Solved: Thanks for your help! We

jsheehy13 · ‎10-26-2016

So we have configured a Cisco 4331 ISR router to connect to Office 365 for voice mail services. Accessing voice mail works fine, and we can leave voice mail messages, etc. We CANNOT transfer any calls via the Office 365 auto attendant. When we search for a user and ask Office 365 to dial, the SIP REFER causes the phone to ring....but there is no ringback and if you pickup the phone it gets a fast busy.

The cube connects to Microsoft using SIP TLS and converts the call from RTP to SRTP. I can also dial my extension from Office 365 to play the voicemail on the phone. The problem ONLY occurs when a SIP REFER or REFER-TO are involved. On the SIP trunk we have MTP Required turned on. I cannot dial the voice mail or auto attendant if this is turned off.

I'm not a strong voice person, so any help would be greatly appreciated :-)

The version of Call Manager is 8.6.2.25900-8 (Yes I know it is old)

The IOS version on the CUBE is: isr4300-universalk9.03.16.04a.S.155-3.S4a-ext.SPA.bin

Here is the call path:

TLS

PHONE <-->CUCM<--> CUBE<-->Office365

RTP SRTP

KEVIN DELANEY · ‎06-07-2017

Thanks for your help! We solved our problem. What it was; was that we were using a Comodo certificate. Which is on Microsoft's Unified Communications Certificate Partner list:

https://support.microsoft.com/en-us/help/929395/unified-communications-certificate-partners

However thats not O365. I believe this link above is for prem based systems. As soon as we used a GoDaddy cert and put them in the correct order along with the GoDaddy Root and the Baltimore CyberTrust Root it worked just fine.

View solution in original post

dwhitefo · ‎01-13-2017

Can you provide the configuration for the CUBE? Is the REFER going to another number on CUCM? The output of debug ccsip message would also be helpful.

jsheehy13 · ‎06-06-2017

This actually had nothing to do with the SIP REFER. The problem (as TAC determined) was the version of IOS...we needed isr4300-universalk9.03.17.03.S.156-1.S3-std.SPA.bin to get it to work.

I have attached the config...but I removed the certificates and other sensitive information...let me know if you have any questions....also DO NOT NAT through a firewall. Have an interface directly on the outside. The certificates are key as well. You must have the certificate chain as well as the roots that Microsoft uses installed. We purchased ours through digicert. Microsoft uses: BaltimoreCT and GTECybertrust roots.

pankajbhosale · ‎06-07-2017

Hi,

Sorry if I sound irrelevant.

Problem seems to be with CUCM

Can you check Partition & CSS

Bye

KEVIN DELANEY · ‎06-07-2017

Thanks for your help! We solved our problem. What it was; was that we were using a Comodo certificate. Which is on Microsoft's Unified Communications Certificate Partner list:

https://support.microsoft.com/en-us/help/929395/unified-communications-certificate-partners

However thats not O365. I believe this link above is for prem based systems. As soon as we used a GoDaddy cert and put them in the correct order along with the GoDaddy Root and the Baltimore CyberTrust Root it worked just fine.

jsheehy13 · ‎06-07-2017

No problem..yeah originally I had to run a lot of debugs and I had to do some research to figure out which certs were required...but yes, it's a simple solution. Glad I could help.

KEVIN DELANEY · ‎06-06-2017

Can you help the community out here and post a sanitized config? I'm experiencing some issues with this (even getting the VM pilot in O365 to answer) and Microsoft is putting up a stonewall citing "not supported model". I've tried to show them multiple people in the community have this working. If you can do this for the rest of us out here, I'll in turn share my experience and pitfalls we ran into and how to get around them so everyone out here can benefit.

Thanks!

Cisco CUBE 4331 - Connecting to Office 365 UM