locked
Office Communicator Call - Edge Server RRS feed

  • Question

  •  
    Hi,

    We have an OCS 2007 back-end server to provide IM, call and video call by Office Communicator to our internal users. This works fine.

    Now I have installed a Edge Server to provide the same functions to our external users. I have opened the correct ports on firewall and I have created the correct registers in DNS. I only have activated the Access Edge Server. I haven't activated Web Conferencing Edge Server nor A/V Edge Server because I think these are not necessary to provide IM, call and video call by Office Communicator to our external users.

    IM works OK to external users, but call and video call are disconnected when user accepts the request.

    Is necessary A/V Edge Server to provide call and video call?

    Thanks.

    Raul
    Thursday, December 18, 2008 7:13 AM

All replies

  • Raúl6 said:

    Is necessary A/V Edge Server to provide call and video call?



    Yes, A/V is necessary for Audio/Video - therefore it's called A/V :-)

    Johann
    Johann Deutinger | MCTS Exchange 2007 / OCS 2007
    Thursday, December 18, 2008 2:37 PM
  • Hi,

    I have installed A/V Edge Server. I open the correct ports in firewall. I have configured internal OCS server to work with A/V Edge Server. I use the same A register in DNS and the same public IP for A/V Edge Server and Access Edge Server. Edge Server has a DMZ IP. In firewall there is a MIP that translates public IP address to DMZ IP address.

    When I try to do a call or video call are disconnected when user accepts the request.

    In event viewer appears the following message:

     

    Nombre de registro:Application
    Origen:        Communicator
    Fecha:         19/12/2008 9:38:00
    Id. del evento:11
    Categoría de la tarea:Ninguno
    Nivel:         Advertencia
    Palabras clave:Clásico
    Usuario:       No disponible
    Equipo:        ALPT15.alsys.local
    Descripción:
    A SIP request made by Communicator failed in an unexpected manner (status code 0). More information is contained in the following technical data:
     
     RequestUri:   sip:ocs.iciq.es:443;transport=tls;lr;ms-route-sig=baaxhaywQw-bQCNdxUZ1gVMnhkbGBqvxlnKEB33AAA
    From:         sip:alsys2007@iciq.es;tag=016198da2a
    To:           sip:dpena@iciq.es;tag=0804aa33ef
    Call-ID:      b4d1836855974740972b1446b8f0c29d
    Content-type: application/sdp;call-type=audiovideo

    v=0
    o=- 0 0 IN IP4 172.25.25.115
    s=session
    c=IN IP4 172.25.25.115
    b=CT:99980
    t=0 0
    m=audio 27776 RTP/AVP 114 111 112 115 116 4 8 0 97 101
    k=base64:TBwQ9VdtRdoCTs3ADEGnre8PcWSKQoIe3Kw7B2AtoHEFh8XQhBnkkqkejJeT
    a=candidate:wVG8JrZouk92eE1XJXcpY6N+77cD/g/QV4GOdHOGggw 1 eXvu7twVqu4CVX7Io/FMmA UDP 0.840 172.25.25.115 27776
    a=candidate:wVG8JrZouk92eE1XJXcpY6N+77cD/g/QV4GOdHOGggw 2 eXvu7twVqu4CVX7Io/FMmA UDP 0.840 172.25.25.115 11392
    a=cryptoscale:1 client AES_CM_128_HMAC_SHA1_80 inline:DvZUFQZwbf8Qo9VV+Uhc5MzD4oVu2mlXN7t9elx2|2^31|1:1
    a=crypto:2 AES_CM_128_HMAC_SHA1_80 inline:MyWeJe7KmrBxoYECE3mAPDHGvYgsQcmZrK8P2dOt|2^31|1:1
    a=maxptime:200
    a=rtcp:11392
    a=rtpmap:114 x-msrta/16000
    a=fmtp:114 bitrate=29000
    a=rtpmap:111 SIREN/16000
    a=fmtp:111 bitrate=16000
    a=rtpmap:112 G7221/16000
    a=fmtp:112 bitrate=24000
    a=rtpmap:115 x-msrta/8000
    a=fmtp:115 bitrate=11800
    a=rtpmap:116 AAL2-G726-32/8000
    a=rtpmap:4 G723/8000
    a=rtpmap:8 PCMA/8000
    a=rtpmap:0 PCMU/8000
    a=rtpmap:97 RED/8000
    a=rtpmap:101 telephone-event/8000
    a=fmtp:101 0-16
    a=encryption:optional


    Response Data:

    180  Ringing


    0  (null)
    Ms-client-diagnostics:  52031; reason="Call terminated on media connectivity failure"

     
     Resolution:
     If this error continues to occur, please contact your network administrator. The network administrator can use a tool like winerror.exe from the Windows Resource Kit or lcserror.exe from the Office Communications Server Resource Kit in order to interpret any error codes listed above.
    XML de evento:
    <Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
      <System>
        <Provider Name="Communicator" />
        <EventID Qualifiers="16624">11</EventID>
        <Level>3</Level>
        <Task>0</Task>
        <Keywords>0x80000000000000</Keywords>
        <TimeCreated SystemTime="2008-12-19T08:38:00.000Z" />
        <EventRecordID>64878</EventRecordID>
        <Channel>Application</Channel>
        <Computer>ALPT15.alsys.local</Computer>
        <Security />
      </System>
      <EventData>
        <Data>Communicator</Data>
        <Data>0</Data>
        <Data>RequestUri:   sip:ocs.iciq.es:443;transport=tls;lr;ms-route-sig=baaxhaywQw-bQCNdxUZ1gVMnhkbGBqvxlnKEB33AAA
    From:         sip:alsys2007@iciq.es;tag=016198da2a
    To:           sip:dpena@iciq.es;tag=0804aa33ef
    Call-ID:      b4d1836855974740972b1446b8f0c29d
    Content-type: application/sdp;call-type=audiovideo

    v=0
    o=- 0 0 IN IP4 172.25.25.115
    s=session
    c=IN IP4 172.25.25.115
    b=CT:99980
    t=0 0
    m=audio 27776 RTP/AVP 114 111 112 115 116 4 8 0 97 101
    k=base64:TBwQ9VdtRdoCTs3ADEGnre8PcWSKQoIe3Kw7B2AtoHEFh8XQhBnkkqkejJeT
    a=candidate:wVG8JrZouk92eE1XJXcpY6N+77cD/g/QV4GOdHOGggw 1 eXvu7twVqu4CVX7Io/FMmA UDP 0.840 172.25.25.115 27776
    a=candidate:wVG8JrZouk92eE1XJXcpY6N+77cD/g/QV4GOdHOGggw 2 eXvu7twVqu4CVX7Io/FMmA UDP 0.840 172.25.25.115 11392
    a=cryptoscale:1 client AES_CM_128_HMAC_SHA1_80 inline:DvZUFQZwbf8Qo9VV+Uhc5MzD4oVu2mlXN7t9elx2|2^31|1:1
    a=crypto:2 AES_CM_128_HMAC_SHA1_80 inline:MyWeJe7KmrBxoYECE3mAPDHGvYgsQcmZrK8P2dOt|2^31|1:1
    a=maxptime:200
    a=rtcp:11392
    a=rtpmap:114 x-msrta/16000
    a=fmtp:114 bitrate=29000
    a=rtpmap:111 SIREN/16000
    a=fmtp:111 bitrate=16000
    a=rtpmap:112 G7221/16000
    a=fmtp:112 bitrate=24000
    a=rtpmap:115 x-msrta/8000
    a=fmtp:115 bitrate=11800
    a=rtpmap:116 AAL2-G726-32/8000
    a=rtpmap:4 G723/8000
    a=rtpmap:8 PCMA/8000
    a=rtpmap:0 PCMU/8000
    a=rtpmap:97 RED/8000
    a=rtpmap:101 telephone-event/8000
    a=fmtp:101 0-16
    a=encryption:optional


    Response Data:

    180  Ringing


    0  (null)
    Ms-client-diagnostics:  52031; reason="Call terminated on media connectivity failure"

    </Data>
      </EventData>
    </Event>



    Any idea?


    Thanks.

    Raul
    Friday, December 19, 2008 9:10 AM
  •  Hi,

    I a do a call between two external users in the same network it works fine. If I try to do a call between two external users it fails. Do Office Communicators try to communicate directly between them?

    Thanks.

    Raul
    Friday, December 19, 2008 9:48 AM
  • What is the configuration for your A/V edge, the firewall and the internal?  What I'm looking for is the IP addresses used and the firewall rules.  It appears to me in the traces above that you are using 172.25.0.0 addresses.

    Here's what I'm looking at.  A/V requires that you have publicly routable IP addresses assigned to the external interface of the A/V Edge.  Plus, you need to have ports 50,000 - 59,999 inbound/outbound TCP/UDP open.  NAT is not acceptable for AV Edge.  It MUST be assigned directly a public address.

    If this isn't the way that it's configured, A/V will not work properly.

    Look here for more information:

    http://technet.microsoft.com/en-us/library/bb870364.aspx
    http://technet.microsoft.com/en-us/library/bb870422.aspx


    And, BTW - this changes quite a bit (in the range of ports and protocols) for R2.  Still does require a public IP due to the way that STUN and ICE work.


    Rick
    Sunday, December 28, 2008 7:21 PM
  • Hi,

    I already read these documents of Microsoft, but I thought that would be possible to assign a private IP address to the A/V interface of the Edge Server.

    I have many problems to assign a public IP address to a server in the DMZ, because all external traffic is filtered by firewall and I don't know how to configure the firewall to assign a public IP address to a server in DMZ network.

    Thanks.

    Raúl
    Wednesday, January 14, 2009 7:56 AM
  • Raul,

    Typically you would need to assign another physical interface on the firewall to a NIC dedicated to the A/V Edge role, or attach that outside the firewall (the least desirable option).

    Although you can assign a private IP address to the AV/ Edge server's external interface, it's completely unsupported and only some A/V features may work and sometimes only uni-directionally.  I have some additional details in these blog entries:
     

    http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=33
    http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=37
    http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=42


    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Wednesday, January 14, 2009 1:50 PM
    Moderator
  • Hello,

    The first solution is to use a firewall feature called "bridging", or "transparent mode". With this feature, you can configure the same IP on the public interface of the firewall and on (one of) the private inerface(s). Doing so, you can create a DMZ network with public IP adress(es) inside your DMZ, and still being protected by the firewall.
    Another solution if your firewall doesn't support bridging is to use a 1:1 NAT twice: one translation from the external public IP to a "dummy" private IP in a dummy DMZ network on your firewall, and a second one back to the original public IP, on the DMZ network on which public A/V edge interface is connected. Doing so, the remote clients will see the A/V edge with its public adress, with will also be the physical IP of the public A/V edge,  and that's what STUN requires. The fact that it has been NAT"ed twice on the path doesn't mattter.

    We implemented the last solution in our production environment (two chained firewalls before reaching the A/V edge ...), and it works flawlessly.

    Hope this helps,

    Matthieu
    Wednesday, January 14, 2009 9:50 PM