Isiah Hudson, CDW UC Consultant, reports the following:
Failures of IM and calling to Lync 2013 mobile clients in two very specific scenarios. The findings are listed below:
When an IM is sent from an internal user (using any Lync client) to a user on the Internet using the Lync mobile 2013 client. The Internal user would get an error message saying the IM failed immediately after the Lync 2013 mobile user accepts the IM.
When a call (audio or video) is initiated from an internal user to a Lync 2013 mobile user on the Internet the call results in a failure.
This issue only impacted Lync 2013 mobile clients. The Lync 2010 mobile client worked fine in all IM and call scenarios.
After the IM or call is accepted by the Lync 2013 mobile client the following a SIP/2.0 403 Forbidden message is generated by an FE server with the following information in it:
ms-diagnostics: 24118;Component="RTCC/220.127.116.11_UCWA/18.104.22.168";Reason="Application accepts invitations via static registration only.";Source="whatevertheFEservernameis.ad.local"
A ticket was opened with MSFT and after a couple of months of working on it the problem was the public certificate on the reverse proxy for the Lync external web services had SAN names in them that were not resolvable by public DNS. I am told by MSFT support that the Lync 2013 mobile client will try and resolve all SAN entries of the public certificate presented to it at sign-in. If it cannot resolve any SAN entry on the certificate you may experience the problems outlined in the Issue section above.
Make sure all SAN entries on the public certificate you put on your reverse proxy for Lync can be resolved to an IP address or you will have a bad time.
And there you go. Nice work Isiah!