Forum Discussion

mbalint987's avatar
mbalint987
Copper Contributor
Oct 08, 2022

Skype for Business hybrid - Issues between on-premise and Teams only users

Hi everyone,   I successfully configured Skype for Business hybrid between my on-premises Skype for Business environment and Skype for Business Online/Microsoft Teams and I migrated my first user i...
adoption
How-to
tips & tricks
EduNic1800's avatar
EduNic1800
Brass Contributor
Nov 01, 2022

KennethML 

 

There were no such changes on our site. What also makes me curious:

 

ms-diagnostics: 1010;reason="Certificate trust with another server could not be established";expected-fqdn="external.edgefqdn.com";certName="c-lgw-euno-02.lgw.skype.com";cause="Possible server configuration issue";info="The peer certificate does not contain a matching FQDN";source="sipfed.online.lync.com";source-server="RD38563D80164B"

 

 

expected-fqdn=is our external edge name but certName="c-lgw-euno-02.lgw.skype.com" is something on the MS side. 

 

there we no changes on our site - except for 10/22 Windows Updates and the October SfB19 Update. The Updates were done on Wednesday last week - but the issue appeared today.

KennethML's avatar
KennethML
MCT
Nov 01, 2022
It is a bit strange, I agree, but I know there usually is an explaination.

The diagnostic string tells us following:
source="sipfed.online.lync.com" = This message is from external party
expected-fqdn="external.edgefqdn.com" = This is your Edge server external AV interface. Right??

Did you verify the AV cert or do you assume it is fine??
/Kenneth ML
  • EduNic1800's avatar
    EduNic1800
    Brass Contributor
    Nov 01, 2022
    Yes - i checked the certificate - ist still valid till June 2023. Also tried to remove and to reapply it - still the same issue.

    "expected-fqdn" equals to the EDGE "Access Edge service" FQDN - not the AV Edge Service.
    I have also tried to connect to all three URLs (Edge Service, Web Conf and A/V) with openssl s_client - correct certificate is presented and valid till 06/23. Its a concolidated EDGE with 3 public IPs.

    I have also run https://testconnectivity.microsoft.com/tests/OnPremisesSfB/input with A/V Test enabled - everything seems fine. The SSL/TLS for the same url as in "expected-fqdn" is validated fine for TLS 1.0, TLS 1.1 and TLS 1.2.

Resources