I just finished troubleshooting a problem that I should have solved sooner than I did!
A very simple installation of OCS 2007: a single standard pool and a single consolidated edge server. They didn’t have a PKI structure and oddly didn’t want one, so we used GoDaddy for the internal certs and Thawte for the public certs. After the implementation, everything seemed to work fine…
…until we tested one of the internal company users trying to make a Communicator call to another company user that was connected from the Internet. The invite was sent and the other client would ring, but the call would not connect. I began to narrow the scope of the failure by running the validation on pool and edge and taking Snooper traces of both servers. There were no errors and only this message in the Snooper trace, “Call terminated on media connectivity failure“, for the reason the call was terminated. As it turns out, inside to inside calls worked, outside to outside calls worked. The part that confused me, and still does to some degree, is that Federated calls succeeded.
Knowing that peer-to-peer calls don’t use the AVMCU, I decided to test LiveMeeting to ensure the MCU was OK…and it was. I was able to get full voice and video from a LiveMeeting hosted from the pool server.
Typically, I will install a consolidated edge with three public IPs on one NIC, an internal IP on a second NIC, and have the default gateway on the external NIC. Most smaller installation don’t have internal firewalls and have the edge installed directly on the internal LAN. I had overlooked the internal NIC configuration in assuming that communication was good to the internal network. It wasn’t until a ping from a workstation failing to the edge that reminded me to check the routing table on the edge server. Sure enough, the ping response was not able to be routed back since there were different subnets between the internal IP of the edge and the internal network. Once I added the internal persistent route, everything worked fine.
| route add 192.168.0.0 mask 255.255.0.0 192.168.251.1 if 0×10003 -p |
In this case the internal network was 192.168.11.0/24 and the internal interface of the edge was 192.168.251.0/24. The other office locations on the MPLS are other 24 bit masks of the 192.168 networks and are all reachable through the 192.168.251.1 gateway address. The funky part of the route add statement is getting the interface ID from the top of an ipconfig command and using the 0×1xxxx number. Lastly, the –p makes the route persistent (i.e.: after a reboot).
Now, back to the Federated call working when the route statement wasn’t there…
It appears that for Federated calls, the AVMCU is utilized. I’m researching that now. Someone please enlighten me.
