Difference between Open and Closed Federation in Lync/SfB Server

One of the features that Lync Server and Skype for Business Server has and customers like is the ability to federate with another company. This post will focus only on Lync/SfB to Lync/SfB or Lync/SfB to OCS federation. Usually, Lync/SfB administrators don’t know if they have an open or closed federation – why is that so? Because it’s only a matter of checking a box and the description isn’t really helpful.

So, how do we know if we have an open federation? Simply open your Lync/SfB Control Panel, then Federation and External Access -> Access Edge Configuration and double click Global:

If Enable partner domain discovery is checked, it means the federation is open. Using PowerShell, check if the EnablePartnerDiscovey is set to True with:

Get-CsAccessEdgeConfiguration

To close the federation you need to remove the Enable partner domain discovery checkbox in the Lync Control Panel or run the cmdlet:

Set-CsAccessEdgeConfiguration -UseDnsSrvRouting -EnablePartnerDiscovery $False

Make sure that Lync replication is working to all Lync servers. We can go to replication with:

Invoke-CsManagementStoreReplication

And check the replication with:

Get-CsManagementStoreReplicationStatus

In the Lync Control Panel, we can also check the replication status:

With a closed federation we need to manually configure each allowed sip domain:

And fill with the right parameters:

If we don’t know the partners Access Edge Service (FQDN), we need to do a SRV DNS lookup for _sipfederationtls._tcp.<sip domain>. This can be achieved in a Command Prompt or PowerShell:

nslookup -type=srv _sipfederationtls._tcp.lync2010.uclobby

Even if we close the federation, it’s really important to leave the SRV record _sipfederationtls._tcp.<sip domain> in the external DNS. Thus, if we allow a partner that has already an open federation, our partner doesn’t need to change his configuration.