Federation issue with Microsoft

All replies

• 

  

  1

  Sign in to vote

  Hi, Try to look for an error in

  
  

  SIPStack from Edge.

  Communicator UCCP logs after adding a MS contact.

  
  

  Anuj.

  ---

  Anuj

  Saturday, March 14, 2009 10:40 PM
• 

  

  0

  Sign in to vote

  I have removed and added again one of MS contact.
  
  >>SIPStack from Edge.
  I think this is the error message.
  
  TL_INFO(TF_PROTOCOL) [3]0D54.0FE4::03/15/2009-09:49:14.171.00556f3e (SIPStack,SIPAdminLog::TraceProtocolRecord:1224.idx(122))$$begin_record
  Instance-Id: 0000343A
  Direction: outgoing;source="external edge";destination="internal edge"
  Peer: pool-ocs01.prozium.local:2304
  Message-Type: response
  Start-Line: SIP/2.0 504 Server time-out
  From: "Andrey Veselov"<sip:veselov.andrey@ocs.softline.kiev.ua>;tag=d6b6d8d984;epid=c513f70df6
  To: <sip:v-kathgr@microsoft.com>;tag=F3839EC649C1BEB2E57FC49924C32A93
  CSeq: 1 INVITE
  Call-ID: 81932a27c23a443fa65724790ddb9985
  ms-edge-proxy-message-trust: ms-source-type=DirectPartner;ms-ep-fqdn=tap-edge01-s3k.prozium.local;ms-source-verified-user=verified;ms-source-network=federation
  Via: SIP/2.0/TLS 10.1.8.31:2304;branch=z9hG4bK67184943.59F92D1F;branched=FALSE;ms-received-port=2304;ms-received-cid=2DB00
  Via: SIP/2.0/TLS 10.10.10.220:2218;branch=z9hG4bKCFB80AF4.BFCDA78D;branched=FALSE;ms-received-port=2218;ms-received-cid=5A100
  Via: SIP/2.0/TLS 77.87.32.227:1191;ms-received-port=1191;ms-received-cid=2DA00
  Content-Length: 0
  ms-diagnostics: 1011;reason="Ms-Diagnostics header not provided by previous hop";source="sip.ocs.softline.kiev.ua";Domain="microsoft.com";PeerServer="sipfed.microsoft.com"
  Message-Body: –
  $$end_record
  
  
  >>Communicator UCCP logs after adding a MS contact.
  
  03/15/2009|11:49:20.328 109C:10A0 INFO  :: Data Received - 195.245.253.44:443 (To Local Address: 77.87.32.227:1191) 931 bytes:
  03/15/2009|11:49:20.328 109C:10A0 INFO  :: SIP/2.0 504 Server time-out
  ms-user-logon-data: RemoteUser
  Authentication-Info: NTLM rspauth="0100000098E13003C4D65F5DC59C6D07", srand="CFC07585", snum="149", opaque="AA29BD6B", qop="auth", targetname="ocs-ocs01-s3k.prozium.local", realm="SIP Communications Service"
  ms-edge-proxy-message-trust: ms-source-type=DirectPartner;ms-ep-fqdn=tap-edge01-s3k.prozium.local;ms-source-verified-user=verified;ms-source-network=federation
  From: "Andrey Veselov"<sip:veselov.andrey@ocs.softline.kiev.ua>;tag=d6b6d8d984;epid=c513f70df6
  To: <sip:v-kathgr@microsoft.com>;tag=F3839EC649C1BEB2E57FC49924C32A93
  Call-ID: 81932a27c23a443fa65724790ddb9985
  CSeq: 1 INVITE
  Via: SIP/2.0/TLS 77.87.32.227:1191;ms-received-port=1191;ms-received-cid=2DA00
  Content-Length: 0
  ms-diagnostics: 1011;reason="Ms-Diagnostics header not provided by previous hop";source="sip.ocs.softline.kiev.ua";Domain="microsoft.com";PeerServer="sipfed.microsoft.com"
  
  
  03/15/2009|11:49:20.328 109C:10A0 INFO  :: End of Data Received - 195.245.253.44:443 (To Local Address: 77.87.32.227:1191) 931 bytes
  
  As far as I can see the problem is: "Ms-Diagnostics header not provided by previous hop".
  
  What is it about?
  

  Sunday, March 15, 2009 9:58 AM
• 

  

  1

  Sign in to vote

  Server and Client shows 
  
  "504 Server time-out"
   
  which means "sipfed.microsoft.com" is not sending a response back for this Invite!
  
  Are you able to telnet sipfed.microsoft.com on 5061 ?
  
  Have you requested a federation with Microsoft and have you got a confirmation that it has been successfully provisioned ?
  
  

  ---

  Anuj

  Sunday, March 15, 2009 10:35 AM
• 

  

  0

  Sign in to vote

  >>telnet sipfed.microsoft.com on 5061
  
  Yes, I can get response from Edge server.
  
  Yes, we requested federation from Microsoft.
  I don’t quite get what you mean by "successfully provisioned".
  I got a reply about validation of federation.
  
  >>Validation test for federation with Microsoft returns such answer:
  >>
  >>Validation Test Result: Successful
  >>Validation Test Details: Testing connectivity for console input server
  >>Check machine sip.sipdomainname on 195.xxx.xxx.xx:5061 : tls : FAIL
  >>The supplied message is incomplete. The signature was not verified
  
  I can’t find what it means: "The supplied message is incomplete. The signature was not verified"

  Sunday, March 15, 2009 11:06 AM
• 

  

  1

  Sign in to vote

  Which Certificate Authority are you using on external interface?

  ---

  Anuj

  Sunday, March 15, 2009 11:26 AM
• 

  

  0

  Sign in to vote

  Anuj [MSFT] said:

  Which Certificate Authority are you using on external interface?

  ---

  Anuj

  
  

  We are using third-party UC certificate from Digicert at external interface of Access Edge.

  
  

  We have consolidated Edge topology with three external NIC each with publicity routable IP.

  
  

  Sunday, March 15, 2009 11:48 AM
• 

  

  1

  Sign in to vote

  then i do not see any problem apart from the fact that MS has yet not provisioned your request. I would suggest you to check with MS contact with whom you been in touch to request the federation.

  ---

  Anuj

  • Marked as answer by Andrey Veselov Sunday, March 15, 2009 12:42 PM

  Sunday, March 15, 2009 12:12 PM
• 

  

  0

  Sign in to vote

  Hi Andrey
  
  We are having same issue as yours;
  
  Did you solve your problem?
  
  Regards

  Wednesday, July 1, 2009 12:40 PM
• 

  

  0

  Sign in to vote

  Yes, we solve the problem.
  MS provisioned our request and set up federation from their side and we got a working federation.
  

  Wednesday, July 22, 2009 3:10 PM