Connecting Communicator R2 to Exchange UM
Recently, I was doing some tests with Exchange Unified Messaging, but when I tried to connect to Exchange Voice Mail using Communicator R2, I got the following error:
"Incompatible security setting.
The call could not be completed because security levels do not match"
An Exchange UM dial-plan supports three different security levels: Unsecured, SIP Secured, and Secured. The following table shows the differences in terms of Mutual TLS and SRTP for the various security levels.
VoIP Security |
Mutual TLS |
SRTP |
| Unsecured | Disabled | Disabled |
| SIP Secured | Enabled (required) | Disabled |
| Secured | Enabled (required) | Enabled (required) |
When integrating Exchange UM with Office Communications Server 2007, consider the following when selecting the dial plan security level:
- Mutual TLS is required between Exchange UM and OCS, therefore the Unsecured level is not an option.
- Office Communicator 2007 clients support SRTP (Secure Real-Time Transport Protocol), therefore both Secured as well as SIP Secured security levels can be used. The encryption level that Communicator uses can be set by means of Group Policy or by changing the PC2PCAVEncryption registry key.
- If Communicator Phone Edition (aka Tanjay) is deployed, the security level should be set to Secured.
The registry key PC2PCAVEncryption (REG_DWORD) can be used to specify whether encryption is supported, required, or not supported when making and receiving audio and video calls. The supported values are:
- 0 = Support encryption, but do not require it. Should only be used with the TLS network protocol. (default)
- 1 = Require encryption. Unencrypted calls are not accepted. Should only be used with the TLS network protocol.
- 2 = Do not support encryption. Encrypted calls are not accepted.
BTW, if you're playing around with this registry key (or any other), you may find useful to know that Communicator uses the following precedence, when applying settings:
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Communicator
- HKEY_CURRENT_USER\Software\Policies\Microsoft\Communicator
- Office Communications Server 2007 in-band provisioning
- Communicator 2007 Options dialog box
Further investigation revealed the following error on Communicator logs:
"SIP/2.0 415 Unsupported Media Type"
After this, it seemed quite obvious that the problem had to do with encryption, more specifically to the SRTP setting. The solution? There are 2 possible ones:
- Change the Exchange UM VoIP Security level to "Secured" (it was SIP Secured before).
- Create the registry key PC2PCAVEncryption and change its value to 0
One final note: the problem didn't affect Office Communicator 2007, only the R2 client, so we can assume the R2 clients will be more secure than its predecessors.