Saturday, February 25, 2012

Lync 2010 on prem - Cloud UM integration

“Cloud computing is like sex in High School. Everybody is talking about it, only few did it, and they didn’t know what they are doing.”
                                                                                          Found somewhere in Internet

I have been thinking recently of one hypothetical scenario – let’s say my company has domain “” and we host Exchange and Lync on prem. We acquire small company B with domain “”. The management decides to decommission Exchange Server in Company B and move all users to Office 365 Exchange services. However, because "" already utilizes Lync Enterprise Voice, we also want to decommission Company B’s PBX and provide EV to”” users. The main question is - how to resolve the problem with Unified Messaging for Company B?

Let’s see if this is possible.

First, of course, I must sign up for Office 365 service. I created tenant “”, added “” and verified it as outlined on the online documentation.

For the purpose of this post, I created user “Myuc User” with ID This represents all users from Company B and the assumption here is the migration to Exchange Online has been competed, mailboxes migrated etc.

Next step is to prepare the Cloud service for Unified Messaging. I will create UM Dial Plan:

…and we can see, a default policy was automatically created. I might modify it later.

***I have not created Auto Attendant at this point – I am more interested if this concept will work to begin with…

Back in Users and Groups, I will enable our user for Unified Messaging

This concludes my Cloud based user configuration. now let's prepare hosted Lync for Cloud Integration.

Run the following command from Lync Management Shell:

New-CsHostingProvider -Identity "Hosted UM" -Enabled $True -enabledSharedAddressspace $True -HostsOCSUsers $false -ProxyFqdn "" -IsLocal $False -VerificationLevel UseSourceVerification

Get-CsHostingProvider -Identity "Hosted UM" cmdlet should return the following:

***I hit a bump at this point. Took me for a while to figure that the routing must be done toward the authoritative cloud domain. To see which domain is authoritative for my setup, I had to use Remote Power Shell:

$cred = Get-Credential
$s = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $cred -Authentication Basic -AllowRedirection

$importresults = Import-PSSession $s

...and verify if our session is OK


 When i ran: Get-AcceptedDomain , the output showed that only "" is Authoritative and I will use it in my Lync configuration.

Next, create new Hosted Voice Mail Policy:

New-CsHostedVoicemailPolicy -Identity "MYUC Domain" -Destination -Description "Hosted voicemail policy for domain." -Organization ""

***Note that I am using  "" as Organization, because this is the only Authoritative domain returned.

Get-CsHostedVoicemailPolicy -Identity "MYUC Domain" should return

***Yesterday I already added "" as "Additional Supported Sip Domain" in my Lync topology, made the necessary changes in the public DNS, reissued the public certificate to include the new domain, you know the drill..Also, was added to Lync and provisioned for Enterprise Voice.

Now I will set HostedVoiceMailPolicy for this user to True. This way, when voicemail is to be deposited, my Lync on prem will route the call to the Cloud.

Set-CsUser -Identity lynclog\mu1 -HostedVoiceMail $True

...and grant the policy I created earlier:

Grant-CsHostedVoicemailPolicy -Identity lynclog\mu1 -PolicyName "MYUC Domain"

Let's examine our user' properties now:

Time to test our setup.

The call was connected and I left new Voice Mail.

***One last note - in this test,on my Edge Server, I used Public Certificate issued form Office 365 did not have any problem with it...


aavisek said...

Excellent post

aavisek said...

Excellent post-Askwizard

santosh said...

Great Post Drago!!

M E said...
This comment has been removed by the author.
Drago said...

Lync on premise uses Edge server to connect to Office365 not only for federation, but to deliver voice mail for cloud based users as well. Media gateway is not involved at all.

You must have fully functional Edge server with certificate signed by Public CA in order to connect to Office365.

M E said...

Thanks for your reply drago, I got it working by re-running the whole commands from scratch and also have added a command which I think you probably missed by mistake.

PS> Set-CsHostedVoiceMailPolicy -Destination -Organization

I have a full functional Lync Edge server but I need to call from GSM to my SIP DID number and be directed to Voicemail which still doesn't work.

I'm not sure but the only thing is left is the Gateway Integration! My coworker who is working on the gateway told me that we need to have certificates in order to allow TLS connection between Exchange on cloud UM and our lync on premise.

I can see there's a UM IP Gateways on the Exchange Control Panel.

Have you done this before already?

Drago said...

Although seems related, we have two totally different tasks here: Enterprise Voice integration with PSTN and On-premise Lync integration with O365 UM.

Media gateway can be integrated with Lync EV either over TCP (less secure) or TLS (secure). However, both transports would work. I personally always use TCP in the initial step (easy to trace and troubleshot) and “lock” with TLS before moving to Production.

So, your first goal is to have PSTN to Lync and vice versa working. You should be able to answer PSTN calls from your Lync client and make calls from Lync client to PSTN numbers.

To test the second part, you should be able to call from Lync client another Lync user provisioned with UM on the cloud. This is considered internal call where PSTN is not involved. You should be able to deposit Voice Mail successfully.

Only after those two steps are completed, you should attempt to “merge” the two.

M E said...

Drago, I have EV integration with PSTN already and now after setting up my voice mail now it started to work, I can leave my self a voice mail.

The only thing left that I want to do is to setup our gateway for Exchange UM on cloud!

I will need a public IP address for the gateway and it seems that it will also need a TLS in order to make a secure connection!

I'll check with the guys from NET as our gateway is their product.

If i was able to do the integration without issues! I'll let you know.

M E said...

Hi again,

I'm trying to leave a voicemail to the enabled O365 integrated Lync account and its working if calling from the same domain but if from a federated partner it won't work.

what this could possibly be?

Drago said...

You need to do SIPStack trace on both Front End and Edge server. The reason for the failure will be somewhere within the log.

my said...

it works for me..Drago

tacotech said...

i have just one quick question. I am trying to figure out what i should be putting in the following piece of the new-cshosting provider command. What should be my entry.
ProxyFqdn ""

Drago said...

From TechNet (

"ProxyFQDN specifies the fully qualified domain name (FQDN) for the proxy server used by the hosting provider. For Exchange Online, the FQDN is"


Unknown said...

Anybody know if there are any issues integrating Lync deskphones into Exchange UM in the cloud? Docs seems to imply it's fine. I'm assuming the hosted voceimail provider config replaces the need for Exchange Web Services integration and there's no need to setup up autodiscover in this scenario?

Anonymous said...

Appreciate the detailed explanation of importance of data backup solutions for small business!