One of the features that Lync Server and Skype for Business Server has and customers like is the ability to federate with another company. This post will focus only on Lync/SfB to Lync/SfB or Lync/SfB to OCS federation. Usually, Lync/SfB administrators don’t know if they have an open or closed federation – why is that so? Because it’s only a matter of checking a box and the description isn’t really helpful.
So, how do we know if we have an open federation? Simply open your Lync/SfB Control Panel, then Federation and External Access -> Access Edge Configuration and double click Global:
If Enable partner domain discovery is checked, it means the federation is open. Using PowerShell, check if the EnablePartnerDiscovey is set to True with:
To close the federation you need to remove the Enable partner domain discovery checkbox in the Lync Control Panel or run the cmdlet:
Set-CsAccessEdgeConfiguration -UseDnsSrvRouting -EnablePartnerDiscovery $False
Make sure that Lync replication is working to all Lync servers. We can go to replication with:
And check the replication with:
In the Lync Control Panel, we can also check the replication status:
With a closed federation we need to manually configure each allowed sip domain:
And fill with the right parameters:
If we don’t know the partners Access Edge Service (FQDN), we need to do a SRV DNS lookup for _sipfederationtls._tcp.<sip domain>. This can be achieved in a Command Prompt or PowerShell:
nslookup -type=srv _sipfederationtls._tcp.lync2010.uclobby
Even if we close the federation, it’s really important to leave the SRV record _sipfederationtls._tcp.<sip domain> in the external DNS. Thus, if we allow a partner that has already an open federation, our partner doesn’t need to change his configuration.
4 thoughts on “Difference between Open and Closed Federation in Lync/SfB Server”
How can I add a two factor authentication before open the lync app on the mobile?
I believe Two factor Authentication only applies to Lync 2013 Client.
Nice article, but what is the difference between open and closed federation?
How does Lync behave differently when his federation configuration is open of closed (other then ‘federated companies need to be whitelisted’).
If you have a close federation Lync will block communication to/from all sip domain not included in the whitelist. In an open federation you allow communication to/from any sip domains, however in this scenario you can add sip domains to the blacklist if you need it.