locked
Public MSN connectivity RRS feed

  • Question

  • I have a subscription to Public IM connectivity.

     

    However, I'm unable to see presence info for MSN accounts (and visa versa).

    My Edge server gives me this:

     

    Received a failure SIP response: User sip:martin@hotmail.com @ Server ocs.domain.local
    Received a failure SIP response:
    [
    SIP/2.0 404 Not Found
    FROM: "ZZWilliams, Mark"<sip:zzwilliams@evd.nl>;tag=a9e82376e2acabde630;epid=epid11
    TO: <sip:martin@hotmail.com>;tag=78425D3CD16E622413D39539CC859399
    CSEQ: 12 INVITE
    CALL-ID: c92570a348c14ce0b16b8141fdc0c7b1
    VIA: SIP/2.0/TLS 172.16.1.126:1133;branch=z9hG4bK4915b9e;ms-received-port=1133;ms-received-cid=7D00
    CONTENT-LENGTH: 0
    AUTHENTICATION-INFO: NTLM rspauth="0100000000000000F7E94C7C0032815A", srand="5B4DD88B", snum="13", opaque="454940C2", qop="auth", targetname="OCS.DOMAIN.LOCAL", realm="SIP Communications Service"
    ms-edge-proxy-message-trust: ms-source-type=EdgeProxyGenerated;ms-ep-fqdn=ocsedge.domain.local;ms-source-verified-user=verified;ms-source-network=federation
    ms-diagnostics: 1008;reason="Unable to resolve DNS SRV record";source="ocs.evd.nl"

    ]

    I'm pretty sure I have registered my public dns records correctly. Please advise.
    Monday, July 2, 2007 2:53 PM

Answers

  • Hello Martijn,

     

    when the provisioning has finished correctly you should receive an email stating that everything has been done.

    I suppose you received this email ?

     

    Regards

     

    Athanasios

     

    Friday, July 13, 2007 10:59 AM

All replies

  • Hello Martijn,

     

    as far as I can verify your published records there is only the A Recrd reachable ( ocs.evd.nl ). In order to get Public IM working you also need the following SRV Record:

     

    An external SRV record for all Access Edge Servers that points to _sipfederationtls._tcp.<domain>, over port 5061 (where <domain> is the name of the SIP domain of your organization). This SRV should point to an A record with the FQDN of the Access Edge Server. If you have multiple SIP domains, you need a DNS SRV record for each. This is required only if enabling enhanced federation or public IM connectivity.

     

    Would you please publish ( _sipfederationtls._tcp.evd.nl ) that too and verify if it works then.

     

     

    Regards

     

    Athanasios

     

    Monday, July 2, 2007 4:16 PM
  • Hi Athanasios,

     

    thanks for your reply.

    The SRV record(s) ARE registered.

     

    Searching for _sipfederationtls._tcp.evd.nl SRV record at k.root-servers.net [193.0.14.129]: Got referral to b.nic.fr. (zone: nl.) [took 128 ms]
    Searching for _sipfederationtls._tcp.evd.nl SRV record at b.nic.fr. [192.93.0.4]: Got referral to ns.nl.net. (zone: evd.nl.) [took 129 ms]
    Searching for _sipfederationtls._tcp.evd.nl SRV record at ns.nl.net. [193.78.240.1]: Reports ocs.evd.nl. [took 115 ms] Response:

    Port 5061, priority 10, weight 0, hostname: ocs.evd.nl

     

    Must be something else. Please advise.

     

    Kind regards,

    Martijn Haverhoek

    Tuesday, July 3, 2007 8:06 AM
  • Besides, when I try another public MSN address to verify with I get these results on the Edge server:

     

    Received a failure SIP response: User sip:cmulder@live.nl @ Server ocs.domain.local
    Received a failure SIP response: [
    SIP/2.0 408 Request Timeout
    FROM: "ZZWilliams, Mark"<sip:zzwilliams@evd.nl>;tag=602b82b62650bfeede;epid=epid11
    TO: <sip:cmulder@live.nl>;tag=ED3297F86AF0C568A2E6ADAC571B2C2A
    CSEQ: 12 INVITE
    CALL-ID: cee33181047d4963adce6d7eb159ff3c
    VIA: SIP/2.0/TLS 172.16.1.126:1083;branch=z9hG4bK4e12627a;ms-received-port=1083;ms-received-cid=D900
    CONTENT-LENGTH: 0
    AUTHENTICATION-INFO: NTLM rspauth="0100000000000000E458C10A6E490024", srand="3FF6C807", snum="13", opaque="D7789858", qop="auth", targetname="ocs.domain.local", realm="SIP Communications Service"
    ms-edge-proxy-message-trust: ms-source-type=EdgeProxyGenerated;ms-ep-fqdn=ocsedge.domain.local;ms-source-verified-user=verified;ms-source-network=federation
    ms-diagnostics: 2;reason="Unknown Failure";source="ocs.evd.nl";AppUri="
    http://www.microsoft.com/LCS/IIMFilter"

    ]

    Any help would be appreciated.
    Tuesday, July 3, 2007 9:22 AM
  • Hello Martijn,

     

    yesterday I was not able to resolve the SRV Record, now I am ( strange ) but anyway I did some basic checks.

    The ocs.evd.nl server is reachable and I was also succesfully able to telnet to TCP port 5061.

    The error message above indicates a server timeout so there is possibly an issue with the connection to the outside.

     

    Please verify:

     

    - Please flush your dns cache on your edgeserver with ipconfig /flushdns

    - Verify your outbound rules of the firewall if they allow outbound connections for port 5061

    - Are you able to ping from your Edge Proxy the ip and FQDN of the MSN Access Proxy ?

    IP : 65.54.227.249 , FQDN: federation.messenger.msn.com

     

    - Can you connect with telnet ip and or FQDN of the MSN Access Proxy to port 5061 ?

    - Rerun the validation wizard with your hotmail user and provide the entire validation log.

    - Provide ( if possible ) your email address so I can get in contact with you

     

    Regards

     

    Athanasios

     

    Tuesday, July 3, 2007 10:39 AM
  • Hi Athanasios,

     

    I successfully executed the steps you proposed. Flushed DNS, I can successfully resolve and telnet to federation.messenger.msn.com on port 5061 from the Edge.

     

    I have the entire validation log here. If you drop me a line on haverhoek <at> evd.nl I will send you the log.

     

    Thanks a lot for your help.

    Wednesday, July 4, 2007 10:06 AM
  • Hello Martijn,

     

    thanks for the information. I already sent you a mail.

    Let`s check what the log tells us.

     

     

    Regards

     

    Athanasios

     

    Wednesday, July 4, 2007 12:05 PM
  • Hello Martijn,

     

    sorry for the delayed response. I had a look into your Validation log.

     

    We do not receive the SRV Error anymore but a timeout (SIP/2.0 408 Request Timeout ).

    The edgeserver can reach the MSN AP based upon your screenshot .

     

    IPHOST ( Federation.messenger.msn.com )

    IPHost = federation.messenger.msn.com

    Port = 5061

    Server appears to be running on port(s) [5061]

     

    - Federation is enabled

    - Remote users are allowed

     

    This seems to me that TCP/IP connection is working but maybe the OCS environment is not prepared for external access so the packets may arrive at the internal OCS server but are not processed.

     

    My questions here:

    - What certificate do you use for the external Edge server interface ? ( it should be a public one )

    - Do you use a director in your environment or does the Edge Proxy connect directly to your internal servers / pool ?

     

    No matter if you use a director or not :

     

    - Is the internal OCS server prepared for external user access as described in the Edge Proxy Documentation ( page 80  ) ?

    --> In case not please do so !

     

     

    Regards

     

    Athanasios

     

     

     

     

    Monday, July 9, 2007 11:52 AM
  • Hi Athanasios,

     

    The external interface of my OCS edge server is configured with a public SSL certificate, signed by Globalsign.

    (http://secure.globalsign.net/phoenixng/services.cfm?id=1413967734&reset=yes and find certificate for ocs.evd.nl)

     

    I'm not using a director in my environment and my internal OCS pool server is configured for external user access (I used the option "Route directly to and from internal pools and servers" )

     

    Furthermore, when I disable all application filters on both the Edge server and the internal OCS pool server and do another validation of my Edge server, I get the following log:

    Maximum hops: 2
    Check two-party IM: Discovered a new SIP server in the path.
    Maximum hops: 3
    Outgoing SIP Transaction timed out: Method INVITE Remote Uri sip:wendydussja@hotmail.com Server orion.evd2006.lokaal
    Suggested Resolution: Dialog establishment timed out.
    This could happen if trust relationship is not properly configured in any
    intermediate server, causing the server to drop the request.
    Check the internal server to access edge server connectivity (via the
    global and local federation routes) and then check the
    connectivity between access edge server(s). Use the hop count to determine the server to investigate.

     

    The only thing I can come up with now is that the activation of the PIC service was not done properly at the MSN side. I spoke to a Solution Specialist Unified Communications from Microsoft NL and if MSN connectivity is not working before this friday he will make some phonecalls.

     

    I'll keep you posted. Thanks for all your help so far.

     

    Kind regards,

    Martijn Haverhoek

    Wednesday, July 11, 2007 1:59 PM
  • Hello Martijn,

     

    when the provisioning has finished correctly you should receive an email stating that everything has been done.

    I suppose you received this email ?

     

    Regards

     

    Athanasios

     

    Friday, July 13, 2007 10:59 AM
  • I have not seen this email, but the status of the subscription is Active (as I can see on the MVLS site).

     

    Regards,

    Martijn

    Friday, July 20, 2007 11:51 AM
  • Hello Martijn,

     

    Did you get in contact with the MSN guys to check if everything is working as expected ?

     

     

    Regards

     

    Athanasios

     

    Friday, July 20, 2007 3:43 PM
  • I think I know what has happened. On the PIC provisioning page (on MVLS site) I had to fill in the Access Proxy FQDN and the Primary SIP Domain name. I screwed up by filling in the FQDN of our reverse proxy (ISA) instead of the FQDN of our Access Edge (OCS) server.

    I changed it, but it takes another 4 weeks for the changes to be applied :-(

     

     

     

    Friday, August 3, 2007 9:01 AM