Can you describe where this would be done? 

Check the steps here: https://support.office.com/en-us/article/Allow-users-to-contact-external-Skype-for-Business-users-b4...

I followed the points on that link and made sure that both areas were activated for communciation with both Skype and Skype for Business external users. I'm still unable to communicate with users outside of my organisation?

This happens for specific user or for all? If the later, try communicating with a different external domain, also check your DNS records.

Hi @Kevin Ruschman, no solution yet, but we haven't given it much time as we've had other more pressing issues to deal with. Having said that, it looks like another customer of ours is ditching Skype for Business altogether because their users feel that most of their contacts are already on Skype so why should they run both and I know one of them definitely reported an issue of not being able to properly work with external users in Skype for Business. 

I find simple things like deleting users to sometimes not work in Skype for Business. Adding or moving users between groups is problematic. 

We'll give it another shot in the next week or two and see what we find, but please let us know if you come up with something in the mean time. 

side note: I have the same issue "I don't want to move to SfB, all my users and contacts are in Skype". I'm finding it a really hard one to rebuttal. In Skype, all conversations are stored on the local machine and will be lost when the machine is lost, SfB they are stored in Outlook\exchange. Any work performed in Skype can not represent the company can it as it is not an official company account right? the trouble I have is comparing SfB security to Skype security (and their inter-conversation). The right thing to do is migrate users on SfB but unless your are confidently saying the whole business is moving, full stop, its really hard to 'trial' it.

Has this ever been solved?

We had the same error after we have enabled external users in Skype for Business. One has to setup proper DNS settings on a domain for this to work. DNS records needed (for this and other stuff like email (MX, spf), MDM, etc.) can be found in Admin Center > Setup > Domains > click on your default domain > Export into CSV or zone file. I can't say which record exactly was responsible for this, but you will need all of them eventually.

We were never able to resolve it and even simple actions like removing external users from your list seems almost impossible even after re-installation, so in the end we did away with SfB. It's tragic really, but we found little in the way of support to resolve these issues regardless of where we were asking questions. 

Hi Jacques

Could you confirm which domain account the Skype users are using. Is it a particular domain or different domains?  Try the below link :

https://support.microsoft.com/en-us/help/2392146/skype-for-business-online-users-can-t-communicate-w...

Thanks

Robin Nishad

------------------------

Technical Consultant

@wroot  The trick to resolving this issue is making sure your own edge server(s) can resolve your own _sipfederationtls._tcp.domain.com SRV record, which is necessary for your Edge to Federate with another edge for MTLS.  

In other words, your Edge server must be able to correctly resolved its own SRV record, plus the SRV record of the other sip domain you wish to federate with.  Nslookup is your friend.  People do funny things with DNS settings on Edge servers, sometimes pointing to internal for resolution, which means you need to add the Federation SRV to your internal DNS.

You might also be finding in your Skype4b Monitoring Reports Diagnostic ID warnings for 1008, and in the report Detail find the following:
1008; reason="Unable to resolve DNS SRV record"; domain="yourdomain.com"; dns-srv-result="NegativeResult"; dns-source="InternalCache"; source="sip.yourdomain.com"