Lync and DMA integration - internal clients issues when dialing to VMR

Occasional Advisor

Lync and DMA integration - internal clients issues when dialing to VMR

HI community, we have a problem weve been having a couple of weeks now after integrating Lync 2013 to our DMA running 6.1 and RMX running 8.3.


Two issues actually:


#1 We get error: “Video is not supported” on the Lync client but I think this is a config issue so im working on this with support.


#2 The other I need help on is internal Lync clients dialing into our DMA VMR solution. It seems like we only get one way media (to the RMX) because the internal lync clients is trying to talk directly to the public IP of our RMX media card which causes a problem with media not NATing properly. Our externally registered Lync clients work ok because it uses TURN or the edge server to route calls between the public IP of the Edge and the Public IP of the RMX media card.

Looking at JSchultsz's blog, weve done everything properly for the simple flow of Lync clients calling into VMR solution, nothing is configured on the RMX, all config id done between DMA and Lync. When doing wireshark captures, I can see internal Lync clients not sending back a reflexive address for STUN and im guessing thats because its on the same network as the internal side of the edge server. Not sure if this part of the problem? I can see it attempt to send a BIND to the RMX IP but since it doesnt get a response I was hoping Lync would fallback to the relay server but this is not the case. Is there something im missing here?


Any guidance would be appreciated! 

Message 1 of 5
Occasional Advisor

Re: Lync and DMA integration - internal clients issues when dialing to VMR

Sorry I meant Jeff Schertz, not Schultz.

Message 2 of 5

Re: Lync and DMA integration - internal clients issues when dialing to VMR

Hi, been there before...


How have you configured your Lync Topology?

NOTE: You have to create a "new" SIP domain for your Lync clients to connect to Polycom. For example, if your SIP domain is "sipdomain.com", when your Lync clients try connecting to a VMR, they will dial (for example) 77123456@vmr.sipdomain.com

77123456 = VMR

@vmr.sipdomain.com = the "vmr" bit is the "new" domain.



A quick overview;

On Lync 2013 Topology Builder > Trusted Application Servers

  1. Create a new Trusted Pool (call it vmr.sipdomain.com)
  2. Under the new "vmr.sipdomain.com" pool you need to add your DMA
  3. New Server - Enter in the FQDN of the SIGNALLING hostname of your DMA (for example dma.domain.com)
  4. Now you need to add in your RMX(s)..
  5. New Server - Enter in the FQDN of the SIGNALLING hostname of your RMX (for example rmxuk.domain.com)
  6. Repeat step 5 for multiple RMXs
  7. Publish Lync Topology
  8. Open PowerShell on your Lync server
  • $Route = New-CsStaticRoute -TLSRoute -Destination “dma.domain.com” -port 5061 -matchuri “vmr.sipdomain.com” -UseDefaultCertificate $true
  • Set-CsStaticRoutingConfiguration -Identity global -Route @{Add=$Route} 
  • New-CsTrustedApplication -ApplicationId PolycomDMA -TrustedApplicationPoolFqdn “vmr.sipdomain.com” -port 5061
  • Enable-CSTopology

**** I've made some assumptions above ****

dma.domain.com = your FQDN of the DMA

vmr.sipdomain.com = what you want your VMR domain to be called

rmxuk.domain.com = your FQDN of your RMX


RMX Configuration

  1. On your RMX you have to ensure you have a valid cert including the trustered roots and intermediate certs added
  • On that note, I would strongly recommend NOT using the built-in CSR in the RMX as its more trouble then it's worth... I would create the cert in either the Certifcates snap-in in MMC or IIS. You don't need any SANS configured, just create one for the "Management Network" and "IP Network Service" - making sure your CN matches your FQDN (very important). Export it (PFX format which INCLUDES the private key) - and import into the Certification Repository on your RMX(s)
  1. Also make sure under the "IP Network Service" that you are enalbed for SIP - Set the IP Network Type to SIP (or H323 & SIP).
  2. Your SIP Server must be set to "Specifiy" and "Microsoft"
  3. Transport Type = TLS (if you encrypt which I'm assuming you do)
  4. Your SIP Servers should be pointed to your Lync Server Pool name and domain etc.
  5. There are settings for example on your SIP Advanced tab, like ICE Environment which should be configured but that won't stop your video working (only from external over your edge or DA)


That will allow Lync to dial into a VMR. So what is going to happen from above...

In your Lync client, you will dial (search for) a VMR that exists, lets call it 77123456... You dial 77123456@vmr.domain.com (remember to start your video to actually call it).

Your Lync client will search Lync and see vmr.domain.com is a trusted application. It will then forward the request to "dma.domain.com" (your signalling FQDN of your DMA), which will then check the VMR exists and connect to it.



There are a couple of things you need to confirm are configured correctly though...

  1. The changes are your Lync configuration is configured for encryption, so you have to make sure you have a VALID certificate on your DMA which include all the trusted roots and intermediate certs on your internal CA (guessing you have one / or whatever your Lync server has)
  2. If you use the RMX as your Conference Profile and not the DMA, you need to ensure that Encryption is either "On" or set to "When Available"



I think that is everything... Let me know how you get on :)

I'm assuming you don't have OCS 2007 and are migrating to Lync? As there would be an extra step :)



Message 3 of 5

Re: Lync and DMA integration - internal clients issues when dialing to VMR

Tifosa - Thanks for the outline of steps. I've been working through a Polycom UC Integration document and it actually says to give the Application Pool a unique name (they use video.sipdomain.com). I hadn't done that and your steps pointed that out very well. I went back and rebuild application pool to be unique and used your suggestion which more true to what I'm after - utilizing VMRs on the DMA.


With all that configured, I try to dial into a DMA VMR from a Lync client logged on with an O365 Lync user and it fails. Says, "This phone number or address is incorrect, or it is outside your organization and is not federated with your company." Now, I'm confused by the vmr.sipdomain.com part. The Polycom document doesn't say I need any DNS representation, but doesn't the Lync server see vmr.sipdomain.com as the sip domain rather than simply sipdomain.com? This part has me quite confused.





Message 4 of 5
Joe F
Occasional Advisor

Re: Lync and DMA integration - internal clients issues when dialing to VMR

Have you made sure there is a static route to the DMA from the Lync Front Ends? Lync needs to know what to do with calls for "
@vmr.sipdomain.com" when deciding where to send those call requests. 


Tifosa gave the static route commands to add DMA from the Lync Powershell:


$Route = New-CsStaticRoute -TLSRoute -Destination “dma.domain.com” -port 5061 -matchuri “vmr.sipdomain.com” -UseDefaultCertificate $true
Set-CsStaticRoutingConfiguration -Identity global -Route @{Add=$Route}


Also, most of this config I believe takes the assumption that you are an on-premise deployment. My environment doesn't utilize O365 (yet), so I don't have any experience in implementing against hybrid or full-hosted deployments to give advice with.

Message 5 of 5