A customer of mine had this strange problem; they could not federate with two of their partners. All others were working just fine, whereas these two only gave the infamous “presence unknown” status. They even got confirmed that others could federate with these domains too, just not them.
I remembered from a previous event that Windows Server 2008 R2 root certs in some cases may be corrupted, so this was my primary suspect.
Looking into the matter I utilised one of my favorite tools troubleshooting such issues, the Remote UC Troubleshooter (RUCT). Using it I downloaded the remote end (Edge) certificate, installed it on my customer’s Edge server and verified the certificate chain, i.e.: That the Edge of my customer trusted the remote Edge.
After verifiying that cert seemed ok at my customer’s side, I asked them to tell their federation partner to do the same, even attaching the cert from my customer’s Edge in an email.
Strangely, after they had checked their end “it just started to work”…I have my thoughts on the matter, but most important here is how to check these matters in an easy way.