Move SIP domain to another company

I been working with a customer and helped them with a split of their Skype for Business environment during a company split. About 2500 users of the 30000 users was moving to a new Skype environment and they were going to keep the current SIP domain. The majority of users where going to need a new domain for their SIP address (also mail and UPN). The larger company (Fabrikam) was going to keep the infrastructure and the other smaller company (Contoso), that were keeping the company name, needed new Skype servers.

The split was going to be done as a big bang during a weekend were we removed the Contoso users from Fabrikam environment and change all Fabrikam users to SIP address At the same time Contoso started to use their new Skype platform with SIP address.

The process started with adding as a secondary domain in topology. Some pilot users started to work the new domain. We later, before the cutover, changed so that was the primary SIP domain.

After the removing the old SIP domain ( from the Fabrikam Skype we could not federate between the companies. We checked that DNS queries for was correct and pointed to the new Contoso Skype servers and we where able to get connected on TCP-5061 between Contoso and Fabrikam public Edge Access IP. We also checked the topology for Fabrikam to see that really was removed everywhere. Federation with all other companies worked without any problem for both Contoso and Fabrikam.

Test-CsFederatedPartner gave us the error 404, Not Found.

Test-CsFederatedPartner -TargetFqdn -Domain

Target Fqdn :
Result : Failure
Latency : 00:00:00
Error Message : 404, Not Found
Diagnosis : ErrorCode=1003,,Reason=User does not exist,

Running SIP tracing on edge servers gave us some more hints, “The request URI domain is hosted locally and cannot be routed to a federated partner”. So Fabrikam servers still think that is a locally hosted SIP domain even if it’s not to be found in topology.

( 1024351871 )( 00000003CC629238 ) Request-Uri is internal or automatically discerned split-domain traffic points back to us, sending 404 Returned 0xC3E93D74(SIPPROXY_E_EPROUTING_MSG_INTERNALDOMAIN_NOTALLOWED)
TL_WARN(TF_DIAG) [edgepool\edgeserver01]153C.2A40::06/18/2017-08:41:22.364.000CB298 (SIPStack,SIPAdminLog::WriteDiagnosticEvent:SIPAdminLog.cpp(830)) [1024351871] $$begin_record
Severity: warning
Text: The request URI domain is hosted locally and cannot be routed to a federated partner
SIP-Start-Line: OPTIONS SIP/2.0
SIP-Call-ID: c49ff774ee0944a58ab39bc41c9d5149
Data: domain=""

After some digging we found that we never updated the public certificate on the Edge servers due to some problem with the provider. Since we been using both and as SIP domain  for a couple of weeks, was still in the public certificate. After renewing the public Edge certificate and removing from it Edge servers started to think that is an external domain and federation started to work.

Conclusion is that even if we removed the domain from topology we had to remove the domain from the certificates.

You may also like...

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Sign up to my newsletter, you will get an email with updates from every Friday if there are any new articles posted.

You have successfully subscribed to our mail list.

Too many subscribe attempts for this email address.

* will use the information you provide on this form to be in touch with you and to provide updates.