Remove From My Forums

How to Federate My Company Lync with Microsoft?

Question
0

Sign in to vote

We're MS Partners and i've seen a several parterns that have Microsoft workers on their Lync (or communicator) Contact List, are there some prerequisites to do this Federations? Obviouslly we've deployed everything to make Federations, already did several federations with some customers.

Some directors form the company are asking to me to make this possible.

Someone from MS that could help me?
Gilberto Verastegui

Wednesday, July 6, 2011 3:52 PM

Answers

Gilberto,

In order to federate with MS, authorization is needed from MS. MS has an internal process to add partners/customers to their federation list. I recommend you contact your Microsoft partner account manager and ask to have federation enabled for your organization.

You will also have to configure your end as well, Here are the set-up instructions that I have used with customers in the past. The documentation below references LCS/OCS, they are applicable with Lync.

Federation Requirements

Live Communications Server 2005 or greater must be used.
A publically available DNS SRV record for _sipfederationtls._tcp.sip_domain for port 5061 that points to a valid A record for the Access Edge server.
For example:

set type=SRV
_sipfederationtls._tcp.microsoft.com

Non-authoritative answer: _sipfederationtls._tcp.microsoft.com SRV service location:
priority = 0
weight = 0
port = 5061
svr hostname = sipfed.microsoft.com

set type=A
sipfed.microsoft.com

Non-authoritative answer:
Name: sipfed.microsoft.com
Address: 94.245.124.75

Internal and External firewalls must be configured to allow-all Bi-directional traffic on TCP port 5061, and on TCP port 443. If the partner company has tighter firewall configuration requirements, they will have to add an allow ACL to the Microsoft access edge sipfed.microsoft.com, at IP Address: 94.245.124.75. Futher information on the recommended firewall configuration to allow for the various capabilitys of Lync/OCS may be found at http://technet.microsoft.com/en-us/library/gg425882.aspx
The access edge server must be configured to allow federations, and Microsoft's SIP domain - microsoft.com - must be added to the allow list of the access edge server. For more information regarding OCS Acess Edge setup and deployment, please visit http://technet.microsoft.com/en-us/library/bb870345.aspx
The certificate used on the Public interface of the Access Edge must be signed by a public Certificate Authority and have the SIP domain in the FQDN of the server in the "Subjext Name = ServerName.SIP_Domain" section of the certificate, or in a seperate "Subject Alternate Name = SIP_Domain" section of the Certificate. If multiple SIP domains will be serviced by the same Access Edge server, the SN= should be the FQDN of the access edge server itself, with a SAN= entry for each SIP Domain that will serviced by this edge server, and the entire chain of authority must be verifiable. For more information on installing certificates please visit http://technet.microsoft.com/en-us/library/bb663762.aspx

Rob Herman

Proposed as answer by Noya Lau Monday, July 11, 2011 10:14 AM
Marked as answer by Gilberto Verástegui Tuesday, July 12, 2011 3:33 PM

Wednesday, July 6, 2011 5:39 PM

All replies

Gilberto,

Federation Requirements

Live Communications Server 2005 or greater must be used.
A publically available DNS SRV record for _sipfederationtls._tcp.sip_domain for port 5061 that points to a valid A record for the Access Edge server.
For example:

Internal and External firewalls must be configured to allow-all Bi-directional traffic on TCP port 5061, and on TCP port 443. If the partner company has tighter firewall configuration requirements, they will have to add an allow ACL to the Microsoft access edge sipfed.microsoft.com, at IP Address: 94.245.124.75. Futher information on the recommended firewall configuration to allow for the various capabilitys of Lync/OCS may be found at http://technet.microsoft.com/en-us/library/gg425882.aspx
The access edge server must be configured to allow federations, and Microsoft's SIP domain - microsoft.com - must be added to the allow list of the access edge server. For more information regarding OCS Acess Edge setup and deployment, please visit http://technet.microsoft.com/en-us/library/bb870345.aspx
The certificate used on the Public interface of the Access Edge must be signed by a public Certificate Authority and have the SIP domain in the FQDN of the server in the "Subjext Name = ServerName.SIP_Domain" section of the certificate, or in a seperate "Subject Alternate Name = SIP_Domain" section of the Certificate. If multiple SIP domains will be serviced by the same Access Edge server, the SN= should be the FQDN of the access edge server itself, with a SAN= entry for each SIP Domain that will serviced by this edge server, and the entire chain of authority must be verifiable. For more information on installing certificates please visit http://technet.microsoft.com/en-us/library/bb663762.aspx

Rob Herman

Proposed as answer by Noya Lau Monday, July 11, 2011 10:14 AM
Marked as answer by Gilberto Verástegui Tuesday, July 12, 2011 3:33 PM

Wednesday, July 6, 2011 5:39 PM

0

Sign in to vote

Thanks a lot Rob, now i'm contacting our PAM.
Gilberto Verastegui

Tuesday, July 12, 2011 3:33 PM

Products

Resources

Solutions

Updates

Trials

Related Sites

Training

Certifications

Other resources

Support options

More support

Not an IT pro?

Answered by:

How to Federate My Company Lync with Microsoft?

Question

Answers

All replies