Friday, January 27, 2012 11:10 AM
We have a full running environment with FE STD en EDGE (DMZ), everything works (External access, Video/voice, Telephony, everything internal/external) except Video/Voice with federation...
The federation works for IM/Presence but no AV...
We have tried already to monitor traffic on the firewall and the only thing we are seeing is that the incoming connection from the federated user is going to the wrong ip address for port 3478 (the SIP access public IP instead of the AV service IP) and is dropped (because there are no NAT rules on the SIP public ip for 3478).
Has someone any idea why the connection is going to the wrong IP address? Topology builder has the correct settings...
Any help would be welcome!
FYI, we applied this settings on the firewall:
- Edited by MVK2012 Friday, January 27, 2012 11:15 AM
Friday, January 27, 2012 1:42 PM
Any possibilities to get both Communicator uccapi loggings - the federated account & your Lync users? Upload it to Skydrive and I'll have a look at it. Try to get a logging at the Access Edge server would be useful as well.
Probably a ridiculous thing but could you confirm whether the NAT IP address are correctly mapped? Assuming each services above is having its own public IP address and it is mapped to the correct internal IP of the Access Edge external interface.
James Ooi MCITP Lync Server 2010 | Blog: http://jamesosw.wordpress.com Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread
Friday, January 27, 2012 1:44 PM
Few questions here;
- Does audio/video call fail across federated partners or any specific partner ?
- Are you able to make AV calls between external cor user (internet/home) and internal user (with in office network) ?
- Can you schedule a Lync online meeting and send it to federated partner and check the AV connectivity (When they connect the Lync-online link, try to capture the traffic on your firewall) ?
Friday, January 27, 2012 2:59 PM
If you see the Port 3478 hitting the wrong IP, check you av.sipdomain.com is pointing to the correct Public IP and NAT'ed to the correct DMZ IP. The topology edge configuraiton has the filed for NAT'ed IP, this should be the Public IP for your AV role, not the Access or Webconf. If you send a packet form your AV interface, it should be providing the Public IP for this interface in the packet (1:1 NAT).
Tuesday, January 31, 2012 10:27 AMModerator
Agree with Jeff,hitting wrong IP is probably caused by incorrect public IP defined in the "NAT enabled public IP address used" in the properities of Edge server in the topology,you can change it to the correct A/V edge public IP address and republish the topology.
TechNet Community Support
- Marked As Answer by Sharon.ShenMicrosoft Contingent Staff, Moderator Monday, February 06, 2012 10:54 AM
Tuesday, August 28, 2012 8:16 PM
i have the same issue. howerver i am using a single fqdn and ip address for my sip, web conference, and A/V service
the only question is mhy sip port (5061) is the same as the federation port
when i did packet capture i see that the edge server is trying to communicate to the actual ip address of the remote (federated client) instead of the public ip.
i am wondering if it has to do with any alg setting on the firewall