03-20-2013 04:16 PM - edited 03-19-2019 06:27 AM
Hi All,
I'm having an issue getting presence inter-domain federation working with lync. Viewing the trace for the "Cisco UP XCP SIP Federation Connection Manager" when I attempt to send a message from the presence client to a lync user I see the below. (also not receiving any presence information for the user)
Any help is greatly appreciated.
Presence Version: 8.6.3.10000-20
CUCM Version: 8.6.2.22900-9
10:08:23.645 |SIPStack.cpp:55: INFO - TRANSPORT - <-- SIP/2.0 488 Not Acceptable Here
10:08:23.645 |SIPStack.cpp:55: INFO - TRANSPORT - Via: SIP/2.0/TCP 10.2.0.205:5080;received=10.2.0.205;branch=z9hG4bK-514a4167-8a0f7bfc-27672377
10:08:23.645 |SIPStack.cpp:55: INFO - TRANSPORT - From: <sip:jneurohr@domain.com>;tag=b466ac78-cd00020a-13d8-45026-514a4167-6933f999-514a4167
10:08:23.645 |SIPStack.cpp:55: INFO - TRANSPORT - To: <sip:lync.user@lync.com>;epid=c08d7f8f34;tag=e6a7b13792
10:08:23.645 |SIPStack.cpp:55: INFO - TRANSPORT - Call-ID: b2e63870-cd00020a-13d8-45026-514a4167-2f2bd24b-514a4167
10:08:23.645 |SIPStack.cpp:55: INFO - TRANSPORT - CSeq: 1 INVITE
10:08:23.645 |SIPStack.cpp:55: INFO - TRANSPORT - Record-Route: <sip:lync.user.fd1aaf18-85cf6835-2c7a04c9-db9ef89@10.2.0.205:5061;maddr=cups.domain.com;transport=tls;lr>
10:08:23.645 |SIPStack.cpp:55: INFO - TRANSPORT - User-Agent: UCCAPI/4.0.7577.4356 OC/4.0.7577.4356 (Microsoft Lync 2010)
10:08:23.645 |SIPStack.cpp:55: INFO - TRANSPORT - Ms-client-diagnostics: 52033; reason="Incoming conversations are blocked over federation link"
10:08:23.645 |SIPStack.cpp:55: INFO - TRANSPORT - Content-Length: 0
10:08:23.645 |SIPStack.cpp:55: INFO - TRANSPORT - ms-asserted-verification-level: ms-source-verified-user=verified
03-21-2013 11:44 AM
Hi,
Did you get a resolution this you issue? I having the exact same issue now
Thanks
Neil
03-21-2013 02:09 PM
No not yet, Once I find a solution I'll be sure to post it, as I couldn't find any information on this particular problem.
03-21-2013 04:14 PM
Additionaly I see the following:
10:10:43.671 |SIPStack.cpp:68: DEBUG - MSGBUILDER - ReportTcpCompleteMsgBuffer - pConn 0x0xb76f22d8: TCP message Rcvd, 10.2.0.205:5080<-10.2.0.205:5060, size=491
10:10:43.671 |SIPStack.cpp:55: INFO - TRANSPORT - <-- SIP/2.0 403 Forbidden
10:10:43.671 |SIPStack.cpp:55: INFO - TRANSPORT - From: <>>jneurohr@domain.com>;tag=b500cd78-cd00020a-13d8-45026-514b9373-62d85957-514b9373
10:10:43.671 |SIPStack.cpp:55: INFO - TRANSPORT - To: <>>lync.user@lync.com>;tag=504E4CDE19BCAAFE664C5E43C9591D20
10:10:43.671 |SIPStack.cpp:55: INFO - TRANSPORT - Call-ID: b3804470-cd00020a-13d8-45026-514b9373-44191229-514b9373
10:10:43.671 |SIPStack.cpp:55: INFO - TRANSPORT - CSeq: 1 SUBSCRIBE
10:10:43.671 |SIPStack.cpp:55: INFO - TRANSPORT - Via: SIP/2.0/TCP 10.2.0.205:5080;received=10.2.0.205;branch=z9hG4bK-514b9373-8f37fbb3-5283cb5d
10:10:43.671 |SIPStack.cpp:55: INFO - TRANSPORT - Server: RTC/4.0
10:10:43.671 |SIPStack.cpp:55: INFO - TRANSPORT - Content-Length: 0
10:10:43.671 |SIPStack.cpp:55: INFO - TRANSPORT - ms-asserted-verification-level: ms-source-verified-user=verified
03-24-2013 02:40 AM
it appears to be caused by the licence limit on our ASA firewalls. As I built an entire lync lab so I would have total control over both the cups and lync environments to troubleshoot the issue, and this is the only fault I can see which could be causing the problem:
TLSP d9927ee0: Using trust point 'ASDM_TrustPoint2' with the Client, RT proxy d860e298
TLSP d9927ee0: Waiting for SSL handshake from Client outside:ip.ip.ip.ip/49215.
TLSP d9927ee0: --> Proxy Rx 140 bytes
TLSP d9927ee0: <== Proxy Tx 4096 bytes
TLSP d9927ee0: <== Proxy Tx 732 bytes
TLSP d9927ee0: --> Proxy Rx 1380 bytes
TLSP d9927ee0: --> Proxy Rx 603 bytes
TLSP d9927ee0: <== Proxy Tx 47 bytes
TLSP d9927ee0: Generating License syslog
TLSP d9927ee0: Failed to acquire a license
TLSP d9927ee0: new event: KILL_FLOW
03-25-2013 12:57 AM
Hi Jason,
This is Neil again under my own CCO, I had a problem with my ASA licesnse, I got the license for the number of TLS-Proxy instances increased from 2 to 52. This however did not fix the issue I was still getting the same error messages as you on the outbound SIP message coming back from the Lync Server.
On the inbound SIP messages I was getting "SIP/2.0 407 Authentication Required" on my CUPS Server. To fix this issue you have to set the "Default Cisco SIP Proxy TLS Listener - Peer Auth" from port from 5062 to 5061, you can't change this value to 5061 without changing the "Default Cisco SIP Proxy TLS Listener = Server Auth" to be 5062 or something else first. note you have to set Default Cisco SIP Proxy TLS Listener - Server Auth = 5063 or any unassigned port, then you can swap these around. This is found in CUPS Admin under System=>Application Listeners
Once you set Default Cisco SIP Proxy TLS Listener - Peer Auth = 5061. The Federation worked for me.
Regards
Neil
03-25-2013 03:10 AM
Hi Neil,
Thanks for the follow up. I believe doing this is documented in the intradomain federation guide, but not mentioned in the interdomain federation guide. Can you paste in what you have configured on your ASA? As we have the NAT redirecting 5061 externally to 5062 internally as per the guide so would think making it 5061 and then changing the NAT wouldn't achieve anything?
Edit: tried this, this morning and it made no difference to what I was seeing. Would be handy to see what you have configured on the ASA
03-25-2013 05:59 PM
I see this happening frequently on the ASA where the cups server initiates an outbound connection to the far end lync edge on port x, which the asa replaces with port y.
The far then lync then replies with a destination of port x instead of port y so the session just drops.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide