Pages

Wednesday, March 7, 2018

On-prem Skype for Business Server 2015 federation with Skype for Business Online logs the event: "Unable to resolve DNS SRV record";domain="fabrikam.com";dns-srv-result="NegativeResult";dns-source="WireQuery";source="sip.contoso.com"

Problem

You’ve configured your Skype for Business Server 2015 SIP FEDERATED PROVIDERS to federate with Skype for Business Online domains:

image

… but notice that one of the domains you are trying to reach is listing the presence information of the contact as Presence unknown:

image

Attempting to manually configure their domain in the SIP FEDERATED DOMAINS with the Edge Server configured as sipdir.online.lync.com:

image

… allows you to view their presence and trade messages but they are unable to view yours:

image

Using the Skype for Business Server 2015 Logging Tool to capture the IMAndPresence scenario:

image

Shows the following SIP/2.0 404 Not Found log entries:

TL_INFO(TF_PROTOCOL) [bmlyncedge01\bmlyncedge01]0608.10A4::03/02/2018-20:08:58.210.00002EA8 (SIPStack,SIPAdminLog::ProtocolRecord::Flush:ProtocolRecord.cpp(261)) [1193230895] Trace-Correlation-Id: 1193230895

Instance-Id: 9BD4F

Direction: outgoing;source="local";destination="internal edge"

Peer: bmlyncstd01.contoso.com:65371

Message-Type: response

Start-Line: SIP/2.0 404 Not Found

From: "Terence Luk"<sip:tluk@contoso.com>;tag=b57c0d9a53;epid=de538b165f

To: <sip:kseidl@fabrikam.com>;tag=61AAA34DF2202DB35CF394AA3FF1E420

Call-ID: ed355df33e6e40e8afe98664b3abe01b

CSeq: 1 SUBSCRIBE

Via: SIP/2.0/TLS 10.21.1.106:65371;branch=z9hG4bKBD5B17D0.7277A46B0013221F;branched=FALSE;ms-received-port=65371;ms-received-cid=9BD600

Via: SIP/2.0/TLS 10.23.0.28:58599;ms-received-port=58599;ms-received-cid=817000

Content-Length: 0

ms-diagnostics: 1008;reason="Unable to resolve DNS SRV record";domain="fabrikam.com";dns-srv-result="NegativeResult";dns-source="WireQuery";source="sip.contoso.com"

ms-edge-proxy-message-trust: ms-source-type=EdgeProxyGenerated;ms-ep-fqdn=bmlyncedge01.contoso.com;ms-source-verified-user=verified

$$end_record

image

Solution

One of the common causes of symptoms described above is if the domain hosted in Skype for Business Online does not have the appropriate SRV setup to allow the on-prem SfB to discover the company’s SfB. To ensure that the appropriate SRV is configured, simply attempt to look up the record with the following commands:

nslookup

set q=srv

_sipfederationtls.tcp.<domainFQDN>

A domain properly configured with the required DNS record should look like the output circled in green while a domain with the missing record should look like the output circled in red:

image

Creating the missing record will correct the issue.

Extra Troubleshooting Step

I went through numerous troubleshooting steps prior to looking at the obvious issue as outlined above because the problematic company had insisted that they did not have any issues with other partners so my assumption was that the domain I was working with wasn’t configured properly. The following may not have been the solution for this problem but I feel is worth checking as well.

One of the other possible causes to the issue above is if your domain is also configured for Office 365 services and you had inadvertently configured the domain to provide Skype for Business Online services. If this was the case then you would either have to configure interoperability between your on-premises deployment and Skype for Business Online as outlined in the following TechNet article:

Configure federation with Skype for Business Online

https://technet.microsoft.com/en-us/library/jj205126.aspx

If there is no intention on having Skype for Business Online accounts in Office 365 then ensure that the service is turned off. To check, simply launch the Azure Active Directory Module for Windows PowerShell and connect to the domain’s Office 365 account:

image

Use commands such as:

Get-MsolDomain -DomainName <domain>.com | FL

… or:

Get-MSolDomain | Select Name,Capabilities

… to determine whether Skype for Business Online is enabled for the domain:

image

No comments: