Forum Discussion

samsam's avatar
samsam
Copper Contributor
Aug 11, 2020

Failed of Direct Routing for MS phone system and Cisco CUBE

Hi everybody,

 

I am establishing a MS direct routing with Cisco gateway.
After the configuration on both Microsoft and Cisco.

We can make a phone call with audio stream on both endpoint. (Cisco IP phone and MS teams client)
However, after 3-5 seconds, the MS Teams client call is dropped. Cisco phone is still showing "connected".

After another 15 seconds, the Cisco IP phone call disconnected with busy tone.

 

I have done a packet capture on my WAN port that is connected to Cisco VG.

it looks like Microsoft does not reply ACK after VG sends SDP to Microsoft.

 

In addition, the MS Teams admin portal shows the TLS connectivity of "sbc2.mydomain.com" is inactive

 

 

Anybody can help?

 

Thanks in advance

Sam

Calling
Direct Routing
microsoft teams

5 Replies

Sort By
  • Torren Manson's avatar
    Torren Manson
    MVP
    Aug 12, 2020

    samsam You're not getting the ACK because of the certificate issue.

    Can you confirm that you have sbc2.domain.com as the subject of the certificate?
    Is your certificate provider on Microsoft's list https://docs.microsoft.com/en-us/MicrosoftTeams/direct-routing-plan#public-trusted-certificate-for-the-sbc
    Did you add the root certificate that Microsoft uses to your SBC? 

    If your firewall permits it, can you use https://www.sslshopper.com/ssl-checker.html to verify that it shows your certificate as valid? You'll need to use "sbc2.domain.com:5061" as the format for the address.

     

    • NowakDar's avatar
      NowakDar
      Copper Contributor
      Aug 30, 2021

      Torren Manson is right. 

      We faced similar behavior: In our case the certificate was installed OK, but we mistakenly used other trustpoint within 'sip-ua' section

      • Kamal_SIngh20's avatar
        Kamal_SIngh20
        Copper Contributor
        Sep 01, 2021

        NowakDar 

         

        https://community.cisco.com/t5/ip-telephony-and-phones/syslog-error-on-cube-sip-3-internal-tcp-socket-send-blocked/td-p/2794165

         

         Please refer this blog, you will get their is TCP connect block due to this TLS is also blocking.

    • samsam's avatar
      samsam
      Copper Contributor
      Aug 13, 2020

      Torren Manson Thanks for the reply

       

      I have verified at SSL checker. Screen capture below

      It shows "sbc2.mydomain.com" as my subject of certificate (Common Name)

      Provider is Go Daddy, which is on Microsoft's list

      I had added the "baltimore" root cert that Microsoft uses to my SBC. Is it the root cert you meant?

      But it still failed 

       

      Thank you

       

       

      • Torren Manson's avatar
        Torren Manson
        MVP
        Aug 14, 2020

        samsam Is the date/time/timezone on the CUBE correct?

        Are you able to gather a more detailed logs, other than just the SIP ladder diagram? That might provide some more details on what the cause is.

Resources