Remove From My Forums

SfB desktop client anonymous join - desktop sharing does not work

Question
0

Sign in to vote

Hi all,

we have a problem with SfB desktop client anonymously
(see https://realtimeuc.com/2017/09/skype4b-anonymous-join-success-when-meeting-organizer-is-disabled-for-federation/ )
joining externally hosted meetings.
Desktop sharing doesn't work.

Couple of questions.
1) Can we manage this client behavior?
For instance if client receives 403 Forbidden (either due to Organizer or Participant not enabled for federation) it should not attempt anonymous join.

2) It seems desktop sharing doesn't work as during anonymous join client completely ignores client port ranges defined with Set-CsConferencingConfiguration. We have distinct port ranges for Audio, Video, AppSharing that otherwise work fine and are applied via in-band provisioning.
I can see in Snooper that anonymous application sharing attempt PortRange=1024:65535 which is default when port ranges are not configured (opening TCP_1024-65535 on firewall cause of this is off the table).
Thought the reason for such client behaviour might be it's not registered with our organization SfB (=anonymous) but it happily sends LocalMR="Our org external Edge AV IP:50000+" in the SIP communication...
Is there a way to force port ranges defined in Set-CsConferencingConfiguration also via GPO (I did not find it)?

thanks,

Friday, September 21, 2018 9:12 AM

Answers

0

Sign in to vote
We also had errors "Leaving app sharing because re-invite failed" and this turned out to be connected.
In our case, 1:1 NAT wasn't configured, we were missing outbound NAT translation rules.

Traffic reaches remote Edge from different source IP address than negotiated in SDP, so remote Edge simply doesn't accept it.
Your Edge is trying to establish connection for 10s and then this error is logged (or similar like ms-client-diagnostics: 23 or 22 or 25).

If you see these errors, check troubleshooting steps described here
https://ucsorted.com/tag/a-federated-call-failed-to-establish-due-to-media-connectivity-failure-when-both-endpoints-are-internal-icewarn0x40003a0/
- Marked as answer by 485 Ambiguous Wednesday, March 20, 2019 10:01 AM
Wednesday, March 20, 2019 10:01 AM

All replies

0

Sign in to vote
Hi Ambiguous,

1) Can we manage this client behavior?
We could not manage this client behavior. If you want to block SFB anonymous join the meetings, you could set the conferencing policy to block anonymous users. In addition, you could also try to use the latest SFB click-to-run version to check about this.

2) Is there a way to force port ranges defined in Set-CsConferencingConfiguration also via GPO (I did not find it)?
You could not set the port ranges via GPO, the ports you only need to open in the firewall in your environment.
In addition, you did not need to open all the ports between TCP_1024-65535 in the firewall, the ports requirement you could refer to the following official document:
https://docs.microsoft.com/en-us/skypeforbusiness/plan-your-deployment/edge-server-deployments/scenarios
About the Conferencing Media Establishment (Non-Federated) you could refer to the following blog:
https://blogs.technet.microsoft.com/rischwen/2015/04/13/federation-call-flow-skype-for-business-and-lync-clients/

Best Regard,
Evan
- Proposed as answer by woshixiaobai Tuesday, September 25, 2018 6:38 AM
Monday, September 24, 2018 2:36 AM
0

Sign in to vote

Hi Ambiguous,

Is there any update for this issue, if the reply is helpful to you, please try to mark it as an answer, it will help others who have the similar issue.

Best Regard,
Evan

Tuesday, September 25, 2018 6:39 AM
0

Sign in to vote
We also had errors "Leaving app sharing because re-invite failed" and this turned out to be connected.
In our case, 1:1 NAT wasn't configured, we were missing outbound NAT translation rules.

Traffic reaches remote Edge from different source IP address than negotiated in SDP, so remote Edge simply doesn't accept it.
Your Edge is trying to establish connection for 10s and then this error is logged (or similar like ms-client-diagnostics: 23 or 22 or 25).

If you see these errors, check troubleshooting steps described here
https://ucsorted.com/tag/a-federated-call-failed-to-establish-due-to-media-connectivity-failure-when-both-endpoints-are-internal-icewarn0x40003a0/
- Marked as answer by 485 Ambiguous Wednesday, March 20, 2019 10:01 AM
Wednesday, March 20, 2019 10:01 AM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

SfB desktop client anonymous join - desktop sharing does not work

Question

Answers

All replies