Check out the most comprehensive, actively managed Lync blog roll in the known universe, your one-stop source for links to over 100 of the very best Lync blogs. Here you will also find weekly blog highlights and a feed for a dozen of the top blogs.
Lync Server Support Home
Top Lync Solutions RSS Feed
Microsoft Senior Support engineers walk you through real-life support cases, giving you an insider’s view into the systematic approach they use to troubleshoot Lync Server issues.
These short videos focus on specific tasks and show you how to accomplish them for Microsoft Lync Server 2010.
On June 8th, 2013, for Office Communications Server and Lync federation with Microsoft.com, Microsoft will replace the root certificate on the federation edge server from a GTE CyberTrust root to a Baltimore root.
By that date, any SIP domain federated with Microsoft must have the respective edge server’s trusted root certificate store updated with the Baltimore root certificate. Any edge server which does not trust the new Microsoft.com certificate by June 8, 2013 will be unable to connect to Sipfed.microsoft.com, thereby impacting federation with the Microsoft.com SIP domain. IM and presence will fail, as will A/V for any user within the federated SIP domain when attempting to reach a user in the Microsoft.com SIP domain.
Author: Jon McClary, Microsoft Service Engineer
Technical Reviewers: Rob Pittfield, Conrad Mouton
Published: May 9, 2013
Product version: Office Communications Server 2007, Lync 2010, Lync 2013
IMPORTANT NOTE If you have installed the latest updates, you are already covered. In fact, if you are running Microsoft Support diagnostics, you won’t encounter this issue.
Microsoft will make a certificate change on June 8, 2013, which could potentially affect federation with the Microsoft.com SIP domain. This applies only to SIP domains that are federated with Microsoft.com. The certificate applied to the Microsoft Lync Access Edge server, sipfed.microsoft.com, is nearing its expiration. The new certificate will use the Baltimore CyberTrust Root Certificate, which will require that federated partners’ Access Edge servers trust the new root.
The potential for impact is to SIP and A/V communication with Microsoft.com for any user in an affected federated SIP domain.
Here’s what you need to know to continue to communicate with the Microsoft.com SIP domain.
1. Verify whether the Baltimore CyberTrust Root certificate is already trusted—as is likely if the server has the most recent Microsoft Updates installed.
2. Open the certificate snap-in for the local machine in the Microsoft Management Console (MMC) on the federating edge server.
3. Verify whether the Baltimore CyberTrust Root is in the trusted root certificate authorities, as shown in Figure 1 below. The expiration date is May 12, 2025.
Figure 1. Verifying that Baltimore CyberTrust Root is in trusted root certificate authorities
If this trusted root certification authority exists here, your work is done. If this root certification authority is not trusted, you must import that certificate as a trusted root per your operating system version, as detailed in this Support topic: Windows Root Certificate Program members.
To enable continued communication with users in the Microsoft.com SIP domain, you must ensure that the Baltimore CyberTrust Root certificate is trusted by Office Communications Server and Lync Access Edge servers that are federated with the Microsoft.com SIP domain.
Keywords: OCS, Lync, Federation, Access Edge, Certificate, sipfed.microsoft.com