Setting up Office 365’s Lync for Federation and IM Connectivity
is a multi-step process.
Step 1: Configuring
Office 365’s Lync
From the Admin page click Lync's Manage:
This takes you to the Lync Online Control Panel Overview tab
where you can see the Current Settings. Click External Communications to change
the settings and check the status.
On the External communications tab you need to Turn on Domain
Federation mode (this enables Lync to Lync communication across domains). As
you can see I chose ‘Turn on for all domains except blocked domains’. Also,
here is where you enable Public IM service providers.
Step 2: To
configure external domain name settings This is an expanded list when compared to the list you receive under Admin Overview | Managememnt | Domains | View DNS Settings
- This step is mandatory!
- This step does not include the DNS entries needed for Exchange Online and Mail Delivery!
- These instructions may not be current, please check http://onlinehelp.microsoft.com/en-us/office365-enterprises/hh416761.aspx.
- If you are using your own domain name with Office 365, add the following CNAME and SRV entries to your DNS server:
Type
|
Host name
|
Destination
|
TTL
|
CNAME
|
sip.yourDomainName.com
|
sipdir.online.lync.com
|
1 hour
|
CNAME
|
lyncdiscover.yourDomainName.com
|
webdir.online.lync.com
|
1 hour
|
Type
|
Service
|
Protocol
|
Port
|
Weight
|
Priority
|
TTL
|
Name
|
Target
|
SRV
|
_sip
|
_tls
|
443
|
1
|
100
|
1 hour
|
yourDomainName.com
|
sipdir.online.lync.com
|
- If
your organization supports domain federation or public IM connectivity,
add the following SRV record as well:
Type
|
Service
|
Protocol
|
Port
|
Weight
|
Priority
|
TTL
|
Name
|
Target
|
SRV
|
_sipfederationtls
|
_tcp
|
5061
|
1
|
100
|
1 hour
|
yourDomainName.com
|
sipfed.online.lync.com
|
Step 3: To
configure internal domain name settings
- These instructions may not be current, please check http://onlinehelp.microsoft.com/en-us/office365-enterprises/hh416761.aspx.
- If your organization’s Internet proxies or firewalls are configured to block external SRV queries, add the following CNAME and SRV entries to your internal DNS server:
Type
|
Host name
|
Destination
|
TTL
|
CNAME
|
sip.yourDomainName.com
|
sipdir.online.lync.com
|
1 hour
|
CNAME
|
lyncdiscoverinternal.yourDomainName.com
|
webdir.online.lync.com
|
1 hour
|
Type
|
Service
|
Protocol
|
Port
|
Weight
|
Priority
|
TTL
|
Name
|
Target
|
SRV
|
_sip
|
_tls
|
443
|
1
|
100
|
1 hour
|
yourDomainName.com
|
sipdir.online.lync.com
|
Step 4: Configure
your firewall or proxy server for Lync Online
- This step is not necessary if your firewall does not block Outbound connections.
- These instructions may not be current, please check http://onlinehelp.microsoft.com/en-us/office365-enterprises/hh416761.aspx.
- Open the following ports in your organization’s external firewalls and reverse proxy servers.
Port
|
Protocol
|
Direction
|
Usage
|
443
|
STUN/TCP
|
Outbound
|
Audio, video, and application sharing sessions
|
443
|
PSOM/TLS
|
Outbound
|
Data sharing sessions
|
3478
|
STUN/UDP
|
Outbound
|
Audio and video sessions
|
5223
|
TCP
|
Outbound
|
Lync Mobile push notifications
|
50000-59999
|
RTP/UDP
|
Outbound
|
Audio and video sessions
|
Note: Individual computers are automatically configured
for Lync Online network traffic when Lync is installed.
|
- Create
the following rules to apply to all users on your organization’s network.
·
Allow outgoing connections to *.microsoftonline.com
·
Allow outgoing connections to *.outlook.com
·
Allow outgoing connections to *.lync.com
·
Add a firewall entry for the Microsoft Online
Services Sign-in Assistant, msoidsvc.exe.
·
Set the HTTP/SSL time out value to 8 (eight)
hours.
Step 5: Test
- See http://support.microsoft.com/kb/2566790
- Open a Command Prompt (Admin mode)
- nslookup
- set type=all
- _sip._tls.yourDomainName.com .
- _sipfederationtls._tcp.yourDomainName.com
- sip.yourDomainName.com .
- lyncdiscover.yourDomainName.com .
- Each of the queries should result with an internet address. If not, please see the KB article.
