Troubleshooting Lync Edge, XMPP Gateway, and TLS Negotiation Errors - Perficient Blogs
Blog
  • Topics
  • Industries
  • Partners

Explore

Topics

Industries

Partners

Troubleshooting Lync Edge, XMPP Gateway, and TLS Negotiation Errors

There is plenty of documentation out there on how to install the XMPP gateway with OCS or Lync (references provided at the bottom of this post). This blog will not focus on the installation of the XMPP Gateway, but rather what to do if you receive TLS errors on the Lync Edge server when communicating to the XMPP gateway.
If TLS issues pop up on the Lync Edge server, odd behavior could be experienced with Gmail such as complete instant messaging failure, one-way instant messages, and/or unknown presence.
If you open the Event Viewer on the Lync Edge server, you may notice connection failures similar to the error below.

A significant number of connection failures have occurred with remote server lyncxmpp.internaldomain.com IP 172.X.X.X. There have been 94 failures in the last 383 minutes. There have been a total of 1750 failures.
The specific failure types and their counts are identified below.
Instance count – Failure Type
14 0x8007274D(WSAECONNREFUSED)
1735 0x80072746(WSAECONNRESET)
1 0x8007274C(WSAETIMEDOUT)
This can be due to credential issues, DNS, firewalls or proxies. The specific failure types above should identify the problem.

If you start a logging trace on the Lync Edge server, you may notice a series of failures similar to the errors below.

TL_ERROR(TF_CONNECTION) [1]1190.1478::01/13/2011-15:50:15.384.0006baa0 (SIPStack,SIPAdminLog::TraceConnectionRecord:SIPAdminLog.cpp(160))$$begin_record
LogType: connection
Severity: error
Text: Receive operation on the connection failed
Local-IP: 172.X.X.100:61378
Peer-IP: 172.X.X.110:5061
Peer-FQDN: lyncxmpp. internaldomain.com
Peer-Name: lyncxmpp.internaldomain.com
Connection-ID: 0x1AC102
Transport: M-TLS
Result-Code: 0x80072746 WSAECONNRESET
Data: fqdn=”lyncxmpp.internaldomain.com”;peer-type=”FederatedPartner”;winsock-code=”10054″
$$end_record
TL_ERROR(TF_DIAG) [1]1190.1478::01/13/2011-15:50:15.385.0006bad2 (SIPStack,SIPAdminLog::TraceDiagRecord:SIPAdminLog.cpp(143))$$begin_record
LogType: diagnostic
Severity: error
Text: Message was not sent because the connection was closed
SIP-Start-Line: NOTIFY sip:LYNCXMPP.internaldomain.com:5061 SIP/2.0
SIP-Call-ID: 059f6d06c4e84676ac28bfce083f779b
SIP-CSeq: 6 NOTIFY
Peer: lyncxmpp.internaldomain.com:5061
$$end_record
TL_INFO(TF_DIAG) [1]1190.1478::01/13/2011-15:50:15.385.0006bd42 (SIPStack,SIPAdminLog::TraceDiagRecord:SIPAdminLog.cpp(147))$$begin_record
LogType: diagnostic
Severity: information
Text: Response successfully routed
SIP-Start-Line: SIP/2.0 504 Server time-out
SIP-Call-ID: 059f6d06c4e84676ac28bfce083f779b
SIP-CSeq: 6 NOTIFY
Peer: lyncpool01.internaldomain.com:60148
Data: destination=”lyncpool01.internaldomain.com”
$$end_record
TL_INFO(TF_PROTOCOL) [1]1190.1478::01/13/2011-15:50:15.385.0006bd87 (SIPStack,SIPAdminLog::TraceProtocolRecord:SIPAdminLog.cpp(125))$$begin_record
Trace-Correlation-Id: 69086622
Instance-Id: 00049CDB
Direction: outgoing;source=”local”;destination=”internal edge”
Peer: lyncpool01.internaldomain.com:60148
Message-Type: response
Start-Line: SIP/2.0 504 Server time-out
From: <sip:user1@internaldomain.com>;tag=714DBB6A
To: <sip:jdoe@gmail.com>;tag=ef5ee6c3d6
CSeq: 6 NOTIFY
Call-ID: 059f6d06c4e84676ac28bfce083f779b
Via: SIP/2.0/TLS 10.50.1.18:60148;branch=z9hG4bKEC9CA19E.667CA4AB371EBB65;branched=FALSE;ms-received-port=60148;ms-received-cid=1A2A00
ms-diagnostics: 1047;reason=”Failed to complete TLS negotiation with a federated peer server”;WinsockFailureCode=”10054(WSAECONNRESET)”;WinsockFailureDescription=”The peer forced closure of the connection”;Peer=”lyncxmpp.internaldomain.com”;Port=”5061″;source=”sip.internaldomain.com”
Server: RTC/4.0
Content-Length: 0
ms-edge-proxy-message-trust: ms-source-type=EdgeProxyGenerated;ms-ep-fqdn=lyncedge.internaldomain.com;ms-source-verified-user=verified
Message-Body:
$$end_record
TL_WARN(TF_DIAG) [1]1190.1478::01/13/2011-15:50:15.385.0006bdd6 (SIPStack,SIPAdminLog::TraceDiagRecord:SIPAdminLog.cpp(145))$$begin_record
LogType: diagnostic
Severity: warning
Text: Routing error occurred; check Result-Code field for more information
Result-Code: 0xc3e93c7f SIPPROXY_E_ROUTING_MSG_SEND_CLOSED
SIP-Start-Line: NOTIFY sip:LYNCXMPP.internaldomain.com:5061 SIP/2.0
SIP-Call-ID: 059f6d06c4e84676ac28bfce083f779b
SIP-CSeq: 6 NOTIFY
Peer: lyncxmpp.internaldomain.com:5061
$$end_record

If similar TLS errors appear on your Edge server, ask yourself “Is my XMPP gateway installed on a Windows 2008 or Windows 2008 R2 server.” If XMPP is installed on Windows 2008 R2, various compatibility patches will need to be applied. The XMPP application is an OCS 2007 R2 server role and all OCS 2007 R2 services need various Microsoft patches in order to function correctly on Windows 2008 R2.
The following is the list of updates that should resolve the TLS errors between the XMPP and Lync Edge server:

Once the TLS errors are resolved, if presence unknown still appears and/or inbound instant messages continue to fail, you may want to reference the following links:

Finally, if you’re not familiar with the XMPP Gateway installation process, I’ve provided a few links below:

Comments Welcomed!

2 thoughts on “Troubleshooting Lync Edge, XMPP Gateway, and TLS Negotiation Errors

  1. we have lync 2013 in our pool and have federation with cisco webex.sometimes presence is shown and sometimes it is unknown.PLZ provide the solution.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Subscribe to the Weekly Blog Digest:

Sign Up