locked
Auto login issue after changes SIP-domain RRS feed

  • Question

  • Hello!

    I installed a new SIP-domain. I added a DNS record, updated certificates, configure the server.

    I move the test user to the new domain. User is unable to login automatically.

     

    I know that in the lync version 10 helped the removal from the registry these keys:

    HKEY_CURRENT_USER/Software/Microsoft/Communicatorshow

    HKEY_CURRENT_USER/Software/Microsoft/Shared/UcClientshow

    I tried to remove keys:

    HKCU:\Software\Microsoft\Office\16.0\Lync

    HKCU:\Software\Microsoft\Office\15.0\Lync

    But it did not help. User still automatically tries to log in with old address.

    Mail address matches with the Sip address.

    What I need to delete on registry if I want that client automatically sign-in with new login (username@newdomain)?

    If user type login manually, everything works.

    Thanks!

    Thursday, September 22, 2016 8:01 AM

Answers

  • Hi everyone!

    I found the problem. We have two domains, first for users, the second for resources. S4B, exchange (2010) and copies of the users (clones) from the first domain are located in domain for resources. In clone-users we add SID of origiand-user to attribute msExchMasterAccountSid. Also we add this SID to attribute msRTCSIP-OriginatorsID (SID of original-user from first domain).

    Previously, when we use the Lync 2010, it was necessary to fill proxyaddresses attribute (add sip:user e-mail) for each user, otherwise user did not work autologin. After migration, to lync 2013 and S4B this function was not needed anymore, since the client star to search the server not  by the SRV records, but by lyncdiscoverinternal.

    Now, with the new SIP-domain, users with new sip-domain address can't autosign. But, if a add their sip-address to proxyaddresses attribute in first domain then everything is working correctly.

    I can't understand why it happens and how to force them to work without this entry (like others users with old sip-domains).

     

    For example:

    User's attributes

     

    first domain (for users)

    attribute: proxyAddresses

    smtp:%username e-mail%

    x400:%value%

     

    second domain (for resources)

    attribute: proxyAddresses

    smtp:%username e-mail%

    sip:%username e-mail%

    x500:%value%

     

    And it's works for old sip-domain users. For new sip-domain users I need to add sip:%username e-mail% to first domain. Without this entry in proxyAddresses attribute they don't autologin. And I don't understand why.


    • Edited by Alan.Pro Wednesday, October 5, 2016 8:44 AM
    • Proposed as answer by Alice-Wang Monday, October 10, 2016 10:41 AM
    • Marked as answer by Alan.Pro Tuesday, October 11, 2016 7:37 AM
    Wednesday, October 5, 2016 8:43 AM

All replies

  • Hi Alan, 

    For each domain that you have added you need to have DNS entries also added and the domain need to be there in the certificate as well. can you confirm that the lyncdiscoverinternal.domain.com   is added for the newly added domain as well 

    https://technet.microsoft.com/en-in/library/dn951397.aspx?f=255&MSPPError=-2147217396


    Linus || Please mark posts as answers/helpful if it answers your question.

    Thursday, September 22, 2016 11:54 AM
  • Hi Akampa,

    Yes, it's OK.

    I added lyncdiscoverinternal.domain.com, lyncdiscover.domain.com, sip.domain.com, _sip._tls.domain.com and _sipfederationtls._tcp.domain.com entries. All of them pointed same as another SIP-domains.

    New certificate was added too. New sip-domain was added to the new certificate.

    After I changed username s4b client manually once, it works good. Client find S4B server and work, but client can't login automatically for first time after changes. For first time client try to login with old sip-domain.

    P.S. Sorry for my English level :(

    Thursday, September 22, 2016 1:37 PM
  • Thank you for explaining. Are you trying from external  or internal ? When you do the manual sign in the Server  information is cached and thats why it picks up in the next attemp.  you can make  use of remote connectivity analyzer to understand what  part is failing during the sign in porcess. 

    https://www.microsoft.com/en-in/download/details.aspx?id=36535


    Linus || Please mark posts as answers/helpful if it answers your question.

    Friday, September 23, 2016 4:57 AM
  • Akampa, thanks for your help.

    Lync Connectiviry Analizer test succeeded:

    Starting Lync server autodiscovery

     

    Starting automatic discovery for secure (HTTPS) internal channel

    Server discovery succeeded for secure (HTTPS) internal channel against URL https://lyncdiscoverinternal.domain.com/

     

    Starting automatic discovery for unsecure (HTTP) internal channel

    Server discovery succeeded for unsecure (HTTP) internal channel against URL http://lyncdiscoverinternal.domain.com

    "sign in the Server  information is cached " - Yes! And old information is cashed too, and thats why client try to connect with old information for first time. And I try to find where is this cash to delete :) I know that part of this information in the registry key HKCU:\Software\Microsoft\Office\16.0\Lync. I deleted this key, but its not help. Some part of cash saved somewhere else. Now I try delete user folder from C:\Users\%username%\AppData\Local\Microsoft\Office\16.0\Lync\%username%. Maybe its help.

    Friday, September 23, 2016 6:08 AM
  • Hi Allan,

    To delete the keys would not help. You should change only the sip address of the user on the registry. This should work.


    regards Holger Technical Specialist UC

    • Proposed as answer by KennethML Wednesday, October 5, 2016 8:45 AM
    • Unproposed as answer by KennethML Wednesday, October 5, 2016 8:45 AM
    Friday, September 23, 2016 6:14 AM
  • Hi Alan.Pro,

    Welcome to post in our forum.

    Would you please tell us is that all users have the issue in your environment ?

    Are there any error message when you set automatically logon ?

    If the specific user has the issue, please try to compare the user attributes on AD between this affected account and other normal account.

    If multiple users have the issue, it may be something wrong with your DNS settings for your SIP domain, remember to create DNS SRV record.

    Please double check your DNS configuration, the following article is about DNS Records for Automatic Client Sign-In, please refer to

    https://technet.microsoft.com/en-us/library/bb663700(v=office.12).aspx

    Hope this reply helpful to you.


    Alice Wang
    TechNet Community Support


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Friday, September 23, 2016 8:20 AM
  • Hi Holger Bunkradt, thanks for your answer.

    Which key or value I need to change? I tried delete key "Lync" in KCU:\Software\Microsoft\Office\16.0\. It didn't help. I tried to rename it to new address, but it didn't help too.


    Friday, September 23, 2016 10:26 AM
  • Hi,

    Below Lync folder, you will have the entry as ServerSipUri.

    Make sure it updated with the correct name.


    - Muralidharan. Please mark as answer/useful if my contribution helps you.

    Friday, September 23, 2016 11:16 AM
  • Hi Alice,

    I just testing changes one of our sip-domains. I add this sip-domain to server correct. As I know skype for business didn't use records _sipinternaltls._tcp.<domain> and _sipinternal._tcp. <domain> - this records uses only for 2007 communicator and lync server 2010. After 2013 lync client use lyncdiscoverinternal to discover server if didn't find, then use lyncdiscover. However, I have both records lyncdiscover (pointed to External IP of Edge server) and lyncdiscoverinternal (pointed to Front-End) (like another good-working DNS for other not default SIP-domains) and record _sipinternaltls._tcp.(pointed to Front-End too). Nslookup show them right (to FE).

    I just tried  to login to new computer and client didn't find any information about user. lyncdiscoverinternal didn't work :(

    This problem only for test-users. 

    Friday, September 23, 2016 12:00 PM
  • Hi Alan.Pro,

    Thanks for your response.

    I will confirm again if there is any error message when you use automatically login ?

    If there is, would you please provide the information for us?

    Skype for business needs the _sipinternaltls, for this issue, you could refer to the link provided by Akampa.

    Please also try to create a new user in your new SIP domain, test if this new user could automatically login.


    Alice Wang
    TechNet Community Support


    Please remember to mark the replies as answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, September 28, 2016 8:27 AM
  • Hello Alice,

    No, I have not any error message. I created new test user and try to sign in. S4B client starts with an empty field for login (not filled). If I once fill this field, it works good next times. But it not work for the first time.

    I already have lyncdiscoverinternal, lyncdiscover and _sipinternaltls, records for all sip-domains. 

    Thursday, September 29, 2016 11:28 AM
  • Hi everyone!

    I found the problem. We have two domains, first for users, the second for resources. S4B, exchange (2010) and copies of the users (clones) from the first domain are located in domain for resources. In clone-users we add SID of origiand-user to attribute msExchMasterAccountSid. Also we add this SID to attribute msRTCSIP-OriginatorsID (SID of original-user from first domain).

    Previously, when we use the Lync 2010, it was necessary to fill proxyaddresses attribute (add sip:user e-mail) for each user, otherwise user did not work autologin. After migration, to lync 2013 and S4B this function was not needed anymore, since the client star to search the server not  by the SRV records, but by lyncdiscoverinternal.

    Now, with the new SIP-domain, users with new sip-domain address can't autosign. But, if a add their sip-address to proxyaddresses attribute in first domain then everything is working correctly.

    I can't understand why it happens and how to force them to work without this entry (like others users with old sip-domains).

     

    For example:

    User's attributes

     

    first domain (for users)

    attribute: proxyAddresses

    smtp:%username e-mail%

    x400:%value%

     

    second domain (for resources)

    attribute: proxyAddresses

    smtp:%username e-mail%

    sip:%username e-mail%

    x500:%value%

     

    And it's works for old sip-domain users. For new sip-domain users I need to add sip:%username e-mail% to first domain. Without this entry in proxyAddresses attribute they don't autologin. And I don't understand why.


    • Edited by Alan.Pro Wednesday, October 5, 2016 8:44 AM
    • Proposed as answer by Alice-Wang Monday, October 10, 2016 10:41 AM
    • Marked as answer by Alan.Pro Tuesday, October 11, 2016 7:37 AM
    Wednesday, October 5, 2016 8:43 AM