Issues Joining external Meeting with Lync 2013

We have a Lync 2013 internal setup with 2 FE servers, DNS load balanced, an edge pool with one Edge server, and a Reverse Proxy (TMG2010). Internally we can have meetings with no issue. Users join the meeting with audio and video. However, if internal users try to join a meeting from another company, they get kicked out as soon as they try to use Audio or Video. They can IM only. If I connect from home on my work laptop, using Lync Full client, I am able to connect and use Audio and Video. We have open federation enabled through the edge and I have the AV Edge set as NATTed. We have verified the DNS records and have even gone as far as opening the internal and external firewalls wide open (just to test) and it has no effect. This affects all internal clients regardless of location (we have multiple sites, all use same Lync FE pool.) Has anyone seen behavior like this?
LVL 12
Jeff GloverSr. Systems AdministratorAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Steven SheeleyConsulting SW Engineer - Lync/Skype4BusinessCommented:
So this is when internal users attempt to connect to a Lync meeting from a different company? All users, no matter physical location, can do meetings internally?
0
Jeff GloverSr. Systems AdministratorAuthor Commented:
Yes. All users internally can meet. We have tested Video, Audio, Sharing,(desktop, app, whiteboard, etc...) Even internal users who are not VPN'd in at the time (connecting through Edge)
0
Steven SheeleyConsulting SW Engineer - Lync/Skype4BusinessCommented:
Internal User gets meeting request from external company
Internal User connects to external company using the link provided in the meeting request
Internal User is able to join meeting and can IM, however, the instant that they attempt to connect with Video or Audio, the meeting terminates.

Quesiton. Before they attempt audio or video, are they receiving audio or video from the external meeting?
0
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

Jeff GloverSr. Systems AdministratorAuthor Commented:
No
0
Steven SheeleyConsulting SW Engineer - Lync/Skype4BusinessCommented:
First suggestion is to run client logging on the client side and have them connect to an external meeting, then enable video or audio and capture the failure.  When you restart the client, disable logging and then grab that log and view it using Snooper.  Look and see what Lync is saying when or just before it crashes.
0
Jeff GloverSr. Systems AdministratorAuthor Commented:
Well, tried Client logging and still am a little lost. Tried to pick out the meeting from all the background messages and it looks like this. Client tried to Subscribe With adhoclist and category list Required and got a Forbidden, Cannot route this type SIP message to Federated Partners.. Tried again without the required items and got a Not found, Previous Hop federated peer did not report diagnostic information. Sent an INvite, got a Not found (same message) then gets an Ack and it seems to move over to Anonymous. (sip:247d8899-f72c-4161-97a7-515f4d69caf5@anonymous.invalid becomes the From address) First invite gets a 401 unauthorized. Then it seems to start talking. Ack, Inbvite, Trying, Session progress, etc. I don't see where the Audio kills it.
0
Steven SheeleyConsulting SW Engineer - Lync/Skype4BusinessCommented:
You may need to get Microsoft to look at the logs
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jeff GloverSr. Systems AdministratorAuthor Commented:
Had to contact Microsoft. After spending half a day looking over things, We found that one of our SRV records (Sipfederationtls) was misconfigured. Also the tech had us open TCP 3478 and TCP 50000-59999 inbound to the AV edge, Not sure which part actually fixed it but now it is working.
0
Dare PojuSkype for business Solutions ArchitectCommented:
Opening the ports is what fixed your issue and not the sipfederationtls. Here is the breakdown. Federation will always use the 5061/443 which you have confirmed it worked by been able to connect via the edge and IMs. The AV Edge uses UDP 3478 ( inbound and outbound) for audio and video -media. TCP 50000-59,999 ( for those companies using previous UCS 2007 platform). Read Lync 2013 poster very well and you will understand what I meant.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Conferencing Software

From novice to tech pro — start learning today.