locked
OCS Clients connecting to Mediation Server RRS feed

  • Question

  • We are having problem when an OCS client makes a call via mediation server and receives fast busy. The eventlog on the client side show error:

    504 Server time-out

    ms-diagnostics: 12000;reason="Routes available for this request but no available gateway at this point";source="servername.domain.com";appName="OutboundRouting

    Trying the VOIP testing tool in OCS resource kit i get the same error. I tried running the debug tool on the OCS server and captured the logs and saw the following certificate error:

    TL_ERROR(TF_COMPONENT) [0]061C.08D8::12/14/2009-18:27:22.673.00000029 (S4,Microsoft::Rtc::Internal::Sip::CertificateInfoNative::PrintCertInformation:670.idx(312))Subject Name = pool.domin.com
    TL_ERROR(TF_COMPONENT) [0]061C.08D8::12/14/2009-18:27:22.673.0000002a (S4,Microsoft::Rtc::Internal::Sip::CertificateInfoNative::PrintCertInformation:670.idx(344))Issuer = C=US, O=DigiCert Inc, OU=www.digicert.com, CN=DigiCert Global CA
    TL_ERROR(TF_COMPONENT) [0]061C.08D8::12/14/2009-18:27:22.673.0000002b (S4,Microsoft::Rtc::Internal::Sip::CertificateInfoNative::PrintCertInformation:670.idx(375))Serial Nnumber = 8DB4C695C1B081BEA04CD29C415DBE07
    TL_ERROR(TF_COMPONENT) [0]061C.08D8::12/14/2009-18:27:22.673.0000002c (S4,Microsoft::Rtc::Internal::Sip::TlsTransportHelper::HandleNegotiationFailure:1255.idx(498))( 23404ee ) incoming TLS negotiation failed; HRESULT=-2146762487

    I have verified the certificate on OCS server and mediation server and they both are issues by digicert and valid certs. Anyone has any suggestions ?

    We are using OCS R1.

    Thanks
    Varun

    • Moved by Gavin-Zhang Thursday, December 17, 2009 1:29 AM the old forum will be closed (From:Telephony)
    Tuesday, December 15, 2009 4:46 AM

Answers

  • Hi,
    A couple things to check:

    1) If you are using server 2008, you may need to run the rootcert update on your servers to make sure that the digicert root CA cert is installed in "trusted root certs". By default, server 2008 doesn't have many root certs & won't trust any certs from public providers.
    2) usually you wouldn't be doing TLS on the "gateway" side of the mediation server. The cert on the mediation is used for communication with the OCS pool, but usually the mediation server would communicate via TCP to the upstream voice gateway (or IP PBX) on port 5060. It's possible to do 5061/TLS from mediation to the gateway, but you really need to be sure that the gateway/IPPBX trusts the cert on the mediation server.
    3) just to double-check your routing logic, I'd recommend running the "Enterprise Voice Route Helper" tool from the OCS Resource Kit. It will point out any flaws in the routing logic.

    Regards,
    Matt

    Matt McGillen, PointBridge - https://blogs.pointbridge.com/Blogs/mcgillen_matt/default.aspx
    • Marked as answer by Gavin-Zhang Friday, December 25, 2009 9:24 AM
    Tuesday, December 15, 2009 5:23 PM

All replies

  • Hi,
    A couple things to check:

    1) If you are using server 2008, you may need to run the rootcert update on your servers to make sure that the digicert root CA cert is installed in "trusted root certs". By default, server 2008 doesn't have many root certs & won't trust any certs from public providers.
    2) usually you wouldn't be doing TLS on the "gateway" side of the mediation server. The cert on the mediation is used for communication with the OCS pool, but usually the mediation server would communicate via TCP to the upstream voice gateway (or IP PBX) on port 5060. It's possible to do 5061/TLS from mediation to the gateway, but you really need to be sure that the gateway/IPPBX trusts the cert on the mediation server.
    3) just to double-check your routing logic, I'd recommend running the "Enterprise Voice Route Helper" tool from the OCS Resource Kit. It will point out any flaws in the routing logic.

    Regards,
    Matt

    Matt McGillen, PointBridge - https://blogs.pointbridge.com/Blogs/mcgillen_matt/default.aspx
    • Marked as answer by Gavin-Zhang Friday, December 25, 2009 9:24 AM
    Tuesday, December 15, 2009 5:23 PM
  • Thanks Matt,

    It turns out that problem was with the cert on mediation server. Even though cert was valid and showed no corruption, re-issuing the cert fixed the problem. Thanks.
    Tuesday, December 29, 2009 4:30 PM