|
ICE Protocol Warning Flags
|
Description
|
Actions for the Administrator
|
|
0x0
|
There were no failures or the ICE protocol was not used.
|
None.
|
|
0x1
|
TURN server is unreachable.
|
This flag is not expected. Administrator need to ensure that the right ports (443/3478—by default) are open on the firewall or the TURN server is running. This may result in an ICE protocol failure.
|
|
0x2
|
An attempt to allocate a UDP port on the TURN server failed.
|
This flag may be expected if the client is behind a UDP blocking firewall. This may result in an ICE protocol failure.
|
|
0x4
|
An attempt to send UDP on the TURN server failed.
|
This flag may be expected if the client is behind a UDP blocking firewall. This may result in an ICE protocol failure.
|
|
0x8
|
An attempt to allocate a TCP port on the TURN server failed.
|
This flag isn’t expected. The administrator needs to check the firewall policy, and ensure that Audio/Video Edge service is reachable. If the client is behind an HTTP proxy, the administrator needs to ensure that the proxy isn’t failing the TLS attempt. This failure may result in an ICE protocol failure.
|
|
0x10
|
An attempt to send TCP on the TURN server failed.
|
This flag isn’t expected. The administrator needs to check the firewall policy, and ensure that Audio/Video Edge service is reachable. If the remote client is behind an HTTP proxy, the admin needs to ensure that the proxy isn’t failing the TLS attempt. This failure may result in an ICE protocol failure.
|
|
0x20
|
Local connectivity failed. (local UDP for audio/video and local TCP for application sharing and file transfer).
|
This flag can occur if the direct connection between clients isn’t possible due to NAT/firewalls. This may result in an ICE protocol failure.
|
|
0x40
|
UDP NAT connectivity failed.
|
This flag can occur if the direct connection between clients isn’t possible due to NAT/firewalls. This may result in an ICE protocol failure.
|
|
0x80
|
UDP TURN server connectivity failed.
|
This flag can occur if one of the clients is behind a UDP blocking firewall/HTTP proxy. This may result in an ICE protocol failure.
|
|
0x100
|
TCP NAT connectivity failed.
|
This flag is expected. If local-to-local connectivity succeeded, the TCP NAT connectivity check may not have been tried. Or there is no direct TCP connection possible. TCP NAT connectivity failing may result in an ICE protocol failure.
|
|
0x200
|
TCP TURN server connectivity failed.
|
This flag is expected. If local-to-local connectivity succeeded, the TCP TURN connectivity check may not have been tried. Or one side didn’t have TURN server allocation. If connectivity checks were successful for the rest of the call, ignore this ICE protocol warning. Otherwise, investigate why the TCP path was not possible. TCP TURN server connectivity failing may result in an ICE protocol failure.
|
|
0x400
|
Message integrity failed in connectivity check request.
|
This flag isn’t expected. If the admin sees this flag, it indicates some security attack. This may result in an ICE protocol failure.
|
|
0x1000
|
A policy server was configured.
|
This flag is expected if there is a bandwidth policy configured on the call link. If there is a call failure with this flag, increase the allocated bandwidth on the failed link. This flag isn’t indicating any ICE protocol failure, simply that there was a bandwidth policy applied to this call.
|
|
0x2000
|
Connectivity check requested failed because of a memory problem or other reasons that prevented sending packets.
|
This flag is unexpected and may indicate that a computer is over capacity This may result in an ICE protocol failure.
|
|
0x4000
|
TURN server credentials have expired or are unknown.
|
This flag is unexpected and may indicate that Audio/Video Edge service authorization service is down. This may result in an ICE protocol failure.
|
|
0x8000
|
Bandwidth policy restriction has removed some candidates.
|
If there is an ICE protocol failure with this flag set, this indicates that the policy server topology is misconfigured. In this configuration the policy was configured to route over another connection, but the other connection failed. (Possibility of internal NATs in the org). This flag may result in an ICE protocol failure.
|
|
0x10000
|
Bandwidth policy restriction decreases the bandwidth.
|
This flag indicates that the bandwidth being used on this call isn’t optimal quality (may be using a narrow-band codec or may not be capable of HD video). This flag does not indicate any ICE protocol failure.
|
|
0x20000
|
Bandwidth policy keep–alive failed.
|
This is unexpected. The call continues but the bandwidth used by this call may not be reported properly to the Bandwidth Policy Core Service. This can occur because the policy server or the TURN server have failed. This flag does not indicate any ICE protocol failure.
|
|
0x40000
|
Bandwidth policy allocation failure.
|
This flag is indicating that the policy server rejected the client to use a media path through two Audio/Video Edge services (relay to relay). This may result in an ICE protocol failure.
|
|
0x80000
|
No TURN server configured.
|
This flag is indicating that there was no TURN server configured or there is a Domain Name System (DNS) resolution failure, resulting in a communication issue between the client and the TURN server. This may result in a protocol ICE failure.
|
|
0x100000
|
Multiple TURN servers configured.
|
This flag is expected. This is indicating that there were multiple TURN servers configured (due to DNS load balancing). This flag does not indicate any ICE protocol failure.
|
|
0x200000
|
Port range exhausted.
|
This is indicating that the administrator manually configured ports on the client or the media server. A/V needs a minimum of 20 ports per call to start the call. Application sharing/file transfer needs a minimum of 3 ports. The port range being exhausted may result in an ICE protocol failure.
|
|
0x400000
|
Received alternate server
.
|
This is indicating that the TURN server is overloaded or preventing new connections. This may result in an ICE protocol failure if the alternate server isn’t running
|
|
0x800000
|
Pseudo-TLS failure.
|
This is indicating that the HTTP proxy is performing deep Secure Sockets Layer (SSL) inspection and failing the connection with the TURN server. This is not supported by Microsoft and may result in an ICE protocol failure.
|
|
0x1000000
|
HTTP proxy configured.
|
This is indicating that the HTTP proxy is configured This flag does not indicate any ICE protocol failure.
|
|
0x2000000
|
HTTP proxy authentication failed.
|
This is indicating that the HTTP proxy failed the authentication. This isn’t expected and indicates that the HTTP proxy didn’t recognize the user’s credentials or authentication mode. This may result in an ICE protocol failure.
|
|
0x4000000
|
TCP-TCP connectivity checks failed over the TURN Server.
|
This is indicating that TURN TCP-TCP connectivity check was tried and it failed. The failure indicates that port 443 was not opened on the firewall. If one of the TURN servers was 2007 A/V Edge Server. The administrator needs to open ports from 50,000 through 59,999 TCP to all external Audio/Video Edge services in the environment. This flag isn’t expected and may result in an ICE protocol failure.
|
|
0x80000000
|
Use candidate checks failed.
|
This is indicating that after receiving some packets the client didn’t receive the rest of the packets. This may happen on a client because of a third Winsock layered service providers (LSPs). These LSPs should be removed. This flag isn’t expected and may result in an ICE protocol failure.
|
Smarter Together 
Pingback: ICE Negotiation (Part 2) – Candidate Process | UC Sorted
Pingback: ICE Negotiation (Part 1) – MRAS Process | UC Sorted