Microsoft Lync client does not connect to Lync online from internal/LAN network

Problem: Microsoft Lync client does not connect to Lync online from internal/LAN network. It is working from external/internet network.

The issue was reported to me that the internal network users (all users) could not log in to Lync where as the users ourside the network (from the Internet)  were able to log in.

I logged in to the provided desktop and tried to log in to Lync and got error "Lync couldn’t find a Lync Server for domain.com. There might be an issue with the Domain Name System (DNS) configuration for your domain. Please contact your support team."

This article shows how I applied some troubleshooting to get to the final solution:

Troubleshooting steps:
 

• Tried to login to lync using account and got error "Lync couldn’t find a Lync Server for domain.com. There might be an issue with the Domain Name System (DNS) configuration for your domain. Please contact your support team"

-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- -----
Event ID: 4

Log Name: Application
Source: Lync
Event ID: 4
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Description:
Lync could not connect securely to server sip.domain.com because the certificate presented by the server did not match the expected hostname (sip.domain.com).

Resolution:

If you are using manual configuration with an IP address or a NetBIOS shortened server name, a fully-qualified server name will be required. If you are using automatic configuration, the network administrator will need to make sure that the published server name in DNS is supported by the server certificate.

Event ID: 1

Log Name: Application
Source: Lync
Event ID: 1
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Description:
Lync was unable to locate the login server. No DNS SRV records exist for domain domain.com, so Lync was unable to login.

Resolution:

Please double-check the server name to make sure that it is typed correctly. If it is correct, the network administrator will either need to use manual configuration to specify the login server's fully-qualified domain name (FQDN), or add DNS SRV records for the domain.com domain in order to allow automatic client configuration. The DNS SRV records _sipinternaltls._tcp.domai n.com, _sipinternal._tcp.domain.c om and/or _sip._tls.domain.com may need to be configured if automatic configuration is desired.

Event ID: 3

Log Name: Application
Source: Lync
Event ID: 3
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Description:
Lync was unable to resolve the DNS hostname of the login server sipinternal.domain.com.
Resolution:

If you are using manual configuration for Communicator, please check that the server name is typed correctly and in full. If you are using automatic configuration, the network administrator will need to double-check the DNS A record configuration for sipinternal.domain.com because it could not be resolved.

-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- --

• Failed to resolve sip.domain.com from internal network using nslookup.
• Observed that the domain.com DNS zone is created in internal DNS and the sip.domain.com DNS record was not present.
• Enabled logs in lync client.
• Then tried to login to lync using lync client and got below events after the login failure.

-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---
Log Name: Application
Source: LyncPlatform
Event ID: 3
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Description:
LyncPlatform unable to retrieve token from MSOIDCRL. Error (80048821)
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- -----

• Did research on the event is 4 and 3.
• Found article http://community.office365.com/en-us/f/166/t/60897.aspx which guided me in the right direction to create DNS records on internal DNS. Reffered comment by (PlanetJorge - MVP) in the article.
• Logged on the office 365 tenent and gathered the lync entries.
• Created following entries one by one in internal DNS zone domain.com.
• Sucessfully resolved the DNS records related to Lync using nslookup.
• After creating all the below DNS records the users are able to login to Lync through internal network.

-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- -------
SRV records

Type    Service                Protocol    Port      Weight    Priority    TTL       Name                     Target
SRV    _sip                             _tls        443              1        100        1 hour  domainname        sipdir.online.lync.com
SRV    _sipfederationtls    _tcp        5061           1        100        1 hour   domainname        sipfed.online.lync.com

CNAME records

Type                     Host name                                         Destination                         TTL
CNAME            sip.domain.com                                     sipdir.online.lync.com       1 hour
CNAME           lyncdiscover.domain.com                   webdir.online.lync.com    1 hour

Note: The  placeholder in this table represents the name of the Session Initiation Protocol (SIP) domain of your organization, such as contoso.com
-------------------------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---------- ---
Cause:

Unable to resolve the HOST/CNAME and SRV records which is required for Lync from internal/LAN network.

Resolution:

Fixed the issue by creating (SRV) and alias (CNAME) records in our internal Domain Name System (DNS).