I have a Lync 2010 Standard Edition FE and a Lync 2010 Edge Server which is deployed in a DMZ. Firewall Settings have been adjusted according to the Firewall Requirement Sheet.
Conferencing (especially desktop/application sharing with external (other companies) Lync clients has been working fine until some time. After some investigation i can see SRTP traffic (TCP port 50.000+) trying to flow directly from internal desktop
client to destination server. What i remember is that traffic should go from my client to my edge server and then to partners Infrastructure (when sharing an application). I can reproduce this everytime by sharing my desktop on my internal client to another
client using Office 365 Lync. If i trace connections on our firewall i can see my client trying to reach TCP Ports from 50.000 upwards on the Office 365 infrastructure (which is blocked right now and has also been blocked in the past). Federation is set up
and everything except application/desktop sharing works fine.
Szenarios i tried until now and observed this behaviour:
Internal client trying to directly IM Office 365 and sharing desktop does not work (same applies in the oher direction)
Meet Now started from internal: Both internal and O365 client cannot share desktop
Meet Now started from O365: O365 client can share desktop, internal client cannot
I also investigated SIP Messages via Lync Server Logging Tool from what i see our Edge Server is recognized - anonymized message as follows (Remote Site is O365 Lync):
Route: <sip:[internal Lync FE]:5061;transport=tls;lr>
Route: <sip:sipfed0E.online.lync.com:5061....
Route: <sip:sipdir0e-int.online.lync.com:5061;transport=tls;ms-fe=DB30E00DIR03.infra.lync.com;lr>
Route: <sip:sippooldb30e01.infra.lync.com:5061;transport=tls;ms-fe=DB30E01FES02.infra.lync.com;opaque=state:T;lr>
User-Agent: UCCAPI/15.0.4420.1017 OC/15.0.4420.1017 (Microsoft Lync)
ms-client-diagnostics: 26; reason="A federated call failed to establish due to a media connectivity failure where one endpoint is internal and the other is remote";
CalleeMediaDebug="application-sharing:ICEWarn=0x4000220,
LocalSite=[internal FE IP]:3437,
LocalMR=[External AV Interface on EDGE]:55837,
RemoteSite=132.245.192.9:48876,
RemoteMR=132.245.192.32:55106,
PortRange=1025:65000,
LocalMRTCPPort=55837,
RemoteMRTCPPort=55106,
LocalLocation=2,
RemoteLocation=1,
FederationType=0,
NetworkName=[Internal Domain Name],
Interfaces=2,
BaseInterface=2,
BaseAddress=[Internal FE IP]:17207";
LyncAppSharingDebug="SharerChannel:0x0;
Maybe someone can put some light in this issue