locked
external users being treated as internal & failed calls/video RRS feed

  • Question

  • We have recently setup a new skype for business (standard) server, its a single server as we only have a few users. Whenever we try to call/video internally it works fine however external users get the below error... any idea how we could solve this?

    ms-client-diagnostics: 22; reason="Call failed to establish due to a media connectivity failure when both endpoints are internal";UserType="Callee";MediaType="audio";MediaChanBlob="NetworkErr=no error,ErrTime=0,RTPSeq=0,SeqDelta=0,RTPTime=0,RTCPTime=0,TransptRecvErr=0x0,RecvErrTime=0,TransptSendErr=0x0,SendErrTime=0,InterfacesStall=0x0,InterfacesConnCheck=0x0,BlobVer=1";LocalSite="192.168.126.1:6422";RemoteSite="192.168.56.1:9606";MediaEpBlob="ICEWarn=0x80020,ICEWarnEx=0x1,PortRange=1025:65000,LocalLocation=2,RemoteLocation=2,FederationType=0,StunVer=0,CsntRqOut=0,CsntRqIn=0,CsntRspOut=0,CsntRspIn=0,Interfaces=0x6,IceRole=1,RtpRtcpMux=1,FirstHopRTTInMs=0,MediaDllVersion=6.0.8941.633,BlobVer=1";MediaMgrBlob="MrDnsX=NoRelays,BlobVer=1"

    Proxy-Authorization: NTLM qop="auth", realm="SIP Communications Service", opaque="4A2B94F6", targetname="MTPOC-Skype01.MTPOC.local", crand="be83bf81", cnum="174", response="0100000020d3721c0e2cc10c791319aa"

    Content-Length: 0

    not sure why external users are showing up as internal?


    Monday, February 27, 2017 3:06 PM

All replies

  • I am also seeing the following in the logs

    GET https://skype.mtpoc.online/ucwa/v1/applications/214084521207/people/m****.w****@mtpoc.online/presence
    Request Id: 0x10be66c60
    HttpHeader:Accept application/vnd.microsoft.com.ucwa+xml
    HttpHeader:Content-Type application/vnd.microsoft.com.ucwa+xml
    HttpHeader:X-MS-Namespace internal

    Monday, February 27, 2017 4:39 PM
  • Hi chillchieftony,

    Edge server is the required component for external access, did you set up Edge server in your environment?

    If you don’t have Edge server, please refer to the following document deploy Edge server
    https://technet.microsoft.com/en-us/library/dn933903.aspx

    If you have set Edge server, make sure UDP 3478 is open Bi-Directional on the AV Edge external interface.

    Here is a blog for your reference
    https://dusk1911.wordpress.com/2011/11/28/lync-audiovideo-not-working/

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.


    Regards,

    Alice Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, February 28, 2017 6:04 AM
  • This is because of the dege server configuration.

    You should not use gateway for the internal interface of the edge server.Instead it should be manual route to only necessary IP subnets.

    Public interface/External should have gateway configured and reach ability to all external ports mentioned in Technet article related to Skype for business edge firewall requirements.Especially between to and from of AV interface with ports 443 and udp 3478.


    Jayakumar K

    Tuesday, February 28, 2017 6:25 AM
  • I only have a single server as i am using standard edition which runs both the Front End services & edge. 

    External Access:

       Connection-specific DNS Suffix  . :
       IPv4 Address. . . . . . . . . . . : 192.168.100.97
       Subnet Mask . . . . . . . . . . . : 255.255.255.0
       Default Gateway . . . . . . . . . : 192.168.100.254

    Internal Access:

       Connection-specific DNS Suffix  . :
       IPv4 Address. . . . . . . . . . . : 192.168.39.97
       Subnet Mask . . . . . . . . . . . : 255.255.255.192
       Default Gateway . . . . . . . . . :

    I have NAT Rules through the cisco ASA allowing 

    tcp/udp   53
    tcp 443 -> 4443
    tcp 80 -> 8080
    tcp 5061
    tcp/udp 50000-59999
    udp 3478

    I also have appropriate access rules for the above NAT statements, they are bidirectional for 3478,5061 50000 etc

    server appears to be listening on relevent ports as well :s 

    TCP    0.0.0.0:443            MTPOC-Skype01:0        LISTENING
    TCP    0.0.0.0:444            MTPOC-Skype01:0        LISTENING
    TCP    0.0.0.0:445            MTPOC-Skype01:0        LISTENING
    TCP    0.0.0.0:1801           MTPOC-Skype01:0        LISTENING
    TCP    0.0.0.0:2103           MTPOC-Skype01:0        LISTENING
    TCP    0.0.0.0:2105           MTPOC-Skype01:0        LISTENING
    TCP    0.0.0.0:2107           MTPOC-Skype01:0        LISTENING
    TCP    0.0.0.0:3389           MTPOC-Skype01:0        LISTENING
    TCP    0.0.0.0:4443           MTPOC-Skype01:0        LISTENING
    TCP    0.0.0.0:5061           MTPOC-Skype01:0        LISTENING
    TCP    0.0.0.0:5062           MTPOC-Skype01:0        LISTENING
    TCP    0.0.0.0:5063           MTPOC-Skype01:0        LISTENING
    TCP    0.0.0.0:5065           MTPOC-Skype01:0        LISTENING
    TCP    0.0.0.0:5067           MTPOC-Skype01:0        LISTENING
    TCP    0.0.0.0:5070           MTPOC-Skype01:0        LISTENING
    TCP    0.0.0.0:5071           MTPOC-Skype01:0        LISTENING
    TCP    0.0.0.0:5075           MTPOC-Skype01:0        LISTENING
    TCP    0.0.0.0:5076           MTPOC-Skype01:0        LISTENING
    TCP    0.0.0.0:5077           MTPOC-Skype01:0        LISTENING
    TCP    0.0.0.0:5088           MTPOC-Skype01:0        LISTENING
    TCP    0.0.0.0:5090           MTPOC-Skype01:0        LISTENING
    TCP    0.0.0.0:5091           MTPOC-Skype01:0        LISTENING
    TCP    0.0.0.0:5092           MTPOC-Skype01:0        LISTENING
    TCP    0.0.0.0:5098           MTPOC-Skype01:0        LISTENING
    TCP    0.0.0.0:5985           MTPOC-Skype01:0        LISTENING
    TCP    0.0.0.0:8057           MTPOC-Skype01:0        LISTENING
    TCP    0.0.0.0:8060           MTPOC-Skype01:0        LISTENING
    TCP    0.0.0.0:8061           MTPOC-Skype01:0        LISTENING
    TCP    0.0.0.0:8080           MTPOC-Skype01:0        LISTENING
    TCP    0.0.0.0:8404           MTPOC-Skype01:0        LISTENING
    TCP    0.0.0.0:9001           MTPOC-Skype01:0        LISTENING
    TCP    0.0.0.0:23272          MTPOC-Skype01:0        LISTENING
    TCP    0.0.0.0:47001          MTPOC-Skype01:0        LISTENING
    TCP    0.0.0.0:49152          MTPOC-Skype01:0        LISTENING
    TCP    0.0.0.0:49153          MTPOC-Skype01:0        LISTENING
    TCP    0.0.0.0:49154          MTPOC-Skype01:0        LISTENING
    TCP    0.0.0.0:49155          MTPOC-Skype01:0        LISTENING
    TCP    0.0.0.0:49156          MTPOC-Skype01:0        LISTENING
    TCP    0.0.0.0:50001          MTPOC-Skype01:0        LISTENING
    TCP    0.0.0.0:50002          MTPOC-Skype01:0        LISTENING
    TCP    0.0.0.0:50003          MTPOC-Skype01:0        LISTENING

    Tuesday, February 28, 2017 9:34 AM
  • Hi chillchieftony,

    Did you mean you install SFB standard edition and Edge server on the same server? If so, that’s not supported. You can’t install Edge server on the domain joined computer with SFB FE server, please refer to the document I provided to deploy SFB Edge server.


    Regards,

    Alice Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Liinus Thursday, March 2, 2017 4:51 AM
    Tuesday, February 28, 2017 9:49 AM
  • I feel like a bit of an idiot now.... RTFM moment there :) ok so i have deployed the edge server and Microsoft RCA confirms its all good

    Attempting to contact Audio/Video Lync Edge server skype.mtpoc.online at TCP port 443. The Audio/Video Lync Edge server name, the TCP port, and the UDP Port 3478 on which it listens for Media Port requests are obtained from the Microsoft Office Communications Server when the test user signs in. This test determines if the Audio/Video Lync Edge server is properly accepting STUN/TURN requests for Media TCP ports in order for external voice and video calls to be enabled.

    My clients are also showing as being external now which is good..... any thoughts? 

    3/01/2017|13:37:05.705 1260:1984 TRACE :: CUccMediaManagerEventAdapter::OnMessage - Processed WM_MMGR_CHANNEL_EVENT.

    03/01/2017|13:37:05.706 1260:1984 INFO  :: Remove channel(1C75A4D0)

    03/01/2017|13:37:05.706 1260:1984 INFO  :: InternalRemoveChannel channel(1C75A4D0)

    03/01/2017|13:37:05.706 1260:1984 INFO  :: Remove all video channels because main video channel has been removed.

    03/01/2017|13:37:05.706 1260:1984 INFO  :: CUccAudioVideoSessionParticipant2::UpdateChannels - Queuing Transaction request as ice has not been processed!

    03/01/2017|13:37:05.745 1260:1984 TRACE :: CUccMediaManagerEventAdapter::OnMediaChannelEvent - Processed MCHEMT_DeviceIntensityChanged for 226903488l.

    03/01/2017|13:37:05.745 1260:1984 TRACE :: CUccMediaManagerEventAdapter::OnMessage - Processed WM_MMGR_CHANNEL_EVENT.

    03/01/2017|13:37:05.745 1260:1984 INFO  :: CUccAudioVideoMediaQualityEvent::LogDetails - Local Media Quality Event:

    03/01/2017|13:37:05.745 1260:1984 INFO  :: CUccAudioVideoMediaQualityEvent::LogDetails -     modality: UCCMT_AUDIO

    03/01/2017|13:37:05.745 1260:1984 INFO  :: CUccAudioVideoMediaQualityEvent::LogDetails -     type: UCCQCST_DEVICE_RENDER_MUTE

    03/01/2017|13:37:05.745 1260:1984 INFO  :: CUccAudioVideoMediaQualityEvent::LogDetails -     quality: GOOD

    03/01/2017|13:37:05.745 1260:1984 TRACE :: CUccMediaManagerEventAdapter::OnMediaChannelEvent - Processed MCHEMT_QualityChanged for 226903488l.

    03/01/2017|13:37:05.745 1260:1984 TRACE :: CUccMediaManagerEventAdapter::OnMessage - Processed WM_MMGR_CHANNEL_EVENT.

    03/01/2017|13:37:05.745 1260:1984 TRACE :: CUccMediaManagerEventAdapter::OnMediaChannelEvent - Processed MCHEMT_ConnectivityCheckCompleted for 226903488l.

    03/01/2017|13:37:05.746 1260:1984 TRACE :: CUccMediaManagerEventAdapter::OnMessage - Processed WM_MMGR_CHANNEL_EVENT.

    03/01/2017|13:37:05.746 1260:1984 TRACE :: CUccMediaManagerEventAdapter::OnMediaChannelEvent - Processed MCHEMT_ConnectivityCheckCompleted for 477472016l.

    03/01/2017|13:37:05.746 1260:1984 TRACE :: CUccMediaManagerEventAdapter::OnMessage - Processed WM_MMGR_CHANNEL_EVENT.

    03/01/2017|13:37:05.746 1260:1984 INFO  :: Setting TtyEnabled to FALSE

    03/01/2017|13:37:05.746 1260:1984 INFO  :: Now populating media parameters of removed channels.

    03/01/2017|13:37:05.865 1260:1984 ERROR :: CUccOutgoingInviteOperation::Execute: HRESULT API failed: 80ee000b = hr. StartNegotiation on Media Flow failed

    03/01/2017|13:37:05.865 1260:1984 ERROR :: CUccSIPAwareTransaction::ExecuteOperations: HRESULT API failed: 80ee000b = hr. Execute operation

    03/01/2017|13:37:05.866 1260:1984 ERROR :: CUccMediaSessionParticipant2::ProcessNextTransactionIfPresent: HRESULT failed: 80ee000b = hr. ExecuteOperations

    03/01/2017|13:37:05.866 1260:1984 ERROR :: CUccMediaSessionParticipant2::NegotiationRequired: HRESULT failed: 80ee000b = hr. ProcessNextTransactionIfPresent

    03/01/2017|13:37:05.866 1260:1984 INFO  :: Pending transaction now queued for execution

    03/01/2017|13:37:05.866 1260:1984 INFO  :: Function: CUccMediaSessionParticipant2::NegotiationRequired

    03/01/2017|13:37:05.866 1260:1984 ERROR :: HRESULT failed: 80ee000b = hr . ProcessNextTransactionIfPresent

    03/01/2017|13:37:05.866 1260:1984 INFO  :: CUccOutgoingInviteOperation::Rollback(), this = 0D622188

    03/01/2017|13:37:05.875 1260:1984 ERROR :: CUccOutgoingInviteOperation::Rollback: HRESULT failed: 8007139f = hr. CompleteNegotiation

    03/01/2017|13:37:05.875 1260:1984 ERROR :: CUccAudioVideoSessionParticipant2::NegotiationRequired: HRESULT API failed: 80ee000b = hr. NegotiationRequired

    03/01/2017|13:37:05.875 1260:1984 TRACE :: CUccMediaManagerEventAdapter::OnMediaFlowEvent - Processed MFEMT_NegotiationRequired for 481245968l.

    03/01/2017|13:37:05.875 1260:1984 TRACE :: CUccMediaManagerEventAdapter::OnMessage - Processed WM_MMGR_FLOW_EVENT.

    03/01/2017|13:37:05.875 1260:1984 INFO  :: IMediaChannelNotify::MediaChanged, source(0D680E40), direction(1), event(6), reason(5)

    03/01/2017|13:37:05.875 1260:1984 INFO  :: CUccAudioVideoMediaChannel2::OnStreamStateChanged -Raising Event for media stream state change from STATE: 2 to 4, MEDIATYPE: 1, DIRECTION(S): 1

    03/01/2017|13:37:05.875 1260:1984 INFO  :: Function: CUccAudioVideoMediaChannel2::GetLocalSourceId

    03/01/2017|13:37:05.875 1260:1984 ERROR :: HRESULT API failed: 80070032 = hr. get_LocalSourceId

    03/01/2017|13:37:05.875 1260:1984 INFO  :: Function: CUccAudioVideoMediaChannel2::GetLocalSourceId

    03/01/2017|13:37:05.875 1260:1984 ERROR :: HRESULT API failed: 80070032 = hr. get_LocalSourceId

    03/01/2017|13:37:05.875 1260:1984 INFO  :: <ContributingSources this=0x0D864580 mediaType=1 subType=0 count=0 >

    03/01/2017|13:37:05.875 1260:1984 INFO  :: </ContributingSources>

    03/01/2017|13:37:05.875 1260:1984 TRACE :: CUccMediaManagerEventAdapter::OnMessage - Processed WM_MMGR_CHANNEL_EVENT.

    03/01/2017|13:37:05.875 1260:1984 INFO  :: IMediaChannelNotify::MediaChanged, source(0D680E40), direction(2), event(6), reason(5)

    03/01/2017|13:37:05.875 1260:1984 INFO  :: CUccAudioVideoMediaChannel2::OnStreamStateChanged -Raising Event for media stream state change from STATE: 1 to 4, MEDIATYPE: 1, DIRECTION(S): 2

    03/01/2017|13:37:05.875 1260:1984 TRACE :: CUccMediaManagerEventAdapter::OnMessage - Processed WM_MMGR_CHANNEL_EVENT.

    03/01/2017|13:37:05.876 1260:1984 INFO  :: CUccSession::Terminate - Terminate called by the app Session ptr - 1CBF0774

    03/01/2017|13:37:05.876 1260:1984 INFO  :: CUccMediaSession2::InternalTerminate[1CBF076C]- reason=0,m_enState=3

    03/01/2017|13:37:05.877 1260:1984 INFO  :: 0 - Diagnostics Code

    03/01/2017|13:37:05.877 1260:1984 TRACE :: MULTIPARTY_SESSION::Disconnect - enter [0x1C7F7458]

    03/01/2017|13:37:05.877 1260:1984 TRACE :: MULTIPARTY_SESSION::InternalDisconnect[1C7F7458] state 4, sc=0, t=(null)

    03/01/2017|13:37:05.877 1260:1984 INFO  :: MSP.SetState[1C7F7458] SIP_CALL_STATE_CONNECTED->SIP_CALL_STATE_DISCONNECTED, local=sip:tony.reardon@mtpoc.online

    03/01/2017|13:37:05.877 1260:1984 TRACE :: SIP_CALL::StopSessionExpiresTimer disable session timer

    03/01/2017|13:37:05.877 1260:1984 INFO  :: Out trxn corr-id (1C2FCA08)

    03/01/2017|13:37:05.877 1260:1984 TRACE :: signed buffer: <NTLM><6edbade1><53><SIP Communications Service><MTPOC-Skype01.MTPOC.local><827a2f0b3fd84d7394ccc9c187c00462><3><BYE><sip:tony.reardon@mtpoc.online><39f6085b85><sip:matthew.webb@mtpoc.online><02d2421b2b><><><> - length- 209. SSPI context:37278360-269971832.

    03/01/2017|13:37:05.877 1260:1984 INFO  :: Trxn corr-id (1C2FCA08), SIP msg corr-id (e0362b97)

    03/01/2017|13:37:05.877 1260:1984 INFO  :: Sending Packet - 80.65.248.228:5061 (From Local Address: 192.168.10.171:55234) 1971 bytes:

    03/01/2017|13:37:05.877 1260:1984 INFO  :: BYE sip:matthew.webb@mtpoc.online;opaque=user:epid:wjAAG6Ba9FykHd4ER2GapQAA;gruu SIP/2.0

    Via: SIP/2.0/TLS 192.168.10.171:55234

    Max-Forwards: 70

    From: <sip:tony.reardon@mtpoc.online>;tag=39f6085b85;epid=d24ef48169

    To: <sip:matthew.webb@mtpoc.online>;epid=f6b4ba16a7;tag=02d2421b2b

    Call-ID: 827a2f0b3fd84d7394ccc9c187c00462

    CSeq: 3 BYE

    Route: <sip:skype.mtpoc.online:5061;transport=tls;opaque=state:Ci.Rd00;lr;ms-route-sig=aa-DiQvEluvzTEf2n5rE-uYM2YtdmWHZQ6QAZCJb5AkQobTZoaUw65LQAA>

    Route: <sip:MTPOC-Skype01.MTPOC.local:5061;transport=tls;opaque=state:T:F:Eu;lr;received=192.168.39.97;ms-received-cid=500>

    User-Agent: UCCAPI/16.0.4417.1000 OC/16.0.4417.1000 (Skype for Business)

    ms-client-diagnostics: 24; reason="Call failed to establish due to a media connectivity failure when both endpoints are remote";UserType="Callee";MediaType="audio";MediaChanBlob="NetworkErr=no error,ErrTime=0,RTPSeq=0,SeqDelta=0,RTPTime=0,RTCPTime=0,TransptRecvErr=0x0,RecvErrTime=0,TransptSendErr=0x0,SendErrTime=0,InterfacesStall=0x0,InterfacesConnCheck=0x0,BlobVer=1";BaseAddress="192.168.10.171:11538";LocalSite="192.168.126.1:26490";NetworkName="MTSTAFF2";RemoteSite="192.168.56.1:24246";MediaEpBlob="ICEWarn=0xc0002b,ICEWarnEx=0x1,LocalMR=80.65.248.228:3478,PortRange=1025:65000,LocalLocation=1,RemoteLocation=1,FederationType=0,StunVer=0,CsntRqOut=0,CsntRqIn=0,CsntRspOut=0,CsntRspIn=0,Interfaces=0x6,BaseInterface=0x4,IceRole=1,RtpRtcpMux=1,FirstHopRTTInMs=3,MediaDllVersion=6.0.8941.633,BlobVer=1";MediaMgrBlob="MrDnsE=skype.mtpoc.online,MrResE=1,MrErrE=0,MrBgnE=36973641959896736,MrEndE=36973641959900168,MrDnsI=mtpoc-edge01.mtpoc.local,MrResI=0,MrErrI=11001,MrBgnI=36973641959863104,MrEndI=36973641959866720,MrDnsCacheReadAttempt=0,BlobVer=1"

    Proxy-Authorization: NTLM qop="auth", realm="SIP Communications Service", opaque="8FF86119", targetname="MTPOC-Skype01.MTPOC.local", crand="6edbade1", cnum="53", response="0100000034323162419cf2c659ae7fb6"

    Content-Length: 0

    Wednesday, March 1, 2017 1:44 PM
  • update to this...

    Internal -> Internal               Works

    Internal -> External               Fails

    External -> External              Works if on same network, fails if on different connections 


    ICEWarn=0xc0002b    appears to hint at a TURN problem

    Wednesday, March 1, 2017 4:26 PM
  • Hi chillchieftony,

    Thanks for your response.

    Did all external users have this issue, are there any error message on SFB Edge server?


    Regards,

    Alice Wang


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, March 6, 2017 6:58 AM