How to Implement Public IM Connectivity (PIC) with Lync Server 2010

How to Implement Public IM Connectivity (PIC) with Lync Server 2010


Overview




In this article I cover the step by step configuration of the PIC with Microsoft MSN, the structure we have a Front End Server and Standard Server Edge Server.


This article assumes you already have the Edge Server deployed and published in its structure, step by step to configure the Edge documented in this article Installing the Edge Server in DMZ Lync Double Hop (en). Before proceeding with the setup Public IM Connectivity take the test on the portal https://www.testocsconnectivity.com/ . 
Some points to consider:
  • The provisioning process along with Microsoft's servers can take up to 30 days to be configured.
  • The setting and publication of the Edge Server must be complete and functional
  • During the provisioning of the structure of the PIC Live Messenger is changed, the domain you are adding to the PIC is reserved for the structure of Lync. Therefore if a user has a Live ID with your domain, for example usuario@allen.com.br, This Live ID will not work after the integration. Make a survey of users who have Live IDs with the domain name to be integrated to make changing them.
  • To add a contact that has the Live ID with a different domain name from one domain to Windows Live from the address in the format <username> (<domain name>) @ msn.com, where <domain name> and domain name that you have in your Live ID. For example, if the e-messenger user is user01@allen.com.br to add it to your contact list you must add: user01 (allen.com.br) @ msn.com

Setting the Front End


Set up initially pool Lync to enable the federation and the routing through the Edge Server. 
 Open Lync Server Control Panel -> External User Access -> External Access Policy, and access policy settings  Global


In politics Global rules enable  Enable communications with federated users, Enable communications with remote users, Enable communications with public users.  Click  Commit  to save the settings


Click  Configuration Access Edge


Access policy settings  Global  enable  Enable federation, Enable remote user access.  Click  Commit  to save the settings:


For complete access  Providers -> Public Provider MSN


In the properties select the option  Enable communications with this provider,  and select the check box  Allow all communications with this provider.   Click  Commit  to save the settings:

Close Lync Server Controll Panel.

 

Enable Federation in Topology Builder


Open the Topology Builder and connect to the existing structure of the Lync Server.


Right-click on the name of the site of the Front End and select  Edit Properties ...


Select  Federation route,  and check  Enable,  the  Site federation route assignment.  In menu below to select Edge Pool where the communication is routed:


Close the window and publish settings.

To verify that the settings were saved successfully, expand settings Edge Pool and verify that the federation is enabled. 

Close the Topology Builder.


Configuring the Edge Server Lync


For CIP work is necessary to install a digital certificate issued by public companies to partner with Microsoft unified communications. In the following link shows the partners for issuing the certificate  http://support.microsoft.com/kb/929395 .

For the configuration I'm using the certificate of GlobalSign Trial. The first step is to generate the Edge Server file a request for digital certificate. 
Run the installation wizard Lync Server, click Install or Update Lync Server System and run the third step to generate the request of the digital certificate.

Run  Certificate Wizard,  select  External Edge Certificate  and click  Request


Proceed through the  Certificate Request.


Select  Prepare the request now, but send it later  to generate the file request.


Set the path where the certificate request is saved.


Proceed through the Certificate Template.


Set the name of the certificate and check  the Mark the certificate's private key exportable.


Set up your company's information.


Check the certificate Subject Name.


Select the domain sip 'supported by the Edge Server.


If not added any more sip domain the default settings of the certificate is sufficient. To support more field includes the configuration of the certificate of the knowledge needed.


Check settings and complete the  Request.


Use the CRS file generated to send the digital certificate, I used the certificate certifying the trial  https://www.globalsign.com/contact/testdv/form_testcert_dv_en.html .

With certificate in hand to return the certificate wizard and run the Assign option to configure the digital certificate on the external network interface of the server.

Configuring External DNS


The following records must be created on the DNS server of the Internet:


Host

IP

sip

xxx.xxx.235.41

ave

xxx.xxx.235.42

webconf

xxx.xxx.235.43

_sipfederationtls._tcp

sip.allen.com.br: 5061

_sipinternaltls._tcp

sip.allen.com.br: 443


The configuration part of the structure of Lync server is complete before accessing the portal proceguir https://www.testocsconnectivity.com/  and testing settings and conditions of the certificate.

Test also conctividade in Lync Edge, check the name resolution server.

Ping the sip url's. <FQDN Domain>, av. <FQDN Domain>, webconf. <FQDN Domain> the resolved ip's should be the ip of the server's valid. 

Make a  "telnet  federation.messenger.msn.com 5061 "  make sure the connection was successful.


Microsoft Lync Server Public IM Connectivity Provisioning


To finish the configuration of the PIC must provision the service on the Microsoft website. Access the portal  https://pic.lync.com/  .

Log in with a Windows Live portal, enter the access information of your company.


This is the first screen of the Provision, click Initiate Service to provision access to MSN.


Configure the contact information of your company.


Set the connection information with the Pool's Edge Lync.


The setting in the Microsoft portal can take 30 days, the settings that participated in the response on the Provisioning took seven days, but it took another two weeks so that I could successfully add users messenger. 



References


This article was originally written by: 
Fernando Lugão Veltem 
blog:  
http://flugaoveltem.blogspot.com/
twitter:  @ flugaoveltem

 

Leave a Comment
  • Please add 1 and 3 and type the answer here:
  • Post
Wiki - Revision Comment List(Revision Comment)
Sort by: Published Date | Most Recent | Most Useful
Comments
  • Ed Price - MSFT edited Revision 6. Comment: White space  tweaks

Page 1 of 1 (1 items)
Wikis - Comment List
Sort by: Published Date | Most Recent | Most Useful
Posting comments is temporarily disabled until 10:00am PST on Saturday, December 14th. Thank you for your patience.
Comments
  • Ed Price - MSFT edited Revision 6. Comment: White space  tweaks

Page 1 of 1 (1 items)