SOLUTION: VCS-LYNC Integration. VCS error: Missing host authorization entry on the Microsoft front-end servers


VCS-LYNC Integration. VCS error: Missing host authorization entry on the Microsoft front-end servers

Applies to:

Cisco VCS X7.2 and Lync 2013 and Lync 2010 Server and Lync 2010 Desktop Client


You want to Integrate Lync 2010 and Cisco VCS so that, VCS end points (like EX-Tanberg or Cisco MCU) can make video calls to each other. Based on the document  Microsoft Lync 2010 and Cisco VCS Cisco VCS X7.2 Microsoft Lync 2010 Deployment Guide

Also you allowed TCP connection on Lync 2010 server so that you don’t want to deal with certificates issues at this time. (see more info below)


After B2BUA configuration on VCS and add VCS host as trusted host in Lync 2010 server you got the following error in B2BUA service status page. (Applications–>B2BUA–>Microsoft OCS/Lync–>Configuration)

Mode: Microsoft

Status   Alive but unauthorized

Reason Missing host authorization entry on the Microsoft front-end servers

although you are certain that you add VCS host to trusted server list using Lync power shell commands.

Also I got snooper log on Lync server site and I saw 401 Unauthorized error during Option SIP message.


Lync 2010 has  issue with TCP connections with external trusted servers like VCS or some PBXs.. You must specifically define IP address on trusted servers. This issue does not occur on TLS connections.


Instead of use all available IP addresses, set IP address of the VCS server as below

1- Open topology Builder

2- Under Lync Server 2010 –>Trusted Application Servers, Under trusted application pool name,

Select VCS host, right-click, Edit properties

Select “Limit Service Usage to Selected IP addresses”, Enter the IP address of VCS Host in primary IP address field: (the default is “Use all configured IP addresses”)


Click OK.

3-   Publish Topology (you may need to resart Lync Front-End Service to make sure that topology changes applied.)

4-     On VCS restart B2BUA service. (Applications–>B2BUA–>Microsoft OCS/Lync–>B2BUA Service restart)

Now in B2BUA service status page, status should be Alive in order to B2BUA integration works.

URI <;transport=tcp;lr;ds>
Mode Microsoft
Status Alive

More Information:

How to allow TCP Connections on Lync 2010 Server and to support both encrypted and non-encrypted calls:

On lync 2010 server Select Microsoft Lync Server 2010 –> Lync Server Management Shell –> Run as administrator.

Set-CsMediaConfiguration -EncryptionLevel SupportEncryption

Check configuration with


Set-CsRegistrar -Identity “” -SipServerTcpPort 5060

Check configuration with

Get-CsService –Registrar

You should see SipServerTcpPort :5060

B2BUA and Lync 2013 Server:

Also for testing I removed Lync 2010 server in B2BUA configuration and added Lync 2013 Server name. (you may need to delete automatically created To Microsoft OCS/Lync server via B2BUA zone before). It also worked. But the client should be Lync 2010 Desktop Client. Because Lync 2013 client does not support H.263 codec. (not HD). User can be in the Lync 2013 Server pool. But I am not sure this is officially supported by Cisco. I hope Cisco will publish Lync 2013-VCS Integration document. (Currently not available).

Gallery | This entry was posted in Cisco VCS, Lync 2010, Lync 2013 and tagged , , , . Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s