Documente Academic
Documente Profesional
Documente Cultură
This article provides step-by-step troubleshooting for Microsoft Lync Server 2010 connectivity issues for
external users with mobile devices. This article assumes that Lync Server 2010 Mobility Service and Lync Server 2010
Autodiscover Service are successfully deployed and internal users are able to connect using the Lync 2010 mobile
client. It assumes that Lync Server clients can successfully connect to an external mobile device user without error
messages or warnings for web services connectivity. This article does not include steps for troubleshooting push
notifications for Windows Phone 7 and iOS devices.
Product version: Microsoft Lync Server 2010 with Cumulative update for November 2012
Symptom
When a mobile device with a Lync 2010 client tries to connect to Lync Server 2010, the user receives the error
message:
Can’t connect to the server. It might be unavailable. Also please check your network connection, sign-in
address, and server addresses.
Troubleshooting
Note: The SIP domain used throughout this document is contoso.com; replace contoso.com with your actual SIP
domain. Lyncexternal.contoso.com is the external web services URL of the pool.
If you use Autodiscover Service to locate Lync Server 2010, the first step is to type the Autodiscover URL into the
web browser. For example after typing https://lyncdiscover.contoso.com in the browser, you should receive a
prompt to open or save the lyncdiscover_contoso.com file.
If you receive a warning or an error, check the browser settings. If you are prompted for authentication when
browsing lyncdiscover.contoso.com, there is a configuration issue on the reverse proxy.
If you are unable to obtain the lyncdiscover_contoso.com file, perform a Nslookup for lyncdiscover.contoso.com.
Verify that the A record is setup for lyncdiscover.contoso.com and that it points to the correct external IP address.
When you open the lyncdiscover_contoso.com file in notepad, you should see the following content.
{"AccessLocation":"External","Root":{"Links":[{"href":"https://lyncexternal.contoso.com/Autodiscover/Autodiscove
rService.svc/root/domain","token":"Domain"},{"href":"https://lyncexternal.contoso.com/Autodiscover/Autodiscover
Service.svc/root/user","token":"User"}]}}
The URL identified in the lyncdiscover_contoso.com file must be the external web services URL for the Lync Server
2010 Front End Server or Lync Server 2010 Director pool. If the internal web services URL is identified, the web
publishing rule is incorrect and is bridging the connection to port 443 instead of port 4443 for the Lync external
web services.
When you have verified that the A record for lyncdiscover.contoso.com is correct and that the URL returned in the
lyncdiscover_contoso.com file is the external web services URL for the Lync Server Front End Server or Lync Server
Director pool, you are ready to look at the Lync mobility setup.
A prerequisite for the Lync mobility component is that the Front End pool internal web FQDN must be distinct
from the Front End pool external web FQDN.
To configure internal web services
1. Log on to the computer where Topology Builder is installed, as a member of the Domain Admins group
and the RTCUniversalServerAdmins group.
2. To start Topology Builder, click All Programs, click Microsoft Lync Server 2010, and then click Lync
Server Topology Builder.
3. In the Topology Builder console tree under Standard Edition Front End Servers, Enterprise Edition
Front End pools, and Directory pools, select the pool name. Right-click the name, click Edit Properties,
and click Web Services.
4. Under Internal Web Services check the option Override FQDN.
5. Add an Internal Web Services FQDN, and then click OK.
6. Verify the listening and published ports are configured correctly for your environment.
7. Repeat these steps for all Standard Edition Servers, Front End pools, and Director pools in your
environment.
8. In the console tree, click Lync Server 2010. In the Actions pane, click Publish Topology.
Log on to the computer as a member of the CsAdministrator group. In the Lync Management Shell run the
following cmdlet.
Get-CsMCXconfiguration |fl
Verify the ExposedWebUrl is set to External. If this value is set to the Internal, only your internal mobility client
can connect to Lync Server. To set the value for ExposedWebUrl to external, use the following cmdlet.
Verify that the A record for Lyncdiscover is setup correctly in the internal DNS.
Refer to the certificate requirements in the Lync Server 2010 Mobility Guide.
After completing the four steps outlined above, browse to the Autodiscover URL in web browser
https://lyncdiscover.contoso.com.
If you still do not receive an option to open or save the file lyncdiscover_contoso.com, verify the reverse proxy
setup. Refer to the Lync Server 2010 Mobility Guide.
If you receive the option to open or save the lyncdiscover_contoso.com file in the web browser, proceed to step 5.
When you open the domain file in notepad you should see the following content.
{"AccessLocation":"External","Domain":{"Links":[{"href":"https://lyncexternal.contoso.com/Autodiscover/Autodiscove
rService.svc/root","token":"External/Autodiscover"},{"href":"https://lyncexternal.contoso.com/Reach/sip.svc","token":"E
xternal/AuthBroker"},{"href":"https://lyncexternal.contoso.com/Mcx/McxService.svc","token":"External/Mcx"}],"SipClien
tExternalAccess":{"fqdn":"edge.contoso.com","port":"5061"},"SipClientInternalAccess":null,"SipServerExternalAccess":{"f
qdn":"edge.contoso.com","port":"5061"},"SipServerInternalAccess":null}}
The URL mentioned in the domain file must be the external web services URL for the Front End Server or Director
pool. If the internal web services URL is returned, the web publishing rule is incorrect. This means that it is
bridging the connection to port 443 instead of 4443 for Lync Server external web services.
If you are unable to download the Domain file, there is a problem with the reverse proxy configuration or
authentication settings for web services in Lync Server 2010.
To quickly verify the web services URL authentication settings, use the Lync Management Shell to run the
following cmdlet.
Get-CsWebServicesConfiguration |fl
Enable and collect debugging logs from a mobile device to verify the reverse proxy configuration.
Note: The logging information may contain personal information. To address privacy concerns, edit the log file in
accordance with company guidelines before forwarding logging information.
1. From any screen of the Lync for Windows Phone application, touch the ellipses, to bring up the menu, and then
tap settings.
3. Close and exit Lync. Launch Lync and sign-in to reproduce the issue.
4. To send the logs, tap the ellipses to bring up the menu and tap about.
5. On the about page, tap send diagnostic logs. The logs are stored in your Saved Pictures folder. To send the
logs, tap ok and attach the image to the email that opens automatically.
6. When the new email opens, tap the paperclip to attach the log file. Swipe the menu to change to date view and
select the most recent Lync log identified by the Lync icon.
8. To review the log, open the received file in a text editor. The log has a .jpg extension. Change the file extension
to .txt and open a text editor.
1. To enable logging access the Logging option from My Info tab -> Options -> Logging.
2. Within the Send Feedback screen, you have the option to submit Bug.
3. After you have completed the feedback, click the Next button at the top of the screen. This brings up your
iPhone email client. Use your corporate account to send the feedback.
1. After sign in, tap Options on the Signing in tab. On the Options page, tap Diagnostic logging to enable
logging. Sign out and then sign in.
2. Recreate the issue. Return to the Options screen and tap About Lync.
3. Tap Send diagnostic logs and then choose a configured email account.
4. Enter the recipients and subject line information and tap Send. The logs are attached as a .zip file.
Here are some errors you might see in the device logs from Windows Phone 7.
Error : 410674486 : MetadataManager : Web request to resolve failed. Error: HttpClientForbiddenError [Error,
Transport, TransportFramework].
Here are some errors you might see in the device logs from an Android device.
ERROR TRANSPORT
/mnt/hgfs/marvin_LyncRTM/dev/como/transport/metaDataManager/private/CMetaDataManager.cpp/511:Unable
to get a response to an unauthenticated get to url
https://Lyncexternal.contoso.com/autodiscover/autodiscoverservice.svc/root/user
ERROR TRANSPORT
/mnt/hgfs/marvin_LyncRTM/dev/como/transport/authenticationResolver/private/CAuthenticationResolver.cpp/55
4:Unable to get the meta data for server url
https://Lyncexternal.contoso.com/autodiscover/autodiscoverservice.svc/root/user
ERROR APPLICATION
/mnt/hgfs/marvin_LyncRTM/dev/como/applicationLayer/infrastructure/private/CUcwaAutoDiscoveryServiceRetrial
Wrapper.cpp/348:Auto-discovery failed. Analysing the failure
ERROR APPLICATION
/mnt/hgfs/marvin_LyncRTM/dev/como/applicationLayer/infrastructure/private/CLogonSession.cpp/1050:Auto-
discovery failed, aborting sign-in!Error Samples
Here are some of the errors you might see in the device logs from an iPhone or iPad.
Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator (URL). Contact the server
administrator. (12202)
ERROR TRANSPORT
/Users/comobuildadmin/se_wave1_idx/src/dev/CoMo/transport/_buildIos/../metaDataManager/private/CMetaDat
aManager.cpp/511:Unable to get a response to an unauthenticated get to url
https://Lyncexternal.contoso.com/autodiscover/autodiscoverservice.svc/root/user
ERROR TRANSPORT
/Users/comobuildadmin/se_wave1_idx/src/dev/CoMo/transport/_buildIos/../authenticationResolver/private/CAuth
enticationResolver.cpp/562:Unable to get the meta data for server url
https://Lyncexternal.contoso.com/autodiscover/autodiscoverservice.svc/root/user
ERROR APPLICATION
/Users/comobuildadmin/se_wave1_idx/src/dev/CoMo/applicationLayer/_buildIos/../infrastructure/private/CUcwaA
utoDiscoveryServiceRetrialWrapper.cpp/348:Auto-discovery failed. Analysing the failure
ERROR APPLICATION
/Users/comobuildadmin/se_wave1_idx/src/dev/CoMo/applicationLayer/_buildIos/../infrastructure/private/CLogon
Session.cpp/1050:Auto-discovery failed, aborting sign-in!
Note: Log information and verbosity varies as per device and platform.
These error messages indicate the client is having an issue authenticating with Lync Server 2010. First, verify that
Authentication Delegation is verified on the reverse proxy publishing rule configuration. This must be set to No
delegation, but client may authenticate directly. If the reverse proxy publishing rules are set to No delegate and
client cannot authenticate directly, it fails to sign-in when it reaches the step to provide credentials to request a
token after MEX retrieval.
Summary
This article describes a process to verify connectivity from an external Lync mobility client to Lync Server 2010.
If are unable to connect, verifying the reverse proxy publishing rule configuration. If reverse proxy settings are
correct, verify the Lync mobility settings as described in the Lync Server 2010 Mobility Guide. Verify that you have
installed the latest updates for Lync Server 2010 Mobility Service. Service Here is the update for Lync Server 2010,
Mobility Service: February 2012.