Microsoft Teams Network Assessment Tool always fail

Brass Contributor

Hi , I am trying to use this Microsoft tool to verify Teams Network connectivity from my office : 

https://www.microsoft.com/en-us/download/details.aspx?id=103017

 

But it always showed error:

 

"

Starting Service Connectivity Check:
Please ensure your firewall allows connections to the following domains: *.cc.skype.com
Please check if IP 52.114.201.11 is reachable using HTTP

Service verifications failed."

 

It's always the same message, but the IP could change to other 52.114.201.xx IP.

 

The problem is I have no problem to connect to those IP's port 80 and 443. 

 

I captured the traffic to 52.114.201.0/24 (attached the capture ) and the communication looks normal:

Jack_Chen1780_0-1676470240326.png

There was TLS handshake and then there are some data transferred via TLS1.2.

 

The server certificate is *.flightproxy.teams.microsoft.com signed by Microsoft ( and I traced DNS and found the real DNS is latm-noam.flightproxy.teams.microsoft.com ).

I can access https://latm-noam.flightproxy.teams.microsoft.com/ and confirm the certificate is trusted and signed by "Microsoft RSA TLS CA 02".

 

So I have no idea why the assess tool is complaining 52.114.201.11 is not reachable?

 

Any help is appreciated.

 

 

 

 

 

 

 

 

 

 

 

 

2 Replies
here is the command line output:

C:\Program Files (x86)\Microsoft Teams Network Assessment Tool>NetworkAssessmentTool.exe
Microsoft Teams - Network Assessment Tool

Starting Relay Connectivity Check:
UDP, PseudoTLS, FullTLS, HTTPS connectivity will be checked to this relay (VIP) FQDN: worldaz.tr.teams.microsoft.com
If user wants to check connectivity to a particular relay (VIP) IP, please specify in NetworkAssessment.exe.config.

Connectivity check source port range: 50000 - 50019

Relay : 52.115.86.6 is the relay load balancer (VIP)

Starting Service Connectivity Check:
Relay : 52.115.86.6 is reachable using Protocol UDP and Port 3478
Relay : 52.115.86.6 is QOS (Media Priority) enabled
Relay : 52.115.86.6 is the relay load balancer (VIP)
Relay : 52.115.86.6 is reachable using Protocol PseudoTLS and Port 443
Relay : 52.115.86.6 is the relay load balancer (VIP)
Relay : 52.115.86.6 is reachable using Protocol FullTLS and Port 443
Relay : 52.115.86.6 is the relay load balancer (VIP)
Relay : 52.115.86.6 is reachable using Protocol HTTPS and Port 443
Relay : 52.115.86.228 is the actual relay instance (DIP)
Relay : 52.115.86.228 is reachable using Protocol UDP and Port 3478
Relay : 52.115.86.228 is the actual relay instance (DIP)
Relay : 52.115.86.228 is reachable using Protocol UDP and Port 3479
Relay : 52.115.86.228 is the actual relay instance (DIP)
Relay : 52.115.86.228 is reachable using Protocol UDP and Port 3480
Relay : 52.115.86.228 is the actual relay instance (DIP)
Relay : 52.115.86.228 is reachable using Protocol UDP and Port 3481

Relay connectivity and Qos (Media Priority) check is successful for all relays.
Please ensure your firewall allows connections to the following domains: *.cc.skype.com
Please check if IP 52.114.201.15 is reachable using HTTP

Service verifications failed.

More information on Office 365 URLs and IP address ranges can be found at following page.
https://support.office.com/en-us/article/Office-365-URLs-and-IP-address-ranges-8548a211-3fe7-47cb-ab...

Service connectivity result has been written to: C:\Users\XXX\AppData\Local\Microsoft Teams Network Assessment Tool\202302150916482595_service_connectivity_check_results.txt
run the same test from a Azure VM with full Internet access, and got same error.

"Relay connectivity and Qos (Media Priority) check is successful for all relays.
Please ensure your firewall allows connections to the following domains: *.cc.skype.com
Please check if IP 52.114.201.11 is reachable using HTTP

Service verifications failed."

Maybe the tool is outdated?