locked
Federation issue with Microsoft RRS feed

  • Question

  • Hello

    In our company we successfully deployes OCS 2007.
    We made federations with other 3 companies.
    But we have troubles with federation with Microsoft.

    Validation test for federation with Microsoft returns such answer:

    Validation Test Result: Successful
    Validation Test Details: Testing connectivity for console input server
    Check machine sip.sipdomainname on 195.xxx.xxx.xx:5061 : tls : FAIL
    The supplied message is incomplete. The signature was not verified

    I have cheked DNS, certificates and firewalls.
    The most strange thing that we have presence, IM and A/V with thouse three companies.
    But cant have a presence or IM from Microsoft contacts.

    Could you help where to look for problems?

    Saturday, March 14, 2009 10:21 PM

Answers

  • then i do not see any problem apart from the fact that MS has yet not provisioned your request. I would suggest you to check with MS contact with whom you been in touch to request the federation.
    Anuj
    Sunday, March 15, 2009 12:12 PM

All replies

  • Hi, Try to look for an error in

    SIPStack from Edge.
    Communicator UCCP logs after adding a MS contact.

    Anuj.

    Anuj
    Saturday, March 14, 2009 10:40 PM
  • I have removed and added again one of MS contact.

    >>SIPStack from Edge.
    I think this is the error message.

    TL_INFO(TF_PROTOCOL) [3]0D54.0FE4::03/15/2009-09:49:14.171.00556f3e (SIPStack,SIPAdminLog::TraceProtocolRecord:1224.idx(122))$$begin_record
    Instance-Id: 0000343A
    Direction: outgoing;source="external edge";destination="internal edge"
    Peer: pool-ocs01.prozium.local:2304
    Message-Type: response
    Start-Line: SIP/2.0 504 Server time-out
    From: "Andrey Veselov"<sip:veselov.andrey@ocs.softline.kiev.ua>;tag=d6b6d8d984;epid=c513f70df6
    To: <sip:v-kathgr@microsoft.com>;tag=F3839EC649C1BEB2E57FC49924C32A93
    CSeq: 1 INVITE
    Call-ID: 81932a27c23a443fa65724790ddb9985
    ms-edge-proxy-message-trust: ms-source-type=DirectPartner;ms-ep-fqdn=tap-edge01-s3k.prozium.local;ms-source-verified-user=verified;ms-source-network=federation
    Via: SIP/2.0/TLS 10.1.8.31:2304;branch=z9hG4bK67184943.59F92D1F;branched=FALSE;ms-received-port=2304;ms-received-cid=2DB00
    Via: SIP/2.0/TLS 10.10.10.220:2218;branch=z9hG4bKCFB80AF4.BFCDA78D;branched=FALSE;ms-received-port=2218;ms-received-cid=5A100
    Via: SIP/2.0/TLS 77.87.32.227:1191;ms-received-port=1191;ms-received-cid=2DA00
    Content-Length: 0
    ms-diagnostics: 1011;reason="Ms-Diagnostics header not provided by previous hop";source="sip.ocs.softline.kiev.ua";Domain="microsoft.com";PeerServer="sipfed.microsoft.com"
    Message-Body: –
    $$end_record


    >>Communicator UCCP logs after adding a MS contact.

    03/15/2009|11:49:20.328 109C:10A0 INFO  :: Data Received - 195.245.253.44:443 (To Local Address: 77.87.32.227:1191) 931 bytes:
    03/15/2009|11:49:20.328 109C:10A0 INFO  :: SIP/2.0 504 Server time-out
    ms-user-logon-data: RemoteUser
    Authentication-Info: NTLM rspauth="0100000098E13003C4D65F5DC59C6D07", srand="CFC07585", snum="149", opaque="AA29BD6B", qop="auth", targetname="ocs-ocs01-s3k.prozium.local", realm="SIP Communications Service"
    ms-edge-proxy-message-trust: ms-source-type=DirectPartner;ms-ep-fqdn=tap-edge01-s3k.prozium.local;ms-source-verified-user=verified;ms-source-network=federation
    From: "Andrey Veselov"<sip:veselov.andrey@ocs.softline.kiev.ua>;tag=d6b6d8d984;epid=c513f70df6
    To: <sip:v-kathgr@microsoft.com>;tag=F3839EC649C1BEB2E57FC49924C32A93
    Call-ID: 81932a27c23a443fa65724790ddb9985
    CSeq: 1 INVITE
    Via: SIP/2.0/TLS 77.87.32.227:1191;ms-received-port=1191;ms-received-cid=2DA00
    Content-Length: 0
    ms-diagnostics: 1011;reason="Ms-Diagnostics header not provided by previous hop";source="sip.ocs.softline.kiev.ua";Domain="microsoft.com";PeerServer="sipfed.microsoft.com"


    03/15/2009|11:49:20.328 109C:10A0 INFO  :: End of Data Received - 195.245.253.44:443 (To Local Address: 77.87.32.227:1191) 931 bytes

    As far as I can see the problem is: "Ms-Diagnostics header not provided by previous hop".

    What is it about?
    Sunday, March 15, 2009 9:58 AM
  • Server and Client shows 

    "504 Server time-out"
     
    which means "sipfed.microsoft.com" is not sending a response back for this Invite!

    Are you able to telnet sipfed.microsoft.com on 5061 ?

    Have you requested a federation with Microsoft and have you got a confirmation that it has been successfully provisioned ?


    Anuj
    Sunday, March 15, 2009 10:35 AM
  • >>telnet sipfed.microsoft.com on 5061

    Yes, I can get response from Edge server.

    Yes, we requested federation from Microsoft.
    I don’t quite get what you mean by "successfully provisioned".
    I got a reply about validation of federation.

    >>Validation test for federation with Microsoft returns such answer:
    >>
    >>Validation Test Result: Successful
    >>Validation Test Details: Testing connectivity for console input server
    >>Check machine sip.sipdomainname on 195.xxx.xxx.xx:5061 : tls : FAIL
    >>The supplied message is incomplete. The signature was not verified

    I can’t find what it means: "The supplied message is incomplete.
    The signature was not verified"

    Sunday, March 15, 2009 11:06 AM
  • Which Certificate Authority are you using on external interface?


    Anuj
    Sunday, March 15, 2009 11:26 AM
  • Anuj [MSFT] said:

    Which Certificate Authority are you using on external interface?


    Anuj


    We are using third-party UC certificate from Digicert at external interface of Access Edge.


    We have consolidated Edge topology with three external NIC each with publicity routable IP.


    Sunday, March 15, 2009 11:48 AM
  • then i do not see any problem apart from the fact that MS has yet not provisioned your request. I would suggest you to check with MS contact with whom you been in touch to request the federation.
    Anuj
    Sunday, March 15, 2009 12:12 PM
  • Hi Andrey

    We are having same issue as yours;

    Did you solve your problem?

    Regards
    Wednesday, July 1, 2009 12:40 PM
  • Yes, we solve the problem.
    MS provisioned our request and set up federation from their side and we got a working federation.
    Wednesday, July 22, 2009 3:10 PM