Thursday, September 24, 2015

Lync On-premise federation with Lync On-Premise

Introduction
Federation will enable your existing (organization) Lync user to talk to external Lync user (other organization). You can setup federation between Lync On-premise to Lync On-premise, Skype for Business, Office 365 tenants. Microsoft Lync Server 2010/2013 makes it possible for external users who are not logged into your organization’s internal network, including authenticated and anonymous remote users, federated partners (including XMPP partners), mobile clients and users of public instant messaging (IM) services, to communicate with other users in your organization using Lync Server.
 
Feature available
  1. Instant Messaging
  2. Desktop sharing
  3. Lync to Lync call (Peer to Peer).
Requirement
  1. Lync Edge Server:  This most important requirement for federation either Lync on-Premise to Lync On-Premise or Lync On-premise to Lync Online (Office 365).
  2. Certificate [External certificate]
  3. DNS Record requirement.
Lync Federation steps
  1. If Lync Edge server is not deploy then use article to deploy Lync Edge server. (http://messaging2day.blogspot.com/2014/08/configuring-lync-edge-server.html)
  2. Enable the federation if not enable then Lync Federation using below steps:
  • On a Front End server, open Topology Builder. Expand Edge pools, then right click your Edge server or Edge server pool. Select Edit properties.
  • In Edit Properties under General, select Enable federation for this Edge pool (Port 5061). Click OK.
  • Click Action, select Topology, and select Publish. When prompted on Publish the topology, click Next. When the Publish is finished, click Finish.
  • On the Edge server, open the Lync Server Deployment wizard. Click Install or Update Lync Server System, then click Setup or Remove Lync Server Components. Click Run Again.
  • At Setup Lync Server components, click Next. The summary screen will show actions as they are executed. Once the deployment is done, click View Log to view available log files. Click Finish to complete the deployment.

1.     DNS requirement:  
 Below three records are required for External login and federation:
  • SRV Record: _sipfederationtls._tcp.
  • SRV Record: _sip._tls.
  • A Record: sip.
2.     Certificate:
  • Edge external certificate.

Testing
Verify the above listed record in order to get federation work.
Open command prompt:
Start > Run > Type: cmd –press Enter > type Nslookup – press Enter
Type Set q=srv press Enter.
Type one by one above SRV and A record of partner Organization and verify.

Federation enable and adding federated domain in Lync control panel
  1. From a user account that is a member of the RTCUniversalServerAdmins group (or has equivalent user rights), or is assigned to the CsAdministrator role, log on to any computer in your internal deployment.
  2. Open a browser window, and then enter the Admin URL to open the Lync Server Control Panel. For details about the different methods you can use to start Lync Server Control Panel.
  3. In the left navigation bar, click External User Access, and then click Federated Domains.
  4. On the Federated Domains page, click New, and then click Allowed domain.
In New Federated Domains, do the following:
In Domain name (or FQDN), type the name of the federated partner domain.  E.g. partnerdomain.com
If you want to restrict access for this federated domain to users of a specific server running the Access Edge service, in Access Edge service (FQDN), type the FQDN of the federated domain’s server running the Access Edge service. E.g. test.partnerdomain.com
If you want to provide additional information, in Comment, type information that you want to share with other system administrators about this configuration.



  1. Click Commit.
  2. Repeat steps 4 through 6 for each federated partner domain that you want to allow.