Enabling Unencrypted TCP Connections to Lync on Port 5060

There are still many devices and clients out there that still don't support encrypted SIP traffic over TLS like a Lync server prefers by default. In previous versions of the product allowing the server to listen on port 5060 for unencrypted TCP connections was a matter of a couple checkboxes. If you need to allow unencrypted SIP connections to a Lync server you'll have to resort to some Management Shell work.

First, retrieve the list of registrar servers in your environment

Get-CsService -Registrar

The output will show the identity of the registrar service along with the configured options

Identity			: Registrar:fepool.ptown.local
MonitoringServer		: MonitoringServer:archmon.ptown.local
ArchivingServer		: ArchivingServer:archmon.ptown.local
WebServer			: WebServer:fepool.ptown.local
EdgeServer			: EdgeServer:edgepool.ptown.local
UserServer			: UserServer:fepool.ptown.local
SipPort			: 5061
WebPort			: 444
SipHealthPort		:
SipServerTcpPort :
EnableAutomaticFailoverFalse	:
FailbackDetectionInterval	:
FailureDetectionInterval	:
BackupRegistrar		:
DependentServiceList	: {EdgeServer:edgepool.ptown.local, MediationServer:fepool.ptown.local, ApplicationServer:fepool.ptown.local}
ServiceId			: 1-Registrar-1
SiteId				: Site:San Francisco
PoolFqdn			: fepool.ptown.local
Version			: 5
Role				: Registrar

You'll notice the SipServerTcpPort parameter is null by default. We need to change this to port 5060 by running the following command:

Set-CsRegistrar "registrar:fepool.ptown.local" –SipServerTcpPort 5060

A big improvement over OCS here is the change does not require a restart of the services. Watch the event logs and you'll see the Registrar service pick up this change automagically, logging Event ID 14349.

You can also run a netstat -an afterwards to verify the server is now also listening on port 5060.