Installation Guide for Cisco UC Integration for Microsoft Lync Release 8.5
Configuring Client Computers for Cisco UC Integration for Microsoft Lync
Downloads: This chapterpdf (PDF - 286.0KB) The complete bookPDF (PDF - 3.17MB) | Feedback

Configuring Client Computers for Cisco UC Integration for Microsoft Lync

Table Of Contents

Configuring Client Computers for Cisco UC Integration for Microsoft Lync

About Client Computer Configuration

Location of Client Services Framework Configuration Data

Configuring Registry Settings for the Client Services Framework Client Integration

Specifying TFTP, CTIManager, and CCMCIP Server Registry Settings

Load Balancing CTI Traffic

Specifying Cisco Unified MeetingPlace Server Registry Settings

Specifying Voicemail and Visual Voicemail Registry Settings

Specifying Video Registry Settings

Specifying Account Credential Synchronization Registry Settings

Specifying Automatic Device Selection Registry Settings

Specifying Single Sign On Registry Settings

Specifying Registry Settings to Display Caller Information in Internet Explorer

Using an Active Directory Group Policy Administrative Template to Configure Client Services Framework Clients

Click to Call Configuration on Client Computers

Location of Click to Call Installation Configuration Data

Specifying Installation Registry Settings for Click to Call

Microsoft Office Smart Tag Call Menu Deactivation

Enabling LDAP Over SSL

Getting the Certificate Used for LDAPS

Installing Security Certificates on Client Computers

Configuring Client Services Framework

Configuring Microsoft Lync 2010 or Microsoft Office Communicator 2007 to Use HTTPS to Access Custom Availability Statuses

Microsoft Lync 2010 and Microsoft Office Communicator 2007 R2

Microsoft Office Communicator 2007 R1

Location of Custom Availability Statuses File

Configuration of Telephony Options for Microsoft Applications

Microsoft Lync Server Telephony Option

Microsoft Office Communicator Policies

Microsoft Office Phone Policy

About the Client Services Framework Cache and LDAP Searches

Incoming Calls

Outgoing Calls to Contacts Who Are Enabled for the Communications Server

Outgoing Calls to Contacts Who Are Not Enabled for the Communications Server

Outgoing Calls to Microsoft Outlook Contacts

How to Configure Cisco UC Integration for Microsoft Lync Clients for Secure Access to Cisco Unified MeetingPlace

Configuring Secure Access to Cisco Unified MeetingPlace

Downloading the IIS Certificate from Cisco Unified MeetingPlace

How to Configure Cisco UC Integration for Microsoft Lync Clients to Enable Secure Voicemail Access

Configuring Secure Voicemail Access to a Cisco Unity Server

Downloading the IIS Certificate from Cisco Unity

Configuring Secure Voicemail Access to a Cisco Unity Connection Server

Downloading the Tomcat Certificate from Cisco Unity Connection


Configuring Client Computers for Cisco UC Integration for Microsoft Lync


Revised: April 15, 2011

About Client Computer Configuration

Location of Client Services Framework Configuration Data

Configuring Registry Settings for the Client Services Framework Client Integration

Using an Active Directory Group Policy Administrative Template to Configure Client Services Framework Clients

Click to Call Configuration on Client Computers

Enabling LDAP Over SSL

Configuring Microsoft Lync 2010 or Microsoft Office Communicator 2007 to Use HTTPS to Access Custom Availability Statuses

Configuration of Telephony Options for Microsoft Applications

About the Client Services Framework Cache and LDAP Searches

How to Configure Cisco UC Integration for Microsoft Lync Clients for Secure Access to Cisco Unified MeetingPlace

How to Configure Cisco UC Integration for Microsoft Lync Clients to Enable Secure Voicemail Access

About Client Computer Configuration

Before you install Cisco UC Integration for Microsoft Lync, you must perform some configuration on the computers of your users:

Configure the Cisco Unified Client Services Framework so that it can function as the phone device for that user, and specify where Client Services Framework can connect to.

Specify the Microsoft Lync or Microsoft Office Communicator settings.

Specify the Microsoft Office settings.

Specify other security-related settings that you want the client computers to use.

Specify single sign on (SSO) settings if you want to implement the SSO feature.

Specify settings to enable Cisco UC Integration for Microsoft Lync to display caller information in Internet Explorer when a user answers a call.

Specify settings to control which click-to-call features are available in your deployment.

Deploy the policy changes to the computers in your Cisco Unified Communications system. To do this, you can use software management system, for example, Active Directory Group Policy, Altiris Deployment Solution, Microsoft System Center Configuration Manager (SCCM), and so on.

Location of Client Services Framework Configuration Data

You specify the configuration for Client Services Framework in the following registry key:

HKEY_CURRENT_USER\Software\Cisco Systems, Inc.\Client Services Framework\AdminData

If you use Active Directory Group Policy to configure Cisco UC Integration for Microsoft Lync, then Client Services Framework configuration data is specified in the following registry key:

HKEY_CURRENT_USER\Software\Policies\Cisco Systems, Inc.\Client Services Framework\AdminData


NoteIf Client Services Framework configuration data is present in both of these registry keys, the policies configuration data takes precedence.

Client Services Framework reads only HKEY_CURRENT_USER keys. Client Services Framework does not read HKEY_LOCAL_MACHINE keys.

The data type of the registry settings is REG_SZ, except where noted otherwise.


Configuring Registry Settings for the Client Services Framework Client Integration

Specifying TFTP, CTIManager, and CCMCIP Server Registry Settings

Specifying Cisco Unified MeetingPlace Server Registry Settings

Specifying Voicemail and Visual Voicemail Registry Settings

Specifying Video Registry Settings

Specifying Account Credential Synchronization Registry Settings

Specifying Automatic Device Selection Registry Settings

Specifying Single Sign On Registry Settings

Specifying Registry Settings to Display Caller Information in Internet Explorer

Specifying TFTP, CTIManager, and CCMCIP Server Registry Settings

Table 4-1 lists the registry subkeys that you must use to specify the TFTP, CCMCIP, and CTIManager server configurations.

Table 4-1 TFTP, CCMCIP, and CTIManager Server Registry Subkeys 

Subkey Names
Description

TftpServer1,
TftpServer2,
TftpServer3

Enter the IP address or fully-qualified domain name of the primary TFTP server in your Cisco Unified Communications system, and any other TFTP servers. If you are using certificates, the certificate common name must match the network identifier used to access to host , that is, the IP address or the hostname.

CtiServer1,
CtiServer2

Enter the IP address or fully-qualified domain name of the primary CTIManager server in your Cisco Unified Communications system, and the secondary CTIManager server, if present.If you are using certificates, the certificate common name must match the network identifier used to access to host , that is, the IP address or the hostname.

UseCUCMGroupForCti

Set this value to True if you want to use the relevant Cisco Unified Communications Manager group information on the Cisco Unified Communications Manager server to determine which CTI Servers to use instead of the CtiServer1 and CtiServer2 registry subkey names.

CcmcipServer1, CcmcipServer2

Enter the IP address or fully-qualified domain name of the primary CCMCIP server in your Cisco Unified Communications system, and the secondary CCMCIP server, if present. If you are using certificates, the certificate common name must match the network identifier used to access to host , that is, the IP address or the hostname.

CcmcipServerValidation

Enter the type of security certificate validation for Client Services Framework to use with HTTPS to sign in to Cisco Unified Communications Manager to retrieve the device list. Enter one of the following values:

0: Client Services Framework accepts all certificates.

1: Client Services Framework accepts certificates that are defined in the keystore and self-signed certificates.

2: Client Services Framework only accepts certificates that are defined in the keystore.

Note Client Services Framework uses this certificate to verify the Cisco Unified Communications Manager server. When the certificate is accepted, Client Services Framework must use the credentials of the user to sign in to Cisco Unified Communications Manager.


Related Topics

Installing Security Certificates on Client Computers

Load Balancing CTI Traffic

Load Balancing CTI Traffic

You can configure Cisco Unified Client Services Framework to use Cisco Unified Communications Manager group information to determine which CTIManager servers to use. Client Services Framework can use the Cisco Unified Communications Manager group information instead of the values in the registry subkey names CtiServer1 and CtiServer2. To enable this feature, set the value of the UseCUCMGroupForCti registry subkey name to True.

In Cisco Unified Communications Manager, each device is a member of one device pool. Each device pool is a member of a Cisco Unified Communications Manager group. The Cisco Unified Communications Manager group contains one or more Cisco Unified Communications Manager servers. To view the list of servers in a group, select System > Cisco Unified CM Group in Cisco Unified CM Administration.

If the UseCUCMGroupForCti registry subkey name is set to True, Client Services Framework uses the servers that are specified in the Cisco Unified Communications Manager group. The servers are specified in the Selected Cisco Unified Communications Managers list. Client Services Framework uses the first server as the primary CTIManager server, and uses the second server as the secondary CTIManager server.

You can configure devices in different device pools and associate the device pools with different Cisco Unified Communications Manager groups. In this way, you can balance the load of CTI traffic from client applications such as Cisco UC Integration for Microsoft Lync.

Client Services Framework downloads the appropriate device configuration file from the TFTP server, and extracts the Cisco Unified Communications Manager group information from the file. If a user has a desk-phone device, and has set their client application to use the desk phone for phone calls, Client Services Framework attempts to download the device configuration file from the desk phone. If Client Services Framework downloads the file, Client Services Framework uses the Cisco Unified Communications Manager group information from the file.

If Client Services Framework cannot download the file, Client Services Framework uses the device configuration file from the phone on the computer of the user, if the appropriate device is associated with the user. Client Services Framework might not be able to download the device configuration file if the user does not have an associated desk phone device. For example, the user might use an Extension Mobility profile.

Specifying Cisco Unified MeetingPlace Server Registry Settings

Table 4-2 lists the registry subkeys that you must use to specify the Cisco Unified MeetingPlace server configuration.

Table 4-2 Cisco Unified MeetingPlace Server Registry Subkeys 

Subkey Names
Description

WebConfServer

Enter the fully-qualified domain name (FQDN) of the Cisco Unified MeetingPlace server in your Cisco Unified Communications system. Do not include the IP address.

WebConfProtocol

The protocol to use between Client Services Framework and the Cisco Unified MeetingPlace server. The options are HTTP or HTTPS.

WebConfPort

Enter the port number for the Cisco Unified MeetingPlace server. The port number for HTTP protocol is usually 80 and the port number for HTTPS protocol is usually 443.

WebConfServerValidation

Specify the type of security certificate validation that Client Services Framework uses with HTTPS to validate requests from the Cisco Unified MeetingPlace web conferencing server. Enter one of the following values:

0: Client Services Framework accepts all certificates.

1: Client Services Framework accepts certificates that are defined in the keystore and self-signed certificates. This is the default value.

2: Client Services Framework only accepts certificates that are defined in the keystore.


Related Topics

Installing Security Certificates on Client Computers

Specifying Voicemail and Visual Voicemail Registry Settings

Table 4-3 lists the registry subkeys that you must use to specify the voicemail and visual voicemail configuration.

Table 4-3 Voicemail and Visual Voicemail Registry Subkeys 

Subkey Names
Description

VoicemailPilotNumber

Enter the number of the voice message service in your Cisco Unified Communications system. This value only relates to when users use the desk phone to access their voice messages. If users are using the phone on their computer to access voicemail, the pilot number comes from the voicemail pilot number associated with the voicemail profile configured on the Client Services Framework device.

VVM_SystemServer_01

Enter the IP address or fully-qualified hostname of the Cisco Unity or Cisco Unity Connection voicemail server.

VVM_SystemServer_VmwsPort_01

Enter the port number for the Cisco Unity Voicemail Web Service (VMWS) on the Cisco Unity or Cisco Unity Connection voicemail server. This value is optional with Cisco Unity and Cisco Unity Connection for synchronizing voicemail-related preferences, but the value is required with Cisco Unity for secure message playback.

VVM_SystemServer_VmwsProtocol_01

Enter the protocol to use for the VMWS. The options are HTTP or HTTPS. This value is optional with Cisco Unity and Cisco Unity Connection for synchronizing voicemail-related preferences, but the value is required with Cisco Unity for secure message playback.

VVM_Mailstore_Server_01

Enter the IP address or hostname of the IMAP mailstore server that is peered with the Cisco Unity or Cisco Unity Connection server. For Cisco Unity voicemail servers, this is typically the IP address of the peer Microsoft Exchange server. For Cisco Unity Connection voicemail servers, this is typically the IP address of the Cisco Unity Connection server itself.

VVM_Mailstore_ImapPort_01

Enter the port number to use for IMAP for visual voicemail. The IMAP port number is usually 143. Enter 7993 for this value name if you want to implement secure messages on a Cisco Unity Connection server.

VVM_Mailstore_ImapProtocol_01

Enter the protocol to use for IMAP for visual voicemail. Enter TCP for this value name. If you want to implement secure messages on a Cisco Unity Connection server, enter TLS.

If you want to implement secure signing between a Cisco Unity server and a Microsoft Exchange server, enter TLS.

If you use secure transport protocols like TLS and HTTPS, the certificate presented by the server must be a trusted certificate, signed by a trusted authority. If you use a local authority or a self-signed certificate, you must add these to the Client Services Framework keystore and mark them as trusted.

VVM_Mailstore_EncryptedConnection

Set this value to True to enable an encrypted IMAP connection to the voicemail server.

VVM_Mailstore_InboxFolderName

Enter "INBOX" as the name of your voicemail message inbox on the voicemail server.

VVM_Mailstore_PollingInterval

Enter the number of seconds that pass between calls to the visual voicemail server to check for new, updated, deleted or purged voice messages. For example, enter 60 seconds.

VVM_Mailstore_TrashFolderName

Enter the name of the folder to which deleted voice messages are moved on the Cisco Unity voicemail server. For example, "Deleted Items". This value is not required for Cisco Unity Connection voicemail servers.

VVM_Mailstore_IdleEnabled

Set this value to True to enable an idle timeout.

VVM_Mailstore_IdleExpireTimeInMin

Specify the number of minutes that must elapse to trigger an idle timeout. The value can be between 5 and 29. The default is 29.

1 The last character of this value name can be 0 or 1 depending on whether the voicemail server is a primary (0) or secondary (1) server.


Specifying Video Registry Settings

Table 4-4 lists the registry subkeys that you must use to specify video values.

Table 4-4 Video Registry Subkeys 

Subkey Names
Description

SetVideoEnablePref

This value determines whether the user option to "Show my video automatically" is displayed in the Cisco UC Options dialog box in Cisco UC Integration for Microsoft Lync. To hide this option from users, set this value to False. To show this option to users, set this value to True.

SetVideoStaticThrottlingPref

This value determines whether the user option to "Optimize video quality for your computer" is displayed in the Cisco UC Options dialog box in Cisco UC Integration for Microsoft Lync. If selected, this option enables static video throttling. To hide this option from users, set this value to False. To show this option to users, set this value to True.

VideoEnabled

This value determines whether the user can place and receive video calls. To enable users to place and receive video calls, set this value to True. If you do not want users to be able to place and receive video calls, set this value to False for the users.

If you do not set a value for this subkey name, the user can place and receive video calls.


Specifying Account Credential Synchronization Registry Settings

Client Services Framework includes settings that enable you to synchronize the credentials of Cisco Unified Communications services. When a user specifies credentials for a service in the Cisco UC Options dialog box, other services can reuse the credentials.

For example, your Cisco Unified Communications system might have separate accounts for your phone system, corporate directory, voicemail system, and meeting system. If the voicemail system and the meeting system use the same credentials, you can set the value of the subkey name WebConfService_UseCredentialsFrom to VOICEMAIL. If you do not set this value for the meeting service, your users have to enter a username and password for both services in the Cisco UC Options dialog box.

Table 4-5 lists the registry subkeys that you can use to synchronize account credentials.

Table 4-5 Account Credential Synchronization Registry Subkeys 

Subkey Names
Description

ContactService_UseCredentialsFrom
VoicemailService_UseCredentialsFrom
WebConfService_UseCredentialsFrom

You can set each of these subkey names to one of the following values:

CONTACT

PHONE

VOICEMAIL

WEBCONF


Specifying Automatic Device Selection Registry Settings

Table 4-6 lists the registry subkey that you must use to disable automatic device selection.

Table 4-6 Automatic Device Selection Registry Subkey

Subkey Names
Description

AutomaticDeviceSelectionMode

Controls whether automatic device selection is enabled on Cisco UC Integration for Microsoft Lync.

If automatic device selection is enabled, Cisco UC Integration for Microsoft Lync automatically selects as the default device any audio device or video device that the user adds on their computer.

Set the value of this subkey to 0 to disable the automatic device selection.


Specifying Single Sign On Registry Settings

Before users can use SSO, you must set values for the registry subkeys listed in Table 4-7

Table 4-7 Single Sign On Registry Subkeys

Subkey Names
Description

DeviceProviderServer1, DeviceProviderServer2

Enter the IP address or hostname of the primary and secondary Cisco Unified Communications Manager servers from which the device list is retrieved from the Cisco Unified Communications Manager User Data Service (UDS).

DeviceProviderServerValidation

Specify the type of security certificate validation that Client Services Framework uses to connect to the UDS service on Cisco Unified Communications Manager to retrieve the device list. Enter one of the following values:

0: Client Services Framework accepts all certificates.

1: Client Services Framework accepts certificates that are defined in the Client Services Framework Certificate Directory and self-signed certificates. This is the default.

2: Client Services Framework only accepts certificates that are defined in the Client Services Framework Certificate Directory.

DeviceProviderType

Specify the device provider to use on Cisco Unified Communications Manager. The values you can enter are:

CCMCIP

UDS

You must set this value to UDS to deploy SSO because the Cisco Unified Communications Manager UDS service is the only device provider service that is enabled for SSO.

SECURITY_CertificateDirectory

See Configuration of Security Certificate Registry Settings, page 3-13.

SSO_Enabled_CUCM

Set this value to True to enable Cisco UC Integration for Microsoft Lync to use SSO on the computer.

You must deploy this setting to the computers in your Cisco Unified Communications system. To do this, you can use software management system, for example, Active Directory Group Policy, Altiris Deployment Solution, Microsoft System Center Configuration Manager (SCCM), and so on.

This value is specified in the same location as all the other Client Services Framework configuration data.


Specifying Registry Settings to Display Caller Information in Internet Explorer

You can configure Cisco UC Integration for Microsoft Lync to display caller information in Internet Explorer when a user answers a call. The caller information must be accessible by Internet Explorer. For example, a company might make this information available on a web site that the Cisco UC Integration for Microsoft Lync user can access.

In a registry setting, you can specify a Uniform Resource Identifier (URI) to display in the browser. The URI can contain a substitution token that is used to identify the caller.

Table 4-8 lists the registry subkeys that you must use to configure Cisco UC Integration for Microsoft Lync to display caller information in Internet Explorer.

Table 4-8 Registry Subkeys to Display Caller Information in Internet Explorer

Subkey Names
Description

BrowserContactURI

Enter the URI to display in Internet Explorer. Use %ID% as a substitution token. For example, you can enter the following URI:

http://www.example.com/contacts/%ID%.html

Depending on your configuration, the following URI might be constructed if the user answers a call from a contact whose ID is mweinstein:

http://www.example.com/contacts/mweinstein.html

Leave this subkey name blank if you do not want to display caller information when a user answers a call. If this subkey name is left blank, the values in the BrowserBehavior and BrowserIDType subkey names are ignored.

BrowserBehavior

Specify whether you want Internet Explorer to open the URI in a new window or new tab. The values you can enter are:

NewTab: Opens the URI in a new tab. If the user has a version of Internet Explorer that does not support tabs, a new Internet Explorer window opens. This is the default behavior.

Navigate: Opens the URI in a new Internet Explorer window. If the window is still open and the user answers another call, the URI is displayed in the same window.

NewWindow: Opens the URI in a new Internet Explorer window.

BrowserIDType

Specify the caller data that you want to replace the value of the %ID% string with. You can specify caller information from Cisco Unified Communications Manager or from Active Directory.

You can specify the following information from Cisco Unified Communications Manager:

CallNumber. This is the default behavior.

CallDisplayName

You can specify the following information from Active Directory:

ContactBusinessNumber

ContactMobileNumber

ContactHomeNumber

ContactOtherNumber

ContactDisplayName

ContactURI: This is the URI of the caller from Active Directory, for example, mweinstein@example.com.

ContactEmail: The email address of the caller from Active Directory, for example, mweinstein@example.com.

ContactUsername: This is the user ID of the caller from Active Directory, for example, mweinstein.

Note If the information that you select in this registry subkey is not available, the action specified in the BrowserBehavior registry does not occur.


Using an Active Directory Group Policy Administrative Template to Configure Client Services Framework Clients

Group Policy administrative templates are provided with Cisco UC Integration for Microsoft Lync. You can use one of these templates to define the Client Services Framework registry settings on a system, or for groups of users.

Procedure


Step 1 Execute the following command to start the Group Policy application:

gpedit.msc

Step 2 Expand the User Configuration node.

Step 3 Right-click Administrative Templates, then select Add/Remove Templates.

Step 4 Add an administrative template to the list of current policy templates in the Add/Remove Templates dialog box, then select Close.

Step 5 Open the Cisco UC Integration for Microsoft Lync folder in the right pane.


Note In Windows Vista and Windows 7, this folder is in the Administrative Templates > Classic Administrative Templates folder. In Windows XP, this folder is in the Administrative Templates folder.


Step 6 Open the folder for the settings whose value you want to specify.

Step 7 Double-click the setting whose value you want to specify.

Step 8 Enter the value you require, then select OK.


After the administrative template file is imported and populated, you can apply the resulting policy to an organizational unit using the Group Policy Management Editor.

Related Topics

Configuration of Telephony Options for Microsoft Applications

Click to Call Configuration on Client Computers

Location of Click to Call Installation Configuration Data

Specifying Installation Registry Settings for Click to Call

Microsoft Office Smart Tag Call Menu Deactivation

Location of Click to Call Installation Configuration Data

By default, when Cisco UC Integration for Microsoft Lync is installed, all of the click-to-call features are installed on the client computers. The click-to-call features are not installed on the client computers if the computers do not have the applications that click to call supports installed. For example, if a client computer does not have Mozilla Firefox installed, the click-to-call feature for Mozilla Firefox is not installed.

You can use the DONTINSTALLC2C registry subkey to specify whether click-to-call is installed on your client computers. You specify this registry settings in the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Cisco Systems, Inc.\Unified Communications\CUCIMOC\

You can also use registry settings to specify which click-to-call features are installed on your client computers. You specify these registry settings in the following registry keys:

HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Cisco Systems, Inc.\Unified Communications\Click to Call\

These registry settings take effect only if the settings are deployed on the client computers before Cisco UC Integration for Microsoft Lync is installed. These registry settings also take effect if the user installs with the executable file.


Note The data type of the registry settings is REG_SZ.


Specifying Installation Registry Settings for Click to Call

The registry subkeys that you can use to specify which click-to-call features are installed on your client computers are listed in Table 4-9. To prevent installation of all click-to-call features, or to prevent installation of click-to-call features for a particular application, set the value of the appropriate subkey name to 1.

Table 4-9 Click to Call Installation Registry Subkeys

Subkey Names
Description

DONTINSTALLC2C

Specify whether or not to install all click-to-call features.

DontInstallOutlookPlugin

Specify whether or not to install click-to-call features for Microsoft Outlook.

DontInstallSmartTagPlugin

Specify whether or not to install click-to-call features for Microsoft Office Smart Tags.

DontInstallWordPlugin

Specify whether or not to install click-to-call features for Microsoft Word.

DontInstallPowerPointPlugin

Specify whether or not to install click-to-call features for Microsoft PowerPoint.

DontInstallExcelPlugin

Specify whether or not to install click-to-call features for Microsoft Excel.

DontInstallIEPlugin

Specify whether or not to install click-to-call features for Microsoft Internet Explorer.

DontInstallFirefoxPlugin

Specify whether or not to install click-to-call features for Mozilla Firefox.


Microsoft Office Smart Tag Call Menu Deactivation

You can disable the Smart Tag call menu options in Microsoft Office using the registry keys. You can use Active Directory Group Policy to configure the registry keys, or you can edit the registry settings directly on the local machine of a user. The registry keys for both options are provided below.


Note In the registry keys, the values 11.0, 12.0, and 14.0 refer to the different versions of Microsoft Office; 11.0 refers to Microsoft Office 2003, 12.0 refers to Microsoft Office 2007, and 14.0 refers to Microsoft Office 2010.


These are the registry keys that you can use with Active Directory Group Policy:


[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Office\14.0\Common\PersonaMenu]
"Phone"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Office\12.0\Common\PersonaMenu]
"Phone"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Office\11.0\Common\PersonaMenu]
"Phone"=dword:00000000

These are the registry keys that you set directly on the computer of a user:


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\14.0\Common\PersonaMenu]
"Phone"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\12.0\Common\PersonaMenu]
"Phone"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\11.0\Common\PersonaMenu]
"Phone"=dword:00000000

To enable the Smart Tag call menu options in Microsoft Office again, you set the values of the registry keys described above to 1.

Enabling LDAP Over SSL

If you do not configure LDAP over SSL (LDAPS), the LDAP passwords of users are transmitted in clear text.

If you use Enhanced Directory Integration (EDI), you do not need to configure LDAPS. Instead, you can set the UseSSL registry subkey to 1.

Getting the Certificate Used for LDAPS

Installing Security Certificates on Client Computers

Configuring Client Services Framework

Related Topics

Configuration of the Connection for Enhanced Directory Integration, page 3-7

Getting the Certificate Used for LDAPS

Before You Begin

Ensure that the LDAP server is configured to support LDAP over SSL (LDAPS).

Procedure

You must get one of the following:

The LDAPS server certificate.

The certificate authority (CA) certificate from the certificate authority that issued the LDAPS server certificate.

For example, if you are using Microsoft Certificate Services, to get the CA certificate from the Certificate Authority Server, execute the following command on the server :

certutil -ca.cert cucimoc.crt

This command generates a file called cucimoc.crt. You must install this certificate on each client computer.

What to Do Next

Installing Security Certificates on Client Computers

Installing Security Certificates on Client Computers

Procedure


Step 1 Put the certificate file into the folder where you store your security certificates.

Step 2 Use the SECURITY_CertificateDirectory registry subkey name to specify the folder where the certificates are stored.


Related Topics

Configuration of Security Certificate Registry Settings, page 3-13

Configuring Client Services Framework

Procedure


Step 1 Set the value for the LDAP_Server_1 value name to set the URL of the LDAP server. For example, set the value of LDAP_Server_1 to the following:

ldaps://ldap.example.com

The only change from using standard LDAP is that you specify the protocol as ldaps instead of ldap.

Use the FQDN of the LDAP server as specified in the certificate. You cannot use the IP address of the LDAP server, or the server name alone. Ensure that the FQDN is reachable. If the FQDN cannot be reached using DNS, add an appropriate entry to your hosts file.

If your LDAP server does not use the default port for LDAPS, specify the port with the URL. For example, enter a value such as the following:

ldaps://ldap.example.com:19636

Step 2 Restart Cisco UC Integration for Microsoft Lync.

Step 3 To verify that you are connected to LDAPS, do one of the following, then select Tools > Server Status:

Microsoft Lync: Select the menu arrow in in the Microsoft Lync window.

Microsoft Office Communicator: Select in the title bar.

Read the server protocol information in the Server Status tab. The protocol is displayed as ldap. Read the server port field to verify that you are connected to LDAPS.


Related Topics

Configuring Registry Settings for the Client Services Framework Client Integration

Configuring Microsoft Lync 2010 or Microsoft Office Communicator 2007 to Use HTTPS to Access Custom Availability Statuses

Cisco UC Integration for Microsoft Lync includes custom availability statuses such as "On the Phone". These statuses are stored in the custom availability status file cisco-presence-states-config.xml.

Microsoft Lync 2010 and Microsoft Office Communicator 2007 R2

By default, in Microsoft Lync 2010 and Microsoft Office Communicator 2007 R2, the URL specified in the Custom presence states URL group policy setting must begin with https://.

As a result, Microsoft Lync 2010 and Microsoft Office Communicator 2007 R2 cannot use the Cisco UC Integration for Microsoft Lync custom availability statuses. In this case, Cisco UC Integration for Microsoft Lync uses the generic Microsoft Lync 2010 and Microsoft Office Communicator "Busy" availability status instead of the Cisco UC Integration for Microsoft Lync "Busy: On the phone" custom availability status.

To enable the custom availability statuses, do the following:

1. Put a copy of the cisco-presence-states-config.xml file on a secure web server, that is, a server that you can access with the https:// protocol. You can use the same IIS server that runs on your Microsoft Lync Server or OCS.

2. Update the Custom presence states URL group policy setting or registry setting on the computers of your users with the https:// URL of the cisco-presence-states-config.xml file.

For information about how to apply these policy settings, see the following URLs:

http://www.microsoft.com/DOWNLOADS/details.aspx?familyid=5D6F4B90-6980-430B-9F97-FFADBC07B7A9&displaylang=en

http://www.microsoft.com/downloads/details.aspx?FamilyID=dd3cae08-3153-4c6a-a314-daa79d616248&displaylang=en

Microsoft Office Communicator 2007 R1

The location of the cisco-presence-states-config.xml file is set in the Custom presence states URL Microsoft Office Communicator group policy setting. In Microsoft Office Communicator 2007 R1 this URL can use any of the following protocols:

file://

http://

https://

Cisco UC Integration for Microsoft Lync installs the cisco-presence-states-config.xml file in the local file system of the computer of the user. Cisco UC Integration for Microsoft Lync also updates the Custom presence states URL group policy setting to refer to this file with the file:// protocol.

Location of Custom Availability Statuses File

On computers that have Cisco UC Integration for Microsoft Lync installed, the cisco-presence-states-config.xml file is in the following location:

<drive>:\Program Files\Cisco Systems\Cisco UC Integration TM for Microsoft Lync\Config\presence

Configuration of Telephony Options for Microsoft Applications

We recommend that you configure Microsoft applications in particular ways to avoid situations where voice traffic is allowed from both Cisco UC Integration for Microsoft Lync and Microsoft Lync. This could result in the following problems:

A confusing user experience, as users can place and receive calls from a mixture of user interface elements in both applications.

Inconsistent voice traffic. That is, calls from Cisco UC Integration for Microsoft Lync might give a different audio experience to Microsoft Lync.

A mixed configuration is more difficult to manage, as administrators must track traffic from two sources. You might want to monitor voice usage in your network and if you use both applications, you must configure your monitoring tools to track traffic from both applications.

The following sections describe how to avoid these problems with your Microsoft applications:

Microsoft Lync Server Telephony Option

Microsoft Office Communicator Policies

Microsoft Office Phone Policy

Microsoft Lync Server Telephony Option

We recommend that you set audio and video telephony to disabled for your Microsoft Lync users.

Related Topics

Enabling Users for Microsoft Lync Server, page 2-3

Microsoft Office Communicator Policies

We recommend that you configure Microsoft Office Communicator policies to allow only IM and availability status traffic on all Cisco UC Integration for Microsoft Lync user groups.

We recommend that you configure the Microsoft Office Communicator policies as shown in the following table:

Policy
Set Value To...

TelephonyMode

5 = IM and Presence Only

DisableAVConferencing

1


For information about how to apply these policy settings to Microsoft Office Communicator, see the following URL:

http://www.microsoft.com/downloads/details.aspx?FamilyID=dd3cae08-3153-4c6a-a314-daa79d616248&displaylang=en

You can also find the policy administrative template file Communicator.adm on that web site.

Alternatively, you can apply the following keys to set the policies manually:

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Communicator]"TelephonyMode"=dword:00000005

[HKEY_CURRENT_USER\Software\Policies\Microsoft\Communicator]"DisableAVConferencing"=dword:00000001

Related Topics

Configuring Registry Settings for the Client Services Framework Client Integration

Microsoft Office Phone Policy

We recommend that you configure a Microsoft Office policy to disable the Call menu that appears when you select a contact in a Microsoft Office application. This Call menu only appears if you have the correct smart tag switched on in the relevant Microsoft Office application.

Cisco UC Integration for Microsoft Lync provides an Additional Actions menu that enables you to call contacts that you select in your Microsoft Office applications. If you do not disable the Call menu, this can result in a confusing user experience, as users might think that they can perform similar actions from a mixture of user interface elements.

To disable the Call menu in Microsoft Office, set the value of the Phone policy to zero (0).

Alternatively, you can apply the key to set the policy manually.

[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\PersonaMenu]"Phone"=dword:00000000


Note In the registry keys, the values 11.0 and 12.0 refer to the different versions of Microsoft Office; 11.0 refers to Microsoft Office 2003 and 12.0 refers to Microsoft Office 2007.


About the Client Services Framework Cache and LDAP Searches

Cisco Unified Client Services Framework allows users to cache the following user credentials between sign-outs and sign-ins:

Cisco Unified Communications Manager

Voicemail

LDAP

Cisco Unified MeetingPlace

Client Services Framework also maintains a cache of LDAP contacts. This cache is only updated from LDAP when Client Services Framework is restarted.

When you place a call, receive a call, or miss a call, the contacts for the calls are added to your Client Services Framework cache. Any contact that is in your conversation history is automatically placed in your cache. All of the data for the contacts in your contact list in Microsoft Lync or Microsoft Office Communicator is also cached.

If a contact for a call already exists in the cache, Client Services Framework does not search LDAP. If a contact does not exist in the cache, Client Services Framework searches LDAP. LDAP searches are only performed when you place a call to, or receive a call from a contact who is not in your conversation history or your Microsoft Lync or Microsoft Office Communicator contact list.

All contacts in the Client Services Framework cache have already had the directory lookup dialing rules applied to all of their numbers. When Cisco UC Integration for Microsoft Lync displays numbers for contacts that are in the Client Services Framework cache, the numbers have already had the directory lookup dialing rules applied to them.

The Client Services Framework cache is a memory-only cache. The contents of the cache are not copied to a local file system. When the cucsf.exe process is restarted, the contents of the Client Services Framework cache are refreshed.

Incoming Calls

Outgoing Calls to Contacts Who Are Enabled for the Communications Server

Outgoing Calls to Contacts Who Are Not Enabled for the Communications Server

Outgoing Calls to Microsoft Outlook Contacts

Incoming Calls

When a user receives a call, the following events occur:

1. When Cisco Unified Communications Manager detects the incoming call, it sends the following data to Client Services Framework:

The directory number from which the call originates.

The Alerting Name of the directory number that is specified in the Directory Number Configuration screen, if the field is not blank.

2. Client Services Framework sends the directory number and alerting name to Cisco UC Integration for Microsoft Lync.

3. Cisco UC Integration for Microsoft Lync displays the directory number and the LDAP name (if resolved, otherwise the alerting name) in a notification window and, if the call is answered, in the conversation window.

4. If the directory number is not in the Client Services Framework cache, Client Services Framework applies any directory lookup dialing rules to the directory number. This occurs while Client Services Framework transmits the data to Cisco UC Integration for Microsoft Lync.

5. If the directory number is not in the Client Services Framework cache, Client Services Framework searches LDAP for the number that is returned after the directory number is processed by the directory lookup dialing rules and any relevant phone number mask is applied.

6. LDAP sends the LDAP data for any matches back to Client Services Framework, including data such as other phone numbers, and a URI of a photo of the caller.

7. Client Services Framework updates the data for the contact and sends the updated data to Cisco UC Integration for Microsoft Lync.

8. Cisco UC Integration for Microsoft Lync updates the conversations window. For example, at this point a photo of the caller might be displayed as the photoURI field from LDAP is passed to Cisco UC Integration for Microsoft Lync by Client Services Framework.

Outgoing Calls to Contacts Who Are Enabled for the Communications Server

When a user places a call to a contact who is enabled for Microsoft Lync Server or OCS, the following events occur:

1. Cisco UC Integration for Microsoft Lync sends the number for the contact to be called to Client Services Framework, and asks Client Services Framework to place a call to that number.

2. If the contact is not in the Client Services Framework cache, Client Services Framework searches LDAP for details of the party to be called.

3. LDAP sends data back to Client Services Framework.

4. Client Services Framework sends data about the contact back to Cisco UC Integration for Microsoft Lync. If the contact has several numbers, Cisco UC Integration for Microsoft Lync displays a window from which the user selects the number to call. If the contact has only one number, Cisco UC Integration for Microsoft Lync places the call.

5. Client Services Framework applies any directory lookup dialing rules to the number to be called.

6. Client Services Framework searches LDAP for the number that is returned after the directory lookup dialing rules are applied and any relevant phone number mask is applied.

7. Client Services Framework applies the application dialing rules and sends the number to Cisco Unified Communications Manager.

8. Cisco Unified Communications Manager places the call.

Outgoing Calls to Contacts Who Are Not Enabled for the Communications Server

When a user places a call to a contact who is not enabled for Microsoft Lync Server or OCS, the following events occur:

1. Cisco UC Integration for Microsoft Lync sends the display name for the contact to Client Services Framework.

2. If the contact is not in the Client Services Framework cache, Client Services Framework searches LDAP for the contact associated with the display name. The operator for this search is contains rather than equals.

3. If the LDAP search returns more than one contact, Cisco UC Integration for Microsoft Lync displays a window from which the user selects the number to call. If the contact has only one number, Cisco UC Integration for Microsoft Lync places the call.

4. Client Services Framework applies any directory lookup dialing rules to the number to be called.

5. Client Services Framework searches LDAP for the number that is returned after the directory lookup dialing rules are applied and any relevant phone number mask is applied.

6. Client Services Framework applies the application dialing rules and sends the number to Cisco Unified Communications Manager.

7. Cisco Unified Communications Manager places the call.

Outgoing Calls to Microsoft Outlook Contacts

When a user places a call to a Microsoft Outlook contact, the following events occur:

1. The user drags a contact from the Microsoft Lync or Microsoft Office Communicator contact list to the Cisco UC pane.

2. Cisco UC Integration for Microsoft Lync searches the Microsoft Outlook contacts for a user that matches the display name. If a contact is found, then the contact is added to the Client Services Framework cache.

3. Client Services Framework applies any directory lookup dialing rules to the phone numbers of the contact.

4. Client Services Framework searches LDAP for the number that is returned after the directory lookup dialing rules are applied and any relevant phone number mask is applied.

5. Client Services Framework applies the application dialing rules and sends the number to Cisco Unified Communications Manager.

6. Cisco Unified Communications Manager places the call.

How to Configure Cisco UC Integration for Microsoft Lync Clients for Secure Access to Cisco Unified MeetingPlace

Configuring Secure Access to Cisco Unified MeetingPlace

Downloading the IIS Certificate from Cisco Unified MeetingPlace

Configuring Secure Access to Cisco Unified MeetingPlace

For information about how to set up the Cisco Unified MeetingPlace web server for secure access, see the Administration Documentation for Cisco Unified MeetingPlace at:

http://www.cisco.com/en/US/products/sw/ps5664/ps5669/products_installation_and_configuration_guides_list.html

What To Do Next

Downloading the IIS Certificate from Cisco Unified MeetingPlace

Downloading the IIS Certificate from Cisco Unified MeetingPlace

Procedure


Step 1 Open the Internet Services Manager on the Cisco Unified MeetingPlace Web Server.

Select Start > Programs > Administrative Tools > Internet Information Services Manager.

Step 2 Navigate to Default Web Site.

Select the + sign beside Local Server > Web Sites to open the appropriate directory trees.

Step 3 Right-click Default Web Site.

Step 4 Select Properties.

Step 5 Select the Directory Security tab.

Step 6 Select Server Certificate. The Web Server Certificate wizard displays.

Step 7 Select Next.

Step 8 Select Export the current certificate to a pfx file, then select Next.

Step 9 Select Browse and select to save the certificate file to your desktop.

Step 10 Select Next.

Step 11 Enter a password to encrypt the certificate.

Step 12 Enter the password again to confirm it, then select Next. The Export Certificate Summary Screen displays and the exported certificate file is now on your desktop.

Step 13 Select Next.

Step 14 Select Finish to close the Web Server Certificate wizard.


What To Do Next

Installing Security Certificates on Client Computers

How to Configure Cisco UC Integration for Microsoft Lync Clients to Enable Secure Voicemail Access

Configuring Secure Voicemail Access to a Cisco Unity Server

Configuring Secure Voicemail Access to a Cisco Unity Connection Server

Configuring Secure Voicemail Access to a Cisco Unity Server

Procedure


Step 1 Set the following registry values:

Value Name
Set Value To...

VVM_SystemServer_01

The IP address of the Cisco Unity server

VVM_SystemServer_VmwsProtocol_0

HTTPS

VVM_SystemServer_VmwsPort_0

443

1 The last character in the value names described in this table can be 0 or 1 depending on whether the server is a primary or secondary server.


Step 2 Download a certificate for secure access to Cisco Unity. For more information, see Downloading the IIS Certificate from Cisco Unity.

Step 3 Install the certificate on the client computer, see Enabling LDAP Over SSL.


Downloading the IIS Certificate from Cisco Unity

Procedure


Step 1 Start a browser on the Cisco Unity server.

Step 2 Use the HTTPS protocol to access the URL of the Cisco Unity server.

You can access the URL structured as follows:

https://<localhost>

For example, access:

https://unityserver/

Step 3 Select View Certificate on the security dialog box.

Step 4 Select the Details tab.

Step 5 Select Copy to File.

Step 6 Select DER encoded binary X.509 (.CER), then select Next.

Step 7 Enter a filename for the certificate, then select Next.

Step 8 Verify the details of your certificate on the Completing the Certificate Export Wizard screen, then select Finish.


What To Do Next

Enabling LDAP Over SSL

Configuring Secure Voicemail Access to a Cisco Unity Connection Server

Procedure


Step 1 Set the following registry values:

Value Name
Set Value To...

VVM_Mailstore_Server_01

The IP address of the Cisco Unity Connection server

VVM_Mailstore_ImapProtocol_0

TLS

VVM_Mailstore_ImapPort_0

7993

VVM_Mailstore_EncryptedConnection

True

1 The last character in the first three value names described in this table can be 0 or 1 depending on whether the server is a primary or secondary server.


Step 2 Download a certificate for secure access to Cisco Unity Connection. For more information, see Downloading the Tomcat Certificate from Cisco Unity Connection.

Step 3 Install the certificate on the client computer, see Enabling LDAP Over SSL.


Related Topics

Specifying Voicemail and Visual Voicemail Registry Settings

Downloading the Tomcat Certificate from Cisco Unity Connection

Procedure


Step 1 Select Security > Certificate Management in Cisco Unified Operating System Administration.

Step 2 Find the Tomcat certificate.

Step 3 Select the tomcat.der link.

Step 4 Select Download, then save the tomcat.der file to your computer.


What To Do Next

Enabling LDAP Over SSL