Topic Last Modified: 2011-04-11

Federation is a trust relationship between two or more SIP domains that permits users in separate organizations to communicate across network boundaries. After you migrate to your Microsoft Lync Server 2010 pilot stack, you need to transition from the federation route of your Microsoft Office Communications Server 2007 Edge Servers to the federation route of your Lync Server 2010 Edge Servers.

Use the procedures that follow to transition from your Office Communications Server 2007 Edge Server and Director to your Lync Server 2010 Edge Server and Director for a single-site deployment.

Important:
Changing the federation route requires that you schedule maintenance downtime for the Lync Server 2010 and Office Communications Server 2007 Edge Servers. This entire transition process also means that federated access will be unavailable for the duration of the outage. You should schedule the downtime for a time when you expect minimal user activity. You should also provide sufficient notification to your end users. Plan accordingly for this outage and set appropriate expectations within your organization.
Important:
If your legacy Office Communications Server 2007 Edge Server is configured to use the same fully qualified domain name (FQDN) for the Access Edge service, Web Conferencing Edge service, and the A/V Edge service, the procedures in this section to transition the federation setting to a Lync Server 2010 Edge Server are not supported. If the legacy Edge services are configured to use the same FQDN, you must first migrate all your users from Office Communications Server 2007 to Lync Server 2010, and then decommission the Office Communications Server 2007 Edge Server before enabling federation on the Lync Server 2010 Edge Server. For details, see the following topics:

To remove the legacy federation association from Lync Server 2010 sites

  1. Log on to the computer where Topology Builder is installed as a member of the Domain Admins group and the RTCUniversalServerAdmins group.

  2. Start Topology Builder: Click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Topology Builder.

  3. Select Download topology from existing deployment, and then click OK.

  4. In the Save Topology As dialog box, select the Topology Builder file you want to use, and then click Save.

  5. In the left pane, navigate to the site node.

  6. Right-click the site, and then click Edit Properties.

  7. Click Federation route in the left pane.

  8. Under Site federation route assignment, select Disable to disable the federation route through the BackCompatSite.

    Migration Disable Federation

  9. Click OK to close the Edit Properties page.

  10. From Topology Builder, select the top node Lync Server 2010.

  11. From the Actions pane, click Publish Topology, and then complete the wizard.

To configure the legacy Edge Server as a non-federating Edge Server

  1. Log on to the computer where Topology Builder is installed as a member of the Domain Admins group and the RTCUniversalServerAdmins group.

  2. From Topology Builder, in the Actions pane, click Merge 2007 or 2007 R2 Topology.

  3. Click Next to continue.

  4. On the Specify Edge Setup page, select the Edge Server Internal FQDN that is currently configured for federation, and then click Change.

    Merge Topology Specify Edge Setup dialog box

  5. Click Next until you reach the Specify Federation Setting page.

  6. In Specify Federation Setting, be sure to clear the This Access Edge is used for federation and public IM connectivity check box. This will remove the federation association with the BackCompatSite.

    Specify Federation Settings

    Important:
    You must clear this option to remove the legacy federation association.
  7. Click Next, and then accept the default settings of the remaining pages of the wizard.

  8. On the Summary page, click Next to begin merging the topologies.

    Note:
    You may see the following message: WARNING : No Office Communications Server 2007 / Office Communications Server 2007 Edge has been enabled for federation.

    This warning is expected and can be ignored.
  9. In the Status column, verify that the value is Success, and then click Finish.

  10. From the Actions pane, click Publish Topology, and then click Next.

  11. When the Publishing wizard completes, click Finish.

    Site federation route assignment set to Disabled

    As shown in the preceding figure, the Site federation route assignment is set to Disabled.

To configure certificates on the Lync Server 2010 Edge Server

  1. Log on to the legacy Edge Server as a member of the Domain Admins group and the RTCUniversalServerAdmins group.

  2. Export the external Access Proxy certificate, with the private key, from the legacy Office Communications Server 2007 Edge Server.

  3. Log on to the computer where Topology Builder is installed as a member of the Domain Admins group and the RTCUniversalServerAdmins group.

  4. On the Lync Server 2010 Edge Server, import the Access Proxy external certificate from the previous step.

  5. Assign the Access Proxy external certificate to the Lync Server 2010 external interface of the Edge Server.

  6. The internal interface certificate of the Lync Server 2010 Edge Server should not be changed.

To change Office Communications Server 2007 federation route to use Lync Server 2010 Edge Server

  1. Log on to the legacy Standard Edition server or Front End Server as a member of the Domain Admins group and the RTCUniversalServerAdmins group.

  2. On the Office Communications Server 2007 Standard Edition server or Front End Server, click Start, click Administrative Tools, and then click Office Communications Server 2007.

  3. In the left pane, expand the top node, right-click the Forest node, click Properties, and then click Global Properties.

  4. Click the Federation tab.

  5. Select the Enable Federation and Public IM connectivity check box.

  6. Enter the fully qualified domain name (FQDN) of the Lync Server 2010 Edge Server, and then click OK.

    Office Communications Server Global Properties

To update Lync Server 2010 Edge Server federation next hop

  1. Returning to your Lync Server 2010 Standard Edition server or Front End Server, click Start, click All Programs, click Microsoft Lync Server 2010, and then click Lync Server Topology Builder.

  2. Select Download topology from existing deployment, and then click OK.

  3. In the left pane, navigate to the Edge pools node.

  4. Expand the node, right-click the Edge Server listed, and then click Edit Properties.

  5. On the General page, under Next hop selection, select the Lync Server 2010 Edge Server or Director from the list, if a Lync Server 2010 Director was configured.

  6. Click OK to close the Edit Properties page.

  7. From Topology Builder, select the top node Lync Server 2010.

  8. From the Actions pane, click Publish Topology, and then complete the wizard.

To turn on Lync Server 2010 Edge Server federation

  1. Log on to the computer where Topology Builder is installed as a member of the Domain Admins group and the RTCUniversalServerAdmins group.

  2. From Topology Builder, in the left pane, navigate to the Edge pools node.

  3. Expand the node, right-click the Edge Server listed, and then click Edit Properties.

    Note:
    Federation can only be enabled for a single Edge pool. If you have multiple Edge pools, select one to use as the federating Edge pool.
  4. On the General page, select Enable federation for this Edge pool (Port 5061).

    Enable federation for this Edge pool (Port 5061)

  5. Click OK to close the Edit Properties page.

  6. Navigate to the site node, right-click it, and then click Edit Properties.

  7. In the left pane, click Federation route.

  8. Under Site federation route assignment, select Enable, and then, from the list, select the Lync Server 2010 Edge Server or Director listed.

    Topology Builder Federation Route
  9. Click OK to close the Edit Properties page.

    For multi-site deployments, complete this procedure at each site.

To publish Edge Server configuration changes

  1. Log on to the computer where Topology Builder is installed as a member of the Domain Admins group and the RTCUniversalServerAdmins group.

  2. From Topology Builder, select the top node Lync Server 2010.

  3. From the Actions pane, click Publish Topology, and then complete the wizard.

  4. Wait for Active Directory replication to occur to all pools in the deployment.

    Note:
    You may see the following message:

    Warning: The topology contains more than one Federated Edge Server. This can occur during migration to a higher version of the product. In that case, only one Edge Server would be actively used for federation. Verify that the external DNS SRV record points to the correct Edge Server. If you want to deploy multiple federation Edge Servers to be active concurrently (that is, not a migration scenario), verify that all federated partners are using Office Communications Server 2007 or later. Verify that the external DNS SRV record lists all federation enabled Edge Servers.

    This warning is expected and can be safely ignored.

To configure Lync Server 2010 Edge Server

  1. Log on to the computer where Topology Builder is installed as a member of the Domain Admins group and the RTCUniversalServerAdmins group.

  2. Bring all of the Lync Server 2010 Edge Servers online.

  3. Update the external firewall routing rules or the hardware load balancer settings to send SIP traffic for external access (usually port 443) and federation (usually port 5061)  to the Lync Server 2010 Edge Server, instead of the legacy Edge Server.

  4. Next, stop the Office Communications Server Access Edge from each Edge Server.

  5. From each legacy Edge Server, open the Services applet from the Administrative Tools.

  6. In the services list, find Office Communications Server Access Edge.

  7. Right-click the services name, and then click Stop to stop the service.

  8. Set the Startup type to Disabled.

  9. In the services list, find Office Communications Server Access Edge.

  10. Right-click the services name, and then click Properties.

  11. From the list, select Disabled.

  12. Click OK to close the Properties window.