Skype for Business Hybrid – Part 1
I’m sure there will be many more parts to this as O365 is ever “evolving”, euphemism for “it’s bloody different every time I go in there…”
An issue I recently hit when trying to connect an OnPrem Skype environment to a company’s Online counterpart, aka setting up Skype4b Hybrid, I ran into this lovely error:
Get-CsWebTicket : Failed to connect live id servers. Make sure proxy is enabled or machine has network connection to live id servers
After verifying and re-verifying numerous items like: connectivity; access portal to verify password; review every powershell command; DNS entries; confirm moving csusers via PowerShell; and moon phases, it was time to contact support. A week later, plus 2-4 engineers (who can keep track), I get the knowledgeable one.
Run these 3 commands, from an As Administrator CMD prompt, not PowerShell:
ICACLS %windir%\System32\config\systemprofile\AppData\Local /grant *S-1-5-20:(OI)(CI)(RA)
ICACLS %windir%\System32\config\systemprofile\AppData\Local\Microsoft\MSOIdentityCRL /grant *S-1-5-20:(OI)(CI)(IO)(F)
%windir%\system32\inetsrv\appcmd recycle apppool /apppool.name:LyncIntManagement
Good to go after that, no more problems signing in, and was able to complete the “Set up Hybrid with Skype Online” wizard, plus move users up and down without the use of Skype PowerShell.
This is potentially an issue with CU-259, not sure when it began or when it will be fixed, but the above commands appear to apply a missing/broken ACL.
Special shout out to Arran on his article for Online-to-Onprem setups. His section on getting the already Online users enabled in the newly created Onprem system, saved my bacon: https://blog.kloud.com.au/2015/08/26/skype-for-business-online-to-on-premises-migration/
Skype Hybrid setups, when creating the new CSHostingProvider, check your Skype Online Admin Panel. IF the URL is admin1a.online.lync.com, your Autodiscover URL on your hosting provider will likely change to https://webdir1a.online.lync.com/Autodiscover/AutodiscoverService.svc/root after you’ve completed the “Set up Hybrid with Skype Online” wizard. At least that’s my experience every time. Doesn’t matter much, just being petty I’m sure, but next time I’ll be trying this command out instead, assuming its admin1a again.
New-CSHostingProvider -Identity SkypeforBusinessOnline -ProxyFqdn “sipfed.online.lync.com” -Enabled $true -EnabledSharedAddressSpace $true -HostsOCSUsers $true -VerificationLevel UseSourceVerification -IsLocal $false -AutodiscoverUrl https://webdir1a.online.lync.com/Autodiscover/AutodiscoverService.svc/root