none
Unable to communicate with external parties via IM

    Question

  • Hi,

    I am currently deploying Lync 2010 for a customer, and we are experiencing issues when attempting to initiate an IM session with an external party. Below is the current environment:

    - Currently have OCS 2007 R2 running for approx. 150 users. The OCS 2007 R2 infrastructure has not been configured for external federation (This topology has been merged with the Lync topology and connectivity works between OCS & Lync).

    - Lync 2010 EE pool deployed internally, with one server in the pool (running W2K8 R2). This is using a separate SQL 2008 R2 server.

    - Lync Edge server deployed in DMZ (running W2K8 R2). This server has one NIC in the DMZ subnet with a private IP allocated (the internal-facing NIC), and the second NIC is sitting in a different VLAN with the public IP address configured on it (the external-facing NIC). The internal-facing NIC has no default gateway specified, and has persistent static routes configured to internal subnets that contain the internal Lync server and Lync clients. The external-facing NIC has a default gateway set.

    Internal communications is working fine, however, when I attempt to initiate an IM session with an external party (who I know for certain has federation enabled and working), the session fails, and the same in reverse. The Lync client reports the message "user@remotedomain.com.au could not be found and this message was not delivered". In addition to this, the following is logged in Event Viewer on my workstation that I am attempting to initiate the IM from:

    ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

    A SIP request made by Communicator failed in an unexpected manner (status code 80ef0194). More information is contained in the following technical data:
     
     RequestUri:   sip:user@remotedomain.com.au
    From:         sip:user@customer.com.au;tag=6a771f6428
    To:           sip:user@remotedomain.com.au;tag=1122092D2D5D244F6A4A2F967C86D178
    Call-ID:      0aa26c977421450dacf908b326321495
    Content-type: application/sdp;call-type=im

    v=0
    o=- 0 0 IN IP4 sourceIP
    s=session
    c=IN IP4 sourceIP
    t=0 0
    m=message 5060 sip null
    a=accept-types:text/plain multipart/alternative image/gif text/rtf text/html application/x-ms-ink application/ms-imdn+xml text/x-msmsgsinvite


    Response Data:

    404  Not Found
    ms-diagnostics:  1034;reason="Previous hop federated peer did not report diagnostic information";Domain="remotedomain.com.au";PeerServer="lync.remotedomain.com.au";source="lync.customer.com.au";OriginalPresenceState="0";CurrentPresenceState="0";MeInsideUser="No";ConversationInitiatedBy="1";SourceNetwork="5";RemotePartyCanDoIM="Yes";RetriedInvite="true"


     Resolution:
     If this error continues to occur, please contact your network administrator. The network administrator can use a tool like winerror.exe from the Windows Resource Kit or lcserror.exe from the Office Communications Server Resource Kit in order to interpret any error codes listed above.

    ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------

    Nothing is logged on the Lync internal server in Event Viewer that I have been able to find.

    Other information that may be relevant:

    Customer SIP domain: sip.customer.int

    Customer SMTP domain: customer.com.au

    I'm at a loss here as to where to look next. I have a feeling there is something not quite right with my Edge configuration. Any input would be greatly appreciated.

    Thanks,

    Cam


    • Edited by Cam_AU Friday, April 13, 2012 1:01 AM
    Thursday, April 12, 2012 5:37 AM

Answers

  • Hi,

     

    What are the ports you define for SIP, Web and A/V services?

    Since the Lync user log with user@customer.int, there maybe something wrong if SRV are _sipfederationtls._tcp.customer.com.au and _sip._tls.customer.com.au.

     

    In order to test, you can try to add customer.com.au as your sip domain and enable a test user to log on with testuser@customer.com.au. In addition, it is recommend to set sip domain same with smtp domain. Thus, you can set customer.com.au as your second sip domain.

            

    Regards,

    Kent

    Friday, April 13, 2012 5:51 AM
  • Hi Cam,

    I believe that Kent is on the right track suggesting that you try customer.com.au as your sip domain.  Lync federation only works on sip domains which should be publicly routable and not smtp domains.  Having the federation route set up with customer.com.au but the user's sip domain as .int won't work.  This would also cause some issues and complexity for your users to sign in to Lync remotely in a vpnless environment.  Changing their sip domain to customer.com.au should do the trick.

    You could possibly get around this by having the federated partner set up your client as Direct Federated in their Lync Edge.  They could set up an entry for sip domain of customer.int and the fqdn of lync.customer.com.au.  With Direct Federation the SIP domain (in this case customer.int) can be different than what is on the public certificate (lync.customer.com.au).  All thier federated partners would have to do this though so the easiest - if possible - is change their sip domain to customer.com.au.

    Saturday, April 14, 2012 12:54 AM

All replies

  • Hi,

    have you configured the external dns for the EDGE federation and also installe a public certificate?

    Look at Kevin Peters blog

    http://ocsguy.com/2010/11/21/deploying-an-edge-server-with-lync/


    regards Holger Technical Specialist UC

    Thursday, April 12, 2012 7:04 AM
  • Hi Holger,

    Yes, I've configured an A record for lync.sourcedomain.com.au (we are using a single IP for external SIP, Web and A/V services), as well as the srv records _sipfederationtls._tcp.customer.com.au (for port 5061) and _sip._tls.customer.com.au (for port 443).



    • Edited by Cam_AU Friday, April 13, 2012 1:02 AM
    Thursday, April 12, 2012 7:09 AM
  • Could you reach the federation Partner from the edge with

    nslookup

    set type = srv

    __sipfederationtls._tcp.domain.com

    Try to connect with a lync Client from outside or use Telnet to connect to the ports 443 5061


    regards Holger Technical Specialist UC

    Thursday, April 12, 2012 7:44 AM
  • I tested this from a remote site just now with the following results:

    Nslookup:

    Non-authoritative answer:
    _sipfederationtls._tcp.customer.com.au      SRV service location:
              priority       = 0
              weight         = 0
              port           = 5061
              svr hostname   = lync.customer.com.au

    lync.sourcedomain.com.au        internet address = <lync_public_ip>

    I was able to successfully telnet to lync.customer.com.au on both ports 443 and 5061 (a blank telnet prompt was presented).


    • Edited by Cam_AU Friday, April 13, 2012 1:03 AM
    Thursday, April 12, 2012 8:51 AM
  • Can you check that Federation is enabled in the External Access policy and Access Edge Configuration?

    Also is CMS replication to the Edge Server working ok?

    Best bet is to run a SIP trace using the Lync Server Logging Tool on the Edge Server and view it using Snooper (incl in the Resource Kit). This should give you more info as to why it's failing.


    Justin Morris | Consultant | Modality Systems
    Lync Blog - www.justin-morris.net
    Twitter: @justimorris
    If this post has been useful please click the green arrow to the left or click "Propose as answer"

    Thursday, April 12, 2012 10:41 PM
  • Hi Justin,

    Federation is enabled in the External Access Policy for Federated User Access, Remote User Access and Public Provider Access. Under Access Edge Configuration, Federated Users, Remote Users and Anonymous Users are all enabled as well.

    CMS replication appears to be working OK - here's the results of a Get-CsManagementStoreReplicationStatus:

    UpToDate           : True
    ReplicaFqdn        : lyncdmz01.customer.com.au
    LastStatusReport   : 4/11/2012 4:26:58 PM
    LastUpdateCreation : 4/11/2012 4:26:54 PM
    ProductVersion     : 4.0.7577.0
    UpToDate           : True
    ReplicaFqdn        : lync-ee-pool.customer.int
    LastStatusReport   : 3/28/2012 1:07:39 PM
    LastUpdateCreation : 3/22/2012 11:27:07 AM
    ProductVersion     : 4.0.7577.0

    I've just run a SIP trace, and here are the 4 errors that were listed from my test from the customer network to an external federated partner (which happens to be the company I work for):

    Error 1:
    TL_INFO(TF_PROTOCOL) [3]1A4C.1C30::04/13/2012-00:36:09.973.000182a7 (SIPStack,SIPAdminLog::TraceProtocolRecord:SIPAdminLog.cpp(125))$$begin_record
    Trace-Correlation-Id: 2698574407
    Instance-Id: 00001DCB
    Direction: incoming;source="external edge";destination="internal edge"
    Peer: lync.remotedomain.com.au:5061
    Message-Type: response
    Start-Line: SIP/2.0 404 Not Found
    From: "Source User"<sip:SourceUser@customer.int>;tag=517d299d8c;epid=9db2a1a653
    To: <sip:TargetUser@remotedomain.com.au>;tag=1122092D2D5D244F6A4A2F967C86D178
    CSeq: 1 INVITE
    Call-ID: 54d975406deb44caa84b40a57728a205
    Via: SIP/2.0/TLS 203.94.135.250:52593;branch=z9hG4bK3C2D65F8.7EB24DCACCDE6879;branched=FALSE;ms-internal-info="dbLmRdVxQ7Lj9k_UsbOKBPYGKr6RRSlqMXr71lNpGbwOfKTbJ-6mBA7AAA";ms-received-port=52593;ms-received-cid=109F00
    Via: SIP/2.0/TLS 172.30.1.84:56843;branch=z9hG4bKF0ACBDF6.92BDA9094EA44879;branched=FALSE;ms-received-port=56843;ms-received-cid=7000
    Via: SIP/2.0/TLS 172.31.1.39:58608;ms-received-port=58608;ms-received-cid=59D300
    Server: RTC/4.0
    Content-Length: 0
    Message-Body: –
    $$end_record
     
    Error 2:
    TL_INFO(TF_PROTOCOL) [3]1A4C.1C30::04/13/2012-00:36:09.974.00018701 (SIPStack,SIPAdminLog::TraceProtocolRecord:SIPAdminLog.cpp(125))$$begin_record
    Trace-Correlation-Id: 2698574407
    Instance-Id: 00001DCB
    Direction: outgoing;source="external edge";destination="internal edge"
    Peer: lync-ee-pool.customer.int:56843
    Message-Type: response
    Start-Line: SIP/2.0 404 Not Found
    From: "Source User"<sip:SourceUser@customer.int>;tag=517d299d8c;epid=9db2a1a653
    To: <sip:TargetUser@remotedomain.com.au>;tag=1122092D2D5D244F6A4A2F967C86D178
    CSeq: 1 INVITE
    Call-ID: 54d975406deb44caa84b40a57728a205
    Via: SIP/2.0/TLS 172.30.1.84:56843;branch=z9hG4bKF0ACBDF6.92BDA9094EA44879;branched=FALSE;ms-received-port=56843;ms-received-cid=7000
    Via: SIP/2.0/TLS 172.31.1.39:58608;ms-received-port=58608;ms-received-cid=59D300
    Server: RTC/4.0
    Content-Length: 0
    ms-edge-proxy-message-trust: ms-source-type=AutoFederation;ms-ep-fqdn=lyncdmz01.customer.com.au;ms-source-verified-user=unverified;ms-source-network=federation
    ms-diagnostics: 1034;reason="Previous hop federated peer did not report diagnostic information";Domain="remotedomain.com.au";PeerServer="lync.remotedomain.com.au";source="lync.customer.com.au"
    Message-Body: –
    $$end_record
     
    Error 3:
    TL_INFO(TF_PROTOCOL) [1]1A4C.123C::04/13/2012-00:36:10.985.00019970 (SIPStack,SIPAdminLog::TraceProtocolRecord:SIPAdminLog.cpp(125))$$begin_record
    Trace-Correlation-Id: 2389712900
    Instance-Id: 00001DCE
    Direction: incoming;source="external edge";destination="internal edge"
    Peer: lync.remotedomain.com.au:5061
    Message-Type: response
    Start-Line: SIP/2.0 404 Not Found
    From: "Source User"<sip:SourceUser@customer.int>;tag=3fa698816a;epid=9db2a1a653
    To: <sip:TargetUser@remotedomain.com.au>;tag=1122092D2D5D244F6A4A2F967C86D178
    CSeq: 1 INVITE
    Call-ID: dff02dc4f4664d7c914fc37ddd4ed7fa
    Via: SIP/2.0/TLS 203.94.135.250:52593;branch=z9hG4bK98D8D665.B0DBA089CCEFF87A;branched=FALSE;ms-internal-info="dbEAVzW1QFdAlGfiTtYQOAwOPFRWjXKPkyJxKVBpVHkpOJoNuw6mBA7AAA";ms-received-port=52593;ms-received-cid=109F00
    Via: SIP/2.0/TLS 172.30.1.84:56843;branch=z9hG4bK5DDA4FE7.41CC63B14EB3E87A;branched=FALSE;ms-received-port=56843;ms-received-cid=7000
    Via: SIP/2.0/TLS 172.31.1.39:58608;ms-received-port=58608;ms-received-cid=59D300
    Server: RTC/4.0
    Content-Length: 0
    Message-Body: –
    $$end_record
     
    Error 4:
    TL_INFO(TF_PROTOCOL) [1]1A4C.123C::04/13/2012-00:36:10.986.00019dd0 (SIPStack,SIPAdminLog::TraceProtocolRecord:SIPAdminLog.cpp(125))$$begin_record
    Trace-Correlation-Id: 2389712900
    Instance-Id: 00001DCE
    Direction: outgoing;source="external edge";destination="internal edge"
    Peer: lync-ee-pool.customer.int:56843
    Message-Type: response
    Start-Line: SIP/2.0 404 Not Found
    From: "Source User"<sip:SourceUser@customer.int>;tag=3fa698816a;epid=9db2a1a653
    To: <sip:TargetUser@remotedomain.com.au>;tag=1122092D2D5D244F6A4A2F967C86D178
    CSeq: 1 INVITE
    Call-ID: dff02dc4f4664d7c914fc37ddd4ed7fa
    Via: SIP/2.0/TLS 172.30.1.84:56843;branch=z9hG4bK5DDA4FE7.41CC63B14EB3E87A;branched=FALSE;ms-received-port=56843;ms-received-cid=7000
    Via: SIP/2.0/TLS 172.31.1.39:58608;ms-received-port=58608;ms-received-cid=59D300
    Server: RTC/4.0
    Content-Length: 0
    ms-edge-proxy-message-trust: ms-source-type=AutoFederation;ms-ep-fqdn=lyncdmz01.customer.com.au;ms-source-verified-user=unverified;ms-source-network=federation
    ms-diagnostics: 1034;reason="Previous hop federated peer did not report diagnostic information";Domain="remotedomain.com.au";PeerServer="lync.remotedomain.com.au";source="lync.customer.com.au"
    Message-Body: –
    $$end_record

    Thanks for your time with this.


    • Edited by Cam_AU Friday, April 13, 2012 1:04 AM
    Friday, April 13, 2012 1:00 AM
  • Hi,

     

    What are the ports you define for SIP, Web and A/V services?

    Since the Lync user log with user@customer.int, there maybe something wrong if SRV are _sipfederationtls._tcp.customer.com.au and _sip._tls.customer.com.au.

     

    In order to test, you can try to add customer.com.au as your sip domain and enable a test user to log on with testuser@customer.com.au. In addition, it is recommend to set sip domain same with smtp domain. Thus, you can set customer.com.au as your second sip domain.

            

    Regards,

    Kent

    Friday, April 13, 2012 5:51 AM
  • Hi Kent,

    The ports are as follows:

    SIP: 5061

    Web: 444

    A/V: 443

    I'll try adding the additional SIP domain and report back.

    Friday, April 13, 2012 5:58 AM
  • Hi Cam,

    I believe that Kent is on the right track suggesting that you try customer.com.au as your sip domain.  Lync federation only works on sip domains which should be publicly routable and not smtp domains.  Having the federation route set up with customer.com.au but the user's sip domain as .int won't work.  This would also cause some issues and complexity for your users to sign in to Lync remotely in a vpnless environment.  Changing their sip domain to customer.com.au should do the trick.

    You could possibly get around this by having the federated partner set up your client as Direct Federated in their Lync Edge.  They could set up an entry for sip domain of customer.int and the fqdn of lync.customer.com.au.  With Direct Federation the SIP domain (in this case customer.int) can be different than what is on the public certificate (lync.customer.com.au).  All thier federated partners would have to do this though so the easiest - if possible - is change their sip domain to customer.com.au.

    Saturday, April 14, 2012 12:54 AM