Skype for Busines

Hi,

Apologies for posting here but there seems not to be a Skype Category.

I have the following Topology:

1.   A Central Site with a 3 member FE pool inplace upgraded from Lync 2013 Server

2.   An SBS server in a branch site.

The Topology publishes well and all services are starting successfully which shows that there are no server certificate issues.

But, users homed on the Branch Site never connects. The S4B client just sits with 'Contacting server and signing in...'

The errors that I get with the logging tools (Snooper) are:

1.   Start-Line: SIP/2.0 401 Unauthorized - Quite a few of these

2.   ms-diagnostics: 4172;reason="No cert found for the user";isauthoritative="false";source="SBS-Server.domain.local"

Furthermore I have this but I'm uncertain whether it is related to above:

TL_ERROR(TF_DIAG) [0]15F8.1554::06/19/2015-11:44:43.091.00000493 (SIPStack,SIPAdminLog::WriteDiagnosticEvent:SIPAdminLog.cpp(833))[0] $$begin_record
Severity: error
Text: Service is currently unavailable on all servers in a pool
Result-Code: 0xc3e93c79 SIPPROXY_E_DNSLB_SERVICE_DOWN_ON_ALL_SERVERS
Data: pool-size="3";pool="central-site.domain.local";port="5061"
$$end_record

June 22nd, 2015 2:52am

Hi,

Apologies for posting here but there seems not to be a Skype Category.

I have the following Topology:

1.   A Central Site with a 3 member FE pool inplace upgraded from Lync 2013 Server

2.   An SBS server in a branch site.

The Topology publishes well and all services are starting successfully which shows that there are no server certificate issues.

But, users homed on the Branch Site never connects. The S4B client just sits with 'Contacting server and signing in...'

The errors that I get with the logging tools (Snooper) are:

1.   Start-Line: SIP/2.0 401 Unauthorized - Quite a few of these

2.   ms-diagnostics: 4172;reason="No cert found for the user";isauthoritative="false";source="SBS-Server.domain.local"

Furthermore I have this but I'm uncertain whether it is related to above:

TL_ERROR(TF_DIAG) [0]15F8.1554::06/19/2015-11:44:43.091.00000493 (SIPStack,SIPAdminLog::WriteDiagnosticEvent:SIPAdminLog.cpp(833))[0] $$begin_record
Severity: error
Text: Service is currently unavailable on all servers in a pool
Result-Code: 0xc3e93c79 SIPPROXY_E_DNSLB_SERVICE_DOWN_ON_ALL_SERVERS
Data: pool-size="3";pool="central-site.domain.local";port="5061"
$$end_record

Free Windows Admin Tool Kit Click here and download it now
June 22nd, 2015 6:47am

Hi,

Apologies for posting here but there seems not to be a Skype Category.

I have the following Topology:

1.   A Central Site with a 3 member FE pool inplace upgraded from Lync 2013 Server

2.   An SBS server in a branch site.

The Topology publishes well and all services are starting successfully which shows that there are no server certificate issues.

But, users homed on the Branch Site never connects. The S4B client just sits with 'Contacting server and signing in...'

The errors that I get with the logging tools (Snooper) are:

1.   Start-Line: SIP/2.0 401 Unauthorized - Quite a few of these

2.   ms-diagnostics: 4172;reason="No cert found for the user";isauthoritative="false";source="SBS-Server.domain.local"

Furthermore I have this but I'm uncertain whether it is related to above:

TL_ERROR(TF_DIAG) [0]15F8.1554::06/19/2015-11:44:43.091.00000493 (SIPStack,SIPAdminLog::WriteDiagnosticEvent:SIPAdminLog.cpp(833))[0] $$begin_record
Severity: error
Text: Service is currently unavailable on all servers in a pool
Result-Code: 0xc3e93c79 SIPPROXY_E_DNSLB_SERVICE_DOWN_ON_ALL_SERVERS
Data: pool-size="3";pool="central-site.domain.local";port="5061"
$$end_record

June 22nd, 2015 6:47am

Hi,

Apologies for posting here but there seems not to be a Skype Category.

I have the following Topology:

1.   A Central Site with a 3 member FE pool inplace upgraded from Lync 2013 Server

2.   An SBS server in a branch site.

The Topology publishes well and all services are starting successfully which shows that there are no server certificate issues.

But, users homed on the Branch Site never connects. The S4B client just sits with 'Contacting server and signing in...'

The errors that I get with the logging tools (Snooper) are:

1.   Start-Line: SIP/2.0 401 Unauthorized - Quite a few of these

2.   ms-diagnostics: 4172;reason="No cert found for the user";isauthoritative="false";source="SBS-Server.domain.local"

Furthermore I have this but I'm uncertain whether it is related to above:

TL_ERROR(TF_DIAG) [0]15F8.1554::06/19/2015-11:44:43.091.00000493 (SIPStack,SIPAdminLog::WriteDiagnosticEvent:SIPAdminLog.cpp(833))[0] $$begin_record
Severity: error
Text: Service is currently unavailable on all servers in a pool
Result-Code: 0xc3e93c79 SIPPROXY_E_DNSLB_SERVICE_DOWN_ON_ALL_SERVERS
Data: pool-size="3";pool="central-site.domain.local";port="5061"
$$end_record

Free Windows Admin Tool Kit Click here and download it now
June 22nd, 2015 6:47am

Hi,

Apologies for posting here but there seems not to be a Skype Category.

I have the following Topology:

1.   A Central Site with a 3 member FE pool inplace upgraded from Lync 2013 Server

2.   An SBS server in a branch site.

The Topology publishes well and all services are starting successfully which shows that there are no server certificate issues.

But, users homed on the Branch Site never connects. The S4B client just sits with 'Contacting server and signing in...'

The errors that I get with the logging tools (Snooper) are:

1.   Start-Line: SIP/2.0 401 Unauthorized - Quite a few of these

2.   ms-diagnostics: 4172;reason="No cert found for the user";isauthoritative="false";source="SBS-Server.domain.local"

Furthermore I have this but I'm uncertain whether it is related to above:

TL_ERROR(TF_DIAG) [0]15F8.1554::06/19/2015-11:44:43.091.00000493 (SIPStack,SIPAdminLog::WriteDiagnosticEvent:SIPAdminLog.cpp(833))[0] $$begin_record
Severity: error
Text: Service is currently unavailable on all servers in a pool
Result-Code: 0xc3e93c79 SIPPROXY_E_DNSLB_SERVICE_DOWN_ON_ALL_SERVERS
Data: pool-size="3";pool="central-site.domain.local";port="5061"
$$end_record

June 22nd, 2015 6:47am

Hi Vinkie,

You may try the following suggestions.

1. You can run Get-CsManagementStoreReplicationStatus cmdlet to check whether replication is currently up to date.

 

2. Run the following cmdlet to revoke all the client certificates that have been issued to the users.

Get-CsUser | Revoke-CsClientCertificate

 

3. Delete the sign in information on client computer. (Cache file and certificate)

 

Best regards,

Eric

 

 

Free Windows Admin Tool Kit Click here and download it now
June 22nd, 2015 9:39pm

Hi,

I am not sure that is where the issue is, but I will give it a go.

When I move the user from the Branch Site to the Central Site FE pool the user can indeed connect...this without changing or deleting anything.

I tried that, but no luck. More log items:

----

TL_INFO(TF_PROTOCOL) [0]15F8.072C::06/23/2015-09:29:05.341.0000099b (SIPStack,SIPAdminLog::ProtocolRecord::Flush:ProtocolRecord.cpp(261))[266653885] $$begin_record
Trace-Correlation-Id: 266653885
Instance-Id: B3FC
Direction: outgoing;source="local"
Peer: 10.0.0.2:50709
Message-Type: response
Start-Line: SIP/2.0 401 Unauthorized
From: <sip:lync.user@domain.local>;tag=a6b416e60e;epid=04d9bebc5f
To: <sip:lync.user@domain.local>;tag=EAAF2E185BCA32FFEE0A50C2BDA845E9
Call-ID: 3bec9245cb4c4abeac83f062b50dcd5a
CSeq: 1 REGISTER
Via: SIP/2.0/TLS 10.0.0.2:50709;ms-received-port=50709;ms-received-cid=23F800
Content-Length: 0
Date: Tue, 23 Jun 2015 09:29:05 GMT
WWW-Authenticate: NTLM realm="SIP Communications Service", targetname="branch-site.domain.local", version=4
WWW-Authenticate: Kerberos realm="SIP Communications Service", targetname="sip/branch-site.domain.local", version=4
WWW-Authenticate: TLS-DSK realm="SIP Communications Service", targetname="branch-site.domain.local", version=4, sts-uri="https://central-site.domain.local:443/CertProv/CertProvisioningService.svc"
Server: RTC/6.0
$$end_record

---

TL_INFO(TF_PROTOCOL) [0]15F8.072C::06/23/2015-09:29:05.450.000009a5 (SIPStack,SIPAdminLog::ProtocolRecord::Flush:ProtocolRecord.cpp(261))[266653885] $$begin_record
Trace-Correlation-Id: 266653885
Instance-Id: B400
Direction: outgoing;source="local"
Peer: 10.0.0.2:50709
Message-Type: response
Start-Line: SIP/2.0 401 Unauthorized
From: <sip:lync.user@domain.local>;tag=a6b416e60e;epid=04d9bebc5f
To: <sip:lync.user@domain.local>;tag=EAAF2E185BCA32FFEE0A50C2BDA845E9
Call-ID: 3bec9245cb4c4abeac83f062b50dcd5a
CSeq: 3 REGISTER
Via: SIP/2.0/TLS 10.0.0.2:50709;ms-received-port=50709;ms-received-cid=23F800
Content-Length: 0
Date: Tue, 23 Jun 2015 09:29:05 GMT
WWW-Authenticate: TLS-DSK opaque="78767136", gssapi-data="FAMBAAEBFgMBADBSiNBQ1ReYrjnlnrgA5iL0K3PaX5DRv1FX5YWq8V8oCuKZvKxRsgIbnXsbn0cfrig=", targetname="branch-site.domain.local", realm="SIP Communications Service", version=4
Server: RTC/6.0
$$end_record
---

  • Edited by Vinkie 21 hours 45 minutes ago
June 23rd, 2015 5:22am

Hi,

I am not sure that is where the issue is, but I will give it a go.

When I move the user from the Branch Site to the Central Site FE pool the user can indeed connect...this without changing or deleting anything.

I tried that, but no luck. More log items:

----

TL_INFO(TF_PROTOCOL) [0]15F8.072C::06/23/2015-09:29:05.341.0000099b (SIPStack,SIPAdminLog::ProtocolRecord::Flush:ProtocolRecord.cpp(261))[266653885] $$begin_record
Trace-Correlation-Id: 266653885
Instance-Id: B3FC
Direction: outgoing;source="local"
Peer: 10.0.0.2:50709
Message-Type: response
Start-Line: SIP/2.0 401 Unauthorized
From: <sip:lync.user@domain.local>;tag=a6b416e60e;epid=04d9bebc5f
To: <sip:lync.user@domain.local>;tag=EAAF2E185BCA32FFEE0A50C2BDA845E9
Call-ID: 3bec9245cb4c4abeac83f062b50dcd5a
CSeq: 1 REGISTER
Via: SIP/2.0/TLS 10.0.0.2:50709;ms-received-port=50709;ms-received-cid=23F800
Content-Length: 0
Date: Tue, 23 Jun 2015 09:29:05 GMT
WWW-Authenticate: NTLM realm="SIP Communications Service", targetname="branch-site.domain.local", version=4
WWW-Authenticate: Kerberos realm="SIP Communications Service", targetname="sip/branch-site.domain.local", version=4
WWW-Authenticate: TLS-DSK realm="SIP Communications Service", targetname="branch-site.domain.local", version=4, sts-uri="https://central-site.domain.local:443/CertProv/CertProvisioningService.svc"
Server: RTC/6.0
$$end_record

---

TL_INFO(TF_PROTOCOL) [0]15F8.072C::06/23/2015-09:29:05.450.000009a5 (SIPStack,SIPAdminLog::ProtocolRecord::Flush:ProtocolRecord.cpp(261))[266653885] $$begin_record
Trace-Correlation-Id: 266653885
Instance-Id: B400
Direction: outgoing;source="local"
Peer: 10.0.0.2:50709
Message-Type: response
Start-Line: SIP/2.0 401 Unauthorized
From: <sip:lync.user@domain.local>;tag=a6b416e60e;epid=04d9bebc5f
To: <sip:lync.user@domain.local>;tag=EAAF2E185BCA32FFEE0A50C2BDA845E9
Call-ID: 3bec9245cb4c4abeac83f062b50dcd5a
CSeq: 3 REGISTER
Via: SIP/2.0/TLS 10.0.0.2:50709;ms-received-port=50709;ms-received-cid=23F800
Content-Length: 0
Date: Tue, 23 Jun 2015 09:29:05 GMT
WWW-Authenticate: TLS-DSK opaque="78767136", gssapi-data="FAMBAAEBFgMBADBSiNBQ1ReYrjnlnrgA5iL0K3PaX5DRv1FX5YWq8V8oCuKZvKxRsgIbnXsbn0cfrig=", targetname="branch-site.domain.local", realm="SIP Communications Service", version=4
Server: RTC/6.0
$$end_record
---

  • Edited by Vinkie Tuesday, June 23, 2015 9:39 AM
Free Windows Admin Tool Kit Click here and download it now
June 23rd, 2015 9:21am

Hi,

I am not sure that is where the issue is, but I will give it a go.

When I move the user from the Branch Site to the Central Site FE pool the user can indeed connect...this without changing or deleting anything.

I tried that, but no luck. More log items:

----

TL_INFO(TF_PROTOCOL) [0]15F8.072C::06/23/2015-09:29:05.341.0000099b (SIPStack,SIPAdminLog::ProtocolRecord::Flush:ProtocolRecord.cpp(261))[266653885] $$begin_record
Trace-Correlation-Id: 266653885
Instance-Id: B3FC
Direction: outgoing;source="local"
Peer: 10.0.0.2:50709
Message-Type: response
Start-Line: SIP/2.0 401 Unauthorized
From: <sip:lync.user@domain.local>;tag=a6b416e60e;epid=04d9bebc5f
To: <sip:lync.user@domain.local>;tag=EAAF2E185BCA32FFEE0A50C2BDA845E9
Call-ID: 3bec9245cb4c4abeac83f062b50dcd5a
CSeq: 1 REGISTER
Via: SIP/2.0/TLS 10.0.0.2:50709;ms-received-port=50709;ms-received-cid=23F800
Content-Length: 0
Date: Tue, 23 Jun 2015 09:29:05 GMT
WWW-Authenticate: NTLM realm="SIP Communications Service", targetname="branch-site.domain.local", version=4
WWW-Authenticate: Kerberos realm="SIP Communications Service", targetname="sip/branch-site.domain.local", version=4
WWW-Authenticate: TLS-DSK realm="SIP Communications Service", targetname="branch-site.domain.local", version=4, sts-uri="https://central-site.domain.local:443/CertProv/CertProvisioningService.svc"
Server: RTC/6.0
$$end_record

---

TL_INFO(TF_PROTOCOL) [0]15F8.072C::06/23/2015-09:29:05.450.000009a5 (SIPStack,SIPAdminLog::ProtocolRecord::Flush:ProtocolRecord.cpp(261))[266653885] $$begin_record
Trace-Correlation-Id: 266653885
Instance-Id: B400
Direction: outgoing;source="local"
Peer: 10.0.0.2:50709
Message-Type: response
Start-Line: SIP/2.0 401 Unauthorized
From: <sip:lync.user@domain.local>;tag=a6b416e60e;epid=04d9bebc5f
To: <sip:lync.user@domain.local>;tag=EAAF2E185BCA32FFEE0A50C2BDA845E9
Call-ID: 3bec9245cb4c4abeac83f062b50dcd5a
CSeq: 3 REGISTER
Via: SIP/2.0/TLS 10.0.0.2:50709;ms-received-port=50709;ms-received-cid=23F800
Content-Length: 0
Date: Tue, 23 Jun 2015 09:29:05 GMT
WWW-Authenticate: TLS-DSK opaque="78767136", gssapi-data="FAMBAAEBFgMBADBSiNBQ1ReYrjnlnrgA5iL0K3PaX5DRv1FX5YWq8V8oCuKZvKxRsgIbnXsbn0cfrig=", targetname="branch-site.domain.local", realm="SIP Communications Service", version=4
Server: RTC/6.0
$$end_record
---

  • Edited by Vinkie Tuesday, June 23, 2015 9:39 AM
June 23rd, 2015 9:21am

Hi,

I am not sure that is where the issue is, but I will give it a go.

When I move the user from the Branch Site to the Central Site FE pool the user can indeed connect...this without changing or deleting anything.

I tried that, but no luck. More log items:

----

TL_INFO(TF_PROTOCOL) [0]15F8.072C::06/23/2015-09:29:05.341.0000099b (SIPStack,SIPAdminLog::ProtocolRecord::Flush:ProtocolRecord.cpp(261))[266653885] $$begin_record
Trace-Correlation-Id: 266653885
Instance-Id: B3FC
Direction: outgoing;source="local"
Peer: 10.0.0.2:50709
Message-Type: response
Start-Line: SIP/2.0 401 Unauthorized
From: <sip:lync.user@domain.local>;tag=a6b416e60e;epid=04d9bebc5f
To: <sip:lync.user@domain.local>;tag=EAAF2E185BCA32FFEE0A50C2BDA845E9
Call-ID: 3bec9245cb4c4abeac83f062b50dcd5a
CSeq: 1 REGISTER
Via: SIP/2.0/TLS 10.0.0.2:50709;ms-received-port=50709;ms-received-cid=23F800
Content-Length: 0
Date: Tue, 23 Jun 2015 09:29:05 GMT
WWW-Authenticate: NTLM realm="SIP Communications Service", targetname="branch-site.domain.local", version=4
WWW-Authenticate: Kerberos realm="SIP Communications Service", targetname="sip/branch-site.domain.local", version=4
WWW-Authenticate: TLS-DSK realm="SIP Communications Service", targetname="branch-site.domain.local", version=4, sts-uri="https://central-site.domain.local:443/CertProv/CertProvisioningService.svc"
Server: RTC/6.0
$$end_record

---

TL_INFO(TF_PROTOCOL) [0]15F8.072C::06/23/2015-09:29:05.450.000009a5 (SIPStack,SIPAdminLog::ProtocolRecord::Flush:ProtocolRecord.cpp(261))[266653885] $$begin_record
Trace-Correlation-Id: 266653885
Instance-Id: B400
Direction: outgoing;source="local"
Peer: 10.0.0.2:50709
Message-Type: response
Start-Line: SIP/2.0 401 Unauthorized
From: <sip:lync.user@domain.local>;tag=a6b416e60e;epid=04d9bebc5f
To: <sip:lync.user@domain.local>;tag=EAAF2E185BCA32FFEE0A50C2BDA845E9
Call-ID: 3bec9245cb4c4abeac83f062b50dcd5a
CSeq: 3 REGISTER
Via: SIP/2.0/TLS 10.0.0.2:50709;ms-received-port=50709;ms-received-cid=23F800
Content-Length: 0
Date: Tue, 23 Jun 2015 09:29:05 GMT
WWW-Authenticate: TLS-DSK opaque="78767136", gssapi-data="FAMBAAEBFgMBADBSiNBQ1ReYrjnlnrgA5iL0K3PaX5DRv1FX5YWq8V8oCuKZvKxRsgIbnXsbn0cfrig=", targetname="branch-site.domain.local", realm="SIP Communications Service", version=4
Server: RTC/6.0
$$end_record
---

  • Edited by Vinkie Tuesday, June 23, 2015 9:39 AM
Free Windows Admin Tool Kit Click here and download it now
June 23rd, 2015 9:21am

Hi Vinkie, 

In order to use the existing SBS when you upgrade your Front End pool to Skype for Business Server 2015, you have to follow the process below:

 

  1. Move branch users that are on SBA/SBS to another pool
  2. Remove SBA/SBS from your topology to disassociate the existing Front End pool as the backup registrar
  3. Use the In-Place Upgrade to upgrade the Lync Server 2013 Front End pool to Skype for Business Server 2015. If youre running Lync Server 2010 on your Front End pool, we recommend that you first upgrade to Lync Server 2013, and then upgrade to Skype for Business Server 2015 by using the new In-Place Upgrade feature. For more information, see Migration from Lync Server 2010 to Lync Server 2013
  4. Add your existing SBA/SBS back into your topology
  5. Associate the upgraded Front End pool to the SBA/SBS as a backup registrar
  6. Move the branch users back into the SBA/SBS.

 

Best regards,

Eric

 


June 28th, 2015 6:03am

Hi Vinkie,

I'm marking the reply as answer as there has been no update for a couple of days.

If you come back to find it doesn't work for you, please reply to us and unmark the answer.

 

Best regards,

Eric

Free Windows Admin Tool Kit Click here and download it now
July 8th, 2015 3:20am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics