Hello everyone,

I am trying to use a single Kamailio server to register to multiple MS Teams Direct Routing endpoints.

The config snippet I am using is this:

sht_iterator_start("i1", "teams-endpoints");
while(sht_iterator_next("i1")) {

    $var(teams_endpoint) = $shtitkey(i1);

    $xavp(tls=>server_name) = $var(teams_endpoint);
    $xavp(tls[0]=>server_id) = $var(teams_endpoint);

    $uac_req(method)="OPTIONS";
    $uac_req(ruri)="sip:sip.pstnhub.microsoft.com:5061;transport=tls";
    $uac_req(furi)="sip:" + $var(teams_endpoint);
    $uac_req(turi)="sip:sip.pstnhub.microsoft.com:5061;transport=tls";
    $uac_req(hdrs)="Contact: <sip:" + $var(teams_endpoint) + ":" + "5061" + ";transport=tls>\r\n";

    ### Create a unique Call-ID based on the Timestamp and the Message Body in MD5
    $var(unhashed_cid) = $TV(Sn) + $mb + "";
    $uac_req(callid)=$(var(unhashed_cid){s.md5});

    uac_req_send();
}
sht_iterator_end("i1");

When the HTable has only one endpoint, everything works fine.
When I add a second endpoint, the first one continues to work but the second one failing with the error from Microsoft:

Q.850;cause=63;text="85babcde-e0b5-4a85-8f4a-12345678c9ae;SBC certificate is not issued correctly. Provided trunk FQDN 'endpoint-02.domain.com' is not included in certificate's CN or SAN list. Certificate allows following FQDNs only: endpoint-01.domain.com.


After some digging around, I realized that all endpoint after the first fail because Kamailio is re-using the same TLS connection for all subsequent OPTIONS as well, but of course the connection has been established with the certificate of the first endpoint.
I have tested the certificates by switching around the first endpoint, so that shouldn't be a problem.

Is there any way I can force it to establish a new TCP/TLS connection for each subsequent request?


Any help would be much appreciated, I have been pulling my hair out with this one!



Best regards,
Nick

Virus-free.www.avg.com