locked
A/V on LiveMeeting not possible

    Question

  • Hi,

    I have a problem with A/V through my EdgeServer.
    I have a OCS R2 Server and my Edge Server is in a Consolidated Edge Topology.

    My Live Meeting from external shows this Error:

    ---------------------------
    Voice and Video Error Information
    ---------------------------
    Your audio and/or video session was unexpectedly disconnected.
    Action required: Please rejoin audio and/or video.
    ---------------------------------------------------------------------------
    More details for technical support:
    ---------------------------------------------------------------------------
    Message Category: 2 (kNetworkError)
    Message Code: 8 (kMediaConnectivityFailure)
    Root Cause Error: 0x00000000
    Root Cause Eomponent: kNetwork
    Audio Input Device: Mikrofon (Cisco Microphone (USB Camera))
    Audio Output Device: Lautsprecher (Realtek High Definition Audio)
    Video Inout Device: Cisco VT Camera
    Audio Muted: Yes
    Media State: (47,2,2,2,0,0,Connected)
    AVMCU-URI: sip:<Pool-FQDN>:5063;transport=tls;ms-fe=<FE-FQDN>
    AVMCU Reachable: Yes
    ACP Reachable: No
    Diagnostic Information:


    On the Firewall (Cisco ASA) all needed Ports are open.
    The Check box "use NAT" on the A/V Edge interface is checked.
    All validations pass successful.

    I hope someone can help me ! If you need mor information let me know.

    Kind regards
    Markus

    vendredi 7 août 2009 09:41

Réponses

Toutes les réponses

  • Markus,

    Can you run the following commands on the ASA?  Also, what IOS are you running?

    Show access-list
    show run static
    show run nat
    show run access-group

    Also, how many NICs in use on your edge?  Can you run an IPConfig and show us those as well?

    Please change the public IP's if you don't want those seen on a public forum :-)

    -kp
    Kevin Peters MCSE/MCSA/MCTS/CCNA/Security+ blog: www.ocsguy.com
    vendredi 7 août 2009 12:02
  • check your internal DNS this article explains the NAT piece and gives you the fix with DNS which may be needed depending on how things are configured read it carefully. I missed one step and spent a day cussing only to find I can't read apperently.

    https://blogs.pointbridge.com/Blogs/mcgillen_matt/Pages/Post.aspx?_ID=61

    Mitch Roberson |MCITP:Enterprise Server Admin, Messaging |MCTS:OCS with Voice Achievement |MCT
    vendredi 7 août 2009 20:43
  • Hi Mitch, Hi Kevin,

    i have 4 NICs on my edge:

    internal:  10.100.111.123

    access: 10.100.1.63

    webconf 10.100.1.64

    av:    1.2.3.6             2.IP:  10.100.1.62

    DNS internal end external return the external IP 1.2.3.6


    ASA show:

    access-list outside_access_in remark MSC OCS R2 Edge
    access-list outside_access_in extended permit tcp any host 1.2.3.4 object-group DM_INLINE_TCP_10 
    
    access-list outside_access_in remark MSC OCS R2 Edge
    access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_5 any host 1.2.3.6 
    
    access-list outside_access_in remark MSC OCS R2 Edge
    access-list outside_access_in extended permit ip any host 1.2.3.6 inactive 
    
    access-list outside_access_in remark MSC OCS R2 Edge
    access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_6 any host 1.2.3.8 
    
    access-list mail/proxy_access_in extended permit object-group DM_INLINE_SERVICE_2 host 10.100.1.61 host 192.168.1.236 
    
    access-list mail/proxy_access_in remark MSC OCS R2 Edge
    access-list mail/proxy_access_in extended permit object-group DM_INLINE_SERVICE_4 host 10.100.1.63 any 
    
    access-list mail/proxy_access_in remark MSC OCS R2 Edge
    access-list mail/proxy_access_in extended permit ip host 10.100.1.63 any 
    
    access-list mail/proxy_access_in remark MSC
    access-list mail/proxy_access_in extended permit udp host 10.100.1.62 any object-group DM_INLINE_UDP_1 
    
    access-list mail/proxy_access_in extended permit tcp host 10.100.1.64 any object-group DM_INLINE_TCP_12 
    
    access-list inside_access_in remark OCS Tests MSC
    access-list inside_access_in extended permit tcp host 192.168.1.236 host 10.10.111.123 object-group DM_INLINE_TCP_11 
    
    access-list Testnetzanbindung_access_in extended permit udp host 10.10.111.123 object-group DNS_Server eq domain
    
    access-list Testnetzanbindung_access_in remark MSC
    access-list Testnetzanbindung_access_in extended permit udp host 10.10.111.124 object-group DNS_Server eq domain 
    
    access-list Testnetzanbindung_access_in remark MSC
    access-list Testnetzanbindung_access_in extended permit tcp host 10.10.111.124 host 192.168.1.236 eq https 
    
    access-list Testnetzanbindung_access_in remark OK
    access-list Testnetzanbindung_access_in extended permit ip host 10.10.111.123 host 192.168.1.236 
    
    
    
    static (mail/proxy,INSIDE) 10.100.1.61 10.100.1.61 netmask 255.255.255.255 
    
    static (INSIDE,mail/proxy) 192.168.1.236 192.168.1.236 netmask 255.255.255.255 
    
    static (mail/proxy,outside) 1.2.3.6 10.100.1.62 netmask 255.255.255.255 
    static (mail/proxy,outside) 1.2.3.8 10.100.1.64 netmask 255.255.255.255 
    static (mail/proxy,outside) 1.2.3.4 10.100.1.63 netmask 255.255.255.255 
    
    
    access-group vpn-out_access_in in interface vpn-out
    access-group outside_access_in in interface outside
    access-group inside_access_in in interface INSIDE
    access-group mail/proxy_access_in in interface mail/proxy
    access-group dmz-ras_access_in in interface dmz-ras
    access-group ncc_access_in in interface ncc
    access-group Testnetzanbindung_access_in in interface Testnetzanbindung

    Hope that helps finding a solution.
    mardi 11 août 2009 13:32
  • Markus,

    What is the subnet mask bitlength on those networks?  I trust that 10.100.1.x and 1.100.111.x are separate networks?  Locating both Edge interfaces on the same subnetwork can cause all sorts of routing issues.


    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    mardi 11 août 2009 13:41
    Modérateur
  • Jeff,

    you are right that are seperate Networks:
    10.100.1.0 /24 and
    10.10.0.0 /16
    mercredi 12 août 2009 07:02
  • Solved with Microsoft Case.

    Some problems on the Firewall / Network
    • Marqué comme réponse Markus Sch mardi 1 septembre 2009 06:53
    mardi 1 septembre 2009 06:53
  • hi,

    how did u solve the issue ? i am also having same problem.

    thanks in advance.
    The patheless path...
    mercredi 9 décembre 2009 10:06