locked
[LYNC 2013 EDGE] Cannot connect from external after some days RRS feed

  • Question

  • Hello,

    I have finish a fresh install of Lync Server 2013 latest update :

    - FE Server

    - Edge Server (NAT with option 1 Public IP and not in domain)

    - Serveur Office Web Apps

    - Reverse Proxy

    - For external connection I have public certificate recognise and valid.

    All it's working fine. With RCA I check and I have no error.


    With my EDGE Server I have one strange problem.

    After some days (sometimes 1 day and just now 4 days) my edge server bug and the client in external (Lync Basic 2013) cannot connect.
    When I do a test in RCA I have this error :
    Testing remote connectivity for user email@domaine.com to the Microsoft Lync server.
    Specified remote connectivity test(s) to Microsoft Lync server failed. See details below for specific failure reasons.
      Tell me more about this issue and how to resolve it
         Additional Details
         Couldn't sign in. Error: Error Message: The endpoint was unable to register. See the ErrorCode for specific reason..
    Error Type: RegisterException.
    Deregister Reason: None.
    Response Code: 504.
    Response Text: Server time-out.

    I test to :

    - Reboot only the firewall -> nothing

    - Check event log in edge server (no error, no warning)

    - Reboot FE Server -> nothing

    - Reboot Edge Server -> OK

    - Restart only service "RtcSrv" -> OK

    Do you have always see that ?

    Thank's for your idea !

    Stéphane.

    Tuesday, March 18, 2014 12:45 PM

All replies

  • I'd check the connectivity between your Edge and Front End Server, make sure that there are no issues there (such as connectivity or DNS name resolution) and that TCP 5061 can go from your edge to FE without any issues.

    If this helped you please click "Vote As Helpful" if it answered your question please click "Mark As Answer" | Blog www.lynced.com.au | Twitter @imlynced

    Tuesday, March 18, 2014 2:21 PM
  • For help to resolv this problem I disable firewall in two server (FE and Edge).
    The network and hardware firewall (manage DMZ and WAN/LAN) are ok.

    Without anything change I test now and it's working.

    I install "Lync 2013 Best Practices Analyser Tool" on FE Server.
    I only a warning on CPU and RAM otherwise all it's ok.

    Maybe some logs to check on edge server are better than event viewer ?

    Thank you.

    Tuesday, March 18, 2014 2:57 PM
  • Best bet is to use network monitor or wireshark to see if you can determine where the traffic flow stops.

    If you disabled your firewall and it now works, which is odd if it worked earlier, then check the following ports are allowed between your Edge and the FE

    Edge to FE and vice-versa (both ways)
    TCP 5061 (SIP)

    FE to Edge:
    TCP 50001, 50002 & 50003 (CLS)
    TCP 23456 (XMPP)
    TCP 8057 (PSOM/MTLS)
    TCP 5062 (SIP/MTLS)
    UDP 3478 (STUN)
    TCP 443 (STUN)
    TCP 4443 (HTTPS for CMS)

     


    If this helped you please click "Vote As Helpful" if it answered your question please click "Mark As Answer" | Blog www.lynced.com.au | Twitter @imlynced

    Tuesday, March 18, 2014 3:41 PM
  • Sorry I misspoke.
    Firewalls have been always disabled on the windows servers.

    I confirm I do nothing for retablish the services. I've wait answer in this forum for troubleshooting.

    I wait the next error and I'll try with wireshark.

    Thank's.

    Tuesday, March 18, 2014 3:45 PM
  • Firstly, make sure internal users can sign in.

    Then check the all Lync Services on Lync Edge Server are all started.

    Then refer to the following blog to check the DNS, port and certificates are configured correctly:

    http://blogs.technet.com/b/nexthop/archive/2011/12/07/useful-tips-for-testing-your-lync-edge-server.aspx


    Lisa Zheng
    TechNet Community Support

    Wednesday, March 19, 2014 8:13 AM
  • When the problem attempt, all users internal can use the services. Also from external the services who use the reverse proxy working (conference web, lync mobile application).

    I have the problem this morning. I just capture packets with wireshark on EDGE server and I must analyse them today.
    The only fix I found it's to restart the RtcSrv service on edge (Access Edge Service).

    I'll let you know when I analyse wireshark capture.

    Thank's.

    Wednesday, March 19, 2014 10:39 AM
  • Before check the capture I verify than server edge good listening ports :

    I precise than 10.10.110.10 are DMZ IP of Edge Server :
    TCP    10.10.110.10:5061      0.0.0.0:0              LISTENING
    TCP    10.10.110.10:444       0.0.0.0:0              LISTENING
    TCP    10.10.110.10:443       0.0.0.0:0              LISTENING
    TCP    10.10.110.10:5269      0.0.0.0:0              LISTENING

    After I check the capture. I see than in both first packet microsoft RCA try to register with a fake user and the both latest packet try to register with my user.
    There are a SIP/2.0 504 Server time-out

    Below the details of the only four packet I have :

    NEGOTIATE sip:127.0.0.1:5061 SIP/2.0
    FROM: <sip:CO1MSSRCALWB01.phx.gbl>
    TO: <sip:sip.domaine.com>
    CSEQ: 1 NEGOTIATE
    CALL-ID: c2066dc1bbaf4709a188e78accc16383
    MAX-FORWARDS: 0
    VIA: SIP/2.0/TLS 157.56.138.141:56432
    CONTENT-LENGTH: 0
    SUPPORTED: NewNegotiate
    SUPPORTED: ECC
    REQUIRE: ms-feature-info
    
    SIP/2.0 200 OK
    ms-user-logon-data: RemoteUser
    FROM: <sip:CO1MSSRCALWB01.phx.gbl>
    To: <sip:sip.domaine.com>;tag=C7B243B965F0FE31280D0B5FCD07C2D5
    CALL-ID: c2066dc1bbaf4709a188e78accc16383
    CSEQ: 1 NEGOTIATE
    Via: SIP/2.0/TLS 157.56.138.141:56432;ms-received-port=56432;ms-received-cid=1A400
    Require: ms-feature-info
    Supported: NewNegotiate,OCSNative,ECC,IPv6,TlsRecordSplit
    Server: RTC/5.0
    Content-Length: 0
    
    REGISTER sip:domaine.com SIP/2.0
    FROM: <sip:user1@domaine.com>;epid=FB040D6FD0;tag=895c222a9
    TO: <sip:user1@domaine.com>
    CSEQ: 1 REGISTER
    CALL-ID: c745e74ed2ec4903bb02710844f8802d
    MAX-FORWARDS: 70
    VIA: SIP/2.0/TLS 157.56.138.141:56432;branch=z9hG4bKdbda696
    CONTACT: <sip:CO1MSSRCALWB01.phx.gbl;maddr=157.56.138.141;ms-opaque=eac0c517917a6b92>;proxy=replace;methods="Service,Notify,Benotify,Message,Info,Options,Invite";+sip.instance="<urn:uuid:95f069d2-81cc-5bef-87aa-1660fea8c0a1>"
    CONTENT-LENGTH: 0
    EVENT: Registration
    SUPPORTED: gruu-10
    SUPPORTED: msrtc-event-categories
    SUPPORTED: ms-forking
    USER-AGENT: RTCC/5.0.0.0
    ms-keep-alive: UAC;hop-hop=yes
    
    SIP/2.0 504 Server time-out
    ms-user-logon-data: RemoteUser
    FROM: <sip:user1@domaine.com>;epid=FB040D6FD0;tag=895c222a9
    To: <sip:user1@domaine.com>;tag=C7B243B965F0FE31280D0B5FCD07C2D5
    CALL-ID: c745e74ed2ec4903bb02710844f8802d
    CSEQ: 1 REGISTER
    Via: SIP/2.0/TLS 157.56.138.141:56432;branch=z9hG4bKdbda696;ms-received-port=56432;ms-received-cid=1A400
    Server: RTC/5.0
    Content-Length: 0

    Thank's all.

    Wednesday, March 19, 2014 12:03 PM
  • Hello,

    I do new tests with "Lync Server 2013 Loggint Tool". I monitor "SIPStack" and open log with Snooper.

    I have a more detail error "Cannot establish a connection between two network interfaces of the same Access Edge Server. Possible configuration problem?" and "Exit - found existing connection at the other edge. Check configuration? Returned 0xC3E93D64(SIPPROXY_E_CONNECTION_EXISTS_WRONG_EDGE)"

    For better understand My Edge Server have two Network Card
    - One with DMZ network and a gateway to firewall.
    - One with LAN network and no gateway (It is perhaps this point is bad).

    The all details :

    TL_INFO(TF_DIAG) [0]0724.0348::03/21/2014-09:00:54.747.0000000b (SIPStack,SIPAdminLog::WriteDiagnosticEvent:SIPAdminLog.cpp(802))[500256467] $$begin_record
    Severity: information
    Text: The message has an internally supported domain
    SIP-Start-Line: REGISTER sip:domaine.com SIP/2.0
    SIP-Call-ID: e3ed6eb3316049d8a84b3ad2bd036658
    SIP-CSeq: 1 REGISTER
    Peer: 157.56.138.141:55021
    Data: domain="domaine.com"
    $$end_record
    
    TL_ERROR(TF_DIAG) [0]0724.0348::03/21/2014-09:00:54.747.0000000c (SIPStack,SIPAdminLog::WriteDiagnosticEvent:SIPAdminLog.cpp(808))[500256467] $$begin_record
    Severity: error
    Text: Cannot establish a connection between two network interfaces of the same Access Edge Server. Possible configuration problem?
    Result-Code: 0xc3e93d64 SIPPROXY_E_CONNECTION_EXISTS_WRONG_EDGE
    SIP-Start-Line: REGISTER sip:domaine.com SIP/2.0
    SIP-Call-ID: e3ed6eb3316049d8a84b3ad2bd036658
    SIP-CSeq: 1 REGISTER
    $$end_record
    
    TL_ERROR(TF_COMPONENT) [0]0724.0348::03/21/2014-09:00:54.747.0000000d (SIPStack,SIPRouterOutbound::RS_SipAny_AnySvr_FindOrCreateConnection:SIPRouterOutShared.cpp(548))( 500256467 )( 000000C9D76855E8 ) Exit - found existing connection at the other edge. Check configuration? Returned 0xC3E93D64(SIPPROXY_E_CONNECTION_EXISTS_WRONG_EDGE)
    TL_WARN(TF_COMPONENT) [0]0724.0348::03/21/2014-09:00:54.747.0000000e (SIPStack,MsDiagHeaderFactory::CreateMsWarningInfo:MsDiagHeaderFactory.cpp(48))( 000000C9D76A0C08 ) Default ms-diagnostic code (2) inserted
    TL_INFO(TF_DIAG) [0]0724.0348::03/21/2014-09:00:54.747.0000000f (SIPStack,SIPAdminLog::WriteDiagnosticEvent:SIPAdminLog.cpp(802))[500256467] $$begin_record
    Severity: information
    Text: Routed a locally generated response
    SIP-Start-Line: SIP/2.0 504 Server time-out
    SIP-Call-ID: e3ed6eb3316049d8a84b3ad2bd036658
    SIP-CSeq: 1 REGISTER
    Peer: 157.56.138.141:55021
    $$end_record
    
    TL_INFO(TF_PROTOCOL) [0]0724.0348::03/21/2014-09:00:54.747.00000010 (SIPStack,SIPAdminLog::ProtocolRecord::Flush:ProtocolRecord.cpp(265))[500256467] $$begin_record
    Trace-Correlation-Id: 500256467
    Instance-Id: 70D
    Direction: outgoing;source="local";destination="external edge"
    Peer: 157.56.138.141:55021
    Message-Type: response
    Start-Line: SIP/2.0 504 Server time-out
    FROM: <sip:user1@domaine.com>;epid=94A3731421;tag=ad4121eaf3
    To: <sip:user1@domaine.com>;tag=3F05613D472B58EC455A4AB8F03177E2
    CALL-ID: e3ed6eb3316049d8a84b3ad2bd036658
    CSEQ: 1 REGISTER
    Via: SIP/2.0/TLS 157.56.138.141:55021;branch=z9hG4bKac6b6eff;ms-received-port=55021;ms-received-cid=DA00
    Content-Length: 0
    $$end_record

    Thank's for your help.

    Friday, March 21, 2014 9:13 AM
  • Your network card configuration sounds ok. I assume your "LAN" interface is on the same subnet as the rest of your LAN (including your Front End) if that's the case it shouldn't need a default gateway for sign-in to work, it will however need some routes created to other internal networks that are required for connectivity (such as Lync Phones on a different VLAN) however this shouldn't prevent sign-in just media issues later.

    Are you using a virtual machine? If you are, could there be something wrong with your host configuration (i.e physical NIC on the wrong VLAN within a vSwitch)


    If this helped you please click "Vote As Helpful" if it answered your question please click "Mark As Answer" | Blog www.lynced.com.au | Twitter @imlynced




    Friday, March 21, 2014 12:35 PM
  • Hello Georg,

    For reply to your question indeed the LAN network are in the same (and only LAN I have) than Front End (is for that I have not configure a gateway).

    I try to give you more information :
    - I use VMware for virtualize 5.5 Update 0 latest patch and vmtools up to date.
    - I use two vswitch (LAN and DMZ).
    - The both virtual server (Front End and Edge) are in same host ESXi.

    What is very strange, when it's working all function. Lync Client from external network, meeting, etc...
    At one moment (I have not yet found why) edge not working and Lync Client from external are lost.
    If I restart Front End Server -> Nothing
    If I restart the Edge Service RtcSrv or Edge Server completly -> Working

    I test with installing on Front End server Best Practices Analyser tool Lync 2013 and I have no reporting error.

    Thank's.

    Stéphane.

    Friday, March 21, 2014 1:59 PM
  • Hi!

    We have exactly the same issue. Did you resolve it in meantime?

    Thanks
    Tobi

    Sunday, June 29, 2014 9:38 PM
  • Did you confirm your static route is correct on the LAN Interface? 
    Monday, June 30, 2014 7:53 PM
  • Hi,

    I have the following adapters and routes:

    Interface List
     17...00 15 5d 00 90 1d ......Intel 21140-Based PCI Fast Ethernet Adapter (Emulated) #2
     16...00 15 5d 00 90 1e ......Intel 21140-Based PCI Fast Ethernet Adapter (Emulated)
      1...........................Software Loopback Interface 1
     13...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
     14...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
     15...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter

    IPv4 Route Table
    ===========================================================================
    Active Routes:
    Network Destination        Netmask          Gateway       Interface  Metric
              0.0.0.0          0.0.0.0      XX.XX.146.1      XX.XX.146.6    276
             10.0.0.0      255.255.0.0        10.20.0.1       10.20.5.30     21
             10.2.0.0      255.255.0.0        10.20.0.1       10.20.5.30     21
             10.3.0.0      255.255.0.0        10.20.0.1       10.20.5.30     21
             10.4.0.0      255.255.0.0        10.20.0.1       10.20.5.30     21
            10.20.0.0      255.255.0.0         On-link        10.20.5.30    276
           10.20.5.30  255.255.255.255         On-link        10.20.5.30    276
        10.20.255.255  255.255.255.255         On-link        10.20.5.30    276
            10.30.0.0      255.255.0.0        10.20.0.1       10.20.5.30     21
          XX.XX.146.0    255.255.254.0         On-link       XX.XX.146.6    276
          XX.XX.146.6  255.255.255.255         On-link       XX.XX.146.6    276
          XX.XX.146.7  255.255.255.255         On-link       XX.XX.146.6    276
          XX.XX.146.9  255.255.255.255         On-link       XX.XX.146.6    276
        XX.XX.147.255  255.255.255.255         On-link       XX.XX.146.6    276
            127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
            127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
      127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
            224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
            224.0.0.0        240.0.0.0         On-link        10.20.5.30    276
            224.0.0.0        240.0.0.0         On-link       XX.XX146.6    276
      255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      255.255.255.255  255.255.255.255         On-link        10.20.5.30    276
      255.255.255.255  255.255.255.255         On-link       XX.XX146.6    276
    ===========================================================================
    Persistent Routes:
      Network Address          Netmask  Gateway Address  Metric
            10.30.0.0      255.255.0.0        10.20.0.1       1
             10.3.0.0      255.255.0.0        10.20.0.1       1
             10.0.0.0      255.255.0.0        10.20.0.1       1
             10.4.0.0      255.255.0.0        10.20.0.1       1
             10.2.0.0      255.255.0.0        10.20.0.1       1
              0.0.0.0          0.0.0.0      XX.XX.146.1  Default
    ===========================================================================

    IPv6 Route Table
    ===========================================================================
    Active Routes:
     If Metric Network Destination      Gateway
      1    306 ::1/128                  On-link
     15   1025 2002::/16                On-link
     15    281 2002:511e:9206::511e:9206/128
                                        On-link
     15    281 2002:511e:9207::511e:9207/128
                                        On-link
     15    281 2002:511e:9209::511e:9209/128
                                        On-link
      1    306 ff00::/8                 On-link
    ===========================================================================
    Persistent Routes:
      None

    I temporary deleted all the persistent routes for testing purposes. The default route is correct and points to the external edge interfaces gateway address.

    There is an interesting thing: ping to the local server name (lync-edge) results in pinging the external interface. Name resolution is correct and nslookup lync-edge points to the internal interface. Can that be an issue?

    Thanks
    Tobi

    Sunday, July 6, 2014 5:15 PM
  • Hello Tobi,

    I have always the same issue with my edge server.

    No fix for the moment.

    Have you news from your side ?

    Thanks

    Stephane.

    Tuesday, July 22, 2014 10:18 AM
  • We also experienced this same problem having previously experienced no issues with Lync at all.    Microsoft have been working on it for two days and seem none the wiser.  Took a few days to come across this thread. 

    So far we input our internal Lync servers into the local hosts file and restarted the edge service and for the first time in days it is working.   Fingers crossed.

    Friday, October 31, 2014 1:35 PM
  • Hello jodkel,

    Are your problem now solved with Lync ?

    Thank you.

    Thursday, March 19, 2015 6:40 PM
  • I know this post is rather old.  Just chiming in that we experience the very same thing.  Remote clients using the Skype for Business Client attempt calls, but media never flows and call setup dies (inbound and outbound).  Restart of the Edge or the RTCSRV service fixes it.
    Tuesday, September 6, 2016 12:28 PM
  • I'm facing the same issue. but I have resolved it by re-reading docs.microsoft.com/en-us/lyncserver/lync-server-2013-set-up-network-interfaces-for-edge-servers. In My case I had to remove default gateway to internal Interface. By default I always added a DW to all server interfaces... due that... Linc Edge get confused and stop traficating data to my font end server...  also I've verified that there is not route in internal network with route print command. In my case also I deleted route for internal network and GW.

    Friday, February 28, 2020 4:59 PM