A call transfer that is made by a UCMA-based application may be unsuccessful in Office Communications Server 2007 R2


Microsoft Unified Communications Managed API (UCMA 2.0) based trusted applications can transfer calls by using the BeginTransfer method in the Call class. In this situation, the transfer operation is unsuccessful if call authorization is performed by Office Communications Server (OCS) 2007 R2. This usually happens when the transfer target is a telephone number that is outside of the enterprise.


This issue occurs because the UCMA platform does not support the Referred-By header signing feature. OCS 2007 R2 authorizes calls to the Public Switched Telephone Network (PSTN) that results from a transfer by verifying the permissions of the transferor. This is done by verifying the Referred-By header in the Invite request. For a trusted application, this Referred-By header has to be signed by the application itself by using its certificate when the transfer operation starts. OCS 2007 R2 does not authorize calls to the PSTN if the Referred-By header is not signed or if the signature cannot be verified. Therefore, the call transfer is unsuccessful.


To fix this problem, follow these steps:
  1. Install the following cumulative update for UCMA 2.0.
    982170 Description of the cumulative update for Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redist 64-bit: July 2010
  2. For UCMA 2.0-based trusted applications that transfers calls to PSTN numbers, make sure to add all the Fully Qualified Domain Names (FQDNs) of the OCS 2007 R2 pool into the authorized list of servers that can connect to the application. The signature verification process requires OCS 2007 R2 to connect to the application host in order to obtain the certificate that is used for signing.

    • If the certificate on the application host changes, the application has to restart in order to make sure that the connections are reestablished by using the new certificate.
    • Applying the cumulative update alone may not be sufficient if the trusted application does not authorize all OCS 2007 R2 pools that you deployed. Please contact the application vendor to address this issue.


Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

Article ID: 2251445 - Last Review: Jul 22, 2010 - Revision: 1