Check out the most comprehensive, actively managed Lync blog roll in the known universe, your one-stop source for links to over 100 of the very best Lync blogs. Here you will also find weekly blog highlights and a feed for a dozen of the top blogs.
Lync Server Support Home
Top Lync Solutions RSS Feed
Microsoft Senior Support engineers walk you through real-life support cases, giving you an insider’s view into the systematic approach they use to troubleshoot Lync Server issues.
These short videos focus on specific tasks and show you how to accomplish them for Microsoft Lync Server 2010.
This article provides step-by-step troubleshooting for Microsoft Lync Server 2010 connectivity issues for external users with mobile devices. This article assumes that Lync Server 2010 Mobility Service and Lync Server 2010 Autodiscover Service are successfully deployed and internal users are able to connect using the Lync 2010 mobile client. It assumes that Lync Server clients can successfully connect to an external mobile device user without error messages or warnings for web services connectivity. This article does not include steps for troubleshooting push notifications for Windows Phone 7 and iOS devices.
Author: Edwin Joseph
Publication date: February 21, 2012
Product version: Microsoft Lync Server 2010 with Cumulative update for November 2012
When a mobile device with a Lync 2010 client tries to connect to Lync Server 2010, the user receives the error message:
Can’t connect to the server. It might be unavailable. Also please check your network connection, sign-in address, and server addresses.
Note: The SIP domain used throughout this document is contoso.com; replace contoso.com with your actual SIP domain. Lyncexternal.contoso.com is the external web services URL of the pool.
Step 1. Autodiscover setup check
If you use Autodiscover Service to locate Lync Server 2010, the first step is to type the Autodiscover URL into the web browser. For example after typing https://lyncdiscover.contoso.com in the browser, you should receive a prompt to open or save the lyncdiscover_contoso.com file.
If you receive a warning or an error, check the browser settings. If you are prompted for authentication when browsing lyncdiscover.contoso.com, there is a configuration issue on the reverse proxy.
If you are unable to obtain the lyncdiscover_contoso.com file, perform a Nslookup for lyncdiscover.contoso.com. Verify that the A record is setup for lyncdiscover.contoso.com and that it points to the correct external IP address.
When you open the lyncdiscover_contoso.com file in notepad, you should see the following content.
The URL identified in the lyncdiscover_contoso.com file must be the external web services URL for the Lync Server 2010 Front End Server or Lync Server 2010 Director pool. If the internal web services URL is identified, the web publishing rule is incorrect and is bridging the connection to port 443 instead of port 4443 for the Lync external web services.
When you have verified that the A record for lyncdiscover.contoso.com is correct and that the URL returned in the lyncdiscover_contoso.com file is the external web services URL for the Lync Server Front End Server or Lync Server Director pool, you are ready to look at the Lync mobility setup.
Step 2. Check Web Services Internal URL
A prerequisite for the Lync mobility component is that the Front End pool internal web FQDN must be distinct from the Front End pool external web FQDN.
To configure internal web services
Step 3. MCX configuration check
Log on to the computer as a member of the CsAdministrator group. In the Lync Management Shell run the following cmdlet.
Verify the ExposedWebUrl is set to External. If this value is set to the Internal, only your internal mobility client can connect to Lync Server. To set the value for ExposedWebUrl to external, use the following cmdlet.
Set-CsMcxConfiguration –ExposedWebUrl External
Step 4. DNS record check
Verify that the A record for Lyncdiscover is setup correctly in the internal DNS.
External DNS Records
External Web Services FQDN for your Director pool, if you have one, or for your Front End pool if you do not have a Director
External or public or IP address of the reverse proxy
Step 5. Certificate check
Refer to the certificate requirements in the Lync Server 2010 Mobility Guide.
If you are using a Director, verify the certificate.
Director Pool Certificate
Subject alternative name entry
Internal Autodiscover Service URL
External Autodiscover Service URL
Note: Alternatively, you can use SAN= *.contoso.com.
Front End Pool Certificate
Reverse Proxy (Public CA) Certificate
Note: Assign this certificate to the SSL Listener on the reverse proxy.
After completing the four steps outlined above, browse to the Autodiscover URL in web browser https://lyncdiscover.contoso.com.
You should receive a prompt to open or save the file Lyncdiscover_contoso.com.
If you still do not receive an option to open or save the file lyncdiscover_contoso.com, verify the reverse proxy setup. Refer to the Lync Server 2010 Mobility Guide.
Step 6. Domain file check
If you receive the option to open or save the lyncdiscover_contoso.com file in the web browser, proceed to step 5.
Try to browse to the following URL in your web browser. http://lyncdiscover.contoso.com/autodiscover/autodiscoverservice.svc/root/domain
You should receive a prompt to open or save the domain file.
When you open the domain file in notepad you should see the following content.
The URL mentioned in the domain file must be the external web services URL for the Front End Server or Director pool. If the internal web services URL is returned, the web publishing rule is incorrect. This means that it is bridging the connection to port 443 instead of 4443 for Lync Server external web services.
If you are unable to download the Domain file, there is a problem with the reverse proxy configuration or authentication settings for web services in Lync Server 2010.
Step 7. Web Services authentication check
Try to browse the URL https://lyncexternal. contoso.com/mcx/mcxservice.svc/mex in your web browser.
Depending on your browser settings, you should see https://lyncexternal.contoso.com/Mcx/McxService.svc/WebTicket_Bearer in the browser or the XML SOAP information. This means the web services URL authentication setting is set to negotiate.
To quickly verify the web services URL authentication settings, use the Lync Management Shell to run the following cmdlet.
Verify the value for the UseWindowsAuth parameter is set to Negotiate.
Step 8. Debug log from mobile device
Enable and collect debugging logs from a mobile device to verify the reverse proxy configuration.
Note: The logging information may contain personal information. To address privacy concerns, edit the log file in accordance with company guidelines before forwarding logging information.
To Enable logging on a Windows Phone
1. From any screen of the Lync for Windows Phone application, touch the ellipses, to bring up the menu, and then tap settings.
2. On the settings page, toggle Diagnostic Logging to the on position.
3. Close and exit Lync. Launch Lync and sign-in to reproduce the issue.
4. To send the logs, tap the ellipses to bring up the menu and tap about.
5. On the about page, tap send diagnostic logs. The logs are stored in your Saved Pictures folder. To send the logs, tap ok and attach the image to the email that opens automatically.
6. When the new email opens, tap the paperclip to attach the log file. Swipe the menu to change to date view and select the most recent Lync log identified by the Lync icon.
7. Type in the recipient’s name and tap send.
8. To review the log, open the received file in a text editor. The log has a .jpg extension. Change the file extension to .txt and open a text editor.
To Enable logging on an iPhone
1. To enable logging access the Logging option from My Info tab -> Options -> Logging.
2. Within the Send Feedback screen, you have the option to submit Bug.
3. After you have completed the feedback, click the Next button at the top of the screen. This brings up your iPhone email client. Use your corporate account to send the feedback.
Note: Logging on an iPad is similar to an iPhone.
To Enable logging on an Android device
1. After sign in, tap Options on the Signing in tab. On the Options page, tap Diagnostic logging to enable logging. Sign out and then sign in.
2. Recreate the issue. Return to the Options screen and tap About Lync.
3. Tap Send diagnostic logs and then choose a configured email account.
4. Enter the recipients and subject line information and tap Send. The logs are attached as a .zip file.
Sample error messages
Here are some errors you might see in the device logs from Windows Phone 7.
Error : 410674486 : HttpRequestPump : Got a failure response to request UnauthGethttps://lyncexternal.contoso.com/Autodiscover/AutodiscoverService.svc/root/user. Status: UnknownError. Code: 403.
Verbose : 410674486 : HttpRequestPump : Error status description for request UnauthGethttps://lyncexternal.contoso.com/Autodiscover/AutodiscoverService.svc/root/user is "Forbidden ( The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. )".
Error : 410674486 : MetadataManager : Web request to resolve failed. Error: HttpClientForbiddenError [Error, Transport, TransportFramework].
Here are some errors you might see in the device logs from an Android device.
ERROR TRANSPORT /mnt/hgfs/marvin_LyncRTM/dev/como/transport/metaDataManager/private/CMetaDataManager.cpp/511:Unable to get a response to an unauthenticated get to url https://Lyncexternal.contoso.com/autodiscover/autodiscoverservice.svc/root/user
ERROR TRANSPORT /mnt/hgfs/marvin_LyncRTM/dev/como/transport/authenticationResolver/private/CAuthenticationResolver.cpp/554:Unable to get the meta data for server url https://Lyncexternal.contoso.com/autodiscover/autodiscoverservice.svc/root/user
ERROR APPLICATION /mnt/hgfs/marvin_LyncRTM/dev/como/applicationLayer/infrastructure/private/CUcwaAutoDiscoveryServiceRetrialWrapper.cpp/348:Auto-discovery failed. Analysing the failure
ERROR APPLICATION /mnt/hgfs/marvin_LyncRTM/dev/como/applicationLayer/infrastructure/private/CLogonSession.cpp/1050:Auto-discovery failed, aborting sign-in!Error Samples
Here are some of the errors you might see in the device logs from an iPhone or iPad.
Error Code: 403 Forbidden. The server denied the specified Uniform Resource Locator (URL). Contact the server administrator. (12202)
ERROR TRANSPORT /Users/comobuildadmin/se_wave1_idx/src/dev/CoMo/transport/_buildIos/../metaDataManager/private/CMetaDataManager.cpp/511:Unable to get a response to an unauthenticated get to url https://Lyncexternal.contoso.com/autodiscover/autodiscoverservice.svc/root/user
ERROR TRANSPORT /Users/comobuildadmin/se_wave1_idx/src/dev/CoMo/transport/_buildIos/../authenticationResolver/private/CAuthenticationResolver.cpp/562:Unable to get the meta data for server url https://Lyncexternal.contoso.com/autodiscover/autodiscoverservice.svc/root/user
ERROR APPLICATION /Users/comobuildadmin/se_wave1_idx/src/dev/CoMo/applicationLayer/_buildIos/../infrastructure/private/CUcwaAutoDiscoveryServiceRetrialWrapper.cpp/348:Auto-discovery failed. Analysing the failure
ERROR APPLICATION /Users/comobuildadmin/se_wave1_idx/src/dev/CoMo/applicationLayer/_buildIos/../infrastructure/private/CLogonSession.cpp/1050:Auto-discovery failed, aborting sign-in!
Note: Log information and verbosity varies as per device and platform.
These error messages indicate the client is having an issue authenticating with Lync Server 2010. First, verify that Authentication Delegation is verified on the reverse proxy publishing rule configuration. This must be set to No delegation, but client may authenticate directly. If the reverse proxy publishing rules are set to No delegate and client cannot authenticate directly, it fails to sign-in when it reaches the step to provide credentials to request a token after MEX retrieval.
This article describes a process to verify connectivity from an external Lync mobility client to Lync Server 2010.
If are unable to connect, verifying the reverse proxy publishing rule configuration. If reverse proxy settings are correct, verify the Lync mobility settings as described in the Lync Server 2010 Mobility Guide. Verify that you have installed the latest updates for Lync Server 2010 Mobility Service. Service Here is the update for Lync Server 2010, Mobility Service: February 2012.