Microsoft

Blog Categories

Subscribe to RSS feed

Archives

Troubleshooting Lync Edge, XMPP Gateway, and TLS Negotiation Errors

There is plenty of documentation out there on how to install the XMPP gateway with OCS or Lync (references provided at the bottom of this post). This blog will not focus on the installation of the XMPP Gateway, but rather what to do if you receive TLS errors on the Lync Edge server when communicating to the XMPP gateway.

If TLS issues pop up on the Lync Edge server, odd behavior could be experienced with Gmail such as complete instant messaging failure, one-way instant messages, and/or unknown presence.

If you open the Event Viewer on the Lync Edge server, you may notice connection failures similar to the error below.

A significant number of connection failures have occurred with remote server lyncxmpp.internaldomain.com IP 172.X.X.X. There have been 94 failures in the last 383 minutes. There have been a total of 1750 failures.

The specific failure types and their counts are identified below.

Instance count – Failure Type

14 0x8007274D(WSAECONNREFUSED)

1735 0×80072746(WSAECONNRESET)

1 0x8007274C(WSAETIMEDOUT)

This can be due to credential issues, DNS, firewalls or proxies. The specific failure types above should identify the problem.

If you start a logging trace on the Lync Edge server, you may notice a series of failures similar to the errors below.

TL_ERROR(TF_CONNECTION) [1]1190.1478::01/13/2011-15:50:15.384.0006baa0 (SIPStack,SIPAdminLog::TraceConnectionRecord:SIPAdminLog.cpp(160))$$begin_record

LogType: connection

Severity: error

Text: Receive operation on the connection failed

Local-IP: 172.X.X.100:61378

Peer-IP: 172.X.X.110:5061

Peer-FQDN: lyncxmpp. internaldomain.com

Peer-Name: lyncxmpp.internaldomain.com

Connection-ID: 0x1AC102

Transport: M-TLS

Result-Code: 0×80072746 WSAECONNRESET

Data: fqdn=”lyncxmpp.internaldomain.com”;peer-type=”FederatedPartner”;winsock-code=”10054″

$$end_record

TL_ERROR(TF_DIAG) [1]1190.1478::01/13/2011-15:50:15.385.0006bad2 (SIPStack,SIPAdminLog::TraceDiagRecord:SIPAdminLog.cpp(143))$$begin_record

LogType: diagnostic

Severity: error

Text: Message was not sent because the connection was closed

SIP-Start-Line: NOTIFY sip:LYNCXMPP.internaldomain.com:5061 SIP/2.0

SIP-Call-ID: 059f6d06c4e84676ac28bfce083f779b

SIP-CSeq: 6 NOTIFY

Peer: lyncxmpp.internaldomain.com:5061

$$end_record

TL_INFO(TF_DIAG) [1]1190.1478::01/13/2011-15:50:15.385.0006bd42 (SIPStack,SIPAdminLog::TraceDiagRecord:SIPAdminLog.cpp(147))$$begin_record

LogType: diagnostic

Severity: information

Text: Response successfully routed

SIP-Start-Line: SIP/2.0 504 Server time-out

SIP-Call-ID: 059f6d06c4e84676ac28bfce083f779b

SIP-CSeq: 6 NOTIFY

Peer: lyncpool01.internaldomain.com:60148

Data: destination=”lyncpool01.internaldomain.com”

$$end_record

TL_INFO(TF_PROTOCOL) [1]1190.1478::01/13/2011-15:50:15.385.0006bd87 (SIPStack,SIPAdminLog::TraceProtocolRecord:SIPAdminLog.cpp(125))$$begin_record

Trace-Correlation-Id: 69086622

Instance-Id: 00049CDB

Direction: outgoing;source=”local”;destination=”internal edge”

Peer: lyncpool01.internaldomain.com:60148

Message-Type: response

Start-Line: SIP/2.0 504 Server time-out

From: <sip:user1@internaldomain.com>;tag=714DBB6A

To: <sip:jdoe@gmail.com>;tag=ef5ee6c3d6

CSeq: 6 NOTIFY

Call-ID: 059f6d06c4e84676ac28bfce083f779b

Via: SIP/2.0/TLS 10.50.1.18:60148;branch=z9hG4bKEC9CA19E.667CA4AB371EBB65;branched=FALSE;ms-received-port=60148;ms-received-cid=1A2A00

ms-diagnostics: 1047;reason=”Failed to complete TLS negotiation with a federated peer server”;WinsockFailureCode=”10054(WSAECONNRESET)”;WinsockFailureDescription=”The peer forced closure of the connection”;Peer=”lyncxmpp.internaldomain.com”;Port=”5061″;source=”sip.internaldomain.com”

Server: RTC/4.0

Content-Length: 0

ms-edge-proxy-message-trust: ms-source-type=EdgeProxyGenerated;ms-ep-fqdn=lyncedge.internaldomain.com;ms-source-verified-user=verified

Message-Body:

$$end_record

TL_WARN(TF_DIAG) [1]1190.1478::01/13/2011-15:50:15.385.0006bdd6 (SIPStack,SIPAdminLog::TraceDiagRecord:SIPAdminLog.cpp(145))$$begin_record

LogType: diagnostic

Severity: warning

Text: Routing error occurred; check Result-Code field for more information

Result-Code: 0xc3e93c7f SIPPROXY_E_ROUTING_MSG_SEND_CLOSED

SIP-Start-Line: NOTIFY sip:LYNCXMPP.internaldomain.com:5061 SIP/2.0

SIP-Call-ID: 059f6d06c4e84676ac28bfce083f779b

SIP-CSeq: 6 NOTIFY

Peer: lyncxmpp.internaldomain.com:5061

$$end_record

If similar TLS errors appear on your Edge server, ask yourself “Is my XMPP gateway installed on a Windows 2008 or Windows 2008 R2 server.” If XMPP is installed on Windows 2008 R2, various compatibility patches will need to be applied. The XMPP application is an OCS 2007 R2 server role and all OCS 2007 R2 services need various Microsoft patches in order to function correctly on Windows 2008 R2.

The following is the list of updates that should resolve the TLS errors between the XMPP and Lync Edge server:

Once the TLS errors are resolved, if presence unknown still appears and/or inbound instant messages continue to fail, you may want to reference the following links:

Finally, if you’re not familiar with the XMPP Gateway installation process, I’ve provided a few links below:

Comments Welcomed!

Tags:

2 thoughts on “Troubleshooting Lync Edge, XMPP Gateway, and TLS Negotiation Errors

  1. SWATI SINGH

    we have lync 2013 in our pool and have federation with cisco webex.sometimes presence is shown and sometimes it is unknown.PLZ provide the solution.

Leave a Reply