I recently helped one of our Consultants to troubleshoot a Lync Federation issue.
Issue: When a Client tries to add a user from a Federated domain it gets “
When contacting your support team, reference error ID 504 (source ID 239).
Troubleshooting information is available online, including best practices for using Lync.” message.
Resolution: Edge Server log shows:
TL_ERROR(TF_CONNECTION) [1]1828.1FFC::02/07/2013-19:19:35.910.00ab3fee (SIPStack,SIPAdminLog::TraceConnectionRecord:SIPAdminLog.cpp(160))$$begin_record
LogType: connection
Severity: error
Text: Receive operation on the connection failed
Local-IP: 69.10.XXX.XXX:54814
Peer-IP: 209.205.XXX.XXX:5061
Peer-FQDN: My-Edge-FQDN
Peer-Name: Partner-Edge_FQDN
Connection-ID: 0x13703
Transport: M-TLS
Result-Code: 0x80072746 WSAECONNRESET
Data: fqdn=”Partner-Edge_FQDN“;peer-type=”FederatedPartner”;winsock-code=”10054″
$$end_record
TL_ERROR(TF_DIAG) [1]1828.1FFC::02/07/2013-19:19:35.910.00ab4024 (SIPStack,SIPAdminLog::TraceDiagRecord:SIPAdminLog.cpp(143))$$begin_record
LogType: diagnostic
Severity: error
Text: Message was not sent because the connection was closed
SIP-Start-Line: SUBSCRIBE sip:username@Partner-DOMAIN SIP/2.0
SIP-Call-ID: 495169bf05e041e39222905f46236f31
SIP-CSeq: 1 SUBSCRIBE
Peer: Partner-Edge_FQDN:5061
$$end_record
TL_INFO(TF_PROTOCOL) [1]1828.1FFC::02/07/2013-19:19:35.910.00ab4333 (SIPStack,SIPAdminLog::TraceProtocolRecord:SIPAdminLog.cpp(125))$$begin_record
Trace-Correlation-Id: 1484110210
Instance-Id: 0000567F
Direction: outgoing;source=”local”;destination=”internal edge”
<Private information here >
CSeq: 1 SUBSCRIBE
Call-ID: 495169bf05e041e39222905f46236f31
Via: SIP/2.0/TLS 10.10.XXX.XXX:59199;branch=z9hG4bK9558ABE4.49ED0FF1C7027493;branched=FALSE;ms-received-port=59199;ms-received-cid=600
Via: SIP/2.0/TLS 192.168.XXX.XXX:54768;branch=z9hG4bK54197F18.D4F20C41F31B0497;branched=FALSE;ms-received-port=54768;ms-received-cid=33DD500
Via: SIP/2.0/TLS 192.168.XXX.XXX:65137;received=99.228.XXX.XXX;ms-received-port=65137;ms-received-cid=12800
ms-diagnostics: 1047;reason=”Failed to complete TLS negotiation with a federated peer server”;WinsockFailureCode=”10054(WSAECONNRESET)”;WinsockFailureDescription=”The peer forced closure of the connection”;Peer=”Partner-Edge_FQDN“;Port=”5061″;source=”My-Edge-FQDN“
Server: RTC/4.0
Content-Length: 0
ms-edge-proxy-message-trust: ms-source-type=EdgeProxyGenerated;ms-ep-fqdn=My-Edge-Internal-FQDN;ms-source-verified-user=verified
Message-Body: –
$$end_record
Even though we are using Entrust certificate on our Edge the Partner’s Edge does not trust it!
I sent our Entrust certificate chain to Partner to install on Edge and it fixed the issue.