This is the first category post, regarding very strange and “hard to find” problems in Lync deployments.
This customer had a full working Lync Edge server, but it stop working for remote desktop user access (!!). I mean, you could login using mobile clients, talk with federated users, but if you have a Windows or OSX client… users could not log in. To makes things harder there were several behaviours: with some users the client would just loop on the log on process, wihle others would give two type of error messages: “server temporarily unavailable” and “…having trouble connecting to the server”.
As always, I took the log and trace sip packets (good faithfull snooper). Nothing was found on the client side, so the clue has to be on the edge server.
And I got the message ‘The connection from a remote user client is refused because remote user access is disabled – SIPPROXY_E_CONNECTION_EXTERNAL_INTERNET_ACC ESS_DISABLED”
Gotcha! – remote user access was disabled on the Edge server. It was a simple problem… not!:
….* Remote user access was in fact enabled on the control panel;
….* Replication was working fine and settings were identical;
….* clients were not receiving this warning message and lync mobile was able to log in.
Result: 4 days working on it, lots of swearing, hitting the firewall and even installing a new edge server and renewing certificates would solve the problem. At the end of the day I just take a look at the edge configuration setting using the shell and noticed a particular enable parameter:
There’s not much about this setting on the documentation, except this warning ‘ This parameter should not be changed unless you are instructed to do so by Microsoft support personnel’.
It turns out that the customer execute to command shell to enable Partner Discovery, but might also have set the beClearingHouse. After disabling it, the magic happens… Everything was back to normal !!
This is a clear case of ‘what does this button do if I press it?’. If you don’t ear any bang… it doesn’t mean we still didn’t broke anything.
But I would recommend Microsoft to document this and even update the Edge/client code to give more clues about this one.
Another annoying thing:
Set-CsAccessEdgeConfiguration -BeClearingHouse $false
will simply not change the setting. After some more time, you’ll find out that oyu need to include two more parameters
Set-CsAccessEdgeConfiguration -BeClearingHouse $false -EnablePartnerDiscovery $true -UseDnsSrvRouting