Hybrid issue - Cloud only users can't IM RRS feed

  • Question

  • Hello,

    So we run a hybrid Skype environment. All on prem users have recently had their UPN migrated from @domain.local to a address that is internet resolveable. However for some users they still don't have a sip address that matches their UPN.

    Issue we are having now is that while the on premise skype users are working fine we have started adding cloud only users. They are able to log in to the Office 365 portal fine and are able to send and receive mail. No problem there.

    However logged into their mail they are unable to sign in to Skype Online and keep receiving the error "There is a problem with instant messaging, please try again later". I am unsure where the problem lies. My environment is federated with a shared address space, but still the cloud only users can't sign in. I am assuming it's a config issue somewhere. But not sure where.

    Any help would be appreciated!

    Monday, February 13, 2017 11:32 AM

All replies

  • You need to have shared address space configured in Skype for business and integrate with skype for business online.This need to be done on both the side.follow the below blog and verify you have completed all the steps.

    Jayakumar K

    Monday, February 13, 2017 12:22 PM
  • Just wanted to make sure if the Office 365 users are enabled for Lync subscription? Since O365 is a subscriptionbased platform
    Monday, February 13, 2017 12:39 PM
  • I have done this. Shared address space is configured on both sides. However it doesn't work. I am assuming it's an issue with the UPN SIP thing. Though not sure. Also, all users in question have valid Office 365 subscriptions.

    For more information, from Skype On Prem I get this:

    PS C:\Users\Admin> Get-CsAccessEdgeConfiguration

    Identity                               : Global
    AllowAnonymousUsers                    : True
    AllowFederatedUsers                    : True
    AllowOutsideUsers                      : True
    BeClearingHouse                        : False
    EnablePartnerDiscovery                 : True
    DiscoveredPartnerVerificationLevel     : UseSourceVerification
    EnableArchivingDisclaimer              : False
    EnableUserReplicator                   : False
    KeepCrlsUpToDateForPeers               : True
    MarkSourceVerifiableOnOutgoingMessages : True
    OutgoingTlsCountForFederatedPartners   : 4
    DnsSrvCacheRecordCount                 : 131072
    DiscoveredPartnerStandardRate          : 20
    EnableDiscoveredPartnerContactsLimit   : True
    MaxContactsPerDiscoveredPartner        : 1000
    DiscoveredPartnerReportPeriodMinutes   : 60
    MaxAcceptedCertificatesStored          : 1000
    MaxRejectedCertificatesStored          : 500
    CertificatesDeletedPercentage          : 20
    SkypeSearchUrl                         :
    RoutingMethod                          : UseDnsSrvRouting

    PS C:\Users\ogdadmin> Get-CsHostingProvider

    Identity                  : Exchange Online
    Name                      : Exchange Online
    ProxyFqdn                 :
    VerificationLevel         : UseSourceVerification
    Enabled                   : True
    EnabledSharedAddressSpace : True
    HostsOCSUsers             : False
    IsLocal                   : False
    AutodiscoverUrl           :

    Identity                  : LyncOnline
    Name                      : LyncOnline
    ProxyFqdn                 :
    VerificationLevel         : UseSourceVerification
    Enabled                   : True
    EnabledSharedAddressSpace : True
    HostsOCSUsers             : True
    IsLocal                   : False
    AutodiscoverUrl           : https://$

    Skype Online gives us this:

    PS C:\WINDOWS\system32> Get-CsTenantFederationConfiguration

    Identity                            : Global
    AllowedDomains                      : Microsoft.Rtc.Management.WritableConfig.Settings.Edge.AllowAllKnownDomains
    BlockedDomains                      : {}
    AllowFederatedUsers                 : True
    AllowPublicUsers                    : True
    TreatDiscoveredPartnersAsUnverified : False
    SharedSipAddressSpace               : True

    Monday, February 13, 2017 1:24 PM
  • shared name space would only matter during federation between one sip domain to another 

    Does your office 365 users have different UPN and primary email address/sip address? If yes, then authentication would take place with UPN 

    You can make use of below to change UPN of a cloud identity (A synced object from AD)

    set-msoluser -userprincipalname "exisiting UPN" -Newuserprincipalname 

    For O365 users the Lync (sip address) is integrated with user's Primary SMTP address (I believe) 

    • Edited by Akabe Monday, February 13, 2017 2:18 PM
    Monday, February 13, 2017 1:48 PM
  • Actually my situation is this:

    On prem user: Works fine has a UPN (which used to be an @domain.local UPN). CAN use Skype Online. When logging into Lync client however, just inputting the sign in address is not enough. (see link as example)

    After this users are able to log into the client. This issue is with cloud only users.

    These users have no on premise identity. No AD account, or account on the on premise lync server. They exist only in office 365. However they are unable to connect to IM either via web or through the client.

    Tuesday, February 14, 2017 11:08 AM
  • Understood. Thnx Jos. 

    In my above comment, i did understand that it is only O365 users that are affected

    Its good to know that affected users only exist in O365 azure directory. This info helps. Thnx

    Yes, for an onprem you will have to mention domain\username for authentication and authorisation to local AD

    Since you are in hybrid set up please go through below article:-



    In a hybrid deployment, any user that you want to home online must first be created in the on-premises deployment, so that the user account is created in Active Directory Domain Services. You can then move the user to Skype for Business Online, which will move the user’s contact list.

    When you synchronize user accounts between your on-premises deployment and online tenant using AAD Connect, you need to synchronize the AD accounts for all Skype for Business or Lync users in your organization, even if users are not moved to online. If you do not synchronize all users, communication between on-premises and online users in your organization may not work as expected.

    Its like resource forest and user forest. In this case user forest wil be Office 365 users and resource forest would be your on-prem Lync server

    Also, all of your DNS records will be pointing to your onprem and that is why the Online users are unable to configure the SFB client using autodiscover or manually 

    I believe the above article will clear the confusion and wil help you resolve the issue

    Hope this helps  

    • Edited by Akabe Tuesday, February 14, 2017 11:41 AM
    • Proposed as answer by jim-xuModerator Thursday, March 9, 2017 5:20 AM
    Tuesday, February 14, 2017 11:20 AM
  • Hi Jos,

    Did above comment help?

    Thursday, February 16, 2017 4:19 PM