Integration Exchange SP1 and OCS - Support for media streams to traverse firewalls RRS feed

  • Question


    Hi all,


    To support media streams to traverse firewalls, you have to run 'Configure-MRASGruu.ps1' script.
    But I'm unable to find this script, in the 'E2007 SP1\scripts' directory, or elsewhere on the HD.


    Can anyone provide me this script?


    Thanks in advance.




    Monday, September 17, 2007 7:44 AM

All replies

  • I did a search on my Exchange machine and could only find the following script:




    Do you need me to send this one to you?



    Wednesday, September 19, 2007 1:18 PM
  • Can you mail it to dietertack @ hotmail com ?





    Wednesday, September 19, 2007 3:24 PM
  • I have just send it to you. Please let me know if it works.



    Thursday, September 20, 2007 4:49 AM
  • I can't find this script either.  Would you be kind enough to send it my way also?  My email is in my profile (remove the nospam tags).


    Just curious, is there a reason this script is missing?


    Sunday, September 23, 2007 9:15 AM
  • I found the script Configure-ummrasgruu.ps1 on my SP1 Beta1 CD. 


    When I run it I get the following error message:


    Code Snippet
    Failed to configure MRAS settings. Please verify this is an Exchange Unified Messaging SP1 Server. Additional information follows: Missing MediaRelaySettings section in Exchange UM configuration file Bin\GlobCfg.xml



    I am running Exchange 2007 SP1 Beta2 and OCS 2007 RTM. 


    Anyone know where or how to find the proper Configure-MRASGruu.ps1 script?  Its mentioned directly in the SP1 Unified Messaging notes at http://technet.microsoft.com/en-us/library/bb691398.aspx.

    Sunday, September 23, 2007 10:44 AM
  • I have not tested the script. We only have sp1 beta installed. From where and how did you run it? There could be some dependences of other scripts so you should try to run it from the Exchange scripts directory.

    Monday, September 24, 2007 9:31 AM
  • Excellent point!  I had run it from the CD.


    I copied it to my Exchange Server Install\scripts directory and it runs much cleaner (I no longer had to specify my forest name), but I get the same error.


    The GlobCfg.XML file doesn't include any section for MediaRelaySettings.


    Where is the correct place to post SP1 issues?

    Monday, September 24, 2007 5:07 PM
  • You might want to try and post this on the Exchange Forums.


    Monday, September 24, 2007 5:12 PM
  • Monday, September 24, 2007 6:10 PM



    I've reinstalled SP1 beta, and now traversing a firewall is working. No need of 'Configure-MRASGruu.ps1' script.




    Ok, it's not true, it isn't traversing the firewall. I was forgotten that there's a site 2 site vpn was configured.

    Without vpn, the voice cannot traversing the firewall Sad(



    Tuesday, September 25, 2007 12:19 PM

    Has anyone already succesfully deployed Exchange UM with OCS and OC Edge Server?





    Friday, October 12, 2007 8:41 AM
  • I have.


    Communicator users inside or outside our network can check their voice mail in Exchange and all other Exchange UM functions just fine.


    What I am working on now is getting the Mediation server working with our Quintum Tenor ASM-200 so we can integrate our PBX and PSTN lines into OCS.

    Friday, October 12, 2007 4:42 PM
  • We have problems with voicemail via Edge. Communicator can call the voicemail system but then there is no audio coming through the line. It seems that Exchange can not route the voice mail traffice back to communicator via Edge. I haven't found the cause yet.

    It works fine if we connect via the internal OCS frontend.

    Did you configure extra settings in Exchange/OCS to get it running via Edge?

    Friday, October 12, 2007 9:13 PM
  • I have completely the same problem like Thomas




    Wednesday, October 17, 2007 11:57 AM
  • I don't have time to dig up the exact details at the moment, but my issue was related to using the wrong port for one of the settings between the edge and the inside server.


    If you bring up the Communicator Console from Computer Management on the edge, you'll find a nice box which shows all of the listening IPs and ports, and their roles.


    Bring up your inside OCS server in another window and review the properties and INSURE all ports and hostname match up.


    You should be able to run a validation from both servers with a clean bill of health (I still show a few explainable warnings).


    My problem was literally using the wrong port number.  I think I confused terms (what you get when you don't spend enough time with the manuals) and put in "xxx" where I needed "yyy".


    Also run the BPA for OCS also and make sure its happy.

    Wednesday, October 17, 2007 7:40 PM
  • Both analyzing tools don't provide any errors or extra information so the configurations seems to be OK. So I think I'll have to do some tracing.



    Wednesday, October 17, 2007 8:38 PM
  • Any progress on your site Dieter? I haven't got much time yet to analyse further.
    Wednesday, October 24, 2007 7:50 AM
  • Hey Thomas,


    Also here, i'm currently not working on that issue.





    PS: No one else, who deployed Exchange and OC Edge server (succesfully or not).  

    Thursday, October 25, 2007 2:38 PM
  • I found out that Voice Mail Audio is routed directly to the client from Exchange Server and not via the Edge server. Exchange is routing audio traffic via our gateway to the client. It is trying to reach the client based on the local IP adres which is not accessible. Is this worked as designed. Don't think so....


    If I make VOIP calls the AV traffic is routed correctly.


    Has it something to do with the Static routing option in the front end settings? Who has used this before?

    Thursday, October 25, 2007 3:29 PM
  • Interesting...... It is confirmed that AV traffic has been routed via my IP gateway and not via Edge Server!!!


    I was just connecting my laptop directly to my cable modem (having a public IP adres) and suddenly voicemail works. I also get audio/video in Live Meeting now.


    How to fix this routing issue? Adding the EDGE IP in the static routing settings (of the frontend properties) causes the OCS frontend not to start.


    Has anyone else experienced this before an know how to solve it?



    Thursday, October 25, 2007 6:48 PM

    Hi Thomas,


    Thanks for your findings !!, When I'm back on 5/11. I'll also do some further research

    My question is, why has microsoft not implemented the same traversing mechanisms in Ex UM, like in the Mediation Server? Outbound calling via Edge and Mediation works perfectly !!



    Friday, October 26, 2007 7:03 AM
  • Hi,


    I've did some extra research:

    * Outbound calling via the mediation (works perfect)

    The mediation server adds some extra headers in the SDP:

    Code Block
    a=candidate:RxBmFYfbLey4L8V43yOI0HvtslSDTJ9DcKK9XBSk7Pw 1 CFUXr/uGcXysa2X3gbmT1g UDP 0.410 50274
    a=candidate:RxBmFYfbLey4L8V43yOI0HvtslSDTJ9DcKK9XBSk7Pw 2 CFUXr/uGcXysa2X3gbmT1g UDP 0.410 50946



    IP address is the public ip of the Edge Server.

    Those 2 headers are not included in the SDP from the Exchange UM Server.


    Is the Exchange UM Server not aware of the Edge Server?




    Monday, November 5, 2007 2:04 PM
  • The Exchange UM server is using the OCS front-end as voice gateway in case you have integrated Exchange with OCS.

    In another post a was reading the following:

    k - so the putting a public IP address on the Edge server definitely did fix this. BUT - there were some odd complications that are worth noting. Here's what I had to do to make it all work:


    1) Configure the Edge server with 1 "internal" IP address for the inside edge (10.x.x.x)

    2) Configure the Edge's second NIC with 3 "external" non-NAT IP addresses (38.x.x.x)

    3) Configure an interface on my sonicwall firewall for "transparent" mode, which passess traffic through from the WAN interface without NAT.

    4) Plug the second NIC of the Edge server into this new interface on the firewall

    5) rebind all the edge services to their new external IP addresses


    Step 2 is the craziest. I had to configure every external interface on the edge with a publicly routable IP. I tried to just configure the AV edge server with the public IP (leaving auth and webconf with NAT IPs), but that did _VERY_ strange things to the routing table on the Edge server.


    The edge started getting confused as to how to route outbound traffic because external traffic was coming to it from two sources: the SIP traffic was coming from one of the internals (bound to the auth service) and the AV traffic was coming in on the external (bound to AV edge). There can be (should be) just 1 default gateway on a windows box, so all the traffic on the way back out was exiting the external interface (my default gateway). Well, that broke all the SIP traffic cause it was coming in to the internal IP and exiting the external. I couldn't make it work.


    So I bit the bullet and configured all the edge IPs as their public addresses.


    This defintitely solved the problem.


    I can only see 2 other ways to do this:


    1) Have a separate edge A/V server. Configure 1 internal IP (10.X.x.x) and one external (38.x.x.x) - that way you can have a separate server for webconferencing and A/V authentication with their NAT IPs (10.x.x.x) on the external interfaces.




    2) Have 3 different networks on your Edge server:

    - 1 External (38.x.x.x) for A/V Edge service

    - 1 Internal (10.x.x.x) for the edge internal interface

    - 1 DMZ (172.16.x.x) for the web conf and A/V auth

    - add persistent static routes for 172.16.x.x and 10.x.x.x on your edge server


    The problem with this is that you use two interfaces on your firewall: 1 for the external transparent A/V edge, 1 for the DMZ.


    For now, I am sticking with my solution; it works well. I just am still slightly unsettled by needing to put convert all the IPs to publicly routeable ones. There's no harm in doing it, because the firewall is still only allowing certain ports through, but it still seems strange to me.

    We have been in touch with Microsoft about this. It seems that the Edge Server should not be NAT-ed to make this work. Microsoft has confirmed this.

    Monday, November 5, 2007 2:22 PM

    Hi Thomas,


    Have this solution solved your problem?


    The public interface of our Edge server isn't NAT-ed. So that can't be the problem.



    Monday, November 5, 2007 2:49 PM

    Has onyone found a solution for this yet..

    I'm having exactly the same problems.


    Localy everyting works fine, when I move to External (Via Edge), Cannot connect, with message: "The call was disconnected because Communicator stopped receiving Audio......"


    When someone calls UM, the calls are directed through Edge successfully



    Thanks, Rients

    Tuesday, April 8, 2008 7:42 AM
  • You should configure your Audio/Video Edge with a public IP adress (no NAT) and then it will work. It is explaned in one of the replies above.






    Tuesday, April 8, 2008 8:15 AM

    it must be something else, because my edge has a public ip, and all other services are ok.



    maybe it has something to do with the fact that my external A/V edge server port is on 444 not 443?

    All other internal ports are on the default values.

    I used a different port because I wanted to use only one External Ip for the acces Edge, Web conferencing edge and the A/V Edge server.


    can I change the port setting in exchange to match my edge Server?

    Why is it, that all other services like calling and conferencing work fine with these settings? and connection to voicemail does not, even a call from an UM autoattendant is perfectly routed trough edge to one of the external Communicator users.





    Tuesday, April 8, 2008 11:09 AM
  • Probably you can try to add your exchange UM server to the "Internal Server Authorized to connect to this Edge Server" settings in the Edge Server.

    Open Computer Management > Expand Services and Applications > Right Click Microsoft OCS 2007 > Properties : Click Tab "Internal"

    and add the Um server FQDN.



    Wednesday, April 9, 2008 1:18 PM
  • You don't need to add the Exchange UM server to the internal server list.

    You must check if the OCS Gateway in Exchange is configured to allow to dial out


    If you upgraded exchange to SP1 you can try to disable and re-enable again and restart Exchange UM



    Wednesday, April 9, 2008 10:47 PM