Back again, with a reader comment about communication issues. The other day, Marcos commented:
“Is there an incompatibility issue when establishing communication between organizations using SFB Online vs on Premise? We are using Online, however we cannot reach contacts outside our organization that use on Premise.
Is there any additional set up needed on each side?”
Yes, there is. Skype for Business Online and Skype for Business Server can (and should) communicate between one another. But you do need additional setup to connect them. I don’t know how much configuration Marcos did, but for sake of completion, I’ll proceed as if no configuration has taken place.
Communications between a Skype for Business Server, and Skype for Business Online, are what Microsoft calls “business-to-business communication.” To enable it, you’ll have to do three things.
- Enable business-to-business communication for users in the Office 365 Admin Center (Skype for Business Online)
- Configure federation with Skype for Business Online (on-premise Skype for Business Server)
- Update firewall settings (both ends)
How to Enable Business-to-Business Communication in Office 365 Admin Center
(Please note: You’ll need Office 365 Admin privileges to make this change.)
- Sign in with your Office 365 admin account at https://portal.office.com/adminportal/home.
- In the Office 365 admin center, go to Admin Centers > Skype for Business.
- In the Skype for Business admin center, select Organization > External Communications.
- To set up communication with a specific business or with users in another domain, in the drop down box, choose “On only for allowed domains.”
- If you want to enable communication with everyone instead, choose “On except for blocked domains.”
- Under Blocked or Allowed Domains, click the +. Add the name of the domain(s) you want to allow.
- If the domain you want to enable is another Office 365 account, make sure their admin repeats the above steps, entering your domain.
- If you’re using the Windows Firewall, Skype for Business opens the required ports automatically. If not, see “Firewall Settings” below.
- Wait up to 24 hours before testing. (That’s how long it can take to populate changes across all the Office 365 datacenters.)
More information available here: Allow users to contact external Skype for Business users – Office Support
How to Configure Federation with Skype for Business Online
Unsurprisingly, you use federation to enable on-premise communication with Skype for Business Online. However, we will also have to make a change in Office 365 Admin for this too.
Step 1: Set Federation for Skype for Business Online on Edge Server. All we need here are two cmdlets, entered in Skype for Business’ Management Shell.
Set-CSAccessEdgeConfiguration -AllowOutsideUsers 1 -AllowFederatedUsers 1 -EnablePartnerDiscovery 1 -UseDnsSrvRouting
New-CSHostingProvider -Identity SkypeforBusinessOnline -ProxyFqdn “sipfed.online.lync.com” -Enabled $true -EnabledSharedAddressSpace $true -HostsOCSUsers $true -VerificationLevel UseSourceVerification -IsLocal $false -AutodiscoverUrl https://webdir.online.lync.com/Autodiscover/AutodiscoverService.svc/root
Step 2: Configure Skype for Business Online for a Shared SIP Address Space. This step is more complicated. You’ll have to establish a remote session with the Skype for Business Online tenant, from your on-premise Skype for Business Server.
How? With this: Skype for Business Online, Windows PowerShell Module
You’ll need to download & install the module on your server. Then, you can establish the remote session by entering these cmdlets:
$cred = Get-Credential
$CSSession = New-CsOnlineSession -Credential $cred
Import-PSSession $CSSession -AllowClobber
Okay! All that work to establish a remote session. Step 3: Enter Configuration Cmdlet. Just enter this cmdlet:
Set-CsTenantFederationConfiguration -SharedSipAddressSpace $true
More information available here: Configure federation with Skype for Business Online – TechNet
If you’ve configured both Skype for Business systems, but still receive error messages when communicating, chances are you need to update your firewall.
First, make sure your firewall allows client computers to access the following FQDNs:
Double-check that all necessary ports are open, regardless of which service you’re using. We often run into Skype4B Server deployments where the internal video ports (50020 to 50039 UDP and TCP) are open. But some of the external video ports were not–3478 UDP in particular. (Total external video ports are 443 TCP, 3478 UDP, & 50000 to 59999 UDP and TCP.)
If more advanced configuration is needed, here’s a list of Office 365 URLs and IPs. It should identify the pertinent information needed to update your firewall settings.
Office 365 URLs and IP Address Ranges – Office Support
Here’s the same list, for Skype for Business Server’s Edge Server.
Edge Server environmental requirements in Skype for Business Server 2015 – TechNet
Communication Established. Proceed with Work.
Once federation is set up between the two services, your users should be able to chat, call, have video chats, whatever they like.
Marcos, I hope this helps you out! As well as any other reader who’s having trouble with communications between Skype for Business Server and Skype for Business Online.
(If that’s you, or you have a similar issue going on, please comment or email your experience. We try to help whenever possible!)
Next time, we resume our VS. comparisons, with the newer collaboration platforms mentioned in The Security Behind 6 Business Chat Apps (Including Skype for Business). Join us then!