Hello,

I'm working on a Lync Server 2010 deployment with multiple sites.  I've published the following topology:

US Site (Central Site # 1)

• EE FE Pool (2 servers, A/V Collocated)
• Edge Server (single server)
• Pool:  lync.us.domain.com

EU Site (Central Site # 2)

• EE FE Pool (2 servers, A/V Collocated)
• Edge Server (single server)
• Pool:  lync.eu.domain.com

All works fine when all users are homed to the lync.us.domain.com pool.  However, once I put users in the lync.eu.domain.com pool, communication no longer works for IM, Presense, etc.  What else needs to be configured so the users in different pools can communicate?

Thanks in advance.

Hi,EP0,

It sounds like a network issue,please check if you can ping the FE pool on the other site and vice versa.

If not please check your TMG or firewall to see if you have created a network route for this two sites and make sure they can comunicate with each other.

Regards,

Sharon

Thanks Sharon for the response.

I am able to ping the FE pool from both sides (I can ping to the pool name as well as the individual servers).  I also did some tests with telnet and I'm able to connect via TCP ports 5061, 444 135, 5062, 80, 443, and 4443.  So from doing that it appears that connectivity seems to be configured and working properly.  I am double-checking TMG with our network guys today.

I did some further investigating over the weekend using the Lync Logging Tool, and I found the following error that seems to be related to my problem:

=====

TL_INFO(TF_PROTOCOL) [0]1794.0A48::07/01/2013-01:58:23.467.0006ed72 (SIPStack,SIPAdminLog::TraceProtocolRecord:SIPAdminLog.cpp(125))$$begin_record
Trace-Correlation-Id: 1004622838
Instance-Id: 00002405
Direction: incoming
Peer: lync.us.domain.com:5061
Message-Type: response
Start-Line: SIP/2.0 400 Malformed Edge Proxy header
From: "John Doe"<sip:john.doe@domain.com>;tag=0a5032cf14;epid=afa7c1a66c
To: <sip:lync.us.domain.com@domain.com;gruu;opaque=srvr:HomeServer:Px6rUUtzm1GDVP0WuVZ3NgAA>;tag=3082720ED9A76DCD35D7560B6B0FC837
CSeq: 1 SUBSCRIBE
Call-ID: aaf969f269404fdda04477175b0e377f
Via: SIP/2.0/TLS 10.3.28.152:52132;branch=z9hG4bK1EFADB4D.6F28782C0768BDAF;branched=FALSE;ms-received-port=52132;ms-received-cid=60900
Via: SIP/2.0/TLS 10.110.29.61:64585;ms-received-port=64585;ms-received-cid=9700
ms-diagnostics: 1018;reason="Parsing failure";source="US-LYNC2.domain.com"
Server: RTC/4.0
Content-Length: 0
Message-Body:
$$end_record

======

And also this error:

=====

TL_WARN(TF_DIAG) [0]1794.0A48::07/01/2013-01:58:23.467.0006edf7 (SIPStack,SIPAdminLog::TraceDiagRecord:SIPAdminLog.cpp(145))$$begin_record

LogType: diagnostic
Severity: warning
Text: Routing error occurred; check Result-Code field for more information
Result-Code: 0xc3e93f30 SIPPROXY_E_INVALID_EDGE_PROXY_HEADER
SIP-Start-Line: SIP/2.0 400 Malformed Edge Proxy header
SIP-Call-ID: aaf969f269404fdda04477175b0e377f
SIP-CSeq: 1 SUBSCRIBE
Peer: lync.us.domain.com:5061
Data: info="0xc3e93f30 SIPPROXY_E_INVALID_EDGE_PROXY_HEADER"
$$end_record

=====

Searching around on this error, I'm seeing recommendations at looking at the certificate and confirming that it works.  I am using one GoDaddy certificate for ALL certificates with in Lync (FE Internal, Edge Internal, and Edge External).  The GoDaddy cert has several SANs on it, including the names of all servers, FE pools, and edge servers.  I'm not sure what else to really check on the certificate?

Any help on my problem would be greatly appreciated.

Thanks!

Hi,EP0,

Would you mind list the certificate SN and SAN here?You can use fake domain name here,just make sure it's easily understood.

BTW,It's not recommended to use one single certificate for all servers,especially the internal servers and external servers use the same one.

Regards,

Sharon

Thank you Sharon.  Here's the certificate information:

Subject name:

CN = lync1.domain.com
OU = Domain Control Validated

SANs:

DNS Name=lync1.domain.com (EU edge)
DNS Name=www.lync1.domain.com
DNS Name=lync2.domain.com (US Edge)
DNS Name=meet.domain.com 
DNS Name=lync.us.domain.com (US FE pool - DNS LB)
DNS Name=lync.eu.domain.com (EU FE pool - DNS LB)
DNS Name=dialin.domain.com
DNS Name=us-lync2.domain.com (US FE Server 2)
DNS Name=eu-lync1.domain.com (EU FE Server 1)
DNS Name=us-lync1.domain.com (US FE Server 1)
DNS Name=eu-lync2.domain.com (EU FE Server 2)

I'm going to see about moving the internal certificates into our Enterprise CA instead of the GoDaddy certs.  Let me know what else you need.

Thanks again for your help!