Howto:Microsoft Lync 2010 - Quickstart Guide: Difference between revisions

From innovaphone wiki
Jump to navigation Jump to search
 
(83 intermediate revisions by 3 users not shown)
Line 1: Line 1:
<!-- {{Template:3rd Party Input}}-->
{{FIXME|reason=Working in progress}}
==Summary==
==Summary==
SIP trunking between innovaphone PBX and Microsoft Lync Server 2010. Test have been done following the test in the [http://technet.microsoft.com/en-us/lync/gg131938 Unified Communications Open Interoperability Program – Lync Server].
==Certification Status==
<!-- by inno
  - uncomment one of the stati below
  - update date below
  -->
<!-- {{Template:Compat Status "planned"}} -->
<!-- {{Template:Compat Status "in progress"}} -->
{{Template:Compat Status "certified"|certificate=Product_-_Vendor_-_3rd_Party_Product_-_Desc-product-cert.pdf}}
<!-- {{Template:Compat Status "tested"(sip provider)}} -->
<!-- {{Template:Compat Status "rejected"}} -->
<!-- {{Template:Compat Status "customer-testimonial"}} -->


Testing of this product has been finalized October, 2011.
This is a configuration guide describing the setup of a Direct SIP trunk between an innovaphone PBX and a Microsoft Lync Server 2010. The connection can be done using SIP over TCP or TLS. The use of SRTP is for both connection methods optional.
 
The product is certified according to the [http://technet.microsoft.com/en-us/lync/gg131938 Unified Communications Open Interoperability Program – Lync Server program].
 
 


==Applies To==
==Applies To==
This information applies to
This information applies to


* Innovaphone PBX V9 build 90733 and higher
* Innovaphone PBX V9 build 90733 or higher (since v9 HotFix5)


* Microsoft Lync Server 2010 v4.0.7577.0
* Microsoft Lync Server 2010 v4.0.7577.0
Line 32: Line 22:
The Microsoft Lync Server 2010 has a new feature called [http://technet.microsoft.com/en-us/library/gg398703.aspx Media Bypass]. When this feature is activated, it permits a direct audio termination on the Lync client instead of the Mediation Server.  
The Microsoft Lync Server 2010 has a new feature called [http://technet.microsoft.com/en-us/library/gg398703.aspx Media Bypass]. When this feature is activated, it permits a direct audio termination on the Lync client instead of the Mediation Server.  


'''Note:''' In order to use Microsoft Lync Server 2010 Media Bypass feature it's required to set [http://wiki.innovaphone.com/index.php?title=Reference:Administration/Relay/VOIP/GW#Coder_Preferences Media-Relay] and exclusive codec options on the Innovaphone Gateway. In this article we will separate the two different possible configurations.
'''Note:''' In order to use Microsoft Lync Server 2010 Media Bypass feature it is required to set [http://wiki.innovaphone.com/index.php?title=Reference:Administration/Relay/VOIP/GW#Coder_Preferences Media-Relay] and exclusive codec options on the innovaphone gateway. In this article we will describe separately the two possible configurations.




'''Note2:''' Some REFER methods are not supported by Innovaphone PBX, in order to have correct work between the two devices the option "Enable REFER Support" on Microsoft Lync Control Panel at Voice Routing-> Trunk Configuration must be disable always. This option could be changed by Powershell Command too: ''Set-CsTrunkConfiguration -EnableReferSupport $false'' .
'''Note2:''' Some SIP REFER methods are not supported by innovaphone PBX. As a result, the option "Enable REFER Support" (on Microsoft Lync Control Panel at Voice Routing-> Trunk Configuration) must be disabled.  
This option could be changed also by a Powershell command: ''Set-CsTrunkConfiguration -EnableReferSupport $false'' .


== Direct SIP Topology ==
== Direct SIP Topology ==


* Here is a small example of a Direct SIP deployment.
* Here is an example of a Direct SIP deployment.


[[Image:Lync_topology_example1.png]]
[[Image:Lync_topology_example1.png]]


== Configuration of Innovaphone with Microsoft Lync Server 2010 - Media Bypass ON and TSIP Mode ==
==Configuration==
===innovaphone with Microsoft Lync Server 2010 - Media Bypass ON and TSIP mode===


=== Innovaphone Configuration ===
* In order to establish communications between the Lync 2010 and the innovaphone PBX, we need to establish one SIP Trunk between the innovaphone gateway and the MS Mediation server. All signalling between the two systems is passed through this SIP Trunk. If load balancing or fail-over setups are required, we could have either multiple trunks configured on either the Mediation Server to multiple Gateways or vice-versa.


* In order to establish communications between the Lync 2010 and the innovaphone PBX we need to establish one SIP Trunk between the Innovaphone Gateway and the MS Mediation Server. All signalling between the two systems are passed by this SIP Trunk without Registration on the Gateway to MS Mediation Server. We could have multiple trunks configured on Mediation Server to multiple Gateways or vice-versa.
=====1. Create a Gateway Object in the PBX=====
 
==== 1. Create a Gateway Object in the PBX ====


Go to: PBX -> Objects -> Create new Gateway/Trunkline Object and configure these settings:  
Go to: PBX -> Objects -> Create new Gateway/Trunkline Object and configure these settings:  
Line 55: Line 45:
# Long Name: LyncGW
# Long Name: LyncGW
# Name: LyncGW
# Name: LyncGW
# Number: choose a number in order to allow innovaphone users dialing out to the Lync users
# Number: choose a number in order to allow innovaphone users dialing out to the Lync users (e.g. ''5'')
# Enable the '''Prefix''' checkbox (if it's a gateway object).
# If it's a gateway object, enable the '''Prefix''' checkbox
# Click '''Ok''' when finished to save the object.
# Click '''Ok''' when finished to save the object.


[[Image:Lync_Trunkline.png]]
[[Image:Lync_Trunkline.png]]


==== 2. H.323 interface to the PBX ====
=====2. H.323 interface to the PBX=====


Go to: Gateway -> GK -> GW1 and configure these settings:  
Go to: Gateway -> GK -> GW1 and configure these settings:  
Line 72: Line 62:
# Media Properties: Change both '''Framesize''' values to 20ms.  
# Media Properties: Change both '''Framesize''' values to 20ms.  
# Click '''Ok''' when finished to save your settings.
# Click '''Ok''' when finished to save your settings.
'''Note''': Of course you will need at least one port license to register the GW-object at the PBX.


[[Image:Lync_GWX_PBX_MediaBypassON_NO_SRTP1.png]]
[[Image:Lync_GWX_PBX_MediaBypassON_NO_SRTP1.png]]


==== 3. SIP interface to Mediation Server ====
=====3. SIP interface to Mediation Server=====


Go to: Administration -> Gateway -> GK -> GW2 and configure these settings:  
Go to: Administration -> Gateway -> GK -> GW2 and configure these settings:  
Line 82: Line 74:
# Mode: '''Gateway without Registration'''
# Mode: '''Gateway without Registration'''
# Proxy: Enter the Mediation Server '''IP - address'''  
# Proxy: Enter the Mediation Server '''IP - address'''  
# Local Domain: Enter the '''FQDN''' or '''IP Address''' of the innovaphone Gateway (depends if IP/PSTN Gateway on Lync was configured with IP or FQDN).
# Media Properties: Change the '''General Coder Preference''' to G.711A and enable the '''exclusive''' checkbox.  
# Media Properties: Change the '''General Coder Preference''' to G.711A and enable the '''exclusive''' checkbox.  
# Media Properties: Change both '''Framesize''' values to 20ms.
# Media Properties: Change both '''Framesize''' values to 20ms.
Line 89: Line 82:
[[Image:Lync_GWX_TSIP_MediaBypassON_NO_SRTP1.png]]
[[Image:Lync_GWX_TSIP_MediaBypassON_NO_SRTP1.png]]


==== 4. Number mappings (CGPN/CDPN) ====
=====4. Number mappings (CGPN/CDPN)=====


* In our example the PBX users dial 5 plus the short extension of Lync Client (ie: 5 + 2655) but since the Lync uses full e164 numbering scheme we need to send the full number to Mediation Server to reach the correct extension in International format. Using CDPN Out Maps we could achieve that, note this is an example, we can set numbers not in e164 format on Lync Server and use other maps.
* In our example the PBX users dial ''5'' plus the short extension of Lync Client (e.g.: ''5 + 2655'') but since the Lync uses full e164 numbering scheme we need to send the full number to Mediation Server to reach the correct extension in international format. Using CDPN Out maps we could achieve that, note this is an example, we can set numbers not in e164 format on Lync Server and use other maps.


Go to: Gateway -> GW2 and edit the CGPN/CDPN mappings:  
Go to: Gateway -> GW2 and edit the CGPN/CDPN mappings:  


# For incoming CGPNs ('''CGPN-IN''') map the '''International''' flag to its e.164 format'''00'''.
# For incoming CGPNs ('''CGPN-IN''') map the '''International''' flag to its e.164 format'''00'''.
# For incoming CGPNs ('''CGPN-IN''') map the '''National''' flag to its e.164 format '''0'''.
# For incoming CDPNs ('''CDPN-IN''') map the '''International''' flag to its e.164 format '''00'''.
# For incoming CDPNs ('''CDPN-IN''') map the '''International''' flag to its e.164 format '''00'''.
# For incoming CDPNs ('''CDPN-IN''') map the '''National''' flag to its e.164 format '''0'''.
# For outgoing CGPNs ('''CGPN-OUT''') map ''00'' to the ISDN format '''International'''.
# For outgoing CGPNs ('''CGPN-OUT''') map ''00'' to the ISDN format '''International'''.
# For outgoing CGPNs ('''CGPN-OUT''') map ''0'' to the ISDN format '''National'''.
# For outgoing CDPNs ('''CDPN-OUT''') map '' Lync Extension'' to the ISDN format '''International'''.
# For outgoing CDPNs ('''CDPN-OUT''') map '' Lync Extension'' to the ISDN format '''International'''.
# Click '''Ok''' when finished to save the first route.
# Click '''Ok''' when finished to save the CGPN/CDPN mappings.


[[Image:Lync_MAPStoLync1.png]]
[[Image:Lync_MAPStoLync1.png]]


==== 5. Routing between SIP interface and PBX ====
=====5. Routing between SIP interface and PBX=====


* The routes could be very simple, it's important to check the flag "Interworking(QSIG,SIP)" always, for incoming routes from Lync to PBX we have some Prefix too like 5 to reach internal PBX extensions and 0 to reach the PSTN Trunkline on the PBX. Note that in the example we have an extra SIPS Trunk that we will see later how to configure it.
* It's important to enable the flag '''Interworking(QSIG,SIP)''' in all routes to and from the Mediation server.


Go to: Gateway -> Routes and configure these settings:  
Go to: Gateway -> Routes and configure these settings:  
Line 119: Line 109:
[[Image:Lync_Routes_1.png]]
[[Image:Lync_Routes_1.png]]


=== Microsoft Lync Server 2010 Configuration ===
=====6. Microsoft Lync Server 2010 configuration=====


* Enable '''Media Bypass''' option on the Microsoft Lync Server 2010 Control Panel.
The Lync configuration should be done  by a Microsoft certified technician ans will not be explained in detail here. The article names only the settings that must be configured on the Lync in addition to the normal Lync configuration for a Direct SIP trunk.
* Create a '''IP/PSTN Gateway''' to Innovaphone Gateway, here we setup the Innovaphone Gateway IP Address/FQDN, Signalling Listening Port and Transport method (TCP or TLS).  


Here is a small example:
* Enable '''Media Bypass''' option on the Microsoft Lync Server 2010 control panel.
* Disable the config option '''Enable REFER Support'''.
* Change the encryption level of Lync clients like described in the [[Howto:Microsoft_Lync_2010_-_Quickstart_Guide#Known_Problems | Known Problems]] section.
* Check if the Mediation Server listening ports match with our innovaphone GW''x'' interface setup (by default Lync uses 5068 for TCP and 5067 for TLS). 
* Create a '''IP/PSTN Gateway''' for innovaphone, here we setup the innovaphone gateway IP address/FQDN, signalling listening port and transport method (TCP or TLS).
 
Here is an example for the Lync '''IP/PSTN Gateway''' configuration:


[[Image:Lync_PSTGateway_TCP.png]]
[[Image:Lync_PSTGateway_TCP.png]]


== Configuration of Innovaphone with Microsoft Lync Server 2010 - Media Bypass OFF ==
===innovaphone with Microsoft Lync Server 2010 - Media Bypass OFF===


* When the option Media Bypass it's OFF all RTP traffic will pass by the Mediation Server, in this mode we don't need to have Media-Relay or Exclusive Codec on Innovaphone Gateway. So the configuration will be similar to the one before but we must remove all exclusive codec and media-relay options at the Interfaces. The Innovaphone PBX Endpoints will send the RTP packets directly to the Mediation Server.


Here is an example:
* When we disable the '''Media Bypass''' feature on the Microsoft Lync Server 2010, all RTP traffic will pass through the Mediation Server. In this mode we don't need to enable ''media-relay'' or ''exclusive codec'' on the innovaphone gateway.
* All incoming and outgoing calls from the Microsoft Lync Server 2010 will pass through the '''Mediation Server'''.
* The rest of the configuration will be similar to previous example.
 
Here is an example of GW-interface to a Lync Mediation server running in this mode:


[[Image:Lync_GWX_TSIP_MediaBypassOFF_NO_SRTP1.png]]
[[Image:Lync_GWX_TSIP_MediaBypassOFF_NO_SRTP1.png]]


== Configuration of Innovaphone with Microsoft Lync Server 2010 - SIP over TLS (SIPS) ==
===innovaphone with Microsoft Lync Server 2010 - SIP over TLS (SIPS)===


* To set up a SIPS Trunk with Mediation Server we need first to ensure that Innovaphone Gateway have the right Certificates to establish the TLS communication with Lync.
* To set up a SIPS trunk with a Mediation server we need to ensure that the innovaphone gateway has the correct certificates installed (to establish the TLS communication with Lync - Mediation server).
* This certificates are managed by the Microsoft CA Server of the Domain where is installed the Lync Setup.
* This certificates are usually managed and signed by the CA server(e.g. Microsoft CA server) responsible for the Lync domain.


=== 1. Set Up Certificates ===
=====1. Set Up Certificates=====


* First we need to obtain the CA Root Certificate or Lync Server 2010 Certificate then we upload this file to Innovaphone Gateway.
* First,it must be ensured that the TLS certificate offered by the Lync server is accepted by the innovaphone gateway. To do this the trust list of the innovaphone gateway must contain either the 'Lync Server 2010 certificate' or the 'CA Root certificate' of the CA that issued the certificate installed on the Lync server. To upload a certificate into the trust list of an innovaphone device, proceed as follows:


Go to: General -> Certificates and :
Go to: General -> Certificates:


# Trust List: Click on '''Choose File''' button to upload the certificate obtained from CA Server.
# in the 'Trust List' section: Click on the '''Choose File''' button to upload the certificate(either the 'Lync Server 2010 certificate' or the 'CA Root certificate').
# This certificate should appear next in the Trust list.
# If the upload was successful, this certificate should appear now in the trust list section.


[[Image:Lync_Certificates_upload_trust.png]]
[[Image:Lync_Certificates_upload_trust.png]]




* Now we need to make Certificate Signing Request to CA Server of the Innovaphone Gateway.
* Next we must ensure that the innovaphone gateway can authenticate at the Lync server. For this, we need to create a ''Certificate Signing Request''(CSR) for the innovaphone gateway. This CSR - file will be later signed by a CA, trusted by the Lync server.


Go to: General -> Certificates and -> Device Certifacate -> Click on '''Create New''' and configure the settings:
To create a CSR go to: General -> Certificates -> Device Certificate -> Click on '''Create New''' and configure the settings:


# Type: '''Signing Request'''.
# Type: '''Signing Request'''.
# Key: 1024, 2048 or 4096 bit.
# Key: 1024, 2048 or 4096 bit.
# Common Name: '''FQDN''' of the Innovaphone Gateway (Our example PBX.innovaphone.compat).
# Common Name: '''FQDN''' of the innovaphone gateway (e.g. PBX.innovaphone.compat).
# All other fields are optional and then click '''OK''' and wait till the request file is finished.
# All other fields are optional. When finished, click '''OK''' and wait till the request file is generated.
# Click on '''PEM''' mode to download the certificate request file.
# Click on '''PEM''' mode to download the certificate request file.


[[Image:Lync_Certificates_requestcert.png]]
[[Image:Lync_Certificates_requestcert.png]]


* This 'Certificate Sigining Request' should then be forwarded to the CA server used in the customer domain. The CA server will generate a certificate, which can be uploaded in the innovaphone Device Certificate list


Go to: Microsoft Certificate Services Webpage -> Request a Certificate -> advance certificate request -> Click on '''Submit a certificate request by using a base-64-encoded CMC or PKCS #10 file, or submit a renewal request by using a base-64-encoded PKCS #7''' file and:  
To do this, go to: General -> Certificates -> Device Certificate and:


# Open the request certificate file created before with text editor and copy all information on it.
# Click on '''Choose File''' and select the certificate file signed by the CA server.
# Paste that information on the '''Saved Request''' box.
# The new certificate should appear on the Device Certificate List, as shown in the screenshot below.
# Certificate Template: Choose MTLS or Webserver (or similar).
# Click Submit to apply this request to the CA Server, after that we need to Issue this certificate request on the Pending List and then we can download the certificate file from the Microsoft Certificate Services Webpage.
 
[[Image:Lync_Certificates_submitrequest.png]]
 
 
* To finish this setup we just need to upload the previous file on the Innovaphone Device Certificate list.
 
Go to: General -> Certificates and -> Device Certifacate and:
 
# Click on '''Choose File''' and select the Certificate File downloaded previous and then Upload.
# The new certificate should appear on the Device Certificate List like in our example.


[[Image:Lync_Certificates_device_cert.png]]
[[Image:Lync_Certificates_device_cert.png]]


=== 2. SIPS Interface to Mediation Server ===
=====2. SIPS Interface to Mediation Server=====


 
To configure the SIPS interface to the Mediation server, go to: Administration -> Gateway -> GK -> GWx (e.g. GW2) and configure these settings:  
Go to: Administration -> Gateway -> GK -> GW2 and configure these settings:  


# Protocol: '''SIPS'''
# Protocol: '''SIPS'''
# Mode: '''Gateway without Registration'''
# Mode: '''Gateway without Registration'''
# Remote Domain: Enter the '''Mediation Server FQDN'''.
# Remote Domain: Enter the Mediation server '''FQDN'''.
# Local Domain: Enter the '''Innovaphone Gateway FQDN'''.
# Local Domain: Enter the innovaphone gateway '''FQDN'''.
# Proxy: Enter the Mediation Server '''IP - address'''
# Proxy: Enter the Mediation server '''IP - address'''
# Local Signaling Port: Set the Port where Lync Server will contact (by default Innovaphone GW uses 5061 for SIPS).  
# Local Signaling Port: Set the Port where Lync Server will try to contact the innovaphone gateway (by default an innovaphone gateway uses port ''5061'' for SIPS).  
# Media Properties: Change the '''General Coder Preference''' to G.711A.  
# Media Properties: Change the '''General Coder Preference''' to ''G.711A''.  
# Media Properties: Change both '''Framesize''' values to 20ms.
# Media Properties: Change both '''Framesize''' values to ''20ms''.
# If the Lync server is configured for Media Bypass, activate also the options '''Exclusive''' and '''Media-Relay''' in the Media Properties section
# Click '''Ok''' when finished to save your settings.
# Click '''Ok''' when finished to save your settings.
The screenshot below shows a configuration for a Lync server configuration without Media Bypass.


[[Image:Lync_GWX_SIPS_MediaBypassOFF_NO_SRTP.png]]
[[Image:Lync_GWX_SIPS_MediaBypassOFF_NO_SRTP.png]]


=====3. innovaphone PBX System Name=====


=== 3. Innovaphone PBX System Name ===
* In order to have the TLS connection and routing working properly, the PBX '''System Name''' must match the FQDN of the gateway. In our example we used ''PBX.innovaphone.compat'', note that this name matches with the '''Common Name''' used when creating the ''Certificate Signing Request'' and also the ''Local Domain'' configured at the SIPS interface.


* In order to have TLS connection and Routing working properly we need to setup the System name as the FQDN. In our example we used PBX.innovaphone.compat, note that this name matches with Common Name used for Certificates and the Local Domain at SIPS Interface.
To configure this, go to: PBX-> Config -> General:


Go To: PBX-> Config and setup:
# System Name: Enter the '''FQDN''' of the gateway, e.g. ''PBX.innovaphone.compat''
 
# Activate the '''Use as Domain''' option.
# System Name: Enter the '''FQDN''' of the Gateway.
# Activate the '''Use as Domain''' Checkbox.


[[Image:Lync_System_name.png]]
[[Image:Lync_System_name.png]]


=====4. Create IP/PSTN Gateway=====


=== 4. Create IP/PSTN Gateway at Lync Topology Builder ===
* Create an '''IP/PSTN Gateway''', choose the TLS transport method and insert the FQDN of the innovaphone gateway.


* Create once more an '''IP/PSTN Gateway''' but now we choose the TLS transport method and insert the FQDN of the innovaphone gateway.
Here is an example:


[[Image:Lync_PSTGateway_TLS.png]]
[[Image:Lync_PSTGateway_TLS.png]]


== Use SRTP with Microsoft Lync Server 2010 ==
===Use SRTP with Microsoft Lync Server 2010===


* In order to have SRTP between Innovaphone Gateway and Lync we must set the SRTP Crypto '''AES128/80''' in the TSIP/SIPS Interface to Mediation Server and all other interfaces/endpoints that will call to Lync (IP Phones, ISDN Interfaces, GW H.323 Interface to PBX).
* In order to encrypt the audio stream with SRTP between an innovaphone gateway and Lync Mediation server, the SRTP Crypto attribute must be configured to '''AES128/80'''. This setting has to be done in the TSIP/SIPS Interface to Mediation Server and also on all other interfaces/endpoints that will make calls to the Lync server(i.e. IP phones, ISDN interfaces, the internal GW-Interface to the PBX).
* Use of SRTP could be used either with TSIP/SIPS Trunk and either with Media Bypass ON/OFF.
* '''SRTP''' can be used either on a  '''TSIP''' or a '''SIPS''' trunk. Additionally  '''SRTP''' can be used with '''Media Bypass''' either enabled or disabled.


Here is an example:
Here is an example of the SRTP setting on a GW-Interface:


[[Image:Lync_GWX_PBX_MediaBypassON_SRTP.png]]
[[Image:Lync_GWX_PBX_MediaBypassON_SRTP.png]]


==Troubleshooting==
===TSIP Trunk===
In case you encounter problems, you can collect debug traces messages and contact our support team by [mailto:support@innovaphone.com mail].
To ensure that all important debug options are configured, use the following trace settings:
Go to: Maintenance -> Tracing:
# Enable the checkbox that are being used.
# Click '''Ok''' when finished to save the settings.
[[Image:Lync_troubleshoot_tracing.png]]
===SIPS Trunk===
If TLS is used, this trace options must be enabled additionally:
Go to: http://x.x.x.x/debug.xml
# Click on '''Tracking'''.
# Enable '''TLS Plaintext''' checkbox.
# Click '''Ok''' when finished to save the settings.


<!-- == Related Articles == -->
After that use [[Howto:Pcap | Remote PCAP]] to capture the traces.


[[Category:Howto|{{PAGENAME}}]]
[[Image:Lync_troubleshoot_debug.png]]
[[Category:Compat|{{PAGENAME}}]]


== Known Problems ==
== Known Problems ==


=== Set Send Options Interval to Lync ===
Lync uses SIP Options as keep alive system to know if the Gateway is available or not. Innovaphone Gateway answer to this SIP Options message with 200 OK. Additionally we could send SIP Options too to Lync Mediation Server using the config option:
'''http://x.x.x.x/!config add TSIP /options-interval 30''' Time in seconds or for SIPS '''http://x.x.x.x/!config add SIPS /options-interval 30'''
'''http://x.x.x.x/!config write'''
'''http://x.x.x.x/!config activate'''
===No Ringback tone for calls from the PSTN to Lync clients===
For incoming PSTN calls, the Lync Mediation server negotiate Early Media. This early media channel is normally used to play ringback tones. In some cases the PSTN provider will stop generating a ringback tone and will forward the audio data received from the Lync server.
The problem here is that the Lync server is sending no ringback tone, even though it negotiated an early media channel. As a result, the PSTN caller hears no ringback tone.
To fix this, the "No Early Media" flag on the GWx-interface to the Lync server should be enabled.
Calls between Lync clients and innovaphone PBX users will not have this issue. It is only relevant for PSTN calls.
===Media Bypass ON & NO SRTP===
By default the Lync clients have as option SRTP Required, so the innovaphone device must also use SRTP. This is required since with Media Bypass the audio data is going end-to-end (innovaphone device <-> Lync client)
If we desire to use the Media Bypass feature without SRTP, the default SRTP behaviour of the Lync clients must be changed.
This can be done via the Lync Powershell using the command :
''Set-CsMediaConfiguration -EncryptionLevel SupportEncryption''.


* '''No Ringback Tone''' - If you are calling a Lync Client from outside (ex: PSTN) and don't have Ringback Tone this is caused because of Early Media is negotiated but the Lync Client doesn't provide any local Ringback and some PSTN Carriers could deliver this Early Media to the PSTN Phone and don't play local Ringback Tone. To fix this we can use of "No Early Media" Flag on the GWX Interface configured to Lync, this way no PROGRESS is sent to PSTN. Calls between Lync clients and Innovaphone PBX Users will not have this issue.
===innovaphone MoH on MS Lync audio conference call issue===


* '''Media Bypass ON & NO SRTP''' - By default the Lync clients have as option SRTP Required, so If we desire not to use SRTP and Media Bypass ON we should change this option at Lync Powershell using the command : ''Set-CsMediaConfiguration -EncryptionLevel SupportEncryption''. If not calls could be disconnected.
If the Lync server is used also as audio conference server for innovaphone phones, problems with Music on Hold generated by the innovaphone device may arise.
If a innovaphone conference participant is putting the conference call on hold, all other participants of the conference will hear the MoH.
 
The Lync Audio Conference system doesn't detect that a participating call is put on hold and therefore doesn't mute the participant playing MoH.
 
There are two solutions to solve this problem:
# the owner of the conference call mutes this user manually
# set a config option on innovaphone gateway so innovaphone endpoints don't provide MoH when putting a Lync user/call on hold. This will fix the issue with Lync conference calls but with this option no MoH will be played from innovaphone to Lync users.
 
To configure the second option, add the config lines options accordingly, depending whether '''TSIP''' or '''SIPS''' is used
 
Disable MoH to Lync.
 
http://x.x.x.x/!config add TSIP /hold-notify-as-inactive or http://x.x.x.x/!config add SIPS /hold-notify-as-inactive
 
http://x.x.x.x/!config write
 
http://x.x.x.x/!config activate
 
 
Enable MoH back.
 
http://x.x.x.x/!config rem TSIP /hold-notify-as-inactive or http://x.x.x.x/!config rem SIPS /hold-notify-as-inactive
 
http://x.x.x.x/!config write
 
http://x.x.x.x/!config activate
 
 
===Incoming calls with T.38 offer to Lync===
 
In the tested innovaphone firmware version(90733) there is a problem when the Lync server receives an incoming call with T.38 offer (e.g PSTN interface with T.38 flag enabled). The incoming call is dropped by the Lync server.
 
To solve this we can set the following config line option:
 
'''http://x.x.x.x/!config add TSIP /t38-cap 2''' for TSIP Trunk or '''http://x.x.x.x/!config add SIPS /t38-cap 2''' for SIPS Trunk.
'''http://x.x.x.x/!config write'''
 
'''http://x.x.x.x/!config activate'''
 
'''This config option should be always set to prevent call issues to Lync.'''
 
===Skype for Business interop issues===
 
==== Calling from Innovaphone to Skype for Business Conference Room or issues with Call HOLD/Retrieve when having Encryption ON (Since v12r1) ====
 
In the newer v12r1 version if we call via Mediation Server to a Skype for Business Conference room and we have encryption ON the call will be dropped. Also if we do an hold/retrieve we could have the same "issue".
 
It's necessary to use the following config option to solve the SIP interop issue for encryption renegotiation.
 
http://x.x.x.x/!config add SIPS /single-audio-description
http://x.x.x.x/!config write
http://x.x.x.x/!config activate
 
This option it's only available in v12r1sr2.
 
== Related Articles ==
 
[[Howto:Microsoft_Lync_2010_-_TestReport|Microsoft Lync Server 2010 - Testreport]]
 
[[Howto:Microsoft_-_Lync_Server_2010_-_3rd_Party_Product|Microsoft Lync Server 2010 - 3rd Party Product]]
 
[[Category:Howto|{{PAGENAME}}]]
[[Category:Compat|{{PAGENAME}}]]

Latest revision as of 12:04, 7 September 2016

Summary

This is a configuration guide describing the setup of a Direct SIP trunk between an innovaphone PBX and a Microsoft Lync Server 2010. The connection can be done using SIP over TCP or TLS. The use of SRTP is for both connection methods optional.

The product is certified according to the Unified Communications Open Interoperability Program – Lync Server program.


Applies To

This information applies to

  • Innovaphone PBX V9 build 90733 or higher (since v9 HotFix5)
  • Microsoft Lync Server 2010 v4.0.7577.0

More Information

This document is intended to support you with the Microsoft Lync Server 2010 (Version 4.0.7577.0) integration into an existing innovaphone PBX environment. In the following sections we describe the configuration steps for a Direct SIP connection between both systems. It's not the goal of this article to describe the complete configuration of a Lync or innovaphone PBX system, but only the required settings to enable the connection of both systems.

The SIP connection is made between an innovaphone gateway and a Microsoft Mediation Server. It can be done using TCP (TSIP) or TLS (SIPS), the use of SRTP is supported in both cases.

The Microsoft Lync Server 2010 has a new feature called Media Bypass. When this feature is activated, it permits a direct audio termination on the Lync client instead of the Mediation Server.

Note: In order to use Microsoft Lync Server 2010 Media Bypass feature it is required to set Media-Relay and exclusive codec options on the innovaphone gateway. In this article we will describe separately the two possible configurations.


Note2: Some SIP REFER methods are not supported by innovaphone PBX. As a result, the option "Enable REFER Support" (on Microsoft Lync Control Panel at Voice Routing-> Trunk Configuration) must be disabled. This option could be changed also by a Powershell command: Set-CsTrunkConfiguration -EnableReferSupport $false .

Direct SIP Topology

  • Here is an example of a Direct SIP deployment.

Lync topology example1.png

Configuration

innovaphone with Microsoft Lync Server 2010 - Media Bypass ON and TSIP mode

  • In order to establish communications between the Lync 2010 and the innovaphone PBX, we need to establish one SIP Trunk between the innovaphone gateway and the MS Mediation server. All signalling between the two systems is passed through this SIP Trunk. If load balancing or fail-over setups are required, we could have either multiple trunks configured on either the Mediation Server to multiple Gateways or vice-versa.
1. Create a Gateway Object in the PBX

Go to: PBX -> Objects -> Create new Gateway/Trunkline Object and configure these settings:

  1. Long Name: LyncGW
  2. Name: LyncGW
  3. Number: choose a number in order to allow innovaphone users dialing out to the Lync users (e.g. 5)
  4. If it's a gateway object, enable the Prefix checkbox
  5. Click Ok when finished to save the object.

Lync Trunkline.png

2. H.323 interface to the PBX

Go to: Gateway -> GK -> GW1 and configure these settings:

  1. Protocol: H.323
  2. Mode: Register as Gateway
  3. Gatekeeper Address: Enter the innovaphone PBX IP - address
  4. Alias List: Enter as Name LyncGW.
  5. Media Properties: Change the General Coder Preference to G.711A and enable the exclusive checkbox.
  6. Media Properties: Change both Framesize values to 20ms.
  7. Click Ok when finished to save your settings.

Note: Of course you will need at least one port license to register the GW-object at the PBX.

Lync GWX PBX MediaBypassON NO SRTP1.png

3. SIP interface to Mediation Server

Go to: Administration -> Gateway -> GK -> GW2 and configure these settings:

  1. Protocol: TSIP
  2. Mode: Gateway without Registration
  3. Proxy: Enter the Mediation Server IP - address
  4. Local Domain: Enter the FQDN or IP Address of the innovaphone Gateway (depends if IP/PSTN Gateway on Lync was configured with IP or FQDN).
  5. Media Properties: Change the General Coder Preference to G.711A and enable the exclusive checkbox.
  6. Media Properties: Change both Framesize values to 20ms.
  7. Media Properties: Activate the Media-Relay checkbox.
  8. Click Ok when finished to save your settings.

Lync GWX TSIP MediaBypassON NO SRTP1.png

4. Number mappings (CGPN/CDPN)
  • In our example the PBX users dial 5 plus the short extension of Lync Client (e.g.: 5 + 2655) but since the Lync uses full e164 numbering scheme we need to send the full number to Mediation Server to reach the correct extension in international format. Using CDPN Out maps we could achieve that, note this is an example, we can set numbers not in e164 format on Lync Server and use other maps.

Go to: Gateway -> GW2 and edit the CGPN/CDPN mappings:

  1. For incoming CGPNs (CGPN-IN) map the International flag to its e.164 format00.
  2. For incoming CDPNs (CDPN-IN) map the International flag to its e.164 format 00.
  3. For outgoing CGPNs (CGPN-OUT) map 00 to the ISDN format International.
  4. For outgoing CDPNs (CDPN-OUT) map Lync Extension to the ISDN format International.
  5. Click Ok when finished to save the CGPN/CDPN mappings.

Lync MAPStoLync1.png

5. Routing between SIP interface and PBX
  • It's important to enable the flag Interworking(QSIG,SIP) in all routes to and from the Mediation server.

Go to: Gateway -> Routes and configure these settings:

  1. Create a route from GW1 to GW2. Activate the Interworking(QSIG,SIP) checkbox.
  2. Click Ok when finished to save the first route.
  3. Create a route from GW2 to GW1. Activate the Interworking(QSIG,SIP) checkbox.
  4. Click Ok when finished to save the second route.

Lync Routes 1.png

6. Microsoft Lync Server 2010 configuration

The Lync configuration should be done by a Microsoft certified technician ans will not be explained in detail here. The article names only the settings that must be configured on the Lync in addition to the normal Lync configuration for a Direct SIP trunk.

  • Enable Media Bypass option on the Microsoft Lync Server 2010 control panel.
  • Disable the config option Enable REFER Support.
  • Change the encryption level of Lync clients like described in the Known Problems section.
  • Check if the Mediation Server listening ports match with our innovaphone GWx interface setup (by default Lync uses 5068 for TCP and 5067 for TLS).
  • Create a IP/PSTN Gateway for innovaphone, here we setup the innovaphone gateway IP address/FQDN, signalling listening port and transport method (TCP or TLS).

Here is an example for the Lync IP/PSTN Gateway configuration:

Lync PSTGateway TCP.png

innovaphone with Microsoft Lync Server 2010 - Media Bypass OFF

  • When we disable the Media Bypass feature on the Microsoft Lync Server 2010, all RTP traffic will pass through the Mediation Server. In this mode we don't need to enable media-relay or exclusive codec on the innovaphone gateway.
  • All incoming and outgoing calls from the Microsoft Lync Server 2010 will pass through the Mediation Server.
  • The rest of the configuration will be similar to previous example.

Here is an example of GW-interface to a Lync Mediation server running in this mode:

Lync GWX TSIP MediaBypassOFF NO SRTP1.png

innovaphone with Microsoft Lync Server 2010 - SIP over TLS (SIPS)

  • To set up a SIPS trunk with a Mediation server we need to ensure that the innovaphone gateway has the correct certificates installed (to establish the TLS communication with Lync - Mediation server).
  • This certificates are usually managed and signed by the CA server(e.g. Microsoft CA server) responsible for the Lync domain.
1. Set Up Certificates
  • First,it must be ensured that the TLS certificate offered by the Lync server is accepted by the innovaphone gateway. To do this the trust list of the innovaphone gateway must contain either the 'Lync Server 2010 certificate' or the 'CA Root certificate' of the CA that issued the certificate installed on the Lync server. To upload a certificate into the trust list of an innovaphone device, proceed as follows:

Go to: General -> Certificates:

  1. in the 'Trust List' section: Click on the Choose File button to upload the certificate(either the 'Lync Server 2010 certificate' or the 'CA Root certificate').
  2. If the upload was successful, this certificate should appear now in the trust list section.

Lync Certificates upload trust.png


  • Next we must ensure that the innovaphone gateway can authenticate at the Lync server. For this, we need to create a Certificate Signing Request(CSR) for the innovaphone gateway. This CSR - file will be later signed by a CA, trusted by the Lync server.

To create a CSR go to: General -> Certificates -> Device Certificate -> Click on Create New and configure the settings:

  1. Type: Signing Request.
  2. Key: 1024, 2048 or 4096 bit.
  3. Common Name: FQDN of the innovaphone gateway (e.g. PBX.innovaphone.compat).
  4. All other fields are optional. When finished, click OK and wait till the request file is generated.
  5. Click on PEM mode to download the certificate request file.

Lync Certificates requestcert.png

  • This 'Certificate Sigining Request' should then be forwarded to the CA server used in the customer domain. The CA server will generate a certificate, which can be uploaded in the innovaphone Device Certificate list

To do this, go to: General -> Certificates -> Device Certificate and:

  1. Click on Choose File and select the certificate file signed by the CA server.
  2. The new certificate should appear on the Device Certificate List, as shown in the screenshot below.

Lync Certificates device cert.png

2. SIPS Interface to Mediation Server

To configure the SIPS interface to the Mediation server, go to: Administration -> Gateway -> GK -> GWx (e.g. GW2) and configure these settings:

  1. Protocol: SIPS
  2. Mode: Gateway without Registration
  3. Remote Domain: Enter the Mediation server FQDN.
  4. Local Domain: Enter the innovaphone gateway FQDN.
  5. Proxy: Enter the Mediation server IP - address
  6. Local Signaling Port: Set the Port where Lync Server will try to contact the innovaphone gateway (by default an innovaphone gateway uses port 5061 for SIPS).
  7. Media Properties: Change the General Coder Preference to G.711A.
  8. Media Properties: Change both Framesize values to 20ms.
  9. If the Lync server is configured for Media Bypass, activate also the options Exclusive and Media-Relay in the Media Properties section
  10. Click Ok when finished to save your settings.

The screenshot below shows a configuration for a Lync server configuration without Media Bypass.

Lync GWX SIPS MediaBypassOFF NO SRTP.png

3. innovaphone PBX System Name
  • In order to have the TLS connection and routing working properly, the PBX System Name must match the FQDN of the gateway. In our example we used PBX.innovaphone.compat, note that this name matches with the Common Name used when creating the Certificate Signing Request and also the Local Domain configured at the SIPS interface.

To configure this, go to: PBX-> Config -> General:

  1. System Name: Enter the FQDN of the gateway, e.g. PBX.innovaphone.compat
  2. Activate the Use as Domain option.

Lync System name.png

4. Create IP/PSTN Gateway
  • Create an IP/PSTN Gateway, choose the TLS transport method and insert the FQDN of the innovaphone gateway.

Here is an example:

Lync PSTGateway TLS.png

Use SRTP with Microsoft Lync Server 2010

  • In order to encrypt the audio stream with SRTP between an innovaphone gateway and Lync Mediation server, the SRTP Crypto attribute must be configured to AES128/80. This setting has to be done in the TSIP/SIPS Interface to Mediation Server and also on all other interfaces/endpoints that will make calls to the Lync server(i.e. IP phones, ISDN interfaces, the internal GW-Interface to the PBX).
  • SRTP can be used either on a TSIP or a SIPS trunk. Additionally SRTP can be used with Media Bypass either enabled or disabled.

Here is an example of the SRTP setting on a GW-Interface:

Lync GWX PBX MediaBypassON SRTP.png

Troubleshooting

TSIP Trunk

In case you encounter problems, you can collect debug traces messages and contact our support team by mail.

To ensure that all important debug options are configured, use the following trace settings:

Go to: Maintenance -> Tracing:

  1. Enable the checkbox that are being used.
  2. Click Ok when finished to save the settings.

Lync troubleshoot tracing.png

SIPS Trunk

If TLS is used, this trace options must be enabled additionally:

Go to: http://x.x.x.x/debug.xml

  1. Click on Tracking.
  2. Enable TLS Plaintext checkbox.
  3. Click Ok when finished to save the settings.

After that use Remote PCAP to capture the traces.

Lync troubleshoot debug.png

Known Problems

Set Send Options Interval to Lync

Lync uses SIP Options as keep alive system to know if the Gateway is available or not. Innovaphone Gateway answer to this SIP Options message with 200 OK. Additionally we could send SIP Options too to Lync Mediation Server using the config option:

http://x.x.x.x/!config add TSIP /options-interval 30 Time in seconds or for SIPS http://x.x.x.x/!config add SIPS /options-interval 30

http://x.x.x.x/!config write

http://x.x.x.x/!config activate

No Ringback tone for calls from the PSTN to Lync clients

For incoming PSTN calls, the Lync Mediation server negotiate Early Media. This early media channel is normally used to play ringback tones. In some cases the PSTN provider will stop generating a ringback tone and will forward the audio data received from the Lync server. The problem here is that the Lync server is sending no ringback tone, even though it negotiated an early media channel. As a result, the PSTN caller hears no ringback tone.

To fix this, the "No Early Media" flag on the GWx-interface to the Lync server should be enabled.

Calls between Lync clients and innovaphone PBX users will not have this issue. It is only relevant for PSTN calls.

Media Bypass ON & NO SRTP

By default the Lync clients have as option SRTP Required, so the innovaphone device must also use SRTP. This is required since with Media Bypass the audio data is going end-to-end (innovaphone device <-> Lync client)

If we desire to use the Media Bypass feature without SRTP, the default SRTP behaviour of the Lync clients must be changed.

This can be done via the Lync Powershell using the command :

Set-CsMediaConfiguration -EncryptionLevel SupportEncryption.

innovaphone MoH on MS Lync audio conference call issue

If the Lync server is used also as audio conference server for innovaphone phones, problems with Music on Hold generated by the innovaphone device may arise. If a innovaphone conference participant is putting the conference call on hold, all other participants of the conference will hear the MoH.

The Lync Audio Conference system doesn't detect that a participating call is put on hold and therefore doesn't mute the participant playing MoH.

There are two solutions to solve this problem:

  1. the owner of the conference call mutes this user manually
  2. set a config option on innovaphone gateway so innovaphone endpoints don't provide MoH when putting a Lync user/call on hold. This will fix the issue with Lync conference calls but with this option no MoH will be played from innovaphone to Lync users.

To configure the second option, add the config lines options accordingly, depending whether TSIP or SIPS is used

Disable MoH to Lync.

http://x.x.x.x/!config add TSIP /hold-notify-as-inactive or http://x.x.x.x/!config add SIPS /hold-notify-as-inactive

http://x.x.x.x/!config write

http://x.x.x.x/!config activate


Enable MoH back.

http://x.x.x.x/!config rem TSIP /hold-notify-as-inactive or http://x.x.x.x/!config rem SIPS /hold-notify-as-inactive

http://x.x.x.x/!config write

http://x.x.x.x/!config activate


Incoming calls with T.38 offer to Lync

In the tested innovaphone firmware version(90733) there is a problem when the Lync server receives an incoming call with T.38 offer (e.g PSTN interface with T.38 flag enabled). The incoming call is dropped by the Lync server.

To solve this we can set the following config line option:

http://x.x.x.x/!config add TSIP /t38-cap 2 for TSIP Trunk or http://x.x.x.x/!config add SIPS /t38-cap 2 for SIPS Trunk.

http://x.x.x.x/!config write

http://x.x.x.x/!config activate

This config option should be always set to prevent call issues to Lync.

Skype for Business interop issues

Calling from Innovaphone to Skype for Business Conference Room or issues with Call HOLD/Retrieve when having Encryption ON (Since v12r1)

In the newer v12r1 version if we call via Mediation Server to a Skype for Business Conference room and we have encryption ON the call will be dropped. Also if we do an hold/retrieve we could have the same "issue".

It's necessary to use the following config option to solve the SIP interop issue for encryption renegotiation.

http://x.x.x.x/!config add SIPS /single-audio-description http://x.x.x.x/!config write http://x.x.x.x/!config activate

This option it's only available in v12r1sr2.

Related Articles

Microsoft Lync Server 2010 - Testreport

Microsoft Lync Server 2010 - 3rd Party Product

Retrieved from "https://wiki.innovaphone.com/index.php?title=Howto:Microsoft_Lync_2010_-_Quickstart_Guide&oldid=44016"