none
Lync Federation not working with only one partner

    Domanda

  • Im currently experiencing an issue where federation is not working with only a single partner one way. We have tried using multiple user accounts on separate workstations. We federate with 10s of other companies and have no issues. My log is below, the access edge of the partner is federation.dell.com. THanks for any help!!!!

    TL_INFO(TF_PROTOCOL) [0]05C8.0AE0::06/08/2012-22:41:23.840.000003c4 (SIPStack,SIPAdminLog::TraceProtocolRecord:SIPAdminLog.cpp(125))$$begin_record

    Trace-Correlation-Id: 723867992

    Instance-Id: 000001C7

    Direction: incoming;source="internal edge";destination="external edge"

    Peer: nc01ucswps001.MyCompany.com:49624

    Message-Type: request

    Start-Line: INVITE sip:DellUser@dell.com SIP/2.0

    From: "LyncAdmin"<sip:lyncadmin@MyCompany.com>;tag=cb18cf313e;epid=4970e9fa83

    To: <sip:DellUser@dell.com>

    CSeq: 1 INVITE

    Call-ID: 6cfcff8e024540488ee090dde7267c55

    Record-Route: <sip:NC01UCSWPS001.MyCompany.com:5061;transport=tls;opaque=state:T;lr>;tag=F3CFFB64E7481C5B4E0C69B94B9FE901

    Via: SIP/2.0/TLS 10.17.52.10:49624;branch=z9hG4bKB2FBDFB2.42F33684D4F449B4;branched=FALSE

    Max-Forwards: 69

    ms-application-via: SIP;ms-urc-rs-from;ms-server=NC01UCSWPS001.MyCompany.com;ms-pool=NC01UCSWPS001.MyCompany.com;ms-application=ad894dc3-55e0-44bf-a07e-3c073aaa4a57

    Via: SIP/2.0/TLS 10.17.52.10:49682;ms-received-port=49682;ms-received-cid=1E00

    Contact: <sip:lyncadmin@MyCompany.com;opaque=user:epid:7kZ8wL30hFKAGu3cCFh78QAA;gruu>

    User-Agent: UCCAPI/4.0.7577.0 OC/4.0.7577.0 (Microsoft Lync 2010)

    Supported: ms-dialog-route-set-update

    Ms-Text-Format: text/plain; charset=UTF-8;msgr=WAAtAE0ATQBTAC0ASQBNAC0ARgBvAHIAbQBhAHQAOgAgAEYATgA9AFMAZQBnAG8AZQAlADIAMABVAEkAOwAgAEUARgA9ADsAIABDAE8APQAwADsAIABDAFMAPQAwADsAIABQAEYAPQAwAAoADQAKAA0A;

    Supported: ms-delayed-accept

    Supported: ms-renders-gif

    Supported: ms-renders-mime-alternative

    Ms-Conversation-ID: Ac1FxuF3Jma8CMg7RjScRxFS+74g1AAAJQ+gAAAAiuAAABdQUA==

    Supported: timer

    Supported: histinfo

    Supported: ms-safe-transfer

    Supported: ms-sender

    Supported: ms-early-media

    Roster-Manager: sip:lyncadmin@MyCompany.com

    EndPoints: <sip:lyncadmin@MyCompany.com>, <sip:DellUser@dell.com>

    Supported: com.microsoft.rtc-multiparty

    ms-keep-alive: UAC;hop-hop=yes

    Allow: INVITE, BYE, ACK, CANCEL, INFO, MESSAGE, UPDATE, REFER, NOTIFY, BENOTIFY

    ms-subnet: 172.17.52.0

    Supported: ms-conf-invite

    Content-Type: application/sdp

    Content-Length: 223

    ms-routing-phase: from-uri-routing-done

    ms-user-data: ms-publiccloud=TRUE;ms-federation=TRUE

    Message-Body: v=0

    o=- 0 0 IN IP4 10.17.52.10

    s=session

    c=IN IP4 10.17.52.10

    t=0 0

    m=message 5060 sip null

    a=accept-types:text/plain multipart/alternative image/gif text/rtf text/html application/ms-imdn+xml text/x-msmsgsinvite

    $$end_record

    TL_INFO(TF_CONNECTION) [0]05C8.0AE0::06/08/2012-22:41:23.939.00000982 (SIPStack,SIPAdminLog::TraceConnectionRecord:SIPAdminLog.cpp(164))$$begin_record

    LogType: connection

    Severity: information

    Text: TLS negotiation started

    Local-IP: 192.168.45.14:49240

    Peer-IP: 143.166.83.215:5061

    Peer-FQDN: federation.dell.com

    Connection-ID: 0x5A00

    Transport: TLS

    $$end_record

    TL_INFO(TF_DIAG) [0]05C8.08C8::06/08/2012-22:41:24.044.00000c9a (SIPStack,SIPAdminLog::TraceDiagRecord:SIPAdminLog.cpp(147))$$begin_record

    LogType: diagnostic

    Severity: information

    Text: Routed a locally generated request

    SIP-Start-Line: NEGOTIATE sip:127.0.0.1:5061 SIP/2.0

    SIP-Call-ID: 1DE05BCFF90E5EE7F3AD

    SIP-CSeq: 1 NEGOTIATE

    Peer: federation.dell.com:5061

    Data: destination="federation.dell.com"

    $$end_record

    TL_INFO(TF_PROTOCOL) [0]05C8.08C8::06/08/2012-22:41:24.044.00000cd7 (SIPStack,SIPAdminLog::TraceProtocolRecord:SIPAdminLog.cpp(125))$$begin_record

    Trace-Correlation-Id: 4268654737

    Instance-Id: 000001C8

    Direction: outgoing;source="local";destination="external edge"

    Peer: federation.dell.com:5061

    Message-Type: request

    Start-Line: NEGOTIATE sip:127.0.0.1:5061 SIP/2.0

    From: sip:sip.MyCompany.com;tag=397CE528F730300F88815B6A71139FDA

    To: sip:federation.dell.com

    CSeq: 1 NEGOTIATE

    Call-ID: 1DE05BCFF90E5EE7F3AD

    Via: SIP/2.0/TLS 192.168.45.14:49240;branch=z9hG4bK37AA6EF6.36B66B210E2539B4;branched=FALSE

    Max-Forwards: 0

    Compression: LZ77-64K

    Supported: NewNegotiate,OCSNative,ECC

    Server: RTC/4.0

    Content-Length: 0

    Message-Body:

    $$end_record

    TL_ERROR(TF_CONNECTION) [0]05C8.08C8::06/08/2012-22:41:24.054.00000d61 (SIPStack,SIPAdminLog::TraceConnectionRecord:SIPAdminLog.cpp(160))$$begin_record

    LogType: connection

    Severity: error

    Text: Receive operation on the connection failed

    Local-IP: 192.168.45.14:49240

    Peer-IP: 143.166.83.215:5061

    Peer-FQDN: federation.dell.com

    Peer-Name: federation.dell.com

    Connection-ID: 0x5A00

    Transport: M-TLS

    Result-Code: 0x80072746 WSAECONNRESET

    Data: fqdn="federation.dell.com";peer-type="FederatedPartner";winsock-code="10054"

    $$end_record

    TL_ERROR(TF_DIAG) [0]05C8.08C8::06/08/2012-22:41:24.054.00000d97 (SIPStack,SIPAdminLog::TraceDiagRecord:SIPAdminLog.cpp(143))$$begin_record

    LogType: diagnostic

    Severity: error

    Text: Message was not sent because the connection was closed

    SIP-Start-Line: INVITE sip:DellUser@dell.com SIP/2.0

    SIP-Call-ID: 6cfcff8e024540488ee090dde7267c55

    SIP-CSeq: 1 INVITE

    Peer: federation.dell.com:5061

    $$end_record

    TL_INFO(TF_DIAG) [0]05C8.08C8::06/08/2012-22:41:24.054.0000112b (SIPStack,SIPAdminLog::TraceDiagRecord:SIPAdminLog.cpp(147))$$begin_record

    LogType: diagnostic

    Severity: information

    Text: Response successfully routed

    SIP-Start-Line: SIP/2.0 504 Server time-out

    SIP-Call-ID: 6cfcff8e024540488ee090dde7267c55

    SIP-CSeq: 1 INVITE

    Peer: nc01ucswps001.MyCompany.com:49624

    Data: destination="nc01ucswps001.MyCompany.com"

    $$end_record

    TL_INFO(TF_PROTOCOL) [0]05C8.08C8::06/08/2012-22:41:24.054.00001172 (SIPStack,SIPAdminLog::TraceProtocolRecord:SIPAdminLog.cpp(125))$$begin_record

    Trace-Correlation-Id: 723867992

    Instance-Id: 000001C9

    Direction: outgoing;source="local";destination="internal edge"

    Peer: nc01ucswps001.MyCompany.com:49624

    Message-Type: response

    Start-Line: SIP/2.0 504 Server time-out

    From: "LyncAdmin"<sip:lyncadmin@MyCompany.com>;tag=cb18cf313e;epid=4970e9fa83

    To: <sip:DellUser@dell.com>;tag=397CE528F730300F88815B6A71139FDA

    CSeq: 1 INVITE

    Call-ID: 6cfcff8e024540488ee090dde7267c55

    Via: SIP/2.0/TLS 10.17.52.10:49624;branch=z9hG4bKB2FBDFB2.42F33684D4F449B4;branched=FALSE;ms-received-port=49624;ms-received-cid=2000

    Via: SIP/2.0/TLS 10.17.52.10:49682;ms-received-port=49682;ms-received-cid=1E00

    ms-diagnostics: 1047;reason="Failed to complete TLS negotiation with a federated peer server";WinsockFailureCode="10054(WSAECONNRESET)";WinsockFailureDescription="The peer forced closure of the connection";Peer="federation.dell.com";Port="5061";source="sip.MyCompany.com"

    Server: RTC/4.0

    Content-Length: 0

    ms-edge-proxy-message-trust: ms-source-type=EdgeProxyGenerated;ms-ep-fqdn=NC01UCSWPS002.MyCompany.com;ms-source-verified-user=verified

    Message-Body:

    $$end_record

     
    lunedì 11 giugno 2012 02:59

Risposte

Tutte le risposte

  • Does Dell support Open Federation? If they don't then that would be the cause of your problem.
    lunedì 11 giugno 2012 14:06
  • Yes they support it
    lunedì 11 giugno 2012 15:50
  • Hi,

    Have you tried Test-CsFederatedPartner to test the issue?

    http://technet.microsoft.com/en-us/library/gg398281.aspx

    Here are some tips for you:

    1)Please verify that the domain federation.dell.com is listed in the collection of allowed (federated) domains,you can use New-CsAllowedDomain to add it in your federated domains.

    2)Please make sure there is no replication issue on your Edge server.

    3)Would you please tell us the details about your FQDN of your access Edge and certificates SAN of edge server external interface, and SRV record for federation? Here is an issue which was caused by SRV record:

    http://qa.social.technet.microsoft.com/Forums/en-US/ocsedge/thread/398116a7-ea2c-47f9-b3fb-ce3a30d76403

    In addition, you can try to get help from your federated partner, let he get logs in their edge server and find why their edge server blocks the message from your domain.


    Regards,

    Kent Huang

    TechNet Community Support ************************************************************************************************************************

    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question.


    • Modificato Kent-Huang martedì 12 giugno 2012 03:20
    martedì 12 giugno 2012 03:20
  • Yes test-csfederated partner returns a 504 error. dell.com is added as a trusted domain, with federation.dell.com listed as access edge. If I invoke replication and then check it after about1-2 minutes it says replicated true. On our ede SIP.mycompany.com is the subject name with ever single other service as SANs. Our SRV records are setup properly as we federate with many other partners successfully.

    thanks!

    martedì 12 giugno 2012 12:38
  • what type of certificate are you using on your edge for external? past experience not all certificates work! the root CA needs to be installed on the remote edge server(s) . if Dell does not have the root CA certificated installed on their edge pool that you use for federation  the federation will fail.

    If this post answered your question, Mark As Answer If this post was helpful, Vote as Helpful ---------------------------------------------------------- http://lyncme.blogspot.com

    martedì 12 giugno 2012 16:50
  • Its a Thawte UC cert and at one point federation worked but since it has stopped working. Nothing has changed on our side.

    Thanks!

    martedì 12 giugno 2012 17:02
  • It ended up being that Dells Edge did not have updated Intermediate certificates for THawte
    • Contrassegnato come risposta aageorge venerdì 18 gennaio 2013 14:08
    venerdì 18 gennaio 2013 14:08