User Profile
joestar22
Copper Contributor
Joined 11 months ago
User Widgets
Recent Discussions
Skype for Business Server 2019 IM Integration with Exchange Server 2019
I am having difficulty getting the IM/Presence integration to work between my on-prem Skype for Business 2019 Server and my Exchange 2019 Server. I believe I am having a certificate trust issue. On important note is that my internal domain is domain.local and the external is domain.com. So, my public wildcard certificate is for *.domain.com. When I look at the certificates on the exchange server, there is another certificate that is assigned to IIS issued by the local certificate authority which protects domain.local. I have tried a variety of combinations using either the local certificate with the domain.local name of the servers as well as the public wildcard certificate thumbprint and the dns a record with domain.com that points to each server. None of these combinations seem to work for me. I have run these commands on the SfB Server: New-CsTrustedApplicationPool -Identity exchangeserver.domain.local-Registrar sfbserver.domainlocal-Site "My Site" -RequiresReplication $False New-CsTrustedApplication -ApplicationId OutlookWebApp -TrustedApplicationPoolFqdn exchangeserver.domain.local-Port 5199 I have run these commands on the Exchange Server: New-SettingOverride -Name "IM Override" -Component OwaServer -Section IMSettings -Parameters @("IMServerName=sfbserver.domain.local","IMCertificateThumbprint=mycertificatethumbprint") -Reason "Configure IM" Get-ExchangeDiagnosticInfo -Server EXCHANGESERVER -Process Microsoft.Exchange.Directory.TopologyService -Component VariantConfiguration -Argument Refresh Restart-WebAppPool MSExchangeOWAAppPool Get-OwaMailboxPolicy | Set-OwaMailboxPolicy -InstantMessagingEnabled $True -InstantMessagingType OCS When I check the instant messaging logs on the Exchange Server I see the following: If I try to use the domain.com name and the wildcard certificate I get this error: ERROR:InstantMessageOCSProvider.GenerateInstantMessageUnavailablePayload. Context: User=email address removed for privacy reasons, Sip address=sip:email address removed for privacy reasons, Lyncserver=sfbserver.domain.local. endPoint: Microsoft.Rtc.Internal.UCWeb.UCWAuthenticatedEndpoint, MethodName: InstantMessageOCSProvider.SignInCallback, InstantMessageServiceError: SipEndpointConnectionFailure, Exception: UCWEB Failure: Code=TlsFailure, SubCode=TlsIncorrectNameInRemoteCertificate, Reason=\r\nMicrosoft.Rtc.Internal.UCWeb.Utilities.UCWException: The target principal name is incorrect ---> Microsoft.Rtc.Signaling.TlsFailureException: The target principal name is incorrect ---> Microsoft.Rtc.Internal.Sip.TLSException: outgoing TLS negotiation failed; HRESULT=-2146893022\r\n at Microsoft.Rtc.Internal.Sip.TlsTransportHelper.HandleNegotiationFailure(Int32 status, Boolean incoming)\r\n at Microsoft.Rtc.Internal.Sip.TlsTransportHelper.OutgoingTlsNegotiation(TransportsDataBuffer receivedData, TransportsDataBuffer& pDataToSend)\r\n at Microsoft.Rtc.Internal.Sip.TlsTransportHelper.NegotiateConnection(TransportsDataBuffer receivedData, TransportsDataBuffer& pDataToSend)\r\n at Microsoft.Rtc.Internal.Sip.TlsTransport.DelegateNegotiation(TransportsDataBuffer receivedData)\r\n at Microsoft.Rtc.Internal.Sip.TlsTransport.OnReceived(Object data)\r\n --- End of inner exception stack trace ---\r\n at Microsoft.Rtc.Signaling.SipAsyncResult`1.ThrowIfFailed()\r\n at Microsoft.Rtc.Signaling.Helper.EndAsyncOperation[T](Object owner, IAsyncResult result)\r\n at Microsoft.Rtc.Internal.UCWeb.UCWAuthenticatedEndpoint.OotyUserEndpointEstablish_callback(IAsyncResult asyncResult)\r\n --- End of inner exception stack trace ---\r\n at Microsoft.Rtc.Internal.UCWeb.Utilities.AsyncHelper.EndAsyncCall[T](IAsyncResult asyncResult, String methodName, T ucwScopeInstance)\r\n at Microsoft.Rtc.Internal.UCWeb.UCWAuthenticatedEndpoint.EndSignIn(IAsyncResult asyncResult)\r\n at Microsoft.Exchange.Clients.Owa2.Server.Core.InstantMessageOCSProvider.<>c__DisplayClass89_0.<SignInCallback>b__0(RequestDetailsLogger logger)", When I use the internal domain.local server name and the certificate issued by the local certificate authority, I see: 2024-02-25T14:36:21.783Z,19,5,,,,0,"DEBUG:InstantMessageOCSProvider.SignInCallback. Ignoring exception after the connection is closed: Context User=email address removed for privacy reasons, Sip address=sip:email address removed for privacy reasons, Lyncserver=sfbserver.domain.local, Exception: UCWEB Failure: Code=TlsFailure, SubCode=TlsRemoteDisconnected, Reason=\r\nMicrosoft.Rtc.Internal.UCWeb.Utilities.UCWException: Unknown error (0x80131500) ---> Microsoft.Rtc.Signaling.TlsFailureException: Unknown error (0x80131500) ---> Microsoft.Rtc.Internal.Sip.RemoteDisconnectedException: Peer disconnected while outbound capabilities negotiation was in progress ---> System.Net.Sockets.SocketException: An existing connection was forcibly closed by the remote host\r\n at System.Net.Sockets.Socket.EndReceive(IAsyncResult asyncResult)\r\n at Microsoft.Rtc.Internal.Sip.TcpTransport.OnReceived(Object arg)\r\n --- End of inner exception stack trace ---\r\n --- End of inner exception stack trace ---\r\n at Microsoft.Rtc.Signaling.SipAsyncResult`1.ThrowIfFailed()\r\n at Microsoft.Rtc.Signaling.Helper.EndAsyncOperation[T](Object owner, IAsyncResult result)\r\n at Microsoft.Rtc.Internal.UCWeb.UCWAuthenticatedEndpoint.OotyUserEndpointEstablish_callback(IAsyncResult asyncResult)\r\n --- End of inner exception stack trace ---\r\n at Microsoft.Rtc.Internal.UCWeb.Utilities.AsyncHelper.EndAsyncCall[T](IAsyncResult asyncResult, String methodName, T ucwScopeInstance)\r\n at Microsoft.Rtc.Internal.UCWeb.UCWAuthenticatedEndpoint.EndSignIn(IAsyncResult asyncResult)\r\n at Microsoft.Exchange.Clients.Owa2.Server.Core.InstantMessageOCSProvider.<>c__DisplayClass89_0.<SignInCallback>b__0(RequestDetailsLogger logger)",454Views0likes0CommentsSkype for Business 2019 Edge Server with other RD Gateway
I have a Skype for Business 2019 Standard Edition Server currently running without the Edge Transport server. I'd like to add remote access but would prefer not to have to deploy another server specifically dedicated to this. Does anyone know (or has anyone tried) installing Skype for Business 2019 Edge Server on the same machine as a terminal server running RD Gateway and RD Web Apps? Or, is there any other server this could run on without interfering? I have a server running Office Online Server (OOS) and I have another running Sharepoint, one running Exchange 2019, one running Skype for Business 2019 frontend and then the one running RD Gateway and RD Web Apps as a terminal server. Thanks!216Views0likes0Comments