How do I setup federation between Lync 2010 and Lync Online?

I am following the steps in this article https://technet.microsoft.com/en-us/library/jj205126.aspx but I am getting errors or being prompted for information not available. Please help. Thank you.

I have Lync 2010. I installed the Lync 2013 admin tools on a windows 7 PC. I have run the following commands with no problem:

Set-CSAccessEdgeConfiguration -AllowOutsideUsers 1 -AllowFederatedUsers 1 -UseDnsSrvRouting -EnablePartnerDiscovery $true

Set-CSHostingProvider -Identity LyncOnline -EnabledSharedAddressSpace $true -HostsOCSUsers $true -VerificationLevel UseSourceVerification -IsLocal $false -AutodiscoverUrl https://webdir.online.lync.com/Autodiscover/AutodiscoverService.svc/root

But when I run Set-CsTenantFederationConfiguration -SharedSipAddressSpace $true I get an error message "The term 'Set-CsTenantFederationConfiguration' is not recognized as the name of a cmdlet"

I thought maybe I have to log my session into Lync Online first so I ran this:

Import-Module LyncOnlineConnector
$cred = Get-Credential
$CSSession = New-CsOnlineSession -Credential $cred

The 3rd cmdlet prompts me for a target server. I don't know what to enter.
cyberleo2000Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Mohammed HamadaSenior IT ConsultantCommented:
You have to apply these commands on Lync Front end. and add your sip domain to Office 365 for federation.

here are the steps that you would take one by one.
1- Go to Front end server and launch the Control Panel and in federation and external access make sure you have this "sipfed.online.lync.com" added and enabled.

2- run all the commands on the technet from Microsoft Lync powershell command as administrator.

3- Force replication with your Lync Edge server using (Invoke-CsManagementStoreReplication) .

4- Go to your Office 365 portal then navigate to Lync admin portal and make sure you add your sip edge FQDN there or enable Federation for anyone if you want it open.

5- On Public DNS make sure you have configured all your SRV properly as if that's not configured well  the federation will fail.

Check out this link
http://solveit.openjive.com/post/2014/01/27/Lync-Federation-with-Office-365Lync-Online
cyberleo2000Author Commented:
I setup the lync online domain in my lync 2010 control panel. Please see attached screenshot. Now I have to run "Set-CsTenantFederationConfiguration -SharedSipAddressSpace $true" in a lync online session, but, my problem is that when I try to connect my powershell session to lync online I am being prompted for a target server.

I do not have a lync 2013 server, I use lync 2010 server, so this is what I am running on a windows 7 PC with lync 2013 admin tools:

Import-Module LyncOnlineConnector
$cred = Get-Credential
$CSSession = New-CsOnlineSession -Credential $cred
Import-PSSession $CSSession -AllowClobber

The third command prompts me for a target server. What is the target server?

thank you
lynccontrolpanel.jpg
cyberleo2000Author Commented:
There are conflicting articles online regarding what is needed to coexist lync 2010 with lync online. One says all I need is Lync 2013 admin tools on a server or PC. Another says I need at least one lync 2013 hybrid server. So which one is it?

thank you
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

Mohammed HamadaSenior IT ConsultantCommented:
This sounds weird but I am not sure if it's mandatory to have Lync 2013 to configure federation with Skype for business 2015. since Microsoft o365 is using Skype for business now on online tenants.


Check out this from the following link, I will try to apply the federation my self and share my experience with you.

https://support.office.com/en-sg/article/Configure-Skype-for-Business-Server-2015-Hybrid-b06ee805-4349-4519-82fb-b06ed57c0bd0?ui=en-US&rs=en-SG&ad=SG


Configure Your Skype for Business Online Tenant for a Shared SIP Address Space

A Session Initiation Protocol (SIP) address is a unique identifier for each user on a network, similar to a phone number or an email address. Before you try to move Skype for Business users from on-premises to Skype for Business Online, you’ll need to configure your Office 365 tenant to share the SIP address space with your on-premises deployment. If this is not configured, you may see the following error message:

Move-CsUser : HostedMigration fault: Error=(510), Description=(This user’s tenant is not enabled for shared sip address space.)
To configure a shared SIP address space, establish a remote PowerShell session with Skype for Business Online, and then run the following cmdlet:

 Set-CsTenantFederationConfiguration -SharedSipAddressSpace $true
To establish a remote PowerShell session with Skype for Business Online, you first need to install the Skype for Business Online module for Windows PowerShell, which you can get here: Windows PowerShell Module for ;Lync Online.

After you install the module, you can establish a remote session with the following cmdlets:

 Import-Module LyncOnlineConnector
 $cred = Get-Credential
 $CSSession = New-CsOnlineSession -Credential $cred
 Import-PSSession $CSSession -AllowClobber
cyberleo2000Author Commented:
I'm sorry, but you have not answered my question.

Do I need a Lync 2013 front end server to setup federation between Lync 2010 and Lync Online and to also move users from Lync 2010 to Lync Online?
Mohammed HamadaSenior IT ConsultantCommented:
No according to Microsoft it can be done here.. but the article might be outdated to be honest since it says that Lync online (2010) ... you probably need to check directly with Microsoft as I didn't find anything in regarding this federation type although I assume it should work.

https://technet.microsoft.com/en-us/library/hh202196(v=ocs.14).aspx

You might as well try to reconfigure the hosting provider using the following link
https://technet.microsoft.com/en-us/library/hh202166.aspx

earlier you also said
my problem is that when I try to connect my powershell session to lync online I am being prompted for a target server.

Can you please post a screenshot of this prompt? I think you might have a missing tool. in order to connect to Lync online you will need 3 tools.
1- Microsoft Online service assistant.
2- Windows Azure Active Directory Module  for powershell.
3- LyncOnline Module for powershell.
cyberleo2000Author Commented:
The article does not apply to me, I am in the US. This article applies only to Office 365 operated by 21Vianet in China. Skype for business 2015 is not in use yet.

Some say I only need Lync 2013 admin tools, but others say I need at least one Lync 2013 front end server.

I installed lync 2013 admin tools on a windows 7 pc.
I ran these two commands with out a problem

Set-CSAccessEdgeConfiguration -AllowOutsideUsers 1 -AllowFederatedUsers 1 -UseDnsSrvRouting -EnablePartnerDiscovery $true

Set-CSHostingProvider -Identity LyncOnline -EnabledSharedAddressSpace $true -HostsOCSUsers $true -VerificationLevel UseSourceVerification -IsLocal $false -AutodiscoverUrl https://webdir.online.lync.com/Autodiscover/AutodiscoverService.svc/root

Now I need to run this command to configure my lync online tenant for a shared sip address space:

Set-CsTenantFederationConfiguration -SharedSipAddressSpace $true

but this command has to be run online, so I am trying to connect my powershell session to lync online by running these commands:

Import-Module LyncOnlineConnector
$cred = Get-Credential
$CSSession = New-CsOnlineSession -Credential $cred
Import-PSSession $CSSession -AllowClobber

but this command: $CSSession = New-CsOnlineSession -Credential $cred   is prompting me for a target server.

So my original question stands:

Do I need a Lync 2013 front end server to setup federation between Lync 2010 and Lync Online and to also move users from Lync 2010 to Lync Online?
Mohammed HamadaSenior IT ConsultantCommented:
I have just tried to connect and used the 3 tools I mentioned for you from my Windows 7 to my Lync online tenant without a problem.

here's a screenshot

1.jpg
Mohammed HamadaSenior IT ConsultantCommented:
Oh sorry hold on a minute....!!! Are you using the same domain on both Lync on-premises and Lync online? If so this is not federation! this is hybrid integration and yes you need at least one Front end 2013 for this integration to happened.

You can federate Lync on-premises with any Lync online domain but not the domain you're using for Lync Online as well. this has to be hybrid integration and you must install the following for it to work
1- ADFS.
2- DirSync.
3- Lync FE 2013 (1 server at least)
4- You need public cert on Edge server.
5- The edge must be configured on 3 different public IPs using the standard HTTPs ports as microsoft won't connect if you're using a single IP on edge with multiple non standard https ports.
cyberleo2000Author Commented:
Yes, I am using the same domain.

thank you
cyberleo2000Author Commented:
opened a case with Microsoft.

target server = admin0a.online.lync.com

followed the technet article the rest of the way.
Mohammed HamadaSenior IT ConsultantCommented:
Did they say it's possible to federate with your domain without the need of doing a hybrid integration? that would be interesting to know.

Please continue to share what happened with you so far.

thanks

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
cyberleo2000Author Commented:
Here is what I did to finally get it working

1. Installed lync 2013 admin tools on a win 7 pc

2. Ran this powershell command:

Set-CSAccessEdgeConfiguration -AllowOutsideUsers 1 -AllowFederatedUsers 1 -UseDnsSrvRouting -EnablePartnerDiscovery $true

3. Ran this powershell command:

Set-CSHostingProvider -Identity LyncOnline -EnabledSharedAddressSpace $true -HostsOCSUsers $true -VerificationLevel UseSourceVerification -IsLocal $false -AutodiscoverUrl https://webdir.online.lync.com/Autodiscover/AutodiscoverService.svc/root

4. Ran these commands to establish a powershell lync session:

Import-Module LyncOnlineConnector
$cred = Get-Credential
$CSSession = New-CsOnlineSession -Credential $cred -TargetServer "admin0a.online.lync.com"
Import-PSSession $CSSession -AllowClobber

5. Ran this command to configure shared IP address space

Set-CsTenantFederationConfiguration -SharedSipAddressSpace $true

That's it. My Lync 2010 can now coexist with Lync Online and I can move users from Lync 2010 to Lync Online via the Lync 2013 Management Shell on the win 7 PC by running this command:

Move-CcUser -identity <lync2010user>  -Target "sipfed.online.lync.com" -HostedMigrationOverrideUrl https://admin0a.online.lync.com/HostedMigration/hostedmigrationservice.svc -Credential=(Get-Credential)

I did not need a Lync 2013 server
Mohammed HamadaSenior IT ConsultantCommented:
Wow this is very interesting to know ... So you got them both working now and you can send message between both Lync online and on-premises without hybrid integration?

Can you please tell me how you've configured your public DNS?
cyberleo2000Author Commented:
It depends on what DNS information you need. Can you be more specific?
Mohammed HamadaSenior IT ConsultantCommented:
What are the SRV records that you have set for your domain?  can you also try and make calls between cloud and on-premises ?

thanks
cyberleo2000Author Commented:
Two service records (SRV) for the external DNS addresses are required so when users try to logon to the Lync environment, they will be able to reach the appropriate Edge Server.

 _sip._tls.<domain> on port 443; used for external TLS connection
 _sipfederationtls._tcp.<domain> on port 5061; used for potential federation partners


Here is the well explained DNS requirement.

http://technet.microsoft.com/en-us/library/gg398758.aspx   (this is for Lync server 2013)

SRV records are queried and returned to the client in the following order: (Check 5, 7 and 8) 1.lyncdiscoverinternal.<domain>   A (host) record for the Autodiscover service on the internal Web services
2.lyncdiscover.<domain>   A (host) record for the Autodiscover service on the external Web services
3._sipinternaltls._tcp.<domain>   SRV (service locator) record for internal TLS connections
4._sipinternal._tcp.<domain>   SRV (service locator) record for internal TCP connections (performed only if TCP is allowed)
5._sip._tls.<domain>   SRV (service locator) record for external TLS connections
6.sipinternal.<domain>   A (host) record for the Front End pool or Director, resolvable only on the internal network
7.sip.<domain>   A (host) record for the Front End pool or Director on the internal network, or the Access Edge service when the client is external
8.sipexternal.<domain>   A (host) record for the Access Edge service when the client is external

Note:
SRV record _sip._tls.<domain> is required for automatic configuration of clients running Lync to work externally.

SRV record _sipfederationtls._tcp.<domain> is required for automatic DNS discovery of federated partners.
Mohammed HamadaSenior IT ConsultantCommented:
I know what the srv records for .. but I want in your case where did you redirect your srv records to? on-premises Lync or O365 lync online?
cyberleo2000Author Commented:
our srv records are pointed to our on-prem lync 2010
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Office 365

From novice to tech pro — start learning today.