Lync to Windows Live A/V Federation

One of the coolest new Lync features is that you can now do A/V federation with Windows Live users, but you’ll find this does not work out of the box. First of all, your organization must complete the Public IM Connectivity provisioning process. After that, there are two modifications required even if you’ve enabled Public IM connectivity for the external access policy assigned to users.

First, there is a hidden parameter allowing A/V federation to PIC only available through the Lync Management Shell. This example modifies the global policy to allow both Public IM and Public IM A/V traffic so change the scope appropriately if you’re limiting by site or users.

Set-CsExternalAccessPolicy Global -EnablePublicCloudAccess $true -EnablePublicCloudAudioVideoAccess $true

Secondly, the Windows Live network does not support SRTP encryption of the audio/video traffic, but Lync requires this encryption by default. We need to change Lync to support encryption instead of require it. Once that change is made Lync will prefer encrypted sessions and still negotiate those first, but will allow unencrypted media to be exchanged if it can’t agree on encryption. The other Lync default is to only allow VGA video quality, but you can do 720p to Windows Live if both endpoints support it. This example changes the media encryption and video quality at the global level.

Set-CsMediaConfiguration Global -EncryptionLevel SupportEncryption -MaxVideoRateAllowed Hd720p15M

That change should be picked up within 5 minutes on the Front-End. After that, sign out of your Lync client and back in. You can verify the change by holding down the CTRL key, right-clicking the Lync task tray icon, and selecting Configuration Information. The PC to PC AV Encryption should say “AV Encryption Supported” now.

If you don’t make this change you’ll see an error on Front-End servers when trying to initiate an A/V call that the encryption levels don’t match:

Start-Line: SIP/2.0 488 Not Acceptable Here
From: “Eddie Vedder”<sip:eddie@confusedamused.com>;tag=ed272dd714;epid=8e3ef28192
To: <sip:user@hotmail.com;mepid=F6333909B2AE4F60A2553FA59913B0A8>; tag=ab1e5513de
USER-AGENT: UCCAPI/4.0.7440.0 WLM/15.4.3502.0922 (Windows Live Messenger)
ms-client-diagnostics: 52017;reason=”Encryption levels dont match”

Also, keep in mind the Windows Live user must be using the Windows Live Messenger 2011 version to support Lync A/V federation. When you’re connecting a call the Windows Live client will recognize that you’re connecting to Lync:

Happy federating!

Here

Recent content I've written for you—just for you!— to enjoy while you're here.

There

Quick commentary and links to other sources you'll find interesting. I promise.

Everywhere

Some personal background, links to related projects, and other ways to connect.

Hi there. My name is Tom Pacyk and this is my small home on the web. I love the intersection of design, technology, and communication, which is a combination that led me to a career in sales and marketing roles at places like Zoom and ServiceNow. They're a bit old now, but I also had the opportunity to publish a couple of books along the way.

Portland, Oregon is home for me, my wife Beth, and our three kids, but I'm actually a Midwestern transplant—I grew up in the Chicago suburbs and went to school at Purdue and Illinois. When I find some free time I'm probably going to concerts, rooting for the Portland Timbers, or working on my Sunshine Burn Photography project.