Lync Mobile keeps signing in... [Stuck]

hi friends.

i wanted to configure Lync mobile feature in lync 2010 Ent and every other configuration is fine i get the passed result however when i test through https://testconnectivity.microsoft.com and i get the below error can anyone please assist me to resolve this since my lync mobile client does not sign in and stuck like keeps signing in...[I used the Forwarding in the router to forward ports of Edge server ,without TMG and i have the lyncdiscover A record point to my Lync server and certificates look good?]

one more thing.

if i access it through https://lyncdiscover.ok.com  i get the following error [403 - Forbidden: Access is denied.You do not have permission to view this directory or page using the credentials that you supplied]

but when i access through it thro  below way then it browsed okay and it prompts me the root file
https://lyncdiscover.ok.com/Autodiscover/AutodiscoverService.svc/root

and also when i browse this URL. http://lyncdiscover.ok.com/autodiscover/autodiscoverservice.svc/root/domain and i get the below file

{"Domain":{"Links":[{"href":"https:\/\/lync.ok.com\/Autodiscover\/AutodiscoverService.svc\/root\/domain","token":"Redirect"}],"SipClientExternalAccess":null,"SipClientInternalAccess":null,"SipServerExternalAccess":null,"SipServerInternalAccess":null}}

Note: and remaining steps in test result shows green and  i try to reinstall the lync mobility and reboot the server but still the same error???/



https://testconnectivity.microsoft.com/Images/Error.png

Testing HTTP content for URL https://lyncdiscover.ok.com/?sipuri=Lync.test@ok.com has token="User".

 

HTTP content isn't verified.

 

https://testconnectivity.microsoft.com/Images/Minus.gif

Additional Details

 

An HTTP 403 forbidden response was received. The response appears to have come from IIS7. Body of the response: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml"> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/> <title>403 - Forbidden: Access is denied.</title> <style type="text/css"> <!-- body{margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-serif;background:#EEEEEE;} fieldset{padding:0 15px 10px 15px;} h1{font-size:2.4em;margin:0;color:#FFF;} h2{font-size:1.7em;margin:0;color:#CC0000;} h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} #header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF; background-color:#555555;} #content{margin:0 0 0 2%;} .content-container{background:#FFF;width:96%;margin-padding:10px;} --> </style> </head> <body> <div id="header"><h1>Server Error</h1></div> <div id="content"> <div><fieldset> <h2>403 - Forbidden: Access is denied.</h2> <h3>You do not have permission to view this directory or page using the credentials that you supplied.</h3> </fieldset></div> </div> </body> </html> HTTP Response Headers: Content-Length: 1233 Content-Type: text/html Date: Thu, 07 May 2015 12:39:14 GMT Server: Microsoft-IIS/7.5 X-Powered-By: ASP.NET

Elapsed Time: 309 ms.

 



please assist me its very urgent for me.

Thanks

Greenman






  • Edited by GreeMann Thursday, May 07, 2015 2:16 PM
May 7th, 2015 12:51pm

Hi,

In This setup I dont use TMG and I did the port forwarding through my ASA firewall As you know during Lync installation, it creates two web sites: Lync Server Internal Web Site and Lync Server External Web Site. As the names suggest, each website is configured for either internal or external access.  The internal site is published on ports 80/443, while the external site is published on 8080/4443 therefore i did configure Port forwarding in our ASA Firewall to redirect all requests of 443 on the public IP to 4443 on the Lync and the same for 80 to 8080 if we allowing HTTP requests.

And secondly I used Split-brain DNSConfigurations like I created the lyncdiscover.ok.com record in both our external Public and Internal DNS zones and we have to point both Internal and External records to external public IP address of Lync Server.. WHY.. since we dont use Reverse Proxy therefore All mobile clients will first lookup the lyncdiscoverinternal.ok.com DNS record and if it does not exist in the DNS then the resolution will fail and the client them moves on to resolving for lyncdiscover.ok.com when will point the client to the external IP.  We need to do this in order to proxy the client requests over HTTPS:443 to land on the External Web Services Autodiscover and Lync Mobility Services sites which are actually listening on HTTPS:444 Since we know that Dial In and Meet Lync traffic which shares the same Public IP using port 443.

I know its not recommended but  have seen my people deployed it. any other suggestion please ?



  • Edited by GreeMann Friday, May 08, 2015 4:43 AM
Free Windows Admin Tool Kit Click here and download it now
May 8th, 2015 4:38am

The setup deployment is pretty basis I did deploy this in previous company on 2012 but I use the same setup again and this time it does not work.


  1. i did configure Port forwarding in our ASA Firewall to redirect all requests of 443 on the public IP to 4443 on the Lync and the same for 80 to 8080 if we allowing HTTP requests.
  2. I add the lyncdiscover.<sipdomain> FQDN to the certificate .
  3. I create the lyncdiscover.<sipdomain> record in both in my  external (public) and internal DNS zones.  Both the internal and external records needs to point to the same external public IP address of Lync FE.
  4. All mobile clients will first lookup the lyncdiscoverinternal.<sipdomain> DNS record and if it does not exist in the DNS then the resolution will fail and the client them moves on to resolving for lyncdiscover.<sipdomain> when will point the client to the external IP.  I need to do this in order to proxy the client requests over HTTPS:443 to land on the External Web Services Autodiscover and MCX sites which are actually listening on HTTPS:444

 

i must say all testing result okay Im surprised what I did miss here this time?



  • Edited by GreeMann Friday, May 08, 2015 7:03 AM
May 8th, 2015 6:59am

hi

we never used certificate in ASA firewall .

and there seems no issue in the certificate as you can see all the test result shows passed

Testing TCP port 443 on host lyncdiscover.afghan-wireless.com to ensure it's listening and open.
  The port was opened successfully.
 
Additional Details
Testing the SSL certificate to make sure it's valid.
  The certificate passed all validation requirements.
 
Additional Details
 

Elapsed Time: 1379 ms.

and also when  i access it through https://lyncdiscover.ok.com  i get the following error [403 - Forbidden: Access is denied.You do not have permission to view this directory or page using the credentials that you supplied]

In addition to that is there any way I could get or capture a trace to find out the root problem?



  • Edited by GreeMann Friday, May 08, 2015 4:12 PM
Free Windows Admin Tool Kit Click here and download it now
May 8th, 2015 9:38am

thanks everybody i have fixed my problem and i have configured lync 2010 motility with TMG.

the resolution steps was when i uninstall mobility service and reinstall it using The command  cd C:\Program Files\Microsoft Lync Server 2010\Deployment and .\BootStrapper.exe

  • Marked as answer by GreeMann Sunday, May 10, 2015 9:45 AM
  • Edited by GreeMann Sunday, May 10, 2015 9:47 AM
May 10th, 2015 9:45am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics