Monthly Archives: October 2014

AudioCodes 400HD Phone Updates for Lync


AudioCodes HD Phones

Big update for AudioCodes phone users.  Version 2.0.7 has been announced today and works with the 400HD series of phones including the 420HD and 440HD we commonly see deployed.

The new enhancements are as follows:

  • Better Together Over Ethernet (BToE) is out of beta and now an officially supported.  AudioCodes implementation of this feature does not require that your computer is directly connected to the phone, which is a nice touch.  The feature is supported on Windows 7 and up at this time.
  • Boss/Admin Support is available on the 430HD and 440HD lines.
  • IP Phone Management Server is available if you run EMS (Element Management System). EMS is a management system for customers who have multiple AudioCodes products including SBCs, SBAs, IP phones and media gateways and want the best administrative experience for it.  If you don’t have EMS, you can still provision phones using DHCP Option 160 and configuration files.

Navigate to to get your copy of the new version and BToE software.

Unboxing the MVP Award

I was awarded the Microsoft MVP award on October 1st, 2014 for Microsoft Lync.  As is customary, I thought I’d write up a post on the why, and because I’m a dork, walk through the unboxing of the physical part of the award so you can see how it arrives and what’s inside.  Part of this write-up is just for myself, as I was curious about this part of it from the moment I was nominated.

What is an MVP?

It’s easiest to cut and paste from Microsoft’s MVP site, and I like easy.

“Microsoft Most Valuable Professionals, or MVPs are exceptional community leaders who actively share their high-quality, real-world deep technical expertise with the community and with Microsoft. They are committed to helping others get the most out of their experience with Microsoft products and technologies.

Who nominated you?

I was nominated more than once, but the first nomination came from Georg Thomas, Lync MVP out of New York and all around great guy.  You should check out his blog here:

Why were you nominated?

I believe initially I was noticed due to my TechNet activity.  TechNet is a pastime for me and I love helping people out as much as I can.  You can see my TechNet contributions in the right pane of this blog because I’m proud of that and encourage people to participate there.

What did you do to receive the award?

A lot, but I don’t know for sure what counted and what made the difference.  They don’t tell you that and I’m not sure there’s a formula.  When you’re nominated, you’ll receive a form to fill out where you can build out your profile.  They want to know primarily what contributions you’ve made to the Lync community.  In my case, I suspect it was TechNet activity, blogging, and free tools I’ve made available.  I’ve done some speaking as well and am generally passionate about Lync.  My profile with some of my contributions can be found here:

When did you receive the award?

They’re awarded quarterly, I received mine on October 1st as I mentioned at the top.   The morning the award is handed out, you will hit refresh on your email a thousand times.  I tried to be cool about it, but I wasn’t.  I really failed at the being cool part.

What do you do now?

Nothing changes, I wasn’t contributing because I wanted the award, I was contributing because I like to contribute and be a part of the community.  What does change a bit is I’m very aware of the MVP stamp next to my name and try to be careful that any advice I give is as accurate as possible, not that I wasn’t before.

What do you get?

I get to be identified as an MVP, which is a huge honor for me.  I also get to attend the 2014 MVP Summit, where I’ll get to meet MVPs from all over.  I’m incredibly excited about that because I’ll get to meet many of my heros and people that I’ve known online forever but never had the chance to meet in person.  I also get a physical award which is shipped in a box like this:


I’m sort of curious about the people on the front of the box, they must be MVPs right?  I wonder how they feel about being the face of Microsoft’s MVP program.  Open the box and there’s a plaque, a box, a pamphlet, a pin and a card.


Take it apart, there’s an ID card.  I’m not sure what that’s for just yet.  There’s a lapel pin, which is cool.  A mysterious envelope full of NDA stuff, and the pamphlet welcoming me.



Time to open the big box.  It’s the physical award.

IMG_3231 IMG_3232

There’s a little glass ring that goes on the award, instructions are included.  Please, no jokes about the instructions.


And here it is assembled.


Everything in this kit is well designed and engineered, Microsoft spend a lot of time on this and it really makes you feel appreciated.


Here’s the plaque, mounted.


And last but not least, stickers!  I’ll have to come up with something creative to do with these.


Reminder: Chicago UC Users Group (And LA, Baltimore, Kansas City…)

Just a reminder that the quarterly US Lync Users Groups are coming up.

Jeff Schertz, Director of Content and all around Lync guru, blogs about the event here: and it looks like Baltimore and Kansas City groups were added!

I’ll be attending the Chicago group on Wednesday, October 22nd.  If you haven’t ever attended, I HIGHLY recommend going for the great presentations as well as the networking with other individuals excited about Microsoft Lync.  This isn’t some unorganized dry meeting either, it’s put together by some pretty heavy hitters in the Lync world.  Head over to and find your group on  If you’re also headed to the Chicago one, come find me and say hi!

  • October 15th – Los Angeles, CA
  • October 21st – Cincinnati, OH
  • October 21st – Philadelphia, PA
  • October 22nd – Chicago, IL
  • October 28th – Nashville, TN
  • October 28th – Silicon Valley, CA
  • October 30th – Atlanta, GA
  • November 3rd – Seattle, WA
  • November 5th – Boise, ID
  • November 5th – Charlotte, NC
  • November 7th – Portland, OR
  • November 11th – Detroit, MI
  • November 13th – San Francisco, CA
  • November 20th – New York, NY
  • October TBA – Milwaukee, WI

AudioCodes ShellShock News

I’m posting this quickly for those of you who may not receive the AudioCodes announcements in your email as it is quite important.

The following AudioCodes products include the Bash shell and therefore are affected by the ShellShock exploit.  I have been told that the issue is exposed only after a successful user login.  Changing the credentials from default is considered an effective interim measure.

  • AudioCodes Mediant 8000 and Mediant 5000 Shelf Controllers (SC-2 running Linux)
  • AudioCodes EMS (Element Management System) / SEM (Session Experience Manager)

A patch will be released that addresses this threat for customers running version 6.6 or 6.8 and have a current support agreement.

What I wanted to make clear, is that while many AudioCodes products run Linux on the backend (as can be seen in my AudioCodes Mediant Virtual Edition SBC Installation post), they do not include the Bash shell and therefore are not affected.

So, if you’re running a Mediant 500, 800, 1000, 2600, 2000 or 3000 as we commonly see with Microsoft Lync, or a MediaPack gateway, you’re safe.  🙂

The product notice is available on the AudioCodes website, but does require a login: Product Notice #0223 Shellshock Security Threat to AudioCodes Products



Lync 2013: How to Customize Conferencing Attendant Prompts

Disclaimer: I am not sure that this is a supported change to Lync 2013.  However, there are times as IT pros when we’re asked to make such changes.  I am documenting my experience here.

Update 10/7/2014: As Richard pointed out in the comments, there is a supported MSI which performs a similar task with three of the audio prompts.  I have modified the title to reflect this. To use your own voice or modify additional prompts, this blog post still applies. I cannot imagine you would run into trouble performing this procedure.  I want to thank Richard specifically for pointing this out and providing a link:

I have been asked by a larger client of mine to make a production change to their Lync 2013  pools.  They wish to modify the audio that is heard when a call is made into Lync dial-in conference to match the voice that is heard throughout their automated attendants and other prompts.

This was a feature previously supported by OCS 2007 R2 as can be seen in the following link:  Knowing that there’s documentation for OCS 2007 R2, I feel comfortable making the change.  However, I also expect that any time we patch the system, there is a risk that these audio files will be overwritten.  We should be careful to check to see if the files were altered or modified in any way during each patch cycle.

The audio files can be found in the following directories:

  • %Programfiles%\Microsoft Lync Server 2013\Application Host\Applications\Conferencing Attendant\Media\EN-US (or your regional language)
  • %Programfiles%\Microsoft Lync Server 2013\Application Host\Applications\Conferencing Attendant\Media\Music

This client is solely located within the United States, and as such, I was only concerned with the EN-US directory, however this change equally applies to all other languages.

Per the OCS TechNet article referenced above,  I was able to record the files using the following format (or at least close enough):

  • Windows Media Audio (WMA) file format
  • 16-bit mono
  • 48 kbps 2-pass CBR (constant bit rate)
  • Speech level at -24DB

After making a backup of the original files, one server in the pool at a time I replaced the files as noted in the article.  What isn’t mentioned in the article is that with Lync 2013, you will need to restart the “Lync Server Conferencing Attendant” service before the changes take effect.  Once complete, you should be able to call in and verify the audio has been successfully replaced.  You are free to move on to the next pool if you have one.

For your reference, a transcription of all of the US English audio files can be found below.

FilenameAudio Transcription
BWMGMT_CAA_AVMCUFAIL.wmaSorry, all circuits are busy, please try again.
JOIN_AUTH_AUTHFAIL.wmaSorry, that phone number and pin don't match.
JOIN_AUTH_ENTERFULLPH.wmaPlease enter your full phone number starting with the country code.
JOIN_AUTH_ENTERPH.wmaTo identify yourself, please enter your extension or full phone number followed by a #.
JOIN_AUTH_ENTERPIN.wmaPlease enter your pin, and then press #.
JOIN_AUTH_ORGANIZER.wmaIf you scheduled this meeting, please enter your pin now. If you've been designated as a meeting leader, please press * again.
JOIN_AUTH_ORGAUTHFAIL.wmaSorry, the pin that you entered does not match the meeting organizer's pin.
JOIN_AUTH_PINEXPIRED.wmaSorry, your pin has expired. Please wait if you would like to join without being the leader. To reset your pin, you need to click on the link in your email invatation.
JOIN_AUTH_PINLOCKED.wmaSorry, your pin has been locked. Please wait if you would like to join without being the leader. To reset your pin, you need to click the link in your email invitation.
JOIN_AUTH_PINNOTSET.wmaSorry, your pin hasn't been set up yet. Please wait if you would like to join without being the leader. To set up your pin, you need to click on the link in your email invitation.
JOIN_CONFNOTFOUND.wmaSorry, I can't find a meeting with that number. Try entering your conference ID again and then press #.
JOIN_ENTERCONFID.wmaPlease enter a conference ID, and then press #.
JOIN_FAIL_DISCONNECT.wmaSorry, no current meeting matches that information. Please contact the meeting leader for assistance. Goodbye.
JOIN_FAIL_NOTADMITTED.wmaSorry, you cannot be admitted to the meeting at this time. Please contact the meeting leader for assistance. Goodbye.
JOIN_FAIL_TRANSFER.wmaSorry, I can't seem to connect you to your meeting right now. Please try your call again later. Goodbye.
JOIN_FAIL_TRYANONYMOUS.wmaSorry, I cannot retrieve your information at the moment. Please wait while I try to join you to the meeting anonymously.
JOIN_FAIL_VALIDATE.wmaSorry, I'm having trouble accessing the system right now. Please try your call again. Goodbye.
JOIN_HOLDINGPEN_ENTERING.wmaThe leader has not yet joined the meeting. Please wait for the leader to admit you to the meeting. Thank you for your patience.
JOIN_IFLEADERAUTH.wmaIf you’re the leader, please press * now.
JOIN_JOINING_ANONYMOUS.wmaYou are now joining the meeting as an unknown participant.
JOIN_JOINING_GENERAL.wmaYou are now joining the meeting.
JOIN_JOINING_PRESENTER.wmaYou are now joining the meeting as a leader.
JOIN_LANG_PRESS1.wmaTo continue in English, press 1.
JOIN_LANG_PRESS2.wmaFor English, press 2.
JOIN_LANG_PRESS3.wmaFor English, press 3.
JOIN_LANG_PRESS4.wmaFor English, press 4.
JOIN_LANG_PRESS5.wmaFor English, press 5.
JOIN_LOBBY_ENTERING.wmaPlease wait for the leader to admit you to the meeting. Thank you for your patience.
JOIN_LOBBY_TIMEOUT.wmaThe leader has not yet activated the meeting, or the wait time has been exceeded. You can try again later, or you might ask the organizer whether your meeting was cancelled. We apologize for the inconvinience. Goodbye.
JOIN_NEEDSAUTH.wmaThe leader has restricted this meeting's access to identified participants.
JOIN_NEEDSAUTH_LOCKED.wmaThe leader has locked this meeting.
JOIN_NOINPUT.wmaSorry, I didn't get that.
JOIN_PASSCODE_ENTER.wmaPlease enter your passcode and then press #.
JOIN_PASSCODE_INVALID.wmaSorry, I can't find a meeting with that passcode. Try entering your passcode again, and then press #.
JOIN_WAITFORLOBBY.wmaOtherwise, wait on the line for a leader to admit you.
JOIN_WELCOME.wmaWelcome to the audio conferencing center. Please enter a conference ID, followed by #.
RECNAME_RECORDING_REQUEST.wmaAfter the tone, please record your name and then press #. *ding*


How Many SIP Domains Does Lync Support?

What happens when we have many domains?

Note: This post is not intended to be a complete walkthrough or listing of all scenarios or workarounds.   It’s intended to be an exploration of some of the boundaries of Lync.  If you have employed a different method please reach out and let me know in the comments or on Twitter at @CAnthonyCaragol

How many SIP domains can you have in Lync?  It sounds like an easy question, there’s no limit.  Of course if it were that easy, you probably wouldn’t have found this article.  Let’s poke around and see if there’s a more practical answer.

Typically, you want your Lync SIP domain to line up with your Exchange email domain.  This is a common best practice due to the tight integration of the products and where our practical limits come in to play.  If you have many email domains this can get difficult or expensive quickly due to the cost of additional SANs in your certificates.

For fun, let’s look at what happens when we add hundreds of SIP domains to our environment and request a certificate from an internal authority.


In the picture, you can see the error:

Request-CsCertificate : Command execution failed: Error Parsing Request  The length of the field exceeds the maximum length.  0xc80005e2 (ESE: -1056)

That error is telling us that our certificate request is just too big.  This happens because Windows Certificate Authority has a maximum limit of 4096 characters for the encoded extension.  You can check for yourself by running “certutil -schema ext”.  I know what you’re thinking, I asked too, but you can’t change this limit.


We might have better luck requesting this certificate from an external authority, but it’s not likely.  Running down a few companies in the list of approved authorities from the Certificates for Lync Phone Edition TechNet article we find:

These authorities typically have tighter limitations than your internal authority.  There may be some hope, seems to have the most at 2000: but I have yet to try them out.

What Can We Do About It?

If you’ve hit your practical limit based upon the number of SANs, you’re going to have to reduce the number of SANs.  There are a few ways of accomplishing this that we can look at.

Reduce the number of SIP domains

One option you have is to reduce the number of SIP domains by allowing the email address to not match the SIP address.   If you decide to go this route, know that there will be difficulties.  With this method it will become very difficult for users from other companies to find you for federated chat unless they can discover your Lync address through another method.  You’ll also find some client oddities when it comes to Outlook integration.  For example, you may not see your conversation history saved.   To disable the Lync check that ensures that Outlook and Lync are logged in with the same accounts, run the following command from the Lync management shell:

Set-CsClientPolicy -DisableEmailComparisonCheck $true

There will still be issues, and you should test every feature that’s important to your organization, but this may be an option for you.

Reduce the number of SANs 

Another option is to reduce the number of SANs that are used in the certificates by avoiding the wizard and heading right for PowerShell.  In this case, Request-CsCertificate is your friend.   Running a command similar to the following allows you to control which domains you’ll be adding.  In the example below, and account for 95% of our users.

Request-CsCertificate -New -Type Default,WebServicesInternal -ComputerFqdn “” -FriendlyName “My Reduce SAN Certificate” -PrivateKeyExportable $True -DomainName “,,,,”

Keep in mind that you can limit the SANs used in simple URLs as well by configuring them to use a single common FQDN.  See Planning for simple URLs in Lync Server 2013 for more information.

For the SIP domains that haven’t been included in the certificate, we can publish lyncdiscover and lyncdiscoverinternal records only over port 80 avoiding HTTPS and we can point our SRV records for the other domains (ex. to a primary sip domain (ex as shown:


There are a few caveats to this method.  It’s important to note that when the user’s SIP address does not match the common name on the certificate, you may see an error as seen below.   The following screenshot is from a device that is trying to log in as when the certificate matches  If you plan on using this method, you should know how to work around it using the TrustModelData registry value.


Additionally some Lync phone devices may not want to authenticate at all, so plan accordingly if this is a phone deployment as well.

Use Multiple Pools Each With Different Additional SIP Domains

If you’re willing to use the above approach, where we limit the number of sip domains in the certificate, you can also consider dividing the sip domains into pools and sites.  For example, you could split the domain names across two or more pools, keeping the default sip domain in both.  Using Request-CsCertificate, each pool would be responsible for a handful of domain names.  Users would need to exist in their corresponding pool and DNS records for that SIP domain would need to point directly to that pool.  You may also need multiple reverse proxies and edge pools to accommodate.

So What’s Our Practical Answer?

Well, as you’ve seen, the limits are mostly based around certificates.  Some of these limits are based upon size, and some based upon available SANs.  If you’re going the public certificate route, the limits will depend upon the provider you choose.   There are workarounds for just about everything however, and nothing is going to provide you with a better shot at the right outcome than careful planning.

Any comments based upon your experience?  Please leave them below or find me at @CAnthonyCaragol on twitter to let me know!