Object
Teams users experiences intermittent Presence issues after we decommissioned the legacy Skype for Business infrastructure, everything is fine but the user presence.
Environment
- All the external and internal DNS has already been updated to Office365 Teams Only,
- CsHostingProvider has been removed on Skype for Server
- SharedSIPAddressSpace has been disabled in CSTenantFederationConfiguration
- Teams Upgrade policy are on “Teams Only” / “UpgradetoTeams” mode globally
Troubleshoot and solution
Looking around and suspecting there are still some leftover configurations, dug into the old Skype for Business document and discovered “Hybrid Modern Authentication” is enabled when we were migrating users into the Office365 cloud. Remove the configuration and the issue goes away.
- Check current hybrid modern authentication configuration
PS C:\WINDOWS\system32> Get-MsolServicePrincipal -AppPrincipalId 00000004-0000-0ff1-ce00-000000000000 | Select -ExpandProperty ServicePrincipalNames
https://lyncweb.ictfella.com/
https://lyncwebint.ictfella.com/
00000004-0000-0ff1-ce00-000000000000/.infra.lync.com 00000004-0000-0ff1-ce00-000000000000/.online.lync.com
00000004-0000-0ff1-ce00-000000000000
https://api.skypeforbusiness.com/
- Remove the unused records in powershell
PS C:\WINDOWS\system32> $x= Get-MsolServicePrincipal -AppPrincipalId 00000004-0000-0ff1-ce00-000000000000
PS C:\WINDOWS\system32> $x
ExtensionData : System.Runtime.Serialization.ExtensionDataObject
AccountEnabled : True
Addresses : {Microsoft.Online.Administration.RedirectUri, Microsoft.Online.Administration.RedirectUri, Microsoft.Online.Administration.RedirectUri, Microsoft.Online.Administration.RedirectUri}
AppPrincipalId : 00000004-0000-0ff1-ce00-000000000000
DisplayName : Skype for Business Online
ObjectId : 597f4b0d-d310-4959-911b-62d3f583a5c6
ServicePrincipalNames : {https://lyncweb.ictfella.com/, https://lyncwebint.ictfella.com/, 00000004-0000-0ff1-ce00-000000000000/.infra.lync.com, 00000004-0000-0ff1-ce00-000000000000/.online.lync.com…}
TrustedForDelegation : True
PS C:\WINDOWS\system32> $x.ServicePrincipalnames.Remove(“https://lyncwebint.ictfella.com/”)
True
PS C:\WINDOWS\system32> $x
ExtensionData : System.Runtime.Serialization.ExtensionDataObject
AccountEnabled : True
Addresses : {Microsoft.Online.Administration.RedirectUri, Microsoft.Online.Administration.RedirectUri, Microsoft.Online.Administration.RedirectUri, Microsoft.Online.Administration.RedirectUri}
AppPrincipalId : 00000004-0000-0ff1-ce00-000000000000
DisplayName : Skype for Business Online
ObjectId : 597f4b0d-d310-4959-911b-62d3f583a5c6
ServicePrincipalNames : {00000004-0000-0ff1-ce00-000000000000/.infra.lync.com, 00000004-0000-0ff1-ce00-000000000000/.online.lync.com, 00000004-0000-0ff1-ce00-000000000000, https://api.skypeforbusiness.com/}
TrustedForDelegation : True
PS C:\WINDOWS\system32> $x.ServicePrincipalnames.Remove(“https://lyncweb.ictfella.com/”)
True
PS C:\WINDOWS\system32> $x
ExtensionData : System.Runtime.Serialization.ExtensionDataObject
AccountEnabled : True
Addresses : {Microsoft.Online.Administration.RedirectUri, Microsoft.Online.Administration.RedirectUri, Microsoft.Online.Administration.RedirectUri, Microsoft.Online.Administration.RedirectUri}
AppPrincipalId : 00000004-0000-0ff1-ce00-000000000000
DisplayName : Skype for Business Online
ObjectId : 597f4b0d-d310-4959-911b-62d3f583a5c6
ServicePrincipalNames : {https://lyncwebint.ictfella.com/, 00000004-0000-0ff1-ce00-000000000000/.infra.lync.com, 00000004-0000-0ff1-ce00-000000000000/.online.lync.com, 00000004-0000-0ff1-ce00-000000000000…}
TrustedForDelegation : True
- Execute the change
PS C:\WINDOWS\system32> Set-MSOLServicePrincipal -AppPrincipalId 00000004-0000-0ff1-ce00-000000000000 -ServicePrincipalNames $x.ServicePrincipalNames
- View the current change after all
PS C:\WINDOWS\system32> Get-MsolServicePrincipal -AppPrincipalId 00000004-0000-0ff1-ce00-000000000000
ExtensionData : System.Runtime.Serialization.ExtensionDataObject
AccountEnabled : True
Addresses : {Microsoft.Online.Administration.RedirectUri, Microsoft.Online.Administration.RedirectUri, Microsoft.Online.Administration.RedirectUri, Microsoft.Online.Administration.RedirectUri}
AppPrincipalId : 00000004-0000-0ff1-ce00-000000000000
DisplayName : Skype for Business Online
ObjectId : 597f4b0d-d310-4959-911b-62d3f583a5c6
ServicePrincipalNames : {00000004-0000-0ff1-ce00-000000000000/.infra.lync.com, 00000004-0000-0ff1-ce00-000000000000/.online.lync.com, 00000004-0000-0ff1-ce00-000000000000, https://api.skypeforbusiness.com/}
TrustedForDelegation : True
Screenshot
Useful link
How to configure Skype for Business on-premises to use Hybrid Modern Authentication
Hi to all, since I am truly keen of reading this webpage’s post to be updated daily.
It consists of nice material.
We will try our best and thanks for the comment.
Hi there! Someone in my Facebook group shared this
site with us so I came to take a look. I’m definitely enjoying the information. I’m bookmarking
and will be tweeting this to my followers!
Exceptional blog and superb design and style.
Thanks for the comment, I hope the information on this site will help someone.