This article will cover various issues found pertaining to federated calls between Microsoft Skype for Business (SfB) and Cisco’s collaboration platform via the Expressway appliances.

SfB Client Reports “We couldn’t reach xxxxx@ciscoenv.domain.com”

This issue was encountered when trying to call from an Office 365 SfB client into a Cisco CMS space via Expressways. Initial investigation showed that the Expressway-E’s received no inbound communication from the Office 365 cloud when the SfB client tried to initiate the call. Testing confirmed there were no firewall or DNS resolution issues and so the problem appeared to be occurring somewhere in the SfB environment.

Inspecting the SfB client logs which can be found here C:\Users\AppData\Local\Microsoft\Office\16.0\Lync\Tracing. The following sip messaging was found in the Lync-UccApi-0.UccApilog log file.

07/13/2017|13:35:34.423 68C:7CC INFO :: SIP/2.0 504 Server time-out
ms-user-logon-data: RemoteUser
Authentication-Info: TLS-DSK qop=“auth”, opaque=“3CC13C20”, srand=“DE5F47F6”, snum=“22”, rspauth=“cc1e3102aad152c03101397443285f049da4012f”, targetname=“SY3AU103FES10.infra.lync.com”, realm=“SIP Communications Service”, version=4
Via: SIP/2.0/TLS 192.168.44.32:62358;received=124.149.167.214;ms-received-port=62358;ms-received-cid=1D8CC800
Content-Length: 0
From: “Jason Neurohr”<sip:jason@jasonneurohr.com>;tag=fccc1ffe4e;epid=a9169be875
To: <sip:731111@ciscoenv.domain.com>;tag=1927163AB0B4195D4BDDC05760ECDDA1
Call-ID: 14cf78e4ae39477bbe764c0154e35cf5
CSeq: 1 INVITE
ms-diagnostics: 1009;reason=“No match for domain in DNS SRV results”;domain=“ciscoenv.domain.com”;fqdn1=“expe1.domain.com:5061”;source=“sipfedau1.online.lync.com”
ms-telemetry-id: 2917A743-0E33-5092-BB8C-9E68BF771EDC
Server: RTC/7.0

Immediately we now have some direction as to what is causing the problem.

ms-diagnostics: 1009;reason=“No match for domain in DNS SRV results”;domain=“ciscoenv.domain.com”;fqdn1=“expe1.domain.com:5061”;source=“sipfedau1.online.lync.com”

After some investigation the following Microsoft TechNet article reveals the source of the problem, DNS requirements for Skype for Business.

When creating SRV records, it is important to remember that they must point to a DNS A and AAAA (if you are using IPv6 addressing) record in the same domain in which the DNS SRV record is created. For example, if the SRV record is in contoso.com, the A and AAAA (if you are using IPv6 addressing) record it points to can’t be in fabrikam.com.

The problem is occurring because the target FQDN returned by the _sipfederationtls._tcp.ciscoenv.domain.com SRV record is outside of the SIP namespace ciscoenv.domain.com. To resolve the issue the SRV and A DNS records were updated such that expe1 is now expe1.ciscoenv.domain.com.