Monthly Archives: March 2014

No connectivity with the Lync Web App reported every 20 minutes or so

9 Replies

We seem to see to encounter a specific connectivity error a lot across a variety of Lync environments.  In some instances, users will complain about slow connectivity or no connectivity.  The primary symptom is the following event log entry (repeated every 20 minutes or so):

No connectivity with the Lync Web App. Affected Web browser clients cannot use Web Conferencing modality.

Server Machine FQDN: lyncfrontend.yourdomain.com, Port:8061
Server Type: External-WebApp-Edge [HTTP side error:The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.]
If the problem persists this event will be logged again after 20 minutes
Cause: Service may be unavailable or Network connectivity may have been compromised.

Never fear, this one is easy to fix!

The Root Issue
The application pool registered to the Lync Server External Web Site\Reach application is set to activate On Demand.  This results in an IIS application pool that is not spun up when an external reach request is received resulting in a connectivity fault.

 

The Solution
Important:  The UI based solution only works in IIS8.  If you are running IIS7.5,  See the “Manually Fix This Issue” below 

  1. Launch Internet Information Services (IIS) Manager on your front-end pool server
  2. Navigate to Sites –> Lync Server External Web Site –> Reach
    image
  3. Right click on Reach and select Manage Application –> Advanced Settings
  4. Note the Application Pool in the advanced settings pop-up
    This will be set to LyncExtReach in normal environments
  5. Click on Application Pools and locate the application pool noted in step#4 above
  6. Right click on the Application Pool and select Advanced Settings
    image
  7. Change the Start Mode to AlwaysRunning
    image
  8. Restart IIS

 

Told you it was easy!

 

UPDATED 09/2014:  How to Manually Fix This Issue
Running IIS7.5?  Don’t see the Start Mode in IIS, here is the manual method!

  1. Edit the following file in the editor of your choice
    %windir%\system32\inetsrv\config\applicationHost.config
    Important:  Make sure you are running your editor as an Administrator!
  2. Search for name=”LyncExtFeature”
    Important:  You are looking for the <add name=”LyncExtReach” within the <system.applicationHost><applicationPools> section!
  3. Edit the entry to include the startMode attribute (see bold text below)
    <add name=”LyncExtReach” autoStart=”true” managedRuntimeVersion=”v4.0″ managedPipelineMode=”Integrated” startMode=”AlwaysRunning”>
  4. Save the file and restart IIS

Exchange Unified Messaging Doesn’t Start (No Certificate Found)

4 Replies

So, you have updated your SSL certificates in Exchange 2010 to comply with (insert corporate policy here).  All seems well until you receive a frantic call: “Voice Mail is down!”.

A quick search of the event viewer turns up:

The Microsoft Exchange Unified Messaging service was unable to start. More information: “Microsoft.Exchange.UM.UMService.UMServiceException: No certificate was found using the thumbprint ” specified in the UMCertificateThumbprint property of the UMServer object.
   at Microsoft.Exchange. UM.UMService.UMConnectionManagerHelper.TLSConnectionManager.Initialize()
   at Microsoft.Exchange.UM.UMService.UMService.InitializeConnectionManager()
   at Microsoft.Exchange.UM.UMService.UMService.StartService()
   at Microsoft.Exchange.UM.UMService.UMService.OnStartInternal(String[] args)”

 

You cradle your head in your hands and begin to weep softly.

Fear not!

The Solution

  1. Launch Exchange Management Console from the server hosting the Unified Messaging Role
    Important: Remember to launch with UAC elevated permissions!
  2. Expand and click on Server Configuration
  3. From the server list in the center pane, select the server hosting the Unified Messaging Role
  4. In the lower center pane, you’ll very likely notice the new SSL certificate is not assigned to any services
    image
  5. Right click on the certificate and select Assign Services to Certificate
  6. In the wizard, check the Unified Messaging (UM) service
    image
  7. Finish the wizard and dry your tears!