locked
Audio & Video calls via edge server RRS feed

  • Question

  • Hi,
     

    I´m having difficulties to get my Lync infrastructure to work via edge Server and external users.

    The environment is structured as follows:
    Internet <=> TMG Server <=> Lync Edge Server <=> TMG SErver <=> Lync Front End (FE)
    The Lync Edge server listen on port 443 with 3 network cards.

    Internally, everything works fine as far as I could tell.

    Autodiscover and IM work for external Users. Audio and video calls do not.

    When I take a look at the communication on the firewall, i can see the Front Server trying to communicate directly with the client in a port range of 49000 + ( for audio & video calls)
    These Packages are dropped by the Firewall.


    Why the FE do not forwards the response packages through the Edge server?

    Do anyone have any clue whats going wrong?

    Thanks a lot

    Yves
    Friday, August 12, 2011 8:32 AM

Answers

  • All other ports are configured as Microsoft recommends it.

    Nevertheless, i get the behavior i described above.

    This is expected behavior. Most likely some external user is trying to join a conference call or (if you are collocating mediation server with FE) to makie a PSTN call. In this case, MCUs or Mediation servers need to exchange ICE candidates to establish the media path. Since OCS/Lync always prefers direct media connectivity over STUN/TURN, that's why you see FE trying communicating directly with the client. If direct media connectivity or STUN fails, only then you'll see media being relayed by the edge server.

    You can find more information about media path negotiation here:  http://blogs.technet.com/b/nexthop/archive/2009/04/22/how-communicator-uses-sdp-and-ice-to-establish-a-media-channel.aspx

    • Proposed as answer by Sean_Xiao Monday, August 15, 2011 8:33 AM
    • Marked as answer by Sean_Xiao Thursday, August 18, 2011 2:51 AM
    Saturday, August 13, 2011 1:47 PM

All replies

  • You will need a lot more can just port 443 open to allow A/V calls through Edge.  You will need to open 50,000-59,999 TCP outbound from the A/V Edge IP.  See the following link for all ports required:

    http://technet.microsoft.com/en-us/library/gg425891.aspx

    Also see this link referring to the A/V ports decisions:

    http://technet.microsoft.com/en-us/library/gg425882.aspx


    Tim Harrington | MVP: Exchange | MCITP: EMA 2007/2010, MCITP: Lync 2010, MCITP: Server 2008, MCTS: OCS | Blog: http://HowDoUC.blogspot.com | Twitter: @twharrington
    Friday, August 12, 2011 3:11 PM
  • Many thanks for your reply.

    I've already configured the ports in the firewall.

    I just wanted to note that all Lync services are accessible to externally via port 443.

    All other ports are configured as Microsoft recommends it.

    Nevertheless, i get the behavior i described above.

    Saturday, August 13, 2011 8:48 AM
  • All other ports are configured as Microsoft recommends it.

    Nevertheless, i get the behavior i described above.

    This is expected behavior. Most likely some external user is trying to join a conference call or (if you are collocating mediation server with FE) to makie a PSTN call. In this case, MCUs or Mediation servers need to exchange ICE candidates to establish the media path. Since OCS/Lync always prefers direct media connectivity over STUN/TURN, that's why you see FE trying communicating directly with the client. If direct media connectivity or STUN fails, only then you'll see media being relayed by the edge server.

    You can find more information about media path negotiation here:  http://blogs.technet.com/b/nexthop/archive/2009/04/22/how-communicator-uses-sdp-and-ice-to-establish-a-media-channel.aspx

    • Proposed as answer by Sean_Xiao Monday, August 15, 2011 8:33 AM
    • Marked as answer by Sean_Xiao Thursday, August 18, 2011 2:51 AM
    Saturday, August 13, 2011 1:47 PM