Versions Compared

Old Version 2

changes.mady.by.user Ribbon Communications

Saved on

compared with

New Version Current

changes.mady.by.user Ribbon Communications

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Add_workflow_for_techpubs
AUTH2UserResourceIdentifier{userKey=8a00a0c85b2726c2015b58aa779d0003, userName='null'}
AUTH1UserResourceIdentifier{userKey=8a00a0c85b2726c2015b58aa779d00038a00a0c85bb25531015bc4122a4f0003, userName='null'}
JIRAIDAUTHSYM-2772029075
REV5UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26c7f0006a8a00a0c85bb25531015bc4122a4f0003, userName='null'}
REV6UserResourceIdentifier{userKey=8a00a0c85b2726c2015b58aa779d00038a00a0c85bb25531015bc4122a4f0003, userName='null'}
REV3UserResourceIdentifier{userKey=8a00a0c857f0393d01581c58d24000058a00a02355cd1c2f0155cd26c9d6032b, userName='null'}
REV4UserResourceIdentifier{userKey=8a00a0c856ed5c6701572cb23680000b8a00a02355cd1c2f0155cd26cef20cbf, userName='null'}
REV1UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26cc5207f08a00a02355cd1c2f0155cd26ca2f03d1, userName='null'}
REV2UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26ca2f03d18a00a02355cd1c2f0155cd26cabc04c3, userName='null'}

Section


Column


Panel

In this section:

Table of Contents
maxLevel3



Column


Info
titleAbout this Page

This document describes how to resolve integration issues that can occur with the Microsoft Teams Direct Routing interface for connecting the Ribbon SBC Edge 1000/2000 to Microsoft Teams.


Tip
titleRelated Articles



...

The signaling groups configured for Microsoft Teams Direct Routing include counters for SIP request and response messages related to incoming and outoing outgoing options. As the SBC Edge 1000/2000 operates with Microsoft Teams Direct Routing, these message counters show increasing numbers. Complete the following steps to check the message counts and investigate potential sources of related integration issues.

  1. In the WebUI, click the Settings tab.
  2. In the left navigation pane, click Signaling Groups.
  3. For the signaling group configured for Microsoft Teams Direct Routing, click Counters.
  4. Check for an increasing message count in Outgoing Options.If the number is not increasing, check the following:
    1. Confirm that the DNS server is properly configured and reachable.
    2. Confirm setup for Logial Interfaces (Node interfaces > Logical Interfaces), and the Default route in Protocols > IP > Static Routes.
    3. Confirm that the SBC certificate is valid.
  5. Check for an increasing message count in Incoming 2xx. If the number is not increasing, check the following:
    1. Confirm that the SBC certificate is valid.
    2. Confirm firmware capability for the following software:
      1. SBC Edge 7.0.2 or later, SBC Edge 8.0 or later for SBC 1000 and SBC 2000
      2. SBC Edge 7.0.3 or later for SWe Lite
    3. Confirm that the firewall is properly configured to allow incoming SIP TLS messages.
    4. Confirm the ACL is using the proper IP address.
    5. Confirm that the SIP profile is properly configured. 
  6. Check for an increasing message count in Incoming Options. If the number is not increasing, check the following:
    1. Confirm the firewall is properly configured to allow incoming SIP TLS message
    2. Confirm the federated IP is configured with sip-all.pstnhub.microsoft.comIP addresses from the following two subnets:
      1. 52.112.0.0, with netmask 255.252.0.0
      2. 52.120.0.0, with netmask 255.252.0.0
        For more information, refer to https://docs.microsoft.com/en-us/microsoftteams/direct-routing-plan#microsoft-365-office-365-and-office-365-gcc-environments
    3. Confirm the FQDN used in the SIP Profile > FQDN in the Contact Header field is the same FQDN that is defined in the Tenant.

    4. Confirm the FQDN used in the SIP Profile > FQDN in the Contact Header field resolves to the SBC public IP address. 

      Note

       For Microsoft Teams, the Signaling Group facing the Teams server must be configured as SBC Edge FQDN or Static (if there is more than one signaling group connected to Teams Direct Routing). The FQDN in Contact Header should be the same FQDN used in Office 365 Tenant Online Gateway. If the IP Address of the SBC is configured in the Contact Header instead of the FQDN of the SBC, a Forbidden message is received.

       

    5. Confirm a Static Route (Protocols >  IP > Static Route) is configured to reach the Microsoft Public Server from your Public IP.

  7. Check the message count in Outgoing 2xx. If the number is increasing, changes you made during validation have resolved the integration issue(s).

    Caption
    0Figure
    1Check SIP Signaling Group Mesage Counters


...

  1. Enable "ForwardPAI" in CsOnlinePSTNGateway. Teams Direct Routing adds P-Asserted-Identy header and Privacy:id in INVITE for transfer.
  2. On Teams Direct Routing SIP Profile, leave the "Calling Info Source" as "RFC Standard" (by default).

  3. For ISDN: Add a transformation table entry to set the Calling Presentation "Allowed",  otherwise the called party sees the calling number as anonymous.

Pagebreak

Call

...

If Early Media is enabled, disable Early Media on the Teams Direct Routing SIP Signaling Group. This is a known Direct Routing issue until a fix is provided from Microsoft. 

Caption
0Figure
1SIP Signaling Group - Early Media

 Image Removed

Call forwarding is failing for Microsoft Teams Client

...

Easy Configuration for Microsoft Teams uses SILK Narrowband  

Available_since
TypeAvailable Since
Release8.1.5
By default, Easy Configuration in the SBC SWe Lite configures SILK Narrowband for SILK. The best use of SILK Wideband is configured with another Wideband codec. Using SILK Wideband to G.711 does not increase voice quality and will diminish call capacity. 

...

For a Teams client located inside the corporate network: Place a call to the Carrier access on the Downstream SBC. If the call has media optimization, the Proxy SBC's Monitor screen displays DA; this indicates the media is direct between the Teams client and the Downstream SBC (see below). If the Proxy SBC's Monitor screen displays B, the Proxy SBC proxies the media and the media is not optimized.

Available_since
TypeAvailable Since
Release8.1.5
 

Caption
0Figure
1Proxy SBC's Monitor Screen Displays DA

...

  1. On the laptop running the Teams Client:
    1. Access  http://www.myipaddress.com/what-is-my-ip-address/ and take note of the Teams Client Public IP.

    2. Start a Command terminal, type the following command, and take note of the Teams Client internal IPv4 Address and Subnet Mask.


      Code Block
      ipconfig


  2. Connect Office 365 Tenant via Powershell.

    1. Verify the Public IP address displayed earlier is listed when you type the following Office 365 Powershell command:

      Code Block
      Get-CsTenantTrustedIPAddress


    2. Verify the internal IPv4 Address and Subnet Mask displayed earlier is listed when you type the following Office 365 Powershell command:

      Code Block
      Get-CsTenantNetworkSite


Pagebreak

Unable To Get Local Issuer Certificate


Warning
titleWarning

Common Encryption Certificate Issues Arise from Missing Root Certificates


  • Did you only install the CA-signed SBC certificate, along with the intermediate certificate(s) sent by your issuing CA?
  • Did you get the following error message from the SBC?
    Image Added

If so, the likely reason is a missing CA Root Certificate. The SBC does not have any pre-installed CA root X.509 certificates, unlike typical browsers found on your PC. Ensure the entire certificate chain of trust is installed on the SBC, including the root certificate. Acquire the CA root certificate as follows:

  1. Contact your system administrator or certificate vendor to acquire the root, and any further missing intermediate certificate(s) to provision the entire certificate chain of trust within the SBC;

  2. Load the root certificate, along with the intermediate and SBC certificates, according to Importing Trusted Root CA Certificates.

    Info
    titleNote

    Root certificates are easily acquired from the certificate authorities. For example, the root certificate for the GoDaddy Class 2 Certification Authority may be found at https://ssl-ccp.godaddy.com/repository?origin=CALLISTO . For more information about root certificates, intermediate certificates, and the SBC server (“leaf”) certificates, refer to this tutorial.


For other certificate-related errors, refer to Common Troubleshooting Issues with Certificates in SBC Edge.


TLS 1.2 Ciphers

 

Available_since
TypeAvailable Since
Release9.0.7

To avoid any service impact, ensure your SBC Edge platforms are configured to support TLS 1.2 and connect using one of the following cipher suites for the Direct Routing SIP interface:

  • TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 i.e. ECDHE-RSA-AES256-GCM-SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256 i.e. ECDHE-RSA-AES128-GCM-SHA256
  • TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384 i.e. ECDHE-RSA-AES256-SHA384
  • TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256 i.e. ECDHE-RSA-AES128-SHA256

For more information, refer to MC297438.


"Replaces" Header

Available_since
TypeAvailable Since
Release9.0.7

MS Teams Direct Routing will stop processing inbound SIP Requests which have "Replaces" headers. This change is automatically done by the SBC Edge software upgrade. No configuration changes are needed. For more information, refer to MC299922.