Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17


Cannot connect to Lync Online (Office 365)

Posted on 2016-10-07
Medium Priority
Last Modified: 2016-10-24
Hello experts,

We were using an on-premise Lync 2013 Server for the last 2 years. Now that our group has merged with another group, we chose to go 'cloud' with them.

So what we did was to change our local split-DNS and external DNS entries, according to documentations found on some office365 websites.

BTW Exchange works fine for everyone.

Most of our users are connecting to Skype for Business Online, but at some locations, our employees cannot. They are all getting the same error regarding DNS

(I'll replace our external domain name for contoso)

"Can't sign in to Skype for Business"

"Skype for Business couldn't find a Skype for Business Server for There might be an issue with the Domain Name System (DNS) configuration for your domain. See KB2566790 for details and contact your system admin."

Every locations has a DC with DNS server role. So I've checked our internal DNS servers, to make sure everything was replicating fine, and it does. All our DNS servers have the following entries regarding Lync

Forward Lookup Zones

name: lyncdiscover    Type: CNAME     Data:
name: sip    Type: CNAME     Data:

- _tcp
name: _sipfederationtls    Type: SRV     Data: (5061)

- _tls
name: _sip    Type: SRV     Data: (443)

If I run a ‘lync connectivity analyzer’ on problematic workstation, I get the following error:

Server discovery failed for unsecured external channel against

I attached the log file.

Thanks for any help you could provide
Question by:deewave
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 4
LVL 43

Expert Comment

by:Vasil Michev (MVP)
ID: 41834127
The easiest way to confirm whether it's a DNS issue is to configure SfB manually. So File -> Personal -> Advanced -> Manual config -> set for both internal/external -> confirm -> restart the client. Cleaning your sign-in info or directly the profile dir (under C:\Users\XXXX\AppData\Local\Microsoft\Office\16.0\Lync) can also help in some situations.

If you are able to connect, focus on finding out why the DNS lookup is failing. If you still cannot connect, might be a firewall/proxy issue or something else entirely. Another common situation is when the SIP address doesnt match the UPN and user confuse what to enter where, the error message you get in such cases can sometimes be a bit convoluted...

Author Comment

ID: 41834199
Hi Vasil

I've tried for both internal and external server name, now I get the error
"The server is temporarily unavailable. If the problem continues, please contact your"

I've also try to browse from a working location and the other.
From the working one, I browse a page with some text

Status: 404 Not Found
Server: RTC/7.0

From a problematic location, I simply cannot get to the page: "The webpage cannot be found"

Also, I've test with Google's DNS as primary nameserver, and I can connect on Lync!
LVL 43

Expert Comment

by:Vasil Michev (MVP)
ID: 41834282
Looks like a firewall/proxy issue on top of the DNS one? Better check with your network guys.
Office 365 Training for Admins - 7 Day Trial

Learn how to provision tenants, synchronize on-premise Active Directory, implement Single Sign-On, customize Office deployment, and protect your organization with eDiscovery and DLP policies.  Only from Platform Scholar.


Author Comment

ID: 41834371
Well, I'm the network guy ;)

I'm 99% sure it's not a firewall issue. We have SonicWall router everywhere, with same security config for each locations (except our datacenter which is not part of this matter). I gave a try though, with no security (antivirus, app control, etc...), same result

I've noticed the locations that are not a full /24 subnet all have the problem. Simple coincidence?

Author Comment

ID: 41838867
If I log on my user's computer with his credentials, I can't open SfB as mentioned above. But if I log on his computer with the domain admin account, and put my user's credentials in SfB, it works perfect!

I tried to give my user local admin rights to his pc, but it doesn't resolve the problem.

I also tried to log on his pc with my credentials (I'm member of Domain Admin group), but it gave the same error as above.

So, that being said, what could cause this issue? Obviously it has something to do with rights.

Thanks for any help you could provide

LVL 43

Expert Comment

by:Vasil Michev (MVP)
ID: 41838925
Are you perhaps using mandatory profiles or similar? Or restricting access to the registry? SfBO uses certificate-based auth and the user must have enough permissions to create a certificate and store it in the registry. You can check whether there are any "communications server" certificates under certmgr.msc -> Personal.

Author Comment

ID: 41840223
I'm not quite sure what mandatory profiles are, and how to verify if we have any. All I know is that Skype is working fine for that same user with DNS or logging from another location.

No there are no certificates in his Personal\Certificates store.
I tried to export the one created with the domain admin account, and import it in his store. It imported succesfully (so I guess he can create a cert and write to registry), but it' still failing to connect to SfB
LVL 43

Expert Comment

by:Vasil Michev (MVP)
ID: 41840442
Not sure, you seem to have few issues contributing to this. The manual configuration should bypass any issues with the local DNS servers, but apart from there seems to be something else in play. Perhaps you are forcing a proxy or different firewall rules for the different profile types?

Accepted Solution

deewave earned 0 total points
ID: 41850054
After more than a week, finally found the culprit.

Some of our divisions have a VPN tunnel to our HeadOffice. These divisions were not in problem. When I set the tunnel also from the other divisions, Lync started to work again.
Even if Lync Online is on the cloud, authentication has to be made against our AD. This authentication is done from the Head Office.
I don't know what suddenly cause the issue (surely something on the Head Office side), but having a tunnel from each location to the Head Office resolved the issue

Thanks Vasil for your time.

Author Closing Comment

ID: 41856718
found my own solution

Featured Post

Migrating Your Company's PCs

To keep pace with competitors, businesses must keep employees productive, and that means providing them with the latest technology. This document provides the tips and tricks you need to help you migrate an outdated PC fleet to new desktops, laptops, and tablets.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Ever visit a website where you spotted a really cool looking Font, yet couldn't figure out which font family it belonged to, or how to get a copy of it for your own use? This article explains the process of doing exactly that, as well as showing how…
Cancel future meetings from user mailboxes in Office 365 using Remove-CalendarEvents
In a previous video Micro Tutorial here at Experts Exchange (, I explained how to get a free, one-month trial of Office …
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

704 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question