locked
After Skype federation client don't send contact request. RRS feed

  • Question

  • Hello.

    After federation SfB and Skype IM don't work correct. I can find Skype accounts in SfB and try to add, but Skype accounts don't gets contact request. So i can't start to chat and see status. If I try to add SfB contact to Skype, I can find them and try to add, but SfB account don't get contact request too. But, if I put tick "allow anyone to contact me" in SfB account options, then skype account can see status of SfB account and can start to chat without send contact request. 

    Please help!

    Wednesday, February 17, 2016 9:37 AM

Answers

  • I did it!

    It was network configuration mistake on edge server. Now all work!

    Thanks for you help!

    • Proposed as answer by Eric_YangK Friday, February 19, 2016 9:14 AM
    • Marked as answer by Eric_YangK Monday, February 29, 2016 2:00 PM
    Friday, February 19, 2016 8:44 AM
  • Hi, John Kaczmarzyk.

    I had trouble with network configuration on Edge. Problem was in hosts file and in DNS settings on the external network adapter. I changed DNS settings in external network adapter and in hosts file.

    https://technet.microsoft.com/en-us/library/gg412847%28v=ocs.15%29.aspx?f=255&MSPPError=-2147217396

    My configuration is "without DNS servers in perimeter network" and I had mistake in 2 and 5 point. Edge was configured like I have DNS in perimeter network, but I haven't.

    • Marked as answer by Cindy_lim Monday, March 28, 2016 8:49 AM
    Wednesday, March 2, 2016 7:54 PM

All replies

  • Please check in SFB Control panel - Federation and External access - Sip federated providers - Skype.

    Check if its open for all or have to be in contact list.


    Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you. Thank you! Off2work

    Wednesday, February 17, 2016 1:39 PM
  • For All.
    I know that I need remove and add again public provider if I upgraded to SfB from Lync2013. I'm already done this too. 

    Policy:
    Description                       :
    EnableFederationAccess            : True
    EnableXmppAccess                  : True
    EnablePublicCloudAccess           : True
    EnablePublicCloudAudioVideoAccess : True
    EnableOutsideAccess               : True

    Access:
    AllowAnonymousUsers                    : True
    AllowFederatedUsers                    : True
    AllowOutsideUsers                      : True
    BeClearingHouse                        : False
    EnablePartnerDiscovery                 : True
    DiscoveredPartnerVerificationLevel     : UseSourceVerification
    EnableArchivingDisclaimer              : False
    EnableUserReplicator                   : False
    KeepCrlsUpToDateForPeers               : True
    MarkSourceVerifiableOnOutgoingMessages : True
    *****
    SkypeSearchUrl                         : https://skypegraph.skype.com/search/v1.0
    RoutingMethod                          : UseDnsSrvRouting


    Public provider:
    Identity                         : Skype
    Name                             : Skype
    ProxyFqdn                        : federation.messenger.msn.com
    IconUrl                          : https://images.edge.messenger.live.com/Messe
                                       nger_16x16.png
    NameDecorationDomain             :
    NameDecorationRoutingDomain      : msn.com
    NameDecorationExcludedDomainList : msn.com,outlook.com,live.com,hotmail.com
    VerificationLevel                : AlwaysVerifiable
    Enabled                          : True
    EnableSkypeIdRouting             : True
    EnableSkypeDirectorySearch       : True
    Wednesday, February 17, 2016 1:50 PM
  • Hi Alan.Pro,

    In your case, apparently the Lync-Skype federation is working, the only problem is that both the Consumer Skype and SFB users are not able to receive the invitations.

    If the Consumer Skype user does not sign in with a Microsoft account, you can try using a Microsoft Account to test.

     

    Best regards,

    Eric


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Thursday, February 18, 2016 2:06 AM
  • I already tried both accounts. Linked with MS account and new only for Skype account (without link with MS).

    Federation is work, I test it there too: https://www.eventzero.com/Tools/FederationTester3/ and all tests are done. So why i can't send or get requests I don't understand.

    Thursday, February 18, 2016 5:22 AM
  • New information. I see when Skype account add me to the contact list, I add him to SfB contact list, but he didn't get request or somethink like this and i still can't see his status and write to him. If I untick "allow anyone to contact me", then he can't see my status too and can't write to me too.
    Thursday, February 18, 2016 5:52 AM
  • I find issue in event viewwer:

    504  Server time-out
    ms-diagnostics:  1008;reason="Unable to resolve DNS SRV record";domain="mydomain.com";dns-srv-result="NegativeResult";dns-source="InternalCache";source="sip.mydomain.com";OriginalPresenceState="0";CurrentPresenceState="0";MeInsideUser="Yes";ConversationInitiatedBy="6";SourceNetwork="5";RemotePartyCanDoIM="Yes"

    But I don't understand why, I just check DNS settings, all internal SfB DNS records resolved.

    Thursday, February 18, 2016 7:11 AM
  • Hi Alan.Pro,

    Odd issue.

    Please try to run "ipconfig /flushdns" on the Edge Server.

    Also check if you have the SRV records configured on the external DNS.

    _sipfederationtls._tcp.mydomain.com

    _sip._tls.mydomain.com

     

    Best regards,

    Eric


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Thursday, February 18, 2016 8:06 AM
  • I have this SRV records on the external DNS. They resolved correct information (A record to my Access Edge Service), then this A record resolved my Access Edge Servies IP. And this records only for external DNS (Internal users can't resolve this).

    I found many 36888 and 36874 Event ID on both (FE and Edge) servers. It;s about TLS 1.2. I read that it's certificate issue (http://ucken.blogspot.ru/2013/12/schannel-errors-on-lync-server.html), but we don't use this algorithm.  


    • Edited by Alan.Pro Thursday, February 18, 2016 12:03 PM
    Thursday, February 18, 2016 8:21 AM
  • Eric,

    Is this correct recoeds?

    For External DNS

    A -> sip.domain.com -> A -> Public IP address of Edge Server

    SRV -> _sipfederationtls._tcp.domain.com -> [100][1][5061]sip.domain.com

    SRV -> _sip._tls.domain.com -> [100][1][443]sip.domain.com

     

    For Internal DNS:

    A -> sip.domain.com -> A -> IP address of Lync Pool

    SRV -> _sipinternaltls._tcp.domain.com -> [100][1][5061]sip.domain.com

    This is I have and this resolves good, bu I read that I need this records for internal DNS too:

    SRV -> _sipfederationtls._tcp.domain.com -> [100][1][5061]sip.domain.com

    SRV -> _sip._tls.domain.com -> [100][1][443]sip.domain.com

    Is this true?

    Thanks for you help!

    Thursday, February 18, 2016 12:48 PM
  • Hi Alan.Pro,

    All these records are not required on internal DNS.

    Best regards,

    Eric


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, February 19, 2016 1:02 AM
  • Eric, thanks for information, but on this flow chart I see that sip.domain.com need to internal DNS: https://technet.microsoft.com/en-us/library/dn951397.aspx

    And as I understand, sip.domain.com need to be pointed to FE server.

    Friday, February 19, 2016 6:03 AM
  • Hi Alan.Pro,

    It's a backup record. Actually, it will not be used because it has low priority.

     

    Best regards,

    Eric



    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, February 19, 2016 6:25 AM
  • Thank you, Eric_YangK!

    I just try to understand this error:

    SIP/2.0 504 Server time-out
    Authentication-Info: TLS-DSK qop="auth", opaque="AA2AD62F", srand="ECAEA36E", snum="24", rspauth="68cb39dd0f6dfa5eb69b8949cd1a9079a406887e", targetname="FE_server_FQDN", realm="SIP Communications Service", version=4
    From: "Me"<sip:me@domain.com>;tag=c4fc3546a7;epid=ab931ba8a8
    To: <sip:whisptest@skypeids.net>;tag=F937E0D7B7911FCBB5DED63A80F8974E
    Call-ID: aabfbbe035ea4c2f9416bf182111eb11
    CSeq: 1 SUBSCRIBE
    Via: SIP/2.0/TLS "my_PC_IP":49848;ms-received-port=49848;ms-received-cid=25D000
    ms-diagnostics: 1008;reason="Unable to resolve DNS SRV record";domain="domain.com";dns-srv-result="NegativeResult";dns-source="InternalCache";source="sip.domain.com"
    Server: RTC/6.0
    Content-Length: 0

    As I understand this meaning that me@domain.com try to connect with whisptest@skypeids.com (my skype test account) and cant resolve sip.domain.com.

    sip.domain.com - its my Access Edge service FQDN

    Friday, February 19, 2016 6:45 AM
  • I did it!

    It was network configuration mistake on edge server. Now all work!

    Thanks for you help!

    • Proposed as answer by Eric_YangK Friday, February 19, 2016 9:14 AM
    • Marked as answer by Eric_YangK Monday, February 29, 2016 2:00 PM
    Friday, February 19, 2016 8:44 AM
  • Good news. Glad to hear it.

    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Friday, February 19, 2016 9:14 AM
  • Hi Alan,

    Please if possible share what was wrong on your site. I have similar problem. That mean I able to search skype contact on sfb client, and search sfb users on skype. Also I can added it to contact list but no any request invitation.

    I've checked a few times my dns and everything is as the book telling ;/

    I switched off firewalls on server FE, EDGE, also trying works on internal DNS.

    Please share your experience, maybe I missing something.

    Wednesday, March 2, 2016 3:02 PM
  • Hi, John Kaczmarzyk.

    I had trouble with network configuration on Edge. Problem was in hosts file and in DNS settings on the external network adapter. I changed DNS settings in external network adapter and in hosts file.

    https://technet.microsoft.com/en-us/library/gg412847%28v=ocs.15%29.aspx?f=255&MSPPError=-2147217396

    My configuration is "without DNS servers in perimeter network" and I had mistake in 2 and 5 point. Edge was configured like I have DNS in perimeter network, but I haven't.

    • Marked as answer by Cindy_lim Monday, March 28, 2016 8:49 AM
    Wednesday, March 2, 2016 7:54 PM