Good day all. I am setting up Lync Mobility and most troubleshooting steps are good. I checked everything on here: http://blogs.technet.com/b/nexthop/archive/2012/02/21/troubleshooting-external-lync-mobility-connectivity-issues-step-by-step.aspx and that all checks out.

On the phones I get these simple errors: An unknown error occurred. Please retry. on the Android and on iOS I get Cant sign in. Please check your account information and try again." Both log files point to autodiscovery failure. I could post with details if needed. I turn the autodiscover off and put in https://external.domain.com/autodiscover/autodiscover.svc/root for both internal and external (we dont have internal access), I get "Cannot connect to server. Please try again later." When I put the above link into a web browser off our network, I get a 500 Internal Server error. Is it possible theres something messed up with the external.domain.com website?

BTW, I cant do a https://external.domain.com/abc lookup either. That one I get Page cannot be displayed Error code: 403 Forbidden.

The results on the www.testocsconnectivity.com end with: Testing http authentication methods for URL Hhttps://lyncdiscover.domain.com:443/autodiscover/autodiscoverservice.svc/root/user http authentication test failed.

Any help would be greatly appreciated.

Hi,DStelz,

Looks like reverse proxy configuration issue,would you please check the following things:

1)Please make sure your internal web service url and external web service url are not pointed to the same FQDN.

2)Verify you have update the public certifcates including lyncautodiscover URL in the SAN entries for your reverse proxy server

3)Check the authenticated delegation is set to "No delegation, but clients may authenticate directly"

4)Please try to enable internal access and see if it works

If still no luck,please enable Lync server logging tool and reproduce the issues,then use snooper to analyze the log for more specific information.

B/R

Sharon

After you review and answer Sharon's reply, (agreed, this this is probably reverse proxy - please give us more info regarding your reverse proxy device) can you please answer the following (if not solved already)

From the mobile phone (using a browser) are you able to:

1. browse successfully to https://external.domain.com/autodiscover/autodiscover.svc/root
2. NOT receive any certificate warnings
3. download the autoconfiguration file

All of these are CRITICAL.  Please answer them 1 by one.  It will tell us several things.

Thanks for the replies. Ok here are the replies for Sharon:

1.) These are definitely different. It's a Standard Edition server so the internal fqdn is the server name. The external is something completely different

2.) This is a new implementation so I did everything at once so it's all on one certificate

3.) This is set

4.) I don't have an Internal wireless network so I'd have to set one up. I will see what I can do

I just setup Lync a few months ago so I'm still fairly new to it. I will figure out how to setup logging and see what I can find out.

Greg:

1.) I cannot browse to this successfully - I get a 500 Internal server error.

2.) see 1

3.) see 1 hehe

To me it sounds like something is messed up in iis possibly?

• Edited by DStelz Wednesday, April 18, 2012 2:30 PM

yep.  Are you doing the port translation from the reverse proxy from port 443 to 4443?   For example, if your users browse to https://external.domain.com/autodiscover/autodiscover.svc/root they are actually picking up the LyncExtWebsite hosted on the FrontEnd @ https://ExternalAppPool:4443/autodiscover/etc.etc.   Also, are you "preserving host header" through your reverse proxy.

What are you using for a reverse proxy?   

Be patient, it's all good - we can get this fixed. I am confident.

Yes, i'm doing both. We use TMG.

I included a couple of screen shots just to make sure it was correct.

• Edited by DStelz Wednesday, April 18, 2012 7:13 PM

please type the following and let me know what "ExposedWebURL" is set to.  Internet or External?

Get-CsMcxConfiguration

Identity                       : Global
SessionExpirationInterval       : 259200
SessionShortExpirationInterval : 3600
ExposedWebURL                   : External

this is as u posted. It's set to external.

After looking at the configurations for the 5th time and with Microsoft on the line, you guys were naturally right and I had the delegation set wrong in the TMG, I had it at "No delegation and clients authenticate directly". Thanks for all the help.

I see the same issue

have tried all aboce, cant browse to autodiscoverservice.svc/root gives 500 internal server error

Im pretty stuck

have tried reinstall mcxstandalone and IIS

Just double check the delegation in your TMG. Make sure it's set to "No delegation, but clients may authenticate directly". They're very similar in wording and I didn't notice it until a Microsoft Tech pointed it out.

doublecheked that already :) was correct.

And i also see the error when browsing to https://feserverfqdn:4443/autodiscover/autodiscoverservice.svc/root which i guess rules out the TMG... i believ IIS to be the error

Wow your good Sharon.

Dear Sharon,

Hats Off , Indeed you were true , it was the delegation error ,

Thanks you saved my day,

Hasan Reza