Topic Last Modified: 2013-02-17
You can configure the Transport Layer Security (TLS) port that's used to listen for SIP requests on a Client Access server running the Microsoft Exchange Unified Messaging Call Router service. By default, when you install a Client Access server, the SIP TLS listening port number is set to 5061.
You may have to configure the TLS listening port to 5061 if you want to:
- Set the VoIP security setting on a UM dial plan to SIP
- Set the VoIP security setting on a UM dial plan to Secured.
- Integrate with Microsoft Office Communications Server 2007
R2 or Microsoft Lync Server.
- Use mutual Transport Layer Security (mutual TLS) to encrypt
network data between Client Access servers, Mailbox servers running
the Microsoft Exchange Unified Messaging service, and VoIP
gateways, Private Branch eXchanges (PBXs) enabled for Session
Initiation Protocol (SIP), IP PBXs, or session border controllers
If you want to use mutual TLS between a UM IP gateway and a dial plan operating in either SIP Secured or Secured mode, when you create the UM IP gateway you must configure it with a fully qualified domain name (FQDN) and then configure the UM IP gateway to listen on TLS port 5061. You must also verify that any VoIP gateways, PBXs enabled for SIP, IP PBXs, or SBCs have also been configured to listen for mutual TLS requests on port 5061.
You can only configure Client Access server TCP and TLS ports. You can’t configure the ports for an Exchange 2013 Mailbox server. However, you can use the Set-UMService cmdlet to configure the TCP and TLS listening ports for Exchange 2010 UM servers.
For additional tasks related to Unified Messaging and Client Access servers, see UM Services Procedures.
What do you need to know before you begin?
- Estimated time to complete: Less than 1 minute.
- You need to be assigned permissions before you can perform this
procedure or procedures. To see what permissions you need, see the
"Client Access server (UM call router service)" entry in the
Messaging Permissions topic.
- Verify that you have correctly installed Client Access and
- For information about keyboard shortcuts that may apply to the
procedures in this topic, see Keyboard Shortcuts in
the Exchange Admin Center.
What do you want to do?
Use the EAC to configure the TLS listening port on a Client Access server
- In the EAC, navigate to Servers > Servers.
- In the list view, select the Exchange server you want to
modify, and then click Edit .
- On the Exchange Server page, click Unified
- Under UM Service settings, under TLS listening
port, enter the number for the TLS port, and then click
Use the Shell to configure the TLS listening port on a Client Access server
This example sets the TLS listening port on a Client
Access server named
MyClientAccessServer to 5561.
Set-UMCallRouterSettings -Server MyClientAccessServer -SipTlsListeningPort 5561