Lync 2013 IP Phone error getting web ticket

Hi,

I have been unable to get a Polycom CX500 phone working on our network (first IP phone), the phone connects but gets "an account matching this phone number cannot be found" I have run the DHCP commands through and everything looks OK and all options appear to be configured.

I have run the powershell command to test phone connectivity and get the error message below, I have checked my phone pin and reset it and the number shows up correct in the dial in URL. When you go the web service in a browser you get prompted for credentials but that is all I can see.

Web Service Url :
https://lync.mydomain.com:443/WebTicket/WebTicketService.svc
Using PIN authentication with Phone\Ext : 44166342 Pin : 211113
Could not get a web ticket
CHECK:
 - Web service Url is valid and the web services are functional
 - If using Phone Number\PIN to authenticate, make sure they match the user uri

 - If using NTLM\Kerberos authentication, make sure you provided valid
credentials
'UnRegister' activity started.
'UnRegister' activity completed in '3.17E-05' seconds.
VERBOSE: Workflow Instance ID 'dbff2882-afb1-4379-9d3b-acb841485097' completed.
VERBOSE: Workflow run-time (sec): 1.3363675.

Any help would be greatly appreciated!

Thanks

James

PS, numbers and names above have been adjusted to protect the innocent!



January 15th, 2013 5:34pm

What are the results of running the test-csphonebootstrap cmdlet?

Free Windows Admin Tool Kit Click here and download it now
January 15th, 2013 6:22pm

Hi,

The snippet was from that above here is the full unabridged version...

Thanks

James

PS C:\Users\admin1> Test-CsPhoneBootstrap -PhoneOrExt "441122333231" -Pin "21255
3" -Verbose
VERBOSE: Workflow Instance Id 'dbff2882-afb1-4379-9d3b-acb841485097', started.
VERBOSE: Command line executed is 'Test-CsPhoneBootstrap -PhoneOrExt
"441122333231" -Pin "222333" -Verbose'.


Target Fqdn   : lyncpool1.mydomain.co.uk
Target Uri    : https://lync.mydomain.co.uk:443/CertProv/CertProvision
                ingService.svc
Result        : Failure
Latency       : 00:00:01.0580720
Error Message : Getting web ticket for the given user is failed. Error Code:
                28037 , Error Reason: The AppliesTo element of web ticket
                request points to a different web server or site.

Diagnosis     :


VERBOSE: Workflow
'Microsoft.Rtc.SyntheticTransactions.Workflows.STPhoneBootstrapWorkflow'
started.
Workflow
'Microsoft.Rtc.SyntheticTransactions.Workflows.STPhoneBootstrapWorkflow'
completed in '6.5E-05' seconds.
Target server Fqdn or web service Url not provided. Will have to do DHCP
Registrar Discovery.
An exception 'Getting web ticket for the given user is failed. Error Code:
28037 , Error Reason: The AppliesTo element of web ticket request points to a
different web server or site.' occurred during Workflow
Microsoft.Rtc.SyntheticTransactions.Workflows.STPhoneBootstrapWorkflow
execution.
Exception Call Stack:    at
Microsoft.Rtc.Admin.Authentication.WebServicesHelper.ProcessFaultMessage(Messag
eFault fault)
   at Microsoft.Rtc.Admin.Authentication.WebServicesHelper.GetWebTicket()
   at
Microsoft.Rtc.SyntheticTransactions.Activities.GetWebTicketActivity.InternalExe
cute(ActivityExecutionContext executionContext)
   at
Microsoft.Rtc.SyntheticTransactions.Activities.SyntheticTransactionsActivity.Ex
ecute(ActivityExecutionContext executionContext)
   at System.Workflow.ComponentModel.ActivityExecutor`1.Execute(T activity,
ActivityExecutionContext executionContext)
   at
System.Workflow.ComponentModel.ActivityExecutorOperation.Run(IWorkflowCoreRunti
me workflowCoreRuntime)
   at System.Workflow.Runtime.Scheduler.Run()

'DHCPDiscover' activity started.
Starting DHCP registrar discovery...
Constructing a DHCP packet.
Adding DHCP option PARAMETER_REQUEST_LIST.
Successfully added DHCP option.
Adding DHCP option VENDOR_CLASS_IDENTIFIER.
Successfully added DHCP option.
Successfully constructed DHCP packet.
Trying to open an udp connection.
Remote IP : 255.255.255.255.
Local IP : 192.168.100.64.
\tCreating a new UDP client.
Udp connection successfully created.
Sending packet.
Remote IP : 255.255.255.255.
Remote Port : 67.
Packet sent successfully.
DHCP discovery message send. Waiting for DHCP servers to respond.
Data received successfully.
Remote IP : 192.168.100.31.
Remote Port : 67.
Response received for the DHCP Discovery message.
Constructing a DHCP packet from received raw data.
Extracting DHCP Options.
Successfully constructed DHCP packet.
Return value for DHCP option : SIP_SERVER.
Found registrar Fqdn : lyncpool1.mydomain.co.uk.
Searching for DHCP sub option : VENDOR_SPECIFIC_INFORMATION.1.
Return value for DHCP option : VENDOR_SPECIFIC_INFORMATION.
Found DHCP sub option : VENDOR_SPECIFIC_INFORMATION.1 - MS-UC-Client.
Successfully extracted sub option value.
Searching for DHCP sub option : VENDOR_SPECIFIC_INFORMATION.2.
Return value for DHCP option : VENDOR_SPECIFIC_INFORMATION.
Found DHCP sub option : VENDOR_SPECIFIC_INFORMATION.2 - https.
Successfully extracted sub option value.
Searching for DHCP sub option : VENDOR_SPECIFIC_INFORMATION.3.
Return value for DHCP option : VENDOR_SPECIFIC_INFORMATION.
Found DHCP sub option : VENDOR_SPECIFIC_INFORMATION.3 -
lync.mydomain.co.uk.
Successfully extracted sub option value.
Searching for DHCP sub option : VENDOR_SPECIFIC_INFORMATION.4.
Return value for DHCP option : VENDOR_SPECIFIC_INFORMATION.
Found DHCP sub option : VENDOR_SPECIFIC_INFORMATION.4 - 443.
Successfully extracted sub option value.
Searching for DHCP sub option : VENDOR_SPECIFIC_INFORMATION.5.
Return value for DHCP option : VENDOR_SPECIFIC_INFORMATION.
Found DHCP sub option : VENDOR_SPECIFIC_INFORMATION.5 -
/CertProv/CertProvisioningService.svc.
Successfully extracted sub option value.
Found web service Url :
https://lync.mydomain.co.uk:443/CertProv/CertProvisioningService.svc.
Disconnecting.
DHCP registrar discovery activity completed successfully.
'DHCPDiscover' activity completed in '1.0455587' seconds.
'GetRootCertChains' activity started.
Trying to download a certificate chain from web service.
Web Service Url :
http://lync.mydomain.co.uk/CertProv/CertProvisioningService.svc
Certificate chain downloaded successfully.
'GetRootCertChains' activity completed in '0.0125133' seconds.
'GetWebTicket' activity started.
Trying to get web ticket.
Web Service Url :
https://lync.mydomain.co.uk:443/WebTicket/WebTicketService.svc
Using PIN authentication with Phone\Ext : 441122333231 Pin : 222333
Could not get a web ticket
CHECK:
 - Web service Url is valid and the web services are functional
 - If using Phone Number\PIN to authenticate, make sure they match the user uri

 - If using NTLM\Kerberos authentication, make sure you provided valid
credentials
'UnRegister' activity started.
'UnRegister' activity completed in '3.17E-05' seconds.
VERBOSE: Workflow Instance ID 'dbff2882-afb1-4379-9d3b-acb841485097' completed.
VERBOSE: Workflow run-time (sec): 1.3363675.


PS C:\Users\admin1> Test-CsPhoneBootstrap -PhoneOrExt "441122333231" -Pin "21255
3" -Verbose
VERBOSE: Workflow Instance Id '5e3f5050-85fe-4d37-9801-a764a5375b89', started.
VERBOSE: Command line executed is 'Test-CsPhoneBootstrap -PhoneOrExt
"441122333231" -Pin "222333" -Verbose'.


Target Fqdn   : lyncpool1.mydomain.co.uk
Target Uri    : https://lync.mydomain.co.uk:443/CertProv/CertProvision
                ingService.svc
Result        : Failure
Latency       : 00:00:01.1911386
Error Message : Getting web ticket for the given user is failed. Error Code:
                28037 , Error Reason: The AppliesTo element of web ticket
                request points to a different web server or site.

Diagnosis     :


VERBOSE: Workflow
'Microsoft.Rtc.SyntheticTransactions.Workflows.STPhoneBootstrapWorkflow'
started.
Workflow
'Microsoft.Rtc.SyntheticTransactions.Workflows.STPhoneBootstrapWorkflow'
completed in '5.52E-05' seconds.
Target server Fqdn or web service Url not provided. Will have to do DHCP
Registrar Discovery.
An exception 'Getting web ticket for the given user is failed. Error Code:
28037 , Error Reason: The AppliesTo element of web ticket request points to a
different web server or site.' occurred during Workflow
Microsoft.Rtc.SyntheticTransactions.Workflows.STPhoneBootstrapWorkflow
execution.
Exception Call Stack:    at
Microsoft.Rtc.Admin.Authentication.WebServicesHelper.ProcessFaultMessage(Messag
eFault fault)
   at Microsoft.Rtc.Admin.Authentication.WebServicesHelper.GetWebTicket()
   at
Microsoft.Rtc.SyntheticTransactions.Activities.GetWebTicketActivity.InternalExe
cute(ActivityExecutionContext executionContext)
   at
Microsoft.Rtc.SyntheticTransactions.Activities.SyntheticTransactionsActivity.Ex
ecute(ActivityExecutionContext executionContext)
   at System.Workflow.ComponentModel.ActivityExecutor`1.Execute(T activity,
ActivityExecutionContext executionContext)
   at
System.Workflow.ComponentModel.ActivityExecutorOperation.Run(IWorkflowCoreRunti
me workflowCoreRuntime)
   at System.Workflow.Runtime.Scheduler.Run()

'DHCPDiscover' activity started.
Starting DHCP registrar discovery...
Constructing a DHCP packet.
Adding DHCP option PARAMETER_REQUEST_LIST.
Successfully added DHCP option.
Adding DHCP option VENDOR_CLASS_IDENTIFIER.
Successfully added DHCP option.
Successfully constructed DHCP packet.
Trying to open an udp connection.
Remote IP : 255.255.255.255.
Local IP : 192.168.100.64.
\tCreating a new UDP client.
Udp connection successfully created.
Sending packet.
Remote IP : 255.255.255.255.
Remote Port : 67.
Packet sent successfully.
DHCP discovery message send. Waiting for DHCP servers to respond.
Data received successfully.
Remote IP : 192.168.100.31.
Remote Port : 67.
Response received for the DHCP Discovery message.
Constructing a DHCP packet from received raw data.
Extracting DHCP Options.
Successfully constructed DHCP packet.
Return value for DHCP option : SIP_SERVER.
Found registrar Fqdn : lyncpool1.mydomain.co.uk.
Searching for DHCP sub option : VENDOR_SPECIFIC_INFORMATION.1.
Return value for DHCP option : VENDOR_SPECIFIC_INFORMATION.
Found DHCP sub option : VENDOR_SPECIFIC_INFORMATION.1 - MS-UC-Client.
Successfully extracted sub option value.
Searching for DHCP sub option : VENDOR_SPECIFIC_INFORMATION.2.
Return value for DHCP option : VENDOR_SPECIFIC_INFORMATION.
Found DHCP sub option : VENDOR_SPECIFIC_INFORMATION.2 - https.
Successfully extracted sub option value.
Searching for DHCP sub option : VENDOR_SPECIFIC_INFORMATION.3.
Return value for DHCP option : VENDOR_SPECIFIC_INFORMATION.
Found DHCP sub option : VENDOR_SPECIFIC_INFORMATION.3 -
lync.mydomain.co.uk.
Successfully extracted sub option value.
Searching for DHCP sub option : VENDOR_SPECIFIC_INFORMATION.4.
Return value for DHCP option : VENDOR_SPECIFIC_INFORMATION.
Found DHCP sub option : VENDOR_SPECIFIC_INFORMATION.4 - 443.
Successfully extracted sub option value.
Searching for DHCP sub option : VENDOR_SPECIFIC_INFORMATION.5.
Return value for DHCP option : VENDOR_SPECIFIC_INFORMATION.
Found DHCP sub option : VENDOR_SPECIFIC_INFORMATION.5 -
/CertProv/CertProvisioningService.svc.
Successfully extracted sub option value.
Found web service Url :
https://lync.mydomain.co.uk:443/CertProv/CertProvisioningService.svc.
Disconnecting.
DHCP registrar discovery activity completed successfully.
'DHCPDiscover' activity completed in '1.1765221' seconds.
'GetRootCertChains' activity started.
Trying to download a certificate chain from web service.
Web Service Url :
http://lync.mydomain.co.uk/CertProv/CertProvisioningService.svc
Certificate chain downloaded successfully.
'GetRootCertChains' activity completed in '0.0146165' seconds.
'GetWebTicket' activity started.
Trying to get web ticket.
Web Service Url :
https://lync.mydomain.co.uk:443/WebTicket/WebTicketService.svc
Using PIN authentication with Phone\Ext : 441122333231 Pin : 222333
Could not get a web ticket
CHECK:
 - Web service Url is valid and the web services are functional
 - If using Phone Number\PIN to authenticate, make sure they match the user uri

 - If using NTLM\Kerberos authentication, make sure you provided valid
credentials
'UnRegister' activity started.
'UnRegister' activity completed in '2.5E-05' seconds.
VERBOSE: Workflow Instance ID '5e3f5050-85fe-4d37-9801-a764a5375b89' completed.
VERBOSE: Workflow run-time (sec): 1.6982607.


PS C:\Users\admin1>

January 15th, 2013 6:27pm

So the only thing that I see is the following:

Target Fqdn : lyncpool1.mydomain.co.uk
Target Uri : https://lync.mydomain.co.uk:443/CertProv/CertProvisioningService.svc
Result : Failure
Latency : 00:00:01.0580720
Error Message : Getting web ticket for the given user is failed. Error Code:
28037 , Error Reason: The AppliesTo element of web ticket
request points to a different web server or site.

Looking at the actual message it points to an inconsistency. Can you confirm that the Target FQDN (in the real results) is accurate and refers to your FE or DIR pool FQDN? Also that the target URI is either your FE or DIR pool internal web services as configured in Lync topology? Also, confirm that these fqdns are A records and not CNAMES.

  • Marked as answer by James Botham Thursday, January 17, 2013 7:58 AM
Free Windows Admin Tool Kit Click here and download it now
January 17th, 2013 4:39am

Hi,

I think you might be on to something there, I didn't spot the lync.mydomain being used but this is used by the meeting URL's and although it points to one of our front end servers (or both because it is DNS load balanced), it is not actually the pools name which is lyncpool1.

I will have a look around and see if I can see something in my config as to why it is pointing to the wrong place and let you know.

Thanks

James

January 17th, 2013 10:55am

Hi,

Bingo, looks like you got it spot on, just reran the command and it looks like it has completed successfully. I can see it resolve to my name now instead of an error and there are no errors in the log, looks like it is working.

I will try on the real device later when I get in the office but I trust that as the synthetic tests so it working it will now most likely be fine on the real thing.

Thanks for pointing me in the right direction

James

Free Windows Admin Tool Kit Click here and download it now
January 17th, 2013 10:58am

Hi,

Maybe the request sends to a different web server. I would like to confirm the FQDN of Lync internal web server. Please go to Lync topology builder to check it. In  your first post, it displays https://lync.mydomain.com but in the next log it is https://lync.mydomain.co.uk.

January 17th, 2013 11:08am

Hi James,

I am glad to hear the issue has been resolved. Just for your reference in the future, here is useful blog about Lync Phone troubleshooting:

http://blog.schertz.name/2012/03/troubleshooting-lync-phone-edition-issues/

Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above

Free Windows Admin Tool Kit Click here and download it now
January 17th, 2013 11:12am

Hi Kent,

They match in the real logs, I modified the log to remove most of our personal information before posting and when I just checked they are both lync.mydomain.co.uk in the log files.

I have just logged our test phone in and it was successful!

Thanks

James

January 17th, 2013 11:20am

No response received for Web-Ticket service.

Inner Exception:The HTTP request is unauthorized with client authentication scheme 'Ntlm'. The authentication header received from the server was 'Negotiate,NTLM'.

Inner Exception:The remote server returned an error: (401)Unauthorized.


I am stuck with this problem plz any one help me...........
Free Windows Admin Tool Kit Click here and download it now
January 7th, 2014 9:16pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics