question

SydneyMarihoho-9571 avatar image
2 Votes"
SydneyMarihoho-9571 asked GarySmith-1402 commented

What would cause MS Teams calls to drop after about 10seconds when originated from Remote VPN to LAN?

• The caller must be on the VPN (Remote Access Service)
• The called party must be on a site LAN (but it can be any Company site)
• The call will work perfectly until 10 seconds and then will end / be torn down

office-teams-windows-itpro
· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

We have noticed that all of a sudden, inbound "from DirectAccess to guy on LAN" calls are working. This started in the last few days. I'm hesitant to trust that this is permanently fixed BUT initial testing suggests the thing that changed was an upgrade to Windows 10 21H1.

At the moment it looks like it requires the guy on the internal LAN to be on 21H1, whereas the guy on the DirectAccess VPN (using force tunnel) can still be on 20H2, and it'll connect an inbound call.

In other words:
20H2 on DirectAccess --> 21H1 on LAN works
21H1 on DirectAccess --> 21H1 on LAN works
20H2 on DirectAccess --> 20H2 on LAN still doesn't work

Since it's an enablement package we're cracking on with upgrades and I will report back if this behaves itself over hte coming days, and when i get additional people upgraded and see if the pattern holds. Fingers crossed, but i won't get my hopes up :-)

0 Votes 0 ·

Thanks RonanFahy for the information please keep us posted if tis could be the solution, in the meantime I will find out from our IT team if we have anyone with Windows 10 21h1 to test that as well.

Regards

Sydney

0 Votes 0 ·

So the 21H1 thing was a false alarm sorry, but we have we think solved it.
We spotted that our proxy was blocking some traffic that wasn't obviously teams related.

At the moment where the "receiver" inside the network clicks the button to accept the incoming call Teams tries to connect out to an IP address rather than to a hostname, which is awful practice of course. That IP address (in our case were seeing things like https://52.113.201.115 and https://52.113.201.169) were being blocked as failing the SSL inspection - the certificate common names didn't match the host name, again, terrible practice Microsoft. We had to bypass SSL inspection for that entire range along with other identified ones, before it would work. I don't like doing that, as we can only trust that nothing else runs on the same IP's, but who has a choice.

Ranges used were:
52.112.0.0/14
13.107.64.0/18
52.238.119.141
52.244.160.207
52.120.0.0/14

We use a proxy that can subscribe to managed lists so these were referred to as "Lync Online IPv4 Ranges" so some are probably related to old Lync / SfB rather than Teams, but it worked.

0 Votes 0 ·

We have the exact same problem today. Unsure if long outstanding or not.

Anyone managed to find a fix. We don't allow split tunnelling.

The one thing we noticed that works from VPN client to HQ (Behind an ASA) is meetings. These load fine.

Its only affecting Teams calls/video directly.

0 Votes 0 ·
CodeMan47-3464 avatar image
0 Votes"
CodeMan47-3464 answered CodeMan47-3464 commented

I have been fighting with this exact same problem - Cisco ASA 5506 and when clients connected to VPN call someone in the office the call drops after about 10 seconds.
Has anyone had any success fixing this without split tunneling?

Thanks,
Jon

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Please check the response from other people in the chat as they have a solution (split tunnelling VPN configuration and bypass all Microsoft services from traversing the tunnel) which isn't ideal but seems to resolve the issue. In my case the company policy does not allow split tunnelling

0 Votes 0 ·

Similar issue here, trying to avoid split tunneling. Was hoping to find a solution w/out having to split tunnel...

0 Votes 0 ·
DustinRoberts-6435 avatar image
0 Votes"
DustinRoberts-6435 answered

We're experiencing the exact same issue:

The caller must be on the VPN

The called party must be on a site LAN

The call will work perfectly until 10 seconds and then will end / be torn down

LAN to VPN works

VPN to VPN works

Version:
Microsoft Teams Version 1.4.00.8872 (32-bit)

Split tunneling is not an option for us.

The only workaround at this time (that is not split tunneling) is to use the Teams Web Client via https://portal.office.com then select Teams on the left hand App bar. Now test your call.

Same scenario, VPN to LAN via the Teams Web Client works perfectly.

Teams application bug issue? Please advise. We're submitting a Unified Support Ticket with Microsoft to hopefully get us all some resolution.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

RonanFahy-1598 avatar image
0 Votes"
RonanFahy-1598 answered

Same problem here and interested in any developing solutions. Split tunnel not a solution.

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

MikashHaria-5880 avatar image
0 Votes"
MikashHaria-5880 answered SydneyMarihoho-9571 commented

Does anyone have a solution as we also cannot do split tunnel?

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Unfortunately we have not yet found a solution, we have had several troubleshooting sessions with CiscoTAC to no avail. Split Tunnelling still not accepted as an option

0 Votes 0 ·
MartinDSimonsenStrm-5109 avatar image
0 Votes"
MartinDSimonsenStrm-5109 answered MartinDSimonsenStrm-5109 commented

We have the same issue, BUT only one way.

Site 2 Site between HQ and Branch Office (BO)

  • Teams works from HQ to BO

  • Teams Disconnects after 10 sec when session is from BO to HQ

  • Teams Meeting works

ASA in BO and Firepower in HQ
Tunnel is stable and other services are running good

Wireshark and and Debug is not helpfull

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Ended up blocking ALL UDP Traffic from BO to HQ

this works , i THINK it is because "voodoo" stuff happens between firewalls, this way i force Microsoft to be the source and destination for connectionw and not P2P

But this is what worked for me.

0 Votes 0 ·