Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

OCS R2 Audio video fails externally

Posted on 2011-09-22
5
Medium Priority
?
1,585 Views
Last Modified: 2013-11-29
I ahv an OCS R2 STD deployment that includes an Edge Server and an FTMG server.  The issue I am having is with external Audio and\or Video connections.  Internal connections work fine.  I ahve tested an Externally signed in user to an internal user and also a federated to internal user, both fail.
I have checked ports and all teh things I can think of.  the following are errors I am seeing:

On the FE server

OCS Protocol Stack 1001 14502
A significant number of connection failures have occurred with remote server <edgeservername>.<company>.net IP 172.xxx.xxx.xxx. There have been 207 failures in the last 180 minutes. There have been a total of 8186 failures.
The specific failure types and their counts are identified below.
Instance count - Failure Type
7895 80072746
120 80072745
115 8007274D
This can be due to credential issues, DNS, firewalls or proxies. The specific failure types above should identify the problem.

and when I run the A/V validation on the FE:

Connecting to A/V Authentication Edge Server to get credentials            A/V Authentication Edge Server: Could not contact A/V Authentication Edge Server.
To resolve this error, check for the following
1. The outbound proxy is reachable.
2. The outbound proxy and A/V Authentication Edge Server are in trusted server list of each other.
3. The outbound proxy and A/V Authentication Edge Server have valid certificates.
4. Conference Server certificate is valid.
5. A/V Authentication Edge Server Gruu is correct.
            Failure
[0xC3FC200D] One or more errors were detected

validation on the Edge returns no errors.
There is not a firewall between the edge and FE servers.
Suggestions of items to check?
I looked at the FE\Global properties\Edge servers and it shows the fqdn and 5062.  the edge server has A/V authentication port set to 5062.

0
Comment
Question by:DayneJake
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 3

Expert Comment

by:dawho9
ID: 36959954
Your edge server, are you using NAT for your three "public" IP or are they sitting out on the internet directly.  If you are using NAT, do you have an internal DNS record for av.domain.com (change to whatever you actually called your external Audio/Video IP) to the public IP Address (yes - public, not DMZ or internal IP) of your AV service.  

Richard
0
 

Assisted Solution

by:ecalonllc
ecalonllc earned 1000 total points
ID: 36967967
to coincide with dawho9 question, please also ensure you have the proper AV ports pass-thru to your DMZ. here is a good diagram of what ports are used for AV in Lync http://www.msexchange.org/img/upl/image0151313261656956.jpg

if your forefront edge server public ips arent behind a NAT, please create the create corresponding rules in the firewall policy to allow passage. keep in mind you need a reverse proxy setup for lync external users. i.e address book search etc will fail without it, im currently working on a much more technical issue with lync ews not deployed issue(s)
0
 

Author Comment

by:DayneJake
ID: 36968390
THis is an OCSR2 deployment.
The Edge has 4 NICs.  3 for edge roles (Nat'd form real world to DMZ addresses) and 1 for internal.
What I am finding are TLS connection failures between the Edge ionternal interface and the FE.

Running the following on the edge gives me an error:
certutil -ping -config <CA-FQDN>\CA
Connecting to <CA-FQDN>\CA...
Server could not be reached: The RPC server is unavailable. 0x800706ba (WIN32: 1722)
CertUtil: -ping command FAILED: 0x800706ba (WIN32: 1722)
CertUtil: The RPC server is unavailable.

Looking into the CA now.
0
 
LVL 2

Accepted Solution

by:
Sourabh-Exchange earned 1000 total points
ID: 37886407
This does not point me to the CA issue. Please check if you have the LDAP port open to reach to your CA.

do you have any Internal Firewall ? if yes Please let me know the firewall name.

looks like NAT issue to me. and the issue is not on the External side. i am sure two external contacts are able to make calls to each other. also check if you are getting "limited external calling" error on the communicator

- Sourabh
0
 

Author Comment

by:DayneJake
ID: 37943190
Ended up a firewall issue that I was not told was in place.
0

Featured Post

Tech or Treat!

Submit an article about your scariest tech experience—and the solution—and you’ll be automatically entered to win one of 4 fantastic tech gadgets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Every system administrator encounters once in while in a problem where the solution seems to be a needle in haystack.  My needle was an anti-virus version causing problems with my Exchange server. I have an HP DL350 with Windows Server 2008 Stand…
Know what services you can and cannot, should and should not combine on your server.
In response to a need for security and privacy, and to continue fostering an environment members can turn to for support, solutions, and education, Experts Exchange has created anonymous question capabilities. This new feature is available to our Pr…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…

610 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question