locked
Skype for Business Online for domain machines RRS feed

  • Question

  • Hi everyone,

    I've been racking my brain on and off for a week now trying to get this to work.  I have added SfB Online to our Office 365 and have everything up and running externally (DNS configured).  Externally we are 'domain1.com' and internally we are 'domain2.com'.  Internally, if I use a non-domain joined PC or phone app etc. I don't have any issues.  The only internal DNS record I have is 'sip.domain1.com' as a CNAME for 'sipdir.online.lync.com'.

    If I look at the logs for the domain joined machines (running SfB2016) I see attempts for every combination of 'sip.', 'lyncdiscover.' etc.  I've tried adding CNAMEs and SRV records for both zones and pointing these to multiple FQDNs that SfB Online uses - no luck.

    Is there a documented setup for getting SfB Online to work from within the domain?  I feel as it's trying to find an on-prem server, or that there is some kind of a mismatch with 'user@domain1.com' O365 account and the 'domain2.com' internal domain.

    Any ideas?

    Much appreciated
    Brad

    Wednesday, April 27, 2016 3:25 AM

Answers

  • Hi Eason,

    I have managed to finally resolve this.  I found a Microsoft supplied XML file listing all of the IP addresses, subnets and FQDNs that Skype for Business uses and disabled SSL decryption for HTTPS to these endpoints.

    Thank you for you time with this issue.
    Regards,
    Brad
    • Marked as answer by brad_86 Wednesday, May 4, 2016 2:47 AM
    Wednesday, May 4, 2016 2:47 AM

All replies

  • Hi,

    On internal DNS Server, set the SRV and CNAME record as the guide in the link below:

    https://support.microsoft.com/en-ph/kb/2566790

    Also, you can login SFB client with manual method instead of automat method.

    Best Regards


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Eason Huang
    TechNet Community Support

    Monday, May 2, 2016 7:26 AM
  • Hi Eason,

    I have tried setting all of the internal and external DNS records as per the document but domain machines still cannot connect.  When manually setting the server I get the "We're having trouble connecting to the server" message.  Non-domain machines, phones etc. can connect automatically or manually without issue.  I have also disabled local firewalls in case it was being blocked at machine level.

    Any other ideas?
    Is it worth getting logs together?

    Thanks
    Brad

    Tuesday, May 3, 2016 12:39 AM
  • I've made some progress on this issue - it appears to be related to SSL decryption.
    Non domain machines I was testing were on a different VLAN with decryption turned off.  As soon as I move these devices to a different subnet Skype fails.

    This appears to be a common issue but there is no documentation about what exactly to disable decryption for.  I've tried all combinations of URLs, IP addresses and ports suggested by MS but cannot get it to work.

    Thanks
    Brad

    Tuesday, May 3, 2016 4:28 AM
  • Hi Eason,

    I have managed to finally resolve this.  I found a Microsoft supplied XML file listing all of the IP addresses, subnets and FQDNs that Skype for Business uses and disabled SSL decryption for HTTPS to these endpoints.

    Thank you for you time with this issue.
    Regards,
    Brad
    • Marked as answer by brad_86 Wednesday, May 4, 2016 2:47 AM
    Wednesday, May 4, 2016 2:47 AM