Troubleshooting connectivity to external communities
Troubleshoot issues that occur during connections to external communities.
- Firewall was not opened to external communities on port 5060/5061
- Verify that the firewall rules allow traffic on port 5060/5061.
Use this telnet command from both ends of the connection:
telnet [FQDN] 5060/5061
If telnet is not successful, update the firewall rules to allow traffic on port 5060/5061 from both ends. For more information about opening ports in the firewall see the topic Opening firewall ports for Sametime Gateway Server.
- TLS connection - TLS/SSL configuration steps were not completed
- To determine if there is an SSL/TLS configuration problem, enable
SSL tracing by completing the steps in the "Collecting the data manually"
section of the following topic: MustGather: Java Secure Socket Extension (JSSE),
Secure Sockets Layer (SSL) or Java Cryptography Extensions (JCE) problems Resolve
the missing configuration by following the instructions below according
to your deployment type.
- Sametime Gateway Cluster Deployment - Setting up SSL on a cluster
- Sametime Gateway Standalone Deployment -Setting up SSL on a single server
- SIP aware device is terminating/corrupting the external connection
- To identify whether a SIP-aware device is blocking or corrupting a connection, capture network data from both sides of a connection and look for packet loss, or the break in connection. To resolve the issue, configure the SIP-aware device not to alter SIP packets.
- AOL - AOL provisioning was not completed
- Access the provisioning record and verify its status. Complete the AOL provisioning process if needed. For more information about verifying the AOL provisioning status and about the AOL provisioning process, see this topic:Registering your Sametime Gateway with AOL.
- OCS/Lync -
- The Sametime Gateway custom properties are missing or misspelled.
- For information on how to ensure that the custom properties are configured properly, see this topic:Connecting to a Microsoft Office Communications Server community
- SRV records for ALL internal domains are not set correctly.
- Perform an SRV record query from the internet to verify that a
DNS SRV record was created for each domain defined for the internal
community:
_sipfederationtls._tcp.domain name. IN SRV priority weight port target
for example, _sipfederationtls._tcp.lotus.com. IN SRV 0 0 5061 sttest.lotus.com
Note: If there are multiple domain names, a SAN (Subject Alternative Names) certificate is required.