• Welcome to Hurricane Electric's IPv6 Tunnel Broker Forums.

News:

Welcome to Hurricane Electric's Tunnelbroker.net forums!

Main Menu

Microsoft Lync

Started by ekgermann, April 23, 2014, 06:34:36 AM

Previous topic - Next topic

ekgermann

Hello,

Can anyone verify if they're able to successfully connect to https://meet.lync.com ?

I've had a tunnel up for quite a while, things work great.  Can connect all over the world, in and outbound to websites, rsync, etc.  Facebook, Google, Youtube, etc all work great via https over the tunnel.

$DAYJOB went to Office 365 and we use Lync for conferencing.  However, if my boxes are set to prefer IPv6, I can't connect.  Change Windows to prefer IPv4 and it connects.  Microsoft claims it's fully IPv6 enabled, but I'm unable to establish a SSL connection over IPv6.  I've tried tweaking MTU and that hasn't solved it either.

Debugging via a OpenSSL appears the packet gets sent, but no response ever comes back after it times out.



openssl s_client -port 443 -host meet.lync.com -showcerts -debug
CONNECTED(00000003)
write to 0x159ac80 [0x15bbe60] (263 bytes => 263 (0x107))
0000 - 16 03 01 01 02 01 00 00-fe 03 03 53 57 be 05 87   ...........SW...
0010 - 15 60 36 eb 87 cd b4 1b-b4 18 37 3a 6a 8a 50 39   .`6.......7:j.P9
0020 - ac 2a de 2e 61 d2 32 54-bb 64 f6 00 00 94 c0 30   .*..a.2T.d.....0
0030 - c0 2c c0 28 c0 24 c0 14-c0 0a 00 a3 00 9f 00 6b   .,.(.$.........k
0040 - 00 6a 00 39 00 38 00 88-00 87 c0 32 c0 2e c0 2a   .j.9.8.....2...*
0050 - c0 26 c0 0f c0 05 00 9d-00 3d 00 35 00 84 c0 12   .&.......=.5....
0060 - c0 08 00 16 00 13 c0 0d-c0 03 00 0a c0 2f c0 2b   ............./.+
0070 - c0 27 c0 23 c0 13 c0 09-00 a2 00 9e 00 67 00 40   .'.#.........g.@
0080 - 00 33 00 32 00 9a 00 99-00 45 00 44 c0 31 c0 2d   .3.2.....E.D.1.-
0090 - c0 29 c0 25 c0 0e c0 04-00 9c 00 3c 00 2f 00 96   .).%.......<./..
00a0 - 00 41 00 07 c0 11 c0 07-c0 0c c0 02 00 05 00 04   .A..............
00b0 - 00 15 00 12 00 09 00 14-00 11 00 08 00 06 00 03   ................
00c0 - 00 ff 01 00 00 41 00 0b-00 04 03 00 01 02 00 0a   .....A..........
00d0 - 00 06 00 04 00 18 00 17-00 23 00 00 00 0d 00 22   .........#....."
00e0 - 00 20 06 01 06 02 06 03-05 01 05 02 05 03 04 01   . ..............
00f0 - 04 02 04 03 03 01 03 02-03 03 02 01 02 02 02 03   ................
0100 - 01 01 00 0f 00 01 01                              .......
read from 0x159ac80 [0x15c13c0] (7 bytes => -1 (0xFFFFFFFFFFFFFFFF))
write:errno=104
---
no peer certificate available
---
No client certificate CA names sent
---
SSL handshake has read 0 bytes and written 263 bytes
---
New, (NONE), Cipher is (NONE)
Secure Renegotiation IS NOT supported
Compression: NONE
Expansion: NONE
---


Before I escalate to MS, I wondered if ANYONE can connect to them.  I'd really like to not have to flip back and forth between IPv6 and IPv4 just to do a videoconference.

Thanks in advance

cholzhauer

I'm not sure what the expected behavior of that link is, but if I open it, I get "We're having trouble getting you into the meeting.  It's possible you're using a bad URL. Try calling into the meeting using the phone number on the invite, or ask the organizer to drag you into the meeting from the Contacts list"  Chrome says the connection is over IPv6

ekgermann

That error is actually good.  The site is able to answer.  Can you confirm it's connected on IPv6?

On my side, I get a blank screen because it can't setup the SSL session at all (see the dump above).

Anyone else?

cholzhauer

I can confirm IPv6 as accurately as my IPvFoo add-in for Chrome reports it.  In that case, (and I have no reason to distrust it) it's reporting IPv6

ekgermann


ekgermann

Annnnd, it's resolved.

I use Vyatta for the router and tunnel termination point.

IPv6 Tunnel MTU is 1472.  Ethernet interfaces did not match, nor did the RA.  Shoved them down to 1472 and all is well.

Need to dig in to that a little more, but it's resolved, for now.

Thanks all

leffeg

Hi,

I also have problems with lync!

> tracert6 meet.lync.com
traceroute to webams1e-ipv6.infra.lync.com (2a01:111:f404:8003::40) from 2001:470:dd58:1:d116:6a26:f124:c324, 30 hops max, 60 bytes packets
1  ###  13.921 ms  13.903 ms  13.803 ms
2  ###  19.905 ms  32.917 ms  18.934 ms
ge2-20.core1.sto1.he.net (2001:470:0:11e::1)  32.950 ms  18.947 ms  18.533 ms
4  2001:7f8:d:fb::181 (2001:7f8:d:fb::181)  20.175 ms  16.622 ms  19.792 ms
ae15-0.ams-96c-1a.ntwk.msn.net (2a01:111:2000:3::65)  39.198 ms  38.335 ms  42.806 ms
6  2a01:111:0:1e::56 (2a01:111:0:1e::56)  38.292 ms  36.813 ms  42.961 ms
7  * * *         
8  * * *         
But it's not totally dead..
> curl -D- http://meet.lync.com
HTTP/1.1 302 Redirect
Content-Type: text/html; charset=UTF-8
Location: https://meet.lync.com/
Server: Microsoft-IIS/7.5
Date: Thu, 15 Oct 2015 09:50:43 GMT
Content-Length: 145

<head><title>Document Moved</title></head>
<body><h1>Object Moved</h1>This document may be found <a HREF="https://meet.lync.com/">here</a></body>
> curl -D- https://meet.lync.com
curl: (35) Unknown SSL protocol error in connection to meet.lync.com:443
But when i force the connection to ipv4 it works.?!?!
>curl -D- -4 https://meet.lync.com
Cache-Control: private
Content-Type: text/html; charset=utf-8
X-MS-Server-Fqdn: AMS1E01EDG05.infra.lync.com
X-MS-Correlation-Id: 2147513293
client-request-id: 59b5dd42-1aa5-4755-82e5-96ff8e43e65e
X-Content-Type-Options: nosniff
Date: Thu, 15 Oct 2015 09:53:26 GMT
Content-Length: 65585



<!--NOTE: If DOCTYPE element is present, it causes the iFrame to be displayed in a small-->
<!--portion of the browser window instead of occupying the full browser window.-->
<html xmlns="http://www.w3.org/1999/xhtml" class="reachJoinHtml">
<head>
    <meta http-equiv="X-UA-Compatible" content="IE=10; IE=9; IE=8;"/>
    <meta name="viewport" content="width=device-width; initial-scale=1.0; maximum-scale=1.0; user-scalable=0;" />
    <title>Skype for Business Web App</title>
    <script type="text/javascript">
        var reachURL = "";
        var escapedXML = "";
        var validMeeting = "False";
        var reachClientRequested = "False";
        var htmlLwaClientRequested = "False";
        var currentLanguage = "en-US";
        var reachClientProductName = "Skype for Business Web App";
        var blockPreCU2Clients = "False";
.....

Leffe

leffeg

Got it fixed by changing my radvd.conf.

AdvLinkMTU 1480;

Thanks for the hint on MTU. I think it is originally related to PMTUD somewhere..

/Leffe

kassniwqds

#8
Quote from: cholzhauer on April 23, 2014, 06:51:49 AM
I'm not sure what the expected behavior of that link is, but if I open it, I get "We're having trouble getting you into the meeting.  It's possible you're using a bad URL. casesam.co.ukTry calling into the meeting using the phone number on the invite, or ask the organizer to drag you into the meeting from the Contacts list"  Chrome says the connection is over IPv6
yeah, the same to him.

DJX

I have the same problem.
I'm running a SonicWALL so I'm unable to adjust the MTU for tunnel interfaces.
Any suggestions?