Category: Unified Comms
Lync Federation – Cleaning up discovered SIP domains
If you have enabled Discovery for your Lync Federation services, you may want from time to time to add discovered domains to Federated Domains list to allow you to control their allow/block status.
Rather handily, Microsoft made this really simple to do.
Open the Event Viewer on one of your Edge servers and filter for Event ID 14601. You should find one of these logged every hour. This will contain the following:
Report of discovered partners that the Access Edge Server is currently monitoring.
There are 1 discovered partners, identified by the common name of their certificate.Name: accessurl.domain.com; Domains: domain.com
You can use these details to populate the Domain and AccessEdge fields in the Federation Domains section of your Lync Control Panel.
Easy.
Removing server roles from OCS 2007 R2 servers
Unfortunately, if you follow the instructions here (http://technet.microsoft.com/en-us/library/dd572507(office.13).aspx) to the letter, you’ll get an error when you try to remove the Core Components.
The OCS Admin Tools are not listed in the removal order, and unfortunately will prevent you removing the Core role. So, where it says this….
If you are removing an Edge Server, a Mediation Server, an Archiving Server, or a Monitoring Server, remove the Office Communications Server 2007 R2 components in the following sequence:
- Microsoft Office Communications Server 2007 R2, Edge Server
- Microsoft Office Communications Server 2007 R2, Mediation Server
- Microsoft Office Communications Server 2007 R2, Archiving Server
- Microsoft Office Communications Server 2007 R2, Monitoring Server
- Microsoft Office Communications Server 2007 R2, Core Components
- Microsoft Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redistribution package
..it should actually read…
If you are removing an Edge Server, a Mediation Server, an Archiving Server, or a Monitoring Server, remove the Office Communications Server 2007 R2 components in the following sequence:
- Microsoft Office Communications Server 2007 R2, Edge Server
- Microsoft Office Communications Server 2007 R2, Mediation Server
- Microsoft Office Communications Server 2007 R2, Archiving Server
- Microsoft Office Communications Server 2007 R2, Monitoring Server
- Microsoft Office Communications Server 2007 R2, Administrative Tools
- Microsoft Office Communications Server 2007 R2, Core Components
- Microsoft Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redistribution package
Just sayin.
Migrating Dialogic Media Gateway from OCS R2 to Lync Mediation Servers
Having deployed a Lync pool alongside our OCS 2007 R2 pool, merged the topologies, and migrated the users all without much issue, I then wanted to migrate calling away from the OCS mediation servers to the Lync mediation servers. Sounded easy. Unfortunately it wasn’t. Outbound calling worked ok, but inbound calling failed.
As you see in the diagram, the topology is fairly straight foward. Two PSTN gateways on 10.10.10.1 and 10.10.20.1, listening on TCP:5066 and 5060 respectively – one talking (hopefully) to a Lync mediation server (10.10.10.4) on TCP:5066 and the other still talking to an old OCS 2007 R2 mediation server (10.10.20.4) on TCP:5060. For now, forget the 10.10.20.x devices.
Steps I followed to get to this point were essentially as outlined in this Technet library (and the equivalent downloadable word version) http://technet.microsoft.com/en-us/library/gg398092.aspx. In short, define a PSTN gateway in the Lync topology, set listening ports on PSTN and Mediation objects, define and commit a voice route, publish topology, done.
What isn’t well documented here is that if for any reason you change the listening ports for the mediation server after initial publish (which I did, mostly just to bring the port allocations in line with the new Lync default ports as the old OCS deployment was using weird ports), you have to restart the Lync Mediation service, otherwise it wont pick up your port changes, even if you re-run the deployment tool.
So at this point, outbound calls were working. No issue. Happy admin.
But incoming calls from the PSTN would fail with “VoIP Transport Failure” on the Dialogic.
What I had already done on the Dialogic was change the routing table properties, specifically the VoIP Host Group settings, to use the new gateway (as the old OCS R2 mediation server was on 10.10.10.3). This is done in the Dialogic UI under Configuration > Routing Table > VoIP Host Groups (radio button at the top). My config here is pretty straightfoward – a single host group, with a single host entry of the old mediation server. Removed the old host entry, added a new one for 10.10.10.4, and expected everything to just work. It didn’t.
When calling in, the line would never ring, you’d see the call appear in the Dialogic Call Log, but after about 15sec it would fail giving the caller a ‘number not connected’ tone, and the Call Log would display “VoIP: Transport Failure”.
Spun up two sets of logging – first I started the Trace Logger on the Dialogic, and second started a set of Lync logs on the mediation server (S4, SIPStack, MediationServer) – then tried another inbound call. Logging on the mediation server showed zero entries, so clearly nothing was getting past the Dialogic. Looking at the trace logs on the Dialogic, I found the following:
[RouteTable] Code outbound device: VOIP (user@host:port) @10.10.10.4:0
So my incoming call was being routed to the mediation server IP ok, but no port was being passed, so logically I would expect the mediation server to reject it at the network layer, as it didn’t match a listening port.
So, on a hunch, I went back to the VoIP Host Groups setting, and changed the host value from 10.10.10.4 to 10.10.10.4:5066. Instant success. Just for consistency, checked another trace log, and sure enough it looks like this:
[RouteTable] Code outbound device: VOIP (user@host:port) @10.10.10.4:5066
What made this unexpected was that the old host value didn’t include the port, just the IP, but for some reason it worked fine.
Usefully, at this point I’d only migrated one of our two Dialogics/Mediation Servers, so ran the same trace log on the un-modified Dialogic (10.10.20.1). Sure enough, the same thing happens – no port is passed in that RouteTable call. Yet it works. Keen to see more, I ran a “netstat -an 1 | findstr 10.10.20.1” on the OCS mediation server to start an endless netstat search for open connections to the Dialogic (refreshing every second). As soon as the call comes in, a connection opens between the two devices on 10.10.20.1:5060 and the call connects. So somewhere in between that routing call to 10.10.20.1:0 becomes a call to 10.10.20.1:5060. I confess, I don’t know how this manages to happen.
Hopefully this helps someone else avoid the frustration this has caused me. And if anyone has any ideas how OCS manages this port wizardry where Lync fails, I’d love to hear your thoughts.
External Response Group Call Routing with Lync Server
Once you start playing with Response Groups in Lync (or OCS) it probably wont be long before you want one to dial out to your PBX. In my case recently it was to get a support line to call an on-call mobile.
Out of the box, Lync wont.
Any outbound call needs a voice route to determine its routing path and permissions – without one it simply cant go anywhere. In short when the RGS tries to dial out it will default to your global voice policy which (unless you’ve changed it – and you shouldn’t) wont route.
Your first task is to therefore create a voice policy that includes the number (or number pattern) you want to call and define a gateway device.
- You can do this via the Lync Control Panel or Powershell.
- Make sure the voice policy is of type ”User” otherwise you wont be able to apply it to your RGS object
- Make sure you commit the new policy otherwise it wont be available for use (you’ll get a policy is not a user policy error).
Then you need to bind that policy to your RGS object. You definitely need Powershell for this bit.
Grant-CSVoicePolicy -identity “RGSWorkflowObject” –PolicyName VoicePolicyYouCreated
For identity, use the display name of your RGS Workflow object.
And you’re done. Your RGS can now dial out.
Last tip – make sure the number you’re trying to dial out to is entered fully normalised in the format +<countrycode><areacode><number>@<sipdomain>.
EDIT: My buddy Dono over at UCWhatIDidThere.com has just blogged about a great way of determining which voice policy is assigned to a response group object. Check it out at http://www.ucwhatididthere.com/?p=101
OCS 2007 Error 515 – “failed to execute registration stored procedure on the back-end”
Recently, after applying SQL Server 2008 SP1 to the SQL server hosting our OCS databases, the following error was observed on the main OCS server when a user tried to login via the OCS client (the user received a ‘server unavailble’ error).
Event Type: Error Event Source: OCS User Services Event Category: (1006) Event ID: 30962 Date: 2/19/2008 Time: 3:56:19 PM User: N/A Computer: Computer_name Description: Connection to back-end database succeeded, but failed to execute registration stored procedure on the back-end. This error should not occur under normal operating conditions. Contact support services. Back-end Server: Server_name Database: rtc Sql native error: 515 Connection string of: driver={SQL Server};Trusted_Connection=yes;AutoTranslate=no;server=wn4219;database=rtc; Cause: Possible issues with back-end database. Resolution: Ensure the back-end is functioning correctly.With nothing in the SQL logs to suggest a SQL error, and nothing additional in the client trace logs, I poked the haystack a couple of times to see if any needles fell out, but alas nothing did.
Came across a single post that suggested a solution – that being the following hotfix –http://support.microsoft.com/kb/949935/en-us. However while the error was identical, the symptom wasn’t. All OCS services were starting perfectly fine – to the point there were no errors logged on the OCS box at all when the services started. That said, tried the hotfix – didn’t help (no surprises there).
At this point a closer look was taken at the OCS databases for anything amiss. The only thing out of the ordinary was that within the rtcdyn database, both the RTCHSUniversalAdmins and RTCUniversalService logins were listed within the security section as being disabled (down-arrow icon on their user icon). A little more digging found that these accounts were not disabled at the server level within SSMS, and infact for the two other databases in which they have permissions, they were showing as enabled there as normal.
Immediate thought was to simply overwrite the permissions to resolve the issue, however trying to make any changes to these users against the rtcdyn database resulted in a SQL error along the lines of “User does not exist or you do not have sufficient permissions”. Given I was a sysadmin on the box, the latter seemed unlikely, so clearly there were some issues with the accounts.
In the end, the resolution here was to delete the logins from within the rtcdyn database (not from SQL entirely), then re-add the users to the rtcdyn database – making sure all database permissions were replicated on re-addd.
Note | Before being able to delete the users from the database, you need to change the ownership of a couple of schema objects (SQL will quickly tell you which ones by way of a handy error message). Make sure you change them back afterwards!
Quick OCS service restart once done and all systems back to normal.
On The Socials
Who’s Federating in NZ?
August 31, 2011
Lync, OCS
3 Comments
gingerninjanz
Chances are, if you’ve implemented federation, or are planning on it, the first thing you want to know is “who can I talk to with it”. That was certainly towards the top of my list anyway.
NOTE: This post has been superceded by a more comprehensive global federation list, available here.
Read More »
Federation