Skip to main content

Lync 2013 Mobility Troubleshooting guide


Issue: User is unable to login Lync 2013 mobile client.
Error: Can't connect to the server. It may be busy or temporarily unavailable. Please try again.
PA: Once you have latest CU updated on your Lync Server 2013 then mobility gets deployed automatically so no need install additional patch or anything else.
Here are the Troubleshooting steps which use as per below steps or your logic and sequence.
1.     Use updated Lync 2013 mobility client on your mobile phone.

2.     Type Sign-in address and then Password and Click on “Advance options”

Type: Domain\username and then try Login. Still gets error look down.

If you gets error then something with your Server side which you need to look.

3.     Lync 2013 mobile client either inside or outside get login through Reverse Proxy server only.
So you have to look on Reverse Proxy first.

4.     First you need to look on external DNS record, i.e. lyncdiscover.sipdomain.com

e.g. lyncdiscover.mydomain.com it should point to reverse proxy IP. (TMG or F5) per environment.

5.     If you are using TMG or F5 for reverse proxy then you must look the configuration that how it forwarding request FE pool (FE server address).

6.     TMG/ F5 must listen on 443 and 80 port and forward the requests to FE server on 4443 and 8080.

7.     This is important steps which you need verify that valid certificate is assigned to your reverse proxy or not. (Create client and server profile in F5 (reverse proxy) and assign the public SSL certificate on it. If you have TMG then assign the public certificate to TMG rule).

Test is simple to verify the certificate: browse the external web service (externally) and the see certificate.
E.g. my web service Eweb-ws-ext.mydomain.com


If you are getting above page then open certificate and see the SAN names. Below name you might see on valid certificate (this is all depend on environment to environment).

a.     Lyncdiscover.domain.com

b.     External web service address

c.      Dialin.domain.com

d.     Meet.domain.com

e.     Accessedge fqdn

f.       Webconf fqdn

If certificate does not have valid name then you need to get new certificate with required name.

8.     If DNS record is available and pointed correctly to reverse proxy IP address then, browse the this URL from externally
https:\\lyncdiscover.sipdomain.com, you should get file save prompt like below screen.


9.     If you open that file, then you will see below data. E.g. my external web service address, Eweb-ws-ext.mydomain.com

{"AccessLocation":"External","Root":{"Links":[{"href":"https:\/\/Eweb-ws-ext.mydomain.com\/Autodiscover\/AutodiscoverService.svc\/root\/domain","token":"Domain"},{"href":"https:\/\/Eweb-ws-ext.mydomain.com\/Autodiscover\/AutodiscoverService.svc\/root\/user","token":"User"}]}}

If still user is not able to login on Lync then do the below troubleshooting. Look like reverse proxy getting resolve however traffic is not reaching to FE server.

10.                        You can do the test which will let you know that your external request is coming to you Front End Server and show the traffic.

a.     First you have to allow external traffic on your external firewall on 443 and 80 Port. Once it allows then you can test.

b.     You can capture the traffic in firewall level where you see the traffic is going from your Reverse proxy to FE server on 4443 port.

If capture not showing traffic then you need to look at Reverse proxy configuration.

11.                        If you are using TMG or F5 for reverse proxy mechanism then you must look the configuration that how it forwarding request to your FE pool (FE server address).

12.                        TMG/ F5 must listens traffic on 443 and 80 port and forward that traffic to FE server on 4443 and 8080.

If Reverse proxy shows correct configuration then do below test on your FE server.

13.                        You can try to login on Lync on mobile and then open the IIS log and find the users SIP URI who is logging from mobile device to Lync server. if you are not seeing any Autodiscover request or your test users SIP URI then do the below troubleshooting.

14.                        See that internal and external site directory. Like below screen.



15.                        Check UCMA web directory and see the port number, Internal- 443 and 80 and External must have 4443 and 8080.

16.                        Also you can test the Autodiscover is getting resolve or not internally on FE server.

17.                        On FE server- https:\\localhost:4443\autodiscover\autodiscover.svc\root 


18.                        You can capture the traffic on your Front End server using “Network Monitor” or Wire Shark etc. where you can see and narrow down the issue.

You use: below filter in network monitor

a.     Tcp.dstport==4443

b.     Tcp.port==4443

Using above filter you see the handshake. 

If these Front Server test works as expected the then you have to look on your Reverse proxy and firewall rules and capture the TCP traffic on 4443 port.
NOTE: this is generic troubleshooting steps which may vary case to case.

Thank you.

Comments

Popular posts from this blog

Outlook Add-in for Skype meeting getting disable after restarting Outlook.

Issue: Outlook Add-in for Lync meeting getting disable after restarting Outlook.
Problem Statement: Outlook Add-ins gets install automatically when Office 2013 installs (Lync and Skype for Business clients are part of Office package). Add-ins name is Lync Meeting Scheduling Outlook Addin or Skype meeting Add-in for Microsoft Office 2013. Sometime if other add-ins conflict with Outlook add-ins then outlook add-in keep getting disabled. And user has to enable it manually after Outlook restarts. 
Resolution: By default Lync Meeting Scheduling Outlook Addin or Skype Meeting Add-in for Microsoft Office 2013 installs wit load behavior "Load at Startup". However due to some conflict users Lync or Skype add-ins load behavior get changed to loaded instead of "Load at Startup" had to re-enable Lync Meeting Add-In in each time Outlook 2013 was started as it was not set to "Load at Startup". Look at the below screenshot. Now question is how we can change load behavior …

Unable to share desktop in Skype for Business?

Unable to share desktop in Skype for Business?
You can show your entire desktop or just a program to everyone in a Skype for Business Meeting, call, or instant messaging (IM) conversation. However sometime this feature does not work and give different errors.  Error message: ·Cannot start Desktop/Application Sharing due to network issues. ·An error occurred during the screen presentation. Resolution: There are multiple thing which may affect application/desktop sharing. 1.Make sure application / desktop sharing enabled on Skype for Business / Lync Server. SfB /Lync Control Panel > Conferencing > Conferencing policy > select Global or create new policy and set enable ‘Enable application and desktop sharing’. Refer below image. 2.Make sure your Skype for Business (Lync) client is updated with latest cumulative updates. Download latest update Skype (Lync) client. 3.Update your Video and Display drivers. a.Go to Start > Control panel. b.Search for Device Manager, and then open it. c.Find V…

Unable to login to Skype for Business client?

Unable to login to Skype for Business client? In order to sign-in on Skype (Lync) you must have login credential provided to you from your organization. ·Sign-in address: bilag@orgname.com ·User name: orgname\bilag ·Password: ************
Note: Orgname.com is my SIP domain name. Here are the most common mistake people make while sign-in on Skype for Business (Lync).
1.If you have login credential however still unable to sign-in then make sure you are putting proper login credential. Below error shows when you are wrong entering your sign-in address:
2.If you are writing correct Sign-in address however getting DNS error then contact administrator/ Support team there may be a DNS resolution or configuration issue. Administrator need to verify the SfB (Lync) AutoDiscover DNS records. 3.Sometime users password may expired/ lockout: Make sure that you password is not expire and lockout. If yes then call to helpdesk and reset your password / unlock. 4.Make user to have updated Skype for Business cli…