locked
Audio and Video don't work RRS feed

All replies

  • This is normal behaviour, clients allways try to connect directly with peers and if that does not work then the EDGE is used

     

    First of all you should check your settings with the EDGE Planning tool

    http://www.microsoft.com/downloads/details.aspx?FamilyID=149e5dd5-eaae-46b6-afba-01c31e88a275&displaylang=en

    Verify IP Addresses, Firewall Rules, Certificates and DNS settings

    Monday, October 27, 2008 3:44 PM
  • Hello,

     

    I have answered all planning tool questions and it's the same answers that i have put in the edge server configuration...

    exept that i do not use reverse proxy (i want just use video audio and im)

     

     

    Tuesday, October 28, 2008 8:31 AM
  • You have a configuration that is not supported

     

    OCS on DC is not supported

    You also have your Access EDGE configured on port 5061 which is required for federation it defaults to port 443

    It seems that you have configured your EDGE server with one public IP? You have configured none standard ports for the EDGE server

     

    Can you confirm this is what you have configured?

    Wednesday, October 29, 2008 12:07 AM
  • Yes i have installed Active Directory and OCS on the same server, it's not supported just for external A/V connections or for internal use too ? (because on internal use, all work)

    And Yes, i have only 2 NIC card in my Edge server, and the port.. yes access Edge role is on 5061 with the same IP thant the A/V Edge role that is on port 443

    (in the edge installation Wizard  I had not changed the ports, I just put the A / V on a port other than Access role)

    SO i must try to  put Access edge on 443 and the A/V ??

    thank's

    Wednesday, October 29, 2008 6:56 AM
  • The best way to go is to configure the External NIC with 3 public IP Addresses and use standard port (443) for all EDGE Roles but on different IPs

     

    If you use only one IP you should set the Access EDGE on port 443 and choose a different port for the other roles

     

    Wednesday, October 29, 2008 9:29 PM
  • Okay... so in TCP/conf of my external NIC card -> advanced  I have put 2 public IP

    in the Edge configurator i have now:

    Acces Edge : 129xxxxx108         edge-nic.exchange.com  5061 (deferation)      certicifate assigned to edge-nic.ex..com
                                                                                          443(remote)


    A/V             :129........107         av-edge.exchange.com     443                          certificate (no required)



    In the OCS server for the internal A/V authentification  --> internal fqn of my edge on port 5062
    (the validation of the AV role on the OCS is OK)


    But... when i ma trying to connect from a external client, in the config:

    external edge server = edge-nic.exchange.com:443 --> failed login (server is tempo.. unvailable)

    external edge server = edge-nic.exchange.com:5061  --> work but only IM no A/V

    external edge server= edge-av.exchange.com:443 ---> failed login (server is tempo.. unvailable)


    Sad




    EDIT: If i start a Wireshark capture on the external client, when i make a CALL, the client try to contact the private ip of the internal user.. and NEXT He try on the 129.....107 (public ip of the Avedge)

    But alawys no video... (just ringing)

    42.xx.xx.xxx to 129.....107    TCP    34176 > https [SYN] Seq=0 Win=16384 Len=0 MSS=1460 WS=2
    129....107   to
    42.xx.xx.xxx    TCP    https > 34176 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1460 WS=0
    42.xx.xx.xxx to 129.....107    TCP    34176 > https [ACK] Seq=1 Ack=1 Win=16384 Len=0
    42.xx.xx.xxx to 129.....107    TLSv1    Client Hello
    129....107   to 42.xx.xx.xxx     TLSv1    Server Hello[Malformed Packet]
    42.xx.xx.xxx to 129.....107    TLSv1    Ignored Unknown Record
    42.xx.xx.xxx  to 10.10.2.8    STUN    Message: Binding Request
    42.xx.xx.xxx  to 10.10.2.8    STUN    Message: Binding Request
    42.xx.xx.xxx  to 10.10.2.8    STUN    Message: Binding Request
    42.xx.xx.xxx  to 129......107    STUN    Message: Send request
    42.xx.xx.xxx  to 129......107    STUN    Message: Send request
    42.xx.xx.xxx  to 10.10.2.8    STUN    Message: Binding Request
    42.xx.xx.xxx  to 10.10.2.8    STUN    Message: Binding Request
    42.xx.xx.xxx  to 10.10.2.8    STUN    Message: Binding Request
    ....
    ....
    no response (because i havent stun server..)
    Thursday, October 30, 2008 9:38 AM
  • You must configure the AV Authentication Service with a certificate that has the AV EDGE Public FQDN name in the cert

    Not the internal name and it can be an internal cert (preferred)

     

    Friday, October 31, 2008 12:49 AM
  • Okay, so I have created a new certificate request (create request but send later) delivred for edge-av.exchange.com (exactly the same certificate as the Access edge but delivred for edge-av...) saved in a .txt file

    Next I have send this txt to my own AC and created a .crt that i have installed and assigne to the A/V Authentification service..
    (exactly the same way as Access role..)

    I have restared all the served edge

    (i have followed the step from ocspedia.com.. (exelent website)

    I have signIn with my external client (--> edge-nic.exchange.com:443).... I'am login-in..

    I try to make a call to a internal client...

    Same... error.. It ring.. He answer.. and next 4-5 seconds it's disconnect "The call was disconnected because Communicator stopped receiving audio from ‎Kevin Cook‎. Please try the call again."

    Wireshark (better now)


    42.xx.xx.xxx to 129.....107    TCP    34176 > https [SYN] Seq=0 Win=16384 Len=0 MSS=1460 WS=2
    129....107   to
    42.xx.xx.xxx    TCP    https > 34176 [SYN, ACK] Seq=0 Ack=1 Win=16384 Len=0 MSS=1460 WS=0
    42.xx.xx.xxx to 129.....107    TCP    34176 > https [ACK] Seq=1 Ack=1 Win=16384 Len=0
    42.xx.xx.xxx to 129.....107    TLSv1    Client Hello
    129....107   to 42.xx.xx.xxx     TLSv1    Server Hello, Server Hello Done

    42.xx.xx.xxx to 129.....107    TLSv1    Ignored Unknown Record
    42.xx.xx.xxx  to 10.10.2.8    STUN    Message: Binding Request
    42.xx.xx.xxx  to 10.10.2.8    STUN    Message: Binding Request
    42.xx.xx.xxx  to 10.10.2.8    STUN    Message: Binding Request
    42.xx.xx.xxx  to 129......107    STUN    Message: Send request
    42.xx.xx.xxx  to 129......107    STUN    Message: Send request
    42.xx.xx.xxx  to 10.10.2.8    STUN    Message: Binding Request
    42.xx.xx.xxx  to 10.10.2.8    STUN    Message: Binding Request
    42.xx.xx.xxx  to 10.10.2.8    STUN    Message: Binding Request

    42.xx.xx.xxx to 129.....107    TCP    61952 > https [ACK] Seq=305 Ack=355 Win=16028 Len=0
    ...
    ...



    EDIT:
    I have tested to start a call between TWO EXTRENAL clients.. and it's WORK !?! !? (note : the 2 clients are not on the same external network)
    the communications is make using the EDGe and not directly with the 2 clients...

    thank's for your help !!
    Friday, October 31, 2008 8:25 AM
  • Ok, I have tried some tricks.

    Like to put the Edge on the "Authorized Host" (in the front end server)

    or set NTLM authentification instead NTLM + kerberos

    But always don't work...

    Why it work between 2 external client and not with One internal <--> external ???

    thank''s
    Monday, November 3, 2008 8:00 AM
  •  Frantch wrote:

    I have tested to start a call between TWO EXTRENAL clients.. and it's WORK !?! !? (note : the 2 clients are not on the same external network)
    the communications is make using the EDGe and not directly with the 2 clients...

     

    That statement could be a clue.  The failing external-internal communication scenario could potentiall be related to routing issues across your Edge server.  Depending on how the Edge server is deployed, what type of perimeter network, IP subnets, etc you might having an incorrect routing table configured.

    Monday, November 3, 2008 2:40 PM
    Moderator
  • I have noted a stange things, when i start a WireShark analyse on the EDGE server, He receive the packets from 129xx.xx.xx123 and not from the IP that i am laucning Office Communicator.... (public ip of the external communicator is 195.....)

    It's possible that is the probleme?? (so why with the external <---> external it work ??)


    How i can find where is the problem ?


    Wednesday, November 5, 2008 7:41 AM
  • definitively don't work Sad
    Sunday, November 9, 2008 6:45 PM
  • In my case it helped to have 2 default gateways on the edge server, one on the a/v nic and one on the combined access/webconf nic (wihich is natted). In addition I have deactivated dead gateway detection through registry.

     

    Very strange but it only works that way here.

     

    Johann

     

    Monday, November 10, 2008 2:38 PM
  •  jwdberlin wrote:

    In my case it helped to have 2 default gateways on the edge server, one on the a/v nic and one on the combined access/webconf nic (wihich is natted). In addition I have deactivated dead gateway detection through registry.

     

    Very strange but it only works that way here.

     

    Johann

     




    I got the symptoms like you, a huge amount of STUN packets are trying to send "Binding Request". I'm wondering is it either one host can't retrieve the external IP during A/V.
    However, I don't understand why and how it is working when you got 2 default gateways. Could you please describe more?
    Thursday, November 13, 2008 2:50 AM

  • have noted a stange things, when i start a WireShark analyse on the EDGE server, He receive the packets from 129xx.xx.xx123 and not from the IP that i am laucning Office Communicator.... (public ip of the external communicator is 195.....)


    I receive paquet from an other IP because i am behind a proxy. So It does not break problem no? this is supported by the A / V edge proxy ?

    otherwise i can test the double getway. but i don't know how Tongue Tied
    Friday, November 14, 2008 7:27 AM
  • in a similar situation (1 to 1 calls from external to internal), has someone seen a strange behaviour where the internal client tries "binding requests" to the EXTERNAL IP of A/V edge instead of internal?

    from my perspective, the internal client should go for the internal IP address of the A/V edge, not internal. And resolution is working fine. where does the internal MOC get the route from? who/what informs it about the route where to lookup and bind the external client?

    thank you so much,

     

    D

    Tuesday, February 10, 2009 8:08 PM