Just a quick note regarding an error I recently ran across.  A client was experiencing problems with Dial-In Conferencing after a recent deployment and during troubleshooting the issues I ran across this pair of errors in the Front-End server’s OCS event log:

OCS Audio-Video Conferencing Server
Event ID 32018
“The Audio-Video Conferencing Server encountered an error when requesting credentials from the A/V Edge Authentication Service.”

image

OCS Protocol Stack
Event ID 14502
”A significant number of connection failures have occurred with remote server…”
8007274D
80072746

image

The IP address of the the ‘remote server’ described in ID 14502 was actually the IP address on the Edge server’s internal interface.  So after checking the the common reasons for server-to-server communications issues (filtered ports on firewalls, incorrect or missing DNS entries, or invalid certificates) everything appeared to check out.  All other features were working, as internal to external audio and video communications were tested multiple times in addition to Live Meeting and Desktop Sharing.

The A/V Authentication service was correctly configured on the Edge Server’s Interfaces tab on the default port of 5062, and from the Front-End server I was able to telnet directly to that port.  Hmmmm…

Next step was to check the internal configuration and make sure that the Front-End services were attempting to go to the right place.

Bingo! The A/V Edge Servers entry under the Global Properties > Edge Servers tab had the correct FQDN but was mistakenly configured to use 443 instead of 5062, where the A/V Auth service was actually listening on the Edge’s internal IP.

image

Simple enough, just change it, right?  That would be too easy.  You can’t edit the current entry.  And attempts to directly resolve it will be thwarted by one of two errors messages depending on if you attempt to delete the current entry and replace it with a new one, or simply try to add a second entry for the same FQDN with a different port value.

“The A/V Edge Server internal FQDN and A/V authentication port is currently assigned to a pool or server.  Please check the Status Pane.  Removing this entry may result in the failure of users to exchange media.”

image

“Trusted entry breaks the FQDN, Port or Version uniqueness constraint.”

image

Resolution

At this point we’ll need to un-assign the current value from a couple places in the OCS configuration so that the invalid entry can be removed.

  • First go to the Pool Properties under the Pool object and change the A/V Authentication Service to (None).

image

  • And then from the Mediation Server Properties also change the A/V Edge Server setting to (None).

image

Give Active Directory some time to replicate these configuration changes around, and we can go back and remove the original entry and replace it with the correct port number.

  • Revisit the Global Properties on the OCS Forest object and delete the existing A/V Edge Server entry with the invalid port listed.
  • Create a new entry with the correct values.  (Depending on the time elapsed between now and the previous steps you may receive another “Trusted entry breaks FQDN…constraint” warning but it can be ignored at this point.)
  • After restarting the Front-End services those two errors should stop appearing in the event log and Front-End to A/V Authentication communications should now be working.

By Jeff Schertz

Site Administrator

One thought on “AV Edge Authentication Connection Errors”
  1. Hi Jeff,
    I know this article is for the OCS Server. But i m facing the same error for the Lync server. Basically when an external-internal A/V session is escalated to a conference by dragging in a user from the client. the client is thrown out of the conference with an error. Event logs show the same error Event ID 32018 and Event ID 32091. avmcu_e_mras_request_failed & source=edgefqdn;reason=not a trusted server;Component="mediarelayedge"
    Edge server uses godaddy public cert for Internal and external interfaces and the FE also uses Public cert.
    Any quick suggestions?
    Thanks,
    Abhay

Leave a Reply

Your email address will not be published. Required fields are marked *