Mar 1 2013

Help! I cannot join an external company’s Lync meeting!

Posted by Brian Ricks at 5:21 AM
4 comments
- Categories: 2010 | Lync | Lync Server | meeting join error

Recently I was involved with an on-premise Lync 2010 deployment that ended up 'breaking' the ability for users to join an externally hosted Lync meeting. The issue arose once Lync was deployed internally and users found they could join their own meetings, external participants could join those same meetings, but if an external company sent a Lync meeting invite - the meeting join failed. My business partner John Lockett and I worked out a matrix to help describe the issue which is found below.

In a nutshell - if on-premise Lync 2010 is deployed with an Edge server, federation is enabled for both the Lync pool and the user, open federation is not utilized (with the external company NOT listed in their allow list), policy kicks in and prevents the meeting join from being successful.

The logic - as far as I can tell - is that an organization and user are authorized to federate, yet the external company the federation is attempting to communicate with is not on the allow list. Therefore, by policy, the join is denied. As a small step-back if you are internal to your LAN - i.e. you can reach your Edge server's internal network card - Lync will proxy your communication for you to the external party. Imagine a meeting join is started, the SIP communication is sent to your front-end server where it asks to communicate with the external SIP meeting. Your Lync server checks/validates that the communication is allowed and if not, the ability for the Lync server (and thus the Edge server) to join on your behalf is denied. Ideally the Lync client would then try the alternative route of joining the external meeting directly but that logic does not seem to currently exist. I have yet to test this same join behavior with Lync 2013 but will do so shortly.

Below is the flowchart that details the logic. A solution for the issue may be one of many:

·          Disable federation for the effected user

·          Disable federation for the pool

·          Add the external company to the SIP Federated Domains in the Lync Control Panel under Federation and External Access

·          Enable Open Federation (Enable partner domain discovery) in the Lync Control Panel under Federation and External Access | Access Edge Configuration

Lync 2010 Meeting Join Logic

Comments

Thomas Binder

Thomas Binder wrote on 03/08/13 1:48 AM

Hi,
have you tested with the latest updates? My understanding is, that this scenario should work:
http://support.microsoft.com/kb/2793014

hth,
thomas
Brian Ricks

Brian Ricks wrote on 03/20/13 10:31 AM

@Thomas - Latest I have checked with are with December's updates but I will test and let everyone know.
Markus Johansson

Markus Johansson wrote on 04/05/13 11:11 PM

Brian
Did you have time to test December's update for Lync 2010. Also have you seen the same issue with 2013?
Brian Ricks

Brian Ricks wrote on 04/11/13 6:19 PM

@Marcus - hope to test 2010 this weekend actually but did have time to test Lync 2013 with Feb's CU and was unable to reproduce.

Write your comment



(it will not be displayed)



Leave this field empty:

Categories

Monthly Archives

Search Archives

Favorite Links