CX600’s Virtual Switch blocks calls on LAN port.

By | September 3, 2016

Heres an old one from way back that I never posted. But here it is anyway.
I hope that in this day an age everyone is selling VVX phones instead of CX series. but if you are, read on.

I know, it’s silly.. but during your POC stage you can come across this issue
I was doing some testing for a client when I was sent down the rabbit hole by a most peculiar issue
Calls from my Lync Client to Lync Phone edition would fail.

I did the usual things, Checked media bypass was configured. Made some phone to phone calls and verified the Mediation server could see both endpoints.
Just to be sure I tried from another laptop, with another headset to another LPE handset… Same issue.
Too add further to the complexity of the setup, this was a Multitennant instance of Lync 2013 Enterprise using Citrix Multitennanting (Due to Microsoft ceasing development of the Lync 2013 MTHP)
Using the same 2 phones to call each other = Okay
Using the same 2 laptops to call each other = Okay.

So after delving into Snooper I started checking the endpoint candidates in the SDP’s only to find the correct addresses were listed.
Failing calls would present the error message “Call failed to establish due to a media connectivity failure when both endpoints are internal” in the BYE packet
As all good engineers do I started troubleshooting the network layer with a good old fashioned ping from the PC to the Phone. This failed.

cx600sbnooperlog

A thought occurs. “Why? I’m on the same Layer 2 Broadcast network!”
I ping the Phone from another laptop.. it works fine.
Sure enough I can replicate the issue by pinging the “remote” phone from the other laptop.
Then suddenly it all comes screaming back to me… Lync Phone Editions “Security Feature”

It’s the same thing that stops the Local users accessing the logs via FTP on the phone
Lync Phone Edition appears to ignore any traffic directed towards it when it comes from the PC port.
When i had quickly setup the Lab I connected the Ethernet Port of Lync.user1’s laptop to Lync.user2’s Phone.. meaning the traffic was blocked.

To understand why this occurred we need to understand what happens in the media setup process

Now what happens with a Lync Phone Edition (Aries) device like the CX600?

cx600 diagranm

First the Lync/Skype4B client sends a SIP invite to the Frontend looking for the user.
Then as the LPE device is registered, the frontend sends a SIP invite to the Phone with a list of available media connection points from the calling party.
As the LPE device and Lync client obtained a media bypass config during sign on they discover they are both in the same media bypass realm and attempt to establish a media channel
The firewall on the LPE device blocks all traffic from the PC port to the IP of the phone, SRTP negotiation times out, so the endpoints give up and send “Call failed to establish due to a media connectivity failure when both endpoints are internal” in a BYE packet.

Anyway, hope this helps someone.

 

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.