How to Implement Public IM Connectivity (PIC) with Lync Server 2010

  • Article

Overview



In this article I cover the step by step configuration of the PIC with Microsoft MSN, the structure we have a Front End Server and Standard Server Edge Server.

http://4.bp.blogspot.com/-UFzDztZfGgg/TcnZlwnjbRI/AAAAAAAAAa0/jdeO2HnPMqc/s400/lync2.jpg

This article assumes you already have the Edge Server deployed and published in its structure, step by step to configure the Edge documented in this article [[Installing the Edge Server in DMZ Lync Double Hop (en)]]. Before proceeding with the setup Public IM Connectivity take the test on the portal https://www.testocsconnectivity.com/ . 
Some points to consider:

  • The provisioning process along with Microsoft's servers can take up to 30 days to be configured.
  • The setting and publication of the Edge Server must be complete and functional
  • During the provisioning of the structure of the PIC Live Messenger is changed, the domain you are adding to the PIC is reserved for the structure of Lync. Therefore if a user has a Live ID with your domain, for example usuario@allen.com.br, This Live ID will not work after the integration. Make a survey of users who have Live IDs with the domain name to be integrated to make changing them.
  • To add a contact that has the Live ID with a different domain name from one domain to Windows Live from the address in the format <username> (<domain name>) @ msn.com, where <domain name> and domain name that you have in your Live ID. For example, if the e-messenger user is user01@allen.com.br to add it to your contact list you must add: user01 (allen.com.br) @ msn.com

Setting the Front End

Set up initially pool Lync to enable the federation and the routing through the Edge Server. 
 Open Lync Server Control Panel -> External User Access -> External Access Policy, and access policy settings  Global

http://4.bp.blogspot.com/-PCpMtZ_o0DE/Tc2CusNLmVI/AAAAAAAAAe8/CwgnuVGhGFM/s400/pic01.png

In politics Global rules enable  *Enable communications with federated users, Enable communications with remote users, Enable communications with public users. * Click  *Commit * to save the settings

http://3.bp.blogspot.com/-vs13QimOBlc/Tc2CvGEffYI/AAAAAAAAAfA/6wJCw8yT9PM/s400/pic02.png

Click  Configuration Access Edge

http://3.bp.blogspot.com/-ymeQP_6eoqM/Tc2CvnBJcQI/AAAAAAAAAfE/WAJeTWxGvIA/s400/pic03.png

Access policy settings  *Global * enable  *Enable federation, Enable remote user access. * Click  *Commit * to save the settings:

http://4.bp.blogspot.com/-ZUf1NUOIlro/Tc2CwGkfEHI/AAAAAAAAAfI/cFYg9VwzySA/s400/pic04.png

For complete access  *Providers -> Public Provider MSN
*

http://3.bp.blogspot.com/-eq06KIqeYbs/Tc2Cw5W7rBI/AAAAAAAAAfM/nhBXEgfE6ik/s400/pic05.png

In the properties select the option  *Enable communications with this provider, * and select the check box  *Allow all communications with this provider.  * Click  *Commit * to save the settings:

http://4.bp.blogspot.com/-nj48jeR7vFg/Tc2CxWLCs1I/AAAAAAAAAfQ/OlGQuJqkAMk/s400/pic06.png

Close Lync Server Controll Panel.

 

Enable Federation in Topology Builder

Open the Topology Builder and connect to the existing structure of the Lync Server.

http://3.bp.blogspot.com/-b8sSwX3A1ew/Tc2LnPoo9HI/AAAAAAAAAfU/GumDKG6OV6Y/s400/pic07.png

Right-click on the name of the site of the Front End and select  *Edit Properties ...
*

http://2.bp.blogspot.com/-oi8278EwkH0/Tc2Ln-St9tI/AAAAAAAAAfY/RHaoEXlcDbY/s400/pic08.png

Select  *Federation route, * and check  Enable,  the  *Site federation route assignment. * In menu below to select Edge Pool where the communication is routed:

http://3.bp.blogspot.com/-SYrlPkAiyrE/Tc2LohNg_uI/AAAAAAAAAfc/tnUk0jgxdog/s400/pic09.png

Close the window and publish settings.

To verify that the settings were saved successfully, expand settings Edge Pool and verify that the federation is enabled. 

http://3.bp.blogspot.com/-G-Duo7veVm8/Tc2N_ooAphI/AAAAAAAAAfg/belF7CsouW8/s400/pic10.png

Close the Topology Builder.

Configuring the Edge Server Lync

For CIP work is necessary to install a digital certificate issued by public companies to partner with Microsoft unified communications. In the following link shows the partners for issuing the certificate  http://support.microsoft.com/kb/929395 .

For the configuration I'm using the certificate of GlobalSign Trial. The first step is to generate the Edge Server file a request for digital certificate. 
Run the installation wizard Lync Server, click Install or Update Lync Server System and run the third step to generate the request of the digital certificate.

Run  *Certificate Wizard, * select  *External Edge Certificate * and click  Request

http://4.bp.blogspot.com/-dUEXhegKhD8/Tc2WcT592NI/AAAAAAAAAfk/0565h_iBEAU/s400/pic11.png

Proceed through the  *Certificate Request.
*

http://3.bp.blogspot.com/-BcQMucePx1E/Tc2WdaBJ1-I/AAAAAAAAAfo/dNbLOfSVP7A/s400/pic12.png

Select  *Prepare the request now, but send it later * to generate the file request.

http://4.bp.blogspot.com/-Ipop4-ZQh64/Tc2WemZyH8I/AAAAAAAAAfs/_BDpjUl1UgI/s400/pic13.png

Set the path where the certificate request is saved.

http://4.bp.blogspot.com/-Z1FNN-uYG-c/Tc2WfVWAQpI/AAAAAAAAAfw/aFC16o-E3aw/s400/pic14.png

Proceed through the Certificate Template.

http://2.bp.blogspot.com/-lBA8oNZAuVk/Tc2WgcKALdI/AAAAAAAAAf0/_65BBIJrxpY/s400/pic15.png

Set the name of the certificate and check  *the Mark the certificate's private key exportable.
*

http://1.bp.blogspot.com/-pzGcUeIiyeI/Tc2WhI_jpAI/AAAAAAAAAf4/5hs2iKzXnW4/s400/pic16.png

Set up your company's information.

http://1.bp.blogspot.com/-wf8US7aWFEw/Tc2WhhTPVpI/AAAAAAAAAf8/LexMEDy_9J0/s400/pic17.png

http://4.bp.blogspot.com/-wY1JDol1KzY/Tc2WijmWEOI/AAAAAAAAAgA/VceVoyIPjwo/s400/pic18.png

Check the certificate Subject Name.

http://2.bp.blogspot.com/-yKldl4XPjm0/Tc2YjVg1HPI/AAAAAAAAAgc/Lk92ilb2NIU/s400/pic19.png

Select the domain sip 'supported by the Edge Server.

http://4.bp.blogspot.com/-v0GkIFElkQI/Tc2Y4NASKWI/AAAAAAAAAgg/jdw5ghi9IVA/s400/pic20.png

If not added any more sip domain the default settings of the certificate is sufficient. To support more field includes the configuration of the certificate of the knowledge needed.

http://3.bp.blogspot.com/-_pNPbaKzVSs/Tc2WlDw9aAI/AAAAAAAAAgM/DFX4fIK0Wrk/s400/pic21.png

Check settings and complete the  *Request.
*

http://3.bp.blogspot.com/-IK0llcHd0CM/Tc2Wl9T00EI/AAAAAAAAAgQ/Nh9PdKxaabE/s400/pic22.png

http://2.bp.blogspot.com/-RJBmQ7myFWY/Tc2WmwKELoI/AAAAAAAAAgU/ha7ydCukstU/s400/pic23.png

http://2.bp.blogspot.com/-ff3r1ikAAAk/Tc2WnjerHtI/AAAAAAAAAgY/iNfgSs-q6YU/s400/pic24.png

Use the CRS file generated to send the digital certificate, I used the certificate certifying the trial  https://www.globalsign.com/contact/testdv/form_testcert_dv_en.html .

With certificate in hand to return the certificate wizard and run the Assign option to configure the digital certificate on the external network interface of the server.

Configuring External DNS

The following records must be created on the DNS server of the Internet:

Host

IP

sip

xxx.xxx.235.41

ave

xxx.xxx.235.42

webconf

xxx.xxx.235.43

_sipfederationtls._tcp

sip.allen.com.br: 5061

_sipinternaltls._tcp

sip.allen.com.br: 443

The configuration part of the structure of Lync server is complete before accessing the portal proceguir https://www.testocsconnectivity.com/  and testing settings and conditions of the certificate.

Test also conctividade in Lync Edge, check the name resolution server.

Ping the sip url's. <FQDN Domain>, av. <FQDN Domain>, webconf. <FQDN Domain> the resolved ip's should be the ip of the server's valid. 

Make a  *"telnet  federation.messenger.msn.com 5061 " * make sure the connection was successful.

Microsoft Lync Server Public IM Connectivity Provisioning

To finish the configuration of the PIC must provision the service on the Microsoft website. Access the portal  https://pic.lync.com/  .

Log in with a Windows Live portal, enter the access information of your company.

http://1.bp.blogspot.com/-xgWWK5weUnQ/Tc3TZe62MJI/AAAAAAAAAgk/rslIhSsWScI/s400/pr01.png

This is the first screen of the Provision, click Initiate Service to provision access to MSN.

http://2.bp.blogspot.com/-dif2fIU-0oE/Tc3TaL2LCEI/AAAAAAAAAgo/-gSBLLoUaQA/s400/pr02.png

Configure the contact information of your company.

http://1.bp.blogspot.com/-YiiIAw-zU9M/Tc3TabrnOII/AAAAAAAAAgs/ZCPDp7I1Ml4/s400/pr03.png

Set the connection information with the Pool's Edge Lync.

http://3.bp.blogspot.com/-0fy2ar-n1gU/Tc3TbFtIBwI/AAAAAAAAAgw/q1eEq9xCatY/s400/pr04.png

The setting in the Microsoft portal can take 30 days, the settings that participated in the response on the Provisioning took seven days, but it took another two weeks so that I could successfully add users messenger. 

Notice for Office365: If you have enabled public federation in office365 you need to disable that first and it can takes a couple of days. After that you can register at the website for your onprem deployment.

References

Public IM Connectivity Provisioning Guide for Microsoft Lync Server, Office Communications Server and Live Communications Server 
Frequently Asked Questions about your Lync Provisioning Server Deployment for Public IM Connectivity 
That Occur Known issues with public instant messaging and Communications Server

This article was originally written by: 
**Fernando Lugão Veltem 
blog:  **http://flugaoveltem.blogspot.com/
**twitter:  **@ flugaoveltem