locked
Port 5061 not showing in EndpointConfiguration.cache file RRS feed

  • Question

  • Hello All,

    I have been having some issues with SFB 2015, where for some of our users the EndpointConfiguration.cache file will NOT have the 5061 port in this cache file. When I look at the file in notepad on the local machine it is only showing the port 443. We do have some users that are pulling the ports 5061 and 443.

    Back Ground:

    * one FE server with IP X.X.X62

    * One Edge server with internal IP X.X.X59 and an external public IP of 209.X.X.105

    * One Session Border Control for polycom IP phones

    * One Office Web Apps Server

    * One Reverse Proxy Server

    Troubleshooting

    * Went to C:\users\<username>\local\microsoft\office\16.0\lync  and deleted out the EndpointConfiguration.cache file from this location> re-opened skype > and then looked at the file in notepad, again it is only pulling 443.

    * Installed the latest CU for SFB 2015 server

    * Installed the latest version of the SFB 2016 Client

    * Tried to manually modify the EndpointConfiguration.cache file to include the 5061 port.

    DNS entries

    (A) Record to lyncdiscoverinternal     IP X.X.X.62

    (A) Record to lyncdiscover                IP X.X.X.62

    (A) Record to Sip                             IP X.X.X.62

    (A) Record to SipInternal                 IP X.X.X.62

    (SRV) Record to _sipfederationtls  port 5061 protocol _tcp to Edge-server.Domain.com

    (SRV) Record to _sipinternaltls     port 5061 protocol _tcp to FE-Server.Domain.com

    (SRV) Record to _sip                   port 443 protocol _tls to  Edge-Server.Domain.com

    I am attaching a good configuration and a bad configuration file so you can compare and maybe figure out what is going on.

    Monday, October 22, 2018 3:38 PM

Answers

  • Hi frankJeffuser,

    Which network environment do you use when you do the test, internal or external network? As you know, when a user sign in the SFB client, it will do the DNS query at first, in this step, it will use the DNS records or the EndpointConfiguration.cache file. After this step, it will do the authentication. In this step, if you are in the external network, it will go through Edge Server. Details about Autodiscover, you could refer to the following picture:

    In addition, you could refer to this blog to find more details about Lync 2010 Client Authentication, it is similar as SFB client. 

    About the Fabric issue, i suggest you could check whether the Windows Fabric Host Service is running in the FE Servers.


    Best Regards,
    Evan Jiang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    • Marked as answer by Jeff at Frank Wednesday, October 24, 2018 6:58 PM
    Wednesday, October 24, 2018 7:07 AM
  • I figured out the issue. We have two DNS servers and the DNS server 2 had the domain.com is where all the DNS entries reside. I noticed that lyndiscoverinternal.domain.com was poiting to the edge server and not the Front End. After Changing the DNS entry to point to the Front End server, I was able to IM everyone in my office.

    Thanks for pointing me in the right direction Evan!

    • Marked as answer by Jeff at Frank Wednesday, October 24, 2018 6:58 PM
    Wednesday, October 24, 2018 6:58 PM

All replies

  • Hi frankJeffuser,

    This is a normal phenomenon that port 443 or 5061 is not displayed in the EndpointConfiguration.cache file. As you know, the SFB client DNS discovery process as below when users first try to sign-in their client:
    1. lyncdiscoverinternal.contoso.com (A record for the Autodiscover service for internal connections directed to internal Web services)
    2. lyncdiscover.contoso.com (A record for the Autodiscover service for external Web services)
    3. _sipinternaltls._tcp.contoso.com (SRV record for internal TLS connections)
    4. _sipinternal._tcp.contoso.com (SRV record for internal TCP connections)
    5. _sip._tls.contoso.com (SRV record for external TCP connections)
    6. sipinternal.contoso.com (A record for the Front End pool)
    7. sip.contoso.com (A record for the Front End pool when the client is on the internal network; A record for the Access Edge Server when the client is external with no VPN access)
    8. sipexternal.contoso.com (A record for the Access Edge Server when the client is external with no VPN access)
    If user could sign-in with the DNS record lyncdiscoverinternal.contoso.com, it will not use other DNS record. Details about the information you could refer to Lync Client Discovery Process.

    The EndpointConfiguration.cache file resides on an end user's client machine and is leveraged each time the Lync client attempts to sign on to the Front End server. By looking at this file, the Lync client avoids the drawn out process of having to use DNS to lookup SRV records each time it connects to the pool. If the SFB client could sign on to the FE server with lyncdiscoverinternal.contoso.com or lyncdiscover.contoso.com, it will not show any ports in the files. In addition, if SFB client sign on to FE server failed with the cache file and lyncdiscover records, it will try to use other DNS records, and after signing in, it will update the cache file. Details about this, you could refer to Decoding Lync's EndpointConfiguration.cache File

    Note: This response contains a reference to a third party World Wide Web site. Microsoft can make no representation concerning the content of these sites. Microsoft is providing this information only as a convenience to you: this is to inform you that Microsoft has not tested any software or information found on these sites and therefore cannot make any representations regarding the quality, safety, or suitability of any software or information found there. There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software on the Internet.


    Best Regards,
    Evan Jiang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Tuesday, October 23, 2018 5:36 AM
  • Hello Evan,

    Thanks for the information you provided, but I kind of knew a bit of this. I also ran snooper on my computer to see what my SIP profile would resolve to. I saved out my profile before the corruption and it shows that my computer Negotiated with SIP X.X.X.62:5061 which is our Front End Server. When I deleted out the Endpointconfiguration file and then pulled up a tracing file in Snooper, my SFB client Negotiated with 209.X.X.105:443 ONLY. This IP is my Edge Server.

    The question is why is it when any new client tries to sign in it resolves to my Edge server? I did notice that the FE server has a continuous error message pointing to a corrupted database file. Here is the error.

    Fabric (24600) (00000000-0000-0000-0000-000000002000:130796374628356681): Database C:\ProgramData\Windows Fabric\FRANK-SKYPE.Domain.com\Fabric\work\CM\P_00000000-0000-0000-0000-000000002000\R_130796374628356681\CM.edb: Index OperationLSNIndex of table LocalStoreData is corrupted (0). 

    Now with this error it seems to be pointing to the Windows Fabric. The real question is would this corruption have anything to do with routing users to my Edge server than going to my FE server?



    Tuesday, October 23, 2018 1:31 PM
  • Hi frankJeffuser,

    Which network environment do you use when you do the test, internal or external network? As you know, when a user sign in the SFB client, it will do the DNS query at first, in this step, it will use the DNS records or the EndpointConfiguration.cache file. After this step, it will do the authentication. In this step, if you are in the external network, it will go through Edge Server. Details about Autodiscover, you could refer to the following picture:

    In addition, you could refer to this blog to find more details about Lync 2010 Client Authentication, it is similar as SFB client. 

    About the Fabric issue, i suggest you could check whether the Windows Fabric Host Service is running in the FE Servers.


    Best Regards,
    Evan Jiang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    • Marked as answer by Jeff at Frank Wednesday, October 24, 2018 6:58 PM
    Wednesday, October 24, 2018 7:07 AM
  • I figured out the issue. We have two DNS servers and the DNS server 2 had the domain.com is where all the DNS entries reside. I noticed that lyndiscoverinternal.domain.com was poiting to the edge server and not the Front End. After Changing the DNS entry to point to the Front End server, I was able to IM everyone in my office.

    Thanks for pointing me in the right direction Evan!

    • Marked as answer by Jeff at Frank Wednesday, October 24, 2018 6:58 PM
    Wednesday, October 24, 2018 6:58 PM
  • Hi frankJeffuser,

    Thanks for your sharing, and I’m glad to see the issue has been resolved. 

    Best Regards,
    Evan Jiang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Thursday, October 25, 2018 5:37 AM