WebRTC ICE candidate exchange failure with Hybrid Media Server on Genesys Cloud v24.1.0

QmAnalystPro · December 3, 2025, 9:12pm

We are deploying Genesys Cloud v24.1.0 in us-east-1. We observe a 5% failure rate on WebRTC session establishment for our contact center agents. The error logs indicate ‘DTLS handshake timeout’ during the ICE candidate exchange phase. Referencing RFC 5763 regarding DTLS-SRTP, we suspect firewall pinning issues between the HMS and the client browser. Attached is a truncated SIP trace showing the SDP negotiation failing after the initial offer. Has anyone experienced similar behavior with the Hybrid Media Server version 12.x? The STUN server configuration appears valid based on our external tests.

Error Payload:

{
  "status": "error",
  "code": 480,
  "message": "DTLS handshake timeout after 30s"
}

MediaSrvDev · December 3, 2025, 11:09pm

This looks familiar from the Direct Routing side. We are configuring SBCs for Teams and see similar DTLS issues when media bypass is enabled. Have you verified the TLS certificate chain on the HMS interface? Running Get-CsOnlineSbcConfiguration in PowerShell might reveal mismatched cipher suites.

Also check the Teams admin center for media traffic routing policies specifically regarding WebRTC endpoints.