A/V and Conferencing don't work with federated partners

Hi Guys.

I hope someone can assist us.

 We have Lync Server 2013 installed and have a unusual error.

 This is what they have:

Internet -> Firewall -> TMG 2010 -> Lync Edge -> Front End

The Edge Server  & Front End server is Windows 2012 Standard Edition.

So we are planning on moving the Edge server to the DMZ soon.

 As for Lync functionality this is currently working (Note that the client did not opt for Enterprise voice.)

IM: An AD authenticated user on Lync client internal network An AD authenticated user on Lync client [works 100%]

IM: An AD authenticated user on Lync client external network An AD authenticated user on Lync client [works 100%]

IM: An AD authenticated user on Lync client external network A Federated partner user on Lync client [works 100%]

A/V: An AD authenticated user on Lync client internal network An AD authenticated user on Lync client [works 100%]

A/V: An AD authenticated user on Lync client external network An AD authenticated user on Lync client [works 100%]

A/V: An AD authenticated user on Lync client external network A Federated partner user on Lync client [does not work at all]

Desktop & Application Sharing: An AD authenticated user on Lync client internal network An AD authenticated user on Lync client [works 100%]

Desktop & Application Sharing: An AD authenticated user on Lync client external network An AD authenticated user on Lync client [works 100%]

Desktop & Application Sharing: An AD authenticated user on Lync client external network A Federated partner user on Lync client [does not work at all]

What could cause this?

 Both users AD and Federated user do have permission on their own Lync policies to use these functions.

 The error that we get from the federated partner logs is as follows.

 ms-client-diagnostics 26 reason a federated call failed to establish due to a media connectivity failure where one endpoint is internal and the other is remote.

Any Ideas???

December 4th, 2014 9:27am

BTW. we tried this fix: https://support.microsoft.com/kb/2801679/en-us?wa=wsignin1.0 but it didn't work. :(
Free Windows Admin Tool Kit Click here and download it now
December 4th, 2014 9:59am

If the error says one endpoint internal and the other is external means that the connectivity between the remote party and your platform. See if you have correct ports opened in TMG to allow SRTP traffic in. See if you have the high port range allowed in the TMG.

December 4th, 2014 7:38pm

Hi Gerrit Deike,

Based on my experience, you should check your TMG and Firewall settings and verify the required ports are opened, the required access rules are configured correctly.

Also please check the ports of Edge Server  that you defined  in the topology.

The required port and protocol for your reference.

http://technet.microsoft.com/en-us/library/gg425891.aspx

Best regards,

Eric

Free Windows Admin Tool Kit Click here and download it now
December 5th, 2014 3:52am

My 2 cents worth..

Getting the Edge Server to accept all its traffic via TMG is not fun. I certainly haven't had much success getting A\V working in a similar situation. TMG seems to mess with the Edge servers routing logic for A\V.

Once you move the Edge behind the firewall you will have much better results (and that the supported and more common architecture).

December 5th, 2014 1:06pm

Thanks to everyone who answered, but I've checked the TMG. You guys did read the part where I mentioned that the error ONLY happens when federating? ;-)

A/V and Conferencing work find in all other cases...

Free Windows Admin Tool Kit Click here and download it now
December 6th, 2014 4:11pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics