Polycom has recently announced native Lync support for a wide variety of standard SIP phone devices which all run on the same Polycom Unified Communications Software (UCS) software release.  This means that the large variety of SoundPoint IP, SoundStation IP, SpectraLink Wireless, and VVX Business Media Phones can all now natively register directly to Lync Server, adding a variety of choices beyond the purpose-built CX device family, including the first WiFi endpoint supported for Lync 2010 Server.


The official Polycom Lync integration documentation covers in detail how to handle provisioning of the standard SIP phones en masse as well as how to further define Lync integration settings.  Additionally there is also a feature profile document which also lists the supported features and devices.

The documentation reference above is targeted primarily at the administrator experienced in industry standard SIP phone provisioning and configuration.  But all of this can be a bit overwhelming to the traditional Lync administrator who has thus far only dealt with Windows softphones and Lync Phone Edition devices which have a completely different deployment process.  Thus for the tire kickers and pilot testers out there this article will simmer down all of those provisioning steps into the most basic components and outline exactly how to register a single device to a Lync server.


The basic Lync Integration capabilities are introduced in the UC 4.0.1 firmware release which runs on various SoundPoint IP, SoundStation IP, SpectraLink, and Business Media Phones.  Versions prior to 4.0.1 are incapable of registering to Lync and are unsupported.

Due to the scope of this topic a clear assumption is made that the SIP phone used with these configuration instructions is currently running the required software.  The UC Software Provisioning Best Practices white paper is a good place to start research on the device update process if not already familiar with it.

The most basic requirement for any client or device to natively register to Lync is the ability to support TLS communications. Normally the connecting endpoint must trust the certificate authority which issued the server certificate that is used by the Lync registrar service. Typically the Windows Lync client will automatically trust the Lync server as that server’s certificate is most often issued by an internal Enterprise Windows CA. The Enterprise (versus Standalone) term is important as that indicates that the Root CA’s certificate (thus its public key) is AD-integrated by default and all domain members, servers and workstations alike will inherently trust that CA. Furthermore native Lync Phone Edition devices will automatically download this same certificate during initial provisioning processes.

Retrieving the CA Certificate Hash

In order to configure this same trust relationship with the Polycom SIP phones the CA certificate will need to be manually provided to the phone as part of the provisioning process.

Note:  Be aware that this does not mean the Lync server certificate itself is used, which is a common misunderstanding.  In order to manually build the trust the endpoint must trust the server certificate which was issued to the Lync server, but installing that same Lync server certificate itself into the phone does NOT satisfy the requirements.  The connecting endpoint must instead trust the Certificate Authority server which originally issued that certificate to the Lync server (e.g. a Root CA server), by which provides a transitive trust to all certificates issued by that CA (including the Lync Server certificate).

So make sure that the certificate hash which is retrieved is that of the Root CA, and not the Lync server certificate itself.

This preparation is a one-time process as once the certificate data is retrieved it remains as part of the configuration data for any additional device provisioning.

The first step is to identify the certificate currently applied to the Lync Server so that the proper CA certificate is exported.

  • On the Lync Server in which the phones will be configured to register to launch the Lync Server Management Shell and run the Get-CsCertificate cmdlet.


Although all usages should normally have the same certificate assigned look for the Use: Default entry to identify the certificate assigned to the SIP registrar on the Lync Server.  This usage will show the Issuer as well as the certificate Subject,

With the issuer and certificate information validated then the certificate must be exported to a text file so that the raw hash text can be accessed.

  • On the same Lync Server open the Microsoft Management Console (mmc.exe) add the Certificates snap-in and manage the Computer account of the Local computer.
  • Expand the Personal store, then Certificate store and open the server certificate used by Lync (e.g. lync.schertz.local)  and select the Certification Path tab.
  • Select the root certificate at the top of the tree and click View Certificate.  This will open the root certificate for the CA which issued this server certificate.


  • Select the Details tab in the new window and verify the Subject Name matches the CN field from the Issuer value in the previous Get-CsCertificate output.  Click the Copy to File button to launch the Certificate Export Wizard.


  • In the export wizard select Base-64 encoded X.509 (.CER) as the Export File Format.


  • Save the exported file (e.g. c:RootCA.cer) and keep this file handy for later, as a configuration step in the next section will require the contents of this file.



Now that the certificate information has been retrieved then the next step to configuring a standard SIP phone is to prepare an XML configuration file with all of the Lync-specific settings which will be imported directly into the phone using the web management interface.

Creating a Device Configuration File

The following text can be used to create a sample XML configuration file which can customized and then imported directly into the phone to provision all of the required Lync-specific settings.  This text includes some attributes defined with the proper values, some using sample values, and some with null values which will be populated in a later step.

  • Copy the text in the quote box below and save it to a new text file called lync.cfg.

<profile reg.1.address=”user1@contoso.com” msg.mwi.1.callBack=”sip:user1@contoso.com;opaque=app:voicemail” />
<registration voIpProt.server.1.address=”lyncserver.contoso.local” sec.TLS.customCaCert.1=”” sec.TLS.profileSelection.SIP=”ApplicationProfile1″ reg.1.auth.useLoginCredentials=”1″ voIpProt.SIP.mtls.enable=”0″ voIpProt.server.1.specialInterop=”lync2010″ voIpProt.server.1.transport=”TLS” voIpProt.SIP.allowTransferOnProceeding=”0″ />
<features feature.presence.enabled=”1″ feature.messaging.enabled=”1″ msg.mwi.1.callBackMode=”contact” roaming_buddies.reg=”1″ />
<media sec.srtp.require=”1″ sec.srtp.key.lifetime=”2^31″ sec.srtp.mki.enabled=”1″ sec.srtp.mki.length=”1″ sec.srtp.holdWithNewKey=”0″ sec.srtp.resumeWithNewKey=”0″ voice.audioProfile.G7221.24kbps.payloadType=”112″ voice.codecPref.G7221.24kbps=”5″ voice.codecPref.G7221.32kbps=”0″ video.iFrame.delay=”2″></media>

As editing raw XML can be a little tricky and the above text is clearly not fun to read through it is suggested to use an XML editor, like Microsoft’s XML Notepad 2007 to manipulate the content once it is saved as a text file.

  • Open the lync.cfg configuration file in an XML Editor and expand the root branch to view each child branch and all of the individual elements.


This template is divided into a few branches which are totally irrelevant to it’s actual operation.  Only the attribute names and values themselves are parsed by the device when the configuration file is read-in, so if this sample template is compared to any other cfg files that comes from Polycom or other sources then the branch names (e.g. profile, features) may be completely different.  It is important to understand the structure of the file is not important and the branch order and naming in this sample was simply created to group the static settings apart from the user-specific and organization-specific settings.  By using this template only the first 4 parameters need to be modified to work with any Lync environment.

Updating the Configuration File

The first group of settings under the Profile branch are user-specific and would be the only values changed when importing into multiple phones in the same environment.

  • Change the reg.1.address attribute to include the primary SIP address of the desired Lync user (e.g. jeff@mslync.net).  This setting defines the Lync identity of the specific phone that the configuration file is imported into.
  • Update the msg.mwi.1.callBack attribute to use the same SIP address as above, retaining the request of the URI as shown.  This setting is used by the device to retrieve the user’s voicemail from Exchange UM.


The second grouping of settings under Registration contains the only other settings which must be modified and these would be global across all devices in the environment so they only need to be configured once.  These include providing the CA certificate hash as well as the Lync registrar name.  Afterward the template file can be duplicated and only the previous two user specific values would need to be updated for use with a different device.

  • Open the RootCA.cer file (exported in the first section of this article) with Notepad and then copy the entire contents of the file to the clipboard (including the BEGIN and END lines).


  • Paste the clipboard contents directly into the sec.TLS.customCaCert.1 attribute in the configuration file making sure not to add any unwanted spaces, carriage returns or characters.


  • Update the voIpProt.server.1.address attribute to use the Lync registrar FQDN for the specific environment. This can be a Standard Edition or Enterprise Edition Front End server or a Director server. (Native registration directly to an Edge Server is not yet supported as ICE compatibility for media sessions will be provided in a future release of the UC software).


  • Save the changes to the configuration file and store in a location

Importing the Configuration File

For this example a Polycom SoundPoint IP 650 SIP handset is used although the steps are similar for any supported device running the UC 4.0.1 software.  A standard web browser is used to to remotely connect to the phone to import the configuration file.

  • Retrieve the current IP address of the phone by navigating to Main Menu > Status > Network > TCP/IP Parameters.


  • To access the Polycom Web Configuration Utility for the phone simply enter http://<IPaddress> in a web browser using the IP address of the phone.


  • Enter the Admin device password and then navigate to the Utilities > Import & Export Configuration menu.
  • In the Import Configuration section select Choose File and browse to the customized lync.cfg file and then click Import.


A response of “Configuration file imported successfully” should be reported almost immediately, followed by the phone rebooting itself automatically.

Storing User Credentials

After the device is finished rebooting the username portion of the SIP address should be displayed in the primary line soft key tag.  Additionally a status message of “Login credentials failed, Offline” should be reported on the device’s display.

  • From the Main Menu select Settings > Basic > Login Credentials and then enter the Active Directory user credentials for the associated Lync user originally assigned in the configuration file.  The Domain field should be populated with the NetBIOS name of the AD domain in which the user account is stored in (e.g. SCHERTZ).  The User field is the sAMAccountName of the desired user account (e.g. jeff).


  • Press the Submit key and registration to Lync should be reattempted automatically.
  • Return to the home screen and if the registration was successful then the previous status error should no longer be displayed and some of the Lync contacts will be shown in the remaining line buttons.


Lync Feature Integration

The official documentation covers each of the supported features within the 4.0.1 software release, but to demonstrate the integration here are a few of the more common tasks a typical Lync user might perform from their phone.

  • To control the Lync user’s current presence state press the MyStat button to view or change the current presence state.


  • To view the user’s Lync contact list select the Buddies button.  The device screen capture below shows different contacts in various presence states as indicated by a text label and unique icons.


  • To retrieve voice mail messages press the Messages button and then open the Message Center and select Connect to place a call to the Exchange Subscriber Access number.  Also note the Missed Call notification and (not in screenshot) the illuminated MWI lamp on the handset when a new Exchange UM voicemail is pending.


By Jeff Schertz

Site Administrator

124 thoughts on “Lync Integration with Polycom SIP Phones”
  1. Are we going to see Lync videoconferencing call on a VVX ? 🙂

    Just changing now a business proposal text for: "we can use your existing Polycom phones"

    1. Video on the VVX is unsupported in this initial release but will be in the next update along with additional features. That said, it does work in some scenarios as there is nothing to prevent you from trying a peer-to-peer video call with Lync. If you pay attention to the .cfg file parameters you'll notice a tweak in there to improve video performance with Lync. That said, the VVX1500 will not support RTV due to resource limitations, but even H.263 CIF video calls look pretty decent in the smaller display on the phone.

    1. On handsets without a Buddies or MyStat soft keys simply go to Menu > Features > Presence to access the Lync user's Contact List or manage the user's presence state.

      1. Thanks for the reply, but two things are there;

        1- The contacts are incomplete (not all my list) and dynamically are changing (every restart, another set from my lync contacts appears)!

        2- How to make Normalization? 331 is dialling numbers as is without Lync normalization. for example: when dialing 3728, its not normalized to +202xxxx3728 as from Lync Client.

        Any ideas?

        1. How many contacts are on that user's list? The 33x models have limited memory and can only display a certain number of contacts. And client-side normalization rules are not yet supported, that will be provided in the next phase of integration features. For inital integration you'll need to dial the entire phone number.

          1. In this initial release the VVX and SpectraLink phones will support up to 64 contacts, the SoundPoint IP 5×0/6×0 models will support up to 48 and the 3xx/4xx phones will only support up to 8 contacts. These maximum values will be raised on the next software release.

          2. Jeff, do you know when SIP phones running 4.0.1 software will support client side normalization rules? Do you know is there any workaround ?

          3. Engin, yes that will be incorporated in the next major software release coming out later this year. Currently the only workaround is to dial then entire E.164 number on the phone.

  2. Update: the template Lync*.cfg files which are referenced in the "Provisioning Polycom Phones with Microsoft Lync Server 2010" are not attached to the actual PDF documentation itself. Check the paperclip icon on your favorite PDF reader to see the three attachments. The sample file in this article is still the easiest approach, but those files can be used if the official documentation is used for the integration instead.

  3. Are you able to initiate Lync Calls to and from the phone?
    I'm trying, but I can only call from the phone to a Lync user. Lync users can't reach the phone. They only get a "User is not in service. Please check the number and try again".

    1. Yes, calls work bidirectionally between phones and Lync users. Make sure that the user being called is not on the other side of a firewall or NAT device as ICE/STUN/TURN support is not yet included in this initial release.

  4. Has anyone tested the SpectraLink 8400 with response groups? We've been using a SNOM m9 DECT phone and have some minor issues with it, so I'd like to know if the 8400 series is more reliable in handling response group calls.

    1. The SIP phones running 4.0.1 will accept calls sent to it via a response group, but outbound dialing to response groups from the phone is not yet supported.

      1. Hi Jeff,

        Any idea/news about the availability of Outbound dialing to response groups ? It's a really important issue for our customers.


        1. This will be addressed in the next firmware release, but I cannot comment on the release time line. (It's soon).

  5. Excellent tutorial, thank you.

    We're running mostly Polycom SoundPoint IP550's here, and the unused line buttons appear to be transformed into speed-dial buttons that are auto-populated with whatever is at the top of the "Buddies" list.

    Three questions (all under the category of "can't imagine why this would be default behavior"):
    1. Is there a way to reorder the buddies list by some sort of rhyme or reason?
    2. Is there a way to stop the incessent blinking of the speed-dial lights?
    3. Is there a way to change/remove the speed-dial entries?

    1. The answer to all your questions is no, not right now in the initial supported release. In the next update a these are being addressed to provide for more customization choices. I believe the order comes from the order that the contacts were originally added to the Lync user's account as the SQL database returns all contacts in a numerical, historical order.

  6. Jeff,

    Is there any list of what features of Lync the polycom's support. I assume since they don't have the USB cable, i don't have the feature to just pick up my handset in the middle of a lync call and have it transfer the audio etc. If I got a call in lync i would still have to choose between answering on my PC or on my phone etc. Still a add on update!

    1. Jim, the Feature Profile document I linked to in the first paragraph lists the currently supported feature set. There are plans to add additional features in the next releases but I cannot comment on what those might be at the moment.

  7. Maybe i do something wrong, dialing a number outside via a Ferrari Gate the Extension is not added. The 8440 is using the sip:max.mast@oc-lync.local as number not the sip:+44123456789;ext=789 like all other Phones and Clients. Any workaround?

    1. The ;ext= string is not yet supported in the current 4.0.1 software release but this should be addressed in a future update.

      1. Does anybody know if this has been resolved yet?? Having this same issue with the Ploycom phones and the Snom phones. Neither seem to be able to dial a number when the ;Ext= is present

  8. I have Polycom SpectraLink 8040 and Polycom 335 phones working with the exception of one strange issue. When I dial a number that starts with a 6 (example:6125551212) without a 1 in front of it the call does not hit Lync. If a 1 is put in front of the number then it works. This is ONLY for numbers that start with a 6. I don't see any way on the phone to change anything like this. I have these phones in production at several clients. Any advice would be appreciated.

    1. Lync normalization rules are not supported in the initial 4.0.1 release so you'll need to dial the full 10 digit numbers for all calls so that the phone sends pre-normalized RFC3966-compliant string (e.g. +16125551212).

    2. JamesY, We have 335 and I can't get the line to register with my Lync server. Did you have this issue and if so, how did you solve it?


  9. Thanks for your very interesting article. I'm wondering if we can use the spectra line 8020/8030 and the 8400 serie without an svp server from polycom. I've checked several polycom documents but could not help to understand what the difference from the perspective of lync integration exist between this 2 series, I mean 8020/8030 and 8400 series.
    We would like to connect the spectra Wi-Fi devices in our cisco WLAN infrastructure and register directly with the Lync server without any additional gateway. Is this possible?
    Any help would be appreciated.

    1. Video calls between an OCS or Lync endpoints and the VVX 1500 is not supported in the 4.0.1 release. So although it does work in some scenarios it's not completely tested and supported yet. Support will be coming in a future release for this scenario. Video calls between two VVX 1500 devices registered to Lync is supported today.

  10. My outgoing caller ID is coming up as unknown. I have tried putting the number in the Display Name field with no success. Any ideas

    1. This is a known issue in the current 4.0.1 software and will be addressed in the next firmware release.

  11. I need to set the login credentials in the cfg file that I import into the phone . Therefore loading the domain,username, and pwd would not be done at the phone interface. Is this possible?

    1. Gary, yes this is possible. Follow the third link in this document to the "integration" documentation which is a PDF that contains some embedded sample files. Check the lyncPerPhoneLCExample.cfg for the configuration required to pass the user credentials to the phone via the cfg file. Take note that the reg.1.auth.useLoginCredentials="1" is omitted from this file are that value of 1 tells the phone to use the user-entered credentials on the phone. When passing the credentials from a configuration file then that parameter is not defined (thus=0).

      1. Thanks for the reply. I changed uselogincredentials to 0 and added

        under my reg.1.address line

        having no luck ..any ideas????

        1. Pull a sipstack trace during the registration attempt from the Lync server to see why authentication is failing. Could be a problem with the credentials format, try using both the NetBIOS and DNS domain name formats.

  12. Got some really weird issues with the Polycom 8440.

    1. The phone doesnt use the Lync servers normalization rules. If i call an internal extension, it doesnt work. For example just call 809. But if i complete the number in E164 format except for the + it works, for example 46510XXX809. I tried the setting: voIpProt.SIP.requestURI.E164.addGlobalPrefix="1" but that didnt help.

    2. When i call the phone internally, from Lync or Lync Phone Edition, only the microphone from the Spectralink phone works, i can't hear anything in the Spectralink speaker. PSTN calls works fine though.

    Are these two issues normal? Right now the $100 Snom M9 works way better than the $600 Polycom Spectralink 8440.

    1. Henrik, this is a known issue in the 4.0.1 software release and was addressed in last week's 4.0.2 update. The next full release of software will more properly address the normalization behavior in a native way, but for now the 4.0.2 update will prevent the device from appending a + to the dial string when sending the invitation to the Lync Server. The problem in 4.0.1 is that if you dial anything short of a full E.164 number (e.g. 7501) even if there is a Lync normalization rule to translate this to E.164 the phone will send +7501@ to the server and Lync will never attempt to normalize a number starting with + as it considers the inclusion of the plus an indication that the sting is already globally unique. In 4.0.2 the plus is no longer added to the dial string and then the server will perform normalization on the extension. The 4.0.2 release also adds support for ;ext= in the LineURI fields in Lync.

      1. I have a SpectraLink 8440 that I'm trying to get working with Lync and I've updated to the 4.0.2 software and the phone no longer sends a "+" with the dialled number, but for some reason the number translation still isn't being performed. If I dial a 4-digit extension, 5052, then I get:
        Start-Line: INVITE sip:5052@spiralsoft.com;user=phone;transport=tls SIP/2.0
        Shortly folowed by a SIP 403 forbidden:
        ms-diagnostics: 12004;reason="The user is not authorized to call the specified number

        Another really strange issue is that when internal Lync users call the SpectraLink, the call and audio is fine, but when an external user calls the SpectraLink, there is no audio in either direction?! My mediation server is not co-located – could the issue lie somewhere with this?

        PS: Just wanted to say a huge thanks to you, Jeff, for all the work you've put in to writing these posts. I would not have gotten this far with Lync without them!


  13. Hi Jeff,

    We have 8440 Spectralink that we successfully configured and got connected to our Lync environment. However, inbound call is the only thing that's working right now. We are unable to place an outbound call. Is there anything that we are missing here. Any help would be much appreciated.

    Thank you in advance.

  14. Jeff,

    We're seeing the phones on tack on the local SIP domain onto a phone number in the SIP invite e. g. sip:5555@contoso.com when calling an extension. Thus Lync doesn't see it as a phone number and it kicks back a 403 Unauthorized. Dialing by number works fine in the Lync client and even connects to the appropriate registered phone.

    Any thoughts where the @domain is coming from? We know it's different than the Lync client because OCS Logger shows us:

    To: <sip:5555;phone-context=defaultprofile@contoso.com;user=phone>;epid=d51eaca9bb

    for a call from the Lync client and

    To: <sip:5555@contoso.com;user=phone>;tag=0C70D243022CFDDB92E070321630DA53

    for a call from a phone…


  15. is there a way around the normalization issue? i can call from lync client to polycom phones, but not from polycom phone to polycom phone; seems like the number is not getting normalized

  16. Jeff, your guides are awesome. We are wanting to deploy the Polycom Soundstation IP 6000 and 7000 phones against our Lync installation, and in following your guide we are receiving the SIP error 480: Temporarily unavailable when the conference phone tries to register. There is no rhyme or reason for it, as the clients are able to login using the Lync client, Lync phone edition devices, etc. Any thoughts?

    Thanks again!

    1. Tracy, first off the IP6000 and IP7000 a not supported devices for Lync integration. That being said they do use the same software stack and you can test the integration out if you like. To me it sounds like the configuration file data has not been correctly imported and some of the Lync interop settings may be missing, causing the SIP failure. That said I've never even tested these devices (only the IP5000 and Duo are supported in the SoundStation conference phone family).

      1. Under the firmware v4.0.12, i have managed to get the IP7000 registered to Skype for Business 2015 (with TLS, root-ca and intermediate-ca in slots 1 and 2).
        v4.0.13 works too but it’s unstable, the handset freezes.

        Cannot see any exchange integration yet. Directory works, and SIP-URI calling in and out works.
        Inbound PSTN calling works…

        However; I have an E.164 routing issue. SFB rejects the call with a forbidden message:
        Trace-Correlation-Id: 441353303
        Instance-Id: 7DF5AC
        Direction: outgoing;source=”local”
        Message-Type: response
        Start-Line: SIP/2.0 403 Forbidden
        From: “Basement Meeting Room (Polycom)” ;tag=DFDC6775-5C077786;epid=0004f2e8b523
        To: ;tag=A3628BC9B336F35DEEC8827976D72213
        Call-ID: d65598784ae17845d98aee7652354a30
        CSeq: 1 INVITE
        Via: SIP/2.0/TLS :60883;branch=z9hG4bK5ce58b8bC452CB14;ms-received-port=60883;ms-received-cid=3FF4C00
        Content-Length: 0
        ms-diagnostics: 12004;reason=”The user is not authorized to call the specified number or none of the routes have a valid gateway configured.”;

        I’m a little surprised to see our domain in the TO field… but i honestly do not know if that is similar to other models.

        I can confirm using the SoundPoint IP 5000. with the same Skype for Business user, i am able to successfully dial my mobile… so it’s not a server-side dial-plan, voice route etc.
        It’s a shame, i have several RealPresence Group 500 units that I want to attach the IP7000 as a array microphone.

        Anyone know how to fix the dialing prefix problem?

  17. Great article again from Jeff.
    My q's is in our organization we are issuing our internal and external certificate from DigiCert and when i run the command "Get-CsCertificate" is shows me that its use = WebServicesInternal.
    May i know is there is any special configuration needed in this case or we will follow the same article in our case.


    1. If are you using different certificates from different CA chains on different Lync server roles on the systems then whichever certificates is defined as the 'Default' certificate would be the one you want to export the Root certificate for. Note that this is not a good approach in Lync in general and can cause problems for other clients (like Lync Phone Edition). Even if you apply different certs to the SIP and Web Services roles they should be issued from the same CA.

  18. Is any way to connect this phone over one service account? We have strict password policy and our users have to change password every 3 month. On PC it is simple but it is nightmare to change password on the phone.
    May be is it possible connect this phone over Lync PIN?

  19. Hey Jeff, this was surely a helpful post. Has anyone heard an ETA on when these Polycom devices might support connectivity via a Lync Edge server? Any other phone hardware vendors out there offering non-Lync devices that interface through the Lync Edge?

    1. The SpectraLink WiFi devices are already Lync Qualified and fully support Edge registration and ICE/STUN/TURN. The same will be true for the Lync supported desktop phones shortly.

  20. Jeff, according to your last comment you indicated that the edge registration will be supported shortly. Are we looking at several weeks? a month? is there an ETA you can provide?

    1. Jennifer, if you notice the article I posted last night you'll see that the software is now available. You can contact your Polycom reseller for access to the 4.1.0B release.

  21. Hi Jeff,

    This article was extremely useful to me to set up my first test phone so thank you for that! I was wondering what the best way to handle user password changes would be. Is the only way to do this through the phone or in the XML file at this point?


    1. The password normally would be re-entered directly on the device by the end-user, but it could also be provided via configuration files.

  22. Hi Jeff, I registered Sound point 550 with firmware 4.03F externally through edge server and tested. external to external registered phone call no proble. The problem is between internal and external call. 4.03F does not support it? thanks

    1. The older 4.0 releases do not support Edge registration nor media relay (ICE/STUN/TURN). You need to use the newer, Lync Qualified 4.1.0B release for that device to support any external registration or calling scenarios which leverage ICE.

    1. Earlier 3.x software versions do not include this option, so you'll need to upgrade the firmware to a supported 4.0.x version first.

  23. Dear Jeff, can you comment on my issue, I have installed LYNC with Panasonic KX-TD600 as PRI gateway and intercom, I have installed the Polycom CX phones and VVX1500 phones on LYNC side, we can make intercom calls from LYNC client to Polycom CX and VVX phones, but ONLY INCOMING CALLS are possible on polycom end (both CX and VVX) while doing outgoing calls it is not doing outgoing and we listen the tone like "channel is not available"

    please suggest if there is any setting left in CX or VVX side

  24. Hello Jeff, I had integrated Lync with some PLCM VVX phones, but I'm having an issue with external calls only. When calling to PSTN, using Lync/Audiocodes, the calls during is 2m30s.
    I got some traces from server and client, with snooper and wireshark, and I see a CANCEL.
    Any idea?
    Thanks in advance.

    1. I have not seen that before but it's probably related to the configuration on the media gateway. I would suggest opening a support ticket to troubleshoot the issue.

  25. Hello Jeff, I hope you can help us.
    We use the Soundstation 2 EX with the computer calling kit for lync calls. The other side has the same config. The microphone quality is very bad at both sides, mostly we can´t understand another. Do you have any idea why? FW is: SS2.CON.01.255
    Both PCs has an dual core, but only onboard sound.

    1. That older model is neither support nor qualified for Lync, so it's not a recommended to use with Lync as an audio device.

  26. […] Server follow the directions in the first section entitled Retrieving the CA Certificate Hash in this previous article.  Disregard the remainder of that article as it is outdated and applies to older UCS firmware […]

  27. Hey Jeff – We are not getting any audio (both ways) while joing the Lync conference bridge with an IP 5000, v 4.1.0. Any guesses? Cert has been imported. The device can call other Lync users and outside fine, just no audio on bridge.

    1. Are you using CAC or any other policies to limit the bandwidth on conference calls? Those devices do not support Rea-Time Audio so if G.711 or G.722 codecs are not available during media negotiation and RTA is being enforced then that could cause the issue you are seeing. I would trace a peer-to-peer call as well as these conference calls to see what codecs are offered by both the Lync clients and Lync server (AVMCU) to verify.

      1. By turning phone's base profile to Lync, it prompted to sign in, and now conference calls are fine (audio both ways). I did see some auth errors in event logs, so maybe thats all it was. However, I have some other IP 5000s with the same firmware, but with different bootROM v (working one is 5.x). Whenever I change base profile to Lync on those, it reboots, and returns to generic. Doesnt matter if I use web or phone to make that profile change, it auto reverts. Any ideas on that? PS, I met and took a pc with you at TechEd. Thanks again for all your help.

        1. Philip, I've never seen that BootROM mismatch before but that could be causing your issues. I suggest contacting support to get the firmware and BootROM squared away.

          1. Finally able to sign into Lync profile. Had to load 4.0 firmware and then go back to 4.1.0 Rev 1. Our remaining issue is phones are freezing up randomly displaying Polycom icon and require a reboot to function. I have had a support case open for over a week, still digging. Pleas let me know if you have seen that, otherwise thanks for suggesting the bootROM.

          2. Jeff, I thought I had replied to this. The reload of a newer bootROM solved the lync profile issue, but now the phones are freezing randomly (polycom logo screen) and require a reboot to function. I have been working with polycom support for 2 weeks and no luck. I wonder if its our config or the lync base profile? I ran a test fun on factory settings and works fine.

          3. I've never seen that, but I suggest trying the recent 4.1.5 firmware release which includes a newer bootROM image as well.

  28. Jeff, we're having some issues with the SpectraLink 8440. Placing a call on hold to transfer it, disconnects the call, the line is a member of a Workflow and Queue. Media bypass is not selected under Trunk Configuration. Also, having issues with roaming between APs, call quality gets really low. Also most of the time calls will not come through to the handset will walking around with it. It is connect to its on SSID. Also seems not to stay logged into the user profile contstantly. Thanks for any help.

    1. Philip, that model is now part of the separate SpectraLink company so I suggest contacting them for support. I haven't used the more recent software versions myself so I don't know what your issue might be.

  29. Hello, Jeff!! we are try configuring soundpoint ip321 with lync 2013. we are install UCS 4.1.0 M !!! we are installing on phone root ca , but in diagnostics messages only Registration failed User: test7, Error Code:480 Temporarily not available….

  30. Hello Jeff
    I have a Spectralink 8440 phone SW that I am trying to connect to Lync 2010 via AudioCodes SBA. I have the phone configured correctly, it connects and logs-in initially and I can make and receive calls for a minute or two and then the phone logs out with a 401 Unauthorized message.
    have you run into this and any idea how to resolve

    1. I have not used the SpectraLink 4.2 software with that SBA, I suggest you contact SpectraLink directly for support.

  31. Hi Jeff

    i just wanted to confirm that this guide is compatible for USC 4.1.1 and Lync 2013 environment. I have a Polycom soundpoint ip 331 to setup for testing.


    1. Video calling is not supported in the VVX 1500 when it is registered to Lync. The VVX 500/600 models do support phone-to-phone video calls with Lync 2013 (and phone-to-Lync 2010 clients via H.263) but not the 1500 models currently.

  32. Jeff,
    Your blog has helped me with many hidden issues often missed in technet docs, I do thank you…
    Quick blog question… we deployed some new Polycom Phones VVX 400’s and for some reason, I took over the Lync admin… users have been getting one way audio sometimes, I noticed Media Bypass was not checked on the FE… should we enable it? we have a basic setup… 1 FE, 1 Dir, 1 Edge, 1RP, and a SIP device for the transfer to PSTN world… Mediation server on FE.

    I dont know the history of the server, unsure if this was enabled before…. thoughts?

    1. Only enable Media Bypass if you can support it in your topology, this is not a feature that the phones existence would dictate. They are supported in either topology (enabled or disabled).

  33. I have a new Lync 2013 FE, can I use the same cfg? There’s no Lync 2013 option at “voIpProt.server.1.specialInterop”

    thanks in advance.

    1. The version of Lync doesn’t matter, the configuration is the same. The parameter was originally created back when Lync 2010 is the current platform (hence the name), but it’s the same setting for Lync 2010, 2013, and the upcoming Skype for Business Server 2015 release.

  34. Hi Jeff,

    We have issue logging into the Polycom Phones, We get the below error.

    Cannot sign in. Please verify sign-in address, domain\username and password and try again.Please verify that the domain entered is correct.

    We recently had the certificate renewed.

    Both PIN & USB authentication are not working.

    The firmware Version that we have is 4.0.7577.4455.


  35. Great write up by the way.

    I am going to ask how does this play out with Lync online where there is no server to logon to interactively perse?

    Trying to set up a Polycom room system and trying to figure out how to retrieve the certificate to load onto the Windows 7 embedded OS.

  36. Good read, have any fellow Lync users got any experience in Paging to Door Entry Phones and Polycom SIP Phones ? We have a number of Lync Door Entry Phones that double as a paging IP speaker. We also have 600 Polycom phones we need to zone page using multicast. Does anyone know of a device or paging server that can do this ? Thanks

  37. Hi Jeff/All,

    Do you know if Lync calling via Polycom or Audiocodes have supports media bypass?
    we montored the call and it didnt ‘bypass’. But for Lync softphones it did work.
    Note: we are not using any TLS in our infra.

    thanks in Advance.

  38. Hi, I got a problem with the authentification lync server 2013 with the soundstation 331
    I think is a problem of CA certificate, this is the error:

    ms-diagnostics: 1000;reason=”Final handshake failed”;HRESULT=”0xC3E93EC3(SIP_E_AUTH_UNAUTHORIZED)”;source=”SVO15.multicenter.com.bo”

    What can I do?

  39. Hi Jeff,

    VVX 1500 running the latest firmware package,Video calling is supported in the VVX 1500 when it is registered to Lync 2010 /2013 now ?

    1. The VVX 1500 is not tested or supported for Lync/SfB on the more recent firmware releases. Video calling may work in the Lync 2010 environment (with Lync 2010 servers and client) but it will not work with Lync 2013 clients and servers as the legacy H.263 video codec is not on the 2013 and newer clients.

  40. Hi,

    I have a Polycom IP voice station 6000, but I have been unable to register it on the SIP Server. I keep getting the response “Error Line Unregistered”. I can receive calls, but I cannot call out. I’ve entered my service provider’s IP address, which is numeric, but it seems like it is insisting on an alphabetical address.

    This is my first experience with this device, can you assist?

    I’ll be grateful

      1. Jeff,

        I wondered if you could help me. I have an SFB2015 setup, with Aastra 6725ip, Polycom VVX410, AudioCodes 405HD and Polycom RealPresence Group 500 units all working well.
        It’s worth pointing out the sip clients all autodiscover their internal and external config from dns records. Handsets work fine outside of thee network.

        I am really struggling to get the SoundStation IP 5000 to register with sfb.
        Provisioning url is complete. 0000..cfg loads config files including “lyncShared.cfg, [phone_mac_address]-lync.cfg”.. and my mac_lync.cfg was built using your article above.. lyncShared.cfg includes all the TLS stuff.

        UserPrincipalName matches SIP address, username is sip-prefix, netbios domain is a simple ‘EU’.

        I am using the very latest SSIP5000 firmware: 4.1.1 Rev AA.

        Syslog is configured with sip mode debug.. and I don’t see anything other than sip-register timeout on port 5061.. which is the port i’m Expecting for TLS.

        Have you got any tips?

      2. When I manually specify the FQDN of the front-end servers, and force TCP mode (so i can capture the sip-flow with wireshark).. something else happens that is confusing me:

        |1|48|MsgSipTcpSocketStatus socket 35 status 0
        |2|48|CTcpSocket::OnSocketStatus socket 35(0x94e32120) bStatus 0
        |3|48|CTcpSocket::~CTcpSocket socket 35 entry for 0x94e32120
        |3|48|CTrans::TCPFail workingServer 1 -> 2 0x94e305a0
        |1|48|CTcp::Send(TCP) entry for address port 5060 can Connect 1 canFailOver 1
        |2|48|CTcpSocket::CTcpSocket entry Inbound 0 Timeout 120 this 0x94e32220
        |2|48|Open socket 34(0x94e32220)
        |1|48|SetRemoteAddress set SND BUF to 32000 OK
        |1|48|SetRemoteAddress set SEND TIMEOUT to 100ms not OK
        |1|48|SetRemoteAddress OK on try 1 nPort 57807 0x94e32220
        |1|48|Task name tTCPCnt34
        |1|48|CTcp::Send(TCP) exit for address port 5060 can Connect 1 status 1 canFailOver 1 FoundSocket 0
        |2|48|CTrans::InitRetrans for UA Client Non-INVITE REGISTER state ‘callingTrying’ Server 2 of 2 (0x94e305a0)
        |3|48|CTcpSocket::~CTcpSocket socket 35(0x94e32120) close
        |1|48|MsgSipTcpSocketStatus socket 34 status 0
        |2|48|CTcpSocket::OnSocketStatus socket 34(0x94e32220) bStatus 0
        |3|48|CTcpSocket::~CTcpSocket socket 34 entry for 0x94e32220

        Any ideas?

        1. I fixed all this using a 0000000000.cfg file including:

          MODEL-LyncShared.cfg and MAC-lync.cfg both come from the UC deployment guide. TLS certs added, FQDN of front-end servers, TLS enforced on port 5061.
          set and watch the syslog entries for errors, investigate them one at a time.

          watching the syslog output is tremendously helpful.

  41. Hi Jeff,

    I might be off the topic, can we use Spectralink 8440 with Skype for Business Online? Logs on the phone showing certificate error.



    1. I have not used any of the Spectralink device in several years, so I don’t know what they support these days. I will say that before Spectralink broke off from Polycom we were not yet supporting Lync/SfB Online so it’s likely that the phones still do not work with SfB Online.

  42. Its a great information. Infact we at Amtech Systems finished one of the largest Lync/Skype for Business Deployment with Polycom Sonus for Philip Morris for over 2000+ users.

Leave a Reply

Your email address will not be published. Required fields are marked *