Recently I was involved with an on-premise Lync 2010 deployment that ended up 'breaking' the ability for users to join an externally hosted Lync meeting. The issue arose once Lync was deployed internally and users found they could join their own meetings, external participants could join those same meetings, but if an external company sent a Lync meeting invite - the meeting join failed. My business partner John Lockett and I worked out a matrix to help describe the issue which is found below.
In a nutshell - if on-premise Lync 2010 is deployed with an Edge server, federation is enabled for both the Lync pool and the user, open federation is not utilized (with the external company NOT listed in their allow list), policy kicks in and prevents the meeting join from being successful.
The logic - as far as I can tell - is that an organization and user are authorized to federate, yet the external company the federation is attempting to communicate with is not on the allow list. Therefore, by policy, the join is denied. As a small step-back if you are internal to your LAN - i.e. you can reach your Edge server's internal network card - Lync will proxy your communication for you to the external party. Imagine a meeting join is started, the SIP communication is sent to your front-end server where it asks to communicate with the external SIP meeting. Your Lync server checks/validates that the communication is allowed and if not, the ability for the Lync server (and thus the Edge server) to join on your behalf is denied. Ideally the Lync client would then try the alternative route of joining the external meeting directly but that logic does not seem to currently exist. I have yet to test this same join behavior with Lync 2013 but will do so shortly.
Below is the flowchart that details the logic. A solution for the issue may be one of many:
· Disable federation for the effected user
· Disable federation for the pool
· Add the external company to the SIP Federated Domains in the Lync Control Panel under Federation and External Access
· Enable Open Federation (Enable partner domain discovery) in the Lync Control Panel under Federation and External Access | Access Edge Configuration