# Lync on Premises integration with Office 365

• ### Question

• Is there any official document or video for step by step integration ?

Mohammed JH

Tuesday, June 12, 2012 2:00 PM

• Here is "Quick and dirty" for Lync on-prem/Cloud UM integration:

http://www.lynclog.com/2012/02/lync-2010-on-prem-cloud-um-integration.html

Drago

http://www.lynclog.com

• Marked as answer by Friday, June 28, 2013 1:09 PM
Wednesday, June 13, 2012 1:56 PM
• YES the issue is with the certificate, it has to be a public certificate otherwise Outlook autodiscover won't work. I issued a certificate from StartSSL and it worked perfectly.

Now Outlook is working for me. but I will enable Unified Messaging and Lync integration and will update you.

Mohammed JH

• Marked as answer by Monday, July 2, 2012 9:50 AM
Monday, June 18, 2012 8:31 AM

### All replies

• what are you trying to intergrate?  Voicemail?

Tuesday, June 12, 2012 4:52 PM
• Everything including Exchange, Sharpoint on cloud and Lync on Premises. I'm doing this setup for the first time and I'm not sure how to proceed.

I have verified my domain and now it says I have to select between 3 services (Exchange, Lync and Sharepoint) since I have Lync on premises already do I still have to select Lync service in order to integrate them together?

I would appreciate if there's a video or similar things that explain the process step by step.

thanks

Mohammed JH

Tuesday, June 12, 2012 4:58 PM
• I'm installing ADFS to our local AD server and would like to know after the installation how to set the trust relationship between the portal AD and ours? do I have to add relying party? and how to get the metadata from the portal office 365?

I have the Microsoft office ADFS article but its too long, too boring and too generic. My company is less than 50 users and I need a simple instructions.

any one to help ?

Mohammed JH

Wednesday, June 13, 2012 9:25 AM
• Hi,

You can integrate Lync onpremise and exchange online for IM, presence; following link may help you , http://technet.microsoft.com/en-us/library/hh533880.aspx

Split work load between , Lync online and on-premie is not possible as of now. http://community.office365.com/en-us/f/166/p/23289/120839.aspx

Thanks

Saleesh

Wednesday, June 13, 2012 10:26 AM
• Hi Saleesh,

I'm still in the first step now! I would like to know how to setup office 365 with our domain first! If you could assist me with how to setup the ADFS I would be much grateful and how to proceed from there.

Thanks

Mohammed JH

Wednesday, June 13, 2012 11:28 AM

Thanks

Saleesh

Wednesday, June 13, 2012 12:18 PM
• Here is "Quick and dirty" for Lync on-prem/Cloud UM integration:

http://www.lynclog.com/2012/02/lync-2010-on-prem-cloud-um-integration.html

Drago

http://www.lynclog.com

• Marked as answer by Friday, June 28, 2013 1:09 PM
Wednesday, June 13, 2012 1:56 PM
• Drago thanks for the link! I will follow it once I get the AD to sync... just I need to make sure that I'm going into the right path

First I verify the domain, then I go to the local AD and install the following:

2- MS Single Sign On Service Assistant for office 365.

4- now what?

Do I have to Configure the local AD for federation? How to do this? Is it commands or what?

I'm sorry but I really need guidance.

thanx

Mohammed JH

Thursday, June 14, 2012 12:33 PM
• I have installed and enabled ADFS, SSO, DirSync as well and synchronized all my local AD users to Office 365. I activated one user and was able to login to Exchange OWA however, I'm unable to setup the exchange account on outlook 2010 as it gives me an error

"the name cannot be resolved. the connection to MS Exchange is unavailable. outlook must be online or connected to complete this action"

I have created all the required DNS records for on my public DNS, and used office 365 desktop setup tool but getting the same error! Is there anything that i'm missing?

When I visit https://www.testexchangeconnectivity.com and use it to test the autodiscover service.. it seems as if it's working but ports are closed!

Btw, I'm using local CA signed certificate for ADFS IIS default web! could this be the reason?

thanks

------

Testing RPC/HTTP connectivity.

The RPC/HTTP test failed.

Test Steps

ExRCA is attempting to test Autodiscover for testuser@mydomain.com.
Testing Autodiscover failed.

Test Steps

Attempting each method of contacting the Autodiscover service.
The Autodiscover service couldn't be contacted successfully by any method.

Test Steps

Attempting to test potential Autodiscover URL https://mydomain.com/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.

Test Steps

Attempting to resolve the host name mydomain.com in DNS.
The host name couldn't be resolved.

Host mydomain.com couldn't be resolved in DNS InfoNoRecords.
Attempting to test potential Autodiscover URL https://autodiscover.mydomain.com/AutoDiscover/AutoDiscover.xml
Testing of this potential Autodiscover URL failed.

Test Steps

Attempting to resolve the host name autodiscover.mydomain.com in DNS.
The host name resolved successfully.

Testing TCP port 443 on host autodiscover.mydomain.com to ensure it's listening and open.
The specified port is either blocked, not listening, or not producing the expected response.

A network error occurred while communicating with the remote host.
Attempting to contact the Autodiscover service using the HTTP redirect method.
The attempt to contact Autodiscover using the HTTP Redirect method failed.

Test Steps

Attempting to resolve the host name autodiscover.mydomain.com in DNS.
The host name resolved successfully.

Testing TCP port 80 on host autodiscover.mydomain.com to ensure it's listening and open.
The port was opened successfully.
ExRCA is checking the host autodiscover.mydomain.com for an HTTP redirect to the Autodiscover service.
The redirect (HTTP 301/302) response was received successfully.

Redirect URL: https://autodiscover-s.outlook.com/Autodiscover/Autodiscover.xml
Attempting to test potential Autodiscover URL https://autodiscover-s.outlook.com/Autodiscover/Autodiscover.xml
Testing of this potential Autodiscover URL failed.

Test Steps

Attempting to resolve the host name autodiscover-s.outlook.com in DNS.
The host name resolved successfully.

IP addresses returned: 157.56.244.230, 157.56.234.150, 157.56.240.86, 157.56.236.102
Testing TCP port 443 on host autodiscover-s.outlook.com to ensure it's listening and open.
The port was opened successfully.
Testing the SSL certificate to make sure it's valid.
The certificate passed all validation requirements.

Test Steps

ExRCA is attempting to obtain the SSL certificate from remote server autodiscover-s.outlook.com on port 443.
ExRCA successfully obtained the remote SSL certificate.

Remote Certificate Subject: CN=outlook.com, OU=Exchange, O=Microsoft Corporation, L=Redmond, S=Washington, C=US, Issuer: CN=Microsoft Secure Server Authority, DC=redmond, DC=corp, DC=microsoft, DC=com.
Validating the certificate name.
The certificate name was validated successfully.

Host name autodiscover-s.outlook.com was found in the Certificate Subject Alternative Name entry.
Certificate trust is being validated.
The certificate is trusted and all certificates are present in the chain.

Test Steps

ExRCA is attempting to build certificate chains for certificate CN=outlook.com, OU=Exchange, O=Microsoft Corporation, L=Redmond, S=Washington, C=US.
One or more certificate chains were constructed successfully.

A total of 1 chains were built. The highest quality chain ends in root certificate CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US.
Analyzing the certificate chains for compatibility problems with versions of Windows.
No Windows compatibility problems were identified.

The certificate chain has been validated up to a trusted root. Root = CN=GTE CyberTrust Global Root, OU="GTE CyberTrust Solutions, Inc.", O=GTE Corporation, C=US.
Testing the certificate date to confirm the certificate is valid.
Date validation passed. The certificate hasn't expired.

The certificate is valid. NotBefore = 4/17/2012 9:26:21 PM, NotAfter = 4/17/2014 9:26:21 PM
Checking the IIS configuration for client certificate authentication.
Client certificate authentication wasn't detected.

Accept/Require Client Certificates isn't configured.
Attempting to send an Autodiscover POST request to potential Autodiscover URLs.
Autodiscover settings weren't obtained when the Autodiscover POST request was sent.

Test Steps

ExRCA is attempting to retrieve an XML Autodiscover response from URL https://autodiscover-s.outlook.com/Autodiscover/Autodiscover.xml for user testuser@mydomain.com.
ExRCA failed to obtain an Autodiscover XML response.

An HTTP 401 Unauthorized response was received from the remote Unknown server. This is usually the result of an incorrect username or password. If you are attempting to log onto an Office 365 service, ensure you are using your full User Principal Name (UPN).
Attempting to contact the Autodiscover service using the DNS SRV redirect method.
ExRCA failed to contact the Autodiscover service using the DNS SRV redirect method.

Test Steps

Attempting to locate SRV record _autodiscover._tcp.mydomain.com in DNS.

The Service Location (SRV) record lookup returned host autodiscover.mydomain.com.
Attempting to test potential Autodiscover URL https://autodiscover.mydomain.com/Autodiscover/Autodiscover.xml
Testing of this potential Autodiscover URL failed.

Test Steps

Attempting to resolve the host name autodiscover.mydomain.com in DNS.
The host name resolved successfully.

Testing TCP port 443 on host autodiscover.mydomain.com to ensure it's listening and open.
The specified port is either blocked, not listening, or not producing the expected response.

A network error occurred while communicating with the remote host.

Mohammed JH

• Edited by Monday, June 18, 2012 7:21 AM
Monday, June 18, 2012 7:17 AM
• YES the issue is with the certificate, it has to be a public certificate otherwise Outlook autodiscover won't work. I issued a certificate from StartSSL and it worked perfectly.

Now Outlook is working for me. but I will enable Unified Messaging and Lync integration and will update you.

Mohammed JH

• Marked as answer by Monday, July 2, 2012 9:50 AM
Monday, June 18, 2012 8:31 AM
• Hi Drago,

I followed your blog regarding the Unified Messaging Integration but when i reached to the part below and I got stuck....

***Yesterday I already added "myuc.us" as "Additional Supported Sip Domain" in my Lync topology, made the necessary changes in the public DNS, reissued the public certificate to include the new domain, you know the drill..Also, mu1@myus.us was added to Lync and provisioned for Enterprise Voice.

Now I will set HostedVoiceMailPolicy for this user to True. This way, when voicemail is to be deposited, my Lync on prem will route the call to the Cloud.

Set-CsUser -Identity lynclog\mu1 -HostedVoiceMail $True ...and grant the policy I created earlier: Grant-CsHostedVoicemailPolicy -Identity lynclog\mu1 -PolicyName "MYUC Domain" ----------------- When I try to use the grant-cshostedvoicemailpolicy command with my user! It shows this error PS C:\Users\Administrator> Set-CsUser -Identity mydomain\mohammedh -H HostedVoiceMail$True
Set-CsUser : A hosted voice mail policy with empty destination is assigned to a
user enabled for hosted voice mail.
At line:1 char:11
+ Set-CsUser <<<<  -Identity Mydomain\mohammedh -HostedVoiceMail \$True
+ CategoryInfo          : InvalidOperation: (CN=Mohammed Ham...mydomain,DC

---

Not sure what am i missing?

Mohammed JH

Wednesday, July 4, 2012 7:06 AM
• I got it! You should add the command below before running Grant-CsHostedVoicemailPolicy -Identity lynclog\mu1 -PolicyName "MYUC Domain"

Set-CsHostedVoiceMailPolicy -Destination exap.um.outlook.com -Organization contoso.com

Mohammed JH

Wednesday, July 4, 2012 8:18 AM
• Hello Bro,

did you find a document or created one to share it with us :) ?

Thanks

Sunday, April 7, 2013 1:02 PM
• Ramos Integration with O365 and Lync on premise can be very easy if your users are on Lync on premise not on O365 already.

The otherway around is really a pain in the ass and even microsoft haven't yet had any documentation for us to go through it in order to deploy this.

What happened with me is , after I successfully got ADFS to work and sync with the O365 AD. the users were unable to login to their exchange on office cloud. I would have opened a ticket with ADFS team if this was not production environment however I had to take a hard decision and get rid of ADFS and Dirsync.

Now I have Lync on-premise working fine without a problem and the users still have their emails on cloud however active directory users are not syncing between cloud and the one on premise, whatever change you have to do on cloud needs to take place on premise as well so users can have the same password and don't get confused.

I have written a documentation with screenshots on that, if you like to have it please let me know.

Mohammed JH

Monday, April 8, 2013 6:53 AM