Blocking Calls on Lync Server and Skype for Business Based on Caller ID

Update 2016/04/01 – To avoid Missed call notifications check Missed call notification when the call is blocked by CallerIDBlock MSPL Script

Last week a customer asked how we can block calls in Lync Server. After some searching, I found the following post:

VoIPNorm’s UC Blog – Blocking Calls in Lync Based on Caller ID

Unfortunately, the comments refer that the script worked only on Lync Server 2010, but not on Lync Server 2013.

With the help of both the above blog script and the MSPL scripting reference, the script was rewritten to support Lync Server 2013 and Skype for Business Server 2015. The script is available in the TechNet Gallery for download:

MSPL: Blocking Calls on Lync Server/Skype for Business 2015 Based on CallerID

In the script, we only need to replace <Lync Share Path> to the proper setting. On a Standard Pool this can be a local path, but on Enterprise Pool it makes more sense to use Lync Share. The reason for this is because all Front Ends must reach both the script and blocked number list files when we enable the script.

Create a new folder in Lync Server Share. In this new folder put the script file ( and the block list file (BlockedTelephoneNumbers.txt).


Insert one line per blocked number in the BlockedTelephoneNumbers.txt file. The number must be exactly what the PSTN Gateway is sending to Lync Server. In this case, our gateway doesn’t send the “+”:


The next step is to add the script as a Lync Server Application. This can be done by entering the following cmdlet in Lync PowerShell:

New-CsServerApplication -Identity “Service:Registrar:<Lync/SfB Front End Pool>/CallerIDBlock” -Uri -Critical $false -ScriptName “\\<Lync/SfB Share Path>\CallerIDBlock\”

Note: Please make sure that the URI is HTTP, some browser might change it to HTTPS.


Now we need to Enable the new application. We could do it while we add it to Lync/SfB Server, but I prefer to enable it after.

Set-CsServerApplication -Identity “Service:Registrar:<Lync/SfB Front End Pool>/CallerIDBlock” -Enabled $true

Or in Lync Control Panel->Topology->ServerApplication:


Shortly afterwards Lync Server Event Viewer can be checked for the following message:

Note: Check all Front Ends for this message.

When installing the Lync Server 2013 SDK, we can use AppLogger (located in “C:\Program Files\Microsoft Lync Server 2013\SDK\Bin”) to debug MSPL Scripts.

If the number isn’t present in the BlockedTelephoneNumbers.txt file, the message should look like this:

CallerIDBlock processing request:
From – 01234567890;phone-context=uk.*****
To – +449876543210
Allowed by CallerIDBlock

After adding the line 01234567890,block to the BlockedTelephoneNumbers.txt file, the call is rejected and the message changes:

CallerIDBlock processing request:
From – 01234567890;phone-context=uk.*****
To – +449876543210
Rejected by CallerIDBlock

If the phone-context is received, the script will only use the number before “;”.


34 thoughts on “Blocking Calls on Lync Server and Skype for Business Based on Caller ID

  1. Hello,

    Many thanks indeed, great work, worked fine with me at Lync 2013 (After small adjustment).

    there is a small mistake,
    at the text file (BlockedTelephoneNumbers.txt) you have mentioned that we have to write it with the following format: Number,Action

    while at the script it is Phone,Action

    so please correct the post.

    Thanks a lot again, helped us a lot.


  2. Trying to implement this, but we’re getting this error in the Lync Server event log, and filtering is not working:

    Invalid path for script-only application

    Path: \
    Cause: Incorrect path was entered in while configuring this application
    Fix the path using Set-CSServerApplication cmdlet

    I’ve deleted and re-created the script using the same instructions twice now… no luck. What am I missing?

    1. Hi
      Check the path and share/NTFS permissions.
      Alternatively you can try to use a local path, for example, change “\CallerIDBlock” to “C:CallerIDBlock” and copy the script to that location. Don´t forget to also change on the script the “BlockedTelephoneNumbers.txt” path.


      1. I tried moving the 2 files to “C:CallerIDBlock” on one of the FE’s, but I’m still getting the same error message.

        I’m using the following command: Set-CsServerApplication -Identity “” -ScriptName “C:\CallerIDBlock”

      2. Did you try:
        Set-CsServerApplication -Identity “” -ScriptName “C:\CallerIDBlock\”

      3. Rookie mistake not calling the file itself. Unfortunately I still got an error message. Now it shows the following. Is there some kind of Verbose override or do I need to change the Critical to $true?

        Attempt to load a script-only application failed.

        Path: C:\CallerIDBlock\ Reason:
        Application not authorized.
        Registration Time-out. Timed-Out? [True] Response? [False]

        Cause: Can occur due to a run-time script error during loading of the script or the inability to connect to the Skype for Business Server
        Examine the reason in the event log to determine the appropriate course of action

      4. Did you changed the URI when you run the New-CsServerApplication? the URI in the cmdlet and the script file need to match.

      1. Thanks David,

        so I can make it any URL, as long as they are the same, and the URL doesn’t necessarily have to reference a working public URL? Can I just put our domain name in there instead?

  3. I’d suggest adding another column to the file, “reason”. I’ve done that, and written a PowerShell script to add/remove/query the file, returning objects. So, you can view the list in PowerShell, complete with the reason a number was added to the list.

  4. is there any way possible via the script to disable the user from getting a notification. We have it currently tested in our environment and when trying to call from the blocked number the call drops with not even a ring which shows its working. However the user we are trying to call still receives a missed call notification. is there any way to prevent that through the script

  5. Thanks for that useful script!

    Is there any possibility to avoid a missed call notification to the recipient? I already tried to adjust the block reason to 487 (“Request Terminated”) – which disconnects the call for the blocked number – but the intended recipient still receives a missed call notification.

    Thanks in advance for possible suggestions!

    1. What is the installed Lync Server cumulative update? You and Israel both mentioned this but during my tests I didn’t have a missed call notification.


  6. didn’t expect a reply so soon – impressed! 🙂

    Currently CU5, which should be upgraded soon…

    What was the version you tested it without MCN?

    Thanks David!

  7. Hello,

    I successfully installed this script on my main pool and it worked great.
    Now when I tried to add it to a different pool, I receive this error:

    “Script for application is attempting to load a file that contained a duplicate key in the key column. The application will be disabled.

    Uri: ‘’
    File: ‘\\myfileshareserver\SFBShare\CallerIDBlock\BlockedTelephoneNumbers.txt’
    Flat File Definition Line: 8
    Duplicate Key:****
    Cause: Application Specific
    Application specific.”

    1. That error message looks like related to duplicated phone number in the blocked numbers list.
      Please double check the numbers and let me know.

      1. Hi Dave,

        Stupid me. I didn’t pay attention to the key which was clearly my phone number 😛
        Yes, after removing the duplicates, the script worked like charm.

        Thank you very much for this great tool.
        Best regards,

  8. Hi guys, any anwsers about the missed call notification ? script works fine but we do get the missed call notifications thanks !

  9. David Paulino, your the man ! Thanks make more sens now. Before my carrier was not receiving my 480 ou 486 busy even after changing it in the script. I understand why now !
    thanks again,

  10. I cannot seem to find the event 30208 “Lync server application successfully registered”. Last time I see this event was a month ago and I cant quite find a way to force this to happen. Any ideas?

    1. That event only shows when the Front End (RTCSRV) service starts. You can register the application or restart the service.

  11. Now that TechNet has been retired, are there any other places that we can download CallerIDBlock? I’m still running Skype for Business Server 2019 and will be for some time. It would be great to have access to this tool again.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.