cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Direct Routing No response of Options ping

sahmed2165
Copper Contributor

‎Mar 06 2021 04:41 PM

‎Mar 06 2021 04:41 PM

Direct Routing No response of Options ping

Hello,


We have configured a SBC on Microsoft direct routing. But we are having an issue. We sending  OPTIONS ping to sipX.pstnhub.microsoft.com but no response from them. We rewrite the Contact header with our configured FQDN. The firewall has been open in between ours and Microsoft and TCP connection and TLS handshake seems okay.
So, is there any way to debug this inside Microsoft's teams admin panel or any suggestion, how this kind of issues can we debug?    

FQDN:  sbc.teams.mydomain.com (This is not real FQDN)
we have SAN certificate for *.teams.mydomain.com (CN and SAN have *.teams.mydomain.com)

If anybody have any idea please share with us.

Thanks

Labels:
3,672 Views
1 Like
3 Replies
Reply
3 Replies
v-9prabu

‎Mar 06 2021 10:45 PM

‎Mar 06 2021 10:45 PM

Re: Direct Routing No response of Options ping

Please refer this article in the section SIP Options issue and TLS Connection issues - https://docs.microsoft.com/en-us/microsoftteams/troubleshoot/direct-routing/sip-options-tls-certific...

Is tls 1.2 enforced, also verify config based on certified sbc's setup guide.
0 Likes
Reply
sahmed2165

‎Mar 07 2021 10:52 AM

‎Mar 07 2021 10:52 AM

Re: Direct Routing No response of Options ping

@v-9prabu  Thanks for your reply.

Let me explain all the points.

 

TLS Handshake:

Seems we using TLSv1.2. found this version in the TLS handshake.

One thing to share, notice lots of retransmission, DUP and Out-of-Order packets.

Wireshark trace:

sahmed2165_0-1615142166736.png

License:
We have activate a new user on the respective FQDN with E3 license.

Contact Header:

FQDN has been configured on the Contact header and its sending with SIP Option message correctly.

Domain:

In the domain admin panel don't have any warning/error message regarding the domain validity. Thats why we guessed domain has been validated as well.  So is there any thing we can do test for the validity?

One thing to make sure, We have a Wildcard and SAN certificate for "*.teams.mydomain.com", now we create a new tenant sbc fqdn as sbc.teams.mydomain.com and a new user as test@sbc.teams.mydomain.com with E3 License. So do we need domain setup and create an user for the root domain teams.mydomain.com too ?

Thanks,

0 Likes
Reply
v-9prabu

‎Mar 08 2021 07:02 AM

‎Mar 08 2021 07:02 AM

Re: Direct Routing No response of Options ping

Hi, I just saw your reply..

Firstly the RST and out-of-order packets could very well be a network issue, do ensure the configured ports are not blocked and that deep packet inspection is turned off at firewall end at they do mess up SIP packets.

With your last query, if your sbc fqdn is sbc.teams.mydomain.com, you need to register the domain "teams.mydomain.com" (which is the domain part of the fqdn) in your tenant. And essentially, the user must be test@teams.mydomain.com

Validate Get-CsOnlinePSTNGateway -Identity sbc.teams.mydomain.com from online powershell.

Refer this article in detail: https://docs.microsoft.com/en-us/microsoftteams/direct-routing-connect-the-sbc
1 Like
Reply