Forum Discussion
Skype Room System shows calendar info but can't sign in
Resolved!
We have now fixed this issue and it turns out it was firewall related. This is why it worked on our (Guest) Wi-Fi because that doesn't go through a firewall in the same way.
An easy way to check is to run Microsoft's https://www.microsoft.com/en-us/download/details.aspx?id=53885 in "Connectivity Check" mode. It only takes a minute to run and enabled us to give our network team the exact info on what was getting blocked.
It turned out, although we had added all of the URLs & IPs from the official Microsoft list, our next-gen layer 7 firewall was blocking particular ports (UDP 3478, 3479, 3480, 3481). We had to add these ports to our "STUN rule" to get them working.
After that was done, the SRS logged in immediately
Sounds cert related, if domain joined all ok as trust pushed via GP, if not joined then manual import of cert required.
- see https://docs.microsoft.com/en-us/skypeforbusiness/deploy/deploy-clients/console
"The Skype Room Systems v2 device needs to trust the certificates used by the Skype for Business and Exchange servers it connects to. For O365 this is done automatically, since these servers are using public Certificate Authorities and these are automatically trusted by Windows 10. In a case where the Certificate Authority is private, for instance an on-premises deployment with Active Directory and the Windows Certificate Authority, you can add the certificate to the Skype Room Systems v2 device in a couple of ways:
You can join the device to Active Directory and that will automatically add the required certificates given the Certificate Authority is published to Active Directory (normal deployment option)."