ICE Protocol Warning Flags
Description
Actions for the Administrator
0x0
There were no failures or the ICE protocol was not used.
None.
0x1
TURN server is unreachable.

This flag is not expected. Administrator need to ensure that the right ports (443/3478—by default) are open on the firewall or the TURN server is running. This may result in an ICE protocol failure.
0x2
An attempt to allocate a UDP port on the TURN server failed.
This flag may be expected if the client is behind a UDP blocking firewall. This may result in an ICE protocol failure.
0x4
An attempt to send UDP on the TURN server failed.

This flag may be expected if the client is behind a UDP blocking firewall. This may result in an ICE protocol failure.
0x8
An attempt to allocate a TCP port on the TURN server failed.

This flag isn’t expected. The administrator needs to check the firewall policy, and ensure that Audio/Video Edge service is reachable. If the client is behind an HTTP proxy, the administrator needs to ensure that the proxy isn’t failing the TLS attempt. This failure may result in an ICE protocol failure.
0x10
An attempt to send TCP on the TURN server failed.

This flag isn’t expected. The administrator needs to check the firewall policy, and ensure that Audio/Video Edge service is reachable. If the remote client is behind an HTTP proxy, the admin needs to ensure that the proxy isn’t failing the TLS attempt. This failure may result in an ICE protocol failure.
0x20
Local connectivity failed. (local UDP for audio/video and local TCP for application sharing and file transfer).

This flag can occur if the direct connection between clients isn’t possible due to NAT/firewalls. This may result in an ICE protocol failure.
0x40
UDP NAT connectivity failed.

This flag can occur if the direct connection between clients isn’t possible due to NAT/firewalls. This may result in an ICE protocol failure.
0x80
UDP TURN server connectivity failed.

This flag can occur if one of the clients is behind a UDP blocking firewall/HTTP proxy. This may result in an ICE protocol failure.
0x100
TCP NAT connectivity failed.


This flag is expected. If local-to-local connectivity succeeded, the TCP NAT connectivity check may not have been tried. Or there is no direct TCP connection possible. TCP NAT connectivity failing may result in an ICE protocol failure.
0x200
TCP TURN server connectivity failed.


This flag is expected. If local-to-local connectivity succeeded, the TCP TURN connectivity check may not have been tried. Or one side didn’t have TURN server allocation. If connectivity checks were successful for the rest of the call, ignore this ICE protocol warning. Otherwise, investigate why the TCP path was not possible. TCP TURN server connectivity failing may result in an ICE protocol failure.
0x400
Message integrity failed in connectivity check request.


This flag isn’t expected. If the admin sees this flag, it indicates some security attack. This may result in an ICE protocol failure.
0x1000
A policy server was configured.

This flag is expected if there is a bandwidth policy configured on the call link. If there is a call failure with this flag, increase the allocated bandwidth on the failed link. This flag isn’t indicating any ICE protocol failure, simply that there was a bandwidth policy applied to this call.
0x2000
Connectivity check requested failed because of a memory problem or other reasons that prevented sending packets.


This flag is unexpected and may indicate that a computer is over capacity This may result in an ICE protocol failure.
0x4000
TURN server credentials have expired or are unknown.


This flag is unexpected and may indicate that Audio/Video Edge service authorization service is down. This may result in an ICE protocol failure.
0x8000
Bandwidth policy restriction has removed some candidates.


If there is an ICE protocol failure with this flag set, this indicates that the policy server topology is misconfigured. In this configuration the policy was configured to route over another connection, but the other connection failed. (Possibility of internal NATs in the org). This flag may result in an ICE protocol failure.
0x10000
Bandwidth policy restriction decreases the bandwidth.


This flag indicates that the bandwidth being used on this call isn’t optimal quality (may be using a narrow-band codec or may not be capable of HD video). This flag does not indicate any ICE protocol failure.
0x20000
Bandwidth policy keepalive failed.

This is unexpected. The call continues but the bandwidth used by this call may not be reported properly to the Bandwidth Policy Core Service. This can occur because the policy server or the TURN server have failed. This flag does not indicate any ICE protocol failure.
0x40000
Bandwidth policy allocation failure.

This flag is indicating that the policy server rejected the client to use a media path through two Audio/Video Edge services (relay to relay). This may result in an ICE protocol failure.
0x80000
No TURN server configured.

This flag is indicating that there was no TURN server configured or there is a Domain Name System (DNS) resolution failure, resulting in a communication issue between the client and the TURN server. This may result in a protocol ICE failure.
0x100000
Multiple TURN servers configured.

This flag is expected. This is indicating that there were multiple TURN servers configured (due to DNS load balancing). This flag does not indicate any ICE protocol failure.
0x200000
Port range exhausted.

This is indicating that the administrator manually configured ports on the client or the media server. A/V needs a minimum of 20 ports per call to start the call. Application sharing/file transfer needs a minimum of 3 ports. The port range being exhausted may result in an ICE protocol failure.
0x400000
Received alternate server
.
This is indicating that the TURN server is overloaded or preventing new connections. This may result in  an ICE protocol failure if the alternate server isn’t running
0x800000
Pseudo-TLS failure.

This is indicating that the HTTP proxy is performing deep Secure Sockets Layer (SSL) inspection and failing the connection with the TURN server. This is not supported by Microsoft and may result in an ICE protocol failure.
0x1000000
HTTP proxy configured.

This is indicating that the HTTP proxy is configured This flag does not indicate any ICE protocol failure.
0x2000000
HTTP proxy authentication failed.
This is indicating that the HTTP proxy failed the authentication. This isn’t expected and indicates that the HTTP proxy didn’t recognize the user’s credentials or authentication mode. This may result in an ICE protocol failure.
0x4000000
TCP-TCP connectivity checks failed over the TURN Server.

This is indicating that TURN TCP-TCP connectivity check was tried and it failed. The failure indicates that port 443 was not opened on the firewall. If one of the TURN servers was 2007 A/V Edge Server. The administrator needs to open ports from 50,000 through 59,999 TCP to all external Audio/Video Edge services in the environment. This flag isn’t expected and may result in an ICE protocol failure.
0x80000000
Use candidate checks failed.

This is indicating that after receiving some packets the client didn’t receive the rest of the packets. This may happen on a client because of a third Winsock layered service providers (LSPs). These LSPs should be removed. This flag isn’t expected and may result in an ICE protocol failure.
Advertisements