locked
Edge server traffic flow with multiple central sites RRS feed

  • Question

  • Hi,

    We have a user connected externally on Site1 who communicates with an internal user on Site2. They both are able to IM without any issue but when try to desktop sharing/Audio call it gives error "we could not connect because of Network issue".

    It seems Internal users client machine knows how to route to the Edge internal network in Site1, but traffic is blocked by a firewall or the Edge as they doesn’t know how to route back, media fails.

    -DJ

    Sunday, May 22, 2016 12:09 AM

Answers

  • Hi,

    DNS entry shouldn't be needed if you have added your domain to dns suffix on the edge servers If you haven't,then it must be added to host file.

    Please look at my guide for SFB setup, there is a section for Edge installation and preparation: https://gallery.technet.microsoft.com/Installing-Skype-for-78703118

    Can you ping frontend pool and frontend servers from your edge?


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

    • Marked as answer by Eason Huang Tuesday, June 7, 2016 11:08 AM
    Wednesday, May 25, 2016 5:51 PM

All replies

  • Couple of checks, What about communication with internal Site  A user , is that working ?

    for Site B the associated A/VEdge server configuration, can you confirm that the necessary ports are open on that Edge Server 443,5061 and 50,000 range ports.? also one more thing to check is that Site B internal user , is he getting an MRAS URL in the Client Configuration information ( System Tray-icon - right click) 


    Linus

    Sunday, May 22, 2016 6:28 AM
  • Hi Linus,

    I checked in client configuration, MRAS URL is missing.

    Let me explain you complete scenario.

    We have Lync 2013 installed and running in Site 1 where Edge server is placed and we have another site 2 where Skype for Business front ends servers are running(Edge Pool not deployed yet).As there is a dependency of Federation we can not enable it from two sites parallel so we plan to migrate all users first into Site 2 and then enable federation from Site 2.

    During user migration into SFB pool , we want federation should continue to operational from Site 1.

    Please suggest what could be the reason of not showing MRAS URL ?

    -DJ

    Sunday, May 22, 2016 8:15 PM
  • Can you check from the edge server using Netstat -an and find out the ports Edge is listening to specifically 5062 which is used for A/V authentication , this need to be opened from  FE to internal interface of Edge Server. 

    https://technet.microsoft.com/en-us/library/gg425891(v=ocs.15).aspx


    Linus

    Monday, May 23, 2016 1:38 AM
  • We are able to telnet Edge interface Interface with port 5061,5062 and 443 from frontend servers.
    Monday, May 23, 2016 8:47 AM
  • Hi,

    From your description above, there are two Lync\SFB pools 1 and 2, only pool 1 deploy Edge Server but not pool 2.

    If it is the case, then make sure the Edge internal interface ports such as 8057, 5061, 5062, 443 opened for both Lync\SFB pool.

    Make sure that there is no any application and proxy filter on the firewall for the traffic from\to the Edge Server.

    Best Regards


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Eason Huang
    TechNet Community Support

    Monday, May 23, 2016 9:10 AM
  • Hi Eason,

    Ports are open from Front end servers to Edge interface on 3478, 8057,5061,5062 and 443.Only Port 5061 is allowed from Edge interface to Front end servers. Do we need to allow any other port from Edge Interface to Front end servers ?

    Should we allow port 3478/UDP from Edge interface to Front end Servers ?

    Just to inform you there is no issue if we do Audio/Video from Lync 2013 front end pool user.Only SFB pool users are facing this issue.

    -DJ

    Monday, May 23, 2016 9:31 AM
  • Please suggest what could be the reason of MRAS server not getting populated under client configuration although all required ports are open from Front end to Edge server ?
    Monday, May 23, 2016 4:06 PM
  • Please check the replication is ok for all servers in your topology.

    Get-csmanagementstorereplicationstatus

    and

    Get-csmanagementstorereplicationstatus -centralmanagement

    Mras should point to edge server in their respective pool (in your case SFB edge server).

    Have you fully deployed Edge server for SFB pool?If not then there should be no Mras. If it is deployed, you have to check external DNS for:

    Access edge (sip.domain.com)

    Webconf

    A/V Edge

    Name on these should NOT be the same as 2013 edge pool.

    Your certificate (used on edge and reverse proxy)has to be renewed to contain these name as well.


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

    Monday, May 23, 2016 4:23 PM
  • Hi,

    At present ,there is no edge pool configured for SFB Frontend Pool (Site B).Edge Pool is only configured under Site A where we have Lync 2013 Servers, from where federation is enabled.

    Are you saying MRAS server will be populated under Client Configuration when there is Edge pool configured in the site from where user belongs ? 

    In my case everything is working fine for Lync 2013 Pool user -IM, Audio/video, desktop sharing with federated partners.

    For SFB Pool user , only IM is working fine but Audio/Video, desktop sharing is not although firewall ports  3478, 8057,5061,5062, 443 are opened.

    -DJ

    Monday, May 23, 2016 8:25 PM
  • Hi,

    User gets mrasaccording to your topology. If thereare no edge deployed for SFB servers, but instead use Lync2013 Edge, then they should get mrasfrom there.

    Did you run and confirm replication is ok?

    Get-csmanagementstorereplicationstatus

    and

    Get-csmanagementstorereplicationstatus -centralmanagement

    You can telnet to those ports from external network to your Lync 2013 edge fine?

    Are SFB servers subnet defined in yourLync 2013 Edge? Please run print route andconfirm subnet is there.

    Also confirm thatyour SFB frontend pool can telnet Lync Edge 2013 on port 3478 fine.

    If using Enterprise voicec(PSTN), confirm SFB frontend can telnet mediation on port 5060 and 5061 (if those are defined as ports in your topology for MED Pool).


    Internal users communicating with External users should also telnet port 3478 to Edge servers without issue.

    App sharing is over port 443 from external users to Edge.

    You can check workload here:https://technet.microsoft.com/en-us/library/dn594589.aspx


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

    • Proposed as answer by Liinus Tuesday, May 24, 2016 10:06 AM
    Tuesday, May 24, 2016 6:28 AM
  • HI,

    Replication is fine, no issue in that.

    There should be any issue with port externally because Federation is  working fine with Lync 2013 users.

    SFB Subnets are also defined in Edge Server route.

    Port 3478 is allowed from SFB Frontend to Lync 2013 Edge Pool.

    Enterprise voice is not enabled.

    3478 port is allowed from client machine to Edge Server.

    Please suggest which log I should capture to troubleshoot this issue.

    -DJ

    Tuesday, May 24, 2016 12:02 PM
  • I just noticed we did not make host entry for SFB FE Servers into Lync Edge.. Any suggestion ?

    -DJ

    Tuesday, May 24, 2016 4:23 PM
  • what you mean no host entry?You mean Lync edge cannot ping SFB frontend servers?

    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

    Tuesday, May 24, 2016 5:15 PM
  • Yes, we did not make any host entry on edge server for SFB Front End Servers.I am sure this is the only reason of Audio/Video and Desktop sharing not working with federated partners.
    Tuesday, May 24, 2016 9:03 PM
  • i think this is the issue, is edge should know how to go to SFB pool.

    also you need to asscoiate edge to SFB for media as below image.

    Wednesday, May 25, 2016 5:49 AM
  • Thanks Hamed,

    We have checked this option and it was not selected.We will enable it and check.Can you also please confirm do we need to have Host entry of SFB Front End Server on Lync 2013 Edge box ?

    -DJ

    Wednesday, May 25, 2016 4:02 PM
  • Hi,

    DNS entry shouldn't be needed if you have added your domain to dns suffix on the edge servers If you haven't,then it must be added to host file.

    Please look at my guide for SFB setup, there is a section for Edge installation and preparation: https://gallery.technet.microsoft.com/Installing-Skype-for-78703118

    Can you ping frontend pool and frontend servers from your edge?


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

    • Marked as answer by Eason Huang Tuesday, June 7, 2016 11:08 AM
    Wednesday, May 25, 2016 5:51 PM