Configure federation routes and media traffic
Topic Last Modified: 2012-10-15
Federation is a trust relationship between two or more SIP domains that permits users in separate organizations to communicate across network boundaries. After you migrate to your Lync Server 2013 pilot pool, you need to transition from the federation route of your Lync Server 2010 Edge Servers to the federation route of your Lync Server 2013 Edge Servers.
Use the following procedures to transition the federation route and the media traffic route from your Lync Server 2010 Edge Server and Director to your Lync Server 2013 Edge Server, for a single-site deployment.
Important
Changing the federation route and media traffic route requires that you schedule maintenance downtime for the Lync Server 2013 and Lync Server 2010 Edge Servers. This entire transition process also means that federated access will be unavailable for the duration of the outage. You should schedule the downtime for a time when you expect minimal user activity. You should also provide sufficient notification to your end users. Plan accordingly for this outage and set appropriate expectations within your organization.
Important
If your legacy Lync Server 2010 Edge Server is configured to use the same FQDN for the Access Edge service, Web Conferencing Edge service, and the A/V Edge service, the procedures in this section are not supported. If the legacy Edge services are configured to use the same FQDN, you must first migrate all your users from Lync Server 2010 to Lync Server 2013, then decommission the Lync Server 2010 Edge Server before enabling federation on the Lync Server 2013 Edge Server.
Important
If your XMPP federation is routed through a Lync Server 2013 Edge Server, legacy Lync Server 2010 users will not be able to communicate with the XMPP federated partner until all users have been moved to Lync Server 2013, XMPP policies and certificates have been configured, the XMPP federated partner has been configured on Lync Server 2013, and lastly the DNS entries have been updated.
To remove the legacy federation association from Lync Server 2013 sites
On the Lync Server 2013 Front End server, open the existing topology in Topology Builder.
In the left pane, navigate to the site node, which is located directly below Lync Server.
Right-click the site and then click Edit Properties.
In the left pane, select Federation route.
Under Site federation route assignment, clear the Enable SIP federation check box to disable the federation route through the legacy Lync Server 2010 environment.
Click OK to close the Edit Properties page.
From Topology Builder, select the top node Lync Server.
From the Action menu, click Publish Topology.
Click Next to complete the publishing process and then click Finish when the publishing process has completed.
To configure the legacy Edge Server as a non-federating Edge Server
In the left pane, navigate to the Lync Server 2010 node and then to the Edge pools node.
Right-click the Edge server, and then click Edit Properties.
Select General in the left pane.
Clear the Enable federation for this Edge pool (port 5061) check box entry and select OK to close the page.
From the Action menu, select Publish Topology, and then click Next.
When the Publishing wizard completes, click Finish to close the wizard.
Verify federation for the legacy Edge server is disabled.
To configure certificates on the Lync Server 2010 Edge Server
Export the external Access Proxy certificate, with the private key, from the legacy Lync Server 2010 Edge Server.
On the Lync Server 2013 Edge Server, import the Access Proxy external certificate from the previous step.
Assign the Access Proxy external certificate to the Lync Server 2013 external interface of the Edge Server.
The internal interface certificate of the Lync Server 2013 Edge Server should be requested from a trusted CA and assigned.
To change Lync Server 2010 federation route to use Lync Server 2013 Edge Server
From Topology Builder, in the left pane, navigate to the Lync Server 2013 node and then to the Edge pools node.
Right-click the Edge server, and then click Edit Properties.
Select General in the left pane.
Select the check box entry for Enable federation for this Edge pool (port 5061) and then click OK to close the page.
From the Action menu, select Publish Topology, and then click Next.
When the Publishing wizard completes, click Finish to close the wizard.
Verify Federation (port 5061) is set to Enabled.
To update Lync Server 2013 Edge Server federation next hop
From Topology Builder, in the left pane, navigate to the Lync Server 2013 node and then to the Edge pools node.
Expand the node, right-click the Edge Server listed, and then click Edit Properties.
On the General page, under Next hop selection, select from the drop-down list the Lync Server 2013 pool.
Click OK to close the Edit Properties page.
From Topology Builder, select the top node Lync Server .
From the Action menu, click Publish Topology and complete the wizard.
To configure Lync Server 2013 Edge Server outbound media path
From Topology Builder, in the left pane, navigate to the Lync Server 2013 node and then to the pool below Standard Edition Front End Servers or Enterprise Edition Front End pools.
Right-click the pool, and then click Edit Properties.
In the Associations section, select the Associate Edge pool (for media components) check box.
From the drop down box, select the Lync Server 2013 Edge Server.
Click OK to close the Edit Properties page.
To turn on Lync Server 2013 Edge Server federation
From Topology Builder, in the left pane, navigate to the Lync Server 2013 node and then to the Edge pools node.
Expand the node, right-click the Edge Server listed, and then click Edit Properties.
Note
Federation can only be enabled for a single Edge pool. If you have multiple Edge pools, select one to use as the federating Edge pool.
On the General page, verify the Enable federation for this Edge pool (Port 5061) setting is checked.
Click OK to close the Edit Properties page.
Next, navigate to the site node.
Right-click the site, and then click Edit Properties.
In the left pane, click Federation route.
Under Site federation route assignment, select Enable SIP federation, and then from the list select the Lync Server 2013 Edge Server listed.
Click OK to close the Edit Properties page.
For multi-site deployments, complete this procedure at each site.
To publish Edge Server configuration changes
From Topology Builder, select the top node Lync Server .
From the Action menu, select Publish Topology and complete the wizard.
Wait for Active Directory replication to occur to all pools in the deployment.
Note
You may see the following message:
Warning: The topology contains more than one Federated Edge Server. This can occur during migration to a more recent version of the product. In that case, only one Edge Server would be actively used for federation. Verify that the external DNS SRV record points to the correct Edge Server. If you want to deploy multiple federation Edge Server to be active concurrently (that is, not a migration scenario), verify that all federated partners are using Lync Server. Verify that the external DNS SRV record lists all federation enabled Edge Servers.
This warning is expected and can be safely ignored.
To configure Lync Server 2013 Edge Server
Bring all of the Lync Server 2013 Edge Servers online.
Update the external firewall routing rules or the hardware load balancer settings to send SIP traffic for external access (usually port 443) and federation (usually port 5061) to the Lync Server 2013 Edge Server, instead of the legacy Edge Server.
Note
If you do not have a hardware load balancer, you need to update the DNS A record for federation to resolve to the new Lync Server Access Edge server. To accomplish this with minimum disruption, reduce the TLL value for the external Lync Server Access Edge FQDN so that when DNS is updated to point to the new Lync Server Access Edge, federation and remote access will be updated quickly.
Next, stop the Lync Server Access Edge from each Edge Server computer.
From each legacy Edge Server computer, open the Services applet from the Administrative Tools.
In the services list, find Lync Server Access Edge.
Right-click the services name, and then select Stop to stop the service.
Set the Startup type to Disabled.
Click OK to close the Properties window.