Lync 2013: Hybrid configuration would break the OnPrem-Federation
In one of my recent projects where I was involved in On-Prem to Office 365 Migration I experienced Lync 2013 Hybrid deployment would break the On-Prem Sip Federation with federated partners.
After we configured our edge serves for Hybrid configures i.e enabledsharedaddressspace TRUE we noticed on-prem users will see presence unknown for federated users as well as users who are migrated in cloud. However federated partners or users in cloud can still see your presence information and if they initiate the communication with you it all works fine. You might notice the same issue if your environment is configured as mine.
Lync 2010 FE and Lync 2013 FE Co-Existence with Lync 2010 Edge servers. Our environment is configured for hybrid deployment and ready to be migrated on Office 365. We noticed above issue after we migrated first user in cloud.
2- Run following command to verify if Proxy FQDN of Lync online, EnabledSharedAddressSpace and AutodiscoverUrl is set properly.
3- Run following command to verity AllowFederateduser and SharedSipAddressSpace is set to True
Note: – This is O365 side configuration so you need to have admin access to connect remote power shell
In my case above configuration is set properly and On-Prem federation was working fine before we enabledSharedAddressSpace as True in Step 2
4- I changed the EnabledSharedAddressSpace as False and SIP federation started working with onprem federation partner. But this is not the solution as without setting EnabledSharedAddressSpace as true onprem to O365 communication will not work.
5- Based on some errors in client logs (unfortunately I do not have copy of that log) we figured following Internal DNS records are required for Hybrid configuration to support split domain model. Normally these records does not make any sense to be resolved internally. I could not find any MS Document which says these Records are required for Hybrid configuration.
Once we added above records and verified FE and EDGE servers can resolve it internally, our On-Prem Federation started working with other federated partners. But still one side On-Prem to O365 Federation is broken.
6- We noticed following error in client logs which shows that destination server refused the connections
Note:- In our case it was trying to connect to one of the internal video conferencing server. if we try to resolve a user Sipaddress@ourdomain.com and if users does not exist locally on our On-Prem server then that request should go to O365 server in cloud because we are it was going to video conferencing server in on-prem and that’s why on-prem to O365 Federation was not working.
7- We ran Get-CsStaticRoutingConfiguration and figured we had static route exist which was created in past for some unsuccessful attempts to integrate VC with OCS.
We removed the static route and it resolved the issue.
Federation Issue (on Prem federation will break in hybrid environment if above mentioned internal DNS records are not resolved internally.
Unable to send IM: On-Prem to O365 Federation will not work if you have a static route created for your domain which is being shared between On-Prem to O365
Exchange and Lync Architect