So, you want to have your on premise SfB in a Hybrid with office 365. Well the good news is that it is easy. This will guide you through what you need to do in order to make this happen.
Make sure that your edge server is properly configured. This means that your internet facing edge is on a different network than your internal edge, and that they are not routable. This also means making sure you have the correct persistent routes on the internal edge. Remember, you only have one default route per server, the others are persistant made through the command line. Second, make sure that you are only using external DNS on your internet edge. Now it is best practice for your internal edge to use a host file that contains all of your SfB servers. However, we all know host files are a pain in the butt, and most likely you have your internal edge DNS pointing to your internal DNS servers. Don’t fret, all you need to do is add to your internal DNS the exact same entry you have externally for your _sipfederationtls._tcp.domain.com. Just make the internal entry the EXACT same as the external.
Now if you don’t have your edge setup right you will be screwed, and you will get the following error in your client logs This example is federating with somebody at Microsoft from company domain ms-diagnostics: 1034;reason=”Previous hop federated peer did not report diagnostic information”;Domain=”microsoft.com”;PeerServer=”sipfed.microsoft.com”;source=”accessedge.wdomain.com”
- This also assumes that you have already configured ADFS, if not read my post on how to do it
Then you need to install a few things on a machine. I like to do it all on one single computer.
- Skype for Business online tools: http://www.microsoft.com/en-us/download/details.aspx?id=39366
- MSOnline Services Sign-in assistant for IT professionals: http://www.microsoft.com/en-us/download/details.aspx?id=41950
- Azure Active Directory Module for windows PowerShell: http://go.microsoft.com/fwlink/p/?linkid=236297
- You will also need the Skype for Business tools. You can get this by downloading the eval and installing just the admin tools from it. http://www.microsoft.com/en-us/evalcenter/evaluate-skype-for-business-server
Okay, now is where it gets tricky, and a little risky. Because we need to remove some default settings and add them back in.
- Set the Access Edge Configuration Set-CSAccessEdgeConfiguration -AllowOutsideUsers 1 -AllowFederatedUsers 1 –UseDnsSrvRouting
Now remove the hosting provider for LyncOnline
Remove-CSHostingProvider –Identity ,The Identity of the LyncOnline of SkypeForBusinessOnline
Add the Hosting provider back in: New-CSHostingProvider -Identity SkypeforBusinessOnline -ProxyFqdn “sipfed.online.lync.com” -Enabled $true -EnabledSharedAddressSpace $true -HostsOCSUsers $true -VerificationLevel UseSourceVerification -IsLocal $false -AutodiscoverUrl https://webdir.online.lync.com/Autodiscover/AutodiscoverService.svc/root
- Now wait a bit, don’t go anywhere, because this is where things may break. If it does, you can just remove the hosting provider, and then add it back in and set the EnabledSharedAddessApace, HostsOCSUsers to $false. But odds are if something breaks, your edge is not right.
Configure the skype for business online side for federation by connecting to Skype for Business online
$cred = Get-Credential (use the domain.onmicrosoft.com account)
$sfbonline = New-CsOnlineSession -Credential $cred
Import-PSSession $sfbonline –AllowClobber
Set-CsTenantFederationConfiguration -SharedSipAddressSpace $true
Determine the Hosted Migration Service URL
- Login to your Office 365 tenant as an administrator.
- Open the Skype for Business admin center.
- With the Skype for Business admin center displayed, select and copy the URL in the address bar up to lync.com. An example URL looks similar to the following: https://webdir0a.online.lync.com/lscp/?language=en-US&tenantID= This may be something like admin, that is fine
- Replace webdir in the URL with admin, resulting in the following: https://admin0a.online.lync.com
- Append the following string to the URL: /HostedMigration/hostedmigrationservice.svc.
- The resulting URL, which is the value of the HostedMigrationOverrideUrl, should look like the following: https://admin0a.online.lync.com/HostedMigration/hostedmigrationservice.svc
Move the users
Move-CsUser -Target sipfed.online.lync.com -Credential $cred -HostedMigrationOverrideUrl <URL>