Rui Silva - UCspotting

Useful stuff about Unified Communications

Connecting Communicator R2 to Exchange UM

Connecting Communicator R2 to Exchange UM

  • Comments 1
  • Likes

Recently, I was doing some tests with Exchange Unified Messaging, but when I tried to connect to Exchange Voice Mail using Communicator R2, I got the following error:

"Incompatible security setting. 
The call could not be completed because security levels do not match
"

incompatible-security-settings

An Exchange UM dial-plan supports three different security levels: Unsecured, SIP Secured, and Secured. The following table shows the differences in terms of Mutual TLS and SRTP for the various security levels.

VoIP Security

Mutual TLS

SRTP

Unsecured Disabled Disabled
SIP Secured Enabled (required) Disabled
Secured Enabled (required) Enabled (required)

exchange-um-secured

When integrating Exchange UM with Office Communications Server 2007, consider the following when selecting the dial plan security level:

  • Mutual TLS is required between Exchange UM and OCS, therefore the Unsecured level is not an option.
  • Office Communicator 2007 clients support SRTP (Secure Real-Time Transport Protocol), therefore both Secured as well as SIP Secured security levels can be used. The encryption level that Communicator uses can be set by means of Group Policy or by changing the PC2PCAVEncryption registry key.
  • If Communicator Phone Edition (aka Tanjay) is deployed, the security level should be set to Secured.

The registry key PC2PCAVEncryption (REG_DWORD) can be used to specify whether encryption is supported, required, or not supported when making and receiving audio and video calls. The supported values are:

  • 0 = Support encryption, but do not require it. Should only be used with the TLS network protocol. (default)
  • 1 = Require encryption. Unencrypted calls are not accepted. Should only be used with the TLS network protocol.
  • 2 = Do not support encryption. Encrypted calls are not accepted.

PC2PCAVEncryption

BTW, if you're playing around with this registry key (or any other), you may find useful to know that Communicator uses the following precedence, when applying settings:

  1. HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Communicator
  2. HKEY_CURRENT_USER\Software\Policies\Microsoft\Communicator
  3. Office Communications Server 2007 in-band provisioning
  4. Communicator 2007 Options dialog box

Further investigation revealed the following error on Communicator logs:

"SIP/2.0 415 Unsupported Media Type"

tracing-small

After this, it seemed quite obvious that the problem had to do with encryption, more specifically to the SRTP setting. The solution? There are 2 possible ones:

  1. Change the Exchange UM VoIP Security level to "Secured" (it was SIP Secured before).
  2. Create the registry key PC2PCAVEncryption and change its value to 0

One final note: the problem didn't affect Office Communicator 2007, only the R2 client, so we can assume the R2 clients will be more secure than its predecessors.

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment