Recently had a issue where Lync phones (Polycom CX600) using number and pin where unable to download the CA certificate chain. Tethered phones worked fine. Some network packet inspection revealed that the DHCP server did not provide any of the options 43 information. The client (phone) asked for the correct vendor class “MS-UC-Client”, but there was no response from DHCP server. To add these options to the DHCP server we used the same script as we always use, so it was sure there was nothing wrong with the server. Asked the crew running the network equipment to check but they did not notice anything being blocked.  Continue reading Lync DHCP options and Windows 2012 R2 →

Do you want to publish Lync 2013 web services using something other than TMG or UAG now that they are getting closer to the end? Doug Deitterick has a nice how to guide. You will find this guide on TechNet.  Continue reading Publish Lync 2013 web services using Windows 2012R2 →

Installed Lync 2013 on a Windows 2012R2 server. When I login with an external Lync Client there are no photos of internal users. A validation shows that the thumbnailPhoto attribute has bin populated with images of the correct size.

If the client Connect directly to the frontend server photos are presented correctly.

An examination of the Lync Addressbook shows the addressbook files and also the photo files. The photo files are renamed jpg files exported from Active Directory. The Lync server create these PHOTO files when a client request photos of users. Since these photos are placed in the addressbook folder they are downloaded through https to the Lync Client.

Running netstat on Lync front end did not show any TCP Connection from reverseproxy server !

A network monitor show that connection are reset after half a TLS 1.2 handshake – a strong indication that there is something wrong with ssl/tls. Revalidated all sertificates and also publishing rules on F5 reverseproxy.

Used Bing to find any issues regarding TLS 1.2 and Windows 2012 R2, and yes, someone have hade the same issue. Entered registry keys as below – rebooted and now it works –

To Resolve this issue do the following:

– On the Lync 2013 server open the registry and browse to the following location: HKLM\System\CurrentControlSet\Control\SecurityProviders\SChannel\Protocols

– Create the following Key under Protocol: TLS 1.2

– Create the following two Keys under TLS 1.2: Client and Server

– Create the following DWORDs under both the Client and Server Key: DisabledByDefault and Enabled

– Under both Client and Server set the following: DisabledByDefault=1 and Enabled =0

– Reboot the server.

Entering these keys Disables TLS 1.2 on the server forcing the client and server to communicate over TLS 1.1.

Good Luck,

Matt

http://social.technet.microsoft.com/Forums/lync/en-US/41718327-203f-445f-8657-87b0a8545ead/lync-2013-client-signin-issue-with-lync-2013-server?forum=lyncprofile

Often we have to troubleshoot routing and firewall rules as seen from a client on a internal client subnets. I use PSEXEC and PORTQRY from Microsoft. This will work if it is a Windows pc and I have permissions to connect to it. Run these commands from a server in the server lan

I try to check if the port is open from the client to server (10.10.10.100) :

PsExec.exe
\\clientpc.domain.local -c portqry.exe
-n 10.10.10.100 -P TCP -e 443

If this fails I will run a tracert from the client to the server IP (10.10.10.100):

PsExec.exe
\\clientpc.domain.local tracert -h 8 -d
10.10.10.100