none
Unable to sign in to Skype for Business standalone. RRS feed

  • Question

  • Hi All,

    I have installed Skype for business, all seems to be ok and working without errors. But I'm unable to log in. I've created a user in the Skype control panel but when I try to log in I get Can't sing in to Skype for Business. The username, password or domain appears to be incorrect.

    I have tried all different combinations of domain\username username@domain.com but still no joy. I take it the password is the windows domain password for the user? Aside from that I have no idea how I can continue...

    Thanks

    Monday, December 7, 2015 9:25 AM

Answers

  • Hi,

    Did the login issue happen internal or external the domain?

    Have you deployed Edge Server on the DMZ zone? if not, then SFB client couldn't login external the domain.

    I suppose that all of your SFB user account use the public sip address, such as contoso.com.

    For internal FE Server certificate, you need a internal certificate with SANs similar like below:

    CN: FEFQDN.test.local

    SAN: FEFQDN.test.local, lyncdiscoverinternal.contoso.com, meet.contoso.com, dialin.contoso.com, admin.contoso.com.

    Make sure on the internal DNS Server, the DNS A record such as lyncdiscoverinternal, meet, dialin, admin point to the IP of Standard Server.

    If you have deploy Edge Server, for the external Edge interface certificate, you need a public SAN certificate which including the Edge Access Service (such as sip.contoso.com), Webconf Service SANs.

    Also on the public DNS Server, point the A record sip.contoso.com to the Edge Server Access Service public IP.

    Best Regards


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Eason Huang
    TechNet Community Support

    Thursday, December 10, 2015 9:40 AM
    Moderator

All replies

  • Hi Jason,

    Have you created the below DNS record:

    _sipinternaltls._tcp.sipdomain:5061 (SRV record)

    Have you tried to configure Lync client to manually sign in by clicking Options>Personal>Advanced>Frontend/Director FQDN:5061

    Best Regards,

    Monday, December 7, 2015 10:47 AM
  • I have _sipfederationtls._tcp is that incorrect?

    In regards to the below no, but I just tried with no joy. But the issue I have is I'm not 100% if what I'm putting in is correct with the combinations of details. 

    Options>Personal>Advanced>Frontend/Director FQDN:5061

    Asterisk / Freeswitch is much more simpler than this!

    Monday, December 7, 2015 11:37 AM
  • On the machine with the client I do get an error:

    LyncPlatform unable to retrieve token from MSOIDCRL. Error (80048821)

    Monday, December 7, 2015 11:46 AM
  • Hi Jason,

    No, It is correct to have this record.

    I will rephrase the steps again to be 100% sure:

    Click Options, Click Personal, Click Advanced, Select Manual configuration, On Internal server name text box; type your frontend server FQDN:5061 (for example server.contoso.com:5061)

    Can you sign-in on someone else's computer?

    Can others sign-in on your computer?

    Best Regards,


    Monday, December 7, 2015 12:18 PM
  • Hi,

    There is only 1 account so no in regards to others signing in. I have tried again with no joy. When is asked for a username I still put in my sing in address? With the password being the windows active directory password?

    Thanks

    Monday, December 7, 2015 12:24 PM
  • Hi,

    You said that you put your sign in address in username field, maybe your sign in address is different than your active directory UPN so make sure you type your UPN in username field.

    Best Regards,



    • Edited by M Hafez Monday, December 7, 2015 12:31 PM
    Monday, December 7, 2015 12:30 PM
  • So my UPN is firstnamesurname@mywindowsdomain.local ?
    Monday, December 7, 2015 12:49 PM

  • Are you attempting to sign-in from internal LAN or remotely without VPN? Ensure that the lyncdiscoverinternal.<yourSIPdomain> DNS A record is correctly defined and points to your Front-End Pool. Externally, lyncdiscover.<yourSIPdomain> is required. Otherwise, sip.<yourSIPdomain> is used as fallback for Lync 2013 and Skype 2015/6 clients.

    UPN in AD is typically not used as a SIP domain where the latter should match your (public) SMTP Email address in practice.

    Please share with us if this helps. Thanks.


    TechNet/MSDN Forum Moderator - http://www.leedesmond.com

    Monday, December 7, 2015 2:53 PM
  • I'm trying to sign in locally. I don't actually have an email address associated to my domain or have it linked to my office 365 account is that going to cause an issue? The domain does exist and points to my server, I have also gone through the DNS tests which all passed.

    This is just a test environment to see if I can connect our system to Skype. So far its been a total fail. I decided to setup a skype online account as I thought that would be easier. It turns out that was also a disaster, even the support were unsure on things. Most importantly in the UK Skype for business does not support telephone numbers. But the personal version does, genius who is in charge of this.....

    So ditching the online version I would still like to get this standalone version in operation. When I'm signing in to the standalone version does it in anyway connect to Skype on Microsoft to check / verify things?

    I have just tried again from my PC which is not on the active directory domain and I received a box informing me of the certificate details. Which looks promising but it does show thats its connecting to skype.windowsdoamin.local. Which will not work as I'm not in that domain. How can I get around that?

    I must stay there is no clear direction on how to set things up from start to finish. I followed the how to install skype for business from Microsoft but that simply doesn't cover everything. I'm wondering have they purposely made this complicated? I can setup an Asterisk server in 15 minutes. 

    Monday, December 7, 2015 3:39 PM
  • Hi,

    Would you please elaborate your Skype for Business Server environment (such as domain name, sip domain name, Standard Edition or Enterprise Edition)?

    1. Make sure the FE Server certificate all needed SANs in the link below:

    https://technet.microsoft.com/en-us/library/gg398094%28v=ocs.15%29.aspx?f=255&MSPPError=-2147217396

    Also including the lyncdiscover SAN

    2. Make sure all needed DNS records added on the internal DNS Server:

    lyncdiscover.yourdomain.com

    FEFQDN.domain.com

    meet.yourdomain.com

    dialin.yourdomain.com

    admin.yourdomain.com

    3. Please make sure all Skype for Business Services started on FE Server.

    Best Regards


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Eason Huang
    TechNet Community Support

    Tuesday, December 8, 2015 8:55 AM
    Moderator
  • Hi,

    OK I have Skype installed on 1 server. You have mixed yourdomain.com and domain.com. I have a local domain and a public domain. Which are you referring too here? I have setup DNS on my windows server for internal and my ISP DNS server for external. The install is Skype Standard which is the trial version.

    Local Domain = test.local

    Public Domain I would rather not post.

    Thanks

    Tuesday, December 8, 2015 9:18 AM
  • Anyone have a step by step guide on making the perfect certificate? This is just a test so I don't need to go too deep into this.

    Thanks

     
    Tuesday, December 8, 2015 9:32 AM
  • Hi,

    Did the login issue happen internal or external the domain?

    Have you deployed Edge Server on the DMZ zone? if not, then SFB client couldn't login external the domain.

    I suppose that all of your SFB user account use the public sip address, such as contoso.com.

    For internal FE Server certificate, you need a internal certificate with SANs similar like below:

    CN: FEFQDN.test.local

    SAN: FEFQDN.test.local, lyncdiscoverinternal.contoso.com, meet.contoso.com, dialin.contoso.com, admin.contoso.com.

    Make sure on the internal DNS Server, the DNS A record such as lyncdiscoverinternal, meet, dialin, admin point to the IP of Standard Server.

    If you have deploy Edge Server, for the external Edge interface certificate, you need a public SAN certificate which including the Edge Access Service (such as sip.contoso.com), Webconf Service SANs.

    Also on the public DNS Server, point the A record sip.contoso.com to the Edge Server Access Service public IP.

    Best Regards


    Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact tnmff@microsoft.com.

    Eason Huang
    TechNet Community Support

    Thursday, December 10, 2015 9:40 AM
    Moderator