locked
Listening port RRS feed

  • Question

  •  

    Hi, all!

     

    I have deployed Office Communications Server 2007 in my environment, with an internal server and an Access Edge Server. My internal users are all working fine, but when they try to access the Edge Server from outside our network they´re experiencing some problems.

    The instant messaging service works fines, but when a client tries to make an audio call to another user, the destination receives the call and then, when he tries to answer, the connection is interrupted.

    I inspected the firewall log and find that when a client tries to answer an audio call, the caller tries to establish a connection to TCP port 5061, the default SIP port. I have configured the Access Edge Server to listen on TCP port 443 and only this port is allowed on the firewall. I also configured the external server address in the external client with the address "edgeserver.mydomain.com:443", to force it to connect in the SSL port, but it still tries to connect the audio on TCP 5061. Does someone know why the client always tries to connect in that port? Is there a way to change this behavior? Thanks in advance!

     

     

     

    Eder

     

    Friday, November 21, 2008 1:45 PM

All replies

  • Do you have a publicly-routable IP address assigned directly to the A/V Edge interface (not a private, NAT'd IP address)?

     

    Friday, November 21, 2008 2:20 PM
    Moderator
  • I have three different IP addresses: one for for the Access Edge Server service, one for the Web Conferencing Edge Server service, both NAT based and a third one, public-routable, for the A/V Edge server service.

     

     

    Friday, November 21, 2008 3:44 PM
  •  

    Just remember your internal interface of your Access Edge Server listens on TCP 5061.  Make sure that port is open.

     

    --geoff

    Tuesday, November 25, 2008 1:35 AM
  • Geoff, I don’t understand what you said. I have to open port 5061 to the whole Internet in my internal interface? This interface is not published.

     

     The Edge Server has two interfaces, one in my internal network and another in my DMZ. The DMZ interface has three IP Addresses, two using NAT and the other with a publicly routable address. I have no firewalls between the internal Communications Server and the internal Interface of the communications Edge Server.

     

    Also I don’t think that’s practical to work with ports like 5061, because it’s blocked in almost all secured network and I want to use it to communicate with clients in the future. The Microsoft service "Live Communications Server", that we can pay for and use, works only in port 443.

     

    Can you give me some advice in how to make an external machine communicate with an internal one with audio?

     

     

    Eder

     

    Tuesday, November 25, 2008 11:03 AM
  • Windows Server doesn't support having IP addresses from different subnetworks on the same physical adapter.  Take a look at the supported scenarios in this blog if you are using both Private and Public IP addresses on external interfaces:

     

    http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=33

    Tuesday, November 25, 2008 5:30 PM
    Moderator
  •  

    Eder,

     

    In your original post you mention it is trying to communication on 5061. On the Edge the internal interface listens on 5061.  The AV Auth MRAS should be using 5062.  But in any event can you post any logs or describe your configuration in more detail. 

     

    It was mentioned that you can not put multiple IP's on the same NIC - which is true.  So you need to get a 3rd NIC to support or AV interface.  Or just put the public ip on the DMZ interace and use that for all 3 roles.

     

    --geoff

    Wednesday, November 26, 2008 12:35 AM
  • Geoff, I just wanted to clear up part of your statement.  It's not that you can't have multiple IP addresses on the same NIC, as that is supported, they just have to be in the same subnetwork. Clearly two addresses from a private, NAT'd range and a third from a publicly routable range would not be supported on the same interface.  And this is a Windows Server requirement, it's nothing to do with OCS inherently.

    Wednesday, November 26, 2008 2:30 PM
    Moderator
  • Your right - mis typed.  Should have just copied your lines from above.  Thanks for making that clear for anyone else who runs accross this.

     

    --geoff

    Wednesday, November 26, 2008 2:49 PM
  • Hi, Guys!

     

    Thank you Geoff and Jeff for the comments. I cannot make the external A/V work yet, but I think that there was some progress.

     

    About the routing or NAT, I changed the three addresses of my Edge server into three publicly routable IP addresses, all in the same subnet, verified the border firewall and tested. Nothing changed.

     

     As Geoff suggested verifying the server logs, I started a tracing while trying to connected to the server and found the following error:

     

    "Ms-client-diagnostics: 52031; reason="Call terminated on media connectivity failure""

     

    Searching for this error, I found a question in this forum, where some people said that the internal IP address of the Edge Server has to be routable and not use NAT. At this point I’m back to my second question: do I have to make the internal addresses of my server routable? If I don’t use NAT I cannot make this. Any suggestions?

     

    Wednesday, November 26, 2008 6:46 PM