Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

"Server issues are affecting calls. Try signing out and back in again."


  • Please log in to reply
3 replies to this topic

#1 stevoteam

stevoteam

  • Members
  • 1 posts
  • OFFLINE
  •  

Posted 20 January 2015 - 05:10 AM

Hi all,

 

This post is regarding Microsoft Lync.

 

As per subject, I started seeing this notification on internal desktop Lync clients. Lync works fine internally.  However, external users cannot connect at all receiving a plethora of connection failure messages including:

 

1) "Lync couldn't find a Lync Server for OURDOMAIN.com. There might be an issue with the Domain Name System (DNS) configuration for your domain. Please contact your support team."

2) "We're having trouble connecting to the server. If this continues, please contact your support team."

3) "The server is temporarily unavailable. If the problem continues, please contact your support team."

4)  "There was a problem verifying the certificate from the server" (this particular error disappeared after I renewed the expired certificate)

 

Following on from point 4 above, during my troubleshooting, I noticed that both certificates on the Lync EDGE server had issues. The internal on expired and the external one (issued by Digicert) had been deactivated for some inexplicable reason. I fixed the external one by using the Digicert utility. For the internal certificate, I had no choice but to temporarily join the EDGE server to our domain and renew it via one of our DC's which acts as our CA.

 

To my surprise, the issue remained even after fixing all the certificates! I cannot for the life of me figure out what is going on. From scrutinising EventViewer, I was going down deeper into a rabbit hole. There are so many logs and events that it is hard to ascertain which is normal and which is signifying an actual issue. I've also used the Lync Server Logging Tool but I cannot get this tool to generate ANY traffic/logs so I'm not sure if I'm using the tool incorrectly or if I'm using it in the correct place.

 

External mobile clients (iOS, Android, Windows Phone etc..) connect just fine so the TMG server is working as mobile clients gets parsed through the TMG server. This makes me believe that the issue is indeed on the Lync EDGE server..

 

Some other suggestions have included looking at the DNS configuration, missing A records and such. This is not the case in my situation, DNS is configured correctly. Like I said, this issue happened quite suddenly so it cannot be a DNS issue as DNS was setup correctly in the past.

 

Running the Microsoft Lync Connectivity Analyser, I get the following...

 

-------------------------------------------------------------------

Testing remote connectivity for user steven@yyyy.com to the Microsoft Lync server.
  Specified remote connectivity test(s) to Microsoft Lync server failed. See details below for specific failure reasons.
  
Additional Details
  
Elapsed Time: 22376 ms.
  
Test Steps
  
Attempting to resolve the host name sip.telappliant.com in DNS.
  The host name resolved successfully.
  
Additional Details
  
IP addresses returned: ppp.ppp.ppp.ppp
Elapsed Time: 324 ms.
Testing TCP port 443 on host sip.yyyy.com to ensure it's listening and open.
  The specified port is either blocked, not listening, or not producing the expected response.
  Tell me more about this issue and how to resolve it
  
Additional Details
  
A network error occurred while communicating with the remote host.
Elapsed Time: 21478 ms

-------------------------------------------------------------------

 
Any troubleshooting ideas, insight or any other input greatly appreciated.
 
Thanks for reading
Steven

 



BC AdBot (Login to Remove)

 


m

#2 sflatechguy

sflatechguy

  • BC Advisor
  • 2,164 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:07 AM

Posted 24 January 2015 - 12:26 PM

Here's the issue:

Testing TCP port 443 on host sip.yyyy.com to ensure it's listening and open.
The specified port is either blocked, not listening, or not producing the expected response.
 
Make sure that port is open and that you don't have any firewall rules blocking SIP traffic, or that port on that server. Can you telnet into sip.yyyy.com 443? Is the Edge server configured to use that port?
Another idea is to ping the fully qualified domain name of your Lync Edge server. It should at least give you the IP address, which you can double-check to make sure it's correct.


#3 fnanfne

fnanfne

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:06:07 AM

Posted 28 January 2015 - 11:15 AM

Hi BC Advisor.

 

Yes I've checked all those things. I cannot telnet to the sip host from outside the network though. The IP address and DNS configuration checks out.

 

I've also checked the firewall and there are rules enabled for accepting 443 on inbound connections.

 

Interestingly though, when I ran the netstat -an command in cmd, I could not see 443 as being open, not sure if this is some bug or the actual issue or even how to recitify this if it was an issue. I might add that I neutered SSL3 as per the POODLE vulnerability and for some time thought this may the cause but have found some blog entries that refuted that theory.

 

I have, as a test some time ago, turned off the firewall completely but this also did not do anything so I assumed the firewall can be eliminated from the list of possible causes. But then, perhaps by explicitly turning off the firewall, I broke connections as well??

 

Thanks for your input! 


Edited by fnanfne, 28 January 2015 - 11:37 AM.


#4 sflatechguy

sflatechguy

  • BC Advisor
  • 2,164 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:07 AM

Posted 28 January 2015 - 08:11 PM

Netstat -a doesn't always show server processes, although netstat -n should display everything as IP addresses. The fact that you can't telnet in means the connection isn't available for some reason. You'll need to go through your configuration on the server very carefully. This might help: http://support.microsoft.com/kb/2541980






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users