Search This Blog

Wednesday, April 16, 2014

Lync 485 Ambiguous error

Getting an error in Lync 2013:

SIP/2.0 485 Ambiguous
ms-user-logon-data: RemoteUser
Authentication-Info: TLS-DSK qop="auth", opaque="xx", srand="xx", snum="18", rspauth="xx", targetname="xx", realm="SIP Communications Service", version=4
From: ;tag=xx;epid=xx
To: ;tag=xx
Call-ID: xx
Via: SIP/2.0/TLS xxx:xx;received=xxx;ms-received-port=xx;ms-received-cid=xx
ms-diagnostics: 4199;reason="Multiple users associated with the target phone number";HRESULT="0x8004C3CD";processing-cluster="xx";processing-frontend="xx";source="xx"
Server: RTC/5.0
Content-Length: 0

In the enviroment we have a

+1xxxxxxxxx  - number of main non-Lync autoattendant.  This number does not exist in Lync, but there are several (two) non-DID users with


Even after removing the second user, the error persist. It is strange, since there is no other user or contact or else who use +1xxxxxxxxx - checked with 

There is some info that it might be a bug of Lync -

I will post update on this....
UPDATE: selected another DID to be used as base for extension and it works ok. Note that there is no direct DID defined in the system, only ones with extensions.
Lync does not like ext to be mixed with no ext. For the example above you have to add ext=1 or any other ext for the main number.

Friday, April 11, 2014

Lync SBA egde firewall port requirements

Normally we need only to open port 5062 on the egde for SBA. Ref:   - check the right bottom picture

If there are no directors in the topology, then also 5061 two ways.

Note that port 5062 is needed on Edge servrs assigned to SBA/FrontEnd pool. However, I recommend to open it in all other edges pools as well. This way you have a flexibility to change edge pool in needed.

Wednesday, April 2, 2014

Testing Lync edge

When you test firewall rules for Lync edge installation you can use several different tools.

msturnping  (part of reskit) can test AV ports for media transfers.

telnet - can test tcp ports like 443 or 8057.

nmap can be used to test UDP:

nmap -sU -p 3478 
to test internal STUN port
nmap -sU -p 3478 -S  
to test external STUN (we also need to specify AV source IP, because by default it may take Access IP or WebConf IP, etc)

If you want continuos packets to be sent (if you need to see packets passing in firewall monitor) - STUN from internal Pc to edge:

nping  --udp -p 3478 -g 3478 -c 20000

some real tests output - for nmap -sU -p 3478 -  it responds HOST IS UP:

Host is up (0.013s latency).
3478/udp open|filtered unknown