Answered by:
Federation issue with Microsoft

Question
-
Hello
In our company we successfully deployes OCS 2007.
We made federations with other 3 companies.
But we have troubles with federation with Microsoft.
Validation test for federation with Microsoft returns such answer:
Validation Test Result: Successful
Validation Test Details: Testing connectivity for console input server
Check machine sip.sipdomainname on 195.xxx.xxx.xx:5061 : tls : FAIL
The supplied message is incomplete. The signature was not verified
I have cheked DNS, certificates and firewalls.
The most strange thing that we have presence, IM and A/V with thouse three companies.
But cant have a presence or IM from Microsoft contacts.
Could you help where to look for problems?Saturday, March 14, 2009 10:21 PM
Answers
-
then i do not see any problem apart from the fact that MS has yet not provisioned your request. I would suggest you to check with MS contact with whom you been in touch to request the federation.
Anuj- Marked as answer by Andrey Veselov Sunday, March 15, 2009 12:42 PM
Sunday, March 15, 2009 12:12 PM
All replies
-
Hi, Try to look for an error inSIPStack from Edge.Communicator UCCP logs after adding a MS contact.Anuj.
AnujSaturday, March 14, 2009 10:40 PM -
I have removed and added again one of MS contact.
>>SIPStack from Edge.
I think this is the error message.
TL_INFO(TF_PROTOCOL) [3]0D54.0FE4::03/15/2009-09:49:14.171.00556f3e (SIPStack,SIPAdminLog::TraceProtocolRecord:1224.idx(122))$$begin_record
Instance-Id: 0000343A
Direction: outgoing;source="external edge";destination="internal edge"
Peer: pool-ocs01.prozium.local:2304
Message-Type: response
Start-Line: SIP/2.0 504 Server time-out
From: "Andrey Veselov"<sip:veselov.andrey@ocs.softline.kiev.ua>;tag=d6b6d8d984;epid=c513f70df6
To: <sip:v-kathgr@microsoft.com>;tag=F3839EC649C1BEB2E57FC49924C32A93
CSeq: 1 INVITE
Call-ID: 81932a27c23a443fa65724790ddb9985
ms-edge-proxy-message-trust: ms-source-type=DirectPartner;ms-ep-fqdn=tap-edge01-s3k.prozium.local;ms-source-verified-user=verified;ms-source-network=federation
Via: SIP/2.0/TLS 10.1.8.31:2304;branch=z9hG4bK67184943.59F92D1F;branched=FALSE;ms-received-port=2304;ms-received-cid=2DB00
Via: SIP/2.0/TLS 10.10.10.220:2218;branch=z9hG4bKCFB80AF4.BFCDA78D;branched=FALSE;ms-received-port=2218;ms-received-cid=5A100
Via: SIP/2.0/TLS 77.87.32.227:1191;ms-received-port=1191;ms-received-cid=2DA00
Content-Length: 0
ms-diagnostics: 1011;reason="Ms-Diagnostics header not provided by previous hop";source="sip.ocs.softline.kiev.ua";Domain="microsoft.com";PeerServer="sipfed.microsoft.com"
Message-Body: –
$$end_record
>>Communicator UCCP logs after adding a MS contact.
03/15/2009|11:49:20.328 109C:10A0 INFO :: Data Received - 195.245.253.44:443 (To Local Address: 77.87.32.227:1191) 931 bytes:
03/15/2009|11:49:20.328 109C:10A0 INFO :: SIP/2.0 504 Server time-out
ms-user-logon-data: RemoteUser
Authentication-Info: NTLM rspauth="0100000098E13003C4D65F5DC59C6D07", srand="CFC07585", snum="149", opaque="AA29BD6B", qop="auth", targetname="ocs-ocs01-s3k.prozium.local", realm="SIP Communications Service"
ms-edge-proxy-message-trust: ms-source-type=DirectPartner;ms-ep-fqdn=tap-edge01-s3k.prozium.local;ms-source-verified-user=verified;ms-source-network=federation
From: "Andrey Veselov"<sip:veselov.andrey@ocs.softline.kiev.ua>;tag=d6b6d8d984;epid=c513f70df6
To: <sip:v-kathgr@microsoft.com>;tag=F3839EC649C1BEB2E57FC49924C32A93
Call-ID: 81932a27c23a443fa65724790ddb9985
CSeq: 1 INVITE
Via: SIP/2.0/TLS 77.87.32.227:1191;ms-received-port=1191;ms-received-cid=2DA00
Content-Length: 0
ms-diagnostics: 1011;reason="Ms-Diagnostics header not provided by previous hop";source="sip.ocs.softline.kiev.ua";Domain="microsoft.com";PeerServer="sipfed.microsoft.com"
03/15/2009|11:49:20.328 109C:10A0 INFO :: End of Data Received - 195.245.253.44:443 (To Local Address: 77.87.32.227:1191) 931 bytes
As far as I can see the problem is: "Ms-Diagnostics header not provided by previous hop".
What is it about?Sunday, March 15, 2009 9:58 AM -
Server and Client shows
"504 Server time-out"
which means "sipfed.microsoft.com" is not sending a response back for this Invite!
Are you able to telnet sipfed.microsoft.com on 5061 ?
Have you requested a federation with Microsoft and have you got a confirmation that it has been successfully provisioned ?
AnujSunday, March 15, 2009 10:35 AM -
>>telnet sipfed.microsoft.com on 5061
Yes, I can get response from Edge server.
Yes, we requested federation from Microsoft.
I don’t quite get what you mean by "successfully provisioned".
I got a reply about validation of federation.
>>Validation test for federation with Microsoft returns such answer:
>>
>>Validation Test Result: Successful
>>Validation Test Details: Testing connectivity for console input server
>>Check machine sip.sipdomainname on 195.xxx.xxx.xx:5061 : tls : FAIL
>>The supplied message is incomplete. The signature was not verified
I can’t find what it means: "The supplied message is incomplete. The signature was not verified"Sunday, March 15, 2009 11:06 AM -
Which Certificate Authority are you using on external interface?
AnujSunday, March 15, 2009 11:26 AM -
Anuj [MSFT] said:
Which Certificate Authority are you using on external interface?
Anuj
We are using third-party UC certificate from Digicert at external interface of Access Edge.
We have consolidated Edge topology with three external NIC each with publicity routable IP.
Sunday, March 15, 2009 11:48 AM -
then i do not see any problem apart from the fact that MS has yet not provisioned your request. I would suggest you to check with MS contact with whom you been in touch to request the federation.
Anuj- Marked as answer by Andrey Veselov Sunday, March 15, 2009 12:42 PM
Sunday, March 15, 2009 12:12 PM -
Hi Andrey
We are having same issue as yours;
Did you solve your problem?
RegardsWednesday, July 1, 2009 12:40 PM -
Yes, we solve the problem.
MS provisioned our request and set up federation from their side and we got a working federation.Wednesday, July 22, 2009 3:10 PM