I never thought I would be blogging about Skype for Business in 2019…. Oh Well! 🙂
I was contacted by a friend who had deployed an Audiocodes CloudBond appliance to one of their customers. They were experiencing issues with users not being able to search the address book service in Skype for Business.
The Audiocodes Cloudbond appliance deploys Skype for Business Standard Edition into its own domain. In order to connect users to it, an AD Forest trust is required between the Cloudbond and User AD Forest. Users are then synched from the User domain to the CloudBond domain.
This is a typical resource forest deployment.
Initial testing showed that when you ran Test-CsAddressBookService with the credentials of a Skype enabled user in the user forest, the result that came back was an IIS Error 500 Internal Server Error.
After much digging around proving that there was nothing wrong with Skype for Business itself, I decided to take a step back and troubleshoot authentication. I could see that the user could indeed authenticate in the resource forest, I could see the user authenticating against the IIS ABS website and the 500 error was coming from an IIS module
ModuleName="OCSABSModule", Notification="AUTHORIZE_REQUEST", HttpStatus="500", HttpReason="Internal Server Error", HttpSubStatus="0", ErrorCode="The operation completed successfully."
Checking the user permissions on the Skype server Local Security Policy I couldn’t see the user domain, domain users group in the Access this computer over the network setting in LSP / Local Policies / User Rights Assignment.
I thought I would check the local Users group on the server to see if it was listed there, and it wasn’t. After adding USERDOMAIN\Domain Users to the local Users group and rebooting the Skype Front End, users were allowed to search the address book service.
Test-CsAddressBookService -UserSipAddress "sip:email@example.com" -UserCredential "firstname.lastname@example.org" -TargetFqdn "rfsfb.sfb.domain.com"
Target Fqdn : rfsfb.sfb.domain.com
Target Uri : https://rfsfb.sfb.domain.com:443/abs/handler
Result : Success
Latency : 00:00:19.1432698
Error Message :
And testing on the client:
Simple fix in the end, but not an easy one to find initially.