The CIC service is an active – passive component and has to be installed on all TM machines. CIC is responsible for the following features:

  • Synchronization of Lync / SfB related changes
  • Synchronization of User properties over Lync / SfB


  1. Run the TM.CIC.Setup.msi
  2. On the   Luware-TM-CIC Configuration Settings   screen of the setup pay attention to fill the
    1. Instance Name
    2. Port number
    3. SfB Server Version
    4. Configure Certificate Security
  3. For security reason TM provides possibility to use certificate-based encryption and verification during the components communication. To configure certificate based authentication, select ‘Configure Certificate Security’ check box and press ‘Next’ button to open a page with server certificate settings.

    Example of filled Luware-TM-CIC Configuration Settings screen
  4. If ‘Configure Certificate Security’ check box was set to true, configure the server and client certificate settings as the next step. The client settings specify which settings CIC will use while connecting to PS. The server settings are used to validate another services when they try to connect to CIC.

    Example of CIC Certificate settings
ModeTransfer security modes offered by WCF to ensure a secured communication between a client and a server.None : This mode ensures that no security is applied while communication between server and client.

Transport:   As the name suggests, it is concerned with security of communication between a client and a service over a network protocol. It guarantees the confidentiality and integrity of messages at transport level since transport security secures the entire communication channel.

Validation ModeThe mode that specifies how incoming certificate is validated and how trust is determined  .None:  In this mode no validation is perfomed.

ChainTrust: :  In this mode WCF simply validates the certificate against the issuer of a certificate known as a root authority (the expiration time is checked too).

PeerTrust:  In this mode WCF simply checks if the incoming certificate is installed in the  Trusted People  folder in the certificate store (the expiration time is checked too).

PeerOrChainTrust:  Mixed mode.

Is DedicatedThe flag that defins which certificate is used for encryption.False: Encryption is done with default certificate. It means that certificate with the hostname of the machinefrom the Personal Store is used on server side.

True : Encryption is done with a dedicated certificate. It means there is  possibility to configure identifier (thumbprint) of the certificate.

ThumbprintThe thumbprint is a hash value computed over the complete certificate, which includes all its fields, including the signature.

→  See Prepare Certificate Thumbprint

Note: The system reports all errors related to  connection or certificate issues to a log file ‘C:\Program Files\Luware AG\TM-ICH\log\connectionIssues.log’.

Open  Services  and start the installed service.

  • Check that service is successfully started without any errors in Event Viewer or in the log file

c:\Program Files\Luware AG\TM-CIC\log\regularLog.txt


In the Luware-TM-Configurator application:

  1. Open TM Configurator -> Topology -> Components (Server)
  2. Add CIC component as it is shown in the example (select the CIC Server Type, System Instance, Activity Order and fill the service's Settings according to the table below):

    Example of configured CIC details
KeyHow to get the value

The amount of seconds that identifies a time period before the previous and next full synchronization with Active Directory.

By default is set to one minute.

ApplicationIDIdentifies the registered SfB Application of ICH. To get the required value

1. run Get-CsTrustedApplication command in SfB Server Management Shell

2. search for the right component by application port number or name

3. copy the ApplicationId

Example : urn:application:TM

ConferencingPolicyNameThe name of the conferencing policy, which will be created and assigned by CIC for the application endpoints.

When the value is ‘True’ the teams will be synchronized with Active Directory automatically after the time specified in the AdSynchronizationTimeInSec.

When the value is ‘False’ CIC stops synchronizing team changes made in AD  to TM.

‘EnableAdTeamSync‘ flag affects global synchronization and has higher priority than ‘EnableAdTeamSyncActivatedTeamsOnly‘.

When the value is ‘True’ CIC synchronizes periodically only already enabled teams. In this case, TM FE doesn’t display ‘Disabled Team‘ tab. Instead, TM FE shows a tab to search for AD groups.

When the value is ‘False’ CIC synchronizes all teams. In this case TM FE shows ‘Disabled Team‘ tab.

When the value is ‘True’, team members in the state away are treated as ‘Offline’. This will have an effect on the presence calculation of the team.

When the value is ‘False’, team members in ‘Away’ state are treated as usual.
LyncServerURIEnter the SfB Server URI.

Example :

MaximumTeamsCountPerSynchronizationRoundSet amount of teams that can be synchronized with AD in one chunk
MaximumUsersCountPerSynchronizationRoundDefault Value:  50
Office365PoolingTimeInSecThe polling time in seconds to get users for every tenant.

Default Value:  3600
PasswordPassword created for CIC service user to access the SfB remote PowerShell.
TeamMemberBusyOnBusyInACallEnabledWhen the value is ‘True’ all team members will have BoB enabled by default. They will not get a second call if they are in a ‘Busy On-the-phone’ state.

To simplify and unify team member flags behavior, TM provides global 'TeamMemberFlagsStatic' flag whose activation allows CIC to use default settings to initialize team members and prevent users from manual editing of the team’s settings. Dependend flags are:

  • TeamMemberBusyOnBusyInACallEnabled
  • TeamMemberIsBusyInMeetingSelectable
  • TeamMemberIsBusySelectable
TeamMemberBusyInAMeetingSelectableWhen the value is ‘True’, team calls will be distributed to team members if they are in a ‘Busy In-A-Meeting’ state. If the TeamMemberIsBusySelectable flag is set to false, this flag will not have any effect.
TeamMemberIsBusySelectableWhen the value is ‘True’, team calls will be distributed to team members if they are in a ‘Busy’ state.
TeamMemberSelectableForAVDuringIMTaskWhen the value is ‘True’, team members are available for audio\video calls while they are busy with IM tasks.
TrustedApplicationPoolFQDNEnter the ICH Trusted Application Pool FQDN. Example:
UserAdOuFilterDistinguished name where CIC synchronizes users from the active directory.
UserAdPathList of paths to AD divided by semicolon

Username created for CIC service user to access the SfB remote PowerShell.

Example : dev.local\cic_srv

Important: Using the Tenant Layer 

Limitation- Tenant layer only available with manual user provisioning

In order to use the Tenancy feature you need to deactivate AD synchronization.

To disable AD sync: 

  1. Head to the CIC component in your Topology settings.
  2. Disable the AD Sync by setting value for "EnabledAdTeamSync" to "false

(lightbulb) Any existing tenant definitions will remain unaffected by this change.