Skype for Business audio not working?
This is a common issue in Skype for Business deployments. Understanding how Skype for Business establishes audio and video (media) paths can improve your ability to troubleshoot these tricky issues. This article will give you some new tools to help you troubleshoot a Skype for Business audio not working issue.
Audio and video establishment in Skype for Business takes a different approach to most network traffic. SIP signalling and control traffic in Skype for Business takes the run of the mill approach – traffic is routed directly between server and client. Any delays (latency) in this traffic is typically unknown to the user.
On the other hand, any significant delays to audio and video traffic will be immediately noticed by the user and could disrupt the call. To reduce the likelihood of this happening, Skype for Business will attempt to find and use the shortest path between users – This can result in two users on the same network sending their audio and video traffic directly to each other, all the while, the SIP signalling traffic continues server/client. To do this, Skype for Business uses Interactive Connectivity Establishment (ICE). ICE is the overall process that helps discover and exchange ‘candidates’ to finds most optimal audio and video path.
- SIP signalling – simply put, it’s the control traffic. For example, its the thing that tells the server you want to make a call by sending a SIP INVITE.
- Interactive Connectivity Establishment (ICE) – Process used to discover and exchange candidates to find the most optimal audio or video path.
- Candidates – A list of possible IP addresses that could be used to establish an audio or video path.
- Reflective/Session Traversal Utilities for NAT (STUN) – STUN ‘reflects’ or returns the public NAT address to the Skype for Business client e.g. a home based user sends a packet to edge server, which discovers the public IP address (a candidate), and returns it to the client.
- Relay/Traversal Using Relays around NAT (TURN) – TURN allows the audio or video traffic to be relayed/proxied by the Edge server to the client by providing the client relay addresses to send audio or video.
- ICE endpoints – An ICE endpoint is anything that is involved in audio or video e.g. Skype for Business Clients, Skype for Business Web App, Skype for Business Phone, Front End Server (App Sharing MCU, RGS, Call Park A/V Conf etc), mediation Server, SBA, Exch UM. Session Border controllers and the director role would not be considered as ICE endpoints. Edge server is doing STUN and TURN but not an ICE endpoint, and is more of an ICE server.
The 5 Phases of Audio or Video Path
If your Skype for Business audio is not working (or any other media type), understanding this process will help you narrow down where to look for potential issues.
1. TURN provisioning and credentials (MRAS)
Tip – Always make sure you use the same external certificate for all Edge servers. The certificate is used to create credentials for the client to connect. If an Edge server goes down, and the client try’s to connect to another Edge server using a different certificate, it will not be able to validate the credentials and authentication will fail. Search for “MRAS” in the client or server SIP logs (use Snooper tool) to find authentication messages. There should be 3 messages per request. Port 5062 for MRAS.
2. Address Discovery (Allocation)
- Discover local UDP candidate for every network card (peer to peer so UDP is best)
- Connect to media relay (Edge server) to discover reflexive address (the address the Edge server sees the client connect from) and allocate a candidate on the media relay for UDP then TCP
- Discovers local TCP candidate
- Media Relay TCP only
3. Address Exchange (SIP Invite/200OK)
4. Connectivity Checks
- Connect directly (peer to peer)
- Connect to reflective address
- Connect via media relay by connecting to the Edge server and asking it to contact a candidate and establish a connection on its behalf
5. Candidate Promotion
- Host/Local Candidate (UDP) – The most preferred candidate is always a local candidate and is the reason that peer to peer audio or video sessions between clients on the same network will never use the Edge server.
- Reflexive/STUN Candidate (UDP) – The next preferred option is to use the server reflexive candidate which is provided by the Edge Server using STUN. This scenario involves attempting to connect to the reflexive IP addresses for each externally connected user. The reflexive IP address is the public IP address of the external user e.g. a home router.
- Relay/TURN Candidate (UDP) – In the event that STUN fails then the final option is to utilise the Edge Server as a media relay. The calling client will establish an audio or video session directly with the A/V Edge Server as will the receiving client. This connectivity is relayed through the public IP address of the Audio/Video Edge service.
- Relay/TURN Candidate (TCP) – when connectivity is not available on UDP. TCP Relay is a last resort.
SIP Messages in Audio or Video Path Establishment
When you are troubleshooting Skype for Business audio not working its also good to understand how clients communicate with each other using SIP messages. This help you confirm if the negotiation process is working as expected.
- Out INVITE (SDP session description protocol – tells the other party what I can do e.g. what codecs). The first set of candidates is ICE v6 (ms-proxy-2007 fallback) and a second set is ICE V19. OCS r2+ uses V19, but both are included for backward compatability. Candidates come in peers – one for Real-time Transport Protocol (RTC) and one for RTP Control Protocol (RTCP).
A=candidate 1 1 Protocol (UDP/TCP Passive – candidate I expect to send traffic to /TCP Active – candidate that sends me traffic) priority (high best) IPAddress Port Typ(host/relay/server reflective)
A=candidate 1 2 UDP priority (high best) IPAddress Port Typ (host/relay/server reflective).
- In SIP 183 Peer sends its candidates. You may see multiple – one for each end point.
- In SIP 200 OK Peer picks up the call. This still includes a full candidate set as the best have not been negotiated yet.
- Out INVITE Re-invite which will include the 1 chosen candidate pair as decided in the earlier process.
- In SIP 200 OK Includes other party’s final candidates.
Call Scenarios and Connections Options
When you are troubleshooting Skype for Business audio not working you’ll also need to know the differences in how audio or video establishment works when users are inside and outside the corporate network.
Inside <-> Inside
- Peer to Peer
Inside <-> Outside
- Peer to peer will not work
- Outside connects to reflective candidate UDP or TCP
- Outside connects to own edge server (relay) which hairpins traffic to internal user
Outside <-> Outside
- Peer to peer might work if clients are on the same network
- Reflective candidate UDP or TCP
- Relay via Edge server
Federation OCS 2007
- Edge servers connect to each other on the 50k port range directly and relay the call. Ports need to be open in both directions.
Federation 2007 R2 (tunnel mode introduced)
- The Edge server sends a special packet to UDP port 3478 on the other Edge to find out if it is OCS 2007 R2 or above. If it is then tunnel mode can be used, and all UDP traffic can be sent on these ports. Candidate data still includes the 50k ports, but the Edge server just contacts the other Edge server to share this information and connect.
- TCP is very similar, but because a connection to a source IP/port and destination IP/port can only be in use at one time, the Edge server allocates a port in 50k range as a source port, and then opens a connection to the other Edge server on port 443. This gets around having to have 50k ports open which is required for OCS 2007.
clients to connect to the same Edge server. The initiating client connects to its home Edge server, gets candidates and passes those to the other party. The other party then attempts to connect to the 50k range directly on the initiators home Edge server. Without these ports open this would not work, and the client would need to involve its own Edge server and ask that it connects to the initiating Edge to relay on its behalf. This introduces a longer audio or video path.
Troubleshooting Audio or Video Connectivity
- Get Snooper installed to make reviewing the client and server logs easier.
- Get client logs from a fresh sign-in – is there MRAS? If no, it can’t talk to the Edge server.
- Check if the Front End server can telnet to the FQDN on Edge server internal NIC. Check logs for STUN and TURN candidates. If none, then there is an issue between the client and Edge server
- Use port query tool to test UDP ports
- When the Edge server sends candidates in a NAT situation, it uses the external IP configured in topology and sends this to client – make sure it’s correct!
- Search client and server logs for a=candidate to find candidate information
- Search a=remote-candidate to find the final candidates that are chosen
- After a call is picked up, it can take several seconds before the final candidates are chosen and audio or video paths are subject to change. The final re-invite will include this, but the result may not be in logs for a few seconds after connection.
You are now ready to troubleshoot Skype for Business audio not working!
Hopefully, you found this article useful and next time you have a Skype for Business audio not working issue you’ll have some new tools to help you.