Mino – The UC Guy

Microsoft Unified Communications Blog

A/V edge server doesn’t work from outside, and external users have problem using audio/video

Posted by Mino on October 13, 2008

 AV edge server requires external interface  that has a public IP address that can route onto the Internet, This Edge interface requires that its traffic to and from its Edge interface be routed with no NAT applied.

you have to assign A/V external interface with a public IP address(no NAT) and connect to check the issue.
The Edge external adapter should have three (publicly routable) IP addresses — access, a/v, and web conf, and in that case, you should want default gateway on external interface pointing to your ISP

If the access, WebConferening Edge server have internal IP and using NAT
while A/V Edge server uses public routable IP address, it will rises
problems in this configuration. If we have defined two gateways in the
routing table, when internet request is coming, we unable to route it to
the correct gateway and it will cause problem. Thus we can only configure
one gateway in this configuration.

To workaround this issue, please either assign another two public IP
addresses for Access and Web Conferencing Edge servers, or install the A/V
Edge server in a separate server.

If the issue persists,  perform the following steps to test the issue:
1. Make sure necessary ports are open correctly
Policy Rules
Local Port: 443 TCP (STUN/TCP)
Direction: Inbound and outbound STUN/TCP media communications
Remote Port: Any
Local IP: The internal IP address of the A/V Edge Server
Remote IP: Any IP address

Local Port: 5062 TCP (SIP/MTLS)
Direction: Outbound (For authentication of A/V users)
Remote Port: Any
Local IP: The internal IP address of the A/V Edge Server.
Remote IP: Any IP Address

Local Port: 3478 UDP (STUN/UDP)
Direction: Outbound (for internal users to send media to external users)
Remote Port: Any
Local IP: The internal IP address of the A/V Edge Server
Remote IP: Any IP Address
Note: If you are using ISA Server as your firewall, you must configure the
rule for send/receive

Following ports should be opened for A/V edge server external interface.
Local Port: 443 TCP (STUN/TCP)
Direction: Inbound (for external users access to media and A/V sessions)
Remote Port: Any
Local IP: The external IP address of the A/V Edge Server
Remote IP: Any IP Address

Local Port Range: 50,000-59,999 TCP (RTP /TCP)
Direction: Inbound/Outbound (for media transfer)
Remote Port: Any
Local IP: The external IP address of the A/V Edge Server. This IP address
must be a publicly routable IP address.
Remote IP: Any IP Address

Local Port: 3478 UDP (STUN/UDP)
Direction: Inbound (for external users connecting to media or A/V sessions)
Remote Port: Any
Local IP: The external IP address of the A/V Edge Server
Remote IP: Any IP Address
Note: If you are using ISA Server as your firewall, you must configure the
rule for send/receive

Local Port Range:  50,000-59,999 UDP (RTP/UDP)
Direction: Inbound/Outbound (for media transfer)
Remote Port: Any
Local IP: The external IP address of the A/V Edge Server. This IP address
must be a publicly routable IP address.
Remote IP: Any IP Address

2. Check the global setting
a. On the Front End Server, open Office Communications Server 2007.
b. In the console tree, right-click the Forest node, click Properties, and
then click Global Properties.
c. Click the Edge Servers tab.
d. Check the A/V Edge Servers, the listed value is ocsedge2007 with port
5062.

Advertisements

4 Responses to “A/V edge server doesn’t work from outside, and external users have problem using audio/video”

  1. Luke Edson said

    Mino, I have verified I have all the above mentioned configuration on my OCS 2007 R2 Edge server, (I actually have public IPs assigned to the three external services) but I can not connect the Communcator 2007 R2 client to it. 😦

    My entire setup works internally, or when I VPN into the environment, but I am trying to get the Communcator client to authenticate remotely and cannot. What is my client connection supposed to be? I tried configuring it to connect to the Access, Web, and A/V IP over TLS, (by changing the internal hosts file to point av.valquest.com to each of the public IPs in turn) but no go. 😦

    Thanks for any help.

  2. Luke Edson said

    Never mind, I found the issue. I had assigned the external certificate by accident to the internal interface, once I corrected that, everything worked.

    Luke Edson

  3. ajaymougly said

    Mino, I have a problem, Domain users able to login from the internet but PC-PC calling, Video Calling & Remote Desktop Sharing is not working and able to do the same from the intranet. I am using 2007 Standard with 3 external public IP’s. Any help.

    As said by you “please either assign another two public IP addresses for Access and Web Conferencing Edge servers”, how it can be done?

  4. I believe everything posted was very reasonable. However, what about this?
    what if you were to create a killer post title? I ain’t suggesting your information is not good, however suppose you added something that makes people desire more? I mean A/V edge server doesn’t work from outside, and external users have problem using audio/video Mino – The UC Guy is kinda vanilla. You could look at Yahoo’s front page and note how they create article headlines to grab viewers
    to click. You might try adding a video or a related picture or two to grab
    readers excited about everything’ve got to say. In my opinion, it could make your blog a little bit more interesting.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: