Howto:Microsoft Lync 2010 - Quickstart Guide

Summary

This is a configuration guide describing the setup of a Direct SIP trunk between an innovaphone PBX and a Microsoft Lync Server 2010. The connection can be done using SIP over TCP or TLS. The use of SRTP is for both connection methods optional.

The product is certified according to the Unified Communications Open Interoperability Program – Lync Server program.

Applies To

This information applies to

• Innovaphone PBX V9 build 90733 or higher (since v9 HotFix5)

• Microsoft Lync Server 2010 v4.0.7577.0

More Information

This document is intended to support you with the Microsoft Lync Server 2010 (Version 4.0.7577.0) integration into an existing innovaphone PBX environment. In the following sections we describe the configuration steps for a Direct SIP connection between both systems. It's not the goal of this article to describe the complete configuration of a Lync or innovaphone PBX system, but only the required settings to enable the connection of both systems.

The SIP connection is made between an innovaphone gateway and a Microsoft Mediation Server. It can be done using TCP (TSIP) or TLS (SIPS), the use of SRTP is supported in both cases.

The Microsoft Lync Server 2010 has a new feature called Media Bypass. When this feature is activated, it permits a direct audio termination on the Lync client instead of the Mediation Server.

Note: In order to use Microsoft Lync Server 2010 Media Bypass feature it is required to set Media-Relay and exclusive codec options on the innovaphone gateway. In this article we will describe separately the two possible configurations.

Note2: Some SIP REFER methods are not supported by innovaphone PBX. As a result, the option "Enable REFER Support" (on Microsoft Lync Control Panel at Voice Routing-> Trunk Configuration) must be disabled. This option could be changed also by a Powershell command: Set-CsTrunkConfiguration -EnableReferSupport $false .

Direct SIP Topology

• Here is an example of a Direct SIP deployment.

Configuration

innovaphone with Microsoft Lync Server 2010 - Media Bypass ON and TSIP mode

• In order to establish communications between the Lync 2010 and the innovaphone PBX, we need to establish one SIP Trunk between the innovaphone gateway and the MS Mediation server. All signalling between the two systems is passed through this SIP Trunk. If load balancing or fail-over setups are required, we could have either multiple trunks configured on either the Mediation Server to multiple Gateways or vice-versa.

1. Create a Gateway Object in the PBX

Go to: PBX -> Objects -> Create new Gateway/Trunkline Object and configure these settings:

1. Long Name: LyncGW
2. Name: LyncGW
3. Number: choose a number in order to allow innovaphone users dialing out to the Lync users (e.g. 5)
4. If it's a gateway object, enable the Prefix checkbox
5. Click Ok when finished to save the object.

2. H.323 interface to the PBX

Go to: Gateway -> GK -> GW1 and configure these settings:

1. Protocol: H.323
2. Mode: Register as Gateway
3. Gatekeeper Address: Enter the innovaphone PBX IP - address
4. Alias List: Enter as Name LyncGW.
5. Media Properties: Change the General Coder Preference to G.711A and enable the exclusive checkbox.
6. Media Properties: Change both Framesize values to 20ms.
7. Click Ok when finished to save your settings.

Note: Of course you will need at least one port license to register the GW-object at the PBX.

3. SIP interface to Mediation Server

Go to: Administration -> Gateway -> GK -> GW2 and configure these settings:

1. Protocol: TSIP
2. Mode: Gateway without Registration
3. Proxy: Enter the Mediation Server IP - address
4. Local Domain: Enter the FQDN or IP Address of the innovaphone Gateway (depends if IP/PSTN Gateway on Lync was configured with IP or FQDN).
5. Media Properties: Change the General Coder Preference to G.711A and enable the exclusive checkbox.
6. Media Properties: Change both Framesize values to 20ms.
7. Media Properties: Activate the Media-Relay checkbox.
8. Click Ok when finished to save your settings.

4. Number mappings (CGPN/CDPN)

• In our example the PBX users dial 5 plus the short extension of Lync Client (e.g.: 5 + 2655) but since the Lync uses full e164 numbering scheme we need to send the full number to Mediation Server to reach the correct extension in international format. Using CDPN Out maps we could achieve that, note this is an example, we can set numbers not in e164 format on Lync Server and use other maps.

Go to: Gateway -> GW2 and edit the CGPN/CDPN mappings:

1. For incoming CGPNs (CGPN-IN) map the International flag to its e.164 format00.
2. For incoming CDPNs (CDPN-IN) map the International flag to its e.164 format 00.
3. For outgoing CGPNs (CGPN-OUT) map 00 to the ISDN format International.
4. For outgoing CDPNs (CDPN-OUT) map Lync Extension to the ISDN format International.
5. Click Ok when finished to save the CGPN/CDPN mappings.

5. Routing between SIP interface and PBX

• It's important to enable the flag Interworking(QSIG,SIP) in all routes to and from the Mediation server.

Go to: Gateway -> Routes and configure these settings:

1. Create a route from GW1 to GW2. Activate the Interworking(QSIG,SIP) checkbox.
2. Click Ok when finished to save the first route.
3. Create a route from GW2 to GW1. Activate the Interworking(QSIG,SIP) checkbox.
4. Click Ok when finished to save the second route.

6. Microsoft Lync Server 2010 configuration

The Lync configuration should be done by a Microsoft certified technician ans will not be explained in detail here. The article names only the settings that must be configured on the Lync in addition to the normal Lync configuration for a Direct SIP trunk.

• Enable Media Bypass option on the Microsoft Lync Server 2010 control panel.
• Disable the config option Enable REFER Support.
• Change the encryption level of Lync clients like described in the Known Problems section.
• Check if the Mediation Server listening ports match with our innovaphone GWx interface setup (by default Lync uses 5068 for TCP and 5067 for TLS).
• Create a IP/PSTN Gateway for innovaphone, here we setup the innovaphone gateway IP address/FQDN, signalling listening port and transport method (TCP or TLS).

Here is an example for the Lync IP/PSTN Gateway configuration:

innovaphone with Microsoft Lync Server 2010 - Media Bypass OFF

• When we disable the Media Bypass feature on the Microsoft Lync Server 2010, all RTP traffic will pass through the Mediation Server. In this mode we don't need to enable media-relay or exclusive codec on the innovaphone gateway.
• All incoming and outgoing calls from the Microsoft Lync Server 2010 will pass through the Mediation Server.
• The rest of the configuration will be similar to previous example.

Here is an example of GW-interface to a Lync Mediation server running in this mode:

innovaphone with Microsoft Lync Server 2010 - SIP over TLS (SIPS)

• To set up a SIPS trunk with a Mediation server we need to ensure that the innovaphone gateway has the correct certificates installed (to establish the TLS communication with Lync - Mediation server).
• This certificates are usually managed and signed by the CA server(e.g. Microsoft CA server) responsible for the Lync domain.

1. Set Up Certificates

• First,it must be ensured that the TLS certificate offered by the Lync server is accepted by the innovaphone gateway. To do this the trust list of the innovaphone gateway must contain either the 'Lync Server 2010 certificate' or the 'CA Root certificate' of the CA that issued the certificate installed on the Lync server. To upload a certificate into the trust list of an innovaphone device, proceed as follows:

Go to: General -> Certificates:

1. in the 'Trust List' section: Click on the Choose File button to upload the certificate(either the 'Lync Server 2010 certificate' or the 'CA Root certificate').
2. If the upload was successful, this certificate should appear now in the trust list section.

• Next we must ensure that the innovaphone gateway can authenticate at the Lync server. For this, we need to create a Certificate Signing Request(CSR) for the innovaphone gateway. This CSR - file will be later signed by a CA, trusted by the Lync server.

To create a CSR go to: General -> Certificates -> Device Certificate -> Click on Create New and configure the settings:

1. Type: Signing Request.
2. Key: 1024, 2048 or 4096 bit.
3. Common Name: FQDN of the innovaphone gateway (e.g. PBX.innovaphone.compat).
4. All other fields are optional. When finished, click OK and wait till the request file is generated.
5. Click on PEM mode to download the certificate request file.

• This 'Certificate Sigining Request' should then be forwarded to the CA server used in the customer domain. The CA server will generate a certificate, which can be uploaded in the innovaphone Device Certificate list

To do this, go to: General -> Certificates -> Device Certificate and:

1. Click on Choose File and select the certificate file signed by the CA server.
2. The new certificate should appear on the Device Certificate List, as shown in the screenshot below.

2. SIPS Interface to Mediation Server

To configure the SIPS interface to the Mediation server, go to: Administration -> Gateway -> GK -> GWx (e.g. GW2) and configure these settings:

1. Protocol: SIPS
2. Mode: Gateway without Registration
3. Remote Domain: Enter the Mediation server FQDN.
4. Local Domain: Enter the innovaphone gateway FQDN.
5. Proxy: Enter the Mediation server IP - address
6. Local Signaling Port: Set the Port where Lync Server will try to contact the innovaphone gateway (by default an innovaphone gateway uses port 5061 for SIPS).
7. Media Properties: Change the General Coder Preference to G.711A.
8. Media Properties: Change both Framesize values to 20ms.
9. If the Lync server is configured for Media Bypass, activate also the options Exclusive and Media-Relay in the Media Properties section
10. Click Ok when finished to save your settings.

The screenshot below shows a configuration for a Lync server configuration without Media Bypass.

3. innovaphone PBX System Name

• In order to have the TLS connection and routing working properly, the PBX System Name must match the FQDN of the gateway. In our example we used PBX.innovaphone.compat, note that this name matches with the Common Name used when creating the Certificate Signing Request and also the Local Domain configured at the SIPS interface.

To configure this, go to: PBX-> Config -> General:

1. System Name: Enter the FQDN of the gateway, e.g. PBX.innovaphone.compat
2. Activate the Use as Domain option.

4. Create IP/PSTN Gateway

• Create an IP/PSTN Gateway, choose the TLS transport method and insert the FQDN of the innovaphone gateway.

Here is an example:

Use SRTP with Microsoft Lync Server 2010

• In order to encrypt the audio stream with SRTP between an innovaphone gateway and Lync Mediation server, the SRTP Crypto attribute must be configured to AES128/80. This setting has to be done in the TSIP/SIPS Interface to Mediation Server and also on all other interfaces/endpoints that will make calls to the Lync server(i.e. IP phones, ISDN interfaces, the internal GW-Interface to the PBX).
• SRTP can be used either on a TSIP or a SIPS trunk. Additionally SRTP can be used with Media Bypass either enabled or disabled.

Here is an example of the SRTP setting on a GW-Interface:

Troubleshooting

TSIP Trunk

In case you encounter problems, you can collect debug traces messages and contact our support team by mail.

To ensure that all important debug options are configured, use the following trace settings:

Go to: Maintenance -> Tracing:

1. Enable the checkbox that are being used.
2. Click Ok when finished to save the settings.

SIPS Trunk

If TLS is used, this trace options must be enabled additionally:

Go to: http://x.x.x.x/debug.xml

1. Click on Tracking.
2. Enable TLS Plaintext checkbox.
3. Click Ok when finished to save the settings.

After that use Remote PCAP to capture the traces.

Known Problems

Set Send Options Interval to Lync

Lync uses SIP Options as keep alive system to know if the Gateway is available or not. Innovaphone Gateway answer to this SIP Options message with 200 OK. Additionally we could send SIP Options too to Lync Mediation Server using the config option:

http://x.x.x.x/!config add TSIP /options-interval 30 Time in seconds or for SIPS http://x.x.x.x/!config add SIPS /options-interval 30

http://x.x.x.x/!config write

http://x.x.x.x/!config activate

No Ringback tone for calls from the PSTN to Lync clients

For incoming PSTN calls, the Lync Mediation server negotiate Early Media. This early media channel is normally used to play ringback tones. In some cases the PSTN provider will stop generating a ringback tone and will forward the audio data received from the Lync server. The problem here is that the Lync server is sending no ringback tone, even though it negotiated an early media channel. As a result, the PSTN caller hears no ringback tone.

To fix this, the "No Early Media" flag on the GWx-interface to the Lync server should be enabled.

Calls between Lync clients and innovaphone PBX users will not have this issue. It is only relevant for PSTN calls.

Media Bypass ON & NO SRTP

By default the Lync clients have as option SRTP Required, so the innovaphone device must also use SRTP. This is required since with Media Bypass the audio data is going end-to-end (innovaphone device <-> Lync client)

If we desire to use the Media Bypass feature without SRTP, the default SRTP behaviour of the Lync clients must be changed.

This can be done via the Lync Powershell using the command :

Set-CsMediaConfiguration -EncryptionLevel SupportEncryption.

innovaphone MoH on MS Lync audio conference call issue

If the Lync server is used also as audio conference server for innovaphone phones, problems with Music on Hold generated by the innovaphone device may arise. If a innovaphone conference participant is putting the conference call on hold, all other participants of the conference will hear the MoH.

The Lync Audio Conference system doesn't detect that a participating call is put on hold and therefore doesn't mute the participant playing MoH.

There are two solutions to solve this problem:

1. the owner of the conference call mutes this user manually
2. set a config option on innovaphone gateway so innovaphone endpoints don't provide MoH when putting a Lync user/call on hold. This will fix the issue with Lync conference calls but with this option no MoH will be played from innovaphone to Lync users.

To configure the second option, add the config lines options accordingly, depending whether TSIP or SIPS is used

Disable MoH to Lync.

http://x.x.x.x/!config add TSIP /hold-notify-as-inactive or http://x.x.x.x/!config add SIPS /hold-notify-as-inactive

http://x.x.x.x/!config write

http://x.x.x.x/!config activate

Enable MoH back.

http://x.x.x.x/!config rem TSIP /hold-notify-as-inactive or http://x.x.x.x/!config rem SIPS /hold-notify-as-inactive

http://x.x.x.x/!config write

http://x.x.x.x/!config activate

Incoming calls with T.38 offer to Lync

In the tested innovaphone firmware version(90733) there is a problem when the Lync server receives an incoming call with T.38 offer (e.g PSTN interface with T.38 flag enabled). The incoming call is dropped by the Lync server.

To solve this we can set the following config line option:

http://x.x.x.x/!config add TSIP /t38-cap 2 for TSIP Trunk or http://x.x.x.x/!config add SIPS /t38-cap 2 for SIPS Trunk.

http://x.x.x.x/!config write

http://x.x.x.x/!config activate

This config option should be always set to prevent call issues to Lync.

Skype for Business interop issues

Calling from Innovaphone to Skype for Business Conference Room or issues with Call HOLD/Retrieve when having Encryption ON (Since v12r1)

In the newer v12r1 version if we call via Mediation Server to a Skype for Business Conference room and we have encryption ON the call will be dropped. Also if we do an hold/retrieve we could have the same "issue".

It's necessary to use the following config option to solve the SIP interop issue for encryption renegotiation.

http://x.x.x.x/!config add SIPS /single-audio-description http://x.x.x.x/!config write http://x.x.x.x/!config activate

This option it's only available in v12r1sr2.

Related Articles

Microsoft Lync Server 2010 - Testreport

Microsoft Lync Server 2010 - 3rd Party Product