When configuring a Microsoft Teams Direct Routing Survivable Branch Appliance the other day I ran into an error. It was an interesting one that I think others will likely run into at some point too, so here is a blog post to save you wasting any more time than you need to thinking about it. After setting up the Teams SBA, I found that I could get users connected to it to send calls outbound to the PSTN, however, when I tried to send calls to the users in the other direction they would fail. Looking closer at the logging from the SBC I could see the error response was “410 Gone”… Gone Baby Gone…
The 410 Gone error from a Teams SBA looked like this:
SIP/2.0 410 Gone
FROM:
<sip:+61399992000@10.0.0.25>;tag=1c1327591735
TO: <sip:+61388886201@sbc01.mym365lab.us>;tag=703d3577eb1a468bbcdb34a0a78c690f
CSEQ: 1 INVITE
CALL-ID: 530796863134202353123@sbc01.domain.com
VIA: SIP/2.0/TLS
sbc01.mym365lab.us:5067;branch=z9hG4bKac1432917422
REASON:
Q.850;cause=22;text="c586066f-ceb5-4d83-8803-400791d033de;MediaOfferError"
CONTACT: <sip:teamssba01.domain.com:5061;transport=tls;x-i=c586066f-ceb5-4d83-8803-400791d033de;x-c=9baa3cbe22ec46ffb8ac39fffce08f20>
CONTENT-LENGTH: 0
ALLOW: INVITE,ACK,OPTIONS,CANCEL,BYE,NOTIFY
SERVER: Microsoft.Teams.SIPSBA v.2022.6.14.1
"Gone" is not a SIP error that I have seen very often in the wild and kind of sounds like it might be related to the user not being connected to the SBA properly. However, after looking more closely at the error, I saw that there was a REASON attribute included in the message that said
“MediaOfferError” which then made me further consider what was happening on the media
side of things… From most traditional SIP Stacks, I would usually expect a “488
Not Acceptable Here” message response for an SDP refusal scenario, but this is
the Teams SBA, so why expect anything that makes sense :)
When I looked at the INVITE that was being sent to the SBA from the SBC, it looked
legit:
INVITE sip:+61388886201@sbc01.mym365lab.us
SIP/2.0
Via: SIP/2.0/TLS sbc01.domain.com:5067;alias;branch=z9hG4bKac1432917422
Max-Forwards: 69
From:
<sip:+61399992000@10.0.0.25>;tag=1c1327591735
To: <sip:+61388886201@sbc01.domain.com>
Call-ID:
530796863134202353123@sbc01.mym365lab.us
CSeq: 1 INVITE
Contact: <sip:+61399992000@sbc01.domain.com:5067;transport=tls;ob>
Supported:
norefersub,100rel,timer,replaces,sdp-anat
Allow: PRACK, INVITE, ACK,
BYE, CANCEL, UPDATE, INFO, SUBSCRIBE, NOTIFY, REFER, MESSAGE, OPTIONS
Session-Expires: 1800
Min-SE: 90
User-Agent: Mediant SW/v.7.40A.250.265
Content-Type:
application/sdp
Content-Length: 287
v=0
o=- 419722796 1831657774 IN
IP4 10.0.0.25
s=media
b=AS:84
t=0 0
a=X-nat:0
m=audio 50012 RTP/AVP 0 8 96
c=IN IP4 10.0.0.25
b=TIAS:64000
a=rtcp:50013 IN IP4
10.0.0.25
a=sendrecv
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:96
telephone-event/8000
a=fmtp:96 0-16
The keen eyed folk in the audience may have noticed though that the SDP portion of the SIP message is in the regular format and not the fancy ICE format that includes a candidate list. The even more keen eyed may be thinking, "yeah, but the Teams Direct Routing service supports this format for SDP, so what's the problem?". Well, unfortunately, the problem is that the SBA only supports ICE formatted SDP lists (which may be because calls are technically media bypassing the SBA). I could see this catching out production deployments
where the traditional SDP format is being used for calls to Teams Direct
Routing (because this does work). Just keep in mind that the same settings pointing to the SBA will fail dismally.
The Fix
In order to fix this on an AudioCodes SBC you need to make sure that the IP Profile assigned to the SBA has ICE Mode set to “Lite”:
After enabling ICE Lite Mode, the INVITE messages that go to the SBA will be formatted with candidate information, which looks like this:
INVITE sip:+61398736201@sbc01.domain.com
SIP/2.0
Via: SIP/2.0/TLS sbc01.domain.com:5067;alias;branch=z9hG4bKac11041617
Max-Forwards: 69
From:
<sip:+61399992000@10.0.0.25>;tag=1c200843402
To: <sip:+61388886201@sbc01.domain.com>
Call-ID:
431229997134202354040@sbc01.mym365lab.us
CSeq: 1 INVITE
Contact: <sip:+61399992000@sbc01.domain.com:5067;transport=tls;ob>
Supported:
norefersub,100rel,timer,replaces,sdp-anat
Allow: PRACK, INVITE, ACK,
BYE, CANCEL, UPDATE, INFO, SUBSCRIBE, NOTIFY, REFER, MESSAGE, OPTIONS
Session-Expires: 1800
Min-SE: 90
User-Agent: Mediant
SW/v.7.40A.250.265
Content-Type:
application/sdp
Content-Length: 900
v=0
o=- 617366211 1969606384 IN
IP4 10.0.0.25
s=media
b=AS:84
t=0 0
a=X-nat:0
a=ice-lite
m=audio 50004 RTP/SAVP 0 8
96
c=IN IP4 10.0.0.25
b=TIAS:64000
a=rtcp:50005 IN IP4
10.0.0.25
a=sendrecv
a=rtpmap:0 PCMU/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:96
telephone-event/8000
a=fmtp:96 0-16
a=ice-ufrag:IE15BCMtIoIFC4S8
a=ice-pwd:VYGaTzCfX9gdvnfd9CuDiHuw
a=candidate:128566170 1 udp 2130706431 10.0.0.25 50004 typ host
a=candidate:128566170 2 udp 2130706430 10.0.0.25 50005 typ host
a=crypto:1
AES_CM_128_HMAC_SHA1_80 inline:UKAS7+0XGSZeXGFreZWWQU0vuf0D1D/F97dVtVLs|2^31
a=crypto:2
AES_CM_128_HMAC_SHA1_32 inline:2kuctHvNudt69PR8gxX/SPcX8LLWGsqdD+uecRxe|2^31
a=crypto:3 AES_256_CM_HMAC_SHA1_80
inline:L0E/e24PTtJ9mUwwWdb3QlCQBtd4WdSuSZvVi45ZkkyhqhnwGTuZGbXjcWJ6dc==|2^31
a=crypto:4
AES_256_CM_HMAC_SHA1_32
inline:z2WjgpGD1HC2HR0+3NZVEfuwEVJ8u0CyHAKuEZAIbMtnHCNw0ieSE22XVCQ39s==|2^31
Once you’ve done this, calls from the PSTN to the Teams Client via the SBA should work.
The Wrap Up
There you have it, more madcapped craziness from the world of Microsoft Teams. Till next time, I’m “410 Gone”. Catch ya later!
