Month: December 2016

EVENT 25039, LS Mediation for Server Skype for Business 2015

Posted on Updated on

While I was playing around in Skype, I inadvertently caused an issue with incoming calls.  After making changes in the Topology Builder for the PSTN gateway, the error below started showing up in the logs for Skype.  And calls are no longer working.

Event 25039, LS Mediation Server

SDP negotiation failed with the Trunk.

Trunk FQDN xxxxxxx; trunk=xxxxxxxx, Reason SRTP is not enabled for Mediation Server.

Cause: The Trunk is either not configured correctly, incompatible with Mediation Server, or not certified.


History and Resolution:

Our PSTN gateway (AudioCodes 500) has 2 NICS, one facing the Shoretel or WAN side of the network and the other facing Skype.  In Skype PSTN gateways configuration for the AudioCodes gateway, I tried changing the IPv4 Address to ‘use all configured IP Addresses‘ which caused the issue.  To fix this, I set ‘Limit service usage to selected IP address‘ and I entered the IP of the AudioCodes NIC facing Skype.


I hope this post helps anyone out there having trouble configuring their skype gateways.  Please feel free to leave a comment or question.


Shoretel Call problems with Juniper SRX 220

Posted on Updated on


  • Calls to a workgroups on a different Shoretel site drops after few seconds or times out
  • Calls to an ACD queue times out
  • Call transfers don’t work
  • Phones behind Juniper SRX 220 had same issue as above when registered to a Shoregear on a different site.
  • Regular extension to extension calls work just fine


  • Phone and Shoregear switch is behind a Juniper SRX 220
  • Shoregear is on a different VLAN as the phones


  • We have worked intensively with Juniper support and what they figured out is that ALG MGCP is not correctly allowed within the Juniper SRX 220.  SRX isn’t handling the second MDCX connection for complex calls as expected. If the Shoregear is on the same VLAN as the phone, then the problem goes away.  However, there are instances where you need the Shogear to be on a separate VLAN especially when you have a multistory building and you only have 1 shoregear at the whole site.  Or if there is a Shoregear failure and you have to register the phones to a different site.


  • As of the time of this post, Juniper is still working on a fix.  But the workaround is to disable MGCP and allow MGCP related applications on the firewall.

#Disable MGCP

Set security alg mgcp disable

#Clear MGCP Sessions

clear security flow session application mgcp-ua

clear security flow session application mgcp-ca

#Allow MGCP traffic

[edit security policies from-zone trust to-zone untrust policy TR-UNTR-MGCP]

set match source-address NET-LOCAL

set match destination-address any

set match application junos-MGCP

set match application junos-MGCP-CA

set match application junos-MGCP-UA

set then permit

[edit security policies from-zone untrust to-zone trust policy UNTR-TR-MGCP]

set match source-address any

set match destination-address NET-LOCAL

set match application junos-MGCP

set match application junos-MGCP-CA

set match application junos-MGCP-UA

set then permit