Forum Discussion
Failed of Direct Routing for MS phone system and Cisco CUBE
samsam You're not getting the ACK because of the certificate issue.
Can you confirm that you have sbc2.domain.com as the subject of the certificate?
Is your certificate provider on Microsoft's list https://docs.microsoft.com/en-us/MicrosoftTeams/direct-routing-plan#public-trusted-certificate-for-the-sbc
Did you add the root certificate that Microsoft uses to your SBC?
If your firewall permits it, can you use https://www.sslshopper.com/ssl-checker.html to verify that it shows your certificate as valid? You'll need to use "sbc2.domain.com:5061" as the format for the address.
Torren Manson is right.
We faced similar behavior: In our case the certificate was installed OK, but we mistakenly used other trustpoint within 'sip-ua' section
https://community.cisco.com/t5/ip-telephony-and-phones/syslog-error-on-cube-sip-3-internal-tcp-socket-send-blocked/td-p/2794165
Please refer this blog, you will get their is TCP connect block due to this TLS is also blocking.
Torren Manson Thanks for the reply
I have verified at SSL checker. Screen capture below
It shows "sbc2.mydomain.com" as my subject of certificate (Common Name)
Provider is Go Daddy, which is on Microsoft's list
I had added the "baltimore" root cert that Microsoft uses to my SBC. Is it the root cert you meant?
But it still failed
Thank you
samsam Is the date/time/timezone on the CUBE correct?
Are you able to gather a more detailed logs, other than just the SIP ladder diagram? That might provide some more details on what the cause is.
