locked
OCS Edge Server - Communicator voice call not working from Outsdie: 0xC3FC200D RRS feed

  • Question

  • Dear sir,

    Outside Pc-communicator-- -- Router/External DNS-------------- Edgeserver--- switch--- Front end server,   DC-Internal DNS,    EXchange,InsidePCCommunicator.
    192.168.156.1----  ----------192.168.156.4/192.168.155.6-----192.168.152.26----------192.168.152.23,      192.168.152.21

    edge server details
    LAN 1 = 192.168.152.26 ,no  Gateway , Dns =192.168.152.1 (internal dns server)
    Access edge = 192.168.155.1 , gateway = 192.168.155.6  , dns = 192.168.155.6
    Web confrence= 192.168.155.2, no gateway , dns = 192.168.155.6
    A/v = 192.168.155.3, no gateway , dns = 192.168.155.6

    from outsdie office communicator i can logon and  i can do chat and presence. but i can not able to establish voice call .  from outside when i call it is ringing but once i pick up call after few seconds it says call was disconnected .

    In outside pc communicator -event log -  event id : 11 source - communicator -  " MS-CLIENT-diagnositcs: 52031; reason="Call terminated on media connectivity failure "

    In front end server- when i run the validation- i get error message like [0xC3FC200D] One or more errors were detected

    Connecting to A/V Authentication Edge Server to get credentials    A/V Authentication Edge Server: Could not contact A/V Authentication Edge Server.
    To resolve this error, check for the following
    1. The outbound proxy is reachable.
    2. The outbound proxy and A/V Authentication Edge Server are in trusted server list of each other.
    3. The outbound proxy and A/V Authentication Edge Server have valid certificates.
    4. Conference Server certificate is valid.
    5. A/V Authentication Edge Server Gruu is correct.
       Failure
    [0xC3FC200D] One or more errors were detected 

    front end server configuration:
    In front end server - pool properties - av authentication servvice - edgeser (edge server computer name);  port = 5062 .  Encryption level : do no support encryption.

    Please let me know how to solve this issue.
    Tuesday, October 27, 2009 1:42 PM

All replies

  • Dear Thorsten and Jeff and sick. - can you please help me in this one
    Tuesday, October 27, 2009 1:43 PM
  • Hi,

    you are back :-)

    Ok, can you provide sipstack and S4 trace of your edge and maybe of  your internal ocs.

    Bye
    ThorstenWujek
    Tuesday, October 27, 2009 1:51 PM
  • hi thorsten s4 and sip staack is too big so, i am going to pase only failure log.   feroz  (outside pc)    is calling to   ft   ( inside user), regarding ip address please look in to above table

    Edge server log
    Instance-Id: 0000013D
    Direction: incoming
    Peer: 192.168.152.32:50645
    Message-Type: request
    Start-Line: BYE sip:feroz@ocsr2.kin.com;opaque=user:epid:yCrBIQwqXFm4CkroJ47s5gAA;gruu SIP/2.0
    From: "" <sip:ft@ocsr2.kin.com>;epid=5eddad59cc;tag=b95ca6458e
    To: "feroz s"<sip:feroz@ocsr2.kin.com>;tag=d03d0e18a3;epid=3d01bf72c0
    CSeq: 1 BYE
    Call-ID: 03c7fd4d480e444591e6dfe00d5e6b76
    Via: SIP/2.0/TLS 192.168.152.32:50645
    Max-Forwards: 70
    Route: <sip:fesrv.ocsr2.kin.com:5061;transport=tls;opaque=state:T:F:Ci.R500;lr;ms-route-sig=aaBbDcrrC8Bmk-5U9A3JuYXIqzqzT0wJnhz83jLAAA>;tag=F7B437342790B28BB058F5A48D59CDBA
    User-Agent: CPE/3.5.6907.35 OCPhone/3.5.6907.35 (Office Communicator Phone 2007 R2)
    Supported: ms-dialog-route-set-update
    Ms-client-diagnostics: 52031; reason="Call terminated on media connectivity failure"
    Proxy-Authorization: Kerberos qop="auth", realm="SIP Communications Service", opaque="58389F9C", targetname="sip/fesrv.ocsr2.kin.com", crand="a9e48d35", cnum="27", response="602306092a864886f71201020201011100ffffffffc47fa4dcb5972a908c5319d88e32bf65"
    Content-Length: 0
    Message-Body: –
    $$end_record

    Front end Server log:
    Instance-Id: 0000013D
    Direction: incoming
    Peer: 192.168.152.32:50645
    Message-Type: request
    Start-Line: BYE sip:feroz@ocsr2.kin.com;opaque=user:epid:yCrBIQwqXFm4CkroJ47s5gAA;gruu SIP/2.0
    From: "" <sip:ft@ocsr2.kin.com>;epid=5eddad59cc;tag=b95ca6458e
    To: "feroz s"<sip:feroz@ocsr2.kin.com>;tag=d03d0e18a3;epid=3d01bf72c0
    CSeq: 1 BYE
    Call-ID: 03c7fd4d480e444591e6dfe00d5e6b76
    Via: SIP/2.0/TLS 192.168.152.32:50645
    Max-Forwards: 70
    Route: <sip:fesrv.ocsr2.kin.com:5061;transport=tls;opaque=state:T:F:Ci.R500;lr;ms-route-sig=aaBbDcrrC8Bmk-5U9A3JuYXIqzqzT0wJnhz83jLAAA>;tag=F7B437342790B28BB058F5A48D59CDBA
    User-Agent: CPE/3.5.6907.35 OCPhone/3.5.6907.35 (Office Communicator Phone 2007 R2)
    Supported: ms-dialog-route-set-update
    Ms-client-diagnostics: 52031; reason="Call terminated on media connectivity failure"
    Proxy-Authorization: Kerberos qop="auth", realm="SIP Communications Service", opaque="58389F9C", targetname="sip/fesrv.ocsr2.kin.com", crand="a9e48d35", cnum="27", response="602306092a864886f71201020201011100ffffffffc47fa4dcb5972a908c5319d88e32bf65"
    Content-Length: 0
    Message-Body: –
    $$end_record
    Tuesday, October 27, 2009 2:02 PM
  • The edge Server is added in work group. so the FQDN for internal interface is : edgesrv.  i have generated certificate with this name only.
    edge server internal interface settings

     IP Address: 192.168.152.26
     DNS Name: edgesrv
     Next Hop Address: fesrv.ocsr2.kin.com
     Next Hop Port: 5061

     TLS Certificate Information: 
             Certificate Authority: dc1
             Subject: edgesrv
             Subject Alternate Name: edgesrv
             Creation Date: 10/27/2009
             Expiration Date: 10/27/2011

     User Authentication Certificate Information: 
             Certificate Authority: dc1
             Subject: edgesrv
             Subject Alternate Name: edgesrv
             Creation Date: 10/27/2009
             Expiration Date: 10/27/2011

    Role: Port:
     Access 5061
     Web Conferencing 8057
     A/V TCP 443
     A/V User Authentication 5062



    Tuesday, October 27, 2009 2:07 PM
  • Check if both external and internal ports are open TCP/UDP
     See edgeserver deployment guide http://www.microsoft.com/Downloads/details.aspx?FamilyID=ed45b74e-00c4-40d2-abee-216ce50f5ad2&displaylang=en


    ThorstenWujek
    Tuesday, October 27, 2009 2:22 PM
  • this is the lab envoirenment so, i have open all ports and i do not have a firewall , only router i have which does routing  to connect external client to access edge server. i have a question is why do we need to connect av edge server to internet, because in outside pc communicator we just configure access edge server FQDN name: sip.ocsr2.kin.com:443,  how MOC  will contact av server. ? please explain ?
    Tuesday, October 27, 2009 2:29 PM
  • Dear all . now it is working there is some problem with  subject name while creating the certificate. i will explain in details tomorrow.. Now i need to implement in live enivorenement.
    Tuesday, October 27, 2009 5:24 PM
  • hi all it was a problem with A/V edge server authentication issue. for that i have specified the certificate with the name of av.ocsr2.kin.com, this is wrong.. then i changed to edgesrv.ocsr2.kin.com  (because this internal a/v edge server and for external a/v edge server interface we do not need a certificate.)
    Wednesday, October 28, 2009 10:36 AM
  • Dear Thorston  and jeff

    I need some help , can you help me please. the problem is  I am going to map my Access edge server and a/v edge server with one public ip address  like:


    (192.168.155.1 )access edge server : 443  ----   200.10.10.1  : 1253  |  dns mapping will be = sip.ocsr2.kin.com = 200.10.10.1  |outside pc communicator = sip.ocsr2.kin.com:1253

    (192.168.155.3) a/v edge server :445 -------      200.10.10.1 : 1254  |  dns maping will be  =  av.ocsr2.kin.com  = 200.10.10.1 

    in the above table  due to the security reasons i have not mention the actual domain name and the PUBLIC IP Address and this setup  i am doing in the test lab and i have only one public ip address  and i am mapping with different port numbers .

    Please let me know whether it works or not ?



    Wednesday, October 28, 2009 10:46 AM