locked
A/V on LiveMeeting not possible

    問題

  • Hi,

    I have a problem with A/V through my EdgeServer.
    I have a OCS R2 Server and my Edge Server is in a Consolidated Edge Topology.

    My Live Meeting from external shows this Error:

    ---------------------------
    Voice and Video Error Information
    ---------------------------
    Your audio and/or video session was unexpectedly disconnected.
    Action required: Please rejoin audio and/or video.
    ---------------------------------------------------------------------------
    More details for technical support:
    ---------------------------------------------------------------------------
    Message Category: 2 (kNetworkError)
    Message Code: 8 (kMediaConnectivityFailure)
    Root Cause Error: 0x00000000
    Root Cause Eomponent: kNetwork
    Audio Input Device: Mikrofon (Cisco Microphone (USB Camera))
    Audio Output Device: Lautsprecher (Realtek High Definition Audio)
    Video Inout Device: Cisco VT Camera
    Audio Muted: Yes
    Media State: (47,2,2,2,0,0,Connected)
    AVMCU-URI: sip:<Pool-FQDN>:5063;transport=tls;ms-fe=<FE-FQDN>
    AVMCU Reachable: Yes
    ACP Reachable: No
    Diagnostic Information:


    On the Firewall (Cisco ASA) all needed Ports are open.
    The Check box "use NAT" on the A/V Edge interface is checked.
    All validations pass successful.

    I hope someone can help me ! If you need mor information let me know.

    Kind regards
    Markus

    • 已編輯 Markus Sch 2009年8月7日 上午 09:52
    2009年8月7日 上午 09:41

解答

  • Solved with Microsoft Case.

    Some problems on the Firewall / Network
    • 已標示為解答 Markus Sch 2009年9月1日 上午 06:53
    2009年9月1日 上午 06:53

所有回覆

  • Markus,

    Can you run the following commands on the ASA?  Also, what IOS are you running?

    Show access-list
    show run static
    show run nat
    show run access-group

    Also, how many NICs in use on your edge?  Can you run an IPConfig and show us those as well?

    Please change the public IP's if you don't want those seen on a public forum :-)

    -kp
    Kevin Peters MCSE/MCSA/MCTS/CCNA/Security+ blog: www.ocsguy.com
    2009年8月7日 下午 12:02
  • check your internal DNS this article explains the NAT piece and gives you the fix with DNS which may be needed depending on how things are configured read it carefully. I missed one step and spent a day cussing only to find I can't read apperently.

    https://blogs.pointbridge.com/Blogs/mcgillen_matt/Pages/Post.aspx?_ID=61

    Mitch Roberson |MCITP:Enterprise Server Admin, Messaging |MCTS:OCS with Voice Achievement |MCT
    2009年8月7日 下午 08:43
  • Hi Mitch, Hi Kevin,

    i have 4 NICs on my edge:

    internal:  10.100.111.123

    access: 10.100.1.63

    webconf 10.100.1.64

    av:    1.2.3.6             2.IP:  10.100.1.62

    DNS internal end external return the external IP 1.2.3.6


    ASA show:

    access-list outside_access_in remark MSC OCS R2 Edge
    access-list outside_access_in extended permit tcp any host 1.2.3.4 object-group DM_INLINE_TCP_10 
    
    access-list outside_access_in remark MSC OCS R2 Edge
    access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_5 any host 1.2.3.6 
    
    access-list outside_access_in remark MSC OCS R2 Edge
    access-list outside_access_in extended permit ip any host 1.2.3.6 inactive 
    
    access-list outside_access_in remark MSC OCS R2 Edge
    access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_6 any host 1.2.3.8 
    
    access-list mail/proxy_access_in extended permit object-group DM_INLINE_SERVICE_2 host 10.100.1.61 host 192.168.1.236 
    
    access-list mail/proxy_access_in remark MSC OCS R2 Edge
    access-list mail/proxy_access_in extended permit object-group DM_INLINE_SERVICE_4 host 10.100.1.63 any 
    
    access-list mail/proxy_access_in remark MSC OCS R2 Edge
    access-list mail/proxy_access_in extended permit ip host 10.100.1.63 any 
    
    access-list mail/proxy_access_in remark MSC
    access-list mail/proxy_access_in extended permit udp host 10.100.1.62 any object-group DM_INLINE_UDP_1 
    
    access-list mail/proxy_access_in extended permit tcp host 10.100.1.64 any object-group DM_INLINE_TCP_12 
    
    access-list inside_access_in remark OCS Tests MSC
    access-list inside_access_in extended permit tcp host 192.168.1.236 host 10.10.111.123 object-group DM_INLINE_TCP_11 
    
    access-list Testnetzanbindung_access_in extended permit udp host 10.10.111.123 object-group DNS_Server eq domain
    
    access-list Testnetzanbindung_access_in remark MSC
    access-list Testnetzanbindung_access_in extended permit udp host 10.10.111.124 object-group DNS_Server eq domain 
    
    access-list Testnetzanbindung_access_in remark MSC
    access-list Testnetzanbindung_access_in extended permit tcp host 10.10.111.124 host 192.168.1.236 eq https 
    
    access-list Testnetzanbindung_access_in remark OK
    access-list Testnetzanbindung_access_in extended permit ip host 10.10.111.123 host 192.168.1.236 
    
    
    
    static (mail/proxy,INSIDE) 10.100.1.61 10.100.1.61 netmask 255.255.255.255 
    
    static (INSIDE,mail/proxy) 192.168.1.236 192.168.1.236 netmask 255.255.255.255 
    
    static (mail/proxy,outside) 1.2.3.6 10.100.1.62 netmask 255.255.255.255 
    static (mail/proxy,outside) 1.2.3.8 10.100.1.64 netmask 255.255.255.255 
    static (mail/proxy,outside) 1.2.3.4 10.100.1.63 netmask 255.255.255.255 
    
    
    access-group vpn-out_access_in in interface vpn-out
    access-group outside_access_in in interface outside
    access-group inside_access_in in interface INSIDE
    access-group mail/proxy_access_in in interface mail/proxy
    access-group dmz-ras_access_in in interface dmz-ras
    access-group ncc_access_in in interface ncc
    access-group Testnetzanbindung_access_in in interface Testnetzanbindung

    Hope that helps finding a solution.
    2009年8月11日 下午 01:32
  • Markus,

    What is the subnet mask bitlength on those networks?  I trust that 10.100.1.x and 1.100.111.x are separate networks?  Locating both Edge interfaces on the same subnetwork can cause all sorts of routing issues.


    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    2009年8月11日 下午 01:41
  • Jeff,

    you are right that are seperate Networks:
    10.100.1.0 /24 and
    10.10.0.0 /16
    2009年8月12日 上午 07:02
  • Solved with Microsoft Case.

    Some problems on the Firewall / Network
    • 已標示為解答 Markus Sch 2009年9月1日 上午 06:53
    2009年9月1日 上午 06:53
  • hi,

    how did u solve the issue ? i am also having same problem.

    thanks in advance.
    The patheless path...
    2009年12月9日 上午 10:06