Lync Director port 5060 -"the children pool members are down

Hi,

 

did you enable port 5060 on the director? Otherwise this can be done with the following cmdlet:

 

 

Set-CsRegistrar "registrar:poolfqdn" –SipServerTcpPort 5060

 

 

UC

Hi,

 

did you enable port 5060 on the director? Otherwise this can be done with the following cmdlet:

 

 

Set-CsRegistrar "registrar:poolfqdn" –SipServerTcpPort 5060

 

 

UC

heres a better question.. I'm setting up the Director LB as written in the Deployment guide for v10.

 

The guid isnt much other than telling you wqhat virtual server ports and monitors.

 

I have 5061 running find..for sip over tls.. however clients cannot connect using the fb (dns pointing at virtual ip for the Director LB..)

 

 

I thought the directo traffic was all http/https and ssl ? why am i load balancing the 5060/5061?

 

are their some better more descriptive instructions that do not assume I'm an expert f5 admin?

the director redirects clients to your other front ned pools, for that it uses port 5061, if you want to point your simple urls to your director that traffic is on port 443. The problem I noticed when configuring the F5 using the iapp is that it does not enable port 443 so that needs to be added manual.

 

port 5060 is only used for devices that does not use encrytion or if you active siphealth port on you director. The

Hi,

 

 

 

Yes the document still needs some work. For the Director pools, I had to manually add the 443 listener and the 4443 Listener, as we are publishing that for external web services through a TMG reverse proxy. The document says to create the 4443 LB for the FE, or optionally the Director, but realistically you will probably need both.

 

 

Another issue I had was I couldn't get external users to connect externally with port 443. I was able to get it to work if I republished the topology using 5061. So what I had to do was create the external edge interface access LB for 443 and make it the same as the 5061 LB, even though the guide says to make it a full HTTP LB with certs, etc.

 

 

As far as getting 5060 to listen, if you want to use the Topolgy Builder, you just go into the properties for the Front End Pool, and check the box for "Enable Hardware Load Balancer monitoring port", by default it is 5060, but it isnt enabled. Check that, then re-publish the topology.

 

 

I have been knocking out issues on mine, but am still having issues getting the whiteboard and powerpoint to work with an external user and internal user.

 

 

 

Hope that helps.

 

 

 

Steve

 

 

 

 

 

we have the exact same issue at a customer, external access on port 443 is not possible but when we follow your tip to publish 5061 in lync they are able to connect. Did you create a new configuration for 443 or did you change the one created by the iapp?

Posted By Prohead on 10/28/2011 06:24 AM

 

we have the exact same issue at a customer, external access on port 443 is not possible but when we follow your tip to publish 5061 in lync they are able to connect. Did you create a new configuration for 443 or did you change the one created by the iapp?

 

What I did was just modified the one that was created. I just made it the same as the 5061 VS. I usually archive the configs, make the change on our inactive node, roll the nodes, test, then sync the configs if everything looks good.

 

 

Steps to modify the 443 Access Edge VS:

 

 

 

1. Under Local Traffic on left, select Virtual Servers, then select your External Edge 443 VS.

 

 

2: Under Resources tab, change default Persistance Profile to your SSL profile with Timeout set to 1800 (Ours is named Lync_SSL). Change the Fallback Persistance Profile to your Source Address Affinity profile. Click on "Update".

 

3: Under Properties tab, remove both SSL profiles, setting them to "none"

 

 

4. Under Properties tab, remove the HTTP profile, setting it to "none.

 

5. Click on "Update"

 

 

Hope that helps. If you still have issues, post here and I will try to get back to you. Good luck!

 

 

 

Steve

 

 

HI Steve,

 

thanks for your input. We tried changing this but still no good. Since we are starting our pilot this week we decided to use dns loadbalancing instead and try to configure this as a side project.

 

 

Posted By Prohead on 10/31/2011 01:13 AM

 

HI Steve,

 

thanks for your input. We tried changing this but still no good. Since we are starting our pilot this week we decided to use dns loadbalancing instead and try to configure this as a side project.

 

 

 

OK,

 

 

One more thing that I am not sure plays into your issue but did mine. Our external DNS entries TTL were set to 1 day. I set these down to 1 minute, waited 1 full day, then made sure to point the access SRV records in external DNS to 443. Did you change your SRV records? Cause here is the thing, I cannot get the Lync client to work externally on 443 with manual settings( i think may be abug?). Not matter what I try, it will not connect, even forcing the right port, etc. It will only work on automatic with the external SRV records correct. Now on 5061 it would work automatic or manual(which is why I think it may be abug leftover from previous versions which used 5061?). Anyways, when I was first trying it, the 1 day TTL was causing it to fail due to cached records. So maybe give that a shot as well if you havent tried that. ALso did you test connection with https://www.testocsconnectivity.com/ ? I used that site during troubleshooting just to verify as well. Good luck, keep me posted and I can see if I can think of anything else I had to do.

 

 

Steve

 

 

Hi again :)

 

I haven't changed the srv record yet, it still points to our ocs environment. We will change this on monday. However, when I did the testing I could configure my client with manual configuration, pointing it to one of our edge servers and that worked, even for port 443. I will do some more testing next week once the SRV record is changed. I'll let you know if we have any success in tihs. Just a side note, we are actually thinking of just revert to dns loadbalncing for Lync and only use the F5 for https lb until the iapp is released with a version that is more enterprise ready since the network team really wants to use this.