Question: JCS UC Certificate for Lync 2013 federation?
We have acquired a UC certificate from JCS for the edge server of our internal Lync 2013 pilot deployment so we can try out federation with our Office 365 tenancies and other business partners.
We are having an issue where the Skype federation works fine, but federation with other partners always fails, showing the partner as 'presence unknown' and when you try to exchange messages it comes back with 'error 504 (source ID 239)'. Having researched reasonably extensively on the Internet, this appears to be caused by our certificate not being trusted by the third parties, and apparently the usual cause is that the intermediate chain is unknown / untrusted.
I have checked using various SSL tools that the edge server is returning the chain properly, which it is. So my question now is - has anyone managed to use a JCS certificate successfully for federation in this manner? If not, is there anyone out who also has a Lync deployment who's willing to test my theory by installing the intermediate certificates at their end and seeing if we can do federated IMs?
Thanks in advance,
Andy
Answers
As a follow up to this, it turns out that the certificates from JCS are absolutely fine, it's a security 'feature' with newer Lync rollup patches that was causing the issue.
The server name that is presented in the _sipfederationtls._tcp DNS SRV record now has to be in the same DNS zone as the record itself; cross-zone configurations are no longer allowed.