Solved

OCS R2 Audio video fails externally

Posted on 2011-09-22
5
1,496 Views
Last Modified: 2013-11-29
I ahv an OCS R2 STD deployment that includes an Edge Server and an FTMG server.  The issue I am having is with external Audio and\or Video connections.  Internal connections work fine.  I ahve tested an Externally signed in user to an internal user and also a federated to internal user, both fail.
I have checked ports and all teh things I can think of.  the following are errors I am seeing:

On the FE server

OCS Protocol Stack 1001 14502
A significant number of connection failures have occurred with remote server <edgeservername>.<company>.net IP 172.xxx.xxx.xxx. There have been 207 failures in the last 180 minutes. There have been a total of 8186 failures.
The specific failure types and their counts are identified below.
Instance count - Failure Type
7895 80072746
120 80072745
115 8007274D
This can be due to credential issues, DNS, firewalls or proxies. The specific failure types above should identify the problem.

and when I run the A/V validation on the FE:

Connecting to A/V Authentication Edge Server to get credentials            A/V Authentication Edge Server: Could not contact A/V Authentication Edge Server.
To resolve this error, check for the following
1. The outbound proxy is reachable.
2. The outbound proxy and A/V Authentication Edge Server are in trusted server list of each other.
3. The outbound proxy and A/V Authentication Edge Server have valid certificates.
4. Conference Server certificate is valid.
5. A/V Authentication Edge Server Gruu is correct.
            Failure
[0xC3FC200D] One or more errors were detected

validation on the Edge returns no errors.
There is not a firewall between the edge and FE servers.
Suggestions of items to check?
I looked at the FE\Global properties\Edge servers and it shows the fqdn and 5062.  the edge server has A/V authentication port set to 5062.

0
Comment
Question by:DayneJake
5 Comments
 
LVL 3

Expert Comment

by:dawho9
ID: 36959954
Your edge server, are you using NAT for your three "public" IP or are they sitting out on the internet directly.  If you are using NAT, do you have an internal DNS record for av.domain.com (change to whatever you actually called your external Audio/Video IP) to the public IP Address (yes - public, not DMZ or internal IP) of your AV service.  

Richard
0
 

Assisted Solution

by:ecalonllc
ecalonllc earned 250 total points
ID: 36967967
to coincide with dawho9 question, please also ensure you have the proper AV ports pass-thru to your DMZ. here is a good diagram of what ports are used for AV in Lync http://www.msexchange.org/img/upl/image0151313261656956.jpg

if your forefront edge server public ips arent behind a NAT, please create the create corresponding rules in the firewall policy to allow passage. keep in mind you need a reverse proxy setup for lync external users. i.e address book search etc will fail without it, im currently working on a much more technical issue with lync ews not deployed issue(s)
0
 

Author Comment

by:DayneJake
ID: 36968390
THis is an OCSR2 deployment.
The Edge has 4 NICs.  3 for edge roles (Nat'd form real world to DMZ addresses) and 1 for internal.
What I am finding are TLS connection failures between the Edge ionternal interface and the FE.

Running the following on the edge gives me an error:
certutil -ping -config <CA-FQDN>\CA
Connecting to <CA-FQDN>\CA...
Server could not be reached: The RPC server is unavailable. 0x800706ba (WIN32: 1722)
CertUtil: -ping command FAILED: 0x800706ba (WIN32: 1722)
CertUtil: The RPC server is unavailable.

Looking into the CA now.
0
 
LVL 2

Accepted Solution

by:
Sourabh-Exchange earned 250 total points
ID: 37886407
This does not point me to the CA issue. Please check if you have the LDAP port open to reach to your CA.

do you have any Internal Firewall ? if yes Please let me know the firewall name.

looks like NAT issue to me. and the issue is not on the External side. i am sure two external contacts are able to make calls to each other. also check if you are getting "limited external calling" error on the communicator

- Sourabh
0
 

Author Comment

by:DayneJake
ID: 37943190
Ended up a firewall issue that I was not told was in place.
0

Featured Post

Don't lose your head updating email signatures!

Do your end users still have the wrong email signature? Do email signature updates bore you or fill you with a sense of dread? You can make this a whole lot easier on yourself by trusting an Exclaimer email signature management solution. Over 50 million users do...so should you!

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Hyper V manager 4 31
Instant VM Recovery 4 74
Missing Visual C++ 10.0 Runtime 5 61
Best practice DHCP migration 7 55
My previous article  (http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/A_4466-A-beginners-guide-to-installing-SCCM2007-on-Windows-2008-R2-Server.html)detailed one possible method to get SCCM 2007 installed an…
This is my 3rd article on SCCM in recent weeks, the 1st (http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/Windows_Server_2008/A_4466-A-beginners-guide-to-installing-SCCM2007-on-Windows-2008-R2-Server.html) dealing with installat…
Internet Business Fax to Email Made Easy - With eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, fr…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now