locked
Federation with non routable default SIP Domain RRS feed

  • Question

  • Hello,

    I'm in the process of deploying my first federation with another company using Skype for Business (so do I).

    Company A is using a non routable default Sip Domain published in topology, but all the users have a sip adress with another routable domain.

    Company B is using fully routable Sip Domain and default Sip Domain.

    I'm encountering the following problem:

    We set up the federation, and the result is: a user from company B can initiate a IM discussion with a user from company A, the user from company A can reply.

    BUT, if a user from company A tries to initiate a IM discussion with company B, it always failed.

    After troubleshooting, when I do the test-csfederatedpartner from company B to A, it works, but it fails on the other way with a "Time-out Error 1034 Previous hop federated peer did not report diagnostic information".

    After checking logs Inside CLSLogging, it seems that when company A tries to discuss with company B, it always uses a test user with the following sip address Options_user@domainnonroutable, and it fails because the domain is not resolvable on the Internet.

    So, my guess is that I must change the default sip domain for company A. Is that right ?

    I suppose the impact will not be a big of deal since I will just replace the default sip domain by another one already existing, and that will still exist after the change (I read that some lync objects will still be using that old default sip domain).

    I just want to be sure that reasoning is correct.

    Thanks

    Thursday, May 4, 2017 3:12 PM

Answers

  • ok - figured it out

    My front end servers are running Windows Server 2008 R2, and my directors Windows Server 2012 R2. I've got a F5 for Internal Load Balancing of my Edge Servers, and it is using TLS 1.2 which is not enabled on 2008 R2 by default.

    I managed to got a success by editing my host file and bypassing the F5 - but it's still not working atm.

    Will keep you up 2 date - I will make some other tests during the week


    • Edited by Mickael Kane Monday, May 15, 2017 2:42 PM
    • Marked as answer by Mickael Kane Monday, October 23, 2017 12:38 PM
    Monday, May 15, 2017 2:42 PM

All replies

  • Hi Mickael Kane,

    For this issue, in my opinion, your understanding is right, you need to change the default sip domain for company A to the routable domain.

    Since you are not using an Internet-routable SIP domain, it will never find your DNS servers to find the path to your Edge servers.


    Regards,

    Alice Wang


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by danielategan Sunday, May 7, 2017 7:13 PM
    Friday, May 5, 2017 9:21 AM
  • Hi Mickael Kane,

    would you please provide us with an update on the status of your issue? If  the reply is helpful to you, please try to mark it as an answer, it will help others who has the similar issue.


    Regards,

    Alice Wang


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, May 8, 2017 9:16 AM
  • Hi Mickael Kane,

    would you please provide us with an update on the status of your issue? If  the reply is helpful to you, please try to mark it as an answer, it will help others who has the similar issue.


    Regards,

    Alice Wang


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Hi Alice,

    I have planned to make the default sip domain change tomorrow in the evening. I will keep you up to date with the result of the change.

    Kr

    Mickael

    Monday, May 8, 2017 1:53 PM
  • Hi Mickael Kane,

    Ok, we will wait for your response


    Regards,

    Alice Wang


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, May 9, 2017 9:06 AM
  • Hi Mickael Kane,

    Ok, we will wait for your response


    Regards,

    Alice Wang


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Ok - so after changing the default SIP domain, I don't have any errors when I do the Test-CsFederatedPartner, but I still have issues for sending IM between company A to B. I will keep investigating on that problem in the following days and will report what I found in the thread.
    Wednesday, May 10, 2017 7:00 AM
  • Hi Mickael Kane,

    It may be something wrong with the federation.

    Please make sure port 5061 and 443 is open, also check if the federation step is correct, here is a document for your reference, it’s same to SFB server 2015

    https://technet.microsoft.com/en-us/library/jj204800(v=ocs.15).aspx


    Regards,

    Alice Wang


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, May 12, 2017 1:51 AM
  • So, my firewall ports are correctly opened between my edge servers.

    Right now, the test-csfederatedpartners command is working only from my director servers, but not from my front end servers. I got the following error from any front end:

    "Unknown errpr (0x80131500)

    Inner Exception:Peer disconnected while outbound TLS negotiation was in progress

    Inner Exception:An existing connection was forcibly closed by the remote host"

    I have absolutely no idea why it works on a director and not on my front ends..

    Monday, May 15, 2017 1:27 PM
  • ok - figured it out

    My front end servers are running Windows Server 2008 R2, and my directors Windows Server 2012 R2. I've got a F5 for Internal Load Balancing of my Edge Servers, and it is using TLS 1.2 which is not enabled on 2008 R2 by default.

    I managed to got a success by editing my host file and bypassing the F5 - but it's still not working atm.

    Will keep you up 2 date - I will make some other tests during the week


    • Edited by Mickael Kane Monday, May 15, 2017 2:42 PM
    • Marked as answer by Mickael Kane Monday, October 23, 2017 12:38 PM
    Monday, May 15, 2017 2:42 PM
  • Hi Mickael Kane,

    Ok, we will wait for your response.

    Moreover, you could use Microsoft remote connectivity analyzer check if there are any errors.

    https://testconnectivity.microsoft.com/


    Regards,

    Alice Wang


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, May 16, 2017 7:57 AM