none
Lync 2013 - Not enabled to contact other company’s Lync

    Question

  • We have a problem.

    Other Lync users (different organizations, like ATEA,
    CGIT) can find and see our domain users status (ihm.se) on their lync’s and
    also initiate contact by lynccall/LyncVideoCall/IM.

    BUT

    We cannot respond by IM or initiate contact with video
    or “call” but we can respond to the call if they initiate it

    I have:

    *Enabled communication in the External Access policy

    *Enabled Federation and public IM connectivity in the Access Edge Configuration

    *verified my edge server with Remove Connectivity Analyzer, Ran the Test for remote connection to Lync. it came back green and it verified that port 5061 is opened and listening.

    Config:

    * In-house Lync install

    * Edge-Server running everything on one external IP

    I's there something I missed to configure?



    Monday, October 21, 2013 11:01 AM

Answers

  • Correct, they probably have a closed federation and not included your lync domains in their whitelist.
    You can ask them to open up federation.
    • Marked as answer by MickeSelander Wednesday, October 23, 2013 11:17 AM
    Wednesday, October 23, 2013 10:16 AM

All replies

  • Make sure that you have static routes on your edge server back to all of your clients.  Since the default GW is on your "external" NIC, it will try to route everything out that NIC instead of sending it inside for internal traffic.  That is what is most common when I see this behavior.

    Otherwise, go and run a trace on the edge server and see what is the exact error that is being returned in the SIP Message.

    Thanks,

    Richard


    Richard Brynteson, Avtex, Lync MCM, Blog - www.masteringlync.com

    Monday, October 21, 2013 1:55 PM
  • What Richard said, also make sure there's a DNS entry for the Edge server that the Front Ends can find.  Since the edge server isn't a part of the domain, it isn't automatically created.  These may seem simple but are occasionally overlooked.  Your best bet is to use the logging tools included in the Lync debugger download to see what you can figure out and take it step by step.
    Monday, October 21, 2013 2:50 PM
  • I can now successfully tracert to any of our internal client (changed from only frontend server to all internal clients in firewall) and I also verified our internal DNS, the frontend server can connect to edge (replication is ok but I also added over external addresses, sip.ihm.se & lyncedge.ihm.se)

    BUT the problem persists any more suggestions?

    Tuesday, October 22, 2013 7:24 AM
  • I've installed lync server 2013 logging tool on both servers.

    on which server and which components do you want me to logg?

     

    Tuesday, October 22, 2013 7:54 AM
  • SIPStack on both the Edge and Front End, then replicate the issue and search for the sip address to filter.  Post it if it's confusing.
    Tuesday, October 22, 2013 2:24 PM
  • No Direct errors om the front end but I find some on the edge:

    "Via: SIP/2.0/TLS 172.16.0.12:52293;ms-received-port=52293;ms-received-cid=100Content-Length: 0ms-diagnostics: 1046;reason="Failed to connect to a federated peer server";fqdn="sip.atea.se";peer-type="FederatedPartner";winsock-code="10061";winsock-info="The peer actively refused the connection attempt";source="sip.ihm.se"$$end_record"

    It this because ATEA only allow connections from specific federated partners?

    Wednesday, October 23, 2013 9:41 AM
  • Correct, they probably have a closed federation and not included your lync domains in their whitelist.
    You can ask them to open up federation.
    • Marked as answer by MickeSelander Wednesday, October 23, 2013 11:17 AM
    Wednesday, October 23, 2013 10:16 AM
  • Yes it was the problem got it working now, thanks for all your help
    Wednesday, October 23, 2013 11:17 AM