locked
Cannot start audio/video/file transfer from internal to external user and vice versa RRS feed

  • Question

  • Hi everyone,
    I've deployed OCS 2007 R2 std on a single test server with only one NIC, which is on the LAN subnet. I have only one public Ip address, and ports for external communication are directly forwarded to this machine (I know this is a mess, I'll change it but for the moment it works)
    All the roles are on this server.

    Then, I install Communicator R2 on some computers inside the network and outside the network for external users.
    It works fine (IM + AV + file sharing + desktop sharing) from :
    -Inside to inside
    -Outside to outside
    -Inside to outside when connected to VPN
    But when a user from outside communicates with an inside user, I can only use IM,  AV, file and deskop sharing doesn't work. I got the following message : "The call was disconnected because communicator stopped receiving audio from USERNAME. Please try the call again". It sounded like a NAT problem.

    So, after digging this problem, I found a useful post concerning this : http://blogs.technet.com/rickva/archive/2009/04/03/Configuring-A_2F00_V-Edge-Service-for-NAT.aspx .
    But the fact is that I don't have an Edge server, every roles are on the same server. How I am suppose to configure my OCS server to correctly configure the NAT?

    Thanks !

    Monday, August 10, 2009 10:54 AM

Answers

  • Media sessions between internal and external clients are not supported without an Edge server.  Clients will first attempt a peer-to-peer connection between themselves and if that cannot be established then the Edge server is used to proxy the streams.

    Once the clients establish a P2P session they will attempt to transmit media over dynamically addresses ports in the range of 1024-65535 UDP/TCP (technically I believe only TCP is used for Desktop Sharing, UDP is used by Audio/Video).
    Take a look at the Office Communicator component in this table: http://technet.microsoft.com/en-us/library/bb870402.aspx

    In order to allow media between clients across a firewall you'd want to configure OC to use a smaller range of ports (minimum of 20 ports) the Media Port Range (via GPO) in the OC client and then open just that range of ports on the firewall between subnets.
    Details for that can be found here: http://technet.microsoft.com/en-us/library/bb964029.aspx

    Take a look at this previous discussion for some more details:
    http://social.microsoft.com/Forums/en-US/communicationsserversecurity/thread/3325319f-5696-4ee3-bbb8-ce2df7c703d6

    Ideally, the recommended option is to deploy an Edge server.  Publishing a Front-End server directly to the Internet will offer limited functionality in OCS.


    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Monday, August 10, 2009 12:19 PM
    Moderator
  • It is possible to configure the Edge server internally and then open ports to it, although not best practice, nor recommended.  You'll still need to install two network cards, but connecting them to the same network is a major headache.  Check this article out regarding support (and unsupported) Edge configurations: http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=33

    Also take a look at this article on Live Meeting requirements.  I cover a lot of process and how the client connects.  It should be clear how the Edge server is used there as well.: http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=67


    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Monday, August 10, 2009 1:35 PM
    Moderator

All replies

  • Media sessions between internal and external clients are not supported without an Edge server.  Clients will first attempt a peer-to-peer connection between themselves and if that cannot be established then the Edge server is used to proxy the streams.

    Once the clients establish a P2P session they will attempt to transmit media over dynamically addresses ports in the range of 1024-65535 UDP/TCP (technically I believe only TCP is used for Desktop Sharing, UDP is used by Audio/Video).
    Take a look at the Office Communicator component in this table: http://technet.microsoft.com/en-us/library/bb870402.aspx

    In order to allow media between clients across a firewall you'd want to configure OC to use a smaller range of ports (minimum of 20 ports) the Media Port Range (via GPO) in the OC client and then open just that range of ports on the firewall between subnets.
    Details for that can be found here: http://technet.microsoft.com/en-us/library/bb964029.aspx

    Take a look at this previous discussion for some more details:
    http://social.microsoft.com/Forums/en-US/communicationsserversecurity/thread/3325319f-5696-4ee3-bbb8-ce2df7c703d6

    Ideally, the recommended option is to deploy an Edge server.  Publishing a Front-End server directly to the Internet will offer limited functionality in OCS.


    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Monday, August 10, 2009 12:19 PM
    Moderator
  • Thank you Jeff for this useful answer. I'll try this.
    I know that having no Edge servers will make things harder to configure. Is it possible to add an Edge server on the same subnet (LAN) as the OCS Server subnet? Because I have no DMZ on my network and only one public IP address.

    On the link you gave me (http://technet.microsoft.com/en-us/library/bb964029.aspx), it also mentions Live Meeting client ports.
    As I also got a similar problem with Live Meeting (internal meetings works, external users cannot use Live Meeting at all even with VPN), do I have to do the same to get it work ?
    Monday, August 10, 2009 12:55 PM
  • It is possible to configure the Edge server internally and then open ports to it, although not best practice, nor recommended.  You'll still need to install two network cards, but connecting them to the same network is a major headache.  Check this article out regarding support (and unsupported) Edge configurations: http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=33

    Also take a look at this article on Live Meeting requirements.  I cover a lot of process and how the client connects.  It should be clear how the Edge server is used there as well.: http://blogs.pointbridge.com/Blogs/schertz_jeff/Pages/Post.aspx?_ID=67


    Jeff Schertz, PointBridge | MVP | MCITP: Enterprise Messaging | MCTS: OCS
    Monday, August 10, 2009 1:35 PM
    Moderator