Recently I worked on an issue for a customer who was complaining that their Sonus CCE Appliance is not connecting to O365.
The symptoms were:
Symptom 1: When you run PowerShell command on the ASM Get-CcAplianceStatus, it gave an error for item 2:
This suggests that the O365 credentials configured in CCE are incorrect. But they were correct. We checked this by manually logging into O365 using this account. We also updated it in the CCE to make sure, using the steps at the end of this page:
Symptom 2: The log located here on the ASM C:\Windows\WindowsUpdate.log showed the following errors:
WARNING: There was an error communicating with the endpoint at 'http://statsfe2.update.microsoft.com/ReportingWebService/ReportingWebService.asmx'.
WARNING: The server name or address could not be resolved
Again, we see messages about names not resolving.
We did multiple NSLOOKUPs from both the ASM and the EDGE VM, and all works OK:
So clearly, it’s not DNS causing this.
Looking at the output of IPCONFIG, I noticed that the ASM has got 2 Default Gateways configured:
As any network engineer knows, it’s bad to configure more than 1 Default Gateway on any appliance/server.
Usually, the ASM gets to the internet via Corpnet Switch (Adapter #3), via your internal network. Same as any other internal server. In our case, the ASM should send all internet traffic to 10.10.40.1 and then from there it goes out to the WWW.
The CCE Internet Switch (Adapter #2) is only used for the Edge VM to reach the internet. This is so it doesn’t have to flow through the internal network like the other servers.
This is where it get’s interesting. Doing a TRACERT from the ASM to 18.104.22.168 shows that the ASM is trying to route via the incorrect DGW:
Below is a diagram from our original CCE design showing the entire setup. You will notice that the Edge VM uses its own dedicated link for internet access (yellow line), whereas the other VMS and the ASM access the internet via “Internal Network”. Everything except the Edge VM is blocked by that firewall from accessing the internet, which is why we are getting errors. The Firewall at IP 10.10.50.1 was handing out DHCP options to the ASM which is where the second Default Gateway was coming from.
The solution was to simply modify the “SfB CCE Internet Switch” on the ASM and change it from DHCP to Static IP and make sure there is no Default Gateway configured.
No changes were required on the Sonus SBC or on any of the VMs directly.
Doing a TRACERT from the ASM now shows the correct path:
Another alternative solution is to disable DHCP on the firewall device, which is where all the trouble started.
Side Note: The adapter “SfB CCE Internet Switch” on the ASM actually doesn’t need an IP address at all. This switch is only used by the Edge VM. The ASM only needs to use “SfB CCE Management Switch” and “SfB CCE Corpnet Switch”. So you could clear out all the items on that adapter if you wish.