Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5253
Views
15
Helpful
21
Replies

Cisco VCS X6.1 and MS Lync 2010 over TLS

Go to solution
Evgeniy.Glazkov
Level 1
Level 1

‎07-20-2011 11:57 PM - edited ‎03-17-2019 10:23 PM

Hello all!

I have a problem integrating CiscoVCS(X6.1) and Lync 2010.

I could not setup VCS Control to Lync connection over TLS, but I done it with TCP.

If I try TLS, there are Event="Outbound TLS Negotiation Error", Detail="bad packet length" records in the VCS Control event log.

Both VCS and Lync certificates are from same trusted CA with their FQDNs  as the subject names, and both VCS and Lync FQDNs with PTRs are in DNS. Of course, VCS and Lync FQDNs, which is subjects of certificates, used in VCS zone peer and Lync trusted app destination host.

Calls to VCS is from IP of the Lync FEP. We don`t use any HLB and Directors. Also, VCS is standalone, without any balancers or clustering.

Signaling from Lync is done, but as I see, VCS cannot send any data back.

Lync is on Server 2008 R2 x64

Thanks for any suggestions!

Labels:
0 Helpful
21 Replies 21

Go to solution
ryquinla
Cisco Employee
Cisco Employee
In response to ryquinla

‎08-25-2011 05:50 AM

I don't know the root cause as to what causes the VCS to not send a full list of ciphers.

The procedure I outlined above does correct the behavior though.

0 Helpful

Go to solution
Evgeniy.Glazkov
Level 1
Level 1
In response to ryquinla

‎08-25-2011 05:57 AM

Thank you, I will try it!

0 Helpful

Go to solution
Martin Koch
VIP Alumni
VIP Alumni
In response to Evgeniy.Glazkov

‎08-25-2011 05:23 PM

In reflection of the c20 post, which software image do you run on the VCS?

with:

[   ] s42700x6_1_0.tar.gz     21-Apr-2011 12:39  266M  


or without:
[   ] s42701x6_1_0.tar.gz     21-Apr-2011 12:43  266M  

encryption?

Please remember to rate helpful responses and identify

0 Helpful

Go to solution
Evgeniy.Glazkov
Level 1
Level 1
In response to Martin Koch

‎08-25-2011 10:23 PM

Hello, Martin!

I am use s42701... Can you tell, where described, that this software version don`t support encription?

Can I replace software with s42700, or it will not work?

Thanks!

0 Helpful

Go to solution
Martin Koch
VIP Alumni
VIP Alumni
In response to Evgeniy.Glazkov

‎08-28-2011 12:36 PM

Hi Evgeniy!

To be on the save side, I would recommend talking to your Cisco representative.

In general the update should either start or stop during the validation of the release key.

So in theory you shall not be able to harm your VCS when you try.

Again, I would say it should fail due to the NC key.

If you are able to upgrade, always double check the laws and regulations in your region.

Please remember to rate helpful responses and identify

0 Helpful

Go to solution
Evgeniy.Glazkov
Level 1
Level 1
In response to Martin Koch

‎08-29-2011 12:33 AM

Ok, thank you, Martin!

0 Helpful

Go to solution
ryquinla
Cisco Employee
Cisco Employee
In response to Evgeniy.Glazkov

‎08-29-2011 08:55 AM

If you have s42701 running you won't be able to upgrate to a 00 or s42700 build. The crypto and non crypto software is tied to the release keys.

In any case the fact that you're on a NC build should not matter. Even as it stands with the NC build the VCS is capable of offering up a TLS connection.

If you're having trouble with the procedure I sent earlier please call TAC and work with them.

Regards

0 Helpful
Customers Also Viewed These Support Documents