locked
Can't connect in video call more than 2 users from external network. Skype For Business On Premises. RRS feed

  • Question

  • Hello!

    I have successfully set up Skype For Business On Premises Server in our organization.

    All DNS records are set up, for internal network:

    _sipinternaltls.domain.com (SRV record, 5061 port, TCP) pointing to skypefb.domain.local

    sip.domain.com

    admin.domain.com (sfbadmin.domain.com in my case)

    meet.domain.com

    lyncdiscoverinternal.domain.com

    dialin.domain.com

    edge.domain.local (edge server FQDN)

    skypefb.domain.local (SfB server FQDN)


    For external network:

    sipexternal.domain.com

    SRV records for external network:

    _sip._tls.domain.com port 443 pointing to sipexternal.domain.com

    _sipfederationtls._tcp.stradini.lv port 5061 pointing to sipexternal.domain.com

    _xmpp-server._tcp.stradini.lv port 5269 pointing to sipexternal.domain.com



    The setup contains only two servers and is as follows:

    1) Skype For Business Front end server

    2) Skype For Business Edge server located in DMZ zone with two network cards (internal and external)

    There are few problems besides that is described in topic "Subject":

    1) Users who connect from outside of organization network takes ~2-5 minutes to sign in instead of few seconds if using our internal network (using Skype For Business client on Windows 10).

    2) Also users, who connect from outside network are asked for exchange credentials even if they enter them manually.

    3) Inside organization network we can make video call with at least 4 people without any problem.

        3.1) If conference call is made using 2 users within organization network and 1 user outside our network, everything works fine

        3.2) If this conference call (3.1) is joined with one more user from outside network, it hangs for the same user.

        3.3) We can make calls from outside network to internal network and vice versa to a single user without problem (User to User call, not conference)

        3.4) It is not user related, tried this thing with few different users.

    I have googled and nothing useful comes up. Any suggestions or ideas for fixing this problem? What am I missing?


    Monday, February 24, 2020 7:57 PM

Answers

  • Hi Martinsslv!

    Thanks for sharing your solutions to these issues!

    Here I will provide a brief summary of this post. This will make answer searching in the forum easier.

    <Issue Symptom>:

    Q1: Users who connect from outside of organization network takes 2-5 minutes to sign in instead of few seconds if using our external network (using Skype for Business client on Windows 10).

    Q2: Users, who connect from outside network are asked for exchange credentials even if they enter them manually.

    Q3: Inside organization network they can make video call with at least 4 people without any problem. If conference call is made using 2 users within organization network and 1 user outside our network. If this conference call is joined with one more user from outside network, it hangs for the same user. User can make calls from outside network to internal network and vice versa to a single user without problem.

    <Solution Summary>:

    A1: On global DNS user added lyncdiscover.domain.com,sipinternal.domain.com,sip.domain.com DNS entries, which reduced sign-in time about minute less from 1:50 to 0:50. Then tried different external network and it wa about 10 seconds.

    A2: If checkbox “save password” isn’t checked and also credentials format is entered incorrectly, it will cause this issue. You should enter Exchange credentials in SFB client in format DOMAIN\username, check box “save password” and click OK.

    A3:This issue related to edge server deployment( PORT 3478 and 443 are not added). After adding ports 3478 and 443 to SFB Server, everything started to work now. Here is the required ports and protocols opened on each firewall:


    <Reference Link>:

    http://blog.schertz.name/2016/03/skype-for-business-2015-edge-pool-deployment/

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.

    Best Regards,
    Jimmy Yang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    • Marked as answer by Martinsslv Friday, February 28, 2020 8:54 AM
    Thursday, February 27, 2020 9:17 AM

All replies

  • Hi Martinsslv!

    About your first problem, you can try to deploy IIS ARR Reverse Proxy to solve this issue. For more details, you can refer to this thread:

    https://social.technet.microsoft.com/Forums/ie/en-US/1d036555-fc7b-4c63-b332-9ed953913f72/skype-for-business-very-slow-sign-in-for-external-user-take-too-long-time?forum=sfbfr

    Has your Skype for Business been integrated with Exchange Server?

    Regarding your second problem, can we understand it as you’re repeatedly prompted for Exchange credentials after you sign in Skype for Business? Does this issue persist only for external users or for all users?

    Based on my knowledge, we recommend you check the MAPI and EWS status. You could try to right click Skype for Business icon and choose “Configuration information” to check it. If it has problems, please check integration with Exchange Server. You can learn more details from this blog:

    http://blog.schertz.name/2015/09/exchange-and-skype-for-business-integration/

    For more solutions to the second problem, you can also refer to:

    http://communicationsknowledge.blogspot.com/2016/10/skype-for-business-keeps-prompting.html

    About your third problem, do you mean only one external user join Skype call meeting normally?

    According to your description, it seems related to edge server deployment. We recommend you check if your outside network connection is normal. Also you can try to re-adding back the network adapter and assigned back the IP. For more details about Edge Server deployment, you can refer to:

    https://docs.microsoft.com/en-us/skypeforbusiness/deploy/deploy-edge-server/deploy-edge-servers

    Beside, please check if there are conflicts between the ports.

    The following pictures shows DNS configuration for internal and external for your reference:

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.

    Best Regards,
    Jimmy Yang

    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.
    Tuesday, February 25, 2020 8:57 AM
  • Thanks for help, but it sems that I solved all problems by myself with a little bit of help from my network administrator. :)

    1) Users who connect from outside of organization network takes ~2-5 minutes to sign in instead of few seconds if using our internal network (using Skype For Business client on Windows 10).

    Checked with wireshark that SfB client at first searches for lyncdiscover dot domain dot com, sipinternal dot domain dot com, sip dot domain dot com for very long time (there is no such DNS record on external network). On global DNS I added lyncdiscover dot domain dot com and sip dot domain dot com DNS entries, which reduced sign-in time about minute less from ~1:50 to ~0:50. But it still was a bit long. So tried different external network and it was about 10 seconds which is ok, so halfe of this problem was in network provider/router (4G network in my case).

    2) Also users, who connect from outside network are asked for exchange credentials even if they enter them manually.

    In my case this is asked every time if checkbox "save password" isn't checked and also credential format is entered incorectly, therefore, if I enter Exchenage credentials in SfB client in format DOMAIN\username, check box "save password" and click Ok, it doesen't ask me for credentials anymore.

    3) Inside organization network we can make video call with at least 4 people without any problem.

    3.1) If conference call is made using 2 users within organization network and 1 user outside our network, everything works fine

        3.2) If this conference call (3.1) is joined with one more user from outside network, it hangs for the same user.

        3.3) We can make calls from outside network to internal network and vice versa to a single user without problem (User to User call, not conference)

        3.4) It is not user related, tried this thing with few different users.

    Creating EDGE server I followed this manual:

    <removed link blog dot schertz dot name 2015 edge pool deployement>

    But there is forgotten one thing in diagram:

    <can't add any images to this post as my account isn't verified, sorry>

    <image from blog dot schertz dot name search for 2015 Edge pool deployement and there you will port diagram>

    You should also add ports 3478 and 443 to SfB server not only to "Any Internal IP." :)

    I know that I should understand it by "Any Internal IP", but if you take first look at this diagram, you clearly understand that 3478 and 443 ports aren't needed for SfB Server.

    So yeah, added ports 3478 and 443 to SfB server, so it can access Edge server by these ports and everything started to work now. :)





    Wednesday, February 26, 2020 12:25 PM
  • Hi Martinsslv!

    Thanks for sharing your solutions to these issues!

    Here I will provide a brief summary of this post. This will make answer searching in the forum easier.

    <Issue Symptom>:

    Q1: Users who connect from outside of organization network takes 2-5 minutes to sign in instead of few seconds if using our external network (using Skype for Business client on Windows 10).

    Q2: Users, who connect from outside network are asked for exchange credentials even if they enter them manually.

    Q3: Inside organization network they can make video call with at least 4 people without any problem. If conference call is made using 2 users within organization network and 1 user outside our network. If this conference call is joined with one more user from outside network, it hangs for the same user. User can make calls from outside network to internal network and vice versa to a single user without problem.

    <Solution Summary>:

    A1: On global DNS user added lyncdiscover.domain.com,sipinternal.domain.com,sip.domain.com DNS entries, which reduced sign-in time about minute less from 1:50 to 0:50. Then tried different external network and it wa about 10 seconds.

    A2: If checkbox “save password” isn’t checked and also credentials format is entered incorrectly, it will cause this issue. You should enter Exchange credentials in SFB client in format DOMAIN\username, check box “save password” and click OK.

    A3:This issue related to edge server deployment( PORT 3478 and 443 are not added). After adding ports 3478 and 443 to SFB Server, everything started to work now. Here is the required ports and protocols opened on each firewall:


    <Reference Link>:

    http://blog.schertz.name/2016/03/skype-for-business-2015-edge-pool-deployment/

    Note: Microsoft is providing this information as a convenience to you. The sites are not controlled by Microsoft. Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there. Please make sure that you completely understand the risk before retrieving any suggestions from the above link.

    Best Regards,
    Jimmy Yang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    • Marked as answer by Martinsslv Friday, February 28, 2020 8:54 AM
    Thursday, February 27, 2020 9:17 AM
  • Hi,
    I am checking the status of this case. Please let us know if you would like further assistance.
    Meanwhile, if the reply is helpful to you, please try to mark it as an answer to close the thread, it will help others who encounter the same issue and read this thread.
    Thank you for your understanding and patience!

    Best Regards,
    Jimmy Yang


    Please remember to mark the replies as answers if they helped. If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Thursday, February 27, 2020 9:18 AM