I work for a managed service company (tech.com). We are on Office 365 and use Lync Online. We have a client (companyA.org) who has an on-premises Lync 2013 environment setup. Client has us added as one of their allowed domains in the federation section with a domain name FQDN of tech.com and an access edge service FQDN of sipfed.online.lync.com. We have open federation on our end in Office 365. Communication between us and the client works properly. The client also has federation set up with another company (companyB.org) that's also on Office 365 using Lync Online. CompanyA has CompanyB added as one of their allowed domains in the federation section with a domain name FQDN of companyB.org and an access edge service FQDN of sipfed.online.lync.com. I've seen (not touched, because they're not a client of ours) the O365 settings for CompanyB and they have federation open to all domains except blocked ones.
CompanyB users cannot initiate a chat with a CompanyA user. When they try to, the companyB user gets the following error message:
--- This message wasn't sent because <companyA contact> doesn't have permissions on your organization's network, or because the address is incorrect. Please contact your support team.---
However, if a companyA user initiates the chat, their message gets through and then they can both chat back and forth with no problems whatsoever.
I've pretty much exhausted all my options on the on-prem Lync environment:
- I tried adding LyncOnline as a hosted provider with an FQDN of sipfed.online.lync.com but starting with 2013, it will not let you have an allowed domain and a hosted provider with the same FQDN.
- I tried removing the allowed domains and adding the hosted providers, but that just made things worse as we couldn't see status information anymore.
- I tried enabling partner domain discovery, to no avail.
- I checked to ensure that all other federation settings were correct and there's nothing different from how tech.com and companyB.org are set up as allowed domains in companyA's on-prem Lync environment.
What I think is causing the problem:
After I checked and verified that both O365 companies are setup identically in the on-prem Lync environment, I began looking at other aspects of each one that I can compare to see where there's a discrepancy, if any. I found an article that said that in order to find the correct access edge service FQDN for a company, I can do an nslookup for the following srv record: _sipfederationtls._tcp.DOM
AIN.COM. Low and behold, I found out that I get a proper reply (with needed info including an svr server of sipfed.online.lync.com) when doing _sipfederationtls._tcp.tec
h.com. However, when I do the same lookup for _sipfederationtls._tcp.com
I get back the following: <LOCAL SERVER> can't find _sipfederationtls._tcp.com
Non-existent domain. I did the same lookup for all of our other clients who are on Office 365 and use Lync online and got the correct result back (identical data as the tech.com lookup). Also did the same for all companies on lyncdirectory.com that have an SIP access/server name of sipfed.online.lync.com listed and got the correct results for all of them, except 1 (kirbside.us). I then found this article (https://technet.microsoft.com/en-us/library/gg412787.aspx
) that states the required DNS records for Lync 2013. About halfway down the page there's a section labeled RECORDS REQUIRED FOR FEDERATION with only 1 entry listed, for this exact DNS record that companyB seems to be missing. This strongly leads me to believe that this is what's causing the problems but I don't know enough about Lync definitively make that call.
Any help/clarification on this would be greatly appreciated. Thank you for your time.