locked
Error Validating Edge AV Server RRS feed

  • Question

  • Im Getting this error when validating AV edge server

     

     

     

    Action

     

    Action Information

     

    Execution Result

     

    Execute Action

     

     

     

    Failure
    [0xC3FC200D] One or more errors were detected

     

    Diagnose MCU

     

    Check Configuration: True
    Check Connectivity:
    True

     

    Failure
    [0xC3FC200D] One or more errors were detected

     

    Check Connectivity

     

     

     

    Failure
    [0xC3FC200D] One or more errors were detected

     

     

    Diagnosing Edge Authentication Server and Edge Server

     

    WMI Repository Path: \\FrontEndServ.Domain.com.br\root\cimv2

     

    Failure
    [0xC3FC200D] One or more errors were detected

     

    A/V Authentication Edge Server EdgeServ.Domain.com.br

     

    DNS Resolution succeeded: x.x.x.4
    TCP connect succeeded: x.x.x.4:5062

     

    Success

    WMI Class MSFT_SIPTrustedServiceSetting

     

    WMI Class Path: \\FRONTENDSERV\root\cimv2:MSFT_SIPTrustedServiceSetting
    WMI Instance Path: \\FRONTENDSERV\root\cimv2:MSFT_SIPTrustedServiceSetting.InstanceID="{EAAD272B-25F3-4DCD-A776-B83ACEF32463}"
    FQDN (String): EdgeServ.Domain.com.br
    GRUU (String): sip:EdgeServ.Domain.com.br@domain.com.br;gruu;opaque=srvr:MRAS:Kyet6vMlzU2ndrg6zvMkYwAA
    GruuID (String): [NULL]
    InstanceID (String): {EAAD272B-25F3-4DCD-A776-B83ACEF32463}
    Port (UInt32): 5062
    Routable (Boolean):
    True
    RoutingPoolDN (String): [NULL]
    ServerReference (String):
    CN=FRONTENDSERV,CN=Pools,CN=RTC Service,CN=Microsoft,CN=System,DC=domain,DC=com,DC=br
    TlsTarget (String): [NULL]
    TrustedServiceDN (String): CN={E81324EA-EB89-4736-AB09-5E79035A7DBB},CN=Trusted Services,CN=RTC Service,CN=Microsoft,CN=System,DC=domain,DC=com,DC=br
    Type (String): MRAS
    Version (UInt32): [NULL]

     

    Success

                 

     

    WMI Class MSFT_SIPRoutingSetting

     

    WMI Class Path: \\FRONTENDSERV\root\cimv2:MSFT_SIPRoutingSetting
    WMI Instance Path: \\FRONTENDSERV\root\cimv2:MSFT_SIPRoutingSetting.InstanceID="{2390CE8B-5794-4789-9D11-D891502BA6EB}"
    DefaultPort (UInt32): 5061
    InstanceID (String): {2390CE8B-5794-4789-9D11-D891502BA6EB}
    TLSCertIssuer (UInt8): 48 83 49 18 48 16 06 10 09 146 38 137 147 242 44 100 01 25 22 02 98 114 49 19 48 17 06 10 09 146 38 137 147 242 44 100 01 25 22 03 99 111 109 49 21 48 19 06 10 09 146 38 137 147 242 44 100 01 25 22 05 118 111 103 101 115 49 17 48 15 06 03 85 04 03 19 08 97 114 112 111 97 100 111 114
    TLSCertSN (UInt8): 12 00 00 00 00 00 03 12 23 50

     

    Success

    WMI Class MSFT_SIPListeningAddressData

     

    WMI Class Path: \\FRONTENDSERV\root\cimv2:MSFT_SIPListeningAddressData
    WMI Instance Path: \\FRONTENDSERV\root\cimv2:MSFT_SIPListeningAddressData.InstanceID="{1D3A517C-930C-43EE-9F30-C7304ED0922F}"
    Enabled (Boolean):
    True
    InstanceID (String): {1D3A517C-930C-43EE-9F30-C7304ED0922F}
    IPAddress (String): *
    Port (UInt32): 5061
    TLSCertIssuer (UInt8): [NULL]
    TLSCertSN (UInt8): [NULL]
    TransportType (String): MTLS

     

    Success

                 

     

    Connecting to A/V Authentication Edge Server to get credentials

     

     

     

    Success

    Test if A/V conferencing edge server is alive

     

    Tcp port of Audio/Video Conferencing Edge Server: x.x.x.4:443
    Udp port of Audio/Video Conferencing Edge Server: x.x.x.4:3478

     

    Failure
    [0xC3FC200D] One or more errors were detected

     

    A/V Authentication Edge Server x.x.x.4

     

    DNS Resolution failure: No such host is known
    Suggested Resolution: Make sure there are no typos in the Server name. Make sure that the Server name is published in the DNS (A or SRV record) or hosts file entry is configured correctly.

     

    Failure
    [0xC3FC200D] One or more errors were detected

     

     

     

     

    Anyone know why?


    Thanks

    Monday, July 27, 2009 6:16 PM

Answers

  • Client will attempt a peer-to-peer connection first, and if that fails to establish then they will setup the media streams between the Edge server.  If you are capturing packets on the clietn during this then you'll see outbound packet sent nearly simultanously to both the remote peer and the Edge internal IP.  If a P2P session is established then you won't see anything more out to the Edge server.

    If you doin't see the internal client even sending packets to the internal Edge interface then you may still have some configuration information missing in OCS preventing the clients from even attempting a media connection through Edge.
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Tuesday, July 28, 2009 12:45 PM
    Moderator

All replies

  • Do you have a DNS record configured for the A/V Authentication Service?  What DNS server is the Edge server using (assuming that's were the validation wizard was run).  Does it has that A record in it's zone files?
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Monday, July 27, 2009 7:31 PM
    Moderator
  • The validation wizard was run on Front End, the A/V Conferencing Server gave me that error.

    The dns entry for sip.domain.com is pointed to the external ip address

    I Got 2 entries, one on internal DNS and another on Firewall DNS. both poiting for public ip address

    but when doing the validation i bealive the front end trys to connect to internal NIC (x.x.x.4)
    am i right?
    Monday, July 27, 2009 8:15 PM
  • Correct.  The internal Edge FQDN should be resolvable by the internal OCS servers.  Typically tha means creating an internal DNS record (like edgeint.domain.com) and then adding it to the internal forward lookup zones.  The sip.domain.com FQDN is for the external Access Edge role only and is used by external clients to connect, NOT internal clients/server.  All internal hosts talk to the internal Edge interface, while all external hosts conntect to the external Access Edge interface.

    Thus, you can't use the public facing IP for internal host connections.  The internal interface listens on 5061 and 8057, for example while the external interface listens for client connections on 443.  So even if the DNS resolves corretly to an external IP, connections will still fail.
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Monday, July 27, 2009 9:09 PM
    Moderator
  • Ok Thanks Jeff.. i moved the internal DNS entry to the internal NIC /IP of edge, but the error remains the same.. Where else i can test this?? If i try to make a video or audio call between a internal and a external client (both with communicator client) The internal Client trys to reach directly with the external by all those Upper Ports (like 50.000 +) and the firewall is blockig all these out ports for internal clients do you know why it is happening?? Thanks
    Tuesday, July 28, 2009 11:10 AM
  • Client will attempt a peer-to-peer connection first, and if that fails to establish then they will setup the media streams between the Edge server.  If you are capturing packets on the clietn during this then you'll see outbound packet sent nearly simultanously to both the remote peer and the Edge internal IP.  If a P2P session is established then you won't see anything more out to the Edge server.

    If you doin't see the internal client even sending packets to the internal Edge interface then you may still have some configuration information missing in OCS preventing the clients from even attempting a media connection through Edge.
    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Tuesday, July 28, 2009 12:45 PM
    Moderator
  • hmm thanks Jeff never looked that way..
    now i allowed the trafic from external Edge IP and the connections flowed..

    thanks man
    Tuesday, July 28, 2009 6:32 PM