none
Trusted application fails to transfer a PSTN call to an external number RRS feed

  • Question

  • Hello,

    Out trusted application [NOT using UCMA SDK] is failing to transfer incoming PSTN calls to external numbers.

    From the SfB logs we discovered that the Referred-By header is ignored because it does not have the ms-identity parameter:

    TL_VERBOSE(TF_COMPONENT) [SFB19SVR01]0F24.2D10::11/06/2019-18:01:09.508.00007EDA (OutboundRouting,OutboundRoutingDispatcher.ProcessIncomingRequestHeaders:outboundroutingdispatcher.cs(1719)) [3599233148]Referred-by header found: "XM Connect"<sip:8200@company.local>
    TL_VERBOSE(TF_COMPONENT) [SFB19SVR01]0F24.2D10::11/06/2019-18:01:09.509.00007EDB (OutboundRouting,OutboundRoutingDispatcher.ProcessIncomingRequestHeaders:outboundroutingdispatcher.cs(1724)) [3599233148]Referred-by header ignored since it is not signed.

    Because of this, the Mediation Server will use the address from From header to determine the permissions for dialing out and since this will be an external phone number it will not work:

    TL_VERBOSE(TF_COMPONENT) [SFB19SVR01]0F24.2D10::11/06/2019-18:01:09.591.00007F08 (OutboundRouting,OutboundRoutingDispatcher.ProcessOutboundRequestToPstn:outboundroutingdispatcher.cs(1558)) [3599233148]Applying From URI's outbound policy
    TL_VERBOSE(TF_COMPONENT) [SFB19SVR01]0F24.2D10::11/06/2019-18:01:09.608.00007F09 (OutboundRouting,OutboundRoutingDispatcher.ApplyCallerPolicyAndRouteRequest:outboundroutingdispatcher.cs(2643)) [3599233148]Routing request based on caller: sip:6007;phone-context=PstnGateway_ccm2sub.company.local@company.local
    TL_VERBOSE(TF_COMPONENT) [SFB19SVR01]0F24.2D10::11/06/2019-18:01:09.608.00007F0A (OutboundRouting,OutboundRoutingDispatcher.ApplyCallerPolicyAndRouteRequest:outboundroutingdispatcher.cs(2646)) [3599233148]Caller not UC enabled.
    TL_INFO(TF_PROTOCOL) [SFB19SVR01]0F24.2D10::11/06/2019-18:01:09.610.00007F0B (OutboundRouting,OutboundRoutingDispatcher.DoMessageStampingNotUcEnabled:outboundroutingdispatcher.cs(1187)) [3599233148]Stamping request from non UC enabled user and sending request on its way...

    I tried without luck to find information regarding the algorithm for creating the ms-identity parameter.

    Could you please tell me if there is any public document that describes it and how to get a copy?

    Thank you,

    Bogdan


    Vasilescu Bogdan


    Wednesday, November 6, 2019 7:42 PM

All replies

  • Hi Bogdan,

    Your post mentioned your privacy, so I covered this information. Thanks for your understanding.

    Thanks for visiting our forum. Our forum focuses on Skype for Business.

    According to your description, this problem seems related to development. However, our forum is not familiar with development.

    If you want to get more effective development supports, I suggest you post a case in MSDN forum, the link is:

    https://social.msdn.microsoft.com/Forums/en-US/home


    Best Regards,
    Sharon Zhao


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Thursday, November 7, 2019 2:41 AM
    Moderator
  • Thank you very much Sharon for updating the question and for trying to help.

    However, I am not sure the msdn forums are better place for this question. While it seem a programming question is actually more of a documentation issue. The parameter I am talking about is a MS extension to the SIP RFC but is not covered in detail in any of the SIP extension documents provided by MS on their office protocols website.

    Do you think you could internally forward this question to the SfB team so they can provide some input?

    Thank you,

    Bogdan


    Vasilescu Bogdan

    Thursday, November 7, 2019 4:40 PM
  • Hi Bogdan,

    I'm afraid that I can't do like this. 

    I will do a discussion with others about this problem. If there are any update, I will share with you.

    Moreover, it is a good choice to post a case in MSDN forum. 

    Thanks for your understanding.


    Best Regards,
    Sharon Zhao


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Wednesday, November 13, 2019 5:01 AM
    Moderator
  • Hi Bogdan,

    You can assign the trustedapplicationendpoint the correct Voice Policy to allow it to make external calls.

    Can be done by get-cstrustedapplicationendpoint -identity sip:... | grant-csvoicepolicy -policyname "VoicePolicy"

    Doing this should enabled the trusted app to make that external call

    Good luck. Let me know if it works.

    Wednesday, November 13, 2019 10:00 AM
  • Hi K_S_C,

    Thank you for taking the time to provide your input on this issue.

    I am investigating this issue in our lab where the Global voice policy allows external calls. Nevertheless, I tried with a specific policy assigned to the trusted end point and it did not work.

    After reviewing the SfB logs, I discovered that the call flow is quite complicated and that the issue occurs when the server is processing the INVITE with replaces received from the trunk. At this point the trusted end point appears in the SIP message only on the Referred-By header which is ignored if the ms-identity signature is not present. The From and To are the external numbers: the caller and the target and there is no way to assign a voice policy to these entities.

    Thank you,

    Bogdan


    Vasilescu Bogdan

    Wednesday, November 13, 2019 6:22 PM
  • Hi Bogdan,

    Sorry for delay response.

    Do you have any update?

    I do a research about the parameter ms-identity. However, there is no related official document.


    Best Regards,
    Sharon Zhao


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Tuesday, November 19, 2019 8:33 AM
    Moderator
  • Hi Sharon,

    Thank you for taking the time to check on this ticket.

    Unfortunately I did not make any progress. As you discovered there is no official documentation for that parameter and that is my issue. Without providing this parameter, the trusted applications cannot do the kind of transfer I was describing in the beginning. We really need some help from Microsoft on this one.

    Thank you,

    Bogdan


    Vasilescu Bogdan

    Tuesday, November 19, 2019 5:30 PM
  • Hi Bogdan,

    There is a document for your reference:

    https://developer.microsoft.com/en-us/identity/blogs/microsoft-identity-platform-at-ignite-2019/


    Best Regards,
    Sharon Zhao


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Friday, November 22, 2019 10:21 AM
    Moderator
  • Thank you once again Sharon for your help.

    Unfortunately that document is related to the Azure service providing support for MS Identity platform.

    I am looking for documentation on "ms-identity" parameter in SIP messages exchanged with Skype for Business SIP servers.

    Thank you,

    Bogdan


    Vasilescu Bogdan

    Monday, November 25, 2019 7:39 PM
  • Hi Bogdan,

    Please search “Session Initiation Protocol (SIP) Routing Extensions”, then download the PDF file as the following image:

    Hope it will be helpful.

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.


    Best Regards,
    Sharon Zhao


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Friday, November 29, 2019 9:46 AM
    Moderator
  • Hi Sharon,

    That was my initial source of information but unfortunately it does not have details about this parameter.

    Actually: [MS-SIPAE] contains details about the Referred-By header but again it is no providing information on how to generate the ms-identity parameter:

    "

    ms-identity-param: A token that cryptographically verifies the identity of the referrer within the context of the referred call.

    ms-identity-alg-param: A token that specifies the cryptographic algorithm used for the msidentity-param computation.

    "

    And that it is all there is about this parameter and the algorithm to generate it.

    Thank you,

    Bogdan


    Vasilescu Bogdan

    Monday, December 2, 2019 6:00 PM
  • Hi Bogdan,

    I’m so sorry that we didn’t provide you with the actual help for now. 

    If there is any useful document, I will share with you immediately.

    Thanks for your understanding.


    Best Regards,
    Sharon Zhao


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Friday, December 6, 2019 10:32 AM
    Moderator