locked
2 users can't call -> site-to-site TMG RRS feed

  • Question

  • Hello,

     

    I have problem with my Lync Implementation. We have multiple subdomains which every domain have own subnet (SD 1 have 10.2.x.y, SB 2 have 10.3.x.y etc.) and we have remote locations connected via Site-To-Site TMG tunel (remote location have ip range 192.168.254.xxx). 

    When I (i am member of top domain in forrest (10.1.x.y)) want to call somebody in remote location, everything is OK in both directions. But, when somebody from subdomain want to call to user located in remote location, reporting server report: "Call failed to establish due to a media connectivity failure when both endpoints are internal." This is happening in both directions (if user from RL want to call user in SB and opposite).

     

    Can you help me figure it out?

    Patrik


    Tuesday, June 7, 2011 9:49 AM

Answers

  • Patrik.

    This sounds like a problem with the ruleset on the TMG server.  The clients need to have access to make a direct media connection, it sounds like TMG is blocking this routing functionality from the non forest root subnet to the remote site.  You should use the monitoring tab of TMG and filter on the remote party client IP address to see what is being blocked and what rule is blocking it. 

     

    From another perspective, it is not recommended to use VPN tunnels with Lync.  The added delay of encapsulation and decapsulation of the IPsec traffic adds significant overhead and delay which will cause jitter and delay in the voice/video traffic.  I would recommend having the remote office users connect using an edge server as an external user.  Although this is just a recommendation to get better experience. 

     

    Mark


    Mark King | MVP: Lync Server | MCTS:UC Voice | MCITP x3 :Lync, Enterprise Messaging 2010, EA | MCSE: Messaging | blog.unplugthepbx.com
    • Marked as answer by Patrik Cevela Wednesday, June 8, 2011 12:42 PM
    Tuesday, June 7, 2011 8:24 PM

All replies

  • Patrik.

    This sounds like a problem with the ruleset on the TMG server.  The clients need to have access to make a direct media connection, it sounds like TMG is blocking this routing functionality from the non forest root subnet to the remote site.  You should use the monitoring tab of TMG and filter on the remote party client IP address to see what is being blocked and what rule is blocking it. 

     

    From another perspective, it is not recommended to use VPN tunnels with Lync.  The added delay of encapsulation and decapsulation of the IPsec traffic adds significant overhead and delay which will cause jitter and delay in the voice/video traffic.  I would recommend having the remote office users connect using an edge server as an external user.  Although this is just a recommendation to get better experience. 

     

    Mark


    Mark King | MVP: Lync Server | MCTS:UC Voice | MCITP x3 :Lync, Enterprise Messaging 2010, EA | MCSE: Messaging | blog.unplugthepbx.com
    • Marked as answer by Patrik Cevela Wednesday, June 8, 2011 12:42 PM
    Tuesday, June 7, 2011 8:24 PM
  • Thanks a lot.

    I suspected TMG might be a problem but I rather ask more experienced users :)

    I'll post result.

    Wednesday, June 8, 2011 10:19 AM