hi friends.

i wanted to configure Lync mobile feature in lync 2010 Ent and every other configuration is fine i get the passed result however when i test through https://testconnectivity.microsoft.com and i get the below error can anyone please assist me to resolve this since my lync mobile client does not sign in and stuck like keeps signing in...[I used the Forwarding in the router to forward ports of Edge server ,without TMG and i have the lyncdiscover A record point to my Lync server and certificates look good?]

one more thing.

if i access it through https://lyncdiscover.ok.com  i get the following error [403 - Forbidden: Access is denied.You do not have permission to view this directory or page using the credentials that you supplied]

but when i access through it thro  below way then it browsed okay and it prompts me the root file
https://lyncdiscover.ok.com/Autodiscover/AutodiscoverService.svc/root

and also when i browse this URL. http://lyncdiscover.ok.com/autodiscover/autodiscoverservice.svc/root/domain and i get the below file

{"Domain":{"Links":[{"href":"https:\/\/lync.ok.com\/Autodiscover\/AutodiscoverService.svc\/root\/domain","token":"Redirect"}],"SipClientExternalAccess":null,"SipClientInternalAccess":null,"SipServerExternalAccess":null,"SipServerInternalAccess":null}}

Note: and remaining steps in test result shows green and  i try to reinstall the lync mobility and reboot the server but still the same error???/



	Testing HTTP content for URL https://lyncdiscover.ok.com/?sipuri=Lync.test@ok.com has token="User".
	HTTP content isn't verified.
	Additional Details   An HTTP 403 forbidden response was received. The response appears to have come from IIS7. Body of the response: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>403 - Forbidden: Access is denied.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;} .content-container{background:#FFF;width:96%;margin-padding:10px;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div><fieldset> <h2>403 - Forbidden: Access is denied.</h2> <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3> </fieldset></div> </div> </body> </html> HTTP Response Headers: Content-Length: 1233 Content-Type: text/html Date: Thu, 07 May 2015 12:39:14 GMT Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET Elapsed Time: 309 ms.

 



please assist me its very urgent for me.

Thanks

Greenman

• Edited by GreeMann 17 hours 8 minutes ago

Hi,

this seems like reverse proxy is wrong.Did you setup reverse proxy using TMG?

If so  please check your rule on the To field that Forward the original host header instead of the actual one (specified in the internal site name field) is enabled.

If you run test on that rule,does it fail?

Hi,

In This setup I dont use TMG and I did the port forwarding through my ASA firewall As you know during Lync installation, it creates two web sites: Lync Server Internal Web Site and Lync Server External Web Site. As the names suggest, each website is configured for either internal or external access.  The internal site is published on ports 80/443, while the external site is published on 8080/4443 therefore i did configure Port forwarding in our ASA Firewall to redirect all requests of 443 on the public IP to 4443 on the Lync and the same for 80 to 8080 if we allowing HTTP requests.

And secondly I used Split-brain DNSConfigurations like I created the lyncdiscover.ok.com record in both our external Public and Internal DNS zones and we have to point both Internal and External records to external public IP address of Lync Server.. WHY.. since we dont use Reverse Proxy therefore All mobile clients will first lookup the lyncdiscoverinternal.ok.com DNS record and if it does not exist in the DNS then the resolution will fail and the client them moves on to resolving for lyncdiscover.ok.com when will point the client to the external IP.  We need to do this in order to proxy the client requests over HTTPS:443 to land on the External Web Services Autodiscover and Lync Mobility Services sites which are actually listening on HTTPS:444 Since we know that Dial In and Meet Lync traffic which shares the same Public IP using port 443.

I know its not recommended but  have seen my people deployed it. any other suggestion please ?

• Edited by GreeMann 2 hours 41 minutes ago

Hi,

I dont have any experience With ASA Firewall,so not sure how to configure it.

Split DNS is just not recomended,but its not supported.

https://technet.microsoft.com/en-us/library/gg398758(v=ocs.15).aspx

The setup deployment is pretty basis I did deploy this in previous company on 2012 but I use the same setup again and this time it does not work.

1. i did configure Port forwarding in our ASA Firewall to redirect all requests of 443 on the public IP to 4443 on the Lync and the same for 80 to 8080 if we allowing HTTP requests.
2. I add the lyncdiscover.<sipdomain> FQDN to the certificate .
3. I create the lyncdiscover.<sipdomain> record in both in my  external (public) and internal DNS zones.  Both the internal and external records needs to point to the same external public IP address of Lync FE.
4. All mobile clients will first lookup the lyncdiscoverinternal.<sipdomain> DNS record and if it does not exist in the DNS then the resolution will fail and the client them moves on to resolving for lyncdiscover.<sipdomain> when will point the client to the external IP.  I need to do this in order to proxy the client requests over HTTPS:443 to land on the External Web Services Autodiscover and MCX sites which are actually listening on HTTPS:444

 

i must say all testing result okay Im surprised what I did miss here this time?

• Edited by GreeMann 22 minutes ago