Month: December 2016
EVENT 25039, LS Mediation for Server Skype for Business 2015
While I was playing around in Skype, I inadvertently caused an issue with incoming calls. After making changes in the Topology Builder for the PSTN gateway, the error below started showing up in the logs for Skype. And calls are no longer working.
Event 25039, LS Mediation Server
SDP negotiation failed with the Trunk.
Trunk FQDN xxxxxxx; trunk=xxxxxxxx, Reason SRTP is not enabled for Mediation Server.
Cause: The Trunk is either not configured correctly, incompatible with Mediation Server, or not certified.
History and Resolution:
Our PSTN gateway (AudioCodes 500) has 2 NICS, one facing the Shoretel or WAN side of the network and the other facing Skype. In Skype PSTN gateways configuration for the AudioCodes gateway, I tried changing the IPv4 Address to ‘use all configured IP Addresses‘ which caused the issue. To fix this, I set ‘Limit service usage to selected IP address‘ and I entered the IP of the AudioCodes NIC facing Skype.
I hope this post helps anyone out there having trouble configuring their skype gateways. Please feel free to leave a comment or question.
Shoretel Call problems with Juniper SRX 220
Symptoms:
- Calls to a workgroups on a different Shoretel site drops after few seconds or times out
- Calls to an ACD queue times out
- Call transfers don’t work
- Phones behind Juniper SRX 220 had same issue as above when registered to a Shoregear on a different site.
- Regular extension to extension calls work just fine
Setup:
- Phone and Shoregear switch is behind a Juniper SRX 220
- Shoregear is on a different VLAN as the phones
Findings:
- We have worked intensively with Juniper support and what they figured out is that ALG MGCP is not correctly allowed within the Juniper SRX 220. SRX isn’t handling the second MDCX connection for complex calls as expected. If the Shoregear is on the same VLAN as the phone, then the problem goes away. However, there are instances where you need the Shogear to be on a separate VLAN especially when you have a multistory building and you only have 1 shoregear at the whole site. Or if there is a Shoregear failure and you have to register the phones to a different site.
Workaround:
- As of the time of this post, Juniper is still working on a fix. But the workaround is to disable MGCP and allow MGCP related applications on the firewall.
#Disable MGCP
Set security alg mgcp disable
#Clear MGCP Sessions
clear security flow session application mgcp-ua
clear security flow session application mgcp-ca
#Allow MGCP traffic
[edit security policies from-zone trust to-zone untrust policy TR-UNTR-MGCP]
set match source-address NET-LOCAL
set match destination-address any
set match application junos-MGCP
set match application junos-MGCP-CA
set match application junos-MGCP-UA
set then permit
[edit security policies from-zone untrust to-zone trust policy UNTR-TR-MGCP]
set match source-address any
set match destination-address NET-LOCAL
set match application junos-MGCP
set match application junos-MGCP-CA
set match application junos-MGCP-UA
set then permit