(Post courtesy Kapil Hudiya)
In order to make sure that your Lync server is running successfully with all the required features, I want to share my experience of troubleshooting Lync Server 2010 and client connectivity
If you have followed best practices and configured Lync 2010 according to Microsoft recommendations, it is less likely that you will run into errors. Common factors for the errors that I have encountered include network configuration steps (such as DNS, Firewall, etc.) and other configuration steps such as certificates, integration with Exchange Servers.
I would say 95% of the issues that I have encountered are due to improper configuration. For quick resolution, we have to first identify the issue and that’s very important. So let’s first see how we can identify and solve Lync client connectivity issues:
Lync Client Connectivity issues Internal and Externally.
If it is Client connectivity issues to Front end server internally then you should have following information:
1) Check if users trying to login is enabled in Lync server.
2) Go to Settings –> Tools –> Options
Then select Advanced Connection Settings:
3) Now let’s Check DNS records:
On DNS server, go to Start-> Administrator tools -> DNS -> Forward lookup Zone -> contoso.com (Domain name)-> _TCP . See if _sipinternalTLS record is created.
If yes then check if it matches following settings. If no then create new record by right click on zone ->other new records -> SRV.
Domain will be Contoso.com
The host offering this service should be pool name of Front End Server. If Director Servers are installed then the Director Server pool name should be entered.
More details available at the following TechNet article: Determining DNS Requirements
4) The last option you have to check is Certificates.
Install the Root certificate of the internal CA in trusted root certificate of the computer.
Open Internet Explorer -> in address bar enter Internal CA FQDN followed by /certsrv.
a) Under select task: Download CA certificate, certificate chain, or CRL.
b) Download CA certificate chain, save the file on desktop.
c) Now, Start->Run -> type MMC -> Under File -> Add/remove snap-in -> select certificate under Add remove snap-ins , select Add, computer account ,next and then Finish. Then click ok to close the window.
d) Under Console 1 -> Expand Certificates ->Trusted root certificate -> certificate -> right click on certificate-> All Task and then click Import.
e) On Certificate Import Wizard, select next, under File name select Browse and select the Root certificate, then next, In certificate store select next, then Finish.
If you are experiencing Client connectivity issues to the Lync Edge server externally (Remote connectivity) then you should have following information:
1) Follow first and second steps mentioned above.
2) Now let’s Check public DNS records and network configuration:
a. _sip._tls. Contoso.com
b. A record for Access Edge Server .
3) Let’s Check the topology Builder:
Check if the public Certificate common name is same as access edge server name published in Public DNS.
Without Hardware Load balancer:
5) Firewall Ports: Check if required Firewall ports are open by Port Query Tool (http://support.microsoft.com/kb/310099)
6) A few more steps …..
a. On Lync Front End, Check the SQL (CMS) replication status by using the following Lync PowerShell cmdlet:
the uptodate: option should be true. If not, ports are blocked or there are other Lync edge Server deployment issues.
b. Make sure the user is allowed for remote access by remote access policy.
7) Now check with the Remote Connectivity Analyzer at https://www.testocsconnectivity.com/ to verify if you get Green\