Lync Federation not working with only one partner
-
lunedì 11 giugno 2012 02:59
Im currently experiencing an issue where federation is not working with only a single partner one way. We have tried using multiple user accounts on separate workstations. We federate with 10s of other companies and have no issues. My log is below, the access edge of the partner is federation.dell.com. THanks for any help!!!!
TL_INFO(TF_PROTOCOL) [0]05C8.0AE0::06/08/2012-22:41:23.840.000003c4 (SIPStack,SIPAdminLog::TraceProtocolRecord:SIPAdminLog.cpp(125))$$begin_record
Trace-Correlation-Id: 723867992
Instance-Id: 000001C7
Direction: incoming;source="internal edge";destination="external edge"
Peer: nc01ucswps001.MyCompany.com:49624
Message-Type: request
Start-Line: INVITE sip:DellUser@dell.com SIP/2.0
From: "LyncAdmin"<sip:lyncadmin@MyCompany.com>;tag=cb18cf313e;epid=4970e9fa83
To: <sip:DellUser@dell.com>
CSeq: 1 INVITE
Call-ID: 6cfcff8e024540488ee090dde7267c55
Record-Route: <sip:NC01UCSWPS001.MyCompany.com:5061;transport=tls;opaque=state:T;lr>;tag=F3CFFB64E7481C5B4E0C69B94B9FE901
Via: SIP/2.0/TLS 10.17.52.10:49624;branch=z9hG4bKB2FBDFB2.42F33684D4F449B4;branched=FALSE
Max-Forwards: 69
ms-application-via: SIP;ms-urc-rs-from;ms-server=NC01UCSWPS001.MyCompany.com;ms-pool=NC01UCSWPS001.MyCompany.com;ms-application=ad894dc3-55e0-44bf-a07e-3c073aaa4a57
Via: SIP/2.0/TLS 10.17.52.10:49682;ms-received-port=49682;ms-received-cid=1E00
Contact: <sip:lyncadmin@MyCompany.com;opaque=user:epid:7kZ8wL30hFKAGu3cCFh78QAA;gruu>
User-Agent: UCCAPI/4.0.7577.0 OC/4.0.7577.0 (Microsoft Lync 2010)
Supported: ms-dialog-route-set-update
Ms-Text-Format: text/plain; charset=UTF-8;msgr=WAAtAE0ATQBTAC0ASQBNAC0ARgBvAHIAbQBhAHQAOgAgAEYATgA9AFMAZQBnAG8AZQAlADIAMABVAEkAOwAgAEUARgA9ADsAIABDAE8APQAwADsAIABDAFMAPQAwADsAIABQAEYAPQAwAAoADQAKAA0A;
Supported: ms-delayed-accept
Supported: ms-renders-gif
Supported: ms-renders-mime-alternative
Ms-Conversation-ID: Ac1FxuF3Jma8CMg7RjScRxFS+74g1AAAJQ+gAAAAiuAAABdQUA==
Supported: timer
Supported: histinfo
Supported: ms-safe-transfer
Supported: ms-sender
Supported: ms-early-media
Roster-Manager: sip:lyncadmin@MyCompany.com
EndPoints: <sip:lyncadmin@MyCompany.com>, <sip:DellUser@dell.com>
Supported: com.microsoft.rtc-multiparty
ms-keep-alive: UAC;hop-hop=yes
Allow: INVITE, BYE, ACK, CANCEL, INFO, MESSAGE, UPDATE, REFER, NOTIFY, BENOTIFY
ms-subnet: 172.17.52.0
Supported: ms-conf-invite
Content-Type: application/sdp
Content-Length: 223
ms-routing-phase: from-uri-routing-done
ms-user-data: ms-publiccloud=TRUE;ms-federation=TRUE
Message-Body: v=0
o=- 0 0 IN IP4 10.17.52.10
s=session
c=IN IP4 10.17.52.10
t=0 0
m=message 5060 sip null
a=accept-types:text/plain multipart/alternative image/gif text/rtf text/html application/ms-imdn+xml text/x-msmsgsinvite
$$end_record
TL_INFO(TF_CONNECTION) [0]05C8.0AE0::06/08/2012-22:41:23.939.00000982 (SIPStack,SIPAdminLog::TraceConnectionRecord:SIPAdminLog.cpp(164))$$begin_record
LogType: connection
Severity: information
Text: TLS negotiation started
Local-IP: 192.168.45.14:49240
Peer-IP: 143.166.83.215:5061
Peer-FQDN: federation.dell.com
Connection-ID: 0x5A00
Transport: TLS
$$end_record
TL_INFO(TF_DIAG) [0]05C8.08C8::06/08/2012-22:41:24.044.00000c9a (SIPStack,SIPAdminLog::TraceDiagRecord:SIPAdminLog.cpp(147))$$begin_record
LogType: diagnostic
Severity: information
Text: Routed a locally generated request
SIP-Start-Line: NEGOTIATE sip:127.0.0.1:5061 SIP/2.0
SIP-Call-ID: 1DE05BCFF90E5EE7F3AD
SIP-CSeq: 1 NEGOTIATE
Peer: federation.dell.com:5061
Data: destination="federation.dell.com"
$$end_record
TL_INFO(TF_PROTOCOL) [0]05C8.08C8::06/08/2012-22:41:24.044.00000cd7 (SIPStack,SIPAdminLog::TraceProtocolRecord:SIPAdminLog.cpp(125))$$begin_record
Trace-Correlation-Id: 4268654737
Instance-Id: 000001C8
Direction: outgoing;source="local";destination="external edge"
Peer: federation.dell.com:5061
Message-Type: request
Start-Line: NEGOTIATE sip:127.0.0.1:5061 SIP/2.0
From: sip:sip.MyCompany.com;tag=397CE528F730300F88815B6A71139FDA
To: sip:federation.dell.com
CSeq: 1 NEGOTIATE
Call-ID: 1DE05BCFF90E5EE7F3AD
Via: SIP/2.0/TLS 192.168.45.14:49240;branch=z9hG4bK37AA6EF6.36B66B210E2539B4;branched=FALSE
Max-Forwards: 0
Compression: LZ77-64K
Supported: NewNegotiate,OCSNative,ECC
Server: RTC/4.0
Content-Length: 0
Message-Body: –
$$end_record
TL_ERROR(TF_CONNECTION) [0]05C8.08C8::06/08/2012-22:41:24.054.00000d61 (SIPStack,SIPAdminLog::TraceConnectionRecord:SIPAdminLog.cpp(160))$$begin_record
LogType: connection
Severity: error
Text: Receive operation on the connection failed
Local-IP: 192.168.45.14:49240
Peer-IP: 143.166.83.215:5061
Peer-FQDN: federation.dell.com
Peer-Name: federation.dell.com
Connection-ID: 0x5A00
Transport: M-TLS
Result-Code: 0x80072746 WSAECONNRESET
Data: fqdn="federation.dell.com";peer-type="FederatedPartner";winsock-code="10054"
$$end_record
TL_ERROR(TF_DIAG) [0]05C8.08C8::06/08/2012-22:41:24.054.00000d97 (SIPStack,SIPAdminLog::TraceDiagRecord:SIPAdminLog.cpp(143))$$begin_record
LogType: diagnostic
Severity: error
Text: Message was not sent because the connection was closed
SIP-Start-Line: INVITE sip:DellUser@dell.com SIP/2.0
SIP-Call-ID: 6cfcff8e024540488ee090dde7267c55
SIP-CSeq: 1 INVITE
Peer: federation.dell.com:5061
$$end_record
TL_INFO(TF_DIAG) [0]05C8.08C8::06/08/2012-22:41:24.054.0000112b (SIPStack,SIPAdminLog::TraceDiagRecord:SIPAdminLog.cpp(147))$$begin_record
LogType: diagnostic
Severity: information
Text: Response successfully routed
SIP-Start-Line: SIP/2.0 504 Server time-out
SIP-Call-ID: 6cfcff8e024540488ee090dde7267c55
SIP-CSeq: 1 INVITE
Peer: nc01ucswps001.MyCompany.com:49624
Data: destination="nc01ucswps001.MyCompany.com"
$$end_record
TL_INFO(TF_PROTOCOL) [0]05C8.08C8::06/08/2012-22:41:24.054.00001172 (SIPStack,SIPAdminLog::TraceProtocolRecord:SIPAdminLog.cpp(125))$$begin_record
Trace-Correlation-Id: 723867992
Instance-Id: 000001C9
Direction: outgoing;source="local";destination="internal edge"
Peer: nc01ucswps001.MyCompany.com:49624
Message-Type: response
Start-Line: SIP/2.0 504 Server time-out
From: "LyncAdmin"<sip:lyncadmin@MyCompany.com>;tag=cb18cf313e;epid=4970e9fa83
To: <sip:DellUser@dell.com>;tag=397CE528F730300F88815B6A71139FDA
CSeq: 1 INVITE
Call-ID: 6cfcff8e024540488ee090dde7267c55
Via: SIP/2.0/TLS 10.17.52.10:49624;branch=z9hG4bKB2FBDFB2.42F33684D4F449B4;branched=FALSE;ms-received-port=49624;ms-received-cid=2000
Via: SIP/2.0/TLS 10.17.52.10:49682;ms-received-port=49682;ms-received-cid=1E00
ms-diagnostics: 1047;reason="Failed to complete TLS negotiation with a federated peer server";WinsockFailureCode="10054(WSAECONNRESET)";WinsockFailureDescription="The peer forced closure of the connection";Peer="federation.dell.com";Port="5061";source="sip.MyCompany.com"
Server: RTC/4.0
Content-Length: 0
ms-edge-proxy-message-trust: ms-source-type=EdgeProxyGenerated;ms-ep-fqdn=NC01UCSWPS002.MyCompany.com;ms-source-verified-user=verified
Message-Body: –
$$end_record
Tutte le risposte
-
lunedì 11 giugno 2012 14:06Does Dell support Open Federation? If they don't then that would be the cause of your problem.
-
lunedì 11 giugno 2012 15:50Yes they support it
-
martedì 12 giugno 2012 03:20Moderatore
Hi,
Have you tried Test-CsFederatedPartner to test the issue?
http://technet.microsoft.com/en-us/library/gg398281.aspx
Here are some tips for you:
1)Please verify that the domain federation.dell.com is listed in the collection of allowed (federated) domains,you can use New-CsAllowedDomain to add it in your federated domains.
2)Please make sure there is no replication issue on your Edge server.
3)Would you please tell us the details about your FQDN of your access Edge and certificates SAN of edge server external interface, and SRV record for federation? Here is an issue which was caused by SRV record:
In addition, you can try to get help from your federated partner, let he get logs in their edge server and find why their edge server blocks the message from your domain.
Regards,
Kent Huang
TechNet Community Support ************************************************************************************************************************
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question.
- Modificato Kent-HuangModerator martedì 12 giugno 2012 03:20
-
martedì 12 giugno 2012 12:38
Yes test-csfederated partner returns a 504 error. dell.com is added as a trusted domain, with federation.dell.com listed as access edge. If I invoke replication and then check it after about1-2 minutes it says replicated true. On our ede SIP.mycompany.com is the subject name with ever single other service as SANs. Our SRV records are setup properly as we federate with many other partners successfully.
thanks!
-
martedì 12 giugno 2012 16:50what type of certificate are you using on your edge for external? past experience not all certificates work! the root CA needs to be installed on the remote edge server(s) . if Dell does not have the root CA certificated installed on their edge pool that you use for federation the federation will fail.
If this post answered your question, Mark As Answer If this post was helpful, Vote as Helpful ---------------------------------------------------------- http://lyncme.blogspot.com
-
martedì 12 giugno 2012 17:02
Its a Thawte UC cert and at one point federation worked but since it has stopped working. Nothing has changed on our side.
Thanks!
-
venerdì 18 gennaio 2013 14:08 It ended up being that Dells Edge did not have updated Intermediate certificates for THawte
- Contrassegnato come risposta aageorge venerdì 18 gennaio 2013 14:08
.png)
