Hi,

We have Open federation. our one user is organizing a LYNC meeting from outside. Users from inside our organization are not able to join the meeting. It says "Request Timed Out". Here are few inputs:

1. They are using mix lync 2010  & Lync 2013 client

2. we have LYNC 2010 infra.

3. They are sometimes able to connect through LYNC webapp but not able to connect through LYNC client.

Please suggest, what can I troubleshoot with this?

4. Meeting is working fine internally.

Thanks & Regards,

Vinay Mishra

• Edited by vinay6m Wednesday, November 26, 2014 11:13 AM

Run the remote connectivity analyzer and "Remote UC Troubleshooting Tool " fromt eh below links and see if all tests passed or not.

https://testconnectivity.microsoft.com/

http://www.insideocs.com/Tools/RUCT/RUCT.htm

Can your users communicate directly with users from the remote organization outside of a conference with their Lync client?  Can they A/V chat or desktop share with the remote users?

Watch the debug logger on your Edge server and review SIPStack for possible issues.

Also, double check that your users and enabled for federation as well at a policy level.

Hi,

Check if there is any error message from Edge Server and FE Server when the issue happen.

Please double check if all Lync services started on Edge Server.

Please also check if all needed ports open for Edge Server (especially for Lync Web conferencing traffic):

http://technet.microsoft.com/en-us/library/gg425891.aspx

Best Regards,

Eason Huang

Hi,

there is no question of lync services being stopped on edge servers as we are able to connect to other domains externally. Same withholds for ports as well.

above is the screenshot for same. Andrea is the user connecting from outside.

Thanks & Regards,

Vinay Mishra

When you say "our one user is organizing a LYNC meeting from outside" does this mean a user from your Lync deployment? If that is that case do we just have a remote access user organising a meeting?. Let me know more about how federation comes in to play.

To assist in troubleshooting a bit more in information about the call scenario is required:

1. Location of each party (inside or outside the corp network)
2. Do any of the parties belong to another organisation in an external Lync deployment to your own?
3. Client used by each party (web/win client etc)
4. Is the meeting organiser part of your Lync deployment or organised by a federated party?

My initial thought is there pay be some issues the 2010/2013 migration situation. Is the issue repeatable with other organisations? Does the federated party have issues with other organisations?

Hi,

Thanks for replying. here are my inputs:

We have open federation.

1. Location of each party (inside or outside the corp network)-- end users  are in our network. the organizer is hosted on a domain which is hosted online with Microsoft.
2. Do any of the parties belong to another organisation in an external Lync deployment to your own? no. our this side user belongs to our domain. we have open federation. so, another user from Mcirosoft online is  conducting the meeting.
3. Client used by each party (web/win client etc): dont lknw abt the client of the organizer. but end users have used LYNC 2010 client and sometimes LYNC web appp.
4. Is the meeting organiser part of your Lync deployment or organised by a federated party? federated party.

here is sip trace on a client:

11/26/2014|08:27:58.102 1ABC:1AC0 INFO  :: Data Received -172.28.4.81:5061 (To Local Address: 10.28.32.110:52768) 781 bytes:
11/26/2014|08:27:58.102 1ABC:1AC0 INFO  :: SIP/2.0 504 Server time-out
Authentication-Info: TLS-DSK qop="auth", opaque="3346EB36", srand="35591BFF", snum="40", rspauth="a7ddcaa756a30771349df0f8ce2bc0ce3ef1e2cc", targetname="DHRIADSVAPLYFE.domain.com", realm="SIP Communications Service", version=4
From: "Kennedy (GVR), David"<sip:david.kennedy@domain.com>;tag=f5f0140cda;epid=65804e52e3
To: <sip:andrea.smith@mcaconnect.com>;tag=490A411636055E76143D805F1F4374D9
Call-ID: 13f4825f99b04ca198fa60deb3be5fc0
CSeq: 1 SUBSCRIBE
Via: SIP/2.0/TLS 10.28.32.110:52768;ms-received-port=52768;ms-received-cid=2C305300
ms-diagnostics: 1009;reason="No match for domain in DNS SRV results";domain="mcaconnect.com";fqdn1="sipfed.online.lync.comtrue5061";source="access.domain.com"
Server: RTC/4.0
Content-Length: 0


11/26/2014|08:27:58.102 1ABC:1AC0 INFO  :: End of Data Received -172.28.4.81:5061 (To Local Address: 10.28.32.110:52768) 781 bytes

Thanks & Regards,

Vinay Mishra

From your network check the following:

1. Telnet sipdir.online.lync.com 443
2. Telnet sipdir.online.lync.com 5061
3. Telnet webdir.online.lync.com 443
4. nslookup -type="srv"  _sip._tls.<sip domain of meeting organiser>
5. nslookup -type="srv" _sipfederationtls._tcp.<sip domain of meeting organiser>

This will confirm you can resolve the correct dns records and make a connection.

Hi,

I am able to do telnet to respective hosts. NSlookup resuilts below:

nslookup -type="srv"  _sip._tls.mcaconnect.com
Server:  dtmodcsvdc01.dhrodc.com
Address:  172.29.252.21

Non-authoritative answer:
_sip._tls.mcaconnect.com        SRV service location:
          priority       = 100
          weight         = 1
          port           = 443
          svr hostname   = sipdir.online.lync.com

mcaconnect.com  nameserver = ns34.domaincontrol.com
mcaconnect.com  nameserver = ns33.domaincontrol.com
sipdir.online.lync.com  internet address = 134.170.54.15
ns34.domaincontrol.com  internet address = 208.109.255.17
ns34.domaincontrol.com  AAAA IPv6 address = 2607:f208:302::11
ns33.domaincontrol.com  internet address = 216.69.185.17
ns33.domaincontrol.com  AAAA IPv6 address = 2607:f208:206::11

>nslookup -type="srv" _sipfederationtls._tcp.mcaconnect.com

Server:  dtmodcsvdc01.dhrodc.com
Address:  172.29.252.21

Non-authoritative answer:
_sipfederationtls._tcp.mcaconnect.com   SRV service location:
          priority       = 100
          weight         = 1
          port           = 5061
          svr hostname   = sipfed.online.lync.com

mcaconnect.com  nameserver = ns33.domaincontrol.com
mcaconnect.com  nameserver = ns34.domaincontrol.com
ns34.domaincontrol.com  internet address = 208.109.255.17
ns34.domaincontrol.com  AAAA IPv6 address = 2607:f208:302::11
ns33.domaincontrol.com  internet address = 216.69.185.17
ns33.domaincontrol.com  AAAA IPv6 address = 2607:f208:206::11

Here my point is that we dont have sip records for mcaconnect.com. its all pointing to online.lync.com domain. I havve reference to the article http://uclobby.com/2014/07/07/no-match-for-domain-in-dns-srv-results/.

That is only clue left. Meanwhile, I have got another observation that user is not able to do chat with many other external domains

Thanks & Regards,

Vinay Mishra

Have you added Office 365 as a Hosting Provider in Lync Server?

http://technet.microsoft.com/en-us/library/hh202166.aspx

Hi,

we tried that as well. We have found that users were able to do chat with web app. only problem was with LYNC client. We did wireshark trace and found that  our lync client was not able to resolve EDGE server pool. we added host entries and it worked well!! this is just a temporary workaround!

Thanks & Regards,

Vinay Mishra

An often missed requirement is that Lync clients need to be able to talk to the internal interface of the Edge server. If you add the required DNS records you should be good to go!

Hi,

We logged a call with MS. MS informed us that there was a missing intermediate certificate that was the issue and it proved it by installing the intermediate certificate. Post that it started working.

Regards,

Vinay