diff --git a/Teams/direct-routing-survivable-branch-appliance.md b/Teams/direct-routing-survivable-branch-appliance.md index 5cd909a12b..d607f402dc 100644 --- a/Teams/direct-routing-survivable-branch-appliance.md +++ b/Teams/direct-routing-survivable-branch-appliance.md @@ -3,7 +3,7 @@ title: Direct Routing SBA author: CarolynRowe ms.author: crowe manager: pamgreen -ms.date: 03/24/2024 +ms.date: 08/15/2024 ms.topic: article ms.service: msteams audience: admin @@ -16,7 +16,7 @@ search.appverid: MET150 f1.keywords: - NOCSH - ms.teamsadmincenter.directrouting.overview -description: Learn more about Direct Routing Survivable Branch Appliance (SBA). +description: Learn about Direct Routing Survivable Branch Appliance (SBA). ms.custom: - seo-marvel-apr2020 - seo-marvel-jun2020 @@ -28,9 +28,9 @@ appliesto: Occasionally, a customer site using Direct Routing to connect to Microsoft Teams Phone may experience an internet outage. -Assume that the customer site--called a branch--temporarily can't connect to the Microsoft cloud through Direct Routing. However, the intranet inside the branch is still fully functional, and users can connect to the Session Border Controller (SBC) that is providing PSTN connectivity. +In this scenario, assume that the customer site--called a branch--temporarily can't connect to the Microsoft cloud through Direct Routing. However, the intranet inside the branch is still fully functional, and users can connect to the Session Border Controller (SBC) that is providing PSTN connectivity. -This article describes how to use a Survivable Branch Appliance (SBA) to enable Teams Phone to continue to make and receive Public Switched Telephone Network (PSTN) calls in the case of an outage. +This article describes how to use a Survivable Branch Appliance (SBA) to enable Teams Phone to continue to make and receive Public Switched Telephone Network (PSTN) calls in case of an outage. ## Prerequisites @@ -38,14 +38,14 @@ The SBA is distributable code provided by Microsoft to SBC vendors who then embe To get the latest Session Border Controller firmware with the embedded Survivable Branch Appliance, contact your SBC vendor. In addition, the following is required: -- The SBC needs to be configured for Media Bypass to ensure that the Microsoft Teams client in the branch site can have media flowing directly with the SBC. +- The SBC is configured for Media Bypass to ensure that the Microsoft Teams client in the branch site can have media flowing directly with the SBC. -- TLS1.2 should be enabled on the SBA VM OS. -- Ports 3443, 4444 and 8443 are used by Microsoft SBA Server to communicate with the Teams client and should be allowed on the firewall. -- Port 5061 (or the one configured on the SBC) is used by Microsoft SBA Server to communicate with the SBC and should be allowed on the firewall. -- UDP Port 123 is used by Microsoft SBA Server to communicate with NTP server and should be allowed on the firewall. -- Port 443 is used by Microsoft SBA Server to communicate with Microsoft 365 and should be allowed on the firewall. -- Azure IP Ranges and Service Tags for the Public Cloud should be defined according to the guidelines described at: https://www.microsoft.com/download/details.aspx?id=56519 +- TLS1.2 is enabled on the SBA VM OS. +- Ports 3443, 4444, and 8443 are used by Microsoft SBA Server to communicate with the Teams client and is allowed on the firewall. +- Port 5061 (or the one configured on the SBC) is used by Microsoft SBA Server to communicate with the SBC and is allowed on the firewall. +- UDP Port 123 is used by Microsoft SBA Server to communicate with NTP server and is allowed on the firewall. +- Port 443 is used by Microsoft SBA Server to communicate with Microsoft 365 and is allowed on the firewall. +- Azure IP Ranges and Service Tags for the Public Cloud are defined according to the guidelines described at: https://www.microsoft.com/download/details.aspx?id=56519 ## Supported Teams clients @@ -57,14 +57,27 @@ The SBA feature is supported on the following Microsoft Teams clients: ## How it works -During an internet outage, the Teams client switches to the SBA automatically, and ongoing calls continue with no interruptions. No action is required from the user. As soon as the Teams client detects that the internet is up, and any outgoing calls are finished, the client falls back to normal operation mode, and connects to other Teams services. The SBA uploads collected Call Data Records to the cloud. Call history is updated for review by the tenant administrator. -The Teams client-side outage mechanism for SBA is designed to ensure continuous connectivity and service availability during network disruptions. The mechanism operates as follows: -Client Policy Check: The user needs to be assigned the branch survivability policy for an SBA that the Teams client connects to--only if the appliance is up. -Network Status Check: Teams client connects to the SBA when the internet is disconnected, but the user's device is still connected to the SBA appliance. -Once these two conditions are met, the Teams client pings the SBA appliance and the client checks the policy. If both of these conditions are met, the following occurs: -Branch Survivability Policy: The branch survivability policy points to the SBA URLs assigned to the user/tenant. -Connection to SBA on Teams Client Side: Once the Teams client is offline and the user has the required policies as outlined above, the Teams client switches to Appliance mode where the user is able to make/receive PSTN calls. A banner is displayed to inform users of the switch to SBA. -Note that the only UI indicator of the switch to Appliance mode is the banner. If the banner is not present, the user is not in SBA mode, and Calling will not work. SBA mode is activated only on desktop clients on a physical machine. VMs and web clients are not supported at the moment. +During an internet outage, the Teams client switches to the SBA automatically, and ongoing calls continue with no interruptions. No action is required from the user. + +As soon as the Teams client detects that the internet is up, and any outgoing calls are finished, the client falls back to normal operation mode, and connects to other Teams services. The SBA uploads collected Call Data Records to the cloud. Call history is updated for review by the tenant administrator. + +The Teams client-side outage mechanism for the SBA is designed to ensure continuous connectivity and service availability during network disruptions. + +The following conditions must be met: + +- Client Policy Check: The user is assigned the branch survivability policy for an SBA that the Teams client connects to--only if the appliance is up. + +- Network Status Check: The Teams client connects to the SBA when the internet is disconnected, but the user's device is still connected to the SBA appliance. + +Once these conditions are met, the Teams client pings the SBA appliance, and the client checks the policy. If both of these conditions are met, the following occurs: + +- Branch Survivability Policy: The branch survivability policy points to the SBA URLs assigned to the user/tenant. + +- Connection to the SBA on the Teams Client Side: Once the Teams client is offline and the user has the required policies, the Teams client switches to Appliance mode where the user is able to make and receive PSTN calls. A banner is displayed to inform users of the switch to the SBA. + + The only UI indicator of the switch to Appliance mode is the banner. If the banner isn't present, the user isn't in SBA mode, and calling won't work. + +SBA mode is activated only on desktop clients on a physical machine. VMs and web clients aren't supported at the moment. When the Microsoft Teams client is in offline mode, the following calling-related functionality is available: @@ -73,12 +86,12 @@ When the Microsoft Teams client is in offline mode, the following calling-relate - Receiving PSTN calls through the local SBA/SBC with media flowing through the SBC. - Hold and resume of PSTN calls. - Blind transfer. -- Call forwarding to single phone number or Teams user. +- Call forwarding to a single phone number or Teams user. - Unanswered call forwarding to single phone number or Teams user. - Redirect of incoming PSTN call to a Call queue or Auto attendant number to a local agent. -- Redirect of incoming PSTN call to a Call queue or Auto attendant number to an alternative Call queue or Auro attendant number. -- VoIP Fallback. If VoIP call cannot be initiated and receiving party has a PSTN number, PSTN call will be attempted -- VoIP calls between local users. If both users are registered behind the same SBA, a VoIP call can be initiated instead of PSTN call, and the SBA will fully support it. +- Redirect of incoming PSTN call to a Call queue or Auto attendant number to an alternative Call queue or Auto attendant number. +- VoIP Fallback. If a VoIP call can't be initiated and the receiving party has a PSTN number, a PSTN call is attempted +- VoIP calls between local users. If both users are registered behind the same SBA, a VoIP call can be initiated instead of PSTN call, and the SBA will support the call. ## Configuration @@ -89,9 +102,9 @@ For the SBA feature to work, the Teams client needs to know which SBAs are avail 3. Assign the policy to users. 4. Register an application for the SBA with Microsoft Entra ID. -All configuration is done by using Teams PowerShell cmdlets. (The Teams admin center does not yet support the Direct Routing SBA feature.) +All configuration is done by using Teams PowerShell cmdlets. (The Teams admin center doesn't yet support the Direct Routing SBA feature.) -For information on configuring the SBC, with links to SBC vendor documentation, see Session Border Controller configuration at the end of this article. +For information on configuring the SBC, with links to SBC vendor documentation, see [Session Border Controller configuration](#session-border-controller-configuration). ### Create the SBAs @@ -117,7 +130,7 @@ Description : SBA 1 ### Create the Teams Branch Survivability Policy -To create a policy, use the New-CsTeamsSurvivableBranchAppliancePolicy cmdlet. This cmdlet has the following parameters. Note that the policy can contain one or more SBAs. +To create a policy, use the New-CsTeamsSurvivableBranchAppliancePolicy cmdlet. This cmdlet has the following parameters. The policy can contain one or more SBAs. | Parameter| Description | | :------------|:-------| @@ -212,21 +225,26 @@ For step-by-step guidance on how to configure your Session Border Controller wit - [TE-Systems](https://www.anynode.de/microsoft-teams-sba/) -## Reporting issues -Report any issues to your SBC vendor's support organization. When reporting the issue, indicate that you have a configured Survivable Branch Appliance. -## Known issues +## Known issues and considerations + +The following are known issues and considerations: + +- Because the SBA relies on authentication tokens that are valid for 24 hours and are renewed daily, the SBA can support outages for up to 24 hours from the last authentication. If an outage occurs 20 hours after the last authentication token renewal, the SBA will be operational only for the remaining 4 hours. -- Because the SBA relies on authentication tokens that are valid for 24 hours and are renewed daily, the SBA can support outages for up to 24 hours from the last authentication. This means that if an outage occurs 20 hours after the last authentication token renewal, SBA will be operational only for the remaining 4 hours. -- If the tenant is using Continuous Access Evaluation (CAE) tokens, SBA will be operational only for about 30 minutes, due to the nature of continuous access evaluation. An alternative would be to dissable CAE for the tenant. +- If the tenant is using Continuous Access Evaluation (CAE) tokens, the SBA will be operational only for about 30 minutes, due to the nature of continuous access evaluation. An alternative would be to dissable CAE for the tenant. - When you add new Survivable Branch Appliances, it might take time before you can use them in Survivable Branch Appliance policies. - When you assign a Survivable Branch Appliance policy to a user, it might take time before the SBA is shown in the output of Get-CsOnlineUser. -- Reverse number lookup against Microsoft Entra ID Contacts is not performed. +- Reverse number lookup against Microsoft Entra ID Contacts isn't performed. -- The SBA does not support call forwarding settings. +- The SBA doesn't support call forwarding settings. - Making an emergency call to an emergency number configured for dynamic emergency calling (E911) is not supported. + +## Report an issue + +Report any issues to your SBC vendor's support organization. When reporting the issue, indicate that you have a configured Survivable Branch Appliance. diff --git a/Teams/rooms/certified-hardware.md b/Teams/rooms/certified-hardware.md index b918042389..34ae1afaf8 100644 --- a/Teams/rooms/certified-hardware.md +++ b/Teams/rooms/certified-hardware.md @@ -138,6 +138,7 @@ The following devices are Certified under the Microsoft Teams Rooms on Windows C | Poly GC8 Console with Lenovo Thinksmart Core | Core i5 | 8 GB | 128 GB | | Poly GC8 Console with Dell Optiplex 7080 | Core i5 | 8 GB | 128 GB | | [Poly GC8 Console with HP 800 G9 Compute -MTR-W](https://www.poly.com/us/en/solutions/platform/microsoft/video/teams-rooms-windows) | Core i7 | 16 GB | 256 GB | +| [ViewSonic TeamJoin TRS10](https://www.viewsonic.com/global/products/commercial-display/TRS10) bundle (Compute: [MPC310-W31-TU](https://www.viewsonic.com/global/products/commercial-display/MPC310-W31-TU) + Console: [MRC1010-TN](https://www.viewsonic.com/global/products/commercial-display/MRC1010-TN)) | Core i3 | 8 GB | 128 GB | | [Yealink Core2 Kit](https://www.yealink.com/en/product-detail/microsoft-teams-rooms-mvc640) | Core i5 | 8 GB | 128 GB | | [Yealink MVC300 with Intel NUC](https://www.yealink.com/products_154.html) | Core i5 | 8 GB | 128 GB | | [Yealink MVC500 with Intel NUC](https://www.yealink.com/products_126.html) | Core i5 | 8 GB | 128 GB | diff --git a/Teams/toc.yml b/Teams/toc.yml index e29c4e5595..4fd5d19a11 100644 --- a/Teams/toc.yml +++ b/Teams/toc.yml @@ -1127,6 +1127,8 @@ items: href: direct-routing-media-optimization.md - name: Configure Local Media Optimization href: direct-routing-media-optimization-configure.md + - name: Direct Routing Survivable Branch Appliance + href: direct-routing-survivable-branch-appliance.md - name: Monitor Direct Routing items: - name: Overview @@ -1149,8 +1151,6 @@ items: href: direct-routing-protocols-SIP.md - name: Media protocols href: direct-routing-protocols-media.md - - name: Direct Routing Survivable Branch Appliance - href: direct-routing-survivable-branch-appliance.md - name: Shared Calling - A simpler solution items: diff --git a/Teams/vdi-2.md b/Teams/vdi-2.md index a966abb034..17c0e21682 100644 --- a/Teams/vdi-2.md +++ b/Teams/vdi-2.md @@ -56,8 +56,8 @@ New VDI solution for Teams is a new architecture for optimizing the delivery of ### Step 2: Plugin installation on the endpoint 1. For Azure Virtual Desktop and Windows 365, MsTeamsPluginAvd.dll is bundled with the RD Client for Windows 1.2.5405.0, or with the Windows App Store app 1.3.252 or higher. - - The plugin is found in the same folder location where the RD Client is installed. It'll either be AppData\Local\Apps\Remote Desktop or C:\Program Files (x86), depending on the mode in which it was installed. - - For the [Windows App Store](/windows-app/overview) app, since it's MSIX-based, it's found in C:\Program Files\WindowsApps. Access to this folder is restricted. + - The plugin is found in the same folder location where the RD Client is installed. It's either located at AppData\Local\Apps\Remote Desktop or C:\Program Files (x86), depending on the mode in which it was installed. + - The [Windows App Store](/windows-app/overview) app, since it's MSIX-based, is found in C:\Program Files\WindowsApps. Access to this folder is restricted. 1. For Citrix CWA 2402 or higher, MsTeamsPluginCitrix.dll can be installed either: - Using the user interface when installing CWA: On the **Add-on(s)** page, select the **Install Microsoft Teams VDI plug-in** checkbox, and then select **Install**. @@ -126,7 +126,7 @@ Once you meet all the minimum requirements, launching new Teams for the first ti > [!IMPORTANT] > For first run experiences, two app restarts are required to get the new optimization. -You can check in the Teams client that you are optimized with the new architecture by going to the ellipsis (three dots ...) on the top bar, then selecting Settings > About. The Teams and client versions are listed there. +You can check in the Teams client that you optimized with the new architecture by going to the ellipsis (three dots ...) on the top bar, then selecting Settings > About. The Teams and client versions are listed there. The plugin (MsTeamsPluginAvd.dll or MsTeamsPluginCitrix.dll) is responsible for eventually downloading the media engine, and SlimCore, which is an MSIX package. It installs silently without admin privileges or reboots in (example, exact path varies): @@ -190,7 +190,7 @@ A walkthrough of the architecture in the diagram: User calls -8. Peer A clicks the call button. MsTeamsVdi.exe communicates with the Microsoft Teams services in Azure, establishing an end-to-end signaling path with Peer B. MsTeamsVdi.exe collects a series of supported call parameters (codecs, resolutions, and so forth, which is known as a Session Description Protocol (SDP) offer). These call parameters are then relayed using the signaling path to the Microsoft Teams services in Azure and from there to the other peer.​ +8. Peer A selects the call button. MsTeamsVdi.exe communicates with the Microsoft Teams services in Azure, establishing an end-to-end signaling path with Peer B. MsTeamsVdi.exe collects a series of supported call parameters (codecs, resolutions, and so forth, which is known as a Session Description Protocol (SDP) offer). These call parameters are then relayed using the signaling path to the Microsoft Teams services in Azure and from there to the other peer.​ 9. The SDP offer/answer (single-pass negotiation) takes place through the signaling channel, and the ICE connectivity checks (NAT and Firewall traversal using STUN bind requests) complete. Then, Secure Real-time Transport Protocol (SRTP) media flows directly between MsTeamsVdi.exe and the other peer (or Teams Transport Relays or Conference servers). IP blocks for signaling, media, background effects, and other options are described in [this article](/microsoft-365/enterprise/urls-and-ip-address-ranges#skype-for-business-online-and-microsoft-teams). @@ -199,7 +199,7 @@ IP blocks for signaling, media, background effects, and other options are descri 1. Teams media flows connectivity is implemented using standard IETF Interactive Connectivity Establishment (ICE) for STUN and TURN procedures. 1. Real-time media. Data encapsulated within Real-time Transport Protocol (RTP) that supports audio, video, and screen sharing workloads. In general, media traffic is highly latency sensitive. This traffic must take the most direct path possible and use UDP versus TCP as the transport layer protocol, which is the best transport for interactive real-time media from a quality perspective. - - As a last resort, media can use TCP/IP and also be tunneled within the HTTP protocol, but it isn't recommended due to bad quality implications. + - As a last resort, media can use TCP/IP and also be tunneled within the HTTP protocol, but it's not recommended due to bad quality implications. - RTP flow is secured using SRTP, in which only the payload is encrypted. 1. Signaling. The communication link between the endpoint and Teams servers, or other clients, used to control activities (for example, when a call is initiated). Most signaling traffic uses UDP 3478 with fallback to HTTPS, though in some scenarios (for example, the connection between Microsoft 365 and a Session Border Controller) it uses SIP protocol. It's important to understand that this traffic is much less sensitive to latency but may cause service outages or call timeouts if latency between the endpoints exceeds several seconds. @@ -234,7 +234,7 @@ Implement QoS settings for endpoints and network devices and determine how you w ### Technologies that aren't recommended with Microsoft Teams in VDI -1. **VPN network**. It isn't recommended for media traffic. +1. **VPN network**. It's not recommended for media traffic. 1. Packet shapers. Any kind of packet sniffer, packet inspection, proxies, or packet shaper devices aren't recommended for Teams media traffic and may degrade quality significantly. ### Microsoft Teams PowerShell policy for optimization @@ -246,15 +246,15 @@ The default policy configurations are: - DisableCallsAndMeetings: False - DisableAudioVideoInCallsAndMeetings: False -This policy is now expanded with an additional argument as the only configuration point to control whether a user can get the new optimization mode based on SlimCore or not (in other words, the VDI Partner's policy engines don't control the new optimization mode): +This policy is now expanded with an additional argument as the only configuration point to control whether a user can get the new optimization mode that's based on SlimCore or not (in other words, the VDI Partner's policy engines don't control the new optimization mode): - VDI2Optimization: Enabled (default value) |Name |Definition |Example |Notes | |------------------------|-----------|--------|------| -|New-CsTeamsVdiPolicy |Allows administrators to define new VDI policies that can be assigned to users for controlling Teams features related to meetings on a VDI environment. |`PS C:\> New-CsTeamsVdiPolicy -Identity RestrictedUserPolicy -VDI2Optimization "Disabled"` |The command shown here uses the New-CsTeamsVdiPolicy cmdlet to create a new VDI policy with the identity RestrictedUserPolicy. This policy uses all the default values for a VDI policy except one: VDI2Optimization. In this example, users with this policy will not be able to be optimized with SlimCore. | -|Grant-CsTeamsVdiPolicy |Allows administrators to assign a Teams VDI policy at a per-user scope to control the type of meetings that a user can create, the features they can access on an unoptimized VDI environment, and whether a user can be optimized with the new optimization mode based on SlimCore. |`PS C:\> Grant-CsTeamsVdiPolicy -identity "Ken Myer" -PolicyName RestrictedUserPolicy` |In this example, a user with identity "Ken Myer" is assigned the RestrictedUserPolicy. | -|Set-CsTeamsVdiPolicy |Allows administrators to update existing VDI policies. |`PS C:\> Set-CsTeamsVdiPolicy -Identity RestrictedUserPolicy -VDI2Optimization "Disabled"` |The command shown here uses the Set-CsTeamsVdiPolicy cmdlet to update an existing VDI policy with the Identity RestrictedUserPolicy. This policy uses all the existing values except one: VDI2Optimization; in this example, users with this policy can not be optimized with SlimCore. | +|New-CsTeamsVdiPolicy |Allows administrators to define new VDI policies that can be assigned to users for controlling Teams features related to meetings on a VDI environment. |`PS C:\> New-CsTeamsVdiPolicy -Identity RestrictedUserPolicy -VDI2Optimization "Disabled"` |The command shown here uses the New-CsTeamsVdiPolicy cmdlet to create a new VDI policy with the identity RestrictedUserPolicy. This policy uses all the default values for a VDI policy except one: VDI2Optimization. In this example, users with this policy can't be optimized with SlimCore. | +|Grant-CsTeamsVdiPolicy |Allows administrators to assign a Teams VDI policy at a per-user scope to control the type of meetings that a user can create, the features they can access on an unoptimized VDI environment, and whether a user can be optimized with the new optimization mode that's based on SlimCore. |`PS C:\> Grant-CsTeamsVdiPolicy -identity "Ken Myer" -PolicyName RestrictedUserPolicy` |In this example, a user with identity "Ken Myer" is assigned the RestrictedUserPolicy. | +|Set-CsTeamsVdiPolicy |Allows administrators to update existing VDI policies. |`PS C:\> Set-CsTeamsVdiPolicy -Identity RestrictedUserPolicy -VDI2Optimization "Disabled"` |The command shown here uses the Set-CsTeamsVdiPolicy cmdlet to update an existing VDI policy with the Identity RestrictedUserPolicy. This policy uses all the existing values except one: VDI2Optimization; in this example, users with this policy can't be optimized with SlimCore. | |Remove-CsTeamsVdiPolicy |Allows administrators to delete a previously created Teams VDI policy. Users with no explicitly assigned policy will fall back to the default policy in the organization. |`PS C:\> Remove-CsTeamsMeetingPolicy -Identity RestrictedUserPolicy` |In the example shown above, the command deletes the restricted user policy from the organization's list of policies and removes all assignments of this policy from users who have the policy assigned. | |Get-CsTeamsVdiPolicy |Allows administrators to retrieve information about all the VDI policies that have been configured in the organization. |`PS C:\> Get-CsTeamsVdiPolicy -Identity SalesPolicy` |In this example, Get-CsTeamsVdiPolicy is used to return the per-user meeting policy that has an Identity SalesPolicy. Because identities are unique, this command doesn't return more than one item. | @@ -318,9 +318,10 @@ By default, the MsTeamsPlugin automatically downloads and installs the right Sli #### Known issues -- Azure RemoteApps and Citrix Published Apps are not supported at this time. +- Azure RemoteApps and Citrix Published Apps aren't supported at this time. - Calls drop on Teams running on the local machine that has an HID peripheral connected if a user launches a virtual desktop from that same local machine and logs into Teams. -- If you try to join a meeting right after launching new Teams (for example, clicking on a Teams deep link in Outlook without having new Teams running), the call might drop. +- If you try to join a meeting right after launching new Teams (for example, selecting a Teams deep link in Outlook without having new Teams running), the call might drop. +- Camera self preview isn't supported at this time (either under Settings/Devices, or while on a call when selecting the down arrow on the camera icon). #### Citrix virtual channel allow list @@ -406,11 +407,11 @@ If there's a connection error, the error code can be found from the log line con |-----------|-----------|---------------------------------|------| |0 |0 |OK |Special code for 'ConnectedNoPlugin' Telemetry Messages. | |5 |43 |ERROR_ACCESS_DENIED |MsTeamsVdi.exe process failed at startup. Could be caused by BlockNonAdminUserInstall being enabled. Or the endpoint could be busy registering multiple MSIX packages after a user logon and it didn't finish registering SlimCoreVdi. | -|404 |3235 |HTTP_STATUS_NOT_FOUND |Publishing issue: SlimCore MSIX package is not found on CDN. | -|1260 |10083 |ERROR_ACCESS_DISABLED_BY_POLICY |This error usually means that Windows Package Manager cannot install the SlimCore MSIX package. Event Viewer can show the hex error code 0x800704EC. AppLocker Policies can cause this error code. You can either disable AppLocker, or add an exception for SlimCoreVdi packages in Local Security Policy -> Application Control Policies -> AppLocker. Check 'Step 3' under "Optimizing with new VDI solution for Teams". | -|1460 |11683 |ERROR_TIMEOUT |MsTeamsVdi.exe process failed at startup (60 second timeout). | +|404 |3235 |HTTP_STATUS_NOT_FOUND |Publishing issue: SlimCore MSIX package isn't found on CDN. | +|1260 |10083 |ERROR_ACCESS_DISABLED_BY_POLICY |This error usually means that Windows Package Manager can't install the SlimCore MSIX package. Event Viewer can show the hex error code 0x800704EC. AppLocker Policies can cause this error code. You can either disable AppLocker, or add an exception for SlimCoreVdi packages in Local Security Policy -> Application Control Policies -> AppLocker. Check 'Step 3' under "Optimizing with new VDI solution for Teams". | +|1460 |11683 |ERROR_TIMEOUT |MsTeamsVdi.exe process failed at startup (60-second timeout). | |1722 | |RPC_S_SERVER_UNAVAILABLE |'The RPC server is unavailable' MsTeamsVdi.exe related error. | -|2000 |16002 |No Plugin |Endpoint does not have the MsTeamsPlugin, or if it has it, it did not load (check with Process Explorer). | +|2000 |16002 |No Plugin |Endpoint doesn't have the MsTeamsPlugin, or if it has it, it didn't load (check with Process Explorer). | |2001 | |Virtual Channel Not Available |Error on Citrix VDA WFAPI. | |3000 |24002 |SlimCore Deployment not needed |This code isn't really an error. It's a good indicator that the user is on the new optimization architecture with SlimCore. | |3001 |24010 |SlimCore already loaded |This code isn't really an error. It's a good indicator that the user is on the new optimization architecture with SlimCore. | @@ -420,7 +421,7 @@ If there's a connection error, the error code can be found from the log line con |4000 | |ERROR_WINS_INTERNAL |WINS encountered an error while processing the command. | |15615 |1951 |ERROR_INSTALL_POLICY_FAILURE |SlimCore MSIX related error. To install this app, you need either a Windows developer license, or a sideloading-enabled system. AllowAllTrustedApps regkey might be set to 0? | |15616 | |ERROR_PACKAGE_UPDATING |SlimCore MSIX related error 'The application cannot be started because it is currently updating'. | -|15700 | |APPMODEL_ERROR_NO_PACKAGE |The process has no package identity. There is no alias for MsTeamsVdi in %LOCALAPPDATA%\Microsoft\WindowsApps. [Feedback Hub](https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332) logs are needed while reproducing the error (make sure you select **Developer Platform** as the category and **App deployment** as the subcategory)| +|15700 | |APPMODEL_ERROR_NO_PACKAGE |The process has no package identity. There's no alias for MsTeamsVdi in %LOCALAPPDATA%\Microsoft\WindowsApps. [Feedback Hub](https://support.microsoft.com/windows/send-feedback-to-microsoft-with-the-feedback-hub-app-f59187f8-8739-22d6-ba93-f66612949332) logs are needed while reproducing the error (make sure you select **Developer Platform** as the category and **App deployment** as the subcategory)| ## Using Event Viewer on the VM for troubleshooting @@ -461,7 +462,7 @@ Error 15615 usually means that the Windows Package Manager can't install the MSI - Make sure the digital signature of that MSIX is trusted by the Endpoint (Go to MSIX > Properties > Digital signatures > Details). It's a valid store-friendly Microsoft signature, but customers may have something special configured. - Try enabling the [AllowAllTrustedApps policy](/windows/client-management/mdm/policy-csp-applicationmanagement). - Try to allow sideloading apps from trusted nonstore sources. - - On Windows 10, this setting is enabled by default, so modify it here in case it is disabled: Settings > Update and Security > For developers > Sideload apps. + - On Windows 10, this setting is enabled by default, so modify it here in case it's disabled: Settings > Update and Security > For developers > Sideload apps. - On Windows 11, this setting is enabled by default: Settings > Apps > Advanced app settings > Choose where to get apps > Anywhere. ## Log collection