SOLVED

Can't sign-in to Microsoft Teams room

%3CLINGO-SUB%20id%3D%22lingo-sub-436395%22%20slang%3D%22en-US%22%3ECan't%20sign-in%20to%20Microsoft%20Teams%20room%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-436395%22%20slang%3D%22en-US%22%3E%3CP%3EWe%20are%20unable%20to%20sign-in%20properly%20to%20a%20Microsoft%20Teams%20room%20using%20the%20instructions%20listed%20in%20this%20article%3A%20%3CA%20href%3D%22https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fskypeforbusiness%2Fdeploy%2Fdeploy-clients%2Fwith-exchange-on-premises%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fskypeforbusiness%2Fdeploy%2Fdeploy-clients%2Fwith-exchange-on-premises%3C%2FA%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSTRONG%3EOur%20Environment%3C%2FSTRONG%3E%3C%2FP%3E%3CUL%3E%3CLI%3EExchange%202013%20On-Premise%20w%2F%20SP1%20and%20CU22%3C%2FLI%3E%3CLI%3EOn-premise%20Skype%20for%20Business%20with%20autodiscover%20DNS%20entries%20pointed%20on-prem%3C%2FLI%3E%3CLI%3EOffice%20365%20E3%20with%20all%20necessary%20licensing%20added%20per%20article%3C%2FLI%3E%3CLI%3EAzure%20AD%20Sync%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%3CSTRONG%3EThings%20that%20may%20be%20missing%20from%20the%20article%3C%2FSTRONG%3E%3C%2FP%3E%3CUL%3E%3CLI%3ERequired%20DNS%20entries%20-%20There%20is%20no%20direction%20in%20the%20article%20for%20DNS%20entries(we%20have%20tried%20changing%20the%20UPN%20of%20the%20Teams%20Room%20to%20%40onmicrosoft.com)%3C%2FLI%3E%3CLI%3EDomain%20field%20(bottom%20of%20Teams%20Room%20provisioning%20page%20-%20There%20is%20no%20direction%20in%20the%20article%20regarding%20what%20you%20should%20use%20for%20sign-in%20information.%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Fuser-images.githubusercontent.com%2F49342002%2F55670202-395f9b00-5847-11e9-93cd-facbaed4b71f.png%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noreferrer%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3E%3CIMG%20src%3D%22https%3A%2F%2Fuser-images.githubusercontent.com%2F49342002%2F55670202-395f9b00-5847-11e9-93cd-facbaed4b71f.png%22%20border%3D%220%22%20alt%3D%22TeamsRoom%22%20width%3D%22346%22%20%2F%3E%3C%2FA%3E%3C%2FP%3E%3CP%3E%3CSTRONG%3EThings%20that%20are%20working%3C%2FSTRONG%3E%3C%2FP%3E%3CUL%3E%3CLI%3EWe%20can%20sign-in%20to%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3E%3CA%20href%3D%22https%3A%2F%2Fteams.microsoft.com%2F%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fteams.microsoft.com%3C%2FA%3E%3CSPAN%3E%26nbsp%3B%3C%2FSPAN%3Eusing%20the%20on-prem%20synced%20room%20account%3C%2FLI%3E%3CLI%3EWe%20can%20get%20the%20calendar%20showing%20by%20using%20the%20Exchange%20address%20of%20%40onpremdomain.com%20and%20using%20the%20domain%5Cusername%20field.%3C%2FLI%3E%3CLI%3EIf%20we%20keep%20the%20Skype%20sign-in%20and%20Exchange%20sign-in%20fields%20exactly%20the%20same%20using%20%40onmicrosoft.com%20address%2C%20the%20room%20account%20is%20able%20to%20sign-in%20successfully%2C%20but%20then%20obviously%20it%20breaks%20the%20calendar%20fetching.%3C%2FLI%3E%3C%2FUL%3E%3CP%3E%3CSTRONG%3EThings%20that%20are%20not%20working%3C%2FSTRONG%3E%3C%2FP%3E%3CUL%3E%3CLI%3EWe%20cannot%20get%20BOTH%20the%20calendar%20fetching%20and%20Teams%20Room%20sign-in%20working%20at%20the%20same%20time.%20We%20can%20only%20get%20one%20or%20the%20other.%20I'm%20making%20an%20educated%20guess%20here%20that%20it%20doesn't%20like%20the%20DNS%20entries%20we%20have%20for%20autodiscover%20for%20our%20on-premise%20S4b.%20It%20could%20very%20well%20be%20that%20we%20need%20to%20fill%20in%20the%20%22Configure%20Domain%22%20with%20something%2C%20but%20there's%20no%20clear%20direction%20on%20what%20that%20should%20be%20if%20we%20have%20on-premise%20S4b%20possibly%20conflicting%20with%20the%20Teams%20autodiscover.%20That's%20why%20I%20thought%20we%20might%20be%20able%20to%20get%20away%20with%20%40onmicrosoft.com%20but%20that%20doesn't%20appear%20to%20be%20working%20at%20this%20time.%20I%20do%20have%20a%20test%20domain%20where%20we%20could%20configure%20proper%20autodiscover%20entries%20that%20point%20to%20O365%20for%20Skype%20and%20Exchange%20on-prem%2C%20which%20would%20rule%20out%20any%20sort%20of%20bug%20in%20the%20code%20that%20doesn't%20want%20to%20let%20us%20use%20a%20mix%20of%20domains.%3C%2FLI%3E%3C%2FUL%3E%3CP%3EThank%20you%20for%20any%20assistance%20you%20can%20provide!%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-LABS%20id%3D%22lingo-labs-436395%22%20slang%3D%22en-US%22%3E%3CLINGO-LABEL%3EMicrosoft%20Teams%3C%2FLINGO-LABEL%3E%3CLINGO-LABEL%3ESettings%3C%2FLINGO-LABEL%3E%3C%2FLINGO-LABS%3E%3CLINGO-SUB%20id%3D%22lingo-sub-464211%22%20slang%3D%22en-US%22%3ERe%3A%20Can't%20sign-in%20to%20Microsoft%20Teams%20room%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-464211%22%20slang%3D%22en-US%22%3E%3CP%3ESolution%20found%20after%20a%2015%20hour%20day%20of%20trial%20and%20error.%20I%20wanted%20to%20post%20the%20steps%20here%20that%20I%20have%20solidified%20to%20hopefully%20help%20someone.%20First%2C%20some%20more%20specifics%20about%20our%20environment%20so%20you%20can%20tell%20if%20this%20may%20be%20relevant%20to%20you%3A%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CUL%3E%3CLI%3EOn-prem%20AD%20with%20Azure%20AD%20Sync%3C%2FLI%3E%3CLI%3EOn-prem%20Exchange%202013%3C%2FLI%3E%3CLI%3EOn-prem%20(hybrid%20enable)%20Skype%20for%20Business%20with%20autodiscover%20DNS%20set%20to%20on-prem%3CUL%3E%3CLI%3Esip%3Auser%40primarydomain.com%3C%2FLI%3E%3C%2FUL%3E%3C%2FLI%3E%3CLI%3EWanted%20ability%20to%20book%20Teams%20Room%20using%20on-prem%20Exchange%3C%2FLI%3E%3C%2FUL%3E%3CH2%20id%3D%22toc-hId-1704792608%22%20id%3D%22toc-hId-1704792608%22%20id%3D%22toc-hId-1704792608%22%20id%3D%22toc-hId-1704792608%22%20id%3D%22toc-hId-1704792608%22%20id%3D%22toc-hId-1704792608%22%20id%3D%22toc-hId-1704792608%22%20id%3D%22toc-hId-1704792608%22%3EMailbox%20Config%3C%2FH2%3E%3CP%3ESet-Mailbox%20-Identity%20%24newRoom%20-EnableRoomMailboxAccount%20%24true%20-RoomMailboxPassword%20(ConvertTo-SecureString%20-String%20Password%20-AsPlainText%20-Force)%3C%2FP%3E%3CP%3ESet-CalendarProcessing%20-Identity%20%24newRoom%20-AutomateProcessing%20AutoAccept%20-AddOrganizerToSubject%20%24false%20-AllowConflicts%20%24false%20-DeleteComments%20%24false%20-DeleteSubject%20%24false%20-RemovePrivateProperty%20%24false%3C%2FP%3E%3CP%3ESet-CalendarProcessing%20-Identity%20%24newRoom%20-AddAdditionalResponse%20%24true%20-AdditionalResponse%20%22Your%20meeting%20is%20now%20scheduled%20and%20if%20it%20was%20enabled%20as%20a%20Teams%20or%20Skype%20Meeting%20will%20provide%20a%20seamless%20click-to-join%20experience%20from%20the%20conference%20room.%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CH2%20id%3D%22toc-hId--847364353%22%20id%3D%22toc-hId--847364353%22%20id%3D%22toc-hId--847364353%22%20id%3D%22toc-hId--847364353%22%20id%3D%22toc-hId--847364353%22%20id%3D%22toc-hId--847364353%22%20id%3D%22toc-hId--847364353%22%20id%3D%22toc-hId--847364353%22%3EAD%20Config%3C%2FH2%3E%3CP%3ESet-AdUser%20%24samAcct%20-PasswordNeverExpires%20%24true%20-Enabled%20%24true%3C%2FP%3E%3CP%3ESlightly%20important!%20Your%20UPN%26nbsp%3B%3CEM%3Emust%26nbsp%3B%3C%2FEM%3Ematch%20the%20email%20address%20and%20UPN%20inside%20O365.%3C%2FP%3E%3CH2%20id%3D%22toc-hId-895445982%22%20id%3D%22toc-hId-895445982%22%20id%3D%22toc-hId-895445982%22%20id%3D%22toc-hId-895445982%22%20id%3D%22toc-hId-895445982%22%20id%3D%22toc-hId-895445982%22%20id%3D%22toc-hId-895445982%22%20id%3D%22toc-hId-895445982%22%3ESkype%20on%20Prem%20Config%20(use%20domain%5Cusername)%3C%2FH2%3E%3CP%3E%24cred%20%3D%20Get-Credential%3C%2FP%3E%3CP%3E%24skypeSesh%20%3D%20New-PSSession%20-Credential%20%24cred%20-ConnectionURI%20%22%3CA%20href%3D%22https%3A%2F%2Fadmin.yourdomain.com%2FOcsPowershell%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fadmin.yourdomain.com%2FOcsPowershell%3C%2FA%3E%22%20-AllowRedirection%20-WarningAction%20SilentlyContinue%3C%2FP%3E%3CP%3EImport-PSSession%20%24skypeSesh%20-AllowClobber%3C%2FP%3E%3CP%3EEnable-CsMeetingRoom%20-SipAddress%20sip%3A%24newRoom%20-RegistrarPool%20yourpool.fqdn.com%20-Identity%20%24samAcct%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CH2%20id%3D%22toc-hId--1656710979%22%20id%3D%22toc-hId--1656710979%22%20id%3D%22toc-hId--1656710979%22%20id%3D%22toc-hId--1656710979%22%20id%3D%22toc-hId--1656710979%22%20id%3D%22toc-hId--1656710979%22%20id%3D%22toc-hId--1656710979%22%20id%3D%22toc-hId--1656710979%22%3EForce%20Azure%20AD%20Sync%20(From%20sfdmgmt1a%20Azure%20AD%20PowerShell)%3C%2FH2%3E%3CP%3EImport-Module%20ADSync%3C%2FP%3E%3CP%3EStart-ADSyncSyncCycle%20-PolicyType%20Delta%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CH2%20id%3D%22toc-hId-86099356%22%20id%3D%22toc-hId-86099356%22%20id%3D%22toc-hId-86099356%22%20id%3D%22toc-hId-86099356%22%20id%3D%22toc-hId-86099356%22%20id%3D%22toc-hId-86099356%22%20id%3D%22toc-hId-86099356%22%20id%3D%22toc-hId-86099356%22%3EGrant%20Licensing%20(make%20sure%20to%20buy%20enough%20licenses)%3C%2FH2%3E%3CP%3EConnect-MsolService%3C%2FP%3E%3CP%3ESet-MsolUser%20-UserPrincipalName%20%24newRoom%20-PasswordNeverExpires%20%24true%20-UsageLocation%20%24location%3C%2FP%3E%3CP%3ESet-MsolUserLicense%20-UserPrincipalName%20%24newRoom%20-AddLicenses%20%24license%3C%2FP%3E%3CP%3ESet-MsolUserLicense%20-UserPrincipalName%20%24newRoom%20-AddLicenses%20%22yourdomain%3AMCOPSTN1%22%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CH2%20id%3D%22toc-hId-1828909691%22%20id%3D%22toc-hId-1828909691%22%20id%3D%22toc-hId-1828909691%22%20id%3D%22toc-hId-1828909691%22%20id%3D%22toc-hId-1828909691%22%20id%3D%22toc-hId-1828909691%22%20id%3D%22toc-hId-1828909691%22%20id%3D%22toc-hId-1828909691%22%3EMove%20Skype%20to%20Cloud%20(If%20error%20is%20received%20about%20account%20not%20existing%2C%20give%20some%20time%20for%20replication)%3C%2FH2%3E%3CP%3E%24cred%3DGet-Credential%3C%2FP%3E%3CP%3E%24skypeSesh%20%3D%20New-PSSession%20-Credential%20%24cred%20-ConnectionURI%20%22%3CA%20href%3D%22https%3A%2F%2Fadmin.domain.com%2FOcsPowershell%22%20target%3D%22_self%22%20rel%3D%22nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fadmin.domain.com%2FOcsPowershell%3C%2FA%3E%22%20-AllowRedirection%20-WarningAction%20SilentlyContinue%3C%2FP%3E%3CP%3EImport-PSSession%20%24skypeSesh%20-AllowClobber%3C%2FP%3E%3CP%3E%24url%3D%22%3CA%20href%3D%22https%3A%2F%2Fadmin3a.online.lync.com%2FHostedMigration%2FhostedmigrationService.svc%22%20target%3D%22_blank%22%20rel%3D%22noopener%20nofollow%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fadmin3a.online.lync.com%2FHostedMigration%2FhostedmigrationService.svc%3C%2FA%3E%22%3C%2FP%3E%3CP%3EMove-CsMeetingRoom%20-Identity%20%24samAcct%20-Target%20sipfed.online.lync.com%20-Credential%20%24cred%20-HostedMigrationOverrideUrl%20%24url%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3EImportant!%20The%20%24url%20value%20above%20depends%20on%20your%20environment.%20You%20will%20want%20to%20look%20up%20which%20admin%20tenant%20you're%20located%20in%20or%20you%20will%20receive%20an%20error.%3C%2FP%3E%3CH2%20id%3D%22toc-hId--723247270%22%20id%3D%22toc-hId--723247270%22%20id%3D%22toc-hId--723247270%22%20id%3D%22toc-hId--723247270%22%20id%3D%22toc-hId--723247270%22%20id%3D%22toc-hId--723247270%22%20id%3D%22toc-hId--723247270%22%20id%3D%22toc-hId--723247270%22%3ETest%20Stuff%3C%2FH2%3E%3CUL%3E%3CLI%3EEnsure%20the%20room%20is%20running%20build%204.0.85.0.%20At%20the%20time%20of%20this%20writing%2C%204.0.78.0%20is%20the%20standard%20release%2C%20with%204.0.85.0%20as%20an%20early%20release.%20This%20solution%20will%20NOT%20work%20without%2085.%3C%2FLI%3E%3CLI%3ELogin%20to%20%3CA%20href%3D%22https%3A%2F%2Fteams.microsoft.com%22%20target%3D%22_blank%22%20rel%3D%22noopener%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%20noopener%20noreferrer%22%3Ehttps%3A%2F%2Fteams.microsoft.com%3C%2FA%3E%20as%20room%20account%3C%2FLI%3E%3CUL%3E%3CLI%3EIf%20you're%20not%20able%20to%20login%2C%20the%20Teams%20Room%20won't%20work%3C%2FLI%3E%3CLI%3EDoes%20the%20room%20have%20a%20%22MeetingRoom%22%20license%3F%3C%2FLI%3E%3C%2FUL%3E%3CLI%3ELogin%20to%20S4B%20app%20as%20user%20with%20%40mydomain%20UPN%3C%2FLI%3E%3CUL%3E%3CLI%3EIf%20you're%20not%20able%20to%20login%2C%20the%20Teams%20Room%20won't%20work%3C%2FLI%3E%3CUL%3E%3CLI%3ECheck%20that%20you%20didn't%20miss%20the%20Enable-CsMeetingRoom%20step%20above%3C%2FLI%3E%3CLI%3ECheck%20that%20you%20didn't%20miss%20the%20Move-CsMeetingRoom%20step%20above%3C%2FLI%3E%3C%2FUL%3E%3C%2FUL%3E%3CLI%3EFinally%2C%20login%20to%20the%20teams%20room%3C%2FLI%3E%3C%2FUL%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-754812%22%20slang%3D%22en-US%22%3ERe%3A%20Can't%20sign-in%20to%20Microsoft%20Teams%20room%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-754812%22%20slang%3D%22en-US%22%3EThanks%20for%20sharing%20this%20info%2C%20I%20think%20we've%20got%20a%20similar%20issue.%20We're%20deploying%20our%20first%20Teams%20Rooms%20device%20today%20with%20the%20following%20setup%3A%3CBR%20%2F%3E%3CBR%20%2F%3EExchange%202010%20and%202016%20on-prem%20(no%20hybrid)%3CBR%20%2F%3ESkype%20for%20Business%202010%20on-prem%20(no%20hybrid)%3CBR%20%2F%3EAD%20Connect%20to%20our%20Office%20365%20tenant%3CBR%20%2F%3E%3CBR%20%2F%3EToday%20I've%20created%20a%20new%20Resource%20Mailbox%20in%20Exchange%202016%20and%20synchronised%20it%20to%20Office%20365.%20In%20Office%20365%20I've%20assigned%20a%20Meeting%20Room%20license%20and%20I've%20confirmed%20I%20can%20log%20into%20Teams%20with%20that%20account.%20I've%20been%20able%20to%20run%20the%20following%20command%20which%20suggests%20to%20me%20the%20account%20does%20exist%20in%20Office%20365%20SFB%3A%3CBR%20%2F%3E%3CBR%20%2F%3EEnable-CsMeetingRoom%20-Identity%20teamstestroom%40domain.com%20-RegistrarPool'sippoolLONGB101.infra.lync.com'%20-SipAddressType%20EmailAddress%3CBR%20%2F%3E%3CBR%20%2F%3EIn%20the%20%22Configure%20domain%22%20dialogue%20box%20on%20the%20Teams%20Device%20config%20screen%20I've%20tried%20both%20sipdir.online.lync.com%20and%20our%20own%20FQDN%2C%20neither%20option%20allows%20the%20device%20to%20log%20in.%20I've%20logged%20a%20case%20with%20Microsoft%20today%20and%20they%20have%20asked%20us%20to%20wait%2012-24%20hours%20for%20provisioning%20before%20they%20will%20troubleshoot%20with%20us.%3CBR%20%2F%3E%3CBR%20%2F%3ENick%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-754836%22%20slang%3D%22en-US%22%3ERe%3A%20Can't%20sign-in%20to%20Microsoft%20Teams%20room%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-754836%22%20slang%3D%22en-US%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F363816%22%20target%3D%22_blank%22%3E%40ncdlloyd%3C%2FA%3E%26nbsp%3B-%20It%20sounds%20like%20you'll%20need%20to%20convert%20your%20Skype%20environment%20to%20hybrid%20so%20you%20can%20do%20a%20Move-CSMeetingRoom%20to%20the%20cloud.%20What%20error%20are%20you%20getting%20right%20now%20when%20you%20attempt%20to%20sign%20in%3F%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-756797%22%20slang%3D%22en-US%22%3ERe%3A%20Can't%20sign-in%20to%20Microsoft%20Teams%20room%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-756797%22%20slang%3D%22en-US%22%3EWe%20don't%20any%20detailed%20info%20on%20the%20main%20screen%20as%20to%20why%20login%20is%20failing%2C%20can't%20find%20anything%20in%20Event%20Viewer%20either.%20I%20ran%20the%20diagnostic%20collector%20script%2C%20it%20produces%20a%20lot%20of%20info%2C%20but%20nothing%20that's%20giving%20an%20obvious%20reason%20for%20the%20failure.%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-834102%22%20slang%3D%22en-US%22%3ERe%3A%20Can't%20sign-in%20to%20Microsoft%20Teams%20room%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-834102%22%20slang%3D%22en-US%22%3E%3CP%3EFor%20me%20the%20solution%20was%20to%20disabled%20this%20Conditional%20Access%20policy%20%22Baseline%20policy%3A%20Block%20legacy%20authentication%20(Preview)%22%20(apparently%20%22%3CSPAN%3ELegacy%20Skype%20for%20Business%22%20access%20is%20used).%3C%2FSPAN%3E%3C%2FP%3E%3CP%3E%26nbsp%3B%3C%2FP%3E%3CP%3E%3CSPAN%3ERob%3C%2FSPAN%3E%3C%2FP%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1486210%22%20slang%3D%22es-ES%22%3ERe%3A%20Can't%20sign-in%20to%20Microsoft%20Teams%20room%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1486210%22%20slang%3D%22es-ES%22%3E%3CP%3E%3CA%20href%3D%22https%3A%2F%2Ftechcommunity.microsoft.com%2Ft5%2Fuser%2Fviewprofilepage%2Fuser-id%2F363816%22%20target%3D%22_blank%22%3E%40ncdlloyd%3C%2FA%3E%26nbsp%3B%3C%2FP%3E%3CDIV%3E%3CDIV%20class%3D%22tw-menu%22%3E%3CDIV%3E%3CDIV%20class%3D%22tw-menu%22%3E%26nbsp%3B%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22QmZWSe%22%3E%3CDIV%20class%3D%22DHcWmd%22%3E%3CSTRONG%3EI%20am%20having%20the%20same%20problem%2C%20with%20the%20same%20scenario.%20Microsoft%20helped%20you%3F%3C%2FSTRONG%3E%3C%2FDIV%3E%3C%2FDIV%3E%3CDIV%20class%3D%22oSioSc%22%3E%3CDIV%3E%3CDIV%20class%3D%22g9WsWb%22%3E%3CDIV%20class%3D%22tw-ta-container%20hide-focus-ring%20tw-nfl%22%3E%3CPRE%3E%26nbsp%3B%3C%2FPRE%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FDIV%3E%3C%2FLINGO-BODY%3E%3CLINGO-SUB%20id%3D%22lingo-sub-1488494%22%20slang%3D%22en-US%22%3ERe%3A%20Can't%20sign-in%20to%20Microsoft%20Teams%20room%3C%2FLINGO-SUB%3E%3CLINGO-BODY%20id%3D%22lingo-body-1488494%22%20slang%3D%22en-US%22%3EI%20would%20log%20a%20case%20with%20Microsoft%20first%2C%20they're%20free.%20It's%20been%20a%20while%20since%20I%20looked%20at%20this%2C%20but%20I%20think%20problems%20probably%20came%20from%20having%20on-prem%20servers.%20At%20the%20moment%20when%20a%20new%20user%20joins%20the%20business%20we%20have%20to%20convert%20them%20to%20a%20Teams%20Only%20user%20before%20they%20can%20use%20our%20Teams%20phone%20system%3A%3CBR%20%2F%3E%3CBR%20%2F%3EGrant-CsTeamsUpgradePolicy%20-PolicyName%20UpgradeToTeams%20-Identity%20user%40domain.com%3C%2FLINGO-BODY%3E
Highlighted
Deleted
Not applicable

We are unable to sign-in properly to a Microsoft Teams room using the instructions listed in this article: https://docs.microsoft.com/en-us/skypeforbusiness/deploy/deploy-clients/with-exchange-on-premises

 

Our Environment

  • Exchange 2013 On-Premise w/ SP1 and CU22
  • On-premise Skype for Business with autodiscover DNS entries pointed on-prem
  • Office 365 E3 with all necessary licensing added per article
  • Azure AD Sync

Things that may be missing from the article

  • Required DNS entries - There is no direction in the article for DNS entries(we have tried changing the UPN of the Teams Room to @onmicrosoft.com)
  • Domain field (bottom of Teams Room provisioning page - There is no direction in the article regarding what you should use for sign-in information.

TeamsRoom

Things that are working

  • We can sign-in to https://teams.microsoft.com using the on-prem synced room account
  • We can get the calendar showing by using the Exchange address of @onpremdomain.com and using the domain\username field.
  • If we keep the Skype sign-in and Exchange sign-in fields exactly the same using @onmicrosoft.com address, the room account is able to sign-in successfully, but then obviously it breaks the calendar fetching.

Things that are not working

  • We cannot get BOTH the calendar fetching and Teams Room sign-in working at the same time. We can only get one or the other. I'm making an educated guess here that it doesn't like the DNS entries we have for autodiscover for our on-premise S4b. It could very well be that we need to fill in the "Configure Domain" with something, but there's no clear direction on what that should be if we have on-premise S4b possibly conflicting with the Teams autodiscover. That's why I thought we might be able to get away with @onmicrosoft.com but that doesn't appear to be working at this time. I do have a test domain where we could configure proper autodiscover entries that point to O365 for Skype and Exchange on-prem, which would rule out any sort of bug in the code that doesn't want to let us use a mix of domains.

Thank you for any assistance you can provide!

7 Replies
Highlighted
Best Response confirmed by Vasil Michev (MVP)
Solution

Solution found after a 15 hour day of trial and error. I wanted to post the steps here that I have solidified to hopefully help someone. First, some more specifics about our environment so you can tell if this may be relevant to you:

 

  • On-prem AD with Azure AD Sync
  • On-prem Exchange 2013
  • On-prem (hybrid enable) Skype for Business with autodiscover DNS set to on-prem
    • sip:user@primarydomain.com
  • Wanted ability to book Teams Room using on-prem Exchange

Mailbox Config

Set-Mailbox -Identity $newRoom -EnableRoomMailboxAccount $true -RoomMailboxPassword (ConvertTo-SecureString -String Password -AsPlainText -Force)

Set-CalendarProcessing -Identity $newRoom -AutomateProcessing AutoAccept -AddOrganizerToSubject $false -AllowConflicts $false -DeleteComments $false -DeleteSubject $false -RemovePrivateProperty $false

Set-CalendarProcessing -Identity $newRoom -AddAdditionalResponse $true -AdditionalResponse "Your meeting is now scheduled and if it was enabled as a Teams or Skype Meeting will provide a seamless click-to-join experience from the conference room."

 

AD Config

Set-AdUser $samAcct -PasswordNeverExpires $true -Enabled $true

Slightly important! Your UPN must match the email address and UPN inside O365.

Skype on Prem Config (use domain\username)

$cred = Get-Credential

$skypeSesh = New-PSSession -Credential $cred -ConnectionURI "https://admin.yourdomain.com/OcsPowershell" -AllowRedirection -WarningAction SilentlyContinue

Import-PSSession $skypeSesh -AllowClobber

Enable-CsMeetingRoom -SipAddress sip:$newRoom -RegistrarPool yourpool.fqdn.com -Identity $samAcct

 

Force Azure AD Sync (From sfdmgmt1a Azure AD PowerShell)

Import-Module ADSync

Start-ADSyncSyncCycle -PolicyType Delta

 

Grant Licensing (make sure to buy enough licenses)

Connect-MsolService

Set-MsolUser -UserPrincipalName $newRoom -PasswordNeverExpires $true -UsageLocation $location

Set-MsolUserLicense -UserPrincipalName $newRoom -AddLicenses $license

Set-MsolUserLicense -UserPrincipalName $newRoom -AddLicenses "yourdomain:MCOPSTN1"

 

Move Skype to Cloud (If error is received about account not existing, give some time for replication)

$cred=Get-Credential

$skypeSesh = New-PSSession -Credential $cred -ConnectionURI "https://admin.domain.com/OcsPowershell" -AllowRedirection -WarningAction SilentlyContinue

Import-PSSession $skypeSesh -AllowClobber

$url="https://admin3a.online.lync.com/HostedMigration/hostedmigrationService.svc"

Move-CsMeetingRoom -Identity $samAcct -Target sipfed.online.lync.com -Credential $cred -HostedMigrationOverrideUrl $url

 

Important! The $url value above depends on your environment. You will want to look up which admin tenant you're located in or you will receive an error.

Test Stuff

  • Ensure the room is running build 4.0.85.0. At the time of this writing, 4.0.78.0 is the standard release, with 4.0.85.0 as an early release. This solution will NOT work without 85.
  • Login to https://teams.microsoft.com as room account
    • If you're not able to login, the Teams Room won't work
    • Does the room have a "MeetingRoom" license?
  • Login to S4B app as user with @mydomain UPN
    • If you're not able to login, the Teams Room won't work
      • Check that you didn't miss the Enable-CsMeetingRoom step above
      • Check that you didn't miss the Move-CsMeetingRoom step above
  • Finally, login to the teams room
Highlighted
Thanks for sharing this info, I think we've got a similar issue. We're deploying our first Teams Rooms device today with the following setup:

Exchange 2010 and 2016 on-prem (no hybrid)
Skype for Business 2010 on-prem (no hybrid)
AD Connect to our Office 365 tenant

Today I've created a new Resource Mailbox in Exchange 2016 and synchronised it to Office 365. In Office 365 I've assigned a Meeting Room license and I've confirmed I can log into Teams with that account. I've been able to run the following command which suggests to me the account does exist in Office 365 SFB:

Enable-CsMeetingRoom -Identity teamstestroom@domain.com -RegistrarPool'sippoolLONGB101.infra.lync.com' -SipAddressType EmailAddress

In the "Configure domain" dialogue box on the Teams Device config screen I've tried both sipdir.online.lync.com and our own FQDN, neither option allows the device to log in. I've logged a case with Microsoft today and they have asked us to wait 12-24 hours for provisioning before they will troubleshoot with us.

Nick

@ncdlloyd - It sounds like you'll need to convert your Skype environment to hybrid so you can do a Move-CSMeetingRoom to the cloud. What error are you getting right now when you attempt to sign in?

Highlighted
We don't any detailed info on the main screen as to why login is failing, can't find anything in Event Viewer either. I ran the diagnostic collector script, it produces a lot of info, but nothing that's giving an obvious reason for the failure.
Highlighted

For me the solution was to disabled this Conditional Access policy "Baseline policy: Block legacy authentication (Preview)" (apparently "Legacy Skype for Business" access is used).

 

Rob

Highlighted

@ncdlloyd 

 
I am having the same problem, with the same scenario. Microsoft helped you?
 
Highlighted
I would log a case with Microsoft first, they're free. It's been a while since I looked at this, but I think problems probably came from having on-prem servers. At the moment when a new user joins the business we have to convert them to a Teams Only user before they can use our Teams phone system:

Grant-CsTeamsUpgradePolicy -PolicyName UpgradeToTeams -Identity user@domain.com