Solved

Issues Joining external Meeting with Lync 2013

Posted on 2014-11-10
9
527 Views
Last Modified: 2015-01-19
We have a Lync 2013 internal setup with 2 FE servers, DNS load balanced, an edge pool with one Edge server, and a Reverse Proxy (TMG2010). Internally we can have meetings with no issue. Users join the meeting with audio and video. However, if internal users try to join a meeting from another company, they get kicked out as soon as they try to use Audio or Video. They can IM only. If I connect from home on my work laptop, using Lync Full client, I am able to connect and use Audio and Video. We have open federation enabled through the edge and I have the AV Edge set as NATTed. We have verified the DNS records and have even gone as far as opening the internal and external firewalls wide open (just to test) and it has no effect. This affects all internal clients regardless of location (we have multiple sites, all use same Lync FE pool.) Has anyone seen behavior like this?
0
Comment
Question by:lvjeff
  • 4
  • 4
9 Comments
 
LVL 8

Expert Comment

by:Steven Sheeley
ID: 40433575
So this is when internal users attempt to connect to a Lync meeting from a different company? All users, no matter physical location, can do meetings internally?
0
 
LVL 8

Author Comment

by:lvjeff
ID: 40433600
Yes. All users internally can meet. We have tested Video, Audio, Sharing,(desktop, app, whiteboard, etc...) Even internal users who are not VPN'd in at the time (connecting through Edge)
0
 
LVL 8

Expert Comment

by:Steven Sheeley
ID: 40433631
Internal User gets meeting request from external company
Internal User connects to external company using the link provided in the meeting request
Internal User is able to join meeting and can IM, however, the instant that they attempt to connect with Video or Audio, the meeting terminates.

Quesiton. Before they attempt audio or video, are they receiving audio or video from the external meeting?
0
 
LVL 8

Author Comment

by:lvjeff
ID: 40433642
No
0
Find Ransomware Secrets With All-Source Analysis

Ransomware has become a major concern for organizations; its prevalence has grown due to past successes achieved by threat actors. While each ransomware variant is different, we’ve seen some common tactics and trends used among the authors of the malware.

 
LVL 8

Expert Comment

by:Steven Sheeley
ID: 40433649
First suggestion is to run client logging on the client side and have them connect to an external meeting, then enable video or audio and capture the failure.  When you restart the client, disable logging and then grab that log and view it using Snooper.  Look and see what Lync is saying when or just before it crashes.
0
 
LVL 8

Author Comment

by:lvjeff
ID: 40447541
Well, tried Client logging and still am a little lost. Tried to pick out the meeting from all the background messages and it looks like this. Client tried to Subscribe With adhoclist and category list Required and got a Forbidden, Cannot route this type SIP message to Federated Partners.. Tried again without the required items and got a Not found, Previous Hop federated peer did not report diagnostic information. Sent an INvite, got a Not found (same message) then gets an Ack and it seems to move over to Anonymous. (sip:247d8899-f72c-4161-97a7-515f4d69caf5@anonymous.invalid becomes the From address) First invite gets a 401 unauthorized. Then it seems to start talking. Ack, Inbvite, Trying, Session progress, etc. I don't see where the Audio kills it.
0
 
LVL 8

Accepted Solution

by:
Steven Sheeley earned 500 total points
ID: 40447599
You may need to get Microsoft to look at the logs
0
 
LVL 8

Author Comment

by:lvjeff
ID: 40450965
Had to contact Microsoft. After spending half a day looking over things, We found that one of our SRV records (Sipfederationtls) was misconfigured. Also the tech had us open TCP 3478 and TCP 50000-59999 inbound to the AV edge, Not sure which part actually fixed it but now it is working.
0
 
LVL 1

Expert Comment

by:Oludare adepoju
ID: 40558996
Opening the ports is what fixed your issue and not the sipfederationtls. Here is the breakdown. Federation will always use the 5061/443 which you have confirmed it worked by been able to connect via the edge and IMs. The AV Edge uses UDP 3478 ( inbound and outbound) for audio and video -media. TCP 50000-59,999 ( for those companies using previous UCS 2007 platform). Read Lync 2013 poster very well and you will understand what I meant.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

Microsoft has released remote PowerShell capabilities to all commercial Office 365 customers. So you can be controlled via PowerShell and not from the Office 365 admin center Download Windows PowerShell Module for Lync Online http://www.micros…
Messaging apps are amazing tools with the power to do a lot of good, but the truth is the process of collaborating with coworkers requires relationships established through meaningful communication - the kind of communication that only happens face-…
Access reports are powerful and flexible. Learn how to create a query and then a grouped report using the wizard. Modify the report design after the wizard is done to make it look better. There will be another video to explain how to put the final p…
This tutorial demonstrates a quick way of adding group price to multiple Magento products.

707 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now