Tuesday, 24 January 2017

Skype for Business Online gives a DNS error

Skype for Business Online gives a DNS error on user logon
I was involved in migrating a business from one Office 365 Tenancy to another for business reasons.
In the old tenancy the users were successfully using SfB online.after migrating to the new tenancy, we have random users not capable of logging into Office 365 Skype for Business.

The odd thing was they were getting DNS errors

The Skype for Business DNS troubleshooter Link indicated that all was good and the fact that some users could connect and others could not from different parts of the world seemed to indicate further issues. The Skype for Business Troubleshooter of Admins Link indicated at step 12 that I may have the following issues
Check for duplicate SIP addresses:
  • KB 2430520: Error in the Office 365 portal: "Value of msRTCSIP-PrimaryUserAddress or the SIP address in the ProxyAddresses field in your local Active Directory is not unique"
Check the msRTCSIP-UserEnabled attribute:
  • KB 2705378: Error message when you try to sign in to Lync Online: "Cannot sign in to Lync because this sign-in address was not found"

After further investigation, it was found that Azure AD Connect had replicated some msRTC… attributes. Looking at a user using ADSIedit I found the following attributes on a user, that I cleared or set to not set

msRTCSIP-DeploymentLocator SRV:
Cleared this attribute
msRTCSIP-FederationEnabled true
Set to not set
msRTCSIP-InternetAccessEnabled true
Set to not set
msRTCSIP-OptionFlags 257
Cleared this attribute
msRTCSIP-PrimaryHomeServer CN=Lc Services,CN=Microsoft,CN=1:1,CN=Pools,CN=RTC Service,CN=Services,CN=Configuration,DC=domain,DC=IE
Cleared this attribute
msRTCSIP-PrimaryUserAddress sip:a.user@domain.IE
Cleared this attribute
msRTCSIP-UserEnabled true
Set to not set
msRTCSIP-UserPolicies 0=2023619321
Cleared this attribute

Clearing these attributes on on premise AD and then forcing a full synchronisation with Azure AD Connect, I could see the user update the cleared records.
Using the Powershell command

Get-CsOnlineUser -identity a.user@domain.ie | select OnPremSipAddress

I saw that the output had the attribute clear and Skype for Business could log in.

Running a slightly different query returned all the other users I had the issue with
# This will find the Lync onpremise enabled users.
Get-CsOnlineUser | select OnPremSipAddress | out-gridview

Turns out there was a Lync Server deployed in the early naughtys that was just unplugged and removed.

No comments: