Microsoft Lync and Skype for Business have a rich set of .NET APIs which make it easy to extend the platform and integrate it with other applications. This blog helps explain how to use those APIs.

Don’t forget your voice policy!

Posted: September 25th, 2012 | Author: | Filed under: UCMA 3.0 | Tags: , , , | No Comments »

Several different types of UCMA applications need to place calls to the PSTN via the Mediation Server: outbound dialers, click-to-call applications, auto-attendants, and so forth. At some point, you may deploy one of these applications to a new environment, having tested it extensively, only to be stopped in your tracks by an exception like the following when your application tries to place outbound PSTN calls:

Microsoft.Rtc.Signaling.FailureResponseException:A 403 (Forbidden) response was received from the network and the operation failed. See the exception details for more information.

No Entry

photo courtesy of ilco on

I’ve seen this happen a number of times, and usually what has happened is that the testing occurred in an environment with a very permissive global voice policy, allowing all users to place any type of PSTN call. Then the application is deployed in a production environment with more restrictions. The global voice policy no longer allows all users by default to place outbound PSTN calls. Since it’s unlikely you assigned a voice policy to your trusted application endpoint when you first created it, the outbound calls from your application are getting blocked by Lync.

The solution is simple: assign a voice policy to your trusted application endpoint. You can do this using the Grant-CsVoicePolicy commandlet in Lync Management Shell; just use the SIP URI of your trusted application endpoint as the Identity parameter, like so:

Grant-CsVoicePolicy -Identity
    -PolicyName MyPolicy

If you try running your application again after making this change, chances are that your 403 Forbidden troubles will be gone.

A variant of this issue occurs when the default dial plan is not appropriate for your trusted endpoint. The same concept works for dial plans: just use Grant-CsDialPlan rather than Grant-CsVoicePolicy.

By default, the Get-CsTrustedApplicationEndpoint commandlet doesn’t show you the policies and dial plan assigned to your endpoint, but with a small tweak you can change that.

Leave a Reply

  • Note: Comment moderation is in use because of excessive spam. Your comment may not appear immediately.