Answered by:
A/V fails when connect from internet

Question
-
Hi, All
I have OCS on one server and OCS Edge on another (both R2). Internally all (IM, audio video, Web conferencing) works fine. All validation wizards reports no errors (for both OCS and OCS Edge).
From internet I can connect to IM and talk to anyone (including IM conference). Also I can start LM and share content. But when I try start AV from Internet to anyone on internal network it fails after several seconds. (The same behaviour in LM).
I've discovered, that trace from OCS Edge to my internet computer goes thru 192.168.x.x networks. (This hosts are on provider's net. I cannont control this routing). But OCS Edge has public IP which I can ping from anywhere on internet.
The trace looks like
1 <1 мс <1 мс <1 мс 80.x.x.x (public IP)
2 <1 мс <1 мс <1 мс 10.100.0.1
3 1 ms 1 ms 1 ms 10.170.4.1
4 627 ms 617 ms 628 ms 192.168.170.5
5 632 ms 636 ms 617 ms 192.168.170.1
6 649 ms 589 ms 679 ms 192.168.180.51
7 621 ms 612 ms 620 ms 80.72.x.x (again public IP)
8 637 ms 617 ms 619 ms 195.x.x.x
... (all other hops on public IP)
AV connects from internet successfully when I set public IP on my internet PC. Issue, I described ealier, appears only when I try to connect to AV conf from NATed PC.
My question is, if this behaviour by design (or by OCS protocols design) or bug.
Thank you!Thursday, August 13, 2009 12:54 AM
Answers
-
Fedor,
Because it's failing when you swtich to using NAT for the A/V Edge roles, make sure that (1) you have marked the NAT checkbox in the Edge configuration, and (2) have configuration DNS resolution so that the Edge server itself will resolve the Public IP address for the AV Edge FQDN and not the local private IP used on the external interface for that same role. If the Edge server resolves the NAT'd address instead of the public address it will pass the wrong IP out to the external client, causing connections to fail.
Take a look at this blog article for mre details: http://blogs.pointbridge.com/Blogs/mcgillen_matt/Pages/Post.aspx?_ID=61
Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS- Proposed as answer by Gavin-ZhangModerator Wednesday, August 19, 2009 7:46 AM
- Marked as answer by Gavin-ZhangModerator Friday, August 21, 2009 6:28 AM
Monday, August 17, 2009 1:21 PMModerator
All replies
-
It definately sounds like a 'NAT' issue and the internal non-routable pings 2-6 are interesting. If I understand you correctly you are saying that your internal IP address is 192.168.x.x with your Internet external hop being an 80.x.x.x (public IP) but then the provider routes it back through a private IP range? If so, that is very odd indeed. The RFC does require the addresses to be publicly routable and if they are not, voice will fail. Does video and app sharing produce the same results?
Brian Ricks, MCSE, MVP BriComp Computers, LLC http://blogs.bricomp.com/blogs/uc/default.aspxMonday, August 17, 2009 11:27 AM -
Fedor,
Because it's failing when you swtich to using NAT for the A/V Edge roles, make sure that (1) you have marked the NAT checkbox in the Edge configuration, and (2) have configuration DNS resolution so that the Edge server itself will resolve the Public IP address for the AV Edge FQDN and not the local private IP used on the external interface for that same role. If the Edge server resolves the NAT'd address instead of the public address it will pass the wrong IP out to the external client, causing connections to fail.
Take a look at this blog article for mre details: http://blogs.pointbridge.com/Blogs/mcgillen_matt/Pages/Post.aspx?_ID=61
Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS- Proposed as answer by Gavin-ZhangModerator Wednesday, August 19, 2009 7:46 AM
- Marked as answer by Gavin-ZhangModerator Friday, August 21, 2009 6:28 AM
Monday, August 17, 2009 1:21 PMModerator