I also have a problem getting Mobility working externally.
All other features seem to be working just fine. I have run several tests as well as the Best Practices utility and resolved all of the issues listed. When I attempt to connect I get the usual failure "An Error has occurred" message. I am listing all of the typical results from the suggested steps I have taken below.
First, here is the answer to the normal questions asked in this case:
a. I am using a single certificate for everything.
b. The Publishing rule "Web Farm" is in the certificate along with all the public names
c. Authentication delegation is set to "No delegation, but clients may authenticate directly".
d. Root CA and public CA are trusted by TMG
I noticed that when I attempt to connect TMG says "page must be viewed over secure channel". The logs on the client return authentication errors. And finally the mobile client appears to try lyncdiscoverinternal and jumps to pool01 instead of trying lyncdiscover next. If I hard set the client to lyncdiscover instead of autodiscover, it just spins and never times out or fails... nothing happens.
Can you help? I would be glad to run anything you need for testing. See current results below:
Get-CsMcxConfigurationIdentity : Global
SessionExpirationInterval : 259200
SessionShortExpirationInterval : 3600
ExposedWebURL : External
PushNotificationProxyUri : sip:push@push.lync.com
---------------
Get-CsMobilityPolicy
Identity : Global
Description :
EnableOutsideVoice : True
EnableMobility : True
---------------
Get-CsPushNotificationConfiguration
Identity : Global
EnableApplePushNotificationService : True
EnableMicrosoftPushNotificationService : True
---------------
Get-CsAutodiscoverConfiguration
Identity : Global
WebLinks : {}
---------------
Test-CsMcxPushNotification -AccessEdgeFqdn "edge.domain.com"
TargetFqdn :
Result : Success
Latency : 00:00:00
Error :
Diagnosis :
---------------
Test-CsMcxP2PIM -TargetFqdn "lyncdiscover.domain.com"
TargetUri : https://pool01.domain.com:443/mcx
TargetFqdn : lyncdiscover.domain.com
Result : Failure
Latency : 00:00:00
Error : ERROR - No response received for Web-Ticket service.
Inner Exception:The HTTP request is unauthorized with client authe
ntication scheme 'Ntlm'. The authentication header received from t
he server was 'Negotiate,NTLM'.
Inner Exception:The remote server returned an error: (401) Unautho
rized.
Diagnosis :
---------------
FROM RProxy on TMG
Allowed Connection
TOL-LTCLRP1 4/9/2012 1:15:07 PM
Log type: Web Proxy (Reverse)
Status: 403 Forbidden
Rule: Lync Multi-Server Web Rule
Source: External (166.249.XXX.XXX:5065)
Destination: Local Host (10.60.XXX.XX:4443)
Request: GET http://lyncdiscover.domain.com/?sipuri=sip:user1@domain.com
Filter information: Req ID: 0b6925c6; Compression: client=No, server=No, compress rate=0% decompress rate=0%
Protocol: https
User: anonymous
Additional information
Client agent: ACOMO
Object source: Internet (Source is the Internet. Object was added to the cache.)
Cache info: 0x40000000 (Response should not be cached.)
Processing time: 1 MIME type: text/html
-THEN-
Failed Connection Attempt
TOL-LTCLRP1 4/9/2012 1:15:07 PM
Log type: Web Proxy (Reverse)
Status: 12311 The page must be viewed over a secure channel (Secure Sockets Layer (SSL)). Contact the server administrator.
Rule: Lync Multi-Server Web Rule
Source: External (166.249.XXX.XXX:8030)
Destination: Local Host (192.168.XXX.XXX:80)
Request: GET http://lyncdiscover.lakeshoretoltest.com/
Filter information: Req ID: 0b6925d3; Compression: client=No, server=No, compress rate=0% decompress rate=0%
Protocol: http
User: anonymous
Additional information
Client agent: ACOMO
Object source: (No source information is available.)
Cache info: 0x0
Processing time: 1 MIME type:
---------------
ALL ERRORS From Android Client
Apr 9, 2012 1:15:04 PM ERROR HttpConnection: java.net.UnknownHostException: Unable to resolve host "lyncdiscoverinternal.domain.com": No address associated with hostname
Apr 9, 2012 1:15:04 PM ERROR TRANSPORT /mnt/hgfs/marvin_LyncRTM/dev/como/android/proxy/CHttpConnection.cpp/166:CHttpConnection exception: java.net.UnknownHostException
Apr 9, 2012 1:15:04 PM ERROR HttpConnection: java.net.UnknownHostException: Unable to resolve host "lyncdiscoverinternal.domain.com": No address associated with hostname
Apr 9, 2012 1:15:04 PM ERROR TRANSPORT /mnt/hgfs/marvin_LyncRTM/dev/como/android/proxy/CHttpConnection.cpp/166:CHttpConnection exception: java.net.UnknownHostException
Apr 9, 2012 1:15:04 PM ERROR APPLICATION /mnt/hgfs/marvin_LyncRTM/dev/como/applicationLayer/infrastructure/private/CUcwaAutoDiscoveryGetUserUrlOperation.cpp/322:Request failed. Error - E2-2-1
Apr 9, 2012 1:15:04 PM ERROR APPLICATION /mnt/hgfs/marvin_LyncRTM/dev/como/applicationLayer/infrastructure/private/CUcwaAutoDiscoveryGetUserUrlOperation.cpp/322:Request failed. Error - E2-3-15
Apr 9, 2012 1:15:05 PM ERROR APPLICATION /mnt/hgfs/marvin_LyncRTM/dev/como/applicationLayer/infrastructure/private/CUcwaAutoDiscoveryServiceRetrialWrapper.cpp/348:Auto-discovery failed. Analysing the failure
Apr 9, 2012 1:15:05 PM ERROR APPLICATION /mnt/hgfs/marvin_LyncRTM/dev/como/applicationLayer/infrastructure/private/CLogonSession.cpp/1050:Auto-discovery failed, aborting sign-in!
Apr 9, 2012 1:15:05 PM ERROR APPLICATION /mnt/hgfs/marvin_LyncRTM/dev/como/applicationLayer/objectModel/private/CAlertReporter.cpp/52:Alert received! Type 16384, level 0, error E2-3-15, context ''
Apr 9, 2012 1:15:28 PM ERROR HttpConnection: java.net.UnknownHostException: Unable to resolve host "pool01.domain.com": No address associated with hostname
Apr 9, 2012 1:15:28 PM ERROR TRANSPORT /mnt/hgfs/marvin_LyncRTM/dev/como/android/proxy/CHttpConnection.cpp/166:CHttpConnection exception: java.net.UnknownHostException
Apr 9, 2012 1:15:28 PM ERROR TRANSPORT /mnt/hgfs/marvin_LyncRTM/dev/como/transport/authenticationResolver/private/CAuthenticationResolver.cpp/554:Unable to get the meta data for server url https://pool01.domain.com:443/groupexpansion/service.svc