ICE Protocol Warnings


ICE Protocol Warning Flags
Description
Actions for the Administrator
0x0
There were no failures or the ICE protocol was not used.
None.
0x1
TURN server is unreachable.

This flag is not expected. Administrator need to ensure that the right ports (443/3478—by default) are open on the firewall or the TURN server is running. This may result in an ICE protocol failure.
0x2
An attempt to allocate a UDP port on the TURN server failed.
This flag may be expected if the client is behind a UDP blocking firewall. This may result in an ICE protocol failure.
0x4
An attempt to send UDP on the TURN server failed.

This flag may be expected if the client is behind a UDP blocking firewall. This may result in an ICE protocol failure.
0x8
An attempt to allocate a TCP port on the TURN server failed.

This flag isn’t expected. The administrator needs to check the firewall policy, and ensure that Audio/Video Edge service is reachable. If the client is behind an HTTP proxy, the administrator needs to ensure that the proxy isn’t failing the TLS attempt. This failure may result in an ICE protocol failure.
0x10
An attempt to send TCP on the TURN server failed.

This flag isn’t expected. The administrator needs to check the firewall policy, and ensure that Audio/Video Edge service is reachable. If the remote client is behind an HTTP proxy, the admin needs to ensure that the proxy isn’t failing the TLS attempt. This failure may result in an ICE protocol failure.
0x20
Local connectivity failed. (local UDP for audio/video and local TCP for application sharing and file transfer).

This flag can occur if the direct connection between clients isn’t possible due to NAT/firewalls. This may result in an ICE protocol failure.
0x40
UDP NAT connectivity failed.

This flag can occur if the direct connection between clients isn’t possible due to NAT/firewalls. This may result in an ICE protocol failure.
0x80
UDP TURN server connectivity failed.

This flag can occur if one of the clients is behind a UDP blocking firewall/HTTP proxy. This may result in an ICE protocol failure.
0x100
TCP NAT connectivity failed.


This flag is expected. If local-to-local connectivity succeeded, the TCP NAT connectivity check may not have been tried. Or there is no direct TCP connection possible. TCP NAT connectivity failing may result in an ICE protocol failure.
0x200
TCP TURN server connectivity failed.


This flag is expected. If local-to-local connectivity succeeded, the TCP TURN connectivity check may not have been tried. Or one side didn’t have TURN server allocation. If connectivity checks were successful for the rest of the call, ignore this ICE protocol warning. Otherwise, investigate why the TCP path was not possible. TCP TURN server connectivity failing may result in an ICE protocol failure.
0x400
Message integrity failed in connectivity check request.


This flag isn’t expected. If the admin sees this flag, it indicates some security attack. This may result in an ICE protocol failure.
0x1000
A policy server was configured.

This flag is expected if there is a bandwidth policy configured on the call link. If there is a call failure with this flag, increase the allocated bandwidth on the failed link. This flag isn’t indicating any ICE protocol failure, simply that there was a bandwidth policy applied to this call.
0x2000
Connectivity check requested failed because of a memory problem or other reasons that prevented sending packets.


This flag is unexpected and may indicate that a computer is over capacity This may result in an ICE protocol failure.
0x4000
TURN server credentials have expired or are unknown.


This flag is unexpected and may indicate that Audio/Video Edge service authorization service is down. This may result in an ICE protocol failure.
0x8000
Bandwidth policy restriction has removed some candidates.


If there is an ICE protocol failure with this flag set, this indicates that the policy server topology is misconfigured. In this configuration the policy was configured to route over another connection, but the other connection failed. (Possibility of internal NATs in the org). This flag may result in an ICE protocol failure.
0x10000
Bandwidth policy restriction decreases the bandwidth.


This flag indicates that the bandwidth being used on this call isn’t optimal quality (may be using a narrow-band codec or may not be capable of HD video). This flag does not indicate any ICE protocol failure.
0x20000
Bandwidth policy keepalive failed.

This is unexpected. The call continues but the bandwidth used by this call may not be reported properly to the Bandwidth Policy Core Service. This can occur because the policy server or the TURN server have failed. This flag does not indicate any ICE protocol failure.
0x40000
Bandwidth policy allocation failure.

This flag is indicating that the policy server rejected the client to use a media path through two Audio/Video Edge services (relay to relay). This may result in an ICE protocol failure.
0x80000
No TURN server configured.

This flag is indicating that there was no TURN server configured or there is a Domain Name System (DNS) resolution failure, resulting in a communication issue between the client and the TURN server. This may result in a protocol ICE failure.
0x100000
Multiple TURN servers configured.

This flag is expected. This is indicating that there were multiple TURN servers configured (due to DNS load balancing). This flag does not indicate any ICE protocol failure.
0x200000
Port range exhausted.

This is indicating that the administrator manually configured ports on the client or the media server. A/V needs a minimum of 20 ports per call to start the call. Application sharing/file transfer needs a minimum of 3 ports. The port range being exhausted may result in an ICE protocol failure.
0x400000
Received alternate server
.
This is indicating that the TURN server is overloaded or preventing new connections. This may result in  an ICE protocol failure if the alternate server isn’t running
0x800000
Pseudo-TLS failure.

This is indicating that the HTTP proxy is performing deep Secure Sockets Layer (SSL) inspection and failing the connection with the TURN server. This is not supported by Microsoft and may result in an ICE protocol failure.
0x1000000
HTTP proxy configured.

This is indicating that the HTTP proxy is configured This flag does not indicate any ICE protocol failure.
0x2000000
HTTP proxy authentication failed.
This is indicating that the HTTP proxy failed the authentication. This isn’t expected and indicates that the HTTP proxy didn’t recognize the user’s credentials or authentication mode. This may result in an ICE protocol failure.
0x4000000
TCP-TCP connectivity checks failed over the TURN Server.

This is indicating that TURN TCP-TCP connectivity check was tried and it failed. The failure indicates that port 443 was not opened on the firewall. If one of the TURN servers was 2007 A/V Edge Server. The administrator needs to open ports from 50,000 through 59,999 TCP to all external Audio/Video Edge services in the environment. This flag isn’t expected and may result in an ICE protocol failure.
0x80000000
Use candidate checks failed.

This is indicating that after receiving some packets the client didn’t receive the rest of the packets. This may happen on a client because of a third Winsock layered service providers (LSPs). These LSPs should be removed. This flag isn’t expected and may result in an ICE protocol failure.
Advertisements

About Paul B

My name is Paul Bloem and I am employed at Lexel Systems in New Zealand as a Principal Consultant for Unified Communications. I have been working on enterprise voice solutions for over 20 years. My first 10 years were spent working for a Telco in South Africa (Telcom SA). This is where all the groundwork happened as I was exposed to just about every aspect of telecommunication you could imagine. I develop an interest in PBX technologies and eventually became the go-to guy. Next, I had a 10 year run at Siemens South Africa, most of my time there was as a Technical Trainer. During this time VoIP hit the world stage, I had the privilege of introducing VoIP both as H.323 and later SIP across the Siemens HiPath 4000 solution stack. In 2008 I immigrated to New Zealand with my newly attained MCSE, I was ready to go where no PBX Techie had gone before. I was employed to explore OCS 2007 and that was pretty much the beginning of the end for me. I have been working on OCS and Lync ever since. My current role focuses exclusively on Lync and associated technologies.. That includes pre-sales, consulting, architecture and design, training and support. I even get to play in the development space from time to time - focus on play ;-) I was nominated as a Microsoft VTSP for Lync early in 2013 and also awarded Microsoft's MVP award for Lync in 2014.
This entry was posted in ICE Protocol warnings. Bookmark the permalink.

2 Responses to ICE Protocol Warnings

  1. Pingback: ICE Negotiation (Part 2) – Candidate Process | UC Sorted

  2. Pingback: ICE Negotiation (Part 1) – MRAS Process | UC Sorted

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s