We have Lync 2010 setup at work and external users can IM, Video, and Share files, desktop, etc... The only piece that is not working is voice.

I have done packet traces, sip traces, and logging on the client and cannot find the cause, please let me know which log files you might need to see.

This is the only error message that I have really been able to pin down:

HI, please confirm certificates, ports and network connectivity are works fine on edge server ,or would you please enable logging on both MOC and Edge server during Audio test failure then paste errors up here for narrow down the issue.

And make sure the ports and software are not be interfered by Firewall or Antivirus.

When it breaks:

10/15/2010|09:43:59.017 1070:1074 INFO  :: Sending Packet - 72.50.230.243:443 (From Local Address: 10.0.0.214:51956) 1414 bytes:

10/15/2010|09:43:59.017 1070:1074 INFO  :: BYE sip:invmaocsvm01.involtadc.local@involta.com;gruu;opaque=srvr:MediationServer:j95tfsQns1SJPmQCLBmKJQAA;grid=6be3895740704756becd4835abf3a6f3 SIP/2.0

Via: SIP/2.0/TLS 10.0.0.214:51956

Max-Forwards: 70

From: <sip:jward@involta.com>;tag=81082ce6b2;epid=8371fd6545

To: <sip:93192132014;phone-context=defaultprofile@involta.com;user=phone>;tag=6261e5e284;epid=8BF6B67ACE

Call-ID: 576b29afdcdb453dae40fe02c64f82b0

CSeq: 3 BYE

Route: <sip:sip.involta.com:443;transport=tls;opaque=state:Ci.R50a00;lr;ms-route-sig=cboYWBFnyyKCivHBU9wrNiqDO8wOwZE86vDqGIZ9WXauj3rMwc1hwU_gAA>

Route: <sip:invmaocsvm01.involtadc.local:5061;transport=tls;opaque=state:F;lr;received=10.128.10.57;ms-received-cid=2BA02>

User-Agent: UCCAPI/4.0.7457.0 OC/4.0.7457.0 (Microsoft Lync 2010 (RC))

ms-client-diagnostics: 23; reason="Call failed to establish due to a media connectivity failure when one endpoint is internal and the other is remote";CallerMediaDebug="audio:ICEWarn=0x80012b,LocalSite=10.0.0.214:19766,LocalMR=72.50.230.245:3478,RemoteSite=10.128.10.57:53045,RemoteMR=10.128.11.36:59699,PortRange=1025:65000,RemoteMRTCPPort=59699,LocalLocation=1,RemoteLocation=2,FederationType=0"

Proxy-Authorization: TLS-DSK qop="auth", realm="SIP Communications Service", opaque="0ADD0480", targetname="invmaocsvm01.involtadc.local", crand="4f54e6d7", cnum="29", response="3097f05673e4e6ad0a790408c6feb521da55bdf8"

Content-Length: 0

10/15/2010|09:43:59.018 1070:1074 INFO  :: End of Sending Packet - 72.50.230.243:443 (From Local Address: 10.0.0.214:51956) 1414 bytes

Also, I did a packet trace on the client machine and it appears that it is talking to my public av edge ip up until the receiver of the call answers and then the external client tries to start talking to the FE directly (via private IP's) which are not routable.

Bob

HI, by searching of this problem, that may be IPSec mismatch is causing call disconnects for off corp user only on external calls, is Either IPSec is enabled on both sides or exemptions on both sides for IPSec to work fine. would you please

I have double checked and we do not have IPSec enabled on the server. If I VPN into the office everything works again (assuming because I am now able to get to the local IP's).

Thanks,
Bob

I just did some further looking (at firewall and packet sniffers) and found that when I make a voice call from outside the network everything starts off by going to the AV service, but once the call gets answered it switches to the Front End server trying to talk directly to the external client, which breaks as no firewall rules allow for this traffic to come back from the client to the server.

Client IP (udp/32683) -> Firewall IP (udp/23819)
Firewall IP (udp/13894) -> Client IP (udp/32682)

We use the IP of the firewall as the global NAT (any server that does not have a static NAT appears as this IP).

Thanks,
Bob

I have done some further digging and on the admin site, if I go to:

Topology -> Double Click on Edge Server -> Double Click on EdgeServer service

I see taht "Audio/Video Edge service external FQDN:" and "Internal interface FQDN:" are both "Not set" and I wonder if this could be causing my issue? If so where would these get set at?

Thanks,
Bob

I have been looking through the configuration, where would I publish these?

THanks,
Bob

What he's referencing is in the admin panel, Topography > Select the Edge Server to view the properties...this is what we're seeing:

http://imgur.com/ujVGX.png

No, the issue still exists, if you look at this screen shot:

http://imgur.com/ujVGX.png

You can see that both of those settings still show up as "Not Set"

Bob

It still does not appear to be working, when someone external places a call through Lync it appears to start working then stops, here is what I have found through several packet captures:

External Client places call, goes through edge server to front end

Once the recipent of the call answers the front end tried to start talking directly to the external client (skipping over the edge, which then breaks the call)

Please let me know what I can provide to help troubleshoot this.

Thanks,
Bob

I may have the same problem. Currently running OCS R2 including Edge (everything working). Now with separate Lync SE server I cannot use voice from remote user.

Seems like in Lync there are settings missing or wrong:

Access edge external FQDN: not set
A/V Edge service external FQDN: not set

And ApplicationServer does not start anymore

Thanks,
Johann

I have the exact same issue.

Any fix so far?

Regards

JP

Anyone ?

Ben?

I know RTM is just couple of days from GA,  but it is really important to finalize the RC deployment...

Thanks for any help..

Regards

JP

Hi

Not sure where you changed those info in the xml file?

I have search the XML, and did not found any place to change those info.

Cheers

JP

Internal interface FQDN field: <Port Owner="urn:component:AccessEdge" Usage="SipServer" InterfaceSide="Internal" InterfaceNumber="1" Port="5061" Protocol="Mtls" UrlPath="/" AuthorizesRequests="false" ConfiguredFqdn="invmaocsvm03" />

AV Edge External FQDN: <Port Owner="urn:component:MediaRelayEdge" Usage="TURNServer" InterfaceSide="External" InterfaceNumber="3" Port="443" Protocol="Tcp" UrlPath="/" AuthorizesRequests="false" ConfiguredFqdn="av.domain.com" />

Previously the ConfiguredFqdn was just empty quotes. This is in the DocItemSet.xml file. Make sure when you re-zip the files, it's just the 2 files and not the folder or the import will not like the file.

We still have not received any updates about the issue and we are still seeing it as well.

Bob

I have done some further digging and on the admin site, if I go to:

Topology -> Double Click on Edge Server -> Double Click on EdgeServer service

I see taht "Audio/Video Edge service external FQDN:" and "Internal interface FQDN:" are both "Not set" and I wonder if this could be causing my issue? If so where would these get set at?

Thanks,
Bob

I too am having this same issue, and when I just checked these settings they were also set to "Not set"

Have you had any luck getting your to work yet?

I had a similar issue with my setup and was able to get it working.

First off all: make sure you NAT ports 50000 - 59999 UDP to your A/V Edge IP and make sure that the NAT IP is correctly configured in Lync.
The fact that you can share desktop and files means that 50000-59999 TCP is forwarded correctly.

The difference between the two workloads is that app sharing uses TCP while voice/video is using UDP.  You say video is working fine? Can you do a wireshark trace on the external side of the Edge server and see if there are UDP connections being set up on the Edge's port range 50k-59999?

I would also recommend to try moving the A/V Edge to another port than the default port 443. On my side my router was not forwarding this port because it was using it for it's own administration web page. You can do this by modifying the port in topology builder, publish the topology and then issue "Invoke-CsManagementStoreReplication" on the Lync server. Then check the edge event log if the A/V server received the new settings and restart it's service to make it listen on the new port.

Good luck

Same here.  We still have a OCS 2007 Edge running for legacy users not moved over to Lync, but we are seeing the same issues with external users.  I thought maybe that once I move everyone over and get rid of the legacy implementation, that things will start working, but based on what I see above, this will not be the case.

I hope someone find a resolution for this soon. 

Here is the problem, we are using a single FQDN for all services (was hoping to make things simpler).  If I check the topology builder, the FQDN shows correctly for all services as the single one we picked, but the Control Panel does not reflect it for some reason. Our sip address is also our webconf and AV service address.  I wonder if this is why it is not showing up correctly.  We have a dns entry internal for that adddress, but it points to the internal IP, not the external.  I will change it over and see if it helps.

Has anyone found a resolution to this problem?   I am having the same problem and can only get it working if I use TCP, instead of TLS, from my voip gateway to the Lync Front-End/Mediation. 

Hi BOB, did you fix this issue?

I got the same trouble.

any suggestion?

thanks in advance.

Yes, yeahbuddyia works with me, his solution above is the one that got us working.

Bob

Great BoB

IT´S WORKING

Thanks a lot.

Any Resolution to this problem?

I've the same problem with my lync edge server.

We had the same issue except it presented as "Call failed to establish due to a media connectivity failure where one endpoint is of unknown type " in our deployment all users are external (we are a hosting Lync/OCS) what is really strange is why R2 Front Ends work fine without the internal DNS entry but Lync Servers don't. This has the feeling of a bug or at note in the deployment docs calling this out as a requirement for coexistence. All I did was add av.myucworkspace.com to my internal DNS pointed to the external av IP on the R2 Edge.

Bob , it was any change in your configuration reflected after you add the av  FQDN  ? I mean on the propierties view , the internal FQDN and External av FQDN were populated?

I have the same issue and I had add the av FQDN on my Host File in the FE. But calls seems to keep failing and no change in my propierties view on my lync console.

Tanx in advanced

Hey ¡ I´ve already fix my problem, my edge server has nat addresses , i´m not using a DMZ , all of the ip´s are internal address. The server is in workgroup , and the NIC used for external services has the register to DNS option  in auto. So my FE was looking for a erroneous IP at the moment of looking the internal interface of my edge server. Fix the the DNS registry, flush  the dns , remove the auto register option ,and all start working great. The edge is behind of an isa server 2006 , seems to work OK , for now. I´ll provide further comments.

Greets¡

PD

The view service detail stay on not set for external av an internal fqdn, Weird......

Dear All,

I still get error even register the dns record for Av.domain.com on the Internal DNS.

how to fix this problem?

Thanks

Internal interface FQDN field: <Port Owner="urn:component:AccessEdge" Usage="SipServer" InterfaceSide="Internal" InterfaceNumber="1" Port="5061" Protocol="Mtls" UrlPath="/" AuthorizesRequests="false" ConfiguredFqdn="invmaocsvm03" />

 

AV Edge External FQDN: <Port Owner="urn:component:MediaRelayEdge" Usage="TURNServer" InterfaceSide="External" InterfaceNumber="3" Port="443" Protocol="Tcp" UrlPath="/" AuthorizesRequests="false" ConfiguredFqdn="av.domain.com" />

 

Previously the ConfiguredFqdn was just empty quotes. This is in the DocItemSet.xml file. Make sure when you re-zip the files, it's just the 2 files and not the folder or the import will not like the file.

in my case there is no Configuredfqdn="" at all, looks like this:

my entries on the server if I look at topology is also empty.  Any advise?

Internal interface FQDN field: <Port Owner="urn:component:AccessEdge" Usage="SipServer" InterfaceSide="Internal" InterfaceNumber="1" Port="5061" Protocol="Mtls" UrlPath="/" AuthorizesRequests="false" ConfiguredFqdn="invmaocsvm03" />

 

AV Edge External FQDN: <Port Owner="urn:component:MediaRelayEdge" Usage="TURNServer" InterfaceSide="External" InterfaceNumber="3" Port="443" Protocol="Tcp" UrlPath="/" AuthorizesRequests="false" ConfiguredFqdn="av.domain.com" />

 

Previously the ConfiguredFqdn was just empty quotes. This is in the DocItemSet.xml file. Make sure when you re-zip the files, it's just the 2 files and not the folder or the import will not like the file.

in my case there is no Configuredfqdn="" at all, looks like this:

<Port Owner="urn:component:AccessEdge" Usage="SipServer" InterfaceSide="Internal" InterfaceNumber="1" Port="5061" Protocol="Mtls" UrlPath="/" AuthorizesRequests="false" />

my entries on the server if I look at topology is also empty.  Any a

Quick note.

I got fedup with this issue and moved my edge to the extreme edge of our network.

Now all is working 100%.

Sip nat Traversal, non sequencal IP's, you tell me.

Outside of CISCO now, sequencal IP's and all is working.

I suggest a quick "test" by bypassing the network hardware might save your hours wasted on troubleshooting when it may be network/firewall giving you hastles.

We figured it out as it applies to our setup last night. We previously didn't have an internal dns entry for av.involta.com that pointed to the public IP address for it. Because that didn't exist, the front end was trying to talk out directly through the firewall. We also added the av public IP address to the NAT enabled IP address field on the edge server general section. As soon as we published, reran the deployment wizard on both the front end and edge, works like a champ. Hope that helps!

i am having the same issue as

external users are not able make audio/video calls. and i am having confusion with how to import certificate for av services on edge server .. as i have already installed two certificate , 1 from internl CA for edge server and other Public CA certificate having san entries but not av.domain.com as it wasn't required...

Can u help me ..its urgent..

Also on internal DNS av.domain.com will be created using public ip or dmz IP which is NaTTed to Public IP

In our organization we ran into a similar problem and we found out the reason being that our Edge Pool was not being associated with anything inside of our topology builder. Make sure that you have all of your pools setup correctly for your edge services.

http://s12.postimage.org/3le7f4bj1/Jacob_Tech_Dude.png

One more possible solution, which helped in our case. We have Front End and Mediation server co-located in the same server. I have understood, that Mediation Server should automatically use the same Edge with FrontEnd automatically, i.e. it should be ok to have an empty value here:

PS C:\Users\admin> Get-CsService -MediationServer
Identity             : MediationServer:LyncPool01.domain.com
Registrar            : Registrar:LyncPool01.domain.com
EdgeServer           : EdgeServer:lyncedgetr01.domain.com
SipServerPort        : 5070

...

Well, at least in our case it was not ok. I added the Edge for Mediation Server manually, and it started to work:

Set-CsMediationServer -Identity "LyncPool01.domain.com"  -EdgeServer "EdgeServer:lyncedgetr01.domain.com"