Lync – Office 365 Federation Presence Unknown

A customer was having problems with their Lync 2010 deployment federating with Office 365.  When searching for a Lync Online user they would see “Presence Unknown” and be unable to send Instant Messages.  They could Federate with other On-Prem Lync organisations OK.  They had LyncOnline configured as a Hosted Provider and Partner Domain Discovery Enabled (Dynamic Federation).  Their _sipfederationtls._tcp DNS record was configured correctly as was the O365 customer.

Using OCSLogger and Snooper on the Edge server I was able to spot the problem.

504 Server time-out
ms-diagnostics: 110;reason=”Certificate trust with another server could not be established”;”ErrorType=”The peer certificate does not contain a matching FQDN”


The next thing I checked was the certificate assigned to the External Edge to discover it was a Wildcard Certificate.  From experience I know that Office 365 Federation does not work unless you have a valid SAN entry on your Edge certificate.  It must match your SIP domain and the host in your _sipfederationtls SRV record.  The customer purchased a SAN certificate and now Office 365/Lync Online Federation works.

Just one to watch, although interesting that Federation with On-Prem and External User access seemed to work with the Wildcard cert.  Microsoft state a SAN certificate is required for Edge servers.

Links: Certificate requirements for external user access in Lync Server 2013:


One Reply to “Lync – Office 365 Federation Presence Unknown”

  1. Pingback: NeWay Technologies – Weekly Newsletter #141 – April 3, 2015 | NeWay

Leave a Reply

Your email address will not be published. Required fields are marked *


This site uses Akismet to reduce spam. Learn how your comment data is processed.