on "sideloading" the APK file, since AT&T disables the option to install from non-Market sources.)

• My macbook pro external speaker not working! help please

  My macbook pro external speaker not working! help please

  1. Applications > Utilities > Audio MIDI Setup
      Audio Devices window
       Pllug in the speakers.
       Do they show up?
       Make sure that Mute is not enabled.
  2. Reset SMC.     http://support.apple.com/kb/HT3964
      Choose the method for:
      "Resetting SMC on portables with a battery you should not remove on your own".
  Best.