Sign up for Office 365
Learn more about Office 365
Hi, I'm using Lync Online to communicate with contacts of a federated partner who are still on OCS 2007 R2. We can communicate just fine, there are no issues with instant messaging or A/V, however, while my partner's contacts can see my presence just fine their presence is always shown to me as 'unknown'. They have added Lync Online as an IM provider with default settings. I had their admins have a look at their OCS Edge Server's event log, and they are seeing truckloads of this event.
A significant number of connection failures have occurred with remote server sipfed.microsoft.com IP 22.214.171.124. There have been 109 failures in the last 577 minutes. There have been a total of 109 failures.
The specific failure types and their counts are identified below.
Instance count - Failure Type
This can be due to credential issues, DNS, firewalls or proxies. The specific failure types above should identify the problem.
Looks like the Lync Online federation proxy sipfed.microsoft.com has some kind of issue with OCS 2007 R2 domains. What can we do to get presence working in the direction from OCS 2007 R2 to Lync Online?
Regarding your issue with the presence unknown for federated OCS 2007 R2 contacts. This sounds like your end of the federation is setup correct as they are able to see your presence. However, they may not have the federation setup correctly on their side due to the mention of sipfed.microsoft.com as well as missing presence. Here is a TechNet article to refer to for them to configure federation for a Lync Online 2010 user.
Thanks Brent. The article describes how to add a hosting provider in Lync 2010, however, my federation partner is still running OCS 2007 R2. I worked with their admin, to adapt the instructions to their OCS 2007 R2 Edge Server, and we did the following.
Added an IM Service provider named 'Office 365'
Entered 'sipfed.online.lync.com' as the IM service provider Access Edge
Ticked 'Allow communications only from users verified by this provider'
I still couldn't see the presence of any of their OCS 2007 R2 contacts. We then tried the following.
Ticked 'Allow all communications from this provider' - no change
Entered my Lync Online domain and 'sipfed.online.lync.com' explicitly as an allowed domain, to increase the trust level (they are using open federation) - again no change
Instant messaging works fine but I still cannot see their presence.
What are we missing?
When you configured this, did you have them use the powershell to enter the cmdlet to configure the hosting provider? I will look further into this for you.
Thanks for your help, much appreciated. Again, they're on OCS 2007 R2. There is no PowerShell interface for that. It was done on their Edge Server via the OCS snap-in in Computer Management, but it mimics exactly what the New-CSHostingProvider would do in Lync Server 2010.
Because we can exchange instant messages just fine my guess is that it has something to do with presence subscriptions and trust levels, but the help on that is not helpful at all. I already tried to assign the contacts on both sides to the personal/family and team/workgroup level, but that didn't change anything, either.
I just don't know where to look. It might be a Lync to OCS thing because I can federate just fine with other Lync Online and Lync on-premises domains as well as Windows Live accounts.
This may seem a bit redundant, but have you by chance checked to see if the SRV federation record is configured on the OCS enviroemnt? If it is set up then it might be something with the OCS to Lync Online. The reason you can federate just fine with everything else is because everything on your end is set up correctly. I am still looking further into this issue to try and find a resolution for you.
Yep, the DNS SRV and A records are in place and correct. In fact, my OCS federation partner is federating successfully with a bunch of other organizations running OCS and Lync on-premises. So far it still looks like a Lync Online to OCS issue, however, since I've set up everything at their end according to the instructions how to add Office 365 as an IM provider to OCS 2007 R2 I'm not sure what else I need to do.
By now I have accounts on both sides, my own Lync Online domain and the OCS environment of my federation partner. Do you want to test directly with me in both environments?
Thanks for your continuing support
At this point it sounds like you have done everything you can to configure this to working. It seems that it is an issue with the OCS enviroment to the Lync online is whear the issue lies. I am still looking into this to see if I am able to find anything that will be of great help to you. thank you for your continued time and patience.
Thanks Brent, much appreciated.
I exported the complete chain of certificates that is used by the OCS Edge Server of my federation partner. It's been issued by 'Entrust.net Certification Authority (2048)'. Would it help if I sent these to you? We know that communication is working - it's just the presence that's broken, not sure if this could be a certificate issue at all.
Based on the information you have provided me, Lync online is set up correctly. I have included some additional articals that will be of assistance to you. All remaning configuration steps have to be done on the on premises server. I have sent you a PM with the information and the 2 articals. I hope this is of great assistance to you.
Thanks Brent Coldewey
Sorry - I replied to the 'PM' (whatever that means) before I saw your last message, so I thought it was from somebody else.
Unfortunately both articles are not helpful. We already tried adding my Lync Online domain as a trusted partner in OCS 2007 R2, specifying sipfed.online.lync.com as the Access Edge Server, but that didn't help. The second article is a year old and pertains to the Office 365 Beta, when the DNS records were pointing to the wrong server sipdir.online.lync.com, so that doesn't apply either.
What could possibly block the presence, yet allow instant messaging? Any idea where to look? Can we escalate this issue to a Lync team who could take a look at the traffic passing between my Lync Online domain and my OCS 2007 R2 federation partner?
Being that Lync is working correctly on your end and the issue lies with the OCS server. The partner you are trying to configure this with would need to contact our Commercial Technical support @ 18009364900 if they need help setting up or configuring their OCS on premises server to use federation.
Thanks, but they don't need help - they are federating successfully with a lot of others, just not Lync Online, so it's probably a Lync Online issue. So let me ask you again. What could possibly block the presence, yet allow instant messaging? Any idea where to look? Can we escalate this issue to a Lync team who could take a look at the traffic passing between my Lync Online domain and my OCS 2007 R2 federation partner, or at least provide some insight what might cause a behaviour like this? To be honest, I've never seen it before, it either doesn't work at all or it works fine. What settings control the ability to see a federated contact's presence independently of instant messaging and A/V communication?
Are they successfully federating with other partners using Lync Online? Are you able to successfully federate with other OCS 2007 R2 partners? We have went through the way you have Lync online set up on your end and it is set up correctly. Federation is governed by the proper DNS records and the way it is enabled in the Online Portal. If the DNS records are set correctly and the federation setting in the Portal are set to allow and not block or if is is on block the partner is on the list of allowed partners there should not be an issue with federation unless it is a compatability issue.
I agree that it must be some kind of compatibility issue. They can federate successfully with other Lync Online partners, as well as I can federate successfully with other OCS 2007 R2 partners. Again, communication is working, it's only the presence that's not working in one direction (I can't see their presence but they can see mine). So let me ask you again, what could possibly block the just presence, yet allow communication? What settings control the ability to see a federated contact's presence independently of instant messaging and A/V communication? I feel that that's what we need to look into here.