Test anonymous Web App access in Lync Server 2013
Topic Last Modified: 2014-06-07
Verification schedule |
Monthly |
Testing tool |
Windows PowerShell |
Permissions required |
When run locally using the Lync Server Management Shell, users must be members of the RTCUniversalServerAdmins security group. When run using a remote instance of Windows PowerShell, users must be assigned an RBAC role that has permission to run the Test-CsWebAppAnonymous cmdlet. To see a list of all RBAC roles that can use this cmdlet, run the following command from the Windows PowerShell prompt:
|
Description
The Test-CsWebAppAnonymous cmdlet verifies that an anonymous user can join Lync Server conferences by using the Lync Web App. When you run the cmdlet, Test-CsWebAppAnonymous contacts the Web Ticket service to obtain a web ticket for the anonymous user. If the cmdlet succeeds in obtaining this ticket, Test-CsWebAppAnonymous will then contact Lync Server and attempt to establish separate conferences for instant messaging, application sharing, and data collaboration.
Note that Test-CsWebAppAnonymous only verifies the APIs and connections used to create these conferences. The cmdlet does not actually create and conduct any conferences.
Running the test
The Test-CsWebAppAnonymous cmdlet can be run using either a pair of preconfigured test accounts or the accounts of any two users who are enabled for Lync Server. To run this check using test accounts, you just have to specify the fully qualified domain name of the Lync Server pool being tested. For example:
Test-CsWebAppAnonymous -TargetFqdn atl-cs-001.litwareinc.com
To run this check using actual user accounts, you must create two Lync Server Management Shell credentials objects (objects that contain the account name and password) for each account. You must then include those credentials objects and the SIP addresses of the two accounts when you call Test-CsWebAppAnonymous:
$cred1 = Get-Credential "litwareinc\kenmyer"
Test-CsWebApp -TargetFqdn atl-cs-001.litwareinc.com -UserSipAddress "sip:kenmyer@litwareinc.com" -UserCredential $cred1
For more information, see the help topic for the Test-CsWebAppAnonymous cmdlet. Note that Test-CsWebAppAnonymous is deprecated for use on Lync Server 2013.
Determining success or failure
If Test-CsWebAppAnonymous can join the anonymous user to his or her conferences, the cmdlet will return the test result Success:
Target Fqdn :
Result : Success
Latency : 00:00:00
Error Message :
Diagnosis :
If the anonymous user can't join the necessary conferences then the test result will be marked as Failure. Typically Test-CsWebAppAnonymous will also report back a detailed error message and diagnosis:
Target Fqdn : atl-cs-001.litwareinc.com
Result : Failure
Latency : 00:00:05.9746266
Error Message : No response received for Web-Ticket service
Diagnosis : The HTTP request is unauthorized with client
authentication scheme 'Ntlm'. The authentication
header received from the server was 'Negotiate,NTLM'.
Reasons why the test might have failed
Test-CsWebAppAnonymous failures usually revolve around user authentication errors: you must run the test using a valid user account even though the cmdlet is checking the ability of an anonymous user to connect to Lync Server. If Test-CsWebAppAnonymous fails, you should verify that the specified user has valid a Lync Server user account. You can retrieve Lync Server account information by using a command similar to this:
Get-CsUser -Identity "sip:kenmyer@litwareinc.com" | Select-Object Enabled
If the Enabled property is not equal to True or if the command fails, that means that the user does not have a valid Lync Server account.
You should also verify that the password that you supplied when you run the cmdlet is a valid password.
Configuration problems with Office Web Apps Server can also cause Test-CsWebAppAnonymous to fail; that will often be the case if you receive the following diagnosis:
The HTTP request is unauthorized with client authentication scheme 'Ntlm'. The authentication header received from the server was 'Negotiate,NTLM'.
For more information on diagnosing and resolving Office Web Apps Server problems see the blog post Office Web Apps Server 2013 - machines are always reported as Unhealthy.