Skype for Business is one of the primary communication channels within a corporate environment. It can impact company productivity if it’s not working properly. Skype for Business desktop clients connect to the server through many components and several configuration settings. In this article, we’ll look at what needs to be done to fix authentication (connection) issues.

Intro

 

Microsoft is phasing out Skype for Business & replacing it with Teams. Make sure you’re ready for the change. Learn all about Teams here.

 

Why Can’t Your Tenants Log Into Skype for Business?

Office 365 offers a Single Sign ON (SSO) as part of the ADFS (Active Directory Federation Service). It connects the Active Directory with Office 365 and provides users with a single sign-on for Office 365 services on desktops and mobile devices.

Single Sign-On essentially provides a generic single sign-on solution by storing and transmitting encrypted user credentials across the network boundaries. Therefore end users do not have to sign in (and remember different credentials) each time they log in to a different environment/application. (Outlook, Skype, OneDrive etc).

In order to do that, it uses the Office 365 credentials previously cached in the Windows Credentials manager. More on that later.

SSO is also capable of Office 365 provisioning; it offers Security Compliance, license pairing, Multi-factor Authentication and it is fast.

Office 365 brings these three main identity models to set up and manage user accounts:

Cloud identity, Synchronized identity, and Federated identity.

The Federated Identity model brings with it Single Sign On capabilities.

Users working for big organizations, for instance, would most probably use an Office 365 implementation based on Federate Identity, and on the process to migrate from an on-premises infrastructure (Local Servers, NOT cloud servers) to the MS cloud solution (Office 365).

The problem arises when locally cached passwords don’t match.

Office 365 (SSO) caches the access password on the Windows credential manager while the browser will cache it in itself. Moreover, corporate environments very often require a password change, which means that password changes will also occur in Active Directory, and there will be collateral issues due to password replication disruption or latency.

Has been noticed that a mismatch between the credentials stored by those components, won’t allow an SSO connect to its O365 server.

To fix this, one needs to clear all the credentials data previously cached locally on the machine and try to log in again using the latest available credentials (ID plus Password).

 

How to Troubleshoot Skype for Business Login

1) Internet Explorer: Clear the Cache

(The same applies when using different browsers)

On Internet Explorer, click on the 3 dots in the upper right and go to Settings.

Clear the cache

Clear Browser data, click on: Choose what to clear.

Choose what to clear

Select all the checkboxes and click on Clear.

Select all the checkboxes

 

2) Windows Credential Manager: Clear the Stored Passwords

Windows Credential manager is a tool that allows a user to store names and passwords used to login to any websites or to the network.

Credentials are saved in a special folder called Vaults. This data is then used by Windows itself or other applications, such as Windows Explorer, Office 365, Internet Explorer, and a few others when running the authentication processes.

Go to start. In the search box, type: Credential manager.

Clear the Stored Passwords

Open it.

Open credential manager

Expand each password field, and remove the stored password by clicking on Remove.

Expand each password field

Repeat the process for each stored password.

 

3) Sign Out From Skype and Click On Delete My Sign in Info

Delete My Sign in Info

 

4) Verify the Proxy Auto Configuration

The Proxy Auto Config (PAC) setup defines how web browsers and other user agents (like Skype) can automatically choose the proxy server assigned to them. The PAC configuration is one primary network check that we need to perform in order to ensure that we are compliant with the corporate network policies and configurations.

Open Internet Explorer, Tools >> Internet Options >> Connections >> Lan Settings >> verify PAC configuration:

Proxy Auto Configuration

If everything is OK, (check if your network infrastructure relies on a proxy server) we can exclude the PAC configuration as the root cause and proceed with troubleshooting.

 

5) Clear the DNS Cache

The DNS cache stores the IP addresses of the servers containing web pages and services you have recently used. If the server IP address changes before the entry is stored in the DNS cache, the access is no longer allowed on the server.

Go to Start. On the search box type: cmd.

Open it.

Clear the DNS Cache

Type: ipconfig /flushdns, and press Enter.

Ipconfig -flushdns

 

6) Make Sure Cookies Are Not Blocked On Your Browser

On Internet Explorer, click on the 3 dots on the upper right and go to Settings.

Cookies Are Not Blocked

Go to: Advanced Settings.

Advanced Settings

Make sure the Cookies status is set on: Don’t block cookies.

Don’t block cookies

Close Internet Explorer.

 

7) Check Your Firewall Settings

There may be a firewall blocking your access to Skype.

Quit Skype.

Click Start > Control Panel and double-click Windows Firewall.

Ensure that Don’t allow exceptions is unticked.

Check Your Firewall Settings

Go to the Exception tab, and check if Skype is included among the exceptions:

In this case, if Skype is displayed in the Programs and Services list, highlight it and click Delete.

Skype is displayed in the Programs and Services list

Click Yes and OK.

Sign into Skype again. If the Windows Firewall asks to block Skype, click Unblock.

Windows Firewall asks to block Skype-click Unblock

8) Clear the SIP Profile

The SIP Profile contains the configuration and user data for the corresponding Skype Connect™ service.

Go to C:\Users\user$\AppData\Local\Microsoft\Office\15.0\Lync

Clear the SIP Profile

Delete the Folder: sip_user@domain.com

Restart your pc and see if you can now access Skype correctly.

If the issue persists, do the following.

 

9) Repair the Office 365 Pack

Click Start > Control Panel > Programs > Programs and Features.

Select the Office Pack you want to repair, and then click Change.

Repair the O365 Pack

Click either on Quick Repair or Online Repair.

Quick Repair

Restart your pc and see if Skype can now be accessed correctly.

 

10) Verify the Lyncdiscover CNAME Record

The Lyncdiscover CNAME is a parameter present in the Domain Name System (DNS) records. One needs to verify that is properly registered.

Go to: https://www.testlyncconnectivity.com/

Select the test you want to run (SfB/ Lync) and select the first option: Skype for Business Server Remote Connectivity test.

Verify the Lyncdiscover

Provide your Office 365 credentials and start the test.

Provide your Office 365 credentials

If any issues are detected, check your DNS configuration settings.

check your DNS configuration settings

 

Check the Office 365 Health Status Portal

Last but not least, remember: Always keep an eye on the Office 365 Health Status Portal.

Why? These are the 2 reasons:

  1. Avoid wasting your (and your user’s) time: The Health Status Portal gives you the overview of any general issue going on the Office cloud platform. If for instance, maintenance is being run on the Server mail-flow performances, you’ll know that before the user calls in reporting he is not receiving his emails on time. It will be enough to provide the user with such information and kindly ask to wait a while. No remote troubleshooting sessions will, therefore, be necessary.
  2. The daily interaction with the Health Status Portal will give you more confidence and know-how in approaching any Office 365 issue.

Sign in with your Office 365 admin account at https://login.microsoftonline.com

Check the Office 365 Health Status Portal

In the Office 365 admin center, go to Health > Service health.

Service health

The site provides information about the known issues and maintenance activities in progress by Microsoft for each Office 365 environment. It’s a good habit to always keep it at hand, since it might spare you long (and worthless) troubleshooting sessions on Skype for Business trying to pinpoint a problem that is actually taking place at the server level.

pinpoint a problem

What other problems do you experience with Skype for Business? Share your questions with us in the comments and we’ll do our best to diagnose them.

 

Office 365 Admin Guide Blog CTA

Written by Nicolas Bouchard Presales Technical Advisor @ SherWeb

Nicolas is a Business Development Specialist at SherWeb. He has worked his way up through SherWeb, starting in Technical Support (level 2) before switching to Sales. He is now in the Business Development team, and his knowledge of Office 365 is extensive. With his broad expertise in cloud computing and service management, he’s an integral part of the SherWeb team.