Hello,
not to comment on the specific error, but the correct way to support multiple MS Teams
endpoints is to use the carrier model of the MS Teams SBC architecture with sub-domains.
Cheers,
Henning
--
Henning Westerholt -
https://skalatan.de/blog/
Kamailio services -
https://gilawa.com<https://gilawa.com/>
From: Nick Digalakis via sr-users <sr-users(a)lists.kamailio.org>
Sent: Sonntag, 4. August 2024 09:56
To: Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org>
Cc: Nick Digalakis <ntg_13(a)hotmail.com>
Subject: [SR-Users] Multiple TLS connections to the same IP:Port
Hello everyone,
I am trying to use a single Kamailio server to register to multiple MS Teams Direct
Routing endpoints.
The config snippet I am using is this:
sht_iterator_start("i1", "teams-endpoints");
while(sht_iterator_next("i1")) {
$var(teams_endpoint) = $shtitkey(i1);
$xavp(tls=>server_name) = $var(teams_endpoint);
$xavp(tls[0]=>server_id) = $var(teams_endpoint);
$uac_req(method)="OPTIONS";
$uac_req(ruri)="sip:sip.pstnhub.microsoft.com:5061;transport=tls";
$uac_req(furi)="sip:" + $var(teams_endpoint);
$uac_req(turi)="sip:sip.pstnhub.microsoft.com:5061;transport=tls";
$uac_req(hdrs)="Contact: <sip:" + $var(teams_endpoint) + ":" +
"5061" +
";transport=tls<sip:%22%20+%20$var(teams_endpoint)%20+%20%22:%22%20+%20%225061%22%20+%20%22;transport=tls>>\r\n";
### Create a unique Call-ID based on the Timestamp and the Message Body in MD5
$var(unhashed_cid) = $TV(Sn) + $mb + "";
$uac_req(callid)=$(var(unhashed_cid){s.md5});
uac_req_send();
}
sht_iterator_end("i1");
When the HTable has only one endpoint, everything works fine.
When I add a second endpoint, the first one continues to work but the second one failing
with the error from Microsoft:
Q.850;cause=63;text="85babcde-e0b5-4a85-8f4a-12345678c9ae;SBC certificate is not
issued correctly. Provided trunk FQDN 'endpoint-02.domain.com' is not included in
certificate's CN or SAN list. Certificate allows following FQDNs only:
endpoint-01.domain.com.
After some digging around, I realized that all endpoint after the first fail because
Kamailio is re-using the same TLS connection for all subsequent OPTIONS as well, but of
course the connection has been established with the certificate of the first endpoint.
I have tested the certificates by switching around the first endpoint, so that
shouldn't be a problem.
Is there any way I can force it to establish a new TCP/TLS connection for each subsequent
request?
Any help would be much appreciated, I have been pulling my hair out with this one!
Best regards,
Nick
[
https://s-install.avcdn.net/ipm/preview/icons/icon-envelope-tick-green-avg-…
Virus-free.www.avg.com<http://www.avg.com/email-signature?utm_medium=ema…