Lync Server Media Bypass fails when CsMedia Encryption Level flag is set to RequireEncryption

Applies to: Lync Server 2010 Enterprise EditionLync Server 2010 Standard EditionLync Server 2013

Symptoms

  • The Lync Server Monitoring Server Reports' Media Quality Summary Report shows a lower than expected number of Media Bypass calls
  • Lync VoIP calls to the PSTN have poor audio quality

Cause

This problem can occur for Lync  VoIP call to the as follows:

  • Lync Server  Mediation Server is configured to use a PSTN non-TLS enabled gateway 
  • The Lync Server trunk configuration is configured to use one of the following SRTPMode values:

    Required, Optional, or Not Supported

  • The Lync client's media configuration's EncryptionLevel is set to:

    RequireEncryption
A PSTN gateway that is configured to use a non-TLS transport will not be able to accept SRTP traffic from a Lync client. To support this configuration Lync Server will not allow media bypass to happen. This will cause Media Bypass to fail back to a media connection between the Lync Server Mediation server and the non-secure TCP transport configuration of the PSTN gateway.

Resolution

Use the following information to resolve the issues that are described in the Symptoms section of this article:

Use the following steps to launch the Lync Server Management Shell from the Windows Server console:

Using Windows Server 2012
  1. Press the Windows function key to access the Windows Start page
  2. Click on the Lync Server Management Shell tile
Using Windows Server 2008 or Windows Server 2008 R2

  1. Click on Start, All Programs, Microsoft Lync Server and then choose Lync Server Management Shell
Use the following steps to continue with the resolution for this issue:

  1. Click on Start, All Programs, Microsoft Lync Server
  2. Click on the Lync Sever Management Shell menu option
  3. Use the following Lync Sever PowerShell cmdlet to set the Lync Server  site's media configuration EncryptionLevel to SupportEncryption:

    Set-CsMediaConfiguration -Identity site:Redmond1 -EncryptionLevel SupportEncryption
Note The default value for EncryptionLevel is RequireEncryption

Note Replacing the SupportEncryption value with DoNotSupportEncryption will not allow the Lync Server 2 site's clients to negotiate media encryption 

More Information

For more detailed information on the topics that are discussed in this article review the following Microsoft TechNet documentation:

Set-CsMediaConfiguration

Set-CsTrunkConfiguration

New-CsNetworkMediaBypassConfiguration

Media Bypass

Configure Media Bypass on a Trunk

Media Quality Summary Report