Forum Discussion

emilysam1's avatar
emilysam1
Copper Contributor
Jan 05, 2021

Teams Direct Routing - TLS Cert Renewed, but MS still shows it expired

We have Direct Routing with an AudioCodes SBC.   It's been working fine for 18 months. Recently, the TLS certificate on the SBC that is used for Teams calling expired.  We renewed it on the SBC and it's status shows as "OK" with an expiration date 1 year from now.  However, on the Health Dashboard for Direct Routing on the office.com portal it's still showing the SBC as inactive because the certificate is expired.   Microsoft support said it could be 24-48 hours before it "registers" the new certificate.   I'm questioning the accuracy of this and wondering if anyone else has had an experience with an expired SBC certificate.   I have verified that the config on the SBC is correct - nothing has changed since the certificate expired other than a new CSR being generated and a new cert installed (and yes, it's from one of Microsoft's acceptable providers).  I've also verified the root certificates are installed, including the "Baltimore" cert.   Any advice or assistance would be most appreciated.

Calling
microsoft teams

7 Replies

  • jsurel's avatar
    jsurel
    Copper Contributor
    Feb 10, 2022

    emilysam1 

    hello how was solve your issue?

    We have the same after certificate renewal on SBC side.

    Did you reset completly the sip trunk on both side?

    How can you revocate manually the certificate on MS side?

    regards

    Julien

    • luisesteban's avatar
      luisesteban
      Copper Contributor
      Sep 29, 2022
      When you renew the SBC certificate, you must remove the TLS connections that were established from the SBC to Microsoft with the old certificate and re-establish them with the new certificate. Doing so will ensure that certificate expiration warnings aren't triggered in the Microsoft Teams admin center. To remove the old TLS connections, restart the SBC during a time frame that has low traffic such as a maintenance window
      • DennisRaulien's avatar
        DennisRaulien
        Copper Contributor
        Nov 20, 2023
        is there a way to re-establish the TLS Connection from Teams side? I have here the same Problem. Everything was working well for a couple of months. Now we had to renew the SSL certifcate on the SBC and customer side. The SBC itself were restarted a couple of times now, but it seems a new TLS connection were never established.
        The SBC still tells me, that the certificate is invalid.
  • jangliss's avatar
    jangliss
    Iron Contributor
    Jan 06, 2021

    emilysam1 

     

    Under your SIP Interface for your Teams connection, have you verified which "TLS Context" is being used, and verified that is the TLS Context you deployed the new certificate to?

     

    Do you restrict your SBC SIP signalling port to just Microsoft? If not, go to https://www.sslshopper.com/ssl-checker.html and put in the SBC IP address following by :SIPPORT, so if your SIP signalling port is 5067, it'd look like a.b.c.d:5067 where a.b.c.d is the IP address or the name.  Does the SSL Checker return what you're expecting it to be?

    • mveerdonk's avatar
      mveerdonk
      Copper Contributor
      Nov 23, 2021

      jangliss @emilysam1 

      I'm having the same issue.

       

      SSL Checker (with port info) is directing to the right IP address of my SBC sip interface towards Teams

      • jangliss's avatar
        jangliss
        Iron Contributor
        Nov 25, 2021

        mveerdonk 

         

        Did it return the correct certificate? It's more than just ensuring it goes to the right IP address.

Resources