Goal

Create a trusted relationship between two SIP domains based on Mutual TLS authentication between two SIP proxies, for Microsoft Live Communication Server. Microsoft refers to this as 'federation'.

Applicability

Inter-domain SIP routing over TLS. We enable end-users of domain A to communicate with end-users in domain B over their home proxy to the proxy of domain B. All connections use TLS:

      User Agent A   ->   accessproxy domainA   ->   proxy domainA   ->   proxy domainB   ->   accessproxy domainB   ->   User Agent B

Prerequisites:

• MS Windows 2003 server SP1
• MS Live Communications Server 2005 SP1 is installed
• Both LCS servers should have an accompanying 'Access Proxy' installed. The relationship between SIP domains is established between these Access Proxies. TLS is used on port 5061 so all firewalls should allow this TCP traffic, as well as UDP>1023. Public TLS certificates are preferred on both Access Proxies.

Configuration

On both Access Proxies, perform the following actions:

Go to the MMC and select the domain, and then adjust the setting:Forest Global properties ->
Federation tab:
enable federation,
networks addres: enter the internal address of access proxy

MS Office Live Com Server General Porperties
General tab -> allow federation
Tab "allow" -> add servername and name of domain
allow all communications from this federated partner

Access proxy:
General tab ->federate with other domains: on
Allow tab -> remote user acces to your network: on

Users:
for each user: advanced settings: enable federation

Then restart LCS service

In some cases, messages might not get through. See also: http://support.microsoft.com/kb/924604/en-us

OS specific help

Validation, confirmation tests