The other day I had a call from a customer for which I quite recently set up Lync Server 2010. They were experiencing problems for some of their employees not being able to federate with external domains.
The customer was housing a few domains besides their own, and the server was set up to support this:
Looking into the error messages using snooper, the error soon stood out pretty clear:
Using nslookup I could quite easily confirm that the customer had not set up external DNS the way I had told them to.
Instead of having a SRV record _sipfederationtls._tcp.<domain>.no point to an A record sip.<domain>.no using the same domain in both, they had rather pointed the SRV record to the main SIP domain A record, causing a domain redirect in the lookup. Lync is not fond of such things, and therein lay the broken federation.