How to Implement Public IM Connectivity (PIC) with Lync Server 2010
Overview
In this article I cover the step by step configuration of the PIC with Microsoft MSN, the structure we have a Front End Server and Standard Server Edge Server.
http://4.bp.blogspot.com/-UFzDztZfGgg/TcnZlwnjbRI/AAAAAAAAAa0/jdeO2HnPMqc/s400/lync2.jpg
This article assumes you already have the Edge Server deployed and published in its structure, step by step to configure the Edge documented in this article [[Installing the Edge Server in DMZ Lync Double Hop (en)]]. Before proceeding with the setup Public IM Connectivity take the test on the portal https://www.testocsconnectivity.com/ .
Some points to consider:
- The provisioning process along with Microsoft's servers can take up to 30 days to be configured.
- The setting and publication of the Edge Server must be complete and functional
- During the provisioning of the structure of the PIC Live Messenger is changed, the domain you are adding to the PIC is reserved for the structure of Lync. Therefore if a user has a Live ID with your domain, for example usuario@allen.com.br, This Live ID will not work after the integration. Make a survey of users who have Live IDs with the domain name to be integrated to make changing them.
- To add a contact that has the Live ID with a different domain name from one domain to Windows Live from the address in the format <username> (<domain name>) @ msn.com, where <domain name> and domain name that you have in your Live ID. For example, if the e-messenger user is user01@allen.com.br to add it to your contact list you must add: user01 (allen.com.br) @ msn.com
Setting the Front End
Set up initially pool Lync to enable the federation and the routing through the Edge Server.
Open Lync Server Control Panel -> External User Access -> External Access Policy, and access policy settings Global
http://4.bp.blogspot.com/-PCpMtZ_o0DE/Tc2CusNLmVI/AAAAAAAAAe8/CwgnuVGhGFM/s400/pic01.png
In politics Global rules enable *Enable communications with federated users, Enable communications with remote users, Enable communications with public users. * Click *Commit * to save the settings
http://3.bp.blogspot.com/-vs13QimOBlc/Tc2CvGEffYI/AAAAAAAAAfA/6wJCw8yT9PM/s400/pic02.png
Click Configuration Access Edge
http://3.bp.blogspot.com/-ymeQP_6eoqM/Tc2CvnBJcQI/AAAAAAAAAfE/WAJeTWxGvIA/s400/pic03.png
Access policy settings *Global * enable *Enable federation, Enable remote user access. * Click *Commit * to save the settings:
http://4.bp.blogspot.com/-ZUf1NUOIlro/Tc2CwGkfEHI/AAAAAAAAAfI/cFYg9VwzySA/s400/pic04.png
For complete access *Providers -> Public Provider MSN
*
http://3.bp.blogspot.com/-eq06KIqeYbs/Tc2Cw5W7rBI/AAAAAAAAAfM/nhBXEgfE6ik/s400/pic05.png
In the properties select the option *Enable communications with this provider, * and select the check box *Allow all communications with this provider. * Click *Commit * to save the settings:
http://4.bp.blogspot.com/-nj48jeR7vFg/Tc2CxWLCs1I/AAAAAAAAAfQ/OlGQuJqkAMk/s400/pic06.png
Close Lync Server Controll Panel.
Enable Federation in Topology Builder
Open the Topology Builder and connect to the existing structure of the Lync Server.
http://3.bp.blogspot.com/-b8sSwX3A1ew/Tc2LnPoo9HI/AAAAAAAAAfU/GumDKG6OV6Y/s400/pic07.png
Right-click on the name of the site of the Front End and select *Edit Properties ...
*
http://2.bp.blogspot.com/-oi8278EwkH0/Tc2Ln-St9tI/AAAAAAAAAfY/RHaoEXlcDbY/s400/pic08.png
Select *Federation route, * and check Enable, the *Site federation route assignment. * In menu below to select Edge Pool where the communication is routed:
http://3.bp.blogspot.com/-SYrlPkAiyrE/Tc2LohNg_uI/AAAAAAAAAfc/tnUk0jgxdog/s400/pic09.png
Close the window and publish settings.
To verify that the settings were saved successfully, expand settings Edge Pool and verify that the federation is enabled.
http://3.bp.blogspot.com/-G-Duo7veVm8/Tc2N_ooAphI/AAAAAAAAAfg/belF7CsouW8/s400/pic10.png
Close the Topology Builder.
Configuring the Edge Server Lync
For CIP work is necessary to install a digital certificate issued by public companies to partner with Microsoft unified communications. In the following link shows the partners for issuing the certificate http://support.microsoft.com/kb/929395 .
For the configuration I'm using the certificate of GlobalSign Trial. The first step is to generate the Edge Server file a request for digital certificate.
Run the installation wizard Lync Server, click Install or Update Lync Server System and run the third step to generate the request of the digital certificate.
Run *Certificate Wizard, * select *External Edge Certificate * and click Request
http://4.bp.blogspot.com/-dUEXhegKhD8/Tc2WcT592NI/AAAAAAAAAfk/0565h_iBEAU/s400/pic11.png
Proceed through the *Certificate Request.
*
http://3.bp.blogspot.com/-BcQMucePx1E/Tc2WdaBJ1-I/AAAAAAAAAfo/dNbLOfSVP7A/s400/pic12.png
Select *Prepare the request now, but send it later * to generate the file request.
http://4.bp.blogspot.com/-Ipop4-ZQh64/Tc2WemZyH8I/AAAAAAAAAfs/_BDpjUl1UgI/s400/pic13.png
Set the path where the certificate request is saved.
http://4.bp.blogspot.com/-Z1FNN-uYG-c/Tc2WfVWAQpI/AAAAAAAAAfw/aFC16o-E3aw/s400/pic14.png
Proceed through the Certificate Template.
http://2.bp.blogspot.com/-lBA8oNZAuVk/Tc2WgcKALdI/AAAAAAAAAf0/_65BBIJrxpY/s400/pic15.png
Set the name of the certificate and check *the Mark the certificate's private key exportable.
*
http://1.bp.blogspot.com/-pzGcUeIiyeI/Tc2WhI_jpAI/AAAAAAAAAf4/5hs2iKzXnW4/s400/pic16.png
Set up your company's information.
http://1.bp.blogspot.com/-wf8US7aWFEw/Tc2WhhTPVpI/AAAAAAAAAf8/LexMEDy_9J0/s400/pic17.png
http://4.bp.blogspot.com/-wY1JDol1KzY/Tc2WijmWEOI/AAAAAAAAAgA/VceVoyIPjwo/s400/pic18.png
Check the certificate Subject Name.
http://2.bp.blogspot.com/-yKldl4XPjm0/Tc2YjVg1HPI/AAAAAAAAAgc/Lk92ilb2NIU/s400/pic19.png
Select the domain sip 'supported by the Edge Server.
http://4.bp.blogspot.com/-v0GkIFElkQI/Tc2Y4NASKWI/AAAAAAAAAgg/jdw5ghi9IVA/s400/pic20.png
If not added any more sip domain the default settings of the certificate is sufficient. To support more field includes the configuration of the certificate of the knowledge needed.
http://3.bp.blogspot.com/-_pNPbaKzVSs/Tc2WlDw9aAI/AAAAAAAAAgM/DFX4fIK0Wrk/s400/pic21.png
Check settings and complete the *Request.
*
http://3.bp.blogspot.com/-IK0llcHd0CM/Tc2Wl9T00EI/AAAAAAAAAgQ/Nh9PdKxaabE/s400/pic22.png
http://2.bp.blogspot.com/-RJBmQ7myFWY/Tc2WmwKELoI/AAAAAAAAAgU/ha7ydCukstU/s400/pic23.png
http://2.bp.blogspot.com/-ff3r1ikAAAk/Tc2WnjerHtI/AAAAAAAAAgY/iNfgSs-q6YU/s400/pic24.png
Use the CRS file generated to send the digital certificate, I used the certificate certifying the trial https://www.globalsign.com/contact/testdv/form_testcert_dv_en.html .
With certificate in hand to return the certificate wizard and run the Assign option to configure the digital certificate on the external network interface of the server.
Configuring External DNS
The following records must be created on the DNS server of the Internet:
Host |
IP |
sip |
xxx.xxx.235.41 |
ave |
xxx.xxx.235.42 |
webconf |
xxx.xxx.235.43 |
_sipfederationtls._tcp |
sip.allen.com.br: 5061 |
_sipinternaltls._tcp |
sip.allen.com.br: 443 |
The configuration part of the structure of Lync server is complete before accessing the portal proceguir https://www.testocsconnectivity.com/ and testing settings and conditions of the certificate.
Test also conctividade in Lync Edge, check the name resolution server.
Ping the sip url's. <FQDN Domain>, av. <FQDN Domain>, webconf. <FQDN Domain> the resolved ip's should be the ip of the server's valid.
Make a *"telnet federation.messenger.msn.com 5061 " * make sure the connection was successful.
Microsoft Lync Server Public IM Connectivity Provisioning
To finish the configuration of the PIC must provision the service on the Microsoft website. Access the portal https://pic.lync.com/ .
Log in with a Windows Live portal, enter the access information of your company.
http://1.bp.blogspot.com/-xgWWK5weUnQ/Tc3TZe62MJI/AAAAAAAAAgk/rslIhSsWScI/s400/pr01.png
This is the first screen of the Provision, click Initiate Service to provision access to MSN.
http://2.bp.blogspot.com/-dif2fIU-0oE/Tc3TaL2LCEI/AAAAAAAAAgo/-gSBLLoUaQA/s400/pr02.png
Configure the contact information of your company.
http://1.bp.blogspot.com/-YiiIAw-zU9M/Tc3TabrnOII/AAAAAAAAAgs/ZCPDp7I1Ml4/s400/pr03.png
Set the connection information with the Pool's Edge Lync.
http://3.bp.blogspot.com/-0fy2ar-n1gU/Tc3TbFtIBwI/AAAAAAAAAgw/q1eEq9xCatY/s400/pr04.png
The setting in the Microsoft portal can take 30 days, the settings that participated in the response on the Provisioning took seven days, but it took another two weeks so that I could successfully add users messenger.
Notice for Office365: If you have enabled public federation in office365 you need to disable that first and it can takes a couple of days. After that you can register at the website for your onprem deployment.
References
Public IM Connectivity Provisioning Guide for Microsoft Lync Server, Office Communications Server and Live Communications Server
Frequently Asked Questions about your Lync Provisioning Server Deployment for Public IM Connectivity
That Occur Known issues with public instant messaging and Communications Server
This article was originally written by:
**Fernando Lugão Veltem
blog: **http://flugaoveltem.blogspot.com/
**twitter: **@ flugaoveltem