VCS-LYNC Integration. VCS error: Missing host authorization entry on the Microsoft front-end servers
Cisco VCS X7.2 and Lync 2013 and Lync 2010 Server and Lync 2010 Desktop Client
You want to Integrate Lync 2010 and Cisco VCS so that, VCS end points (like EX-Tanberg or Cisco MCU) can make video calls to each other. Based on the document Microsoft Lync 2010 and Cisco VCS Cisco VCS X7.2 Microsoft Lync 2010 Deployment Guide
Also you allowed TCP connection on Lync 2010 server so that you don’t want to deal with certificates issues at this time. (see more info below)
After B2BUA configuration on VCS and add VCS host as trusted host in Lync 2010 server you got the following error in B2BUA service status page. (Applications–>B2BUA–>Microsoft OCS/Lync–>Configuration)
Status Alive but unauthorized
Reason Missing host authorization entry on the Microsoft front-end servers
although you are certain that you add VCS host to trusted server list using Lync power shell commands.
Also I got snooper log on Lync server site and I saw 401 Unauthorized error during Option SIP message.
Lync 2010 has issue with TCP connections with external trusted servers like VCS or some PBXs.. You must specifically define IP address on trusted servers. This issue does not occur on TLS connections.
Instead of use all available IP addresses, set IP address of the VCS server as below
1- Open topology Builder
2- Under Lync Server 2010 –>Trusted Application Servers, Under trusted application pool name,
Select VCS host, right-click, Edit properties
Select “Limit Service Usage to Selected IP addresses”, Enter the IP address of VCS Host in primary IP address field: (the default is “Use all configured IP addresses”)
3- Publish Topology (you may need to resart Lync Front-End Service to make sure that topology changes applied.)
4- On VCS restart B2BUA service. (Applications–>B2BUA–>Microsoft OCS/Lync–>B2BUA Service restart)
Now in B2BUA service status page, status should be Alive in order to B2BUA integration works.
How to allow TCP Connections on Lync 2010 Server and to support both encrypted and non-encrypted calls:
On lync 2010 server Select Microsoft Lync Server 2010 –> Lync Server Management Shell –> Run as administrator.
Set-CsMediaConfiguration -EncryptionLevel SupportEncryption
Check configuration with
Set-CsRegistrar -Identity “registrar:lyncpool.internal.contoso.com” -SipServerTcpPort 5060
Check configuration with
You should see SipServerTcpPort :5060
B2BUA and Lync 2013 Server:
Also for testing I removed Lync 2010 server in B2BUA configuration and added Lync 2013 Server name. (you may need to delete automatically created To Microsoft OCS/Lync server via B2BUA zone before). It also worked. But the client should be Lync 2010 Desktop Client. Because Lync 2013 client does not support H.263 codec. (not HD). User can be in the Lync 2013 Server pool. But I am not sure this is officially supported by Cisco. I hope Cisco will publish Lync 2013-VCS Integration document. (Currently not available).