Hi there,
I got a problem with our Lync 2010-topology and to be honest - I am not shure what causes the error, either the change of our external firewall or a new certificate I installed on the edge server.
My problem: External lync to lync calls work, external lync to federated user calls work but when an external domain-user, that is not vpn connected, tries to call the landline of some other user the call fails.
My topology: One internal Lync2010 server, one edge server, one audiocodecs mediant 1000 as voip-gateway. I switched the firewall from tmg to watchguard some months ago and and rebuild the rules and I am quite shure that everything worked. Two weeks ago I also switched the certificate for our external sip-Domain and I made shure that I got all of the SANs.
I tried the remote connectivty analyzer and get this error message:
Die Microsoft-Verbindungsuntersuchung versucht, das SSL-Zertifikat vom Remoteserver sip.busitec.de an Port 5061 zu erhalten.
Die Microsoft-Verbindungsuntersuchung konnte das Remote-SSL-Zertifikat nicht abrufen.
Weitere Details
Das Zertifikat konnte nicht überprüft werden, da die SSL-Aushandlung nicht erfolgreich war. Dies wurde möglicherweise durch einen Netzwerkfehler oder durch ein Problem bei der Zertifikatinstallation verursacht.
Verstrichene Zeit: 512 ms.
This basically means that ssl-connection fails because the cert could't be obtained over port 5061 (which is open). Is there a coincidence to the call failures?
As I mentioned before - I am quite shure that the firewall isn't the cause but I am not 100%. Maybe I made a mistake while installing the new cert.
Hope for some inpout, thanks in advance!
Marcel
