locked
A/V Communication between External User and Internal User RRS feed

  • Question

  •  

    Hello!

     

    I am able to do voice calls via 2 internal users connecting to the Front End Server and 2 Remote Users connecting to the Edge Server.

     

    Howerver, I am not able to make a voice call via a user connecting to the Front End Server and a User connecting to the Edge Server.

     

     

    On the Edge Server, the A/V authentication port is running on port 5062

    and on my Front End Server, I have the internal fqdm of the Edge Server listed on the Edge Server Tab also specifing port 5062

     

    If I run a validation of the A/V on my Fron End Server It fails with the error message below

     

    Connecting to A/V Authentication Edge Server to get credentials

    Exception: Unable to establish a connection

    [0Xc3f200d] One or more errors were detected.

     

    Your Help is very much appriciated!!!!

     

    P.S: My front end server is setup with 2 IPs. One is pointing to an isolated network, and the other one is pointing to our local network. If I do a trace route to my edge server, it chooses the right network and I am able to telnet to my edge server internal IP via port 5062. So I can verify connectivity. I also get a warning saying that one of my nics is not listenting on port 5063 which makes sense, since this nic is the one on the isolated network. Could this be causing any issues ?

     

    Tuesday, November 6, 2007 4:56 PM

All replies

  • Do you have a routable, public IP address bound to the external interface on your Edge server and assocaited to the A/V service?

     

    If not, you'll need to configure your external perimeter firewall to route a public IP address to the Edge server and bind that address directly to the external interface.  The Access Edge and Web Conferencing services can use NAT'd private IP addresses in any subnet, but not the A/V service.

    Tuesday, November 6, 2007 10:40 PM
    Moderator
  • Hello Jeff!

     

    I appreciate your help on this.

     

    I have 2 public IP addresses (No Nat). and one private internal IP address

     

    1 Public IP assigned to the External Interface of the Access Edge Server

     

    1 Public IP assigned to the External Interface of the Web Conferencing Edge Server and A/V Edge Server

     

    1 Private IP assigned to the internal interface on all the above.

     

    According to the firewall logs, the Edge Server tries to communiate directly with the internal clients. Shouldn't the Edge Server forward the request to the the Front End Server, and have the front end server do this ? Also the Edge Server uses the external interface to communicate with the internal client, shouldn't it use the internal interface ?? :~)

     

    Please look at the forum link I found below :

     

    http://forums.microsoft.com/OCS2007/ShowPost.aspx?PostID=1412736&SiteID=57

     

    If I specify the registry key below (Port Rage 50,000-59,999) on a client PC.  I am able to make calls from inside the network, ( while connected to the internal server ) to an external users (connected to the Edge Server) . However, the external user can not call me. (Seems to work only one way ????)

     

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Communicator\PortRange]

    "Enabled"=dword:00000001

    "MinMediaPort"=dword:0000c350

    "MaxMediaPort"=dword:0000e678 

     

    What  is the communication flow for a external user connected to the edge server and an internal user connected to the Frond End Server.

     

    My understanding is that all communication will be P2P if possible and if not, it will try to communicate through the Edge server ? Is the Front End Server out of the loop here ?

     

    If the Front End Server will hand the communication flow, this registry key should not be necessary. 

     

    Let me know . thanks

     

     

    Thursday, November 8, 2007 3:42 PM
  •  

    Diego,

     

    Yes, the Access Edge Server will forward inbound connections into the internal Standard/Enterprise Front-End service, external clients cannot directly communicate to them.

     

    You shouldn't have to mess with any port ranges just to get audio configured and working externally.  What concerns me is that you appear to have a single Public IP address assigned to both your Web Conferencing Edge services and A/V Edge services.  All of the Edge services require a dedicated IP address as each service uses at least TCP 443 to communcate with each.

     

    Do you have all three roles on a single server, or on seperate hardware?

    Friday, November 9, 2007 5:29 PM
    Moderator
  •  

    Hello Jeff!

     

    Let me add that validation of all components complete succesfully.

     

    If I don't do the registry hack that specifys the dinamic ports 50,000 to 59,999. I am not able to get an internal client to call an external client. And no matter what I do, I am not able to get an external client to call and internal client.

     

    I am running all 3 roles on the same server and there is no director configured.

     

    My internal client is configued manually. Internal Server pointing to the Front end Server.  External Server pointing to the Edge server

     

     

    I have 2 Public IPs and One Internal IP as follows:

     

    Internal Edge : 192.168.205.202: 5061

    A/V authentication port : 192.168.205.202:5062

    Web Internal : 192.168.205.202:8057

    A/V Internal IP port : 192.168.205.202:443

     

    Access Edge Federated external : 205.244.41.252 : 5061

    Remote Access External: 205.244.41.252 : 443

     

    Web Conference External 205.244.41.253: 444

     

    A/V Edge External 205.244.41.253:443

    External Port Range 50,000 - 59,000

     

     

     

     

    Friday, November 9, 2007 10:01 PM
  • Hmmm, I'm not too clear on your network configuration but it seems overly complex.  Is there a specific reason you are deviating from the recommended deployment?

     

    Take a look at my blog entry discussing the Edge Server network configuration.  The public IP address dedicated to your A/V must reside on the Edge server itself, not on a firewall using NAT.

     

    Saturday, November 10, 2007 12:15 AM
    Moderator
  • Diego,

     

    an IPConfig from the edge would be helpful.

     

    I just solved this problem with the help of MS. If all of your external IPs are NOT NATed, you are fine. If not, you will need all external IPs non-NATed on what looks like your single interface. Or have two NICs with dual default gateways with the following registry key set:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

            Value Name: EnableDeadGWDetect

            Value Type: REG_DWORD

            Value Range: 0

     

    Saturday, November 10, 2007 12:52 AM
  • Hello Jeff!

     

    I don't know why you think my setup is overly complex....???

     

    I am doing one of the supported deployment methods which is the consolidated deployment.

     

    My setup is as simple as this.

     

    An Edge Server setup with A/V and Web Conferencing Roles.

     

    2 Public IPs (No Nat)  and One Internal IP

     

    1 Pubilc IP assigned to the Access Edge Server, the other Public IP assigned to both A/V and Web Roles.

     

     

     

    Monday, November 12, 2007 3:45 PM
  • Hello James!

     

    I have 3 separate Nics on this server. And below is the IP config.  I tried the registry key anyways but it didn't make a difference.  thanks

     

    Windows IP Configuration


    Ethernet adapter Internal:

       Connection-specific DNS Suffix  . :
       IP Address. . . . . . . . . . . . : 192.168.205.202
       Subnet Mask . . . . . . . . . . . : 255.255.255.192
       Default Gateway . . . . . . . . . :

    Ethernet adapter Public-Access-Edge:

       Connection-specific DNS Suffix  . :
       IP Address. . . . . . . . . . . . : 205.244.41.252
       Subnet Mask . . . . . . . . . . . : 255.255.255.248
       Default Gateway . . . . . . . . . : 205.244.41.249

    Ethernet adapter Public AV-Edge:

       Connection-specific DNS Suffix  . :
       IP Address. . . . . . . . . . . . : 205.244.41.253
       Subnet Mask . . . . . . . . . . . : 255.255.255.248
       Default Gateway . . . . . . . . . : 205.244.41.249

     

    Persistent Routes:
      Network Address          Netmask  Gateway Address  Metric
             10.0.0.0        255.0.0.0  192.168.205.193       3
    Monday, November 12, 2007 3:50 PM
  •  Diego F Marin wrote:

    2 Public IPs (No Nat)  and One Internal IP

     

    1 Pubilc IP assigned to the Access Edge Server, the other Public IP assigned to both A/V and Web Roles.

     

    I believe this is the root of your problem.  The A/V Edge Server requires it's own, dedicated Public IP address bound to the external interface, but you appear to have both the A/V and Web Conferencing Services assigned to that same IP addres.

     

    See Table 4 in the Edge Deployment guide regarding the DNS A record and IP addresses configuration for a Consolidated Edge Topology.  It appears that you can co-locate both the Access Edge and Webconf services on a single IP, but I've always assigned a single dedicated IP address to each role.  You can use private, NAT'd IP addresses for the Access and Webconf, and use your public IP address for the A/V role.

     

     

    Monday, November 12, 2007 4:46 PM
    Moderator
  • I will give this a try and get back to you.

     

    thanks

     

    Monday, November 12, 2007 5:12 PM
  •  Jeff Schertz wrote:
     

    All of the Edge services require a dedicated IP address as each service uses at least TCP 443 to communcate with each.



    Isnt one public IP for a consolidated edge enough?


    Tuesday, November 13, 2007 5:25 PM
  • As I corrected myself in my previous post, it appears that the Consolidated deployment outlines a single public IP for the A/V service and a shared, private IP address for the Access Edge and Web Conferencing services, but that section appears to read a little ambiguously.

     

    I've only deployed an Edge Server using a dedicated IP for each role, but I plan to test the IP sharing of Access and Webconf in my lab.  The requirements of both services listening on the same TCP 443 port make me believe that it would be best to dedicate an IP to each.  I have found that deviating from the deployment guide can lead to configuration problems and headaches which can be avoided during planning.

     

    Tuesday, November 13, 2007 6:48 PM
    Moderator
  • I changed my configuration to have the Web Conferencing Server  and A/V work with their own IP. however it did not make a diferrence.

     

    :0(

     

     

    Thursday, November 15, 2007 4:02 PM
  • What do the Validation Checks report against the Edge Server roles?  I'm wondering if you don't have a DNS resolution problem somewhere.

    Thursday, November 15, 2007 4:37 PM
    Moderator
  •  

    Validation of the Edge Server Local Config, Connectivity and SIP logon are successfull.

    Validation of the Fron End Server is sucessfull

    (Warning: One or more phone usages are not assigned to any route or VOIP policy

    Validation of the A/V Server is sucesfull

    Validation of the Web Conferencing Server is sucessfull

     

    The fact that I am able to do A/V calls when connected to the Edge Server, makes me believe that there is something screwup on the routing of the Edge Server.

     

     

     

    Thursday, November 15, 2007 4:51 PM
  •  

    Good afternoon you have solved the problem

     At me a similar mistake

     

    http://forums.microsoft.com/TechNet-RU/ShowPost.aspx?PostID=2432598&SiteID=40

    Tuesday, November 20, 2007 10:44 AM
  • I am still having this issue :0(

     

    Tuesday, November 20, 2007 5:56 PM
  • Dear all,

     

    I too am having issues making an A/V connection between external and internal users. I haven't done enough tests yet to fully verify what's going on but early indications are are follows;

    • Internal users on the LAN can make Communicator Voice calls ok
    • External users can make Communicator Voice calls between each other ok.
    • External-Internal and Internal-External seems to fail on trying to connect. This does not happen 100% of the time, sometimes they connect ok.
    • If an external user establishes a VPN to the Internal network they can talk to internal users ok.

    My Edge Server has 2 interfaces

     

    Internal - private address on same internal LAN as Front End Server

    External 3 Public IP addresses, one for each role of Access Edge, Web Conferencing and A/V

     

    My next experiment is to have 3 separate external NIC's one for each role to see if that makes a difference.

     

    Any advice on how to trap the error with logging is welcome.

     

    Monday, December 17, 2007 9:42 PM
  •  Diego F Marin wrote:

    Ethernet adapter Internal:

       Connection-specific DNS Suffix  . :
       IP Address. . . . . . . . . . . . : 192.168.205.202
       Subnet Mask . . . . . . . . . . . : 255.255.255.192
       Default Gateway . . . . . . . . . :

    Ethernet adapter Public-Access-Edge:

       Connection-specific DNS Suffix  . :
       IP Address. . . . . . . . . . . . : 205.244.41.252
       Subnet Mask . . . . . . . . . . . : 255.255.255.248
       Default Gateway . . . . . . . . . : 205.244.41.249

    Ethernet adapter Public AV-Edge:

       Connection-specific DNS Suffix  . :
       IP Address. . . . . . . . . . . . : 205.244.41.253
       Subnet Mask . . . . . . . . . . . : 255.255.255.248
       Default Gateway . . . . . . . . . : 205.244.41.249

     

    Persistent Routes:
      Network Address          Netmask  Gateway Address  Metric
             10.0.0.0        255.0.0.0  192.168.205.193       3

     

    I assume that your Front-End server is either on 10.0.0.0/8 or 192.168.205.192/26 networks?

     

    Looking back at your original question, I would now lean toward the certificate installed on the A/V role for internal authentication. Is it a trusted internal CA?

     

    Also, I'm not sure where the port 5063 event is coming from...?

    Wednesday, February 6, 2008 7:52 AM
  • Diego, did you sort out this issue?

     

    I looks like we have something like this - media stream between internal and external user could not be established. We deployed a consolidated Edge server with two NICs - one NIC is for private Edge interface ( it has one internal IP address assigned), and second one is for public interface it has 2 public IPs assigned : one IP is shared for Access/Web roles and second is for A/V Edge role. The issue is that internal client tries to establish media connection with public IP address of A/V Edge of edge server (not with private address of Edge server) but this public address is not reachable from internal networ.

    Communicator log shows that internal client recieves this wrong address  in SDP fields:

    193.200.189.39 is public address of A/V Edge

     

    v=0

    o=- 0 0 IN IP4 193.200.189.39

    s=session

    c=IN IP4 193.200.189.39

    b=CT:99980

    t=0 0

    m=audio 56899 RTP/SAVP 114 111 112 115 116 4 8 0 97 101

    a=candidate:GSUlv3Czuc9PZM5XcwTu1EA+TFaeD2mlG6MIUB8vOPg 1 Jja7zTfKY+pLVxdXkDk07A TCP 0.190 193.200.189.39 50051

    a=candidate:GSUlv3Czuc9PZM5XcwTu1EA+TFaeD2mlG6MIUB8vOPg 2 Jja7zTfKY+pLVxdXkDk07A TCP 0.190 193.200.189.39 50051

     

     What could cause this?

     

    Thanks!

    Wednesday, February 20, 2008 2:32 PM
  • Did this get resolved?

     

    Wednesday, April 16, 2008 10:42 PM