Ms-client-diagnostics: 23 reason=”Call failed to establish due to a media connectivity failure when one endpoint is internal and the other is remote” CallerMediaDebug=”application-sharing:ICEWarn=0x80020,LocalSite=192.168.0.102:15380,RemoteSite=10.x.x.x:7342,RemoteMR=203.x.x.x:52241,PortRange=1025:65000,RemoteMRTCPPort=52241,LocalLocation=1,RemoteLocation=2,FederationType=0″Ī successful session would reference the public IP address as the LocalSite and the Lync Edge server as the Local Media Relay: The failing application sharing session would only list the private 192.168.0.x address, not the STUN or TURN candidates and would fail with an error: I validated all required ports were open as per Reference Architecture 1: Port Summary for Single Consolidated Edge which they were but I still saw a lot of denied traffic on TMG from the Lync Edge internal interface to the internal client IP address.Ĭlient logging showed some strange behaviour in the failing session. TMG was being used as the firewall with a DMZ leg that contained the Lync Edge server. So I ignored DirectAccess and started concentrating on the Lync Edge. I saw that even with DirectAccess disconnected (forcefully disconnect as it starts up automatically) the client could not share programs from Lync and audio/video would fail. Not having used DirectAccess before, I had a quick scan over the DirectAccess config and went into some testing. Audio and video would not work either when using DirectAccess. This meant that internal support staff could not provide assistance for remote users without third party tools. The primary issue the client was facing was that when users were out of the office using DirectAccess, application sharing / remote desktop failed with an error ‘Sharing failed to connect due to network issues. For more information see this NextHop article Enabling Lync Media to Bypass a VPN Tunnel. Lync can work over DirectAccess (and Lync 2013 works a lot better as it supports IPv6) but because the traffic is encrypted and is real time communication, it is recommended to use the Lync Edge server for connectivity rather than sending the traffic over the DirectAccess VPN. DirectAccess does this by providing seamless VPN connectivity without any user input. DirectAccess is a Windows service that is part of the Remote Access role that allows domain joined clients to access internal resources over the internet as if they were on the LAN. A customer recently had a problem with Windows 2012 DirectAccess connected clients performing desktop sharing, audio and video conversations with internal clients.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |