locked
Skype Basic Client Contacting Local AD over TCP 389 RRS feed

  • Question

  • Hi Folks

    We are seeing the Skype Basic client communicating with AD over TCP port 389 and retrieving contact information. This is causing problems because the Skype environment is hosted and therefore the contact information should be taken only from the Skype address book which is generated from the hosted environments AD and not look at the local AD. This behaviour only happens with machines running Office 2010 and does not happen with machines running office 2016. I have never heard of this behaviour before and this is not my understanding of how things work in a Skype environment. The address book is downloaded fine to the local machine and contains the correct entries however the local AD lookup is trampling over the results returned to the client. I have proven this behaviour by creating an outbound local firewall rule that blocks TCP 389 traffic from the lync.exe application. Once this rule is enabled the correct entry for the same person is retrieved from the address book thats been downloaded and we see traffic blocked in the firewall logs that is destined for local domain controllers. As soon as we disable the rule the contact information from the local AD is returned. You can actually see the contact information changing if you record the screen and play it back frame by frame, initially the correct entry is shown but when the AD lookup takes place the local contact information is displayed.

    Has anyone heard of this before and know of a fix without upgrading office to 2016 which isn't an option at the moment. Obviously we could implement this workaround but its not ideal and a fix would be better. I can only assume this is some kind of behaviour that was phased out?

    Thanks

    A

    Thursday, October 12, 2017 9:32 PM

All replies

  • Hi Adam42,

    Would you please tell us did you use SFB on premise or SFB online for your environment?

    Is that appeared on all office 2010 machines? Could you please give us a screenshot?

    What issue is caused by this situation? Did you mean you can’t search user correctly with SFB basic client?

    Based on my research, I couldn’t find similar situation as yours. If you use SFB on premise server, the SFB client needs the following port for the client

    Here is document for your reference
    https://technet.microsoft.com/en-us/library/gg398833.aspx

    If you use SFB online, you could also try to post in SFB online forum, there are more experts will help you with this question
    https://answers.microsoft.com/en-us/msoffice?auth=1


    Regards,

    Alice Wang


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    • Edited by Alice-Wang Friday, October 13, 2017 2:31 AM
    Friday, October 13, 2017 2:30 AM
  • Hi Alice

    Thanks for your response. I am fully aware of the ports the client is supposed to use but we are seeing the basic client query the local AD for contact information and that shouldn't happen. I have been working with LCS, OCS and Skype for quite a few years now and never come across this behaviour. 

    The Skype is on-premise but is hosted by a third party so the customer just deploys the client and has no control over any other settings. 

    The issue does appear on all office 2010 machines tested so far. I am not sure how I can screen shot this without giving out personal information, in fact I can't. All we are doing here is a typing the first few characters of a skype users name into the client and allowing it to resolve from the address book but instead we get local AD information being pulled out via an LDAP lookup on port 389. Like I said before if we block port 389 traffic all is good and the correct information for that user appears (pulled from the downloaded Skype Address Book which ultimately has come from the hosting providers AD)

    The net result is confusion for users as they cannot find the correct user from the address book.

    Thanks

    A

    Friday, October 13, 2017 7:58 AM
  • Hi Adam42,

    Based on my research, I couldn't find a document describes the details for skype basic client.

    We did a test with Office 2010 and SFB 2016 client, it looks like following


    Regards,

    Alice Wang


    Please remember to mark the replies as an answers if they help and unmark them if they provide no help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    • Proposed as answer by Alice-Wang Thursday, October 19, 2017 9:47 AM
    Wednesday, October 18, 2017 8:36 AM
  • Thanks. Just to close this off and to provide an update, the culprit was the Outlook Social Connector. When this was disabled via GPO there was no LDAP connectivity to local domain controllers and this fixed the problems.

    Thanks

    Tuesday, November 21, 2017 9:42 PM
  • Thanks for your sharing.

    Regards,

    Alice Wang


    Please remember to mark the replies as answers if they helped.
    If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

    Wednesday, November 22, 2017 1:40 AM