Forum Discussion
On Prem Skype Federation to Office 365
We are using Office 365, but are trying to setup federation with partners who have on prem installations.
Does anyone with an OnPrem installation have a checklist of steps to take to enable a new organziation using Skype Online?
Every time we do it it seems to be a trial and error process for them and since we don't have an onprem setup there is little that we can do to help.
Thanks in advance.
8 Replies
Hi Dan.
It is not really an easy question to answer, as it depends on what setting your partner has.
Open federation with DNS SRV routing and hosting partner federation:
It works out of the box.
Open federation with DNS SRV routing and no hosting partner federation:
Your partner must add #SFBO as a hosting provider.
New-CsHostingProvider -Identity SkypeforBusinessOnline -ProxyFqdn "sipfed.online.lync.com" -VerificationLevel UseSourceVerification -Enabled $True -EnabledSharedAddressSpace $False -HostsOCSUsers $False -IsLocal $False
Closed federation with DNS SRV routing and hosting partner federation:
Your domain must be added to the federated allow-list:
New-CsAllowedDomain -Identity "fabrikam.com"
Closed federation without DNS SRV routing and hosting partner federation:
New-CsAllowedDomain -Identity "fabrikam.com" -ProxyFqdn "proxyserver.fabrikam.com"
I think you get the idea from here.
/Kenneth ML
- In Skype for Business admin center (office365 portal) make sure federation is open see: http://imgur.com/wzzKB6P
Ask the customer if they have added the Skype for Business Online provider to SIP Federated Providers in the Skype for Business Control panel
see: http://imgur.com/D3RLy1U
for details: https://technet.microsoft.com/en-us/library/jj205126.aspx An issue I see a lot is when the on premises installation on the partner side is using an allow list for federated domains that includes the fqdn of your access edge server. That will stop working when you move to Office 365. Removing the the edge server fqdn from the allow list entry should fix that.
Do they have the edge setup correctly and working?
https://technet.microsoft.com/en-us/library/dn933903.aspx
They can test with https://www.eventzero.com/Tools/FederationTester/
- I believe they do - as we've always gotten it to work without major re-work on their side (this is my experience with setting it up with several different external organizations).
It just seems like getting us added to the list of federated partners always take trial and error - so I was looking for the set of steps one would typically take.
We've used the eventzero tool and a couple of times it's returned success for both sides, but we still weren't able to connect.
ThanksExternal DNS Records correct?
Do the Lync/Skype here https://testconnectivity.microsoft.com pass for both sides?
