Forum Discussion

sahmed2165's avatar
sahmed2165
Copper Contributor
Mar 07, 2021

Direct Routing No response of Options ping

Hello,


We have configured a SBC on Microsoft direct routing. But we are having an issue. We sending  OPTIONS ping to sipX.pstnhub.microsoft.com but no response from them. We rewrite the Contact header with our configured FQDN. The firewall has been open in between ours and Microsoft and TCP connection and TLS handshake seems okay.
So, is there any way to debug this inside Microsoft's teams admin panel or any suggestion, how this kind of issues can we debug?    

FQDN:  sbc.teams.mydomain.com (This is not real FQDN)
we have SAN certificate for *.teams.mydomain.com (CN and SAN have *.teams.mydomain.com)

If anybody have any idea please share with us.

Thanks

microsoft teams

3 Replies

Sort By
  • v-9prabu's avatar
    v-9prabu
    Brass Contributor
    Mar 07, 2021
    Please refer this article in the section SIP Options issue and TLS Connection issues - https://docs.microsoft.com/en-us/microsoftteams/troubleshoot/direct-routing/sip-options-tls-certificate-issues

    Is tls 1.2 enforced, also verify config based on certified sbc's setup guide.
    • sahmed2165's avatar
      sahmed2165
      Copper Contributor
      Mar 07, 2021

      v-9prabu  Thanks for your reply.

      Let me explain all the points.

       

      TLS Handshake:

      Seems we using TLSv1.2. found this version in the TLS handshake.

      One thing to share, notice lots of retransmission, DUP and Out-of-Order packets.

      Wireshark trace:

      License:
      We have activate a new user on the respective FQDN with E3 license.

      Contact Header:

      FQDN has been configured on the Contact header and its sending with SIP Option message correctly.

      Domain:

      In the domain admin panel don't have any warning/error message regarding the domain validity. Thats why we guessed domain has been validated as well.  So is there any thing we can do test for the validity?

      One thing to make sure, We have a Wildcard and SAN certificate for "*.teams.mydomain.com", now we create a new tenant sbc fqdn as sbc.teams.mydomain.com and a new user as mailto:test@sbc.teams.mydomain.com with E3 License. So do we need domain setup and create an user for the root domain teams.mydomain.com too ?

      Thanks,

      • v-9prabu's avatar
        v-9prabu
        Brass Contributor
        Mar 08, 2021
        Hi, I just saw your reply..

        Firstly the RST and out-of-order packets could very well be a network issue, do ensure the configured ports are not blocked and that deep packet inspection is turned off at firewall end at they do mess up SIP packets.

        With your last query, if your sbc fqdn is sbc.teams.mydomain.com, you need to register the domain "teams.mydomain.com" (which is the domain part of the fqdn) in your tenant. And essentially, the user must be test@teams.mydomain.com

        Validate Get-CsOnlinePSTNGateway -Identity sbc.teams.mydomain.com from online powershell.

        Refer this article in detail: https://docs.microsoft.com/en-us/microsoftteams/direct-routing-connect-the-sbc

Resources