Hello,

we have implemented a on-premise SfB installation like shown in the image at this article https://technet.microsoft.com/en-us/library/gg425891.aspx

In order to automatically have all our company members (only about 50) listed in Skye contacts we decided to create a AD group where all users are a member of. By adding this group to our skype contact list, we see them all - and it updates on changes automatically. But now I figured out that if I connect from the internet, going through the EdgeServer instead of directly communicating with Front End, the group is still displayed in contacts, but it's members cannot be shown. I see a message "Group members are queried" (or similar - translated from German UI) for a while and than it shows something like "Skype for Business cannot connect to servers or did not get any response. Please contact your support team" (again translated from German).

But in the same time, even being connected via Edge Server (from internet) I can search for particular users which are also member of the AD group in charge, and I find them, see them. But within the group it's members cannot be expanded.

Another interesting thing I found out is that it seems like this group members expanding issue only occurs when I start skype client from scratch. If I ws logged on while being in LAN, have my group members displayed, logged of (but did not quit skype), move to internet and login again, I still see my group members. When I now quit skype and launch it again, after login I do not see my group members any more. It seems to be something connected ot some caching issue...

My AD group in charge is yet a security group / global - does this make any difference?

Is there any smarter solution to achieve having all skype accounts of a company displayed in the client? I know that usually skype implementations are very large and such a scenario does not make any sense, but still even in larger organizations it might be a good idea to have the whole department, or headquarter, or whatever automatically added as contacts.

kind regards,

Dieter Tontsch

mobileX AG

Hi,

When trying to expand Ad groups externally, your clients will use a service called "DG URL External".
This service is located on your front-end pool and is accessed  externally via your reverse proxy. Can you please confirm the address of this service by checking your clients' configuration information? (Ctrl + Right-click on the clients' icon in the notification area, and choose "Configuration Information"). this is the 2nd line on that list.

Hello,

that 2nd line shows:

DG-URL extern;https://skype.company.com:443/groupexpansion/service.svc;--;

This URL is ok, the server is our Reverse Proxy server which does redirect to the frontend.

What I am wondering is that we do redirect skype.company.com:443 to 4443 because of external webservice listening vs. published ports configuration. Would this harm in case of group expansion topics?

So, in addition https://skype.company.com:443/groupexpansion/service.svc will be probably redirected to https://skype.company.com:4443/groupexpansion/service.svc when comming from external. Is this correct if it happens like this? Probably yes, since externl web service ports are configured accordingly.

Still, I cannot expand the groups externally.

Cheers, Dieter

Hi,

When trying to expand Ad groups externally, your clients will use a service called "DG URL External".
This service is located on your front-end pool and is accessed  externally via your reverse proxy. Can you please confirm the address of this service by checking your clients' configuration information? (Ctrl + Right-click on the clients' icon in the notification area, and choose "Configuration Information"). this is the 2nd line on that list.

• Marked as answer by Dieter Tontsch, mobileX 17 hours 4 minutes ago

Hi,

When trying to expand Ad groups externally, your clients will use a service called "DG URL External".
This service is located on your front-end pool and is accessed  externally via your reverse proxy. Can you please confirm the address of this service by checking your clients' configuration information? (Ctrl + Right-click on the clients' icon in the notification area, and choose "Configuration Information"). this is the 2nd line on that list.

• Marked as answer by Dieter Tontsch, mobileX Friday, September 04, 2015 2:26 PM

Hi,

When trying to expand Ad groups externally, your clients will use a service called "DG URL External".
This service is located on your front-end pool and is accessed  externally via your reverse proxy. Can you please confirm the address of this service by checking your clients' configuration information? (Ctrl + Right-click on the clients' icon in the notification area, and choose "Configuration Information"). this is the 2nd line on that list.

• Marked as answer by Dieter Tontsch, mobileX Friday, September 04, 2015 2:26 PM

Hi,

When trying to expand Ad groups externally, your clients will use a service called "DG URL External".
This service is located on your front-end pool and is accessed  externally via your reverse proxy. Can you please confirm the address of this service by checking your clients' configuration information? (Ctrl + Right-click on the clients' icon in the notification area, and choose "Configuration Information"). this is the 2nd line on that list.

• Marked as answer by Dieter Tontsch, mobileX Friday, September 04, 2015 2:26 PM

Hello,

it was a firewall issue, Reverse Proxy who is located in perimeter network as well as edge server, was not allowed to talk on port 4443 (according to external access port mapping) with the front end in LAN.

Thanks,

Dieter

• Edited by Dieter Tontsch, mobileX 17 hours 4 minutes ago
• Marked as answer by Dieter Tontsch, mobileX 17 hours 4 minutes ago

Hello,

it was a firewall issue, Reverse Proxy who is located in perimeter network as well as edge server, was not allowed to talk on port 4443 (according to external access port mapping) with the front end in LAN.

Thanks,

Dieter

• Edited by Dieter Tontsch, mobileX Friday, September 04, 2015 2:25 PM
• Marked as answer by Dieter Tontsch, mobileX Friday, September 04, 2015 2:26 PM

Hello,

it was a firewall issue, Reverse Proxy who is located in perimeter network as well as edge server, was not allowed to talk on port 4443 (according to external access port mapping) with the front end in LAN.

Thanks,

Dieter

• Edited by Dieter Tontsch, mobileX Friday, September 04, 2015 2:25 PM
• Marked as answer by Dieter Tontsch, mobileX Friday, September 04, 2015 2:26 PM

Hello,

it was a firewall issue, Reverse Proxy who is located in perimeter network as well as edge server, was not allowed to talk on port 4443 (according to external access port mapping) with the front end in LAN.

Thanks,

Dieter

• Edited by Dieter Tontsch, mobileX Friday, September 04, 2015 2:25 PM
• Marked as answer by Dieter Tontsch, mobileX Friday, September 04, 2015 2:26 PM