Lync TLS exception Message_"Unknown error (0x80131500)"

Question

I get thrown a TLS exception that says Unknown error (0x80131500) "Peer disconnected while outbound capabilities negotiation was in progress."

This happens when I go about setting up a endpoint with my lync server.

                    ServerPlatformSettings serverPlatformSettings = null;

                    serverPlatformSettings = new ServerPlatformSettings(ucmaAppName, baseAddress, ucmaAppPort, ucmaGruu, cert);

                    _collabPlatform = new CollaborationPlatform(serverPlatformSettings);
                    _collabPlatform.AllowedAuthenticationProtocol = Microsoft.Rtc.Signaling.SipAuthenticationProtocols.Ntlm;
                    _collabPlatform.EndStartup(_collabPlatform.BeginStartup(null, null));

                    ApplicationEndpoint _endpoint;

                    ApplicationEndpointSettings settings = new ApplicationEndpointSettings(adminUser, ocsServerAddress, 5061);
                    settings.UseRegistration = true;
                    _endpoint = new ApplicationEndpoint(_collabPlatform, settings);
                    _endpoint.EndEstablish(_endpoint.BeginEstablish(null, null));

So I am assuming that my remote host, my Lync 2010 server is rejecting my endpoint connection request, and I see it reject it on the lync server when I make the request.

This is just a single applicaiton server in its own pool.  The application server name is test.lync.com and the cert subject name is TEST.lync.com, I dont think case matters.

The strange thing is that I have other application servers in a different pool but connecting to the same lync front end server, and they work fine.  

So any help on this issue is appreciated. 

thanks

Answer 1

If you have access to the Lync Front End Server that your application is connecting to, log on there and check the event log as there is often an error that gives more detail on the problem in these cases. (Open Event Viewer and check the Lync Server log within there.) It sounds like the certificate your application presented may not have been trusted by Lync Server. 

---

Michael Greenlee | linkedin: http://www.linkedin.com/in/michaelgreenlee | blog: http://blog.greenl.ee

Answer 2

Thanks for getting back to me Michael,

the lync front end server works with the same CA as my application server.  And I verified that the cert in my application server is valid with the cert from the CA.   Where does the lync front end get its certification information from?  How would I find a way to verify that my lync front end server is grabbing the correct certificate for my application server.  Can I check this some where in AD?

Answer 3

The first step is to check the event log that I mentioned, since if there is a certificate issue the clue to what's causing the problem will be in there. If there are multiple certificates on the application server, it's possible that your UCMA application is grabbing the wrong one - you didn't post the code that picks the certificate for the "cert" variable, so I don't know the specifics of how it's doing that.

---

Michael Greenlee | linkedin: http://www.linkedin.com/in/michaelgreenlee | blog: http://blog.greenl.ee

Answer 4

Also, I noticed your code is setting the AllowedAuthenticationProtocol property on the CollaborationPlatform - is there a specific reason you're doing that?

---

Michael Greenlee | linkedin: http://www.linkedin.com/in/michaelgreenlee | blog: http://blog.greenl.ee

Answer 5

the AllowedAuthenticationProtocol was just for testing, I have tried setting it to none or ntlm, but the results were the same.  I am sure that it picks up the correct cert file since I only have one in my personal folder and the serial number matches when I access it in my application.

Here are my results when I try to log it in my lync front end server:

TL_ERROR(TF_CONNECTION) [0]0690.0EF4::07/19/2012-21:55:25.770.0462c49d (SIPStack,SIPAdminLog::TraceConnectionRecord:SIPAdminLog.cpp(160))$$begin_record
LogType: connection
Severity: error
Text: The peer is not a configured server on this network interface
Peer-IP: 10.100.180.20:49360
Transport: TLS
Result-Code: 0xc3e93d6a SIPPROXY_E_CONNECTION_UNKNOWN_SERVER
Data: fqdn="blah.hello.com"
$$end_record

not sure how to fix this?

and I have verified that my app server is on the same topology as my front end so it should be configured, is there any other configurations that I might need to setup?

Answer 6

Interesting. You did provision a trusted application pool for this server, and a trusted application, etc.?

That error message looks like it's from OCSLogger.exe, but I would also suggest checking the event log - i.e., go to the Start menu on the Front End Server, type "event viewer", click the Event Viewer application in the search results, then select the Lync Server log on the left (if I remember right it's a sub-item under Applications). 

---

Michael Greenlee | linkedin: http://www.linkedin.com/in/michaelgreenlee | blog: http://blog.greenl.ee

Answer 7

SOLVED:  So after many days of struggling to resolve the issue,  the the final answer was restarting the Lync Front End and Edge servers, stopping service to many customers.

I am still not sure what happend to cause the issue.