Tuesday, January 18, 2011

Microsoft Lync Server 2010 Integration with Digium Asterisk

We have been using Microsoft Office Communications Server for a long time now, and have recently begun testing Lync.  It took mere minutes for me to get Lync working with Asterisk 1.6.2.  The same steps work for Asterisk 1.8 as well, and for the most part are the same in trixbox, freepbx, elastix, etc.

Asterisk Configuration
First, I configured my Asterisk installation, you have to enabled TCP SIP, and create a peer.  I added the following to the sip.conf general section:

[general]
tcpbindaddr=0.0.0.0
tcpenable=yes

and then I added my peer for Lync


[LYNC_TRUNK]
type=peer
host=192.168.11.4
qualify=no
transport=tcp,udp
canreinvite=no
port=5068
disallow=all
allow=ulaw
context=from-ocs

I used the context from-ocs, so I set up a basic context in extensions.conf, cutting off the + that comes through and sending the call to the normal internal call context for normal call handling:
[from-ocs]
exten => _+1XXX,1,Goto(internal-call,${EXTEN:1},1)
exten => _+1XXXXXXXXXX,1,Dial(SIP/${EXTEN}@OUTBOUND_PROVIDER,30)

You will need to make a test extension in your normal dial context to test calling in to Lync, something like this should work
exten => 1000,1,Dial(SIP/+2593@LYNC_TRUNK,30)

After restarting asterisk that side of things should be configured, now just to make sure you have Lync configured.

Lync Configuration (Standard Edition)
  1. Open the Lync 2010 Topology Builder
  2. Edit the properties of your standard edition pool
  3. Install the mediation server, I used the Collocated option because load is low enough it doesn't need a dedicated server.
  4. Under mediation server take note of the TCP Listening port, as that is the port you need to specify in sip.conf of Asterisk.  It defaults to 5068 so that's what I used.
  5. At the bottom find the section "The following gateways are associated with this mediation server." 
  6. Click New, and enter the IP address of your Asterisk server, and the port you use for Asterisk TCP SIP (5060 by default).
  7. Note that mine has a red X saying i already have this address configured.  This is because I was redoing the steps for this tutorial.  Also note I have two gateways added as my Asterisk server has multiple IP Addresses and you must make sure to enter all addresses in the gateway list.

  8. Once this is done make sure to publish your topology and re-run setup if you did not previously have the mediation service installed.  I restarted my entire Lync server at this point but if you'd prefer you should be able to restart the Mediation service to apply the new settings.
  9. Open your Lync control panel, go to users, edit your test user and enable Telephony for Enterprise Voice.
  10. We use 2XXX range extensions in Lync, and 1XXX range extensions in Asterisk, so you will see tel:+2593, and ext=1593.  The ext=1593 is for PSTN Conferencing support so Lync can see me
    call from 1593 and know I am Andrew, and automatically authenticate me in to my own conferences..
  11. Configure Voice Routing -> Dial Plan.  These are the rules I wrote in OCS 2007 R2 and imported using import-cslegacyconfiguration.  You will need to tweak them for your requirements.
  12. At this point you should be able to make/receive calls to and from Lync/Asterisk.

24 comments:

  1. Thanks for this Andrew, it's very helpful.

    I have a question on the Asterisk side-

    exten => _+1XXXXXXXXXX,1,Dial(SIP/${EXTEN}@OUTBOUND_PROVIDER,30)

    should OUTBOUND_PROVIDER be typed in literally, or should it be replaced with our outbound sip trunk?

    thanks!

    Paul

    ReplyDelete
  2. You should replace it with the SIP peer for your outbound provider. For example mine is bandwidth-primary. I hope this helps!

    ReplyDelete
  3. This comment has been removed by the author.

    ReplyDelete
  4. Hi. I have such deployment, but i have problem with external users. External Lync users (Edge server+TMG is used) cannot talk to asterisk users(internal or external). This is my deployment diagram.

    https://picasaweb.google.com/lh/photo/PMblyZnEinp1QfWy1ajjfg?feat=directlink

    ReplyDelete
  5. First, make sure you have set canreinvite=no. If you have, then I'd recommend looking at the raw SIP traffic to see what is going on. My guess is you have a routing/nat issue and looking at the SIP debugs may help you identify that. You can look at the SIP traffic in asterisk using sip set debug on.

    To look at the SIP traffic in Lync you need to use the Lync Server Logging Tool. Between the two tools you should be able to narrow down where the problem is so you can resolve it.

    ReplyDelete
  6. Thanks for taking the time to post Andrew, I built an Asterisk SBC this week in my lab and it works very well with Lync, including Access Edge users with my Flowroute trunk.

    All of my supplementary calling features work as well "out of the box", including PSTN ringback, music on hold, call transfer (with transfer complete notifications), call forward to Exchange UM and conference bridging. A lot less pain then I had expected! I didn't even finish a cup of coffee before I had it working.

    On another note I did set allowguest=no in my sip.conf for security - a lot of drive-by international SIP calls going on these days.

    Thanks again.

    Pat

    ReplyDelete
  7. I'm glad to hear that this helped!

    Yes, allowguest=no is important. Additionally, using allow & deny entries to restrict SIP Peers by the IP's they are allowed to connect with helps prevent brute force scanners from getting in if you have 4 digit extensions and or relatively simple passwords.

    Finally, fail2ban can be very helpful to block brute force scans, I had one IP scan me for a week and racked up 50gb of bandwidth before I had my NOC drop the traffic at the head end. Maybe I should write a post on fail2ban...

    ReplyDelete
  8. can you clarify what lync license is required for this setup?

    ReplyDelete
  9. Hi Dave,

    I did all of this with Lync Standard, although you should be able to do this with the enterprise version as well but the instructions will likely be a little bit different.

    ReplyDelete
  10. Thanks for your response and this great post!

    ReplyDelete
  11. Great post! My Asterisk box can now dial in to my Lync server but the opposite is not true. I cannot call from my Lync server to my Asterisk box. Based on the event log, i believe it to be because "All Gateways are marked as Down or Unavailable." Packet captures show traffic going to and from the Lync server and Asterisk box so I am not sure what the Lync server is looking for to consider the asterisk server "up". Any ideas?

    ReplyDelete
  12. Hi Jif,

    What does Asterisk say in sip debug? "sip set debug ip "

    If asterisk doesn't even see the call then you know it's a lync issue, if asterisk is rejecting the call look at the sip debug output and see what it says to get a starting point of where to look.

    ReplyDelete
  13. Thanks for the quick response. I spoke too soon. All is working. I may have missed a reload or just had to wait. Best I can tell is that Lync does not check if the gateway is up on every call. Maybe every few minutes?

    ReplyDelete
  14. Hi Jif,

    I am also getting same error "All Gateways are marked as Down or Unavailable." when I dial to Asterisk PBX from Lync. Can you help me with step by step process of setting up PSTN gateway and outbound routing plan since i am successfully able to make out a call from Asterisk to Lync user.

    ReplyDelete
  15. Hi Andrew,

    With this setup, will all the Lync feature such as external IM, including IM with external hotmail, yahoo, etc users still work using the Lync client?

    From my understanding here, Asterisk only provides the SIP connection to any ITSP, and provides the SIP connections of phones that Lync do not provide support for. From there, Lync, does everything else, presence for internal and external users, federation with outside users such as hotmail.com, yahoo.com, gmail.com, integration with Outlook and other MS Servers such as SharePoint, etc. Would this be a correct understanding? Thank you.

    ReplyDelete
  16. Hi Charlie,

    Your understanding is correct, all this does is connect Lync to Asterisk via SIP. Then you can use it to connect Lync to the PSTN or connect it to your Asterisk based PBX in your office to allow dialing desk phones from Lync. That's what we've done.

    ReplyDelete
  17. Thanks for clarifying Andrew. Just one last question. Does the Edge server still need to be setup in order to federate the external IM connection? I was hoping to only use 1 server total for Lync with external IM federation.

    ReplyDelete
  18. As far as I know for external IM connectivity and Federation you need an Edge server.

    ReplyDelete
  19. [from-ocs]
    exten => _+1XXX,1,Goto(internal-call,${EXTEN:1},1)
    exten => _+1XXXXXXXXXX,1,Dial(SIP/${EXTEN}@OUTBOUND_PROVIDER,30)

    I'm having real trouble following the above. I'm using Lync and my dial pattern is _+0XXXXXXXXXX. Should the correct syntax be "exten => _+1XXXXXXXXXX,1,Dial(SIP/${EXTEN}@sipgate.co.uk,30)" (Sipgate being my ITSP) ? Although i don't understand what the ,30 denotes in the string. Either way entering this doesn't allow calls froom Lync to go down the Sipgate Trunk despite the Trunk being configured and working properly to Sipgate.

    ReplyDelete
    Replies
    1. The 30 means ring for 30 seconds before giving up and going to the next extension in the dialplan. You should use whatever is valid... If you have to dial a 9 for an outside line then it would be 9XXXXXXXX(Dial/${EXTEN:1})

      If every phone number starts with a 0, then you have your dialplan set up correctly.

      Delete
  20. Hi andrew iv just decided to revisit this but im still not understanding your explanation.
    I don't use 9 for an outside line. Numbers are dialled 11 digits beginning with a 0. The extensions on the Lync side are 4 digits beginning with an 8 and on the Asterisk side 3 digits beginning with a 2.
    Should i append to extensions.conf:

    [from-ocs]
    exten => _+8XXX,1,Goto(internal-call,${EXTEN:1},1)
    exten => _+0XXXXXXXXXX,1,Dial(SIP/${EXTEN}@sipgate.co.uk,30)

    ReplyDelete
    Replies
    1. In your from-ocs context you would include the asterisk side extensions and the long distance extensions.

      In your normal internal context you would have logic for calls TO lync.

      [from-ocs]
      exten => _+0XXXXXXXXXX,1,Dial(SIP/${EXTEN}@sipgate.co.uk,30)
      exten => _+XXX,1,Goto(internal-context,${EXTEN:1},1)

      Delete
  21. Tried that no dice.Iv tried soo many combinations and the net result is always the same. The call just loops in the trunk infinitely and never breaks out to the PSTN. I give up. I think iv lost interest now in trying to get this to work. I just cannot understand why a vanilla set up like mine just won't play ball when i have inbound calls working very easily but Lync>TrixBox>Sipgate>PSTN is just a mess. And the worst part for me is i know positively this should work.

    ReplyDelete
  22. Ok turned up debugging and trawling through logs...noticed the following SIP/2.0 407 Proxy Authentication Required. And [Aug 19 12:56:54] NOTICE[3172] chan_sip.c: Failed to authenticate on INVITE to '"Administrator" ;tag=as0bb97465'. Looks like Sipgate is rejecting the call as unauthenticated. But the trunk is up and i can make outbound calls from a registered phone on Asterisk. Just not from Lync...My conf looks like this:


    type=friend
    transport=tcp,udp
    qualify=yes
    port=5068
    host=192.168.1.x
    dtmfmode=rfc2833
    disallow=all
    context=from-internal
    canreinvite=no
    allow=ulaw

    Any ideas?

    ReplyDelete