- If I am correct then it means that your Lync Server is not published that's why you are using VPN to log-in into Skype for Business to do meetings. Whereas I know to get rid from VPN, the one.
- Feb 03, 2016 We have a lab configured with Front End, Back End, Exchange, and an Edge Server. From a workstation remotely, we can connect using the Skype for Business 2016 client pointing to our access.domain.com:5061 address (not using auto-discover). We are trying to get the iPhone app to connect and continually get the 'We can't connect to the server.
- Skype For Business You're Not Configured To Connect To The Server
- Skype For Business Youre Not Configured To Connect To The Server Using
- Skype For Business App You're Not Configured To Connect To The Server
- Skype For Business You're Not Configured To Connect To The Server Mac
The URL mentioned in the domain file must be the external web services URL for the Front End Server or Director pool. If the internal web services URL is returned, the web publishing rule is incorrect. Troubleshooting TLS connection issues. One of the most common problems with Skype for Business deployment is related to certificate issues. Every communication in Skype for business is a secured, no matter if it’s a server to server or client to server communication. To secure the communication, all connections are secured by the TLS protocol.
-->You can provide communications services to users in your organization in any of the following ways:
- Deploying Skype for Business Server in your organization (known as on-premises services) and setting up Skype for Business user accounts in your organization.
- Setting up a Microsoft Skype for Business Online customer account with a Hosting Provider and setting up user accounts with the Hosting Provider (known as online services).
If you deploy Skype for Business in your organization, you can federate with the domains of one or more Skype for Business Online customers. To enable federation between users of your on-premises Skype for Business deployment and users of a Skype for Business Online customer, you must configure support for the domain and users of the Skype for Business Online customer.
Important
Skype for Business Online will be retired on July 31, 2021. If you haven't upgraded your Skype for Business Online users to Microsoft Teams before that date, they will be automatically scheduled for an assisted upgrade. If you want to upgrade your organization to Teams yourself, we strongly recommend that you begin planning your upgrade path today. Remember that a successful upgrade aligns technical and user readiness, so be sure to leverage our upgrade guidance as you navigate your journey to Teams.
Note
This documentation describes only the procedures for configuring your organization to support federation with an Skype for Business Online customer. This documentation does not describe the procedures for configuring the Skype for Business Online customer to support federation.
Prerequisites for federating with a Skype for Business Online customer
To federate with a Skype for Business Online customer, you should have already completed initial deployment and configuration of Skype for Business Server in your organization. This includes the following:
- Deploying at least one Standard Edition server or one Enterprise Edition Front End pool in your organization.
- Enabling internal user accounts for Skype for Business Server.
- Deploying at least one Edge Server and the other components required to support external user access. For details, see Managing federation and external access to Skype for Business Server.
- Enabling federation support within your organization and configuring the appropriate method for controlling access by federated domains. For details, see Enable or disable remote user access and Manage SIP federated providers for your organization.
- Enabling external user access for users in your organization. For details, see Assign an external user access policy to a Skype for Business enabled user.
Configure federation support for a Skype for Business Online domain
Federating with a Skype for Business Online customer requires you to complete the following steps:
Configure support for the domain of the Skype for Business Online 2010 customer (for example, contoso.onmicrosoft.com). As specified in Prerequisites for federating with a Skype for Business Online customer, you should have already enabled federation for your organization. Enabling federation requires specifying the method to be used to control access by federated domains. If you configured your organization to use discovery, adding the domain to your organization’s allowed list is optional. If you did not enable domain discovery, then you must add the domain name of the Skype for Business Online customer to your allowed domains list. You can add a domain name either by using Skype for Business Server Control Panel or by running the New-CSAllowedDomain cmdlet. For details about using Skype for Business Server Control Panel, including enabling discovery of domains, see Manage SIP federated providers for your organization in Skype for Business Server. For details about using the New-CSAllowedDomain cmdlet to add a domain, see New-CsAllowedDomain.
Note
A Skype for Business Online customer can have multiple domains. If you want to federate with more than one of the domains, you must configure support for each individual domain with which you want to support federation, and the administrator of the Skype for Business Online customer must enable federation for each of the domains to be federated.
Configure support for the hosting provider of the Skype for Business Online customer domain with which you want to federate. Use the procedure in this section to configure support for hosting provider.
Note
This step is required only for federation with a domain of a Skype for Business Online customer, not for federation with any domain that is deployed on-premises at a federated partner’s location.
Skype For Business You're Not Configured To Connect To The Server
To configure support for a hosting provider
From a Front End Server, Start the Skype for Business Server Management Shell: Click Start, click All Programs, click Skype for Business Server, and then click Skype for Business Server Management Shell.
Run the New-CsHostingProvider cmdlet to create and configure the hosting provider. For example, run:
The preceding example sets the following parameters:
Identity specifies a unique string value identifier for the hosting provider that you are creating. Note that the command will fail if an existing provider has already been configured with that Identity.
ProxyFQDN specifies the fully qualified domain name (FQDN) for the proxy server used by the hosting provider. This value cannot be modified. If the hosting provider changes its proxy server you will need to delete and then recreate the entry for that provider.
VerificationLevel specifies how (or if) messages sent from a hosting provider are verified to ensure that they were sent from that provider.
Enabled indicates whether the network connection between your domain and the hosting provider is enabled. Messages cannot be exchanged between the two organizations until this value is set to True.
EnabledSharedAddressSpace indicates whether the hosting provider is being used in a shared SIP address space (split domain) scenario.
HostsOCSUsers indicates whether the hosting provider is used to host Skype for Business Server accounts. If False, the provider hosts other account types, such as Microsoft Exchange accounts.
IsLocal indicates whether the proxy server used by the hosting provider is contained within your Skype for Business Server topology.
For details about using this cmdlet, see New-CsHostingProvider.
Configure user access for federation with a Skype for Business Online customer
You must configure the user accounts of all the users in your organization in order for them be allowed to communicate with federated partners. This configuration is applied for all federated partners, including any Microsoft Skype for Business Online customer domains with which you support federation. For details about configuring federation support for user accounts, see Configure policies to control federated user access and Assign an external user access policy to a Skype for Business enabled user.
Verify communications with a Skype for Business Online customer in Skype for Business Server
To enable Skype for Business users in your organization to communicate with users of a Skype for Business Online customer, you must have completed the following steps:
- Met all prerequisites. This includes deploying your internal and edge servers, enabling federation support for your organization, and setting up user accounts. For details, see Prerequisites for federating with a Skype for Business Online customer.
- Configured domain access support in your internal deployment. This includes creating a host provider entry and configuring your deployment to allow access from the Skype for Business Online customer’s domain. For details, see Configure federation support for a Skype for Business Online domain.
- Configured your user accounts to support federation. For details, see Configure user access for federation with a Skype for Business Online customer.
After you complete all of these steps and the administrator of the Skype for Business Online customer completes all configuration of their online services to support federation with your organization, verify communications by testing communications between an internal user in your organization and a user of the Skype for Business Online customer. If communication is not successful, use the Logging Tool from your Edge Server to capture log and trace files in order to troubleshoot the problem.
Skype for Business is one of the primary communication channels within a corporate environment. It can impact company productivity if it’s not working properly. Skype for Business desktop clients connect to the server through many components and several configuration settings. In this article, we’ll look at what needs to be done to fix authentication (connection) issues.
Find out how Sherweb can help your business grow—explore our Partner Guide!
Why can’t your tenants log into Skype for Business?
Office 365 offers a Single Sign ON (SSO) as part of the ADFS (Active Directory Federation Service). It connects the Active Directory with Office 365 and provides users with a single sign-on for Office 365 services on desktops and mobile devices.
Single Sign-On essentially provides a generic single sign-on solution by storing and transmitting encrypted user credentials across the network boundaries. Therefore end users do not have to sign in (and remember different credentials) each time they log in to a different environment/application. (Outlook, Skype, OneDrive etc).
In order to do that, it uses the Office 365 credentials previously cached in the Windows Credentials manager. More on that later.
SSO is also capable of Office 365 provisioning; it offers Security Compliance, license pairing, Multi-factor Authentication and it is fast.
Office 365 brings these three main identity models to set up and manage user accounts:
Cloud identity, Synchronized identity, and Federated identity.
The Federated Identity model brings with it Single Sign On capabilities.
Users working for big organizations, for instance, would most probably use an Office 365 implementation based on Federate Identity, and on the process to migrate from an on-premises infrastructure (Local Servers, NOT cloud servers) to the MS cloud solution (Office 365).
The problem arises when locally cached passwords don’t match.
Office 365 (SSO) caches the access password on the Windows credential manager while the browser will cache it in itself. Moreover, corporate environments very often require a password change, which means that password changes will also occur in Active Directory, and there will be collateral issues due to password replication disruption or latency.
Has been noticed that a mismatch between the credentials stored by those components, won’t allow an SSO connect to its O365 server.
To fix this, one needs to clear all the credentials data previously cached locally on the machine and try to log in again using the latest available credentials (ID plus Password).
How to troubleshoot Skype for Business login
1) Internet Explorer: Clear the cache
(The same applies when using different browsers)
On Internet Explorer, click on the 3 dots in the upper right and go to Settings.
Clear Browser data, click on: Choose what to clear.
Select all the checkboxes and click on Clear.
2) Windows Credential Manager: Clear the stored passwords
Windows Credential manager is a tool that allows a user to store names and passwords used to login to any websites or to the network.
Credentials are saved in a special folder called Vaults. This data is then used by Windows itself or other applications, such as Windows Explorer, Office 365, Internet Explorer, and a few others when running the authentication processes.
Go to start. In the search box, type: Credential manager.
Open it.
Expand each password field, and remove the stored password by clicking on Remove.
Skype For Business Youre Not Configured To Connect To The Server Using
Repeat the process for each stored password.
3) Sign out from Skype and click on ‘Delete my sign-in info’
4) Verify the Proxy Auto Configuration
The Proxy Auto Config (PAC) setup defines how web browsers and other user agents (like Skype) can automatically choose the proxy server assigned to them. The PAC configuration is one primary network check that we need to perform in order to ensure that we are compliant with the corporate network policies and configurations.
Open Internet Explorer, Tools >> Internet Options >> Connections >> Lan Settings >> verify PAC configuration:
If everything is OK, (check if your network infrastructure relies on a proxy server) we can exclude the PAC configuration as the root cause and proceed with troubleshooting.
5) Clear the DNS cache
Skype For Business App You're Not Configured To Connect To The Server
The DNS cache stores the IP addresses of the servers containing web pages and services you have recently used. If the server IP address changes before the entry is stored in the DNS cache, the access is no longer allowed on the server.
Go to Start. On the search box type: cmd.
Open it.
Type: ipconfig /flushdns, and press Enter.
6) Make sure cookies aren’t blocked on your browser
On Internet Explorer, click on the 3 dots on the upper right and go to Settings.
Go to: Advanced Settings.
Make sure the Cookies status is set on: Don’t block cookies.
Close Internet Explorer.
7) Check your firewall settings
There may be a firewall blocking your access to Skype.
Quit Skype.
Click Start > Control Panel and double-click Windows Firewall.
Ensure that Don’t allow exceptions is unticked.
Go to the Exception tab, and check if Skype is included among the exceptions:
In this case, if Skype is displayed in the Programs and Services list, highlight it and click Delete.
Click Yes and OK.
Skype For Business You're Not Configured To Connect To The Server Mac
Sign into Skype again. If the Windows Firewall asks to block Skype, click Unblock.
8) Clear the SIP Profile
The SIP Profile contains the configuration and user data for the corresponding Skype Connect™ service.
Go to C:Usersuser$AppDataLocalMicrosoftOffice15.0Lync
Delete the Folder: sip_user@domain.com
Restart your pc and see if you can now access Skype correctly.
If the issue persists, do the following.
9) Repair the Office 365 Pack
Click Start > Control Panel > Programs > Programs and Features.
Select the Office Pack you want to repair, and then click Change.
Click either on Quick Repair or Online Repair.
Restart your pc and see if Skype can now be accessed correctly.
10) Verify the Lyncdiscover CNAME record
The Lyncdiscover CNAME is a parameter present in the Domain Name System (DNS) records. One needs to verify that is properly registered.
Go to: https://www.testlyncconnectivity.com/
Select the test you want to run (SfB/ Lync) and select the first option: Skype for Business Server Remote Connectivity test.
Provide your Office 365 credentials and start the test.
If any issues are detected, check your DNS configuration settings.
11) Check the Office 365 Health Status Portal
Last but not least, remember: Always keep an eye on the Office 365 Health Status Portal.
Why? These are the 2 reasons:
- Avoid wasting your (and your user’s) time: The Health Status Portal gives you the overview of any general issue going on the Office cloud platform. If for instance, maintenance is being run on the Server mail-flow performances, you’ll know that before the user calls in reporting he is not receiving his emails on time. It will be enough to provide the user with such information and kindly ask to wait a while. No remote troubleshooting sessions will, therefore, be necessary.
- The daily interaction with the Health Status Portal will give you more confidence and know-how in approaching any Office 365 issue.
Sign in with your Office 365 admin account at https://login.microsoftonline.com
In the Office 365 admin center, go to Health > Service health.
The site provides information about the known issues and maintenance activities in progress by Microsoft for each Office 365 environment. It’s a good habit to always keep it at hand, since it might spare you long (and worthless) troubleshooting sessions on Skype for Business trying to pinpoint a problem that is actually taking place at the server level.
What other problems do you experience with Skype for Business? Contact us and we’ll do our best to diagnose them.