Hello, not to comment on the specific error, but the correct way to support multiple MS Teams endpoints is to use the carrier model of the MS Teams SBC architecture with sub-domains.
Cheers, Henning -- Henning Westerholt - https://skalatan.de/blog/ Kamailio services - https://gilawa.com<https://gilawa.com/> From: Nick Digalakis via sr-users <[email protected]> Sent: Sonntag, 4. August 2024 09:56 To: Kamailio (SER) - Users Mailing List <[email protected]> Cc: Nick Digalakis <[email protected]> Subject: [SR-Users] Multiple TLS connections to the same IP:Port Hello everyone, I am trying to use a single Kamailio server to register to multiple MS Teams Direct Routing endpoints. The config snippet I am using is this: sht_iterator_start("i1", "teams-endpoints"); while(sht_iterator_next("i1")) { $var(teams_endpoint) = $shtitkey(i1); $xavp(tls=>server_name) = $var(teams_endpoint); $xavp(tls[0]=>server_id) = $var(teams_endpoint); $uac_req(method)="OPTIONS"; $uac_req(ruri)="sip:sip.pstnhub.microsoft.com:5061;transport=tls"; $uac_req(furi)="sip:" + $var(teams_endpoint); $uac_req(turi)="sip:sip.pstnhub.microsoft.com:5061;transport=tls"; $uac_req(hdrs)="Contact: <sip:" + $var(teams_endpoint) + ":" + "5061" + ";transport=tls<sip:%22%20+%20$var(teams_endpoint)%20+%20%22:%22%20+%20%225061%22%20+%20%22;transport=tls>>\r\n"; ### Create a unique Call-ID based on the Timestamp and the Message Body in MD5 $var(unhashed_cid) = $TV(Sn) + $mb + ""; $uac_req(callid)=$(var(unhashed_cid){s.md5}); uac_req_send(); } sht_iterator_end("i1"); When the HTable has only one endpoint, everything works fine. When I add a second endpoint, the first one continues to work but the second one failing with the error from Microsoft: Q.850;cause=63;text="85babcde-e0b5-4a85-8f4a-12345678c9ae;SBC certificate is not issued correctly. Provided trunk FQDN 'endpoint-02.domain.com' is not included in certificate's CN or SAN list. Certificate allows following FQDNs only: endpoint-01.domain.com. After some digging around, I realized that all endpoint after the first fail because Kamailio is re-using the same TLS connection for all subsequent OPTIONS as well, but of course the connection has been established with the certificate of the first endpoint. I have tested the certificates by switching around the first endpoint, so that shouldn't be a problem. Is there any way I can force it to establish a new TCP/TLS connection for each subsequent request? Any help would be much appreciated, I have been pulling my hair out with this one! Best regards, Nick [https://s-install.avcdn.net/ipm/preview/icons/icon-envelope-tick-green-avg-v1.png]<http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail> Virus-free.www.avg.com<http://www.avg.com/email-signature?utm_medium=email&utm_source=link&utm_campaign=sig-email&utm_content=webmail>
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to [email protected] Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
