Help! I cannot join an external company’s Lync meeting!

Recently I was involved with an on-premise Lync 2010 deployment that ended up 'breaking' the ability for users to join an externally hosted Lync meeting. The issue arose once Lync was deployed internally and users found they could join their own meetings, external participants could join those same meetings, but if an external company sent a Lync meeting invite - the meeting join failed. My business partner John Lockett and I worked out a matrix to help describe the issue which is found below.

In a nutshell - if on-premise Lync 2010 is deployed with an Edge server, federation is enabled for both the Lync pool and the user, open federation is not utilized (with the external company NOT listed in their allow list), policy kicks in and prevents the meeting join from being successful.

The logic - as far as I can tell - is that an organization and user are authorized to federate, yet the external company the federation is attempting to communicate with is not on the allow list. Therefore, by policy, the join is denied. As a small step-back if you are internal to your LAN - i.e. you can reach your Edge server's internal network card - Lync will proxy your communication for you to the external party. Imagine a meeting join is started, the SIP communication is sent to your front-end server where it asks to communicate with the external SIP meeting. Your Lync server checks/validates that the communication is allowed and if not, the ability for the Lync server (and thus the Edge server) to join on your behalf is denied. Ideally the Lync client would then try the alternative route of joining the external meeting directly but that logic does not seem to currently exist. I have yet to test this same join behavior with Lync 2013 but will do so shortly.

Below is the flowchart that details the logic. A solution for the issue may be one of many:

·          Disable federation for the effected user

·          Disable federation for the pool

·          Add the external company to the SIP Federated Domains in the Lync Control Panel under Federation and External Access

·          Enable Open Federation (Enable partner domain discovery) in the Lync Control Panel under Federation and External Access | Access Edge Configuration

Lync 2010 Meeting Join Logic

Microsoft has released CU February 2013 for Lync Server 2013 Products

Yesterday Microsoft released CU February 2013 for Microsoft Lync Server 2013. The update is a significant one as it adds the necessary components for UCWA to work correctly with the newly announced Mobility clients (as well as any custom REST apps created).

The update process is a little more involved should you be utilizing the new database mirroring feature of Lync Server 2013 so make sure you follow the steps to a tee. In addition to the standard Updater additional resources were released including the Capacity Planner for 2013, the SDK for UCMA and Lync itself, and additional language support for Lync Basic and the VDI plugins.

Three tidbits of information.

1) The –Update switch is no longer needed as the command will detect if an updated is required and if not, will do nothing. If you include the –Update switch it will drop/read sprocs and reACL permissions regardless if an update is required (it of course will update it as well but why have an outage if it is not required).

2) It is reported that bootstrapper (or the Deployment Wizard Step 2) is required prior to invoking the Enable-CsTopology command although I personally have not seen any updates processed while performing this command. It does not hurt to run however so to be on the safe side just go ahead and run bootstrapper.

3) Reboots of the Front-End servers is required. Sometimes – not sure why – the Edge server must be rebooted even if not prompted (good idea to simply do this). And finally the Lync client must be restarted after the two patches are installed below.

The update process for an SE install of Lync Server 2013 is straightforward. After the update of the Lync bits have been applied simply run from the Lync SE 2013 Server’s Lync Server Management Shell (highly important or the system will not function correctly):

Install-CsDatabase –CofiguredDatabases –SqlServerFqdn yourlyncserver.domain

Followed from a command prompt on the Lync SE server and (if applicable) the Lync Edge server(s):

C:\Program Files\Microsoft Lync Server 2013\Deployment\bootstrapper.exe

And then finally back top Lync Server Management Shell:

Enable-CsTopology

If you have an Enterprise install of Lync Server 2013 the process is a little more involved (more moving pieces). To update an EE deployment without a database mirror start from a Front-End server running from Lync Server Management Shell:

Install-CsDatabase -ConfiguredDatabases -SqlServerFqdn SqlServerBE.domain –UseDefaultSqlPaths

Install-CsDatabase -ConfiguredDatabases -SqlServerFqdn ArchMonBE.domain  –UseDefaultSqlPaths

Install-CsDatabase -CentralManagementDatabase -SqlServerFqdnCMS.domain -SqlInstanceName DBInstanceName –UseDefaultSqlPaths

Followed from a command prompt on each FE server and (if applicable) the Lync Edge server(s):

C:\Program Files\Microsoft Lync Server 2013\Deployment\bootstrapper.exe

And then finally back top Lync Server Management Shell:

Enable-CsTopology

If you have an Enterprise install of Lync Server 2013 the process is a little more involved (more moving pieces). To update an EE deployment with a database mirror the process is more involved as you must drop the mirror, update the servers, and then re-create the mirror. This process will most likely be streamlined in upcoming Lync updates – something that we will continue to see often and with high value – but with such a short release cycle it is understandable why the process is what it is today.

Rather than hash the requirements and steps for a mirrored process visit the Microsoft KB article and follow the steps found there (KB2809243). Although it currently does not state a requirement to run bootstrapper on the FE and Edge servers do yourself a favor and run the command to cover all bases (see above cmdlets).

The current update list (and of course all previous updates are included and assumed and thus not listed) is displayed below. It is important to note that the Lync client updates are 2-part and both are required. The table is quite large and as such has been placed into a link which may be found here - the current versions are listed below.

Lync Server 2010 build number is 4.0.7577.205
Lync Client build number is 4.0.7577.4356
Lync Server 2013 build number is 5.0.8308.291
Lync 2013 Client build number is 15.0.4454.1506
Lync Group Chat build number is 4.0.7577.4102
Lync Group Chat Server build number 4.0.7577.4071
Lync Group Chat Admin build number 4.0.7577.4102
Lync Attendee build number is 4.0.7577.4356
Lync Attendant build number is 4.0.7577.4098
Lync Phone Edition Polycom build number 4.0.7577.4372
Lync Phone Editions (other than Polycom) build number is 4.0.7577.4366 (4363 for CX700/8540)
Lync Basic 2013 build number is 15.0.4420.1017
Lync VDI 2013 build number is 15.0.4420.1017