Need information for federation with lync online

We have an online lync account and one lync on premises account. We are trying to federate the two domains to enable chat and presence sharing between the two.

Online Lync client is ravish@ucfed.in and lync on premises client is ravishaggarwal@ggnucfederation.com. We have updated the SRV records for ggnucfederation.com as follows to enable federation with lync online.

_sipfederationtls._tcp.ggnucfederation.com --> sip.xmppspark.in

An A record for sip.xmppspark.in has also been added in the DNS to point to lync edge server. However we notice that, when we add ravishaggarwal@ggnucfederation.com from lync online, then no TLS handshake message is received at Lync edge server.

Interestingly, if we modify the SRV record to 

_sipfederationtls._tcp.ggnucfederation.com --> sip.ggnucfederation.com

and correspondingly create A record for sip.ggnucfederation.com, then TLS handshake is initiated and done.

What could we have possibly missed that is causing problem in the first case? Is it necessary to create the SRV record of type sip.<domainname>?

As per my understanding, lync online should query the srv record to get the target machine for the sipfederationtls and accordingly initiate tls handshake with the host name specified in the srv record. Is there anything more to this?

January 13th, 2015 5:39am

It's a must that you need to configure access edge fqdn as SIP.domain.com for Lync server 2013. It's the same fqdn that configured in to Lync client for auto discovery process in a scenario that lyncdiscover or lyncdiscoverinternal records are not in place.

Free Windows Admin Tool Kit Click here and download it now
January 13th, 2015 6:19am

It's a must that you need to configure access edge fqdn as SIP.domain.com for Lync server 2013. It's the same fqdn that configured in to Lync client for auto discovery process in a scenario that lyncdiscover or lyncdiscoverinternal records are not in place.

January 13th, 2015 8:45am

Same with O365 as well. Have a read on below technet article. It talks about creating a CNAME record for SIP.

http://technet.microsoft.com/en-us/library/hh852557.aspx

Free Windows Admin Tool Kit Click here and download it now
January 13th, 2015 8:57am

Same with O365 as well. Have a read on below technet article. It talks about creating a CNAME record for SIP.

http://technet.microsoft.com/en-us/library/hh85255

January 13th, 2015 9:08am

Not sure what you mean bu "Any other SRV record" above. The bottom line is that, On Prem deployment have an SRV (_sipfederationtls) record that resolve in to sip.domain.com (Access edge FQDN which is a A record) and Lync online deployment should also have a SRV record (_sipfederationtls) that resolve in to sip.domain.com (CNAME Record) which points to sipfed.online.lync.com (A record which ger created automatically)

Free Windows Admin Tool Kit Click here and download it now
January 14th, 2015 4:53am

Not sure what you mean bu "Any other SRV record" above. The bottom line is that, On Prem deployment have an SRV (_sipfederationtls) record that resolve in to sip.domain.com (Access edge FQDN which is a A record) and Lync online deployment should also have a SRV record (_sipfederationtls) that resolve in to sip.domain.com (CNAME Record) which points to sipfed.online.lync.com (A record which ger created automatically)

January 14th, 2015 5:03am

So what is the actual A record for access edge service that is configured in the topology for @ggnufederation.com domain?. That should be a A record configured in public DNS and that the record that you need to point to.

and yes. In Lync 2013, sip.domain.com record is a fixed record in lync client which used in discovery process. If you set the client to discover the server automatically and try to sign in using user@contoso.com, there have to be a A record as sip.contoso.com.

Free Windows Admin Tool Kit Click here and download it now
January 14th, 2015 5:56am

So what is the actual A record for access edge service that is configured in the topology for @ggnufederation.com domain?. That should be a A record configured in public DNS and that the record that you need to point to.

and yes. In Lync 2013, sip.domain.com record is a fixed record in lync client which used in discovery process. If you set the client to discover the server automatically and try to sign in using user@contoso.com, there have to be a A record as sip.contoso.com.

January 14th, 2015 6:00am

SRV record's pointer has to be the access edge FQDN. In your case, sip.ggnucfederation.com. Even if you point the SRV to a CNAME as sip.xmppspark.in, that CNAME should resolve to sip.ggnucfederation.com. So in the edge certificate, you need to have the SAN as sip.ggnucfederation.com and not sip.xmppspark.in

Free Windows Admin Tool Kit Click here and download it now
January 14th, 2015 7:38am

Figured it out.

The SRV record should point to hostname.<domainname>. That is the SRV target could be any sub domain of the domain being federated, not necessarily SIP.

This is because, the Lync Online expects that the _sipfederationtls._tcp.<domainname> should point to the access edge FQDN of the that domain.

August 19th, 2015 1:18am

Figured it out.

The SRV record should point to hostname.<domainname>. That is the SRV target could be any sub domain of the domain being federated, not necessarily SIP.

This is because, the Lync Online expects that the _sipfederationtls._tcp.<domainname> should point to the access edge FQDN of the that domain.

  • Marked as answer by pulkitjain0807 Wednesday, August 19, 2015 5:17 AM
Free Windows Admin Tool Kit Click here and download it now
August 19th, 2015 5:17am

Figured it out.

The SRV record should point to hostname.<domainname>. That is the SRV target could be any sub domain of the domain being federated, not necessarily SIP.

This is because, the Lync Online expects that the _sipfederationtls._tcp.<domainname> should point to the access edge FQDN of the that domain.

  • Marked as answer by pulkitjain0807 Wednesday, August 19, 2015 5:17 AM
August 19th, 2015 5:17am

Figured it out.

The SRV record should point to hostname.<domainname>. That is the SRV target could be any sub domain of the domain being federated, not necessarily SIP.

This is because, the Lync Online expects that the _sipfederationtls._tcp.<domainname> should point to the access edge FQDN of the that domain.

  • Marked as answer by pulkitjain0807 Wednesday, August 19, 2015 5:17 AM
Free Windows Admin Tool Kit Click here and download it now
August 19th, 2015 5:17am

Figured it out.

The SRV record should point to hostname.<domainname>. That is the SRV target could be any sub domain of the domain being federated, not necessarily SIP.

This is because, the Lync Online expects that the _sipfederationtls._tcp.<domainname> should point to the access edge FQDN of the that domain.

  • Marked as answer by pulkitjain0807 Wednesday, August 19, 2015 5:17 AM
August 19th, 2015 5:17am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics