Creating a static routing entry between estos UCServer and Microsoft® Lync® Server using TLS/MTLS

Creating Static Routing in estos UCServer

  1. Start the estos UCServer Administration program and connect it to the UCServer.
  2. Open the page Configuration -> Federation -> SIP Server.
    • Activate Use SIP Server
    • Select a certificate that is valid for your server by means of the "Certificate..." button.
    • Add a TLS or MTLS interface (the default port for TLS or MTLS is 5061) by means of the "Add..." button.
  3. Open the page Configuration -> Federation -> SIP Static Routing
    • Add a static routing entry with domain, access server and port (the default port for TLS or MTLS is 5061) for the Lync® Server by means of the "Add..." button.

Creating Static Routing in Microsoft® Lync® Server

A Fully Qualified Domain Name (FQDN) must be used in static routing for TLS communication.

A static routing entry for estos UCServer is added in this manner

  1. Login to the Lync® Server computer as a member of the RTCUniversalServerAdmins group.
  2. Start the Lync® Server Topology Builder to define a Trusted Application Pool.
    • Right-click on Trusted Application Servers and click New Trusted Application Pool.
      • Enter the network address for the computer providing the estos UCServer services for the FQDN pool. The network address must be in agreement with the FQDN for the server certificate.
    • Finally, the changes to the topology must be published.
      • Right-click on Trusted Application Servers and click Topology and then Publish.
  3. Start the Lync® Server Management Shell.
    • Create static routing to estos UCServer and add it to the global routing list.
      • First, adjust the following commands to your specifics. Afterwards, enter the adjusted commands through the shell.
      • $x = New-CSStaticRoute -TLSRoute -Destination FQDN -Port PORT -UseDefaultCertificate $True -MatchUri URI

        • Where FQDN is the network address for the computer running estos UCServer.
        • Where PORT is the port, 5061 is the default port for TLS and MTLS. IF another port has been configured for estos UCServer, enter that port.
        • Where URI is the SIP URI for estos UCServer after the at-sign (@).
      • Afterwards, enter the following commands through the shell to add the routing entry to the global routing list.
      • Set-CsStaticRoutingConfiguration -Identity global -Route @{Add=$x}

    • Define Trusted Application
      • First, adjust the following commands to your specifics. Afterwards, enter the adjusted commands through the shell.
      • New-CsTrustedApplication -ApplicationId NAME -TrustedApplicationPoolFqdn FQDN -Port PORT

        • Where NAME is any desired name for the application. The name must be unique in the pool.
        • Where FQDN is the network address for the computer running estos UCServer.
        • Where PORT is the port, 5061 is the default port for TLS and MTLS. IF another port has been configured for estos UCServer, enter that port.
    • Add Trusted Application to the Trusted Application Pool.
      • First, adjust the following commands to your specifics. Afterwards, enter the adjusted commands through the shell.
      • Set-CsTrustedApplicationPool -Identity TrustedApplicationPool:FQDN -OutboundOnly $False

        • Where FQDN is the network address for the computer running estos UCServer.
    • Activate Settings.
      • Enter the following command in the shell to activate the settings.
      • Enable-CsTopology

Note that the settings for static routing will first take effect after Lync® Server has been re-started.

Version 8