Direct Routing No response of Options ping

New Contributor


We have configured a SBC on Microsoft direct routing. But we are having an issue. We sending  OPTIONS ping to but no response from them. We rewrite the Contact header with our configured FQDN. The firewall has been open in between ours and Microsoft and TCP connection and TLS handshake seems okay.
So, is there any way to debug this inside Microsoft's teams admin panel or any suggestion, how this kind of issues can we debug?    

FQDN: (This is not real FQDN)
we have SAN certificate for * (CN and SAN have *

If anybody have any idea please share with us.


3 Replies
Please refer this article in the section SIP Options issue and TLS Connection issues -

Is tls 1.2 enforced, also verify config based on certified sbc's setup guide.

@v-9prabu  Thanks for your reply.

Let me explain all the points.


TLS Handshake:

Seems we using TLSv1.2. found this version in the TLS handshake.

One thing to share, notice lots of retransmission, DUP and Out-of-Order packets.

Wireshark trace:


We have activate a new user on the respective FQDN with E3 license.

Contact Header:

FQDN has been configured on the Contact header and its sending with SIP Option message correctly.


In the domain admin panel don't have any warning/error message regarding the domain validity. Thats why we guessed domain has been validated as well.  So is there any thing we can do test for the validity?

One thing to make sure, We have a Wildcard and SAN certificate for "*", now we create a new tenant sbc fqdn as and a new user as with E3 License. So do we need domain setup and create an user for the root domain too ?


Hi, I just saw your reply..

Firstly the RST and out-of-order packets could very well be a network issue, do ensure the configured ports are not blocked and that deep packet inspection is turned off at firewall end at they do mess up SIP packets.

With your last query, if your sbc fqdn is, you need to register the domain "" (which is the domain part of the fqdn) in your tenant. And essentially, the user must be

Validate Get-CsOnlinePSTNGateway -Identity from online powershell.

Refer this article in detail: