Lync 2010/2013 Trusted Application Pool, communication paths and firewalls ?

Integrating the Lync 2010/2013 server with a trusted application is one of the major task that an admin needs to do for integrating with 3rd party device.

In this article lets have a look at few things that we need to consider  to accomplish this task.

In-order to establish a signaling gateway between the Lync servers and these 3rd party medias we need to create a trusted application pool for them which will be acting as a gateway for to and fro communications.

This Trusted application pool must be created and defined in the Lync topology to represent the 3rd party application
New-CsTrustedApplication -ApplicationID VideoRouting -TrustedApplicationPoolFqdn -Port 5061

Next step is we need to define the end points for this Trusted application pool by creating Static Routes

Static route can be created for a SIP URI and then point that route to trusted application pool as next hop.
This static route can have a seperate SIP name space which points to the SIP URI used by the organization.

$route = New-CsStaticRoute -TLSRoute -Destination “” -Port 5061 -MatchUri “” -UseDefaultCertificate $True
Set-CsStaticRoutingConfiguration -Identity global -Route @{Add=$route}

Lync operates Exactly similar to Exchange’s Internal Relay method for an accepted domain with respect to a shared SIP domain. It first attempts to resolve a URI internally, and only if no match is found does it route the call to the third-party system.

Note :

The DMA certificate only needs to be installed on the DMA, there is no need to have it saved on the Lync servers

Codec Support :

The signaling between the Lync and third party device happens always via SIP but still the final end point hosts must have a IP connectivity and a type of codec to send the media stream between each others.

This integration is very basic and the type of integration between both the video end points should be only H.263 considering the facts that third party end points did not support Microsoft’s RTVideo codec at any point of time.
Namespace Considerations:

Though from Lync 2013 it is possible to have the same SIP name space but still its is better to have 2 separate name spaces to differentiate only for IM enabled users and Video end points

Gateways ( DMA – Distributed Media Applications)

Any signaling gateway product used to achieve this type of integration with Lync server is called the Distributed Media Application (DMA). This DMA’s can be a 3rd party Audio/Video communications server that integrates with lync servers.

An organization can have multiple DMA’s for redundancy even in different geographical locations with different static routes.

Port Requirements:

Recommendation is to use a unique port which is free within a pool ,  so that application can use it. If you have mutiple trusted application pool , you may need to add different port numbers. As it is not a standard application built inside Lync , there is no specific port reserved for it.

For reference :


Sathish Veerapandian

MVP – Exchange Server 

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: