Hi 

Please assist I have a Lync environment with consolidated edge, the Lync 2013 client provisions.

My external users are unable to make Lync calls and AV conference calls, Lync Internal users can make Lync to Lync calls.The following rules are  currently in place on my sonic wall firewall.

Edge Role	Source IP Address	Source Port	Destination IP Address	Destination port	Transport	Application
Access	10.20.1.6	Any	Any	80	TCP	HTTP
Access	10.20.1.6	Any	Any	53	UDP	DNS
Access	Any	Any	10.20.1.6	443	TCP	SIP(TLS)
Access	Any	Any	10.20.1.6	5061	TCP	SIP(MTLS)
Access	10.20.1.6	Any	Any	5061	TCP	SIP(MTLS)
Access	10.20.1.6	Any	Any	5269	TCP	XMPP
Web Conference	Any	Any	10.20.1.7	443	TCP	PSOM (TLS)
A/V	10.20.1.8	50000-59999	Any	Any	TCP	RTP
A/V	10.20.1.8	50000-59999	Any	Any	UDP	RTP
A/V	Any	Any	10.20.1.8	50000-59999	TCP	RTP
A/V	Any	Any	10.20.1.8	50000-59999	UDP	RTP
A/V	Any	Any	10.20.1.8	3478	UDP	STURN/MSTURN
A/V	Any	Any	10.20.1.8	443	TCP	STURN/MSTURN

Access  10.20.1.6

Webconf  10.20.1.7

AV  10.20.1.8

Behind a public IP address NAT

The Edge server interface is on the same network as the Lync Front End server and internal clients

Can you login to a Lync client externally and right click on the Lync icon in the system tray while pressing the Ctrl button?

Then go to Configuration information and check if you get the MRAS information and whether it is enabled.



The MRAS is Blank

The Lync client signs in the MRAS is blank

Your external MRAS isn't working. It is required for external calling to work.

To start with, check if the Audio/Video Edge and Audio/Video Authentication service are running on the Edge server.

Also, refer to the following articles to make sure MRAS works externally.

http://blog.schertz.name/2012/07/understanding-lync-edge-server-ports/

http://blogs.technet.com/b/dodeitte/archive/2012/06/22/issues-with-mras-and-limited-external-calling.aspx

The A/V and A/V authentication services are running.

I followed both articles I verified that they where previous Internal CAs in the Environment.

Removed all the irrelevant Intermediate Certificates.

Complete all the test scenarios, telnet from FE to Edge on port 5061 success,port 5062 connection established with Between FE and Egde.Port 8057 listening.

Is there an additional configuration that I need to complete to publish MRAS

What you need for this to work is TCP 443 and UDP 3478 from external network to your external interface of Edge.

If these are already open, you can collect the Lync client logs and see what happens to the SERVICE request sent by the client for MRAS as shown in this article.

http://blogs.technet.com/b/dodeitte/archive/2012/06/22/issues-with-mras-and-limited-external-calling.aspx

Hi SandileS,

 

Also check the configuration in Topology, make sure the check box A/V Edge service is NAT enabled is already selected.

 

 

 

Best regards,

Eric

Hi Eric 

That option is selected already.

MRAS does not appear in my Lync 2013 logs.

That is not possible. The service request for MRAS is always there when a Lync client signs in. You either get a success or a failure.

Hi,

Starting at the start; your edge service FQDN's don't resolve correctly. sip, webcon, and av.tech.com don't resolve to anything in the public name space. Add the appropriate external A record and SRV DNS entries to point to their corresponding public IP's, then go from there.

Kind regards

Thank you guys, Manged to resolve this issue after reviewing DNS and firewall settings.

I went back to my Lync Topology, Unchecked the Associate Egde pool (for media components) published the topology and Marked it again and Republished the topology.

My MRAS authentication completed successfully.



• Marked as answer by SandileS 41 minutes ago

Thank you guys, Manged to resolve this issue after reviewing DNS and firewall settings.

I went back to my Lync Topology, Unchecked the Associate Egde pool (for media components) published the topology and Marked it again and Republished the topology.

My MRAS authentication completed successfully.



• Marked as answer by SandileS Monday, April 13, 2015 6:44 AM

Thank you guys, Manged to resolve this issue after reviewing DNS and firewall settings.

I went back to my Lync Topology, Unchecked the Associate Egde pool (for media components) published the topology and Marked it again and Republished the topology.

My MRAS authentication completed successfully.



• Marked as answer by SandileS Monday, April 13, 2015 6:44 AM

Thank you guys, Manged to resolve this issue after reviewing DNS and firewall settings.

I went back to my Lync Topology, Unchecked the Associate Egde pool (for media components) published the topology and Marked it again and Republished the topology.

My MRAS authentication completed successfully.



• Marked as answer by SandileS Monday, April 13, 2015 6:44 AM

Thank you guys, Manged to resolve this issue after reviewing DNS and firewall settings.

I went back to my Lync Topology, Unchecked the Associate Egde pool (for media components) published the topology and Marked it again and Republished the topology.

My MRAS authentication completed successfully.



• Marked as answer by SandileS Monday, April 13, 2015 6:44 AM