Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 6 replies
  • Subscribers 3 subscribers
  • Views 2274 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Problem with Lync2013

learojas206
Hello everyone, in this days i was configuring all the firewall rules and the reverse proxy in my sophos equipment, to implement Lync2013. Every work fine, we can get access to the application, and we can also make conference with audio an video, inside the company and from outside. All the test that we made are from PC o notebooks

However when we are trying to make a test with a mobile phone only works the chat with lync, but we are not able to make a conference with audio/video
It's try to make it, but fails

Anyone knows, if exist any problem with the mobile phone in the reverse proxy or limitant in the sophos equipment that could causing this problem?

Thanks


This thread was automatically locked due to age.
  • 0
    Try #1 in Rulz and check the Web Application Firewall log for hints.

    Cheers - Bob
  • 0
    I received this log when a mobile phone try to connect

    2014:05:08-11:02:39 Gateway-01 reverseproxy: srcip="172.30.1.20" localip="172.30.3.6" size="0" user="-" host="172.30.1.20" method="POST" statuscode="204" reason="-" extra="-" time="5133" url="/ucwa/v1/applications/2153273674/me/reportMyActivity" server="meet.gire.com" referer="-" cookie="exchangecookie=2e3b51897df944378a30d4c952a97965" set-cookie="-"


    2014:05:08-11:02:39 Gateway-01 reverseproxy: srcip="172.30.1.20" localip="172.30.3.6" size="644" user="-" host="172.30.1.20" method="POST" statuscode="201" reason="-" extra="-" time="15712" url="/ucwa/v1/applications/2153273674/people/presenceSubscriptions" server="meet.gire.com" referer="-" cookie="exchangecookie=2e3b51897df944378a30d4c952a97965" set-cookie="-"

    2014:05:08-11:02:40 Gateway-01 reverseproxy: srcip="172.30.1.20" localip="172.30.3.6" size="0" user="-" host="172.30.1.20" method="POST" statuscode="204" reason="-" extra="-" time="5657" url="/ucwa/v1/applications/2153273674/people/contactsAndGroupsSubscription/startOrRefresh" server="meet.gire.com" referer="-" cookie="exchangecookie=2e3b51897df944378a30d4c952a97965" set-cookie="-"

    2014:05:08-11:02:42 Gateway-01 reverseproxy: srcip="172.30.1.20" localip="172.30.3.6" size="746" user="-" host="172.30.1.20" method="GET" statuscode="200" reason="-" extra="-" time="16861855" url="/ucwa/v1/applications/2153273674/events" server="meet.gire.com" referer="-" cookie="exchangecookie=2e3b51897df944378a30d4c952a97965" set-cookie="-"

    2014:05:08-11:02:53 Gateway-01 reverseproxy: srcip="172.30.1.20" localip="172.30.3.6" size="3354" user="-" host="172.30.1.20" method="POST" statuscode="200" reason="-" extra="-" time="16460" url="/ucwa/v1/applications/2153273674/batch" server="meet.gire.com" referer="-" cookie="exchangecookie=2e3b51897df944378a30d4c952a97965" set-cookie="-"

    2014:05:08-11:03:26 Gateway-01 reverseproxy: srcip="172.30.1.20" localip="172.30.3.6" size="682" user="-" host="172.30.1.20" method="GET" statuscode="200" reason="-" extra="-" time="44135033" url="/ucwa/v1/applications/2153273674/events" server="meet.gire.com" referer="-" cookie="exchangecookie=2e3b51897df944378a30d4c952a97965" set-cookie="-"

    2014:05:08-11:08:26 Gateway-01 reverseproxy: [Thu May 08 11:08:26 2014] [error] [client 172.30.1.20] (70007)The timeout specified has expired: proxy: error reading status line from remote server 172.29.10.90:4443
    2014:05:08-11:08:26 Gateway-01 reverseproxy: [Thu May 08 11:08:26 2014] [error] [client 172.30.1.20] proxy: Error reading from remote server returned by /ucwa/v1/applications/2153273674/events

    2014:05:08-11:08:26 Gateway-01 reverseproxy: srcip="172.30.1.20" localip="172.30.3.6" size="455" user="-" host="172.30.1.20" method="GET" statuscode="502" reason="-" extra="-" time="300060825" url="/ucwa/v1/applications/2153273674/events" server="meet.gire.com" referer="-" cookie="exchangecookie=2e3b51897df944378a30d4c952a97965" set-cookie="-"

    2014:05:08-11:12:08 Gateway-01 reverseproxy: srcip="127.0.0.1" localip="127.0.0.1" size="109" user="-" host="127.0.0.1" method="GET" statuscode="200" reason="-" extra="-" time="327" url="/lb-status" server="localhost" referer="
  • 0
    url="/ucwa/v1/applications/2153273674/communication/conversations/a4a784ce-48ab-45c1-9efc-30c8c80e1059/participants/leandro.rojas@gire.com/audio" server="meet.gire.com" referer="-" cookie="-" set-cookie="-" 
    2014:05:08-15:24:52 Gateway-01 reverseproxy: srcip="172.30.1.20" localip="172.30.3.6" size="475" user="-" host="172.30.1.20" method="GET" statuscode="200" reason="-" extra="-" time="5004" url="/ucwa/v1/applications/2153273674/communication/conversations/a4a784ce-48ab-45c1-9efc-30c8c80e1059/participants/david.nasillo@gire.com/video" server="meet.gire.com" referer="-" cookie="-" set-cookie="-" 
    2014:05:08-15:24:52 Gateway-01 reverseproxy: srcip="172.30.1.20" localip="172.30.3.6" size="462" user="-" host="172.30.1.20" method="GET" statuscode="200" reason="-" extra="-" time="3793" url="/ucwa/v1/applications/2153273674/communication/conversations/a4a784ce-48ab-45c1-9efc-30c8c80e1059/participants/leandro.rojas@gire.com/video" server="meet.gire.com" referer="-" cookie="-" set-cookie="-" 
    2014:05:08-15:24:52 Gateway-01 reverseproxy: srcip="172.30.1.20" localip="172.30.3.6" size="975" user="-" host="172.30.1.20" method="GET" statuscode="200" reason="-" extra="-" time="4595" url="/ucwa/v1/applications/2153273674/communication/conversations/a4a784ce-48ab-45c1-9efc-30c8c80e1059/participants/leandro.rojas@gire.com" server="meet.gire.com" referer="-" cookie="-" set-cookie="-" 
    2014:05:08-15:24:53 Gateway-01 reverseproxy: srcip="172.30.1.20" localip="172.30.3.6" size="538" user="-" host="172.30.1.20" method="GET" statuscode="200" reason="-" extra="-" time="863230" url="/ucwa/v1/applications/2153273674/events" server="meet.gire.com" referer="-" cookie="-" set-cookie="-" 
    2014:05:08-15:24:53 Gateway-01 reverseproxy: srcip="172.30.1.20" localip="172.30.3.6" size="277" user="-" host="172.30.1.20" method="GET" statuscode="200" reason="-" extra="-" time="5014" url="/ucwa/v1/applications/2153273674/me/presence" server="meet.gire.com" referer="-" cookie="-" set-cookie="-" 
    2014:05:08-15:24:59 Gateway-01 reverseproxy: srcip="172.30.1.20" localip="172.30.3.6" size="0" user="-" host="172.30.1.20" method="POST" statuscode="204" reason="-" extra="-" time="4030" url="/ucwa/v1/applications/2153273674/me/reportMyActivity" server="meet.gire.com" referer="-" cookie="-" set-cookie="-" 
    2014:05:08-15:25:00 Gateway-01 reverseproxy: srcip="172.30.1.20" localip="172.30.3.6" size="0" user="-" host="172.30.1.20" method="POST" statuscode="204" reason="-" extra="-" time="5116" url="/ucwa/v1/applications/2153273674/people/contactsAndGroupsSubscription/startOrRefresh" server="meet.gire.com" referer="-" cookie="-" set-cookie="-" 
    2014:05:08-15:25:02 Gateway-01 reverseproxy: srcip="172.30.1.20" localip="172.30.3.6" size="0" user="-" host="172.30.1.20" method="POST" statuscode="204" reason="-" extra="-" time="6001" url="/ucwa/v1/applications/2153273674/communication/conversations/a4a784ce-48ab-45c1-9efc-30c8c80e1059/audioVideo/terminate" server="meet.gire.com" referer="-" cookie="-" set-cookie="-" 
    2014:05:08-15:25:02 Gateway-01 reverseproxy: srcip="172.30.1.20" localip="172.30.3.6" size="1457" user="-" host="172.30.1.20" method="GET" statuscode="200" reason="-" extra="-" time="9434147" url="/ucwa/v1/applications/2153273674/events" server="meet.gire.com" referer="-" cookie="-" set-cookie="-" 
    2014:05:08-15:25:02 Gateway-01 reverseproxy: srcip="172.30.1.20" localip="172.30.3.6" size="0" user="-" host="172.30.1.20" method="DELETE" statuscode="204" reason="-" extra="-" time="20694" url="/ucwa/v1/applications/2153273674/communication/conversations/a4a784ce-48ab-45c1-9efc-30c8c80e1059" server="meet.gire.com" referer="-" cookie="-" set-cookie="-" 
    2014:05:08-15:25:03 Gateway-01 reverseproxy: srcip="172.30.1.20" localip="172.30.3.6" size="6586" user="-" host="172.30.1.20" method="GET" statuscode="200" reason="-" extra="-" time="422595" url="/ucwa/v1/applications/2153273674/events" server="meet.gire.com" referer="-" cookie="-" set-cookie="-" 
    2014:05:08-15:25:03 Gateway-01 reverseproxy: srcip="172.30.1.20" localip="172.30.3.6" size="352" user="-" host="172.30.1.20" method="GET" statuscode="200" reason="-" extra="-" time="4837" url="/ucwa/v1/applications/2153273674/people/leandro.rojas@gire.com/presence" server="meet.gire.com" referer="-" cookie="-" set-cookie="-" 
    2014:05:08-15:25:04 Gateway-01 reverseproxy: srcip="172.30.1.20" localip="172.30.3.6" size="1816" user="-" host="172.30.1.20" method="POST" statuscode="200" reason="-" extra="-" time="7388" url="/ucwa/v1/applications/2153273674/batch" server="meet.gire.com" referer="-" cookie="-" set-cookie="-" 
    2014:05:08-15:25:04 Gateway-01 reverseproxy: srcip="172.30.1.20" localip="172.30.3.6" size="209" user="-" host="172.30.1.20" method="GET" statuscode="200" reason="-" extra="-" time="4507" url="/ucwa/v1/applications/2153273674/communication/conversations" server="meet.gire.com" referer="-" cookie="-" set-cookie="-" 
    2014:05:08-15:25:04 Gateway-01 reverseproxy: srcip="172.30.1.20" localip="172.30.3.6" size="277" user="-" host="172.30.1.20" method="GET" statuscode="200" reason="-" extra="-" time="4009" url="/ucwa/v1/applications/2153273674/me/presence" server="meet.gire.com" referer="-" cookie="-" set-cookie="-" 
    2014:05:08-15:30:03 Gateway-01 reverseproxy: [Thu May 08 15:30:03 2014] [error] [client 172.30.1.20] (70007)The timeout specified has expired: proxy: error reading status line from remote server 172.29.10.90:4443 
    2014:05:08-15:30:03 Gateway-01 reverseproxy: [Thu May 08 15:30:03 2014] [error] [client 172.30.1.20] proxy: Error reading from remote server returned by /ucwa/v1/applications/2153273674/events 
    2014:05:08-15:30:03 Gateway-01 reverseproxy: srcip="172.30.1.20" localip="172.30.3.6" size="455" user="-" host="172.30.1.20" method="GET" statuscode="502" reason="-" extra="-" time="300099117" url="/ucwa/v1/applications/2153273674/events" server="meet.gire.com" referer="-" cookie="-" set-cookie="-"
  • 0
    Check your Intrusion Prevention Live log.  I had to disable the 'UDP Flood Protection' and 'ICMP Flood Protection' checks for the External A/V edge interface.

    Jim
  • 0
    Jim, what was the specific exception you made?

    Cheers - Bob

    Sorry for any short responses.  Posted from my iPhone.
  • 0 in reply to BAlfson
    In Webserver Protection Web Application Firewall -> Firewall Profiles I had to set up my profile for my Lync server with the following settings.

    Mode: reject
    Attack Patterns: Cross Site Scripting
    SQL Injection
    Pass Outlook Anywhere: disabled
    Cookie signing: enabled
    URL Hardening: disabled
    Form Hardening: disabled
    Antivirus scanning: disabled
    Block clients with bad reputation: disabled

    If i remember the form hardening causes some of the problems in the above logs.  This setting differs from the suggested setting I found in http://sophserv.sophos.com/repo_kb/120454/file/Configuring%20UTM%20firewall%20for%20Lync%20connectivity.pdf

    In Intrusion Prevention I had to skip the checks for UDP Flood Protection and  ICMP Flood Protection for traffic going to my External Lync A/V edge interface.  If you look at the Intrusion Prevention Live log while trying to have a meeting with 2 external devices  you will see all the packets being picked off due to Intrusion Prevention rules.  This doesn't happen if you are going external device to internal device.

    All my settings are base on us having Firmware version: 9.111-7

    Jim