Aug 10 2020 09:57 PM
Hi everybody,
I am establishing a MS direct routing with Cisco gateway.
After the configuration on both Microsoft and Cisco.
We can make a phone call with audio stream on both endpoint. (Cisco IP phone and MS teams client)
However, after 3-5 seconds, the MS Teams client call is dropped. Cisco phone is still showing "connected".
After another 15 seconds, the Cisco IP phone call disconnected with busy tone.
I have done a packet capture on my WAN port that is connected to Cisco VG.
it looks like Microsoft does not reply ACK after VG sends SDP to Microsoft.
In addition, the MS Teams admin portal shows the TLS connectivity of "sbc2.mydomain.com" is inactive
Anybody can help?
Thanks in advance
Sam
Aug 12 2020 11:07 AM
@samsam You're not getting the ACK because of the certificate issue.
Can you confirm that you have sbc2.domain.com as the subject of the certificate?
Is your certificate provider on Microsoft's list https://docs.microsoft.com/en-us/MicrosoftTeams/direct-routing-plan#public-trusted-certificate-for-t...
Did you add the root certificate that Microsoft uses to your SBC?
If your firewall permits it, can you use https://www.sslshopper.com/ssl-checker.html to verify that it shows your certificate as valid? You'll need to use "sbc2.domain.com:5061" as the format for the address.
Aug 12 2020 06:58 PM - edited Aug 12 2020 07:00 PM
@Torren Manson Thanks for the reply
I have verified at SSL checker. Screen capture below
It shows "sbc2.mydomain.com" as my subject of certificate (Common Name)
Provider is Go Daddy, which is on Microsoft's list
I had added the "baltimore" root cert that Microsoft uses to my SBC. Is it the root cert you meant?
But it still failed
Thank you
Aug 14 2020 10:29 AM
@samsam Is the date/time/timezone on the CUBE correct?
Are you able to gather a more detailed logs, other than just the SIP ladder diagram? That might provide some more details on what the cause is.
Aug 30 2021 04:49 AM
@Torren Manson is right.
We faced similar behavior: In our case the certificate was installed OK, but we mistakenly used other trustpoint within 'sip-ua' section
Sep 01 2021 01:26 PM
Please refer this blog, you will get their is TCP connect block due to this TLS is also blocking.