Category Archives: Lync Edge

No Presence for Fedrated partners – Event ID 11

08 Wednesday Jun 2016

Posted by in Error Codes, Event ID, Federation Issue, Lync DNS Records overview, Lync Edge, O365, Office 365, SRV, SRV Record, Uncategorized, Unified Messaging, voicemail

2 Comments

Tags

, ,

Problem

Came across a deployment with the following 2 issues:-

  1. federated partners were showing up as presence unknown
  2. unable to call voicemail (hosted in O365)

When trying to send messages to these “unknown” federated partners I got “This message wasn’t sent due to company policy”.

So why did I try to message a contact with a presence status of “unknown? Simply because the federated contact could see my users presence and send me IM’s, I was even able to respond to these IM’s although the presence was still “unknown”.

Presence Unknown

Troubleshooting

A quick look at the client side logs revealed an error in the presence Subscribe message

CSeq: 1 SUBSCRIBE
Via: SIP/2.0/TLS 172.11.12.13:24164;ms-received-port=24164;ms-received-cid=FC9300
ms-diagnostics: 1008;reason=”Unable to resolve DNS SRV record“;domain=”ucsorted.com”;dns-srv-result=”NegativeResult”;dns-source=”InternalCache”;source=”access.ucsorted.com”
Server: RTC/6.0
Content-Length: 0

Taking a look at the users (client side) local event log I found the same error.

Event Log

Event ID 11
A SIP request made by Lync failed in an unexpected manner (status code 80ef01f8).

Response Data
504  Server time-out
ms-diagnostics:  1008;reason=”Unable to resolve DNS SRV record“;domain=”ucsorted.com”;dns-srv-result=”NegativeResult”;dns-source=”InternalCache”;source=”access.ucsorted.com”;OriginalPresenceState=”0″;CurrentPresenceState=”0″;MeInsideUser=”No”;ConversationInitiatedBy=”6″;SourceNetwork=”5″;RemotePartyCanDoIM=”Yes”

Clearly there is some issue with either the federation SRV record or resolving the federation SRV record.

Checking the SRV record from the Edge server I can see that this record is not found. Checking the DNS for the Edge server I noticed that the interfaces are pointing to the internal DNS servers.

Solution

We have 2 options here:-

  1. Configure the Edge Server to point to a public (external) DNS server where the SRV record for _sipfederationtls._tcp.domain.com is valid (frowned upon by some security folks)
  2. Add the SRV record for _sipfederationtls._tcp.domain.com to the internal DNS, making sure that the target FQDN is the Public Access FQDN of the Edge Server.

NOTE

Here is a little reason why you may want to avoid using the common sip.domain.com DNS name for your Edge Servers Access FQDN (only..). Internally the sip.domain.com record was generally configured to resolve to the front end pools, if we now need an internal SRV record for _sipfederationtls._tcp.domain.com then targeting this to sip.domain.com will simply get to the Front End Pool and not to the Federation point at the Access Edge FQDN.

 

 

Advertisement

Event ID 14499 – Federation Issue

19 Saturday Jan 2013

Posted by in Edge Server, event id, Event ID 14499, Federation Issue, Known Issues, Lync Edge

Leave a comment

Just recently I can across this issue TWICE!
Thats enough to warrant another glass of…never mind, a post on the blog will have to suffice 😉

Federation was failing and I got the following error message in the event log on the Edge Server I was building…


Running a S4 and SIPStack trace on the Edge also reported a 504 error between the two environments but most interestingly the highlighted error.


This alluded to the real issue, the new Edge server was unable to resolve the federation partners Edge Server discovered address.

Ahhh…gotta love DNS issues

Lync Edge Server Deployment Guide

23 Monday Jul 2012

Posted by in Install Guide, Lync Edge, Quick Reference Guide

Leave a comment

Lync 2010 Edge Server Installation Guide

Firstly we will look at the Lync 2010 Edge Deployment Recommendations:
  • Do not join Edge servers to the domain
  • Use MS Lync Planning tool to generate an XLS-based topology document.
  • Use Topology builder to generate a file that will be exported to the Edge Server.
  • Edge server role cannot be combined with any other roles.
  • MS does NOT support NAT for traffic to or from the Edge internal interface, but for the Edge external interface is allowed.

 Lync 2010 Edge Server Certificate Requirements:

  • Certificate for Edge server can be issued by public CA or internal CA.
  • Edge server internal interface certificate can be issued by internal CA.
  • Edge server external interface certificate must be issued by public CA (go Daddy,DigiCert).
  • Public Certificate is used for the Access Edge service, the Web Conferencing Edge service, and for AV authentication.

  Lync 2010 Edge Server Firewall and Port Requirements:

Federation with

Feature

TCP/443

UDP/3478

RTP/UDP 50.000-59,999K

RTP/TCP 50,000-59,999K
Windows Live Messenger 2011
Point to Point
Audio/Video (A/V)
Open inbound
Open inbound
Open outbound
Do not open in either direction
Open outbound
Lync Server 2010
Lync Server 2010
Open inbound
Open inbound
Open outbound
Do not open in either direction
Open outbound
Lync Server 2010
Application sharing/desktop sharing
Open inbound
Open inbound
Open outbound
Do not open in either direction
Open outbound
Lync Server 2010
File transfer
Open inbound
Open inbound
Open outbound
Do not open in either direction
Open outbound
Office Communications Server 2007 R2
A/V
Open inbound
Open inbound
Open outbound
Do not open in either direction
Open outbound
Office Communications Server 2007 R2
Desktop sharing
Open inbound
Open inbound
Open outbound
Do not open in either direction
Open outbound
Office Communications Server 2007 R2
File transfer
N/A
N/A
N/A
N/A
Office Communications Server 2007
A/V
Open inbound
Open inbound
Open inbound
Open outbound
Open inbound
Open outbound
Office Communications Server 2007
Desktop sharing
N/A
N/A
N/A
N/A
Office Communications Server 2007
File transfer
N/A
N/A
N/A
N/A
Lync 2010 Edge Server Installation Walk-Through:
  • Configure NICs on Edge Server
    1. There must be two NICs, Internal NIC which is used to communicate with front-end servers and External NIC which is in the DMZ
    2. Configure External NIC with a gateway address.
    3. Configure Internal NIC without a gateway address.
    4. Create static route to all internal networks. (Use route add command)
  • Install pre-requisites:
    • Run Windows Powershell as Administrator
      • Import-Module ServerManager
      • Add-WindowsFeature NET-Framework-Core,Telnet-Client

  • Copy Topology Export to Edge Server
    1. Export topology by running “Export-CsConfiguration –FileName c:\edge.zip”
    2. Copy it to Edge Server

  • Install Lync 2010 Edge Server
    Run the Lync Deployment Wizard and provide exported file in step #2 (you will be prompted for the pre-requisites)

  • Apply Certificates
    Use Deployment Wizard to Request and Install certificates

  • Start Lync Services from Deployment Wizard