?
Solved

OCS R2 Audio video fails externally

Posted on 2011-09-22
5
Medium Priority
?
1,573 Views
Last Modified: 2013-11-29
I ahv an OCS R2 STD deployment that includes an Edge Server and an FTMG server.  The issue I am having is with external Audio and\or Video connections.  Internal connections work fine.  I ahve tested an Externally signed in user to an internal user and also a federated to internal user, both fail.
I have checked ports and all teh things I can think of.  the following are errors I am seeing:

On the FE server

OCS Protocol Stack 1001 14502
A significant number of connection failures have occurred with remote server <edgeservername>.<company>.net IP 172.xxx.xxx.xxx. There have been 207 failures in the last 180 minutes. There have been a total of 8186 failures.
The specific failure types and their counts are identified below.
Instance count - Failure Type
7895 80072746
120 80072745
115 8007274D
This can be due to credential issues, DNS, firewalls or proxies. The specific failure types above should identify the problem.

and when I run the A/V validation on the FE:

Connecting to A/V Authentication Edge Server to get credentials            A/V Authentication Edge Server: Could not contact A/V Authentication Edge Server.
To resolve this error, check for the following
1. The outbound proxy is reachable.
2. The outbound proxy and A/V Authentication Edge Server are in trusted server list of each other.
3. The outbound proxy and A/V Authentication Edge Server have valid certificates.
4. Conference Server certificate is valid.
5. A/V Authentication Edge Server Gruu is correct.
            Failure
[0xC3FC200D] One or more errors were detected

validation on the Edge returns no errors.
There is not a firewall between the edge and FE servers.
Suggestions of items to check?
I looked at the FE\Global properties\Edge servers and it shows the fqdn and 5062.  the edge server has A/V authentication port set to 5062.

0
Comment
Question by:DayneJake
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 3

Expert Comment

by:dawho9
ID: 36959954
Your edge server, are you using NAT for your three "public" IP or are they sitting out on the internet directly.  If you are using NAT, do you have an internal DNS record for av.domain.com (change to whatever you actually called your external Audio/Video IP) to the public IP Address (yes - public, not DMZ or internal IP) of your AV service.  

Richard
0
 

Assisted Solution

by:ecalonllc
ecalonllc earned 1000 total points
ID: 36967967
to coincide with dawho9 question, please also ensure you have the proper AV ports pass-thru to your DMZ. here is a good diagram of what ports are used for AV in Lync http://www.msexchange.org/img/upl/image0151313261656956.jpg

if your forefront edge server public ips arent behind a NAT, please create the create corresponding rules in the firewall policy to allow passage. keep in mind you need a reverse proxy setup for lync external users. i.e address book search etc will fail without it, im currently working on a much more technical issue with lync ews not deployed issue(s)
0
 

Author Comment

by:DayneJake
ID: 36968390
THis is an OCSR2 deployment.
The Edge has 4 NICs.  3 for edge roles (Nat'd form real world to DMZ addresses) and 1 for internal.
What I am finding are TLS connection failures between the Edge ionternal interface and the FE.

Running the following on the edge gives me an error:
certutil -ping -config <CA-FQDN>\CA
Connecting to <CA-FQDN>\CA...
Server could not be reached: The RPC server is unavailable. 0x800706ba (WIN32: 1722)
CertUtil: -ping command FAILED: 0x800706ba (WIN32: 1722)
CertUtil: The RPC server is unavailable.

Looking into the CA now.
0
 
LVL 2

Accepted Solution

by:
Sourabh-Exchange earned 1000 total points
ID: 37886407
This does not point me to the CA issue. Please check if you have the LDAP port open to reach to your CA.

do you have any Internal Firewall ? if yes Please let me know the firewall name.

looks like NAT issue to me. and the issue is not on the External side. i am sure two external contacts are able to make calls to each other. also check if you are getting "limited external calling" error on the communicator

- Sourabh
0
 

Author Comment

by:DayneJake
ID: 37943190
Ended up a firewall issue that I was not told was in place.
0

Featured Post

Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Welcome to my series of short tips on migrations. Whilst based on Microsoft migrations the same principles can be applied to any type of migration. My first tip Migration Tip #1 – Source Server Health can be found listed in my profile here: http:…
Have you considered what group policies are backwards and forwards compatible? Windows Active Directory servers and clients use group policy templates to deploy sets of policies within your domain. But, there is a catch to deploying policies. The…
In this brief tutorial Pawel from AdRem Software explains how you can quickly find out which services are running on your network, or what are the IP addresses of servers responsible for each service. Software used is freeware NetCrunch Tools (https…
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

800 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question