Failed of Direct Routing for MS phone system and Cisco CUBE

New Contributor

Hi everybody,


I am establishing a MS direct routing with Cisco gateway.
After the configuration on both Microsoft and Cisco.

We can make a phone call with audio stream on both endpoint. (Cisco IP phone and MS teams client)
However, after 3-5 seconds, the MS Teams client call is dropped. Cisco phone is still showing "connected".

After another 15 seconds, the Cisco IP phone call disconnected with busy tone.


I have done a packet capture on my WAN port that is connected to Cisco VG.

it looks like Microsoft does not reply ACK after VG sends SDP to Microsoft.



In addition, the MS Teams admin portal shows the TLS connectivity of "" is inactive




Anybody can help?


Thanks in advance


5 Replies

@samsam You're not getting the ACK because of the certificate issue.

Can you confirm that you have as the subject of the certificate?
Is your certificate provider on Microsoft's list
Did you add the root certificate that Microsoft uses to your SBC? 

If your firewall permits it, can you use to verify that it shows your certificate as valid? You'll need to use "" as the format for the address.


@Torren Manson Thanks for the reply


I have verified at SSL checker. Screen capture below

It shows "" as my subject of certificate (Common Name)

Provider is Go Daddy, which is on Microsoft's list

I had added the "baltimore" root cert that Microsoft uses to my SBC. Is it the root cert you meant?

But it still failed 


Thank you




@samsam Is the date/time/timezone on the CUBE correct?

Are you able to gather a more detailed logs, other than just the SIP ladder diagram? That might provide some more details on what the cause is.

@Torren Manson is right. 

We faced similar behavior: In our case the certificate was installed OK, but we mistakenly used other trustpoint within 'sip-ua' section



 Please refer this blog, you will get their is TCP connect block due to this TLS is also blocking.