Pages

Lync Client 2010 Encryption Settings

By default Lync has the default encryption settings for media set to required. This is not always preferable when doing interoperability with devices that do not support SRTP or have not implemented SRTP the same as Microsoft. In a perfect world everyone would implement this standard the same. But if you have ever tried to do interoperability with Tandberg to OCS 2007 R2 you will know that it’s not the perfect world we would hope for.

In Communicator 2007 R2 the security setting for encryption could be changed via GPO or registry setting and looked like this:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Communicator]

"PC2PCAVEncryption"=dword:00000000

In this example I am changing the setting to supported from required. So as long as the other end device supports encryption it will negotiate SRTP if not it will do RTP.

Well now with in-band provisioning in Lync there is a PowerShell command that can control this setting:

set-csmediaconfiguration –identity global –encryptionlevel supportencryption

In this case I am globally changing the security level of the client from required to supported. This is an important piece of information to know in regards to Media Bypass with vendors that have do not interoperate with SRTP to Lync. I will talk more about it in my next post on Media Bypass. There is a large networking company that this will come in handy for (and its not HP).

Get-CsMediaConfiguration –identity global

Identity            : Global
EnableQoS           : False
EncryptionLevel     : RequireEncryption
EnableSiren         : False
MaxVideoRateAllowed : VGA600K

set-CsMediaConfiguration –identity global -EncryptionLevel supportencryption

Get-CsMediaConfiguration –identity global

Identity            : Global
EnableQoS           : False
EncryptionLevel     : SupportEncryption
EnableSiren         : False
MaxVideoRateAllowed : VGA600K

My good friend Mike Stacy also talks about changing this setting in his blog post on creating static routes.

Comments welcomed.

VoIPNorm

3 comments:

  1. Just a slight correction you have -idenity in your ps commands, it should be -identity

    ReplyDelete
  2. Seems as thought Lync conversations are encrypted between the client and server. However, does anyone know if Lync Server logs the message decrypted?
    Thanks-

    ReplyDelete

Note: Only a member of this blog may post a comment.