question

AndreasFrank-9491 avatar image
0 Votes"
AndreasFrank-9491 asked SharonZhao-MSFT commented

Skype For Business Onprem - Cant join external parties conferencing/meetings.

Hi,

We have a Skype for business on-prem setup with front-end servers in same zone as the users, mediation servers in DMZ-1 and our Edge server in DMZ-2.

When outside of the office (externally) we can connect to meetings/conferencing with external clients and everything is working.
When inside office we can invite external clients to meeting/conferencing, have internal meetings and call/IM internal/external partners. But we can not join external parties meetings. We get the Error 'We could not connect you to video/audio or presentation".

The problems started about 2-3 weeks ago.

Top failure diagnostic codes the last week:

109902-image.png


I've looked at all the components and i cant see any traffic being denied from one or the other in the firewall.

I have a CLSlogger file with me trying to join the meeting from Internal and our VPN solution with split tunneling.
Internal doesnt work and VPN works.

Hope you can help me and thanks for any help and suggestions.


office-skype-business-server-conferencing
image.png (30.7 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

SharonZhao-MSFT avatar image
0 Votes"
SharonZhao-MSFT answered SharonZhao-MSFT commented

@AndreasFrank-9491,

It should be a network problem. It recommends you to check the following ports opened for Edge Server external interface: SIP/MTLS/5061 (in/out), RTP/TCP/50000-59999 (out), SIP/TLS 443.
110025-image.png

Meanwhile, you can using Microsoft Remote Connectivity Analyzer to test the setup of your network.


If the response is helpful, please click "Accept Answer" and upvote it.

Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



image.png (430.4 KiB)
· 6
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi Sharon,

I get the following for the test:

110789-image.png


And on the Edge server:

110903-image.png

As in regards for traffic i cant see anything being blocked on the FW or with on the Edge server firewall logs, all i see is some IP's being blocked because of our PaloAlto harmfull IP's rule, i could try disable that if neccessary? [2]: /answers/storage/attachments/110827-image.png



0 Votes 0 ·
image.png (72.8 KiB)
image.png (32.9 KiB)

I've tried disabling the Palo Alto EDL Rules now, no difference...

0 Votes 0 ·

@AndreasFrank-9491,
For security purpose, I covered private information in your images. Thanks for your understanding.
It is suggested to restart service during nonworking time after you disable the Palo Alto EDL Rules. Then, check if it can work properly when join external meetings.

0 Votes 0 ·

Hi Sharon,
Thanks for that!

We have gotten the error with joining meetings sorted from internal networks.

For the Edge server is has 3 outwards facing external interfaces which are under default route 0.0.0.0/0 with an assigned gateway for all traffic besides towards internal networks.
For the internal interface is has an assigned IP/DNS but no gateway and the routes are entered manually.

So for instance we have one route that points to internal networks A,B,C with a /12 mask, but for some reason it has been reset to an old route config that hasn't been there for a year or more which only has the mask /16, excluding the other networks for Offices and some internal servers. We suspect an Hyper-V error for this error.

Meaning that the the Edge server could not be reached internally from Office networks.

However, when our users join meetings that are hosted by external partners the presentation isn't working or it cuts out after aprox 10 seconds.

The information below is filtered on an user that was connected to an external meetings in our internal offices, yesterday morning. Both dashboard and the errors in CLS.

CLS:
SIP/2 403 Forbidden 'Cannot route this type of SIP request to or from federated partners'.
SIP/2 481 Call leg/transaction does not exist.

Dashboard: (Same user against 2 different people in the same external organisation, one with error 25 before route was fixed, and one with error 35 after route is fixed)


110914-image.png


0 Votes 0 ·
image.png (40.8 KiB)
image.png (37.5 KiB)
Show more comments