Failed of Direct Routing for MS phone system and Cisco CUBE

Copper Contributor

Hi everybody,

 

I am establishing a MS direct routing with Cisco gateway.
After the configuration on both Microsoft and Cisco.

We can make a phone call with audio stream on both endpoint. (Cisco IP phone and MS teams client)
However, after 3-5 seconds, the MS Teams client call is dropped. Cisco phone is still showing "connected".

After another 15 seconds, the Cisco IP phone call disconnected with busy tone.

 

I have done a packet capture on my WAN port that is connected to Cisco VG.

it looks like Microsoft does not reply ACK after VG sends SDP to Microsoft.

 

SBC 1a.PNG

In addition, the MS Teams admin portal shows the TLS connectivity of "sbc2.mydomain.com" is inactive

SBC 1b.PNG

 

 

Anybody can help?

 

Thanks in advance

Sam

5 Replies

@samsam You're not getting the ACK because of the certificate issue.

Can you confirm that you have sbc2.domain.com as the subject of the certificate?
Is your certificate provider on Microsoft's list https://docs.microsoft.com/en-us/MicrosoftTeams/direct-routing-plan#public-trusted-certificate-for-t...
Did you add the root certificate that Microsoft uses to your SBC? 

If your firewall permits it, can you use https://www.sslshopper.com/ssl-checker.html to verify that it shows your certificate as valid? You'll need to use "sbc2.domain.com:5061" as the format for the address.

 

@Torren Manson Thanks for the reply

 

I have verified at SSL checker. Screen capture below

It shows "sbc2.mydomain.com" as my subject of certificate (Common Name)

Provider is Go Daddy, which is on Microsoft's list

I had added the "baltimore" root cert that Microsoft uses to my SBC. Is it the root cert you meant?

But it still failed 

 

Thank you

 

 

SBC 1c.PNG

@samsam Is the date/time/timezone on the CUBE correct?

Are you able to gather a more detailed logs, other than just the SIP ladder diagram? That might provide some more details on what the cause is.

@Torren Manson is right. 

We faced similar behavior: In our case the certificate was installed OK, but we mistakenly used other trustpoint within 'sip-ua' section

@NowakDar 

 

https://community.cisco.com/t5/ip-telephony-and-phones/syslog-error-on-cube-sip-3-internal-tcp-socke...

 

 Please refer this blog, you will get their is TCP connect block due to this TLS is also blocking.