none
Lync and Exchange are in different forest/domains

    Question

  • Hello,

    I have enviroment as follows:

    Domain A - domain controller, Lync SE server

    Domain B - domain controller, Exchange server (CAS/HUB/MB)

    so basically I have on-premisses exchange server and hosted Lync in another forest/domain

    there is a one way trust between domain A and B acttually outgoing from domain A to domain B to allow the users to access the resources in lync domain.

    users in domain B use a single account to logon to the computer, exchange and Lync

    the problem is that lync doesn't work with outlook, keeps saying "Lync is in the process of connecting to the Exchange Server.  This process may take a few minutes..." and no conversation history folder

    I have verified the EWS is working correctly and I can access the url from the internet explorer on the client

    any ideas why it fails?

    regards,

    Wednesday, November 23, 2011 4:20 PM

All replies

  • So users in Domain B have another account in domain A to access the mailbox?

    That is not the way to do it...

    You should use TWO WAY TRUST and useLinked mailboxes for Forest B


    - Belgian Unified Communications Community : http://www.pro-lync.be -
    Wednesday, November 23, 2011 11:42 PM
  • Hello, may be I wasn't clear enough... an example:

    Domain A - resource Lync Domain

    Domain B - Customer Domain with on-premisses exchange

    users are located in the Customer domain B with normal mailboxes, they have linked lync accounts in the resource domain A

    they logon to PC, exchange and lync client using their domain account.

    for some reason the lync client is not able to communicate with the on-premisses exchange server... did u get the picture?

    regards.

    Thursday, November 24, 2011 8:23 AM
  • You do have 2 separate forest I presume?

    Are you sure that your Exchange Webservices are configured correctly?

    Because you login into Lync with the domain account that is located in the Exchange Forest then it should not be a Lync problem but an Exchange problem related to Webservices.


    - Belgian Unified Communications Community : http://www.pro-lync.be -
    Friday, November 25, 2011 1:35 AM
  • It seems to A and B are separate forests. You install the lync server in resource forest A for user forest B. As I know, you must establish a two-way trust between the resource forest and user forests to enable distribution group expansion when groups from user forests are synchronized as contacts to the resource forest.

    For more about Deploying Lync Server 2010 in a Resource Forest Topology, please read following document:

    http://technet.microsoft.com/en-us/library/gg670911.aspx


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Friday, November 25, 2011 3:10 AM
    Moderator
  • Thank you all for your answers.

    Deli Pro-Lync,

    yes, they are two separate forests.

    I have configured the EWS urls correctly and created the autodiscover host record in the DNS.

    Also it works perfectly for the outlook, I also followed some troubleshooting steps that verified the logon to the autodiscover url from the client pc and checking the connection to see if the outlook receive the correct autodiscover url and all works perfectly.... so if it works for outlook and it doesn't for lync... so what I'm missing.. is there something special that lync requires?

     

    Sean Xiao,

    I quote from the documentation below

    "support a resource forest topology, Lync Server 2010 must be deployed in your resource forest and configured at minimum with one-way trust between the resource forest and all user forests (such that the resource forest trusts all user forests).

    You must establish a two-way trust between the resource forest and user forests to enable distribution group expansion when groups from user forests are synchronized as contacts to the resource forest.

    Two-way trust is required between the Microsoft Exchange Server and Lync Server forests, if they are deployed in separate forests, for enabling Exchange Unified Messaging (UM)."

    I don't have UM role.. only outlook integration is required  so, I think I can go with the minimum (one way) and I don't care for the distribution group expansion... I have the attributes mapped correctly (did it manually) and the single sign on works pefectly.

    any more ideas?

    regards,

    Friday, November 25, 2011 9:54 AM
  • You have the same result internally & externally?

    You can review the URLs for Exchange Webservices that Lync is using if you right click the notification icon (lower right corner) while holding the CTRL key.

    Try to find out if it makes any differnt that the URL is in the Local Intranet site or not and try to disable Integrated Windows Authentication in IE : Optiona -> Advanced

    Lets see if that makes any differnece in behaviour


    - Belgian Unified Communications Community : http://www.pro-lync.be -
    Friday, November 25, 2011 1:06 PM
  • Hi,

    Yes. If you just deploy lync server between the two forest, one way trust is enough. But I think when you deploy Exchange in the user forest and lync server in the resource forest, you need to "enable distribution group expansion when groups from user forests are synchronized as contacts to the resource forest". So the two trust is required.


    Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.
    Tuesday, November 29, 2011 5:22 AM
    Moderator
  • Deli Pro-Lync,

    yes, the result are the same internally and externally.

    "You can review the URLs for Exchange Webservices that Lync is using if you right click the notification icon (lower right corner) while holding the CTRL key." these are empty fields!

     

    "Try to find out if it makes any differnt that the URL is in the Local Intranet site or not and try to disable Integrated Windows Authentication in IE : Optiona -> Advanced" tried with no change in the behavior

    regards,

    Tuesday, November 29, 2011 9:24 AM
  • So you are saying that both EWS Internal URL & EWS External URL are both empty?

    That is kind of bizar ...


    - Belgian Unified Communications Community : http://www.pro-lync.be -
    Tuesday, November 29, 2011 4:28 PM