We have a Lync 2013 solution with one FE server, one edge server, and a reverse-proxy running IIS/ARR. the client connection works great, as well as the external clientless connection. the problem is with Mobility. I have read countless blogs and I cannot seem to find out why the SSL connection fails. I have lyncdiscover and lyncdiscoverinternal in DNS, as well as lyncdiscover in public DNS. Everythign resolves. When I go to the https://mylyncserver.com I am prompted to download the user file. I put on a packet sniffer and the reverse-proxy and FE server are talking away like school girls. I downloaded the lync connectivity tester and when I aim it at the internal FE server, it passes, when I aim it at the reverse-proxy it fails.
Here is the results from testing it agaist the lyncdiscover.domain.com using my credentials....
Discovery Type: Manual Discovery
Logging test parameters:
SIP Uri: smelcher@macapartments.com
User Name:ac\smelcher
Server FQDN: lyncdiscover.macapartments.com
Network access: NetworkAccessExternal
Selected client: ApplicationLyncMobile
Starting manual Lync server discovery
Please wait; this test may take several minutes to complete...
Starting server discovery for secure (HTTPS) channel
Server discovery started for https://lyncdiscover.macapartments.com/Autodiscover/AutodiscoverService.svc/root
Sending HTTP request to https://lyncdiscover.macapartments.com/Autodiscover/AutodiscoverService.svc/root?sipuri=smelcher@macapartments.com
Cookie found in autodiscover response: StatusCode: 200, ReasonPhrase: 'OK', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
Pragma: no-cache
X-MS-Server-Fqdn: Lync2013.AC.local
X-Content-Type-Options: nosniff
Cache-Control: no-cache
Server: Microsoft-IIS/7.5
X-AspNet-Version: 4.0.30319
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
Date: Mon, 22 Apr 2013 19:24:09 GMT
Content-Length: 1126
Content-Type: application/vnd.microsoft.rtc.autodiscover+xml; v=1
Expires: -1
}
Parsing the response for URL https://lyncdiscover.macapartments.com/Autodiscover/AutodiscoverService.svc/root?sipuri=smelcher@macapartments.com. Full response: <?xml version="1.0" encoding="utf-8"?><AutodiscoverResponse xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" AccessLocation="External"><Root><Link token="Domain" href="https://lyncdiscover.macapartments.com/Autodiscover/AutodiscoverService.svc/root/domain?originalDomain=macapartments.com" /><Link token="User" href="https://lyncdiscover.macapartments.com/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=macapartments.com" /><Link token="Self" href="https://lyncdiscover.macapartments.com/Autodiscover/AutodiscoverService.svc/root?originalDomain=macapartments.com" /><Link token="OAuth" href="https://lyncdiscover.macapartments.com/Autodiscover/AutodiscoverService.svc/root/oauth/user?originalDomain=macapartments.com" /><Link token="External/XFrame" href="https://lyncdiscover.macapartments.com/Autodiscover/XFrame/XFrame.html" /><Link token="Internal/XFrame" href="https://lync2013.ac.local/Autodiscover/XFrame/XFrame.html" /><Link token="XFrame" href="https://lyncdiscover.macapartments.com/Autodiscover/XFrame/XFrame.html" /></Root></AutodiscoverResponse>
Autodiscover URL https://lyncdiscover.macapartments.com/Autodiscover/AutodiscoverService.svc/root?sipuri=smelcher@macapartments.com redirected to https://lyncdiscover.macapartments.com/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=macapartments.com
Sending HTTP request to https://lyncdiscover.macapartments.com/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=macapartments.com?sipuri=smelcher@macapartments.com
Cookie found in autodiscover response: StatusCode: 401, ReasonPhrase: 'Unauthorized', Version: 1.1, Content: System.Net.Http.StreamContent, Headers:
{
X-MS-WebTicketURL: https://lyncdiscover.macapartments.com/WebTicket/WebTicketService.svc
X-MS-WebTicketSupported: cwt,saml
X-MS-Server-Fqdn: Lync2013.AC.local
X-Content-Type-Options: nosniff
Cache-Control: no-cache
Server: Microsoft-IIS/7.5
X-Powered-By: ASP.NET
X-Powered-By: ARR/2.5
X-Powered-By: ASP.NET
Date: Mon, 22 Apr 2013 19:24:09 GMT
Content-Length: 1293
Content-Type: text/html
}
Authorization required for https://lyncdiscover.macapartments.com/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=macapartments.com?sipuri=smelcher@macapartments.com
Obtaining WebTicket from https://lyncdiscover.macapartments.com/WebTicket/WebTicketService.svc
StatusCode=Forbidden, Reason=Forbidden
System.Exception: Exception of type 'System.Exception' was thrown.
at Microsoft.LyncServer.WebServices.WebTicketManager.WTExceptions(String exText)
at Microsoft.LyncServer.WebServices.WebTicketManager.<GetMexDocumentAsync>d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<AuthenticationRequired>d__2a.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<SendRequest>d__d.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at System.Runtime.CompilerServices.TaskAwaiter`1.GetResult()
at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<TryNextUrl>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<ParseResponse>d__16.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<TryNextUrl>d__3.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at Microsoft.LyncServer.WebServices.AutoDiscoverManager.<StartDiscoveryJourney>d__0.MoveNext()
--- End of stack trace from previous location where exception was thrown ---
at System.Runtime.CompilerServices.TaskAwaiter.ThrowForNonSuccess(Task task)
at System.Runtime.CompilerServices.TaskAwaiter.HandleNonSuccessAndDebuggerNotification(Task task)
at LyncConnectivityAnalyzerCore.Utilities.<RetrieveUserLocation>d__40.MoveNext()
Total server discovery time: 0.2 seconds
Server discovery failed for secured channel against https://lyncdiscover.macapartments.com/Autodiscover/AutodiscoverService.svc/root
Server discovery ended for https://lyncdiscover.macapartments.com/Autodiscover/AutodiscoverService.svc/root
None, AutoInternalDNSFail, AutoExternalDNSFail, AutoInternalSecureD, AutoInternalUnsecureD, AutoExternalSecureD, AutoExternalUnsecureD, ManualSecureD, ManualUnsecureD, AuthBrokerInternalLMXCheckGET, AuthBrokerInternalLMXCheckPOST, AuthBrokerExternalLMXCheckGET, AuthBrokerExternalLMXCheckPOST, MobilityMCXInternalLMXCheckGET, MobilityMCXInternalLMXCheckPOST, MobilityMCXExternalLMXCheckGET, MobilityMCXExternalLMXCheckPOST, LMXSIPServerInternalDNS, LMXSIPServerExternalDNS
Server discovery failed using lyncdiscover.macapartments.com. Please verify the server requirements at http://go.microsoft.com/fwlink/?LinkId=278998
Microsoft Lync Connectivity Analyzer cannot analyze deployment readiness until a discovery test has completed successfully.
I have DNS set, I have the certificates set (as far as I can tell), I have the firewall turned off (just in case). I have both DNS entries pointing at the proxy as I read that with 2013 all mobiltiy services go through the proxy whether they are internal or external.
Any ideas, I have been banging my head against this all weekend......?