Lync Federation Reference Error Id 504 Source Id 239
Contents |
(עברית)المملكة العربية السعودية (العربية)ไทย (ไทย)대한민국 (한국어)中华人民共和国 (中文)台灣 (中文)日本 (日本語) HomeOnline20132010Interop ProgramsLibraryForumsGalleryLync Blogs Ask a question Quick access Forums home
Lync Error Id 403 Source Id 239
Browse forums users FAQ Search related threads lync error id 503 source id 239 Remove From My Forums Answered by: Error while sending message in federation skype for business /error ID 504 (source ID 239)/ Outbound TLS negotiation failed Lync Server , Lync > Lync 2010 and OCS - Planning and Deployment Question 0 Sign in to vote Hi all! I have such question now: I hve such Lync Server test zone: I set up federation between srgdomain1 and srgdomain2 But message can't be sent from one domain to anothererror ID 504 (source ID 239) I have the next situation WiredShark on Edge servers show, that packets leave one server and get to another Maybe I have problem with setting up ports? Firewall is off SRV records are created and reachable from nslookup Lync Server Logging Tool shows TL_ERROR(TF_NETWORK) [0]0600.0984::08/21/2012-14:57:24.615.00000055 (SIPStack,`CTLSLogic::ProcessOutboundTlsFailure'::`1'::catch$0:tlslogic.cpp(1437))( 0000000003295A68 ) Exit$CryptFailure - AdvanceOutboundTls() failed. Returned HRESULT=80096004 TL_ERROR(TF_NETWORK) [0]0600.0984::08/21/2012-14:57:24.615.00000056 (SIPStack,`CTLSLogic::AdvanceOutboundTls'::`1'::catch$0:tlslogic.cpp(1053))( 0000000003295A68 ) Failed. Returned HRESULT=80096004 TL_ERROR(TF_NETWORK) [0]0600.0984::08/21/2012-14:57:24.615.00000057 (SIPStack,CTLSLogic::GetRemoteCertContext:tlslogic.cpp(1492))( 0000000003295A68 ) Exit$Unexpected - invalid SSPI security context TL_ERROR(TF_CONNECTION) [0]0600.0984::08/21/2012-14:57:24.615.00000058 (SIPStack,SIPAdminLog::TraceConnectionRecord:SIPAdminLog.cpp(160))$$begin_record LogType: connection Severity: error Text: Outbound TLS negotiation failed Local-IP: 88.88.88.21:49445 Peer-IP: 99.99.99.11:5061 Peer-FQDN: srgls-edge1.srgdomain1.com Connection-ID: 0x5302 Transport: TLS Result-Code: 0x80096004 $$end_record TL_ER
to be inconsistent. Even though an organization was configured for "open federation", I couldn't necessarily federate with them. The error received when attempting to send a message was "reference error ID 504 (source ID 239)"; most who have worked with OCS 2007 or Lync 2010 will recognize as being a fairly generic communication error. After reviewing the logs on my edge server with "Snooper", I could see where TLS failures were causing the error; this had me thinking I was probably looking at a certificate issue. Fortunately, with one prospective federated organization, I was able to look at their edge https://social.technet.microsoft.com/Forums/lync/en-US/d64f1daa-51d3-4306-88f8-1463d4b0124c/error-while-sending-message-in-federation-error-id-504-source-id-239-outbound-tls-negotiation?forum=ocsplanningdeployment server and check the installed root certificates. Despite my certificate authority (StartCom) being on the "Windows Root Certificate Program Members" list, it was not listed in the trusted root CAs on the other organization's edge server. The list of installed trusted root CAs in Windows 2008 is significantly less than in previous versions of Windows; this is because Windows 2008 utilizes the "Automatic Root Certificates Update" feature which downloads approved http://www.itworkedinthelab.com/2011/11/lync-2010-federation-fails-reference-error-id-504-source-id-239/ root certificates on an as-needed basis. This "as-needed basis", however, does not apply to communication from Lync. Thus, even when configured for open federation, your edge server will only successfully federate with organizations using certificates from one of the base install root CAs or the same CA as you (since you'd have that root certificate). If you want to have the least compatibility problems with other organizations federating with you, it may be worth your time to install the root certificates for some of the more common CAs (i.e. VeriSign, GoDaddy, Thawte, DigiCert, Comodo, etc). This can be done quite easily in most cases by just hitting up the vendor's website with https:// using Internet Explorer on your edge server and "Automatic Root Certificates Update" will handle installing the certificate. Otherwise, if you have a specific partner for whom you need to install their certificate chain, it can be done relatively easy as well. First, you'll want to look up their edge server, this can be done via the following command (where "iwitl.com" is your partner's domain name): nslookup -type=SRV _sipfederationtls._tcp.iwitl.com The response should look something like below: _sipfederationtls._tcp.iwitl.com SRV service location: priority = 5 weight = 0 port = 5061 svr hostname = sip.iwitl.com From your edge server, you
ID 504 (source ID 239). Will you be at the http://www.networksteve.com/windows/topic.php/Lync_2013_External_Networks/?TopicId=60518&Posts=3 event in Person November 14th, 2013 9:11am are you trying http://terenceluk.blogspot.com/2013/04/unable-to-send-instant-messages-or-view.html to connect to users in your organization or from other organization. Free Windows Admin Tool Kit Click here and download it now November 14th, 2013 12:22pm This is a common error with federation. If it is federated users, were they ever error id working? If not have you configured the edge server and the federation settings? Have you enabled users to be able to federate? November 14th, 2013 12:41pm Hi Somet, Agree with Georg. Would you elaborate more about your issue and your Lync environment (especially Edge server and Federation configuration)? Please check source id 239 if your Edge server is down. Please check if the Edge server of your Federated party is down. If you can receive IMs from someone and get this error when you reply, check their systems external DNS or Edge configuration. Look for wrong or mis-configured DNS or NAT in the Topology. Please check ALL the certificates in the chain between you and the other end. Best Regards, Eason Huang Free Windows Admin Tool Kit Click here and download it now November 15th, 2013 7:38am This topic is archived. No further replies will be accepted. Other recent topics Remote Administration For Windows. Easy remote access of Windows 10, 7, 8, XP, 2008, 2000, and Vista Computers Click here to find out more Reboot Hundreds of computers, disable flash drives, deploy power managements settings. Click here to get your free copy of Network Administrator. Over 25 plugins to make your life easier
You've configured federation between two Lync Server 2013 environments and noticed that one of the organizations can send instant messages and see presence information but the other one cannot. The following is the organization that can send instant messages and see presence: While the other company displays a globe indicating that the user is a federated contact and is able to receive messages, presence information is labeled as "unknown": An attempt to send a message to this federated contact will display spinning dots: … then subsequently fail with the message: When contacting your support team, reference error ID 504 (source ID 239). Troubleshooting information is available online, including best practices for using Lync.TestWhen contacting your support team, reference error ID 1 (source ID 0). Troubleshooting information is available online, including best practices for using Lync. A quick debugging session with the logging tool on the front end server of the user who is unable to send or see presence information will show the following: TL_INFO(TF_PROTOCOL) [0]0C88.14F4::04/24/2013-22:53:16.498.0000358e (SIPStack,SIPAdminLog::ProtocolRecord::Flush:2387.idx(196))[2663723319] $$begin_record Trace-Correlation-Id: 2663723319 Instance-Id: 271E Direction: incoming Peer: svrgalyncedge01.ganet.internal:5061 Message-Type: response Start-Line: SIP/2.0 430 Flow Failed From: