Cannot sign in Skype for Business client external

All replies

• 

  

  0

  Sign in to vote

  Hello Saad,

  Check the Technical Diagrams:

  http://go.microsoft.com/fwlink/p/?LinkId=550989

  These records are needed:

  DNS Type	Value	Resolution	Purpose
  SRV	_sipfederationtls._tcp.<sip-domain>	Access Edge FQDN: access.<sip-domain>	Federation and public IM connectivity
  SRV	_sip._tls.<sip-domain>	Access Edge FQDN: access.<sip-domain>	external user access
  SRV	_xmpp-server._tcp.<sip-domain>	Access Edge FQDN: access.<sip-domain>	XMPP federation
  A	sip.<sip-domain>	Access Edge FQDN: access.<sip-domain>	locate Edge Server
  A	Access Edge FQDN: access.<sip-domain>	Access Edge IP address	Edge Server Access edge
  A	A/V Edge FQDN: av.<sip-domain>	A/V Edge IP address	Edge Server A/V edge
  A	Conf Edge FQDN: conf.<sip-domain>	Conf Edge IP address	Edge Server Conf edge
  A/CNAME	lyncdiscover.<sip-domain>	reverse proxy public IP address	external AutoDiscover Service
  A	meet URL	reverse proxy public IP address	proxied to Lync Server Web Service
  A	dial-in URL	reverse proxy public IP address	proxied to Lync Server Web Service
  A	external Web Services FQDN	reverse proxy public IP address	proxied to Lync Server Web Service

  Also check the control panel:

  

  and

  

  Greetings,

  Erdem

  ---

  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

  • Proposed as answer by Er-D Thursday, December 28, 2017 1:02 PM

  Wednesday, December 27, 2017 12:03 PM
• 

  

  0

  Sign in to vote

  Hi Er-D,

  Thanks for guide I checked the control panel and do exaclty same setting mentioned above 

  Also will you please confirm where to add these record in Public DNS where I get services?

  DNS Type	Value	Resolution	Purpose
  SRV	_sipfederationtls._tcp.<sip-domain>	Access Edge FQDN: access.<sip-domain>	Federation and public IM connectivity
  SRV	_sip._tls.<sip-domain>	Access Edge FQDN: access.<sip-domain>	external user access
  SRV	_xmpp-server._tcp.<sip-domain>	Access Edge FQDN: access.<sip-domain>	XMPP federation
  A	sip.<sip-domain>	Access Edge FQDN: access.<sip-domain>	locate Edge Server
  A	Access Edge FQDN: access.<sip-domain>	Access Edge IP address	Edge Server Access edge
  A	A/V Edge FQDN: av.<sip-domain>	A/V Edge IP address	Edge Server A/V edge
  A	Conf Edge FQDN: conf.<sip-domain>	Conf Edge IP address	Edge Server Conf edge
  A/CNAME	lyncdiscover.<sip-domain>	reverse proxy public IP address	external AutoDiscover Service
  A	meet URL	reverse proxy public IP address	proxied to Lync Server Web Service
  A	dial-in URL	reverse proxy public IP address	proxied to Lync Server Web Service
  A	external Web Services FQDN	reverse proxy public IP address

  Since I already Added Mention Records in Public DNS

  Access Edge Service Type	FQDN	IP Address
  A	sip.domain.com.pk	(Live or External IP address)

   

  Web Conferencing Edge Service Type	FQDN	IP Address
  A	Wconf.domain.com.pk	(Live or External IP address)

   

   

  Audio Video Edge Service Type	FQDN	IP Address
  A	av.domain.com.pk	(Live or External Ip)

   

   

  SRV Records Name	Host	Port	Reason
  _sip._tls.domain.com.pk	sip.domain.com.pk	443	Auto login for external client
  _sipfederationtls._tcp.domain.com.pk	sip.domain.com.pk	5061	Federation discovery
  _xmpp-server._tcp.domain.com.pk	sip.domain.com.pk	5269	XMPP gateway locator

   

  Wednesday, December 27, 2017 12:12 PM
• 

  

  0

  Sign in to vote

  Hi Saad,

  I dont see the lyncdiscover, it is used for your reverse proxy. The client can do autodiscover then. Do you have installed a Reverse Proxy ? 

  You can also run the: https://testconnectivity.microsoft.com

  Greetings,

  Erdem

  ---

  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

  Wednesday, December 27, 2017 12:20 PM
• 

  

  0

  Sign in to vote

  Hi Saad9837,

  Accroding to your reply, you need add the A record “Access Edge FQDN: access.<sip-domain>” to the Public DNS. You could try to login the SFB server manually,like the following picture.if you could login ,you lack the lyncdiscover;In the “Skype For Business Options” window that opens click “Advanced”, select “Manual configuration”, and then enter Internal and External server names.

  

  .Check if the certificate for Edge Server meets the following requirement.

  

  3. Use Lync connectivity analyzer to see if there is any error.

  https://testconnectivity.microsoft.com/

  

  ---

  Regards,
  

  Leon Lu

  ---

  Please remember to mark the replies as answers if they helped.
  If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

  
  
  
  

  • Edited by Leon-LuMicrosoft contingent staff Wednesday, December 27, 2017 12:36 PM

  Wednesday, December 27, 2017 12:23 PM
• 

  

  0

  Sign in to vote

  Hi Erdem,

  I just added mention records in my External Certificate that I download from GO Daddy

  DNS Name=sip.domain.com.pk
  DNS Name=www.sip.domain.com.pk
  DNS Name=wconf.domain.com.pk
  DNS Name=av.domain.com.pk
  DNS Name=sfbedge.domain.com.pk
  DNS Name=meet.domain.com.pk
  DNS Name=domain.com.pk
  DNS Name=lyncdiscover.domain.com.pk

  Also where I have to run that test

  https://testconnectivity.microsoft.com

  Either On my Skype for business Front End Server Machine or Edge Server Machine?

  Also I Reverse Proxy is essential for Edge Server I didn't see any tab of that I just follow Tech net Guide

  https://gallery.technet.microsoft.com/Step-By-Step-Deploy-Skype-1e24428e

  Is the only A records consider Reverse Proxy.Do I need to add that records too in Public DNS?

  Type              FQDN                                                          IP Address

  A                  meet.domain.com.pk                                               (External IP address)

  A                   lyncdiscover.domain.com.pk                (External IP address)

  
  
  
  

  • Edited by Saad9837 Wednesday, December 27, 2017 3:05 PM

  Wednesday, December 27, 2017 12:35 PM
• 

  

  0

  Sign in to vote

  Hi Leon

  Thanks for input.

  For Access Edge FQDN I add : sip.domain.com.pk in Public DNS

  Does it impact as per guide and many blogs they prefer to add A record as :

  sip.domain.com.pk instead of access.domain.com.pk

  As per tech net guide

  https://gallery.technet.microsoft.com/Step-By-Step-Deploy-Skype-1e24428e

  
  

  
  

  • Edited by Saad9837 Wednesday, December 27, 2017 2:49 PM

  Wednesday, December 27, 2017 2:46 PM
• 

  

  0

  Sign in to vote

  Hi Saad,

  Reverse proxy is needed for your webservices, it is not connected to your Edge server. 

  Your SIP domain must be added on the external certificate for your edge server and the FQDN of your access edge what you have defined in your topology builder.

  Greetings,

  Erdem

  ---

  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

  Wednesday, December 27, 2017 3:04 PM
• 

  

  0

  Sign in to vote

  Hi Erdem,

  Thanks for guide since I added records for external certificate that i download form go daddy

  DNS Name=sip.domain.com.pk
  DNS Name=www.sip.domain.com.pk
  DNS Name=wconf.domain.com.pk
  DNS Name=av.domain.com.pk
  DNS Name=sfbedge.domain.com.pk
  DNS Name=meet.domain.com.pk
  DNS Name=domain.com.pk
  DNS Name=lyncdiscover.domain.com.pk

  Bur I didnot Add mention A records in Public DNS

  Type              FQDN                                                          IP Address

  A                  meet.domain.com.pk                                               (External IP address)

  A                   lyncdiscover.domain.com.pk                (External IP address)

  Once I added that Records then I try to connect and let you Know.

  Thanks for such a support hope so it will sort out my issue.

  Wednesday, December 27, 2017 3:40 PM
• 

  

  0

  Sign in to vote

  Hi Saad9837,

  You could try to use manual configuration to login SFB like the following screenshot , if you could login ,the problem is caused by the lyncdiscover

  

  ---

  Regards,
  

  Leon Lu

  ---

  Please remember to mark the replies as answers if they helped.
  If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

  Thursday, December 28, 2017 9:51 AM
• 

  

  0

  Sign in to vote

  Hi Leon,

  Thanks for support and guidance finally I am able to connect on external network as per above setting.

  One thing I need to ask.I want to communicate with other domain User

  Like My domain is abc.com.pk and client connect successfully internally & externally on same and even different Network.

  However if some User of abc.com.pk Domain wants to communicate or Add other Domain User like def.com.pk then what procedure need to be follow.Which configuration required  

  Please need your valuable guidance too on that matter.

  
  

  • Edited by Saad9837 Thursday, December 28, 2017 11:40 AM

  Thursday, December 28, 2017 10:05 AM
• 

  

  0

  Sign in to vote

  Hi Saad,

  Depens if you want open or closed federation. For autodiscover your domain for federation you need public SRV for with sipfederationtls._tcp.<sip-domain> pointing to Access Edge FQDN: access.<sip-domain>

  Check also this blog if you want partner discovery turned on for open federation:

  https://blogs.technet.microsoft.com/uclobby/2013/09/30/difference-between-open-and-closed-federation-in-lync-20102013/

  Greetings,

  Erdem

  _sipfederationtls._tcp.<sip-domain>

  _sipfederationtls._tcp.<sip-domain>

  ---

  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

  Thursday, December 28, 2017 1:04 PM
• 

  

  0

  Sign in to vote

  Hi Erdem,

  Thanks for guide I will add these SRV records in Public DNS

  _sipfederationtls._tcp.domain.com.pk

  _sipfederationtls._tcp.domain.com.pk

  and let you know if it allows.

  Thanks once again.

  Thursday, December 28, 2017 1:11 PM
• 

  

  0

  Sign in to vote

  Hi Erdem,

  What port i need to mention against these record

  _sipfederationtls._tcp.domain.com.pk

  Port 443 or 5061

  Thursday, December 28, 2017 1:22 PM
• 

  

  0

  Sign in to vote

  Hi Erdem,

  After checked Public DNS the record already added:

  _sipfederationtls._tcp.domain.com.pk  that point my Access Edge FQDN :  sip.domain.com.pk over 5061 port.

  But still other domain user not able to communicate with my domain

  please guide?

  
  

  • Edited by Saad9837 Thursday, December 28, 2017 1:54 PM

  Thursday, December 28, 2017 1:46 PM
• 

  

  0

  Sign in to vote

  Hi Saad,

  It is 5061.

  Greetings,

  Erdem

  ---

  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

  Thursday, December 28, 2017 1:57 PM
• 

  

  0

  Sign in to vote

  Hi Erdem,

  SRV record added still not able to connect with other domain user.

  Thursday, December 28, 2017 4:05 PM
• 

  

  0

  Sign in to vote

  Hi Saad,

  Depens if the other side have also open federation or not and or even the DNS records are inplace. 

  If the other side have closed federation they need to add your domain to the allow list.

  Greetings,

  Erdem

  ---

  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

  
  

  • Edited by Er-D Thursday, December 28, 2017 4:09 PM

  Thursday, December 28, 2017 4:09 PM
• 

  

  0

  Sign in to vote

  Hi Erdem,

  In that case I had to add every organization domain in allowed list.Am I right?

  Since Users of my Domain wants to communicate with different organization Users having different domains

  Let Suppose

  Test@abc.com.pk wants to communicate with Test2@def.com.pk or Test3@efg@com.pk?

  So I need to allow that DEF.COM.PK & EFG.COM.PK domain in Lync Control Panel Domain Allowed List?

  I just want that User of my organization communicate anyone and to any domain without added the domains in control panel wizard.

  Please suggest.

  
  

  • Edited by Saad9837 Thursday, December 28, 2017 5:32 PM

  Thursday, December 28, 2017 4:37 PM
• 

  

  0

  Sign in to vote

  Hi Erdem,

  Kindly guide on above matter

  Also whenever User try to log in Skype for business client at Android or Iphone it gave error since I make setting in advance option 

  For Internal Server : sip.domain.com.pk:5061

   For External Server : sip.domain.com.pk:5061

  "We cannot connect to the server.Check your network connection and server address and try again"

  Do i need to add A records in  DNS internally and externally like mention format for Mobile connectivity?

  A                    lyncdiscoverinternal.doamin.com.pk             Internal Web Services IP address

  A                    lyncdiscover.doamin.com.pk                           Public Ip Address

  OR that format

  A                    lyncdiscoverinternal.sip.domain.com.pk             Internal Web Services IP address

  A                    lyncdiscover.sip.doamin.com.pk                           Public Ip Address

  Which records need to be added.

  Please Guide on that too.

  
  
  

  • Edited by Saad9837 Friday, December 29, 2017 7:49 AM

  Friday, December 29, 2017 7:06 AM
• 

  

  0

  Sign in to vote

  Hi Erdem,

  In that case I had to add every organization domain in allowed list.Am I right?

  Since Users of my Domain wants to communicate with different organization Users having different domains

  Let Suppose

  Test@abc.com.pk wants to communicate with Test2@def.com.pk or Test3@efg@com.pk?

  So I need to allow that DEF.COM.PK & EFG.COM.PK domain in Lync Control Panel Domain Allowed List?

  I just want that User of my organization communicate anyone and to any domain without added the domains in control panel wizard.

  Please suggest.

  
  

  Hi Saad,

  you need to enable partner discovery to turn on Open federation:

  

  Greetings,

  Erdem

  ---

  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

  Friday, December 29, 2017 9:16 AM
• 

  

  0

  Sign in to vote

  Hi Erdem,

  Kindly guide on above matter

  Also whenever User try to log in Skype for business client at Android or Iphone it gave error since I make setting in advance option 

  For Internal Server : sip.domain.com.pk:5061

   For External Server : sip.domain.com.pk:5061

  "We cannot connect to the server.Check your network connection and server address and try again"

  Do i need to add A records in  DNS internally and externally like mention format for Mobile connectivity?

  A                    lyncdiscoverinternal.doamin.com.pk             Internal Web Services IP address

  A                    lyncdiscover.doamin.com.pk                           Public Ip Address

  OR that format

  A                    lyncdiscoverinternal.sip.domain.com.pk             Internal Web Services IP address

  A                    lyncdiscover.sip.doamin.com.pk                           Public Ip Address

  Which records need to be added.

  Please Guide on that too.

  
  
  

  You need for external DNS only the lyncdiscover.contonso.com. For internal DNS you add lyncdiscoverinternal.contonso.com and lyncdiscover.contonso.com. But the external lyncdiscover is mostly pointed to the reverse proxy, check the Skype diagram that i have linked before.

  http://go.microsoft.com/fwlink/p/?LinkId=550989
  

  Greetings,

  Erdem

  ---

  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

  • Proposed as answer by Leon-LuMicrosoft contingent staff Monday, January 1, 2018 5:51 AM

  Friday, December 29, 2017 9:20 AM
• 

  

  0

  Sign in to vote

  Hi Erdem,

  Thanks for share details I will follow the instructions by adding ALL Records and setting.

  Then I will come to know.

  Thanks once again.

  Friday, December 29, 2017 9:41 AM
• 

  

  0

  Sign in to vote

  Hi Erdem,

  I need to ask one thing:

  Is Federation Services require at Active Directory Level so that Skype User of one domain communicate with other Domain Users?

  DO I need to install ADFS or just above setting shared by your side fulfill that requirement?

  Kindly guide on that matter too.

  Monday, January 1, 2018 5:46 AM
• 

  

  0

  Sign in to vote

  Hi Saas9837,

  Have you added all records and settings?did you have update for this issue?if you have solve the problem,please mark the helpful reply as answer,it will help others who have similar issue.

  ---

  Regards,
  

  Leon Lu

  ---

  Please remember to mark the replies as answers if they helped.
  If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

  Monday, January 1, 2018 5:51 AM
• 

  

  0

  Sign in to vote

  Hi Leon,

  The record takes time to add and its for Mobile Integration records.

  However Now the issue is the USER of my organization not able to communicate with other Domain Users.

  What I suppose to do .DO i need to Install ADFS role or just records and setting mentioned above are enough for that?

  Please guide accordingly.

  Monday, January 1, 2018 6:01 AM
• 

  

  0

  Sign in to vote

  Also client sign in at external network but not able to connect at internal network?

  Kindly guide on that.

   

  Monday, January 1, 2018 11:08 AM
• 

  

  0

  Sign in to vote

  Hi Saad,

  No ADFS is not needed for Skype for business.

  Greetings,

  Erdem

  ---

  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

  Tuesday, January 2, 2018 7:20 AM
• 

  

  0

  Sign in to vote

  Hi Erdem/Leon,

  Thanks for support and guide now Skype for business connectivity is fine and run smoothly internally & externally & at different domain.

  however while make conference call internally or same domain user cannot add participants.Whenever User try to add Participant internally 

  like

  abc@domain.com.pk make call to def.domain.com.pk successfully but when they need to add the 3rd person having  same domain internally efg@domain.com.pk then it show on Skype Window

  "An Error Occured"

  I checked every setting at Control Wizard of Skype.

  Please suggest.

  Tuesday, January 2, 2018 10:02 AM
• 

  

  0

  Sign in to vote

  Hi Saad,

  Check your conference policy, different settings applies when adding external or anonymous contacts.

  you can also run my script to add different policy's: https://gallery.technet.microsoft.com/Create-CAL-Conferencing-9c527a34?redir=0

  Greetings,

  Erdem

  ---

  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

  Tuesday, January 2, 2018 12:30 PM
• 

  

  0

  Sign in to vote

  Hi Erdem,

  I just checked conference setting and keep global setting also mark checked on all setting that needs 

  Thanks for share script but unfortunately due to complicated infrastructure I am not able to run that script .Will you please suggest other setting or share any conferencing setting?

  
  
  

  • Edited by Saad9837 Tuesday, January 2, 2018 4:57 PM

  Tuesday, January 2, 2018 1:17 PM
• 

  

  0

  Sign in to vote

  Hi Erdem,

  I just checked conference setting and keep global setting at SFB Control Wizard and also mark checked on all setting that needs for conference call.

  Since Internal Domain client i-e abc.com can make conference call to other or different domain Users i-e def.com and also able to add participant of other domain users externally 

  Also Internal domain USERS i-e abc.com make call to other abc.com User.

  But Issue is  when ABC user try to add 3rd Participant of same abc.com domain User  then it prompt 

  "An Error Occured"

  The Issue occur on organization level internally 

  Thanks for share script but unfortunately due to complicated infrastructure I am not able to run that script .Will you please suggest other setting or share any conferencing setting?

  Wednesday, January 3, 2018 9:25 AM
• 

  

  0

  Sign in to vote

  Hi Saas9837,

  Have you added all records and settings?did you have update for this issue?if you have solve the problem,please mark the helpful reply as answer,it will help others who have similar issue.

  ---

  Hi Leon,

  I added records 

  Type              FQDN                                                          IP Address

  A                    meet.domain.com.pk                                 Live or Public Ip

  A                   lyncdiscover.domain.com.pk                          Live or Public IP

  A                   owaent.domain.com.pk                                   Live or Public IP

  Add these records in your DC-DNS

  A                    lyncdiscoverinternal.domain.com.pk             Internal Web Services IP address

  A                    lyncdiscover.domain.com.pk                        Internal Web Services IP address

  SRV Records Name	Host	Port	Reason
  _sip._tls.domain.com.pk	sip.domain.com.pk	443	Auto login for external client

  But Still Mobile not configured.

  Did I correctly make entry of   DNS records that mentioned above? Please suggest

  Is there any setting require at SFB Control Wizard or Records also please confirm Ports?

  
  
  

  • Edited by Saad9837 Thursday, January 4, 2018 10:11 AM

  Thursday, January 4, 2018 6:19 AM
• 

  

  0

  Sign in to vote

  Hi Experts,

  Thanks for guide for the deployment of Edge Server. However Two Issues I faced:

  1) Same Domain Users not able to add 3rd participant in conference call,Whenever user try to add Participant it show:

  "An Error Occurred"

  however for external domain conference call working fine and participant are added smoothly.

  Any Suggestion  or setting that need to be checked Internally?

  2) 

  I added records for Mobile Android & Iphone connectivity 

  Type              FQDN                                                          IP Address

  A                    meet.domain.com.pk                                 Live or Public Ip

  A                   lyncdiscover.domain.com.pk                          Live or Public IP

  A                   owaent.domain.com.pk                                   Live or Public IP

  Add these records in your DC-DNS

  A                    lyncdiscoverinternal.domain.com.pk             Internal Web Services IP address

  A                    lyncdiscover.domain.com.pk                        Internal Web Services IP address

  _sip._tls.domain.com.pk

  sip.domain.com.pk

  443

  Auto login for external client

  
  

  Did I correctly make entry of   DNS records that mentioned above? Please suggest

  
  

  Friday, January 5, 2018 5:36 AM
• 

  

  0

  Sign in to vote

  Hi Saad,

  This is the conference policy that is use standard:

  

  It also could be that the firewall is blocking, check if SRTP/UDP:49152-65535 from the user to the Front end pool is allowed internally. 

  These ports are needed for federated conferencing:

  Source IP	Destination IP	Source Port	Destination Port
  A/V Edge	Any	TCP 50,000-59,999	TCP 443
  A/V Edge	Any	UDP 3478	UDP 3478
  Any	A/V Edge	Any	TCP 443
  Any	A/V Edge	Any	UDP 3478

  The DNS records are correct. 

  ---

  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

  
  

  • Edited by Er-D Friday, January 5, 2018 7:01 AM

  Friday, January 5, 2018 7:00 AM
• 

  

  0

  Sign in to vote

  Hi Er-D,

  Thanks for sharing setting and confirm records entry.I am going to check that setting and firewall ports then I will let you inform.

  
  

  Friday, January 5, 2018 7:09 AM
• 

  

  0

  Sign in to vote

  did you have any update?

  ---

  Regards,
  

  Leon Lu

  ---

  Please remember to mark the replies as answers if they helped.
  If you have feedback for TechNet Subscriber Support, contact tnsf@microsoft.com.

  Monday, January 8, 2018 10:48 AM
• 

  

  0

  Sign in to vote

  Hi Leon,

  After all setting I am not able to Log in Skype for business in Android or Iphone Mobile

  However Skype for Business Client Log in on Desktop smoothly.

  Is there any URL require that need to be add manually in Mobile

  I also go with Auto discover but Error shows but When I try to Enter Manual

  • Internal discovery address: https://lyncdiscover.domain.com.pk/Autodiscover/autodiscoverservice.svc/Root
  • External discovery address: https://lyncdiscover.domain.com.pk/Autodiscover/autodiscoverservice.svc/Root

  Then Skype for Business Client Keep trying to Sign In but didnot get any response

  
  
  

  • Edited by Saad9837 Monday, January 8, 2018 1:50 PM

  Monday, January 8, 2018 1:26 PM
• 

  

  0

  Sign in to vote

  Hi Leon,

  Kindly review the Records entry again

  I added records for Mobile Android & Iphone connectivity 

  Type              FQDN                                                          IP Address

  A                    meet.domain.com.pk                                 Live or Public Ip

  A                   lyncdiscover.domain.com.pk                          Live or Public IP

  A                   owaent.domain.com.pk                                   Live or Public IP

  Add these records in your DC-DNS

  A                    lyncdiscoverinternal.domain.com.pk             Internal Web Services IP address

  A                    lyncdiscover.domain.com.pk                        Internal Web Services IP address

  _sip._tls.domain.com.pk

  sip.domain.com.pk

  443

  Auto login for external client

  Please confirm lyncdiscoverinternal.domain.com.pk             Internal Web Services IP address 

                                   lyncdiscover.domain.com.pk                        Internal Web Services IP address

  Which IP address I need to enter either FE Server  or Edge Server IP Address having 2 NIC Internal and External

  I specify FE Server IP address for both Is that correct?

  Please suggest

  
  

  • Edited by Saad9837 Tuesday, January 9, 2018 6:38 AM

  Tuesday, January 9, 2018 5:24 AM
• 

  

  0

  Sign in to vote

  Second Issue is that Same Domain Users not able to do conference call internally

  1 to 1 A/V calls work perfectly fine internally

  As try to add 3rd participant it show

  "An error occurred"

  however external domain users make conference call smoothly and also able to add internal domain users & External Domain Users.

  Kindly guide Is that Port or firewall issue internally since all FE services are running kindly share ports details that need to be allow for internal conference call or any firewall rule.

  
  
  

  • Edited by Saad9837 Tuesday, January 9, 2018 7:59 AM

  Tuesday, January 9, 2018 6:57 AM
• 

  

  0

  Sign in to vote

  Hi Saad,

  Do you see also errors in the event viewer? Try also to log and trace with CLS logger and read it with snooper. Also check the reports of skype.

  Greetings,

  Erdem

  ---

  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

  Tuesday, January 9, 2018 8:34 AM
• 

  

  0

  Sign in to vote

  Thanks Erdem,

  I will review the logs and share the status.

  Kindly specify  Log file name that will be responsible for conference call details? 

  After View Client Log History of LYNC i found:

  <convErrorMessage xmlns="http://schemas.microsoft.com/2008/10/sip/convItems" ts="2018-01-09T10:01:00Z" mode="lcsConf" action="none" hr="-2131820136">

  <errorInfo participantUri="sip:skypetest@domain.com.pk"/>

  </convErrorMessage>

  <convErrorMessage xmlns="http://schemas.microsoft.com/2008/10/sip/convItems" ts="2018-01-09T10:01:00Z" mode="voice" action="start" hr="-2131687933">

  <errorInfo participantUri="sip:skypetest@domain.com.pk"/>

  </convErrorMessage>

  <convNotification xmlns="http://schemas.microsoft.com/2008/10/sip/convItems" ts="2018-01-09T10:01:00Z" id="72" mode="im" hr="-2131820136"/>

  <convErrorMessage xmlns="http://schemas.microsoft.com/2008/10/sip/convItems" ts="2018-01-09T10:01:00Z" mode="lcsConf" action="none" hr="-2131820136">

  <extendedStatusCode hrServerDiag="-2131689331" hrClientDiag="-2131689331" hrSipStatus="-2131689331" hrSipWarning="-2131689331" hrResultCode="-2131689331" hrAggregatedCode="-2131689331"/>

  </convErrorMessage>

  <convErrorMessage xmlns="http://schemas.microsoft.com/2008/10/sip/convItems" ts="2018-01-09T10:01:00Z" mode="im" action="message" hr="-2131572912">

  <extendedStatusCode hrServerDiag="-2131689331" hrClientDiag="-2131689331" hrSipStatus="-2131689331" hrSipWarning="-2131689331" hrResultCode="-2131689331" hrAggregatedCode="-2131572912"/>

  <messageInfo type="text/rtf" msgid="{DEA309E7-7398-42E9-907F-03B46587B191}" storyTitle="">{\rtf1\fbidis\ansi\ansicpg1252\deff0\nouicompat\deflang1033{\fonttbl{\f0\fnil\fcharset0 Segoe UI;}{\f1\fnil Segoe UI;}}

  {\colortbl ;\red0\green0\blue0;}

  {\*\generator Riched20 16.0.8730}\viewkind4\uc1

  \pard\cf1\f0\fs20 Heloo\f1\par

  {\*\lyncflags&lt;rtf=1&gt;}}

  </messageInfo>

  </convErrorMessage>

  </conversationXml></conversations> !   AdOJMIGPgmFEjcfmQoiwOgacO5hALw== ,   {D61AE06E-AE36-4B6C-852E-DE73D6DD3552}.hist D   sip:test1@domain.com,sip:test2@domain.com     @¬Yé0‰Ó

  
  

  If you can provide any further guidance regarding ports/firewall or services that need to be checked? 

  The Mention Error Occur if I try to do MEET NOW 

  
  
  However If I try to add 3rd Participant the mention error occur:

  1 on 1 A/V call occur smoothly internally but issue only occur If Internal Domain User try to add 3rd participant in conference call either external or same domain users then mention issue show

  

  
  

  
  

  • Edited by Saad9837 Tuesday, January 9, 2018 12:29 PM

  Tuesday, January 9, 2018 9:21 AM
• 

  

  0

  Sign in to vote

  Hi Experts

  Any suggestion on above issue and error.Please Guide

  Also when I try to Started Services at Front End Server

  Skype for Business Web Conferencing

  Skype for business server Audio/Video Conferencing

  It shows "The Skype for business server Audio/Video Conferencing Service on Local Computer started and then stopped.Some Services stop automatically if they are not in use by other services or programs."

  I try different solution to resolve but still error

  http://communicationsknowledge.blogspot.com/2014/02/the-lync-server-audiovideo.html

  http://www.aspdotnet-suresh.com/2011/06/service-on-local-computer-started-and.html

  I also Enable Conferencing/Dial In Feature from  existing Front End Server Topology by right click on Edit Properties .Do I need to Publish Topology again after enable the features or it will replicate automatically.

  Kindly suggest

  
  

  • Edited by Saad9837 Wednesday, January 10, 2018 10:40 AM

  Wednesday, January 10, 2018 6:17 AM
• 

  

  0

  Sign in to vote

  Hi Experts

  Any suggestion on above issue and error.Please Guide

  Also when I try to Started Services at Front End Server

  Skype for Business Web Conferencing

  Skype for business server Audio/Video Conferencing

  It shows "The Skype for business server Audio/Video Conferencing Service on Local Computer started and then stopped.Some Services stop automatically if they are not in use by other services or programs."

  I try different solution to resolve but still error

  http://communicationsknowledge.blogspot.com/2014/02/the-lync-server-audiovideo.html

  http://www.aspdotnet-suresh.com/2011/06/service-on-local-computer-started-and.html

  I also Enable Conferencing/Dial In Feature from  existing Front End Server Topology by right click on Edit Properties .Do I need to Publish Topology again after enable the features or it will replicate automatically.Does It impact my internal infrastructure if I publish new topology with existing topology. 

  Kindly suggest

  Wednesday, January 10, 2018 10:42 AM
• 

  

  0

  Sign in to vote

  Hi Saad,

  You need always to publish topology if you have made changes or the changes wouldt not be applied. Did you also configure the simple urls etc ?

  Greetings,

  Erdem

  ---

  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

  Thursday, January 11, 2018 9:11 AM
• 

  

  0

  Sign in to vote

  Hi Erdem,

  Thanks for guide the topology is published however now the new issue is at Front End Server while Assign Internal Certificate it show error as mention in snap?

  Will you please guide what i need to check?

  

  Thursday, January 11, 2018 1:00 PM
• 

  

  0

  Sign in to vote

  Hi Experts,

  Kindly suggest on mention issue since on Front End Server when I try to assign Certificate it show mention error 

  Previously it works fine but now certificate assignment create problem,I also request a fresh CSR and download certificate from CA but still same error

  Please guide

  

  Friday, January 12, 2018 5:36 AM
• 

  

  0

  Sign in to vote

  Can Anyone please share suggestion on above issue?

  Friday, January 12, 2018 9:26 AM
• 

  

  0

  Sign in to vote

  Hi Saad,

  It seems that the binding in IIS are not correct, check if the ports are correctly binded for internal and external webservices.

  Greetings,

  Erdem

  ---

  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

  Friday, January 12, 2018 11:11 AM
• 

  

  0

  Sign in to vote

  Thanks will you please share how to check? Please share steps to check and configure that

  Friday, January 12, 2018 11:24 AM
• 

  

  0

  Sign in to vote

  Also I tried to publish again then mention error show in topology builder

  "you must provide an active meeting url for each sip domain and all urls must be unique"

  Kindly guide to resolve that

  At started my Front End server working all fine now the Issue is related to IIS binding and certificate how to resolve it?

  Kindly guide

   
  

  • Edited by Saad9837 Friday, January 12, 2018 3:03 PM

  Friday, January 12, 2018 2:25 PM
• 

  

  0

  Sign in to vote

  Hi Saad,

  Try also to check: https://social.technet.microsoft.com/Forums/en-US/a6989e7b-3a66-44ad-ba8e-4f540f8c5224/certificate-assignment-fails-https-binding-not-found-on-the-web-site?forum=ocsplanningdeployment

  Greetings,

  Erdem

  ---

  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

  Saturday, January 13, 2018 7:38 PM
• 

  

  0

  Sign in to vote

  Hi Erdem,

  Thanks for sharing Reference blogs since I just verify IIS setting at 

  I Click on bindings find HTTP on port 8080 and HTTPS on port 4443 address   this is for the external lync web site

  and  HTTP on port 80 and HTTPS on port 443 for the internal Lync web site 

  What Else I need to check  or need to be enable?

   

  Monday, January 15, 2018 7:04 AM
• 

  

  0

  Sign in to vote

  Please guide as still face same error"

  Warning : Set-CSCertificate Failed

  Did I need to export New certificate from CA and import it to my Front End Server machine 

  Kindly guide

  
  
  

  • Edited by Saad9837 Monday, January 15, 2018 10:23 AM

  Monday, January 15, 2018 10:05 AM
• 

  

  0

  Sign in to vote

  Hi Saad,

  You can request your certificate directly from the CA if it is in the same domain or else you need to do it manually. Also you need import the certificate chain. 

  Greetings,

  Erdem

  ---

  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

  Monday, January 15, 2018 10:59 AM
• 

  

  0

  Sign in to vote

  Ok let me check.

  Will you please share steps for certificate request since it is in same domain?

  • Edited by Saad9837 Monday, January 15, 2018 11:26 AM

  Monday, January 15, 2018 11:24 AM
• 

  

  0

  Sign in to vote

  Hi,

  There you go: https://blogs.technet.microsoft.com/uclobby/2015/05/15/renewing-skype-for-business-server-2015-certificates/

  Greetings,

  Erdem

  ---

  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

  Monday, January 15, 2018 2:03 PM
• 

  

  0

  Sign in to vote

  Hi Erdem,

  Certificate is Assigned successfully with warnings however All Services are started except 

  "Skype for Business Server Front End"

  The Mention Error Occur

  Windows Could not Start Skype for Business Server Front-End on Local Computer.Error code- 1007781640

  I run the Step 2: Setup or Remove Lync Server Components with Lync Server 2013 Deployment Wizard.  check the certificate on Lync Front End Server that was not expired. Try to re-request the certificate for Lync Front End Server.

  Also open Lync Management Shell and enter the following command.

  Reset-CsPoolRegistrarState -PoolFqdn “server.domain.local” -ResetType FullReset

  Then restart Lync Server Standard Server 

  Still the issue persist

  Please Guide what need to be checked?Is that any Rights issue?

  
  
  
  

  • Edited by Saad9837 Tuesday, January 16, 2018 2:53 PM

  Tuesday, January 16, 2018 8:16 AM
• 

  

  0

  Sign in to vote

  Anyone please help me out on mention issue

  "Skype for Business Server Front End"

  The Mention Error Occur

  Windows Could not Start Skype for Business Server Front-End on Local Computer.Error code- 1007781640

  Tuesday, January 16, 2018 2:56 PM
• 

  

  0

  Sign in to vote

  Hi Saad,

  What is the event viewer saying?

  Greetings,

  Erdem

  ---

  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

  Thursday, January 18, 2018 12:54 PM
• 

  

  0

  Sign in to vote

  Hi Erdem,

  Thanks for the support however there was machine Issue having 2008 r2 OU installed and due to some malicious stuff in the system it causes  Front End services stopped

  so  at last I just do Fresh Installation of Front end Server on  new Machine Server 2016 & deploy edge server too.All services and communication done fine and smoothly.

  Just need support further about Mobility for Skype For business in Andriod & Iphone

  Is there any guide or steps that need to be follow for Mobile Configuration

  
  
  

  • Edited by Saad9837 Thursday, January 18, 2018 2:21 PM

  Thursday, January 18, 2018 1:09 PM
• 

  

  0

  Sign in to vote

  Hi Saad,

  For mobile clients you need a reverse proxy, it relies on the webservices. Also it look up first trought DNS with lyncdiscover.

  Greetings,

  Erdem

  ---

  Please mark as helpful if you find my contribution useful or as an answer if it does answer your question. That will encourage me - and others - to take time out to help you.

  Friday, January 19, 2018 3:45 PM