Can't access ABS URL and autodiscover.sipdomain URLs externally - SSL protocol error

Problems:

- Can't sync Address Book for external or internal clients (I can do searches however just fine so I'm not sure what protocol is used to perform those, if not with address book)

- Can't connect  to Lync mobile.

What I discovered was common with these issues is when I go to try and manually enter in the browser either:

https://lyncdiscover.sipdomain.com/ (to test mobile autodiscover connectivity)

or

https://"extwebservicesURL"/abs  (to test address book)

I get same response from google: Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error.

I also ran Test-CsMcxP2PIM and got this:

TargetUri  : https://pitlyncpool01.pit.local:443/CertProv/CertProvisioningService.svc
TargetFqdn : pitlyncpool01.pit.local
Result     : Failure
Latency    : 00:00:00
Error      : ERROR - No response received for Web-Ticket service.
             Inner Exception:The content type text/html; charset=utf-8 of the response message does not match the content type of the binding (text/xml; charset=utf-8). If using a custom encoder, be
             sure that the IsContentTypeSupported method is implemented properly. The first 1024 bytes of the response were: '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.o
             rg/TR/xhtml1/DTD/xhtml1-strict.dtd">
             <html xmlns="http://www.w3.org/1999/xhtml">
             <head>
             <title>IIS 7.5 Detailed Error - 500.0 - Internal Server Error</title>
             <style type="text/css">

And similar result when I test with "Test-CsAddressBookService"

TargetUri  : https://pitlyncpool01.pit.local:443/groupexpansion/service.svc
TargetFqdn : pitlyncpool01.pit.local
Result     : Failure
Latency    : 00:00:00
Error      : ERROR - No response received for Web-Ticket service.
             Inner Exception:The content type text/html; charset=utf-8 of the response message does not match the content type of the binding (text/xml; charset=utf-8). If using a custom encoder, be
             sure that the IsContentTypeSupported method is implemented properly. The first 1024 bytes of the response were: '<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.o
             rg/TR/xhtml1/DTD/xhtml1-strict.dtd">
             <html xmlns="http://www.w3.org/1999/xhtml">
             <head>
             <title>IIS 7.5 Detailed Error - 500.0 - Internal Server Error</title>

The only search on google that I found on this is to uninstall IIS and Lync web components and reinstall. Which I tried, but Lync web components wouldn't install back (error), so I restored server back from the snapshot and back to square one..

Also tried https://www.testocsconnectivity.com to run test on mobile autodiscovery and got this:

ExRCA is attempting to obtain the SSL certificate from remote server lyncdiscover.sipdomain.com on port 443.
ExRCA wasn't able to obtain the remote SSL certificate.

Additional Details
The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.

Is there anything else I can look into to find out why am I getting these errors? Maybe to try OCS logging utility? But I don't know which components to checkmark for logging..

Thank you for any help and Happy New Year!

Sergey





  • Edited by Seregaknorrr Wednesday, January 02, 2013 4:41 AM
January 2nd, 2013 7:37am

Hi,

It seems the web service url is not valid or the web service not function. Is it Lync Standard Edition or Enterprise? Did the mobility issue also happen for external? Have you assigned a public certificate for reverse proxy correctly?

1. Please go to topology builder and check which FQDN you did put in for internal and external web service. For Lync Server Standard Edition, the internal web base URL should be same with your front end server FQDN.  If the internal domain name is different with external domain name, for example, your internal domain is contoso.net, but your external domain name is contoso.com. The external base URL should use the contoso.com domain name.

2. Please make sure the certificate has been assigned on front end server successfully. Please go to Lync Server deployment wizard to check it.

3. In IIS, please make sure Lync Server Internal Web Site is configured on ports 80 and 443 and Lync Server External Web is configured on ports 8080 and 4443.

More details about configuring reverse proxy for your reference:

http://social.technet.microsoft.com/wiki/contents/articles/9807.configuring-forefront-tmg-2010-as-reverse-proxy-for-lync-server-2010.aspx

If the issue persists, please try to enable logging tool and reproduce the issue to get report for further troubleshooting.

http://blog.schertz.name/2011/06/using-the-lync-logging-tool/

Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.

Free Windows Admin Tool Kit Click here and download it now
January 3rd, 2013 6:09am

Lync Ent edition Front End (running with 1 server though currently). Mobile doesn't work for either internal nor external.

Another annoyance is Internal users are receiving credentials prompts after logging into Lync, for certificate services, address book, group chat etc, and it doesn't take valid creds, have to cancel all the prompts to continue working. Can't figure out why it's doing that. To your questions.

1. internal and external FQDNs are checked and are fine.

2. Certificates are assigned on Front End. Server-default and web services internal are internal CA cert and web-services external is godaddy cert.

3. IIS config is just like you outlined.

Can you please tell me what following behavior is indicative of?

As I mentioned before when I try to access URLs (externally) for example:

https://extwebservicesFQDN/abs/handler

or https://lyncdiscover.sipdomain.com

I get Error 107 (net::ERR_SSL_PROTOCOL_ERROR): SSL protocol error from Google Chrome.

..Yet if I try to access them like this (over port 4443):

https://extwebservicesFQDN:4443/abs/handler  I get better result 401 Unauthorised (which I think is how it should be)

and https://lyncdiscover.sipdomain.com:4443  and I get to download the autoconfig file.

Is this an issue with Edge (followed all the guides and recreated web-publishing rule dozen times)or IIS url auto-redirect issue on Front End or something else altogether?

Thank you!



January 6th, 2013 8:22am

My situation was somewhat different but running Test-CsAddressBookService would fail with error:

'The remote server returned an error: (404) Not Found.'

All clients were unable to retrieve contact unless the full sip address was entered.

Environment.

Server: Lync2013 STD

Client: Lync2010

Did the following:

Checked replication under the Topology tab in CSCP- mine had a green check.

Reinstalled .net 4.5 via add/remove programs

Registed .net by running the following from an elevated cmd (run from .net folder) : aspnet_regiss.exe -I

uninstalled Lync webcomponents from add/remove programs

From Lync install media- reinstalled webcomponents.msi (browse to \Setup\amd64\Setup)

Checked IIS>Application Pool and ensured all ASP.NET and Lync components are set to v4.0 of the .Net Framework Version

Launched the Lync setup and reran step 2: Stetup or Remove Lync Server Components.

Reran Test-CsAddressBookService:  successful

Tested Lync client: Successful

Free Windows Admin Tool Kit Click here and download it now
June 20th, 2014 3:32am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics