locked
SKype for business online users are not able to see the presence info of Federated domain users RRS feed

  • Question

  • Hi All,

    Currently I am doing pilot migration for my client, from Lync 2013 on-prem to SfB online. Hybrid configuration is done, and everything working as expected except federation.

    Migrated users are not able to see the presence info of federated user. I have checked the client logs, getting below error.

    Can anyone please suggest a solution to fix this issue.

    SIP/2.0 504 Server time-out
    ms-user-logon-data: RemoteUser
    Authentication-Info: TLS-DSK qop="auth", opaque="37F262BD", srand="E04110BF", snum="16", rspauth="f6386db94f9f2306769ede8caafef3476843d455", targetname="XXXX.infra.lync.com", realm="SIP Communications Service", version=4
    From: "Test"<sip:test@domain.com>;tag=afcd3aa920;epid=4b55aead3c
    To: <sip:federateduser@domain.com>;tag=6DF2675124EF277FB0B588EE032077C2
    Call-ID: a7e89416b36f4c2b851cf5e033b54cec
    CSeq: 1 SUBSCRIBE
    Via: SIP/2.0/TLS X.X.X.X:55486;received=13.100.55.252;ms-received-port=55486;ms-received-cid=4314100
    ms-diagnostics: 1018;reason="Parsing failure";source="access.domain.com"
    Server: RTC/5.0
    Content-Length: 0
    ms-telemetry-id: 171F9EAE-1417-5868-AC30-984C14EFB1DF
    ms-split-domain-info: ms-traffic-type=SplitFedIn;ms-remote-fqdn=sip.domain.com

    Regards,

    AJ

    Wednesday, April 4, 2018 11:23 AM

All replies

  • https://docs.microsoft.com/en-us/skypeforbusiness/skype-for-business-hybrid-solutions/deploy-hybrid-connectivity/configure-federation-with-skype-for-business-online

    https://docs.microsoft.com/en-us/skypeforbusiness/set-up-skype-for-business-online/allow-users-to-contact-external-skype-for-business-users

    Are on-premise users able to see presence of SFB online users? Does it happen on both internal and external network?


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

    Wednesday, April 4, 2018 11:46 AM
  • Thanks for your quick update.

    I have gone through the links you shared, all recommended configuration is already in place. 

    Yes, on-prem users are able to talk to online users, from both internal and external network.

    Regards,

    AJ 

    Wednesday, April 4, 2018 12:14 PM
  • Hi AJ,

    Based on your description, I understand that migrated users are not able to see the presence info of federated user.

    Did the issue happen to specific user or all migrated users had the issue?

    If the issue only happen to specific SFB client, please try to rebuild user profile then test again.
    %userprofile%\AppData\Local\Microsoft\Office\15.0\Lync\sip_UserName@Domain.com

    If all users had the issue, please check if you have done the following steps:
    1.Configure your on-premises Edge service for federation with Skype for Business Online
    2.Configure your Skype for Business Online tenant for a shared SIP address space

    More details:
    https://technet.microsoft.com/en-us/library/jj205126.aspx


    Best Regards,
    Alice Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Thursday, April 5, 2018 5:34 AM
  • Hi Alice,

    Yes, all users are facing same issue. Both configuration are in place.

    Getting below error

     ms-diagnostics: 1018;reason="Parsing failure";source="access.domain.com"

    Any specific reason for this ?

    Regards,

    AJ

    Thursday, April 5, 2018 6:12 AM
  • Looks like some firewall issue, can you check event log on your edge server for any error? Does this affect all on-premises users?

    Check if static route to the specific user with presence issue have been added to your edge.

    Can you telnet access.domain.com over port 5061 from the issued SFB online users computer?


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

    Thursday, April 5, 2018 6:25 AM
  • There is no issue for on-prem users. They are able to see the presence info of federated user -and also able to chat with them. Only online users are facing this issue.

    telnet access.domain.com over port 5061-->Able to telnet.

    Please note: migrated user tried from his VDI as well as from internet

    Regards,

    AJ

    Thursday, April 5, 2018 6:45 AM
  • Hi Alias,

    Thanks for your response.

    For current scene, we suggest you check the federation type in SFB control panel in SFB on premise, or you can run the command: Get-csaccessedgeconfiguration | fl

    For SFB online, you can check the federation type as following:


    Best Regards,
    Alice Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.


    • Edited by Alice-Wang Monday, April 9, 2018 8:04 AM
    • Proposed as answer by Alice-Wang Monday, April 9, 2018 9:42 AM
    Monday, April 9, 2018 7:55 AM
  • Hi Alice,

    Online : On only for allowed domains

    On-prem:

    Identity                               : Global
    AllowAnonymousUsers                    : False
    AllowFederatedUsers                    : True
    AllowOutsideUsers                      : True
    BeClearingHouse                        : False
    EnablePartnerDiscovery                 : False
    DiscoveredPartnerVerificationLevel     : UseSourceVerification
    EnableArchivingDisclaimer              : True
    EnableUserReplicator                   : False
    KeepCrlsUpToDateForPeers               : True
    MarkSourceVerifiableOnOutgoingMessages : True
    OutgoingTlsCountForFederatedPartners   : 4
    DiscoveredPartnerStandardRate          : 20
    EnableDiscoveredPartnerContactsLimit   : True
    MaxContactsPerDiscoveredPartner        : 1000
    DiscoveredPartnerReportPeriodMinutes   : 60
    MaxAcceptedCertificatesStored          : 1000
    MaxRejectedCertificatesStored          : 500
    CertificatesDeletedPercentage          : 20
    RoutingMethod                          : UseDnsSrvRouting

    Regards,

    AJ

    Monday, April 9, 2018 12:07 PM
  • Hi Alias,

    Could you see the presence of other federated users if existing or it only related to special federated users?

    On on-premise server, I notice you do not enable the partner domain discovery, I think you may use allowed domain list, did you add the access edge service(FQDN) in control panel (aka Direct Federation)?

    And in online side, there is no Direct Federation option, I notice you use “On only for allowed domains” option, did you add the related federated domains in the list as the same as On-premise environment?

    For online user, in my understanding, the client will try to resolve the federated SRV record, please check if you could resolve the SRV for federated domain “_sipfederationtls._tcp.domain.com”. If it does not exist, it may cause the federation issue.


    Best Regards,
    Alice Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    • Proposed as answer by Alice-Wang Wednesday, April 11, 2018 10:42 AM
    Wednesday, April 11, 2018 9:58 AM
  • Are there any update about this issue?

    Best Regards,
    Alice Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Thursday, April 12, 2018 8:35 AM
  • Hi Alice,

    My comments are here..

    Could you see the presence of other federated users if existing or it only related to special federated users?

    No, issue for all federated domain

    On on-premise server, I notice you do not enable the partner domain discovery, I think you may use allowed domain list, did you add the access edge service(FQDN) in control panel (aka Direct Federation)?

    yes, we use allowed domain list. Yes, access edge fqdn is added in the control panel

    And in online side, there is no Direct Federation option, I notice you use “On only for allowed domains” option, did you add the related federated domains in the list as the same as On-premise environment?

    yes, added in online as well

    For online user, in my understanding, the client will try to resolve the federated SRV record, please check if you could resolve the SRV for federated domain “_sipfederationtls._tcp.domain.com”.  If it does not exist, it may cause the federation issue.

    _sipfederationtls._tcp.domain.com-->resolving.

    Still we are facing this issue.

    Regards,

    AJ

    Sunday, April 15, 2018 6:10 PM
  •  
    Hi Alias,

    Please try to use this command to do a test: Test-CsFederatedPartner -Domain <partnerdomain> -TargetFqdn <EdgeaccessFQDN>
    You could refer to this link:
    https://technet.microsoft.com/en-us/library/dn743840(v=ocs.15).aspx
    In addition, please check the “_sipfederationtls._tcp.domain.com” of your organization only points to your Edge access service FQDN. 
    At last, if possible please try to enable the partner domain discovery to see if it helps.


    Best Regards,
    Alice Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    • Proposed as answer by Alice-Wang Tuesday, April 17, 2018 10:37 AM
    Tuesday, April 17, 2018 8:27 AM
  • Are there any update about this issue

    Best Regards,
    Alice Wang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Wednesday, April 25, 2018 9:14 AM
  • Hi Alice,

    Sorry for the delayed response, still we are facing the issue.

    _sipfederationtls._tcp.domain.com : Its pointing towards the access edge IP externally.

    _sipfederationtls._tcp.domain.com : Currently I am working with MS Engineer to fix the issue. As per his suggestion, we have created a new SRV record (In internal DNS Server) -and pointed to Internal NIC of Edge Server.

    Regards,

    AJ

    Monday, May 21, 2018 9:18 AM
  • Hi Alice,

    Issue got fixed, after updated edge servers internal interface certificate.

    Regards,

    AJ

    Friday, June 1, 2018 12:35 PM