Lync and Cisco CUPS RCC

I recently had a project where remote call control with Lync was still a requirement for a customer. While preparing for this integration I found some pretty varying information out there – some even indicating this was no longer possible without TLS, which is untrue, so I thought I would clear this up a bit. For this environment let’s assume the following:

  • CUPS Domain: CUPS.confusedamused.com
  • CUPS Server IP: 10.1.0.7
  • SIP Domain: confusedamused.com
  • Lync FE Pool: LYNCPOOL.ptown.local

The first step here is to build a trusted application pool which is required to trust a specific host. Since we only have a single CUPS server we'll specify a single host pool.

New-CsTrustedApplicationPool 10.1.0.7 -Registrar LYNCPOOL.ptown.local-Site 1 -TreatAsAuthenticated $true -ThrottleAsServer $true -RequiresReplication $false

Next, we’ll configure a trusted application which lives on that “pool” of the CUPS IP address. This is so Lync trust requests from this server and port combination. The application ID parameter can be whatever you like – it just provides a unique way to identify a trusted application in your environment. You can say “yes” to the warning about UCMA applications after running this command.

New-CsTrustedApplication -ApplicationID CUPS -TrustedApplicationPoolFQDN 10.1.0.7 -Port 5060 -EnableTcp

After those two steps we need to publish the topology with these changes:

Enable-CsTopology

So all we’ve done so far is told Lync it can trust an application running on port 5060 on a server with the IP address of the CUPS server. The next step is to tell Lync how to actually send traffic to our CUPS SIP domain. In OCS this was done with the static routes tab which was accessible in the GUI, but with Lync this must be done in the Lync Management Shell. First, create a static route matching the CUPS SIP domain, cups.confusedamused.com in our case, with a next hop of the CUPS server IP address and listening port.

$TCPRoute = New-CsStaticRoute –TCPRoute –Destination 10.1.0.7 -Port 5060 –MatchUri CUPS.confusedamused.com

This step just puts the route in a variable. We need to actually add it to the routing configuration like so:

Set-CsStaticRoutingConfiguration –Route @{Add=$TCPRoute}

Also, don't forget to allow your Lync server to accept TCP requests on port 5060:

Set-CsRegistrar registrar:LYNCPOOL.ptown.local –SipServerTcpPort 5060

At this point everything should be (theoretically) in place, but I found it still didn’t work correctly. Lync was still discarding responses sent from the CUPS server as if it wasn’t trusted. Here’s the key – open Topology Builder, and download a copy of your latest topology. Edit the properties of the new trusted application pool which was created. In order for this to work properly you must limit the service usages to the IP address of the CUPS server.

I’m not sure why this doesn’t work correctly without it, but it won’t. Publish this change, restart your FE services, and you should find RCC working properly.