I have been playing around with Skype for Business Hybrid and getting Office 365 Cloud PBX calling happening. Anyway, during the setup of the environment I hit a snag and couldn't get users in on-prem seeing users in the cloud. It was an interesting one as cloud people could see presence for On-Prem people.
When on-prem users attempted to see presence we saw "Presence unkown" or ….."Updating".
When an on-prem user attempted to communicate with an online user this is what they saw. Interestingly the error message was "This message wasn't sent to Izzy Moore due to company policy".
So this of course had me madly looking around to work out what policies were breaking my ability for on-prem to talk to o365 users.
My first thought after digging around for a policy was to have a look at UCCAPILOGs. I had a look at the on-prem user client first. What I saw in the UCCAPILOGs was:
So interestingly there was a ms-diagnostics log entry with a reason of "Unable to resolve DNS SRV record" and it was pointing to steverm.info DNS-SRV-RESULT. So some sort of SRV record for the steverm.info domain was failing.
In my case I was using Split DNS, so I had an on-prem copy of the steverm.info DNS zone running on my Domain Controllers. It had a subset of DNS records, as it was setup primarily to be used for on-prem Lync and Skype clients. So this also meant that the external records were not included in this DNS zone, as only internal clients needed access. What I worked out was that in a hybrid scenario, Front Ends begin looking up SRV record values for the domain, in particular the _sipfederationtls._tcp.<DomainName>.
As in a hybrid environment, the _sipfederationtls._tcp record will point to the On-Prem Edge Pool's SIP service. So in my case, this was sip.steverm.info. I found I also needed this record as it was the returned service URL for the federation SRV record.
So I added my SIP record and my SRV record. I ended up doing it with Powershell
#Edge sipfederationtls SRV record
$strEdgePool = "sip.steverm.info"
$strDCName = "lab2-dc1"
Add-DnsServerResourceRecord -Srv -Name "_sipfederationtls._tcp" -ZoneName $strDNSZone –DomainName $strEdgePool –Priority 0 –Weight 0 –Port 5061 -ComputerName $strDCName
The resulting records created look like:
The good news is once the DNS records were created all was good in the world and my on-prem users started to see each other's presence. Yehh