Share via

Direct Routing SBC TLS Handshake Issue

Hakim Kaci 0 Reputation points
2026-02-03T12:55:17.7366667+00:00

Hello,

we are experiencing a critical issue since 31/01/2026 with our SBC audiocodes connected to Microsoft Teams direct routing(sip.pstnhub.microsoft.com:5061).

Our sbc send Tls Hello messages to Microsoft Teams, but no Server Hello response is received, we observe encrypted TLS alerts followed by connection termination.

From our SBC we see that on syslog :

TLSSocketAPI(#569)::HandshakeCompleted - TLS handshake success

TLSSocketAPI(#569)::ResendWaitingMessage - Resending message succeeded after retrying 11 times

TLSSocketAPI(#569)::HandleDisconnectEvent(EVENT_RECEIVER_DISCONNECT)

TLSSocketAPI(#569)::DispatchQueueEvent(EVENT_RECEIVER_DISCONNECT) - Closing connection.

Current configuration :

We currently use a wildcard certificate issued by Gandi

TLS Version: TLS 1.2 (enabled and enforced).

Cipher Suites: Configured to use Microsoft-recommended suites (e.g., TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384).

Ports: 5061 (TLS) is open and accessible.

Questions :

Why is Microsoft Teams not responding with a Server Hello to our SBC’s Client Hello? Are there additional requirements or checks performed by Microsoft before responding?

Could the Gandi-issued certificate be causing the closing connection

Are there specific logs or diagnostics on Microsoft’s side that could help identify why the Server Hello is not sent?

Is there a known issue or recent change in Microsoft’s TLS handshake process that could explain this behavior?

Thanks in advance

Microsoft Teams | Development
Microsoft Teams | Development
Building, integrating, or customizing apps and workflows within Microsoft Teams using developer tools and APIs
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Kudos-Ng 13,675 Reputation points Microsoft External Staff Moderator
    2026-02-03T14:32:49.4233333+00:00

    Hi Hakim Kaci,

    Thank you for posting your question in the Microsoft Q&A forum.

    Based on your description, this doesn’t look like a TLS version problem but is more likely related to certificate/trust validation, especially given Microsoft’s recent and upcoming changes to certificates for Teams Direct Routing. Please review Microsoft’s official “What’s new” notice here: What’s new for Direct Routing.

    In addition, you may find this vendor-focused write‑up helpful for AudioCodes environments, which summarizes the mTLS certificate implications and firmware considerations: Teams Direct Routing mTLS Certificate Requirements for AudioCodes SBCs.

    Note: Microsoft is providing this information as a convenience to you. These sites are not controlled by Microsoft, and Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please ensure that you fully understand the risks before using any suggestions from the above link.

    Given the above, it would be prudent to re‑check your SBC’s configuration against the newer certificate validation expectations (e.g., trust store includes the updated DigiCert roots, CN/SAN alignment to the SBC FQDN, and full chain installed). For troubleshooting of SIP OPTIONS and TLS behaviors, please follow Microsoft’s official guide: SBC connectivity issues (SIP OPTIONS & TLS certificate issues).

    I hope this helps. If you have any further questions, please feel free to share.

    If the answer is helpful, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment". 

    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    1 person found this answer helpful.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.