locked
Federation Troubleshooting RRS feed

  • Question

  • We are trying to get SIP Federation with Cisco Presence / Expressway.  Using the Test-csFederatedPartner, it comes back with success.  I get presence unknown for all external contacts and cannot IM.  Is there a log or some other commands that can be run to "see" what is going on between the edge server and federated partner?
    Thursday, April 6, 2017 1:57 AM

All replies

  • Hi Mike,

    You can use ClsLogger and Snooper to capture some logs from the front end pool and edge server pool.

    The event logs on the edge server may also shine some light on what's going on too.

    - Craig
    blog.chiffers.com

    Friday, April 7, 2017 6:14 AM
  • Hi Mike,

    In addition to above suggestions,  we suggest you run Microsoft Skype for business test to check if there are any errors and post the error to us for troubleshooting:

    https://testconnectivity.microsoft.com/


    Best Regards,
    Jim Xu
    TechNet Community Support


    Please remember to mark the replies as answers if they helped.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, April 7, 2017 8:47 AM
  • What specific logs are used to capture stuff for Federation events (there are a million log files).

    When I run the connectivity test I get an SSL error (see below, any ideas?) -

    Testing the SSL certificate to make sure it's valid.
      The SSL certificate failed one or more certificate validation checks.
     
    Additional Details
     
    Elapsed Time: 130 ms.
     
    Test Steps
     
    The Microsoft Connectivity Analyzer is attempting to obtain the SSL certificate from remote server access.skype.sentinelbsc.com on port 5061.
      The Microsoft Connectivity Analyzer wasn't able to obtain the remote SSL certificate.
     
    Additional Details
     
    The certificate couldn't be validated because SSL negotiation wasn't successful. This could have occurred as a result of a network error or because of a problem with the certificate installation.
    Elapsed Time: 106 ms.

    Friday, April 7, 2017 2:16 PM
  • Deleted
    Friday, April 7, 2017 2:44 PM
  • One thing to note - I can connect remotely with a client (through edge server), IM/voice works fine.

    My edge server's cert checked out fine using digicert's SSL checker tool.  My issue is only with federations.

    Friday, April 7, 2017 3:10 PM
  • One other big question I have.....

    We need to do "closed" federation with the client.  I added the fqdn for their expressway under the SIP Federated Providers, and from what I read, I have to also configure that domain in the "Allowed" list.  I cant enter that fqdn again in that section....  When I add the fqdn of my edge there, no traffic goes out to the internet for that.  Is there any sample screenshots out there of what this should look like for closed federation?

    Friday, April 7, 2017 5:33 PM
  • Just a quick update.  I was able to get "closed" federation to work for about 5 minutes....  After the 5 minutes of rejections (another issue), the system instead went to the _sipfederationtls._tcp record for the domain (open).  Really not sure if it is supposed to behave like that.
    Saturday, April 8, 2017 12:01 PM
  • Hi Mike,

    I will share a link with you about how to troubleshoot federation:

    https://lyncdude.com/2014/05/29/complete-guide-troubleshooting-lync-federation/

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.


    Best Regards,
    Jim Xu
    TechNet Community Support


    Please remember to mark the replies as answers if they helped.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, April 12, 2017 7:32 AM