We have a problem.
Other Lync users (different organizations, like ATEA,
CGIT) can find and see our domain users status (ihm.se) on their lync’s and
also initiate contact by lynccall/LyncVideoCall/IM.
We cannot respond by IM or initiate contact with video
or “call” but we can respond to the call if they initiate it
*Enabled communication in the External Access policy
*Enabled Federation and public IM connectivity in the Access Edge Configuration
*verified my edge server with Remove Connectivity Analyzer, Ran the Test for remote connection to Lync. it came back green and it verified that port 5061 is opened and listening.
* In-house Lync install
* Edge-Server running everything on one external IP
I's there something I missed to configure?
- Edited by MickeSelander Monday, October 21, 2013 11:02 AM
Make sure that you have static routes on your edge server back to all of your clients. Since the default GW is on your "external" NIC, it will try to route everything out that NIC instead of sending it inside for internal traffic. That is what is most common when I see this behavior.
Otherwise, go and run a trace on the edge server and see what is the exact error that is being returned in the SIP Message.
Richard Brynteson, Avtex, Lync MCM, Blog - www.masteringlync.com
What Richard said, also make sure there's a DNS entry for the Edge server that the Front Ends can find. Since the edge server isn't a part of the domain, it isn't automatically created. These may seem simple but are occasionally overlooked. Your best bet is to use the logging tools included in the Lync debugger download to see what you can figure out and take it step by step.
I can now successfully tracert to any of our internal client (changed from only frontend server to all internal clients in firewall) and I also verified our internal DNS, the frontend server can connect to edge (replication is ok but I also added over external addresses, sip.ihm.se & lyncedge.ihm.se)
BUT the problem persists any more suggestions?
No Direct errors om the front end but I find some on the edge:
"Via: SIP/2.0/TLS 172.16.0.12:52293;ms-received-port=52293;ms-received-cid=100Content-Length: 0ms-diagnostics: 1046;reason="Failed to connect to a federated peer server";fqdn="sip.atea.se";peer-type="FederatedPartner";winsock-code="10061";winsock-info="The peer actively refused the connection attempt";source="sip.ihm.se"$$end_record"