terça-feira, 27 de setembro de 2011 18:00
We are experiencing issues with federation to a test domain and a customer both with the same results. We are able to send out to them but they cannot send to us. On my test domain edge server i have been able to pull the following information which appears at every send attempt going from domain A to the external domain B.
TL_INFO(TF_PROTOCOL) 05F8.08D8::09/27/2011-17:42:33.446.000057b3 (SIPStack,SIPAdminLog::TraceProtocolRecord:SIPAdminLog.cpp(122))$$begin_record
Direction: outgoing;source="internal edge";destination="external edge"
Start-Line: SIP/2.0 504 Server time-out
From: "Test User"<sip:email@example.com>;tag=5f408249cd;epid=728b24aca6
CSeq: 1 INVITE
Authentication-Info: NTLM rspauth="01000000000000005799799CF26A7E8A", srand="A8CC68EF", snum="23", opaque="55986CB9", qop="auth", targetname="ocs-s01.caitest.local", realm="SIP Communications Service"
Via: SIP/2.0/TLS 184.108.40.206:3695;ms-received-port=3695;ms-received-cid=1800
ms-diagnostics: 2;reason="See response code and reason phrase";source="ocs-s01.caitest.local";HRESULT="0xC3E93C69(SIPPROXY_E_CONNECTION_FAILED)"
In this example i am sending IM from the firstname.lastname@example.org (A) account to my account email@example.com(B) across the federated connection. I can send from B to A fine but not reverse. Any help would be greatly appreciated.
Todas as Respostas
terça-feira, 27 de setembro de 2011 19:25
Could you please check following ,
1. Port 5061 is working from internet to access edge FQDN in both direction and ensure that firewall has bidirectional port allowed for it.
2. I hope you got a public certificate and root CA installed on the edge box .
3. Just check the sipfederation DNS record which is resolving from internet .
quinta-feira, 29 de setembro de 2011 06:33Moderador
Error 504 are typically routing, firewall or DNS related (that really limits it doesn’t it!) Here are some suggestions:
1)Please verify you and your partner both have created federation DNS SRV record _sipfederationtls.tcp.sipdomain.com pointed to the access Edge servers FQDN with port 5061.
2)Please verify there are federation routes in both federation sides,also please check your edge server are trusted by federated partner
3)Please try to telnet over 5061 to federated partner to check if your firewall configuration or federated partner does not allow the sip traffic
4)Please verify that the certificate installed on both edge servers are corrected.If you are using a third party cert,make sure your partner trust the issuance chain on the edge server.If you are using internal CA,you will need to ship them a copy of the chain.
5)Here are some similar thread and troubleshooting article for your reference,you can read through them and maybe can get some clews in them .
http://ocsguy.com/2010/01/22/one-way-messages-with-federated-partner-and-id-504-in-communicator/ (This one contains how to troubleshoot the OCS with logging tool)
Hope these useful!
- Sugerido como Resposta Sharon.ShenMicrosoft Contingent Staff, Moderator quinta-feira, 29 de setembro de 2011 06:34
- Editado Sharon.ShenMicrosoft Contingent Staff, Moderator quinta-feira, 29 de setembro de 2011 06:34
- Marcado como Resposta Sharon.ShenMicrosoft Contingent Staff, Moderator sexta-feira, 7 de outubro de 2011 01:45