locked
Call forwarding - PSTN Gateway (billing issue) RRS feed

  • Question

  • Hello,

     

    Network topology:

     

    MOC A.\ _ OCS_ MEDIATION_MGW

    MOC B./

     

    I've a billing issue with call forwarding.

     

    - User B forwards his calls to  a PSTN-number (eg. 123456)

    - User A calls User B

    - Call is being forwarded to 123456 via the mediation server to the mediagateway

    - In the Invite-message (sent from medation to mgw) there is no header that UserB has forwarded the call.

    --> User A is being billed for the call to 123456 and not User B

     

    Is there a way, for the mgw, to know the call was forwarded?

     

    Thx in advance,

    Dieter

     

    Tuesday, May 8, 2007 3:04 PM

Answers

  • Dieter,

     

    Please attach a sipstack log from the mediation server that displays what you described in your post. I would like to be able to see the "Reffered-By" header going into the Mediation sever and I would l ike to see this traffic leaving the mediation server on its way to the gateway. Since the mediation server has 2 NICs we should be able to define the incoming and outgoing traffic.

     

    Are you familar with using OCSLogger.exe? It is located in the c:\program files\common files\Office Communication Server 2007\tracing - folder. Please start a sispstack capture prior to your test and stop it imediately after your test. Please email  the c:\windows\tracing.sipstack.etl file in a zipped containrer to the log for my review.

     

    Please provide me with an email addess if you ned me to review the logging. I will reply to the email and you can then send the attaced logs to me

     

    Please read the following RFC 3892  The SIP Referred-By Mechanism   September 2004. There is some good information here in regard to the use of TLS certificates and the encryption / signing of the referred by token.

     

     

    Thanks,

     

    Mike Adkins  OCS beta support team

     

     

    Wednesday, May 23, 2007 1:27 PM

All replies

  • Hello,

     

    I've seen that the OCS server add the following header "Referred-By", with the User credentials who forwarded the call, to the Mediation Server (into the INVITE message).

    Why drops the  Mediation Server the "Referred-By"-header to the Media Gateway?

    Regards,

    Dieter

    Wednesday, May 16, 2007 10:16 AM
  • Dieter,

     

    Please attach a sipstack log from the mediation server that displays what you described in your post. I would like to be able to see the "Reffered-By" header going into the Mediation sever and I would l ike to see this traffic leaving the mediation server on its way to the gateway. Since the mediation server has 2 NICs we should be able to define the incoming and outgoing traffic.

     

    Are you familar with using OCSLogger.exe? It is located in the c:\program files\common files\Office Communication Server 2007\tracing - folder. Please start a sispstack capture prior to your test and stop it imediately after your test. Please email  the c:\windows\tracing.sipstack.etl file in a zipped containrer to the log for my review.

     

    Please provide me with an email addess if you ned me to review the logging. I will reply to the email and you can then send the attaced logs to me

     

    Please read the following RFC 3892  The SIP Referred-By Mechanism   September 2004. There is some good information here in regard to the use of TLS certificates and the encryption / signing of the referred by token.

     

     

    Thanks,

     

    Mike Adkins  OCS beta support team

     

     

    Wednesday, May 23, 2007 1:27 PM
  • Hi Mike,

     

    You can reach my via dietertack@hotmail.com .

     

    Below an example of the header that the mediation-server receives from the oc-server:

     

    REFERRED-BY:<sipBig Smileirkv@lcs-domain.local>;ms-identity="MIIBNgYJKoZIhvcNAQcCoIIBJzCCASMCAQExDzANBgkqhkiG9w0BAQUFADALBgkqhkiG9w0BBwExgf8wgfwCAQEwVjBIMRUwEwYKCZImiZPyLGQBGRYFbG9jYWwxGjAYBgoJkiaJk_IsZAEZFgpsY3MtZG9tYWluMRMwEQYDVQQDEwpMQ1MtRE9NQUlOAgoUjlkFAAAAAAACMA0GCSqGSIb3DQEBBQUAMA0GCSqGSIb3DQEBAQUABIGASITUqIFFNKSiTaZ1wpd66LAwnpGgs-etIb3VD5cOJYIrcU8EmJEe1ZQ13tdNzXCgeqTomHwHzCFp1JiMzz1P6szd9i8W54Zv-FjVmXml3HnVrWOqTYiTIACwczXIqdhvPDyWibX2a8EPLsBK6TT1sO8v7Fh6Zy73eMkX_ahdH9oA:Fri, 25 May 2007 08:35:52 GMT";ms-identity-info="sipSurpriseCS2007.lcs-domain.local:5061;transport=tls";ms-identity-alg=rsa-sha1

     

     

    Regards,

    Dieter

    Friday, May 25, 2007 10:29 AM
  • Hi Dieter,

    Can you let the forums know the status of your issue? If you have been able to figure out a resolution with Mike Adkins can you post it here also? It would be greatly appreciated. Thanks.

    Wednesday, May 30, 2007 9:57 PM
  • Hi Thom,

     

    I haven't received yet a mail from Mike.

    Rgds,

    Dieter

    Friday, June 1, 2007 10:31 AM
  •  

    Hi Mike,

     

    For the mediation server, you have no need of 2 NICs. Only 1 NIC is needed.

     

    Rgds,

    Dieter

    Monday, June 4, 2007 10:04 AM
  • Hi Dieter, I am nost sure what you were posting about here, but you do need to 2 NICs for a mediation server. One for the Gateway listening port and the otehr for the OCS listening port.
    Monday, June 4, 2007 8:24 PM
  • I actually have this working with one NIC. My mediation server is on the same LAN as my PBX. Although inbound is not working, but that's another issue because the PBX uses SIP over UDP.

     

    Nóri

    Monday, June 4, 2007 9:13 PM
  •  

    Hi Thom,

     

    The Gateway listening port and the OCS listening port can be configured on the same NIC, same IP-addess but different ports (5061 for OCS and 5060 for the Gateway). Works perfect!

     

    Hi Nori,

     

    You can solve this problem by placing OpenSER (only linux) between the Gateway and MediationServer.

    If can give you the configuration for OpenSER if you want.

     

    Rgds,

    Dieter

    Tuesday, June 5, 2007 6:56 AM
  • Thanks Dieter. I'll give OpenSER a try. Can you e-mail the configuration to nori@annata.is

     

    Regards,

    Nóri

    Tuesday, June 5, 2007 2:42 PM
  • Hi Dieter,

    We have had it working on 1 NIC before but ran into a few problems. I also don't think it is a supported configuration though. Thanks for all of your help on the forums.

    Thursday, June 7, 2007 6:08 PM
  •  

    Hi Thom,

     

    I've just compared the public beta documentation with the private beta documentation.

    Ok, the now supported configuration is with 2 NICs.

     

    What are the known problems for using 1 NIC.

     

     

    Thx,

    Dieter

    Friday, June 8, 2007 7:20 AM
  • Dieter,

     

    Hello! I am sorry for the late return to your post please forgive me. I have been very busy lately. Please attach the sipstack.txt log to this email and send it to me for review.

     

    Thanks,

     

    Mike Adkins  OCS beta support team

     

    I sent the customer the following email. I am waiting for his reply so we can continue working on the issue

    Monday, June 11, 2007 9:48 PM
  • Dieter,

    Well as per RFC the Mediation server can access the referred-by header and change it or remove it. The referer which is the OCS Access server can send the referred-by field as follows

     

    This following information is per RFC 3892

    ************************************

    Referred-By is a request header field as defined by [5].  It can appear in any request.  It carries a SIP URI representing the identity of the referrer and, optionally, the Content-ID of a body part (the Referred-By token) that provides a more secure statement of that identity.

    In our case it is the caller's URI and the Content-ID information

    The target SHOULD verify that the identity in the Referred-By header field in the token exactly matches the SubjectAltName from the signing certificate, reporting discrepancies to its user as described in [3].

    If the token contains a To header field, the target SHOULD verify that the identity it expresses matches the referrer.  One way of verifying this is to exactly match the identity in the token's To header field with the subjectAltName of the certificate used by the referee to sign the aib protecting the request itself.  The 428 response defined in [7] can be used to request such an aib if one is not already present.


    Here is the reason the OCS Mediation server may drop the referred-by information (security purposes)

    The mechanism defined in this specification relies on an intermediary (the referee) to forward information from the referrer to the refer target.  This necessarily establishes the referee as an eavesdropper of that information and positions him perfectly to launch man-in the-middle attacks using the mechanism.


    *************************************************

    So in our case I can see the referred-by field being used to show a trust between the originating caller and the forwarding device. This authentication information is passed to the Mediation server and as you have described it is dropped when in route to the the media gateway device.

     

    This could be by design of the product and it does appear to be by RFC.

     

    The documentation that you sent me was not 100% accurate. The sipstack.txt log shows the referred by fields with a Call ID header contents of 0669ee073f7a42ce844859b9c2b01a08 - this shows a call between you and Steven. The mediation.txt file shows one frame when filtered on reffered-by and it has a Call ID value of 3ec61af4b0d74fb39810d151ee33c8f6. Also, when I filter sisserver.txt on 3ec61af4b0d74fb39810d151ee33c8f6 - no frames are returned.

    Please take the logging exercise again and make sure that sipstack logging is taken at the same time on the mediation server and the access server.

     

    Also, If I am a little off track on my reply to you pleaee correct me. If I remeber corrrectly the reason that you opened this post is because your media gateway id using the information in the referred-by field as the descriptor of the originator of the call. So the device that is forwarding the call is getting billed for the cost and not the call originating device. Who is your media gateway vendor?

     

     

    Thanks,

    Mike Adkins

     


     

    Wednesday, June 13, 2007 10:43 PM
  •  

    Hi Mike,

     

    My goal for my post was not, that I want to have the referred-header in the sipmessage.

    I just want to know; that the call was forwarded and  whom has forwarded the call.

    There are even other mechanisms for doing that: http://www.ietf.org/rfc/rfc4458.txt

     

    Further explanation: we are a telecom software company (www.artilium.com) .  We have built a realtime charging and billing system for telephony.

    And the last weeks, I researched if we can integrate OCS with are software.

     

    Sorry for sending the wrong sipstack.txt. I've attached the wrong one. I can send you the correct sipstack.txt, if you still needed.

     

    Regards,

    Dieter

    Friday, June 15, 2007 3:03 PM
  • Hi Dieter,

    Can you update this post? Is this still an issue with the RTM version?

     

    Wednesday, September 19, 2007 6:07 PM
  •  

    Hi Thom,

     

    Yes it is still an 'issue' with the RTM version.

     

    But Microsoft is aware of that the PBx is not aware of call forwarding.

    In the document 'Integrating Telephony with Office Communications Server 2007' written by Russell Bennett, Nathan Fish, Rob Westover, Tony Bawcutt (Microsoft Unified Communications Group), you find on page 37 (Forward): PBx is not aware of call forwarding, hence authorization (if exist) is based on original caller.

     

    Regards,

    Dieter

    Thursday, September 20, 2007 7:23 AM