locked
access through internet although LAN connection is available RRS feed

  • Question

  • Hi,

    We have costumer with SfB FE pool and Edge pool.

    Some users in location connected via LAN cannot sign in internally and they are always forced to sign in externally.

    We checked Wireshark with deleted sign in info and flushed dns and we could not see the DNS queries for lyncdiscoverinternal record. We checked they are accessed from the computer where the client is installed.

    How can we force the client to sign in internally?

    Monday, November 5, 2018 7:14 PM

All replies

  • Hi iron_flower,

    When the SFB client in the internal environment, it will not go through the Edge Server under normal circumstances.

    As you know, Skype for Business Client is hardcoded to query certain DNS records to locate the Skype for business server information, which is required for Automatic Client sign in, if the domain is contoso.com, the path for signing in follows this order:
    1. lyncdiscoverinternal.contoso.com (A record for the Autodiscover service for internal connections directed to internal Web services)
    2. lyncdiscover.contoso.com (A record for the Autodiscover service for external Web services)
    3. _sipinternaltls._tcp.contoso.com (SRV record for internal TLS connections)
    4. _sipinternal._tcp.contoso.com (SRV record for internal TCP connections)
    5. _sip._tls.contoso.com (SRV record for external TCP connections)
    6. sipinternal.contoso.com (A record for the Front End pool)
    7. sip.contoso.com (A record for the Front End pool when the client is on the internal network; A record for the Access Edge Server when the client is external with no VPN access)
    8. sipexternal.contoso.com (A record for the Access Edge Server when the client is external with no VPN access)

    According to your description, you could not see the DNS queries for Lyncdiscoverinternal record, I suggest you could try to check DNS records configuration in the internal DNS Zone in your environment, especially check the DNS records’ Resolution. In the internal, it should point to the pool IP address.

    In addition, you could refer to the following blog to find more details about Skype for Business Client sign in Call Flow – Detailed

    Best Regards,
    Evan Jiang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Tuesday, November 6, 2018 5:41 AM
  • Hi Evan,

    Thank you for quick answering.

    DNS resolution works from the machine.

    Problem is that the wireshark during signing in shows no DNS queries.

    What could be a problem?

    Regards,

    Pawel

    Tuesday, November 6, 2018 9:20 AM
  • Hi iron_flower,

    To check the SFB client sign in process and find the traffic go through during sign in SFB client, I suggest you could try to use the Fiddler instead of using wireshark. You could try to check whether it do the DNS queries during sign in.

    You could download Fiddler from this link. After installing the software, follow the steps below: Launch Fiddler -> Tools -> Fiddler Options -> HTTPS -> Decrypt HTTPS traffic -> Install fiddler Root Certificate. When fiddler is running, then try to login SFB client and find the details about the process. If there’re any problems, please let us know.

    Best Regards,
    Evan Jiang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    • Proposed as answer by woshixiaobai Thursday, November 8, 2018 2:11 AM
    Tuesday, November 6, 2018 9:41 AM
  • Hi iron_flower,

    Is there any update for this issue, if the reply is helpful to you, please try to mark it as an answer, it will help others who have the similar issue.

    Best Regards,
    Evan Jiang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Friday, November 9, 2018 1:41 AM
  • Hi,

    Unluckily not yet.

    We analyze the DNS now and let know when we get data.


    Tuesday, November 13, 2018 10:00 PM
  • Hi iron_flower,

    OK, if there's any update please let us know.


    Best Regards,
    Evan Jiang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Thursday, November 15, 2018 6:17 AM
  • Hi iron_flower,

    Is there any update for this issue, if the reply is helpful to you, please try to mark it as an answer, it will help others who have the similar issue.

    Best Regards,
    Evan Jiang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.


    Click here to learn more. Visit the dedicated forum to share, explore and talk to experts about Microsoft Teams.

    Tuesday, November 20, 2018 6:22 AM