Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
?
Solved

OCS R2 Audio video fails externally

Posted on 2011-09-22
5
Medium Priority
?
1,595 Views
Last Modified: 2013-11-29
I ahv an OCS R2 STD deployment that includes an Edge Server and an FTMG server.  The issue I am having is with external Audio and\or Video connections.  Internal connections work fine.  I ahve tested an Externally signed in user to an internal user and also a federated to internal user, both fail.
I have checked ports and all teh things I can think of.  the following are errors I am seeing:

On the FE server

OCS Protocol Stack 1001 14502
A significant number of connection failures have occurred with remote server <edgeservername>.<company>.net IP 172.xxx.xxx.xxx. There have been 207 failures in the last 180 minutes. There have been a total of 8186 failures.
The specific failure types and their counts are identified below.
Instance count - Failure Type
7895 80072746
120 80072745
115 8007274D
This can be due to credential issues, DNS, firewalls or proxies. The specific failure types above should identify the problem.

and when I run the A/V validation on the FE:

Connecting to A/V Authentication Edge Server to get credentials            A/V Authentication Edge Server: Could not contact A/V Authentication Edge Server.
To resolve this error, check for the following
1. The outbound proxy is reachable.
2. The outbound proxy and A/V Authentication Edge Server are in trusted server list of each other.
3. The outbound proxy and A/V Authentication Edge Server have valid certificates.
4. Conference Server certificate is valid.
5. A/V Authentication Edge Server Gruu is correct.
            Failure
[0xC3FC200D] One or more errors were detected

validation on the Edge returns no errors.
There is not a firewall between the edge and FE servers.
Suggestions of items to check?
I looked at the FE\Global properties\Edge servers and it shows the fqdn and 5062.  the edge server has A/V authentication port set to 5062.

0
Comment
Question by:DayneJake
5 Comments
 
LVL 3

Expert Comment

by:dawho9
ID: 36959954
Your edge server, are you using NAT for your three "public" IP or are they sitting out on the internet directly.  If you are using NAT, do you have an internal DNS record for av.domain.com (change to whatever you actually called your external Audio/Video IP) to the public IP Address (yes - public, not DMZ or internal IP) of your AV service.  

Richard
0
 

Assisted Solution

by:ecalonllc
ecalonllc earned 1000 total points
ID: 36967967
to coincide with dawho9 question, please also ensure you have the proper AV ports pass-thru to your DMZ. here is a good diagram of what ports are used for AV in Lync http://www.msexchange.org/img/upl/image0151313261656956.jpg

if your forefront edge server public ips arent behind a NAT, please create the create corresponding rules in the firewall policy to allow passage. keep in mind you need a reverse proxy setup for lync external users. i.e address book search etc will fail without it, im currently working on a much more technical issue with lync ews not deployed issue(s)
0
 

Author Comment

by:DayneJake
ID: 36968390
THis is an OCSR2 deployment.
The Edge has 4 NICs.  3 for edge roles (Nat'd form real world to DMZ addresses) and 1 for internal.
What I am finding are TLS connection failures between the Edge ionternal interface and the FE.

Running the following on the edge gives me an error:
certutil -ping -config <CA-FQDN>\CA
Connecting to <CA-FQDN>\CA...
Server could not be reached: The RPC server is unavailable. 0x800706ba (WIN32: 1722)
CertUtil: -ping command FAILED: 0x800706ba (WIN32: 1722)
CertUtil: The RPC server is unavailable.

Looking into the CA now.
0
 
LVL 2

Accepted Solution

by:
Sourabh-Exchange earned 1000 total points
ID: 37886407
This does not point me to the CA issue. Please check if you have the LDAP port open to reach to your CA.

do you have any Internal Firewall ? if yes Please let me know the firewall name.

looks like NAT issue to me. and the issue is not on the External side. i am sure two external contacts are able to make calls to each other. also check if you are getting "limited external calling" error on the communicator

- Sourabh
0
 

Author Comment

by:DayneJake
ID: 37943190
Ended up a firewall issue that I was not told was in place.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

On a regular basis I get questions about slow RDP performance, RDP connection problems, strange errors and even BSOD, remote computers freezing or restarting after initiation of a remote session. In a lot of this cases the quick solutions made b…
Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
Loops Section Overview
Screencast - Getting to Know the Pipeline

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question