Exchange Server

How to Setup Lync Federation

How often have you sent an email to a business partner that ended up being a 25-email conversation thread… which at some point started discussing what you’re going to do over the weekend? If you have Microsoft Lync deployed and that partner had Lync, you can setup a Lync federation partnership and eliminate those long email conversation threads by simply having an IM session with your coworker. Not only have you become more productive by saving time from writing that email about your plans, but you might also keep your Exchange admin happy as well. After all, email is not a chat session.

Types of Lync Federation

Using Lync is a great tool to communicate internally, but it can also be used to communicate with your external partners or businesses just as easy using Lync Federation. This article will discuss what you need to do to get federated with an external Lync deployment.

Lync Federation with another external Lync deployment, typically a business partner/customer, allows the users of the federated partnership to access IM and Presence (person to person only), and it creates federated contacts within the Lync client. Perhaps you want to limit the federation to only a subset of users. This can be accomplished via Lync External Access Polices assigned by users.

There are several types of Lync Federation: Discovered Partner Domain, Allowed Partner Domain, Allowed Partner Server, and Hosting Provider and Public IM.

Sponsored Content

Passwords Haven’t Disappeared Yet

123456. Qwerty. Iloveyou. No, these are not exercises for people who are brand new to typing. Shockingly, they are among the most common passwords that end users choose in 2021. Research has found that the average business user must manually type out, or copy/paste, the credentials to 154 websites per month. We repeatedly got one question that surprised us: “Why would I ever trust a third party with control of my network?

Discovered Partner Domain (Open Enhanced Federation)

The partner’s Lync Edge server is discovered by looking the SRV record using DNS. The Firewall would need to allow all inbound traffic on port 5061 through without restriction. This type of federation allows users to connect to any potential business partner without contacting the Lync Admin to setup the federation. This open form of federation requires such that the A record and certificate for the federated access edge server needs to match the SIP domain. There is also a limit of 20 SIP messages received per second by this type of partnership.

Allowed Partner Domain (Enhanced Federation)

This type of federation requires the Lync Administrator  to setup the federation as it requires you know your partner’s SIP domain and add it to the list of Federated Domains Lync control panel. Like the Discovered Partner Federation, the A record and certificate for the federated access edge server needs to match the SIP domain, but there are no limitations as far as SIP messages.

Allowed Partner Server (Direct Federation)

This type of federation is manually added and does not require A records and certificates to match the partners access edge server. Instaed, it uses the Partner’s FQDN of the access edge server and the domain name.

Hosting Provider and Public IM

This type is used for federating with hosting providers such as Office 365, Skype, and AOL.

XMPP Federation

This allows federation with deployments using eXtensible Messaging and Presence Protocol (which will not be shown in this article).

Prior to setting up the federation you will need to ensure that your Lync deployment is setup properly.

  1. You will need to deploy Lync Edge server and publish your topology. If you already have Lync Edge server set up, you’re ahead of the game, and you’ll only need to modify your settings. For the purpose of this article I will not go into the full details of setting up an Edge server deployment, but I will demonstrate the setup of federation using a Single Consolidated Lync Edge deployment that has been previously setup for Edge access. If you don’t have Lync Edge deployed, read TechNet’s guide to determine the best type of Lync Edge deployment for your environment. You may also need to discuss Lync Edge deployments with your Networking team as firewall ports may need to allow through any firewalls you may have.
  2. Configure any DNS A or SRV records required for Lync Edge, if they are not already published.

Enable Lync Federation on Existing Edge Server Setup

  • Download Topology from Existing Deployment.
  • Right-click on your Edge pool and select Properties.
  • Select Enable Lync Federation and click OK.

lync edge

  • Click Action, select Topology, and Publish your topology.
  • On your Edge server, select Install/Update Lync Server System, then select Setup or Remove Lync Server Components. Select Run Again.
  • Restart Lync Services.

Configuring Support for External User Access

In the Lync Control Panel, navigate to External access Policy page and enable users to communicate with federated users.

Setup Lync external Federation

Let’s Federate!

After you have configured for federation on your Edge servers, you’ll be ready to start federating with business partners. Determine what type of federation you will be using for that partner and then define the DNS records required for that particular type of federation.

Discovered Partner Domain (Open Enhanced Federation): If you want to use this type of federation, you will need to enable the feature using the Access Edge Configuration settings.

Lync Edge server will locate the business partner using the partner’s SRV record using DNS if it’s published. <_sipfederationtls._tcp.<external domain name>

 Lync Federation


Allowed Partner Domain (Enhanced Federation): In the Federated Domain tab add the business partner’s domain name.

Lync Enhanced


Allowed Partner Server (Direct Federation): In the Federated Domain tab, add the business partner’s Access Edge server FQDN and the partner’s domain. Both must be entered.

Lync Direct federation


Hosting Provider and Public IM: To federate with a business partner using Office 365, fill in the provider name and Access edge FQDN. You will also need to choose to allow communication with this provider. Once these settings are added in the hosting provider tab you will still need to add the business partner’s domain info in the Federated Domains list tab.

Lync Federation hosted

Once all settings are added for the business partner and you’ve exchanged your details with them, then you can begin testing the Lync Federation.

Related Topics:


Don't have a login but want to join the conversation? Sign up for a Petri Account

Comments (1)

One response to “How to Setup Lync Federation”

  1. Thanks for the nice explanation. I have a question. I have Lync with an Edge server all configured. I am trying to federate with another company that has Office 365. I think I need to use the Allowed Partner Server (Direct Federation). I am not sure how to fill out the Control Panel settings. What do I use for the Edge Server if the company has Office 365?

Leave a Reply

Live Webinar - Thursday, December 2nd! Active Directory Masterclass: AD Configuration Strategies for Stronger SecurityREGISTER NOW - Thursday, December 2, 2021 @ 1 pm ET

Active Directory (AD) is leveraged by over 90% of enterprises worldwide as the authentication and authorization hub of their IT infrastructure—but its inherent complexity leaves it prone to misconfigurations that can allow attackers to slip into your network and wreak havoc. 

Join this session with Microsoft MVP and MCT Sander Berkouwer, who will explore:

  • Whether you should upgrade your domain controllers to Windows Server
    2019 and beyond
  • Achieving mission impossible: updating DCs within 48 hours
  • How to disable legacy protocols and outdated compatibility options in
    Active Directory

Sponsored by: