Enabling Lync/SfB Client to use proxy server for SIP traffic instead of trying direct connection

Update 2017/09/12 – Added SfB2016 MSI (16.0.4588.1001).

We had some reports that when trying to sign in to Skype for Business Online users were experiencing delays during the sign in process.

This behavior was related to environments were the Lync/SfB client is configured to use a Proxy Server to connect to the Skype for Business Online servers.

After researching the delay was occurring because the client was trying establish a direct connection and only after that connection timed out it would try to connect using the configured Proxy Server:

As a workaround we could configure the Firewalls to send RESET Packets and the Lync/SfB client won’t wait for the connection attempt to timeout.

Since the following client updates we can use a registry key to force the client to use proxy for all connections:

December 6, 2016, update for Skype for Business 2015 (Lync 2013) (KB3127976) (15.0.4885.1000)
https://support.microsoft.com/kb/3127976

Description of the security update for Skype for Business 2016: September 12, 2017 (16.0.4588.1001)
https://support.microsoft.com/kb/4011040/

Office 365 ProPlus/Office Professional Plus 2016 Click-to-Run

Version 1611 (Build 7571.2072) – December 6, 2016
https://technet.microsoft.com/en-us/library/mt592918.aspx

To configure Lync/SfB client to use a proxy server for SIP Traffic without attempting a direct connection we need to add the following registry key:

reg add HKCU\Software\Microsoft\UCCPlatform\Lync /v EnableDetectProxyForAllConnections /t REG_DWORD /d 1 /f

Note: This registry key is only available on a User Level, we cannot add it under HKEY_Local_Machine.

Cannot Sign-in to Office 365 in SfB Control Panel – Exception of type ‘Microsoft.LiveID.IDCRL.IDCRLException’ was thrown

In a new Skype for Business Server 2015 lab we tried to sign-in to Office 365 in the Skype for Business Control Panel:

But after a few seconds we got the following error message:

We couldn’t log in to your Office 365 account. Please check the errors and then select OK to try again:
Get-CsWebTicket: Exception of type ‘Microsoft.LiveID.IDCRL.IDCRLException’ was thrown.

Also in the Event Viewer > Windows Logs > Application the following errors were present:

Log Name: Application
Source: ASP.NET 4.0.30319.0
Date: 11/28/2016 12:00:04 PM
Event ID: 1325
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: sfbfe.uclobby.com
Description:
An unhandled exception occurred and the process was terminated.

Application ID: DefaultDomain

Process ID: 30668

Exception: System.Runtime.Serialization.SerializationException

Message: Type ‘Microsoft.LiveID.IDCRL.IDCRLException’ in Assembly ‘Microsoft.Rtc.Management.OnlineConnector.AuthenticationHelper, Version=6.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35’ is not marked as serializable.

StackTrace: at System.Runtime.Serialization.Formatters.Binary.WriteObjectInfo.InitSerialize(Object obj, ISurrogateSelector surrogateSelector, StreamingContext context, SerObjectInfoInit serObjectInfoInit, IFormatterConverter converter, ObjectWriter objectWriter, SerializationBinder binder)
at System.Runtime.Serialization.Formatters.Binary.WriteObjectInfo.Serialize(Object obj, ISurrogateSelector surrogateSelector, StreamingContext context, SerObjectInfoInit serObjectInfoInit, IFormatterConverter converter, ObjectWriter objectWriter, SerializationBinder binder)
at System.Runtime.Serialization.Formatters.Binary.ObjectWriter.Serialize(Object graph, Header[] inHeaders, __BinaryWriter serWriter, Boolean fCheck)
at System.Runtime.Serialization.Formatters.Binary.BinaryFormatter.Serialize(Stream serializationStream, Object graph, Header[] headers, Boolean fCheck)
at System.Runtime.Remoting.Channels.CrossAppDomainSerializer.SerializeObject(Object obj, MemoryStream stm)
at System.AppDomain.Serialize(Object o)
at System.AppDomain.MarshalObject(Object o)

Log Name: Application
Source: .NET Runtime
Date: 11/30/2016 6:32:21 PM
Event ID: 1026
Task Category: None
Level: Error
Keywords: Classic
User: N/A
Computer: sfbfedr.uclobby.com
Description:
Application: w3wp.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: Microsoft.LiveID.IDCRL.IDCRLException
at Microsoft.LiveID.IDCRL.NativeIdcrlWrapper.Uninitialize()
at Microsoft.Rtc.Admin.Authentication.ManagedIdcrl.Dispose(Boolean)
at Microsoft.Rtc.Admin.Authentication.ManagedIdcrl.Finalize()

To fix this issue we need to add the following permissions to the NETWORK SERVICE account (Please add the permissions in all Front Ends):

Read

%windir%\System32\config\systemprofile\AppData\Local\Microsoft

Full Control

%windir%\System32\config\systemprofile\AppData\Local\Microsoft\MSOIdentityCRL

After this we need recycle the LyncIntManagement application pool. We can do this in the Internet Information Service (IIS) Manager > Applications Pools:

Or with the following PowerShell cmdlet:

Restart-WebAppPool -Name LyncIntManagement
https://technet.microsoft.com/en-us/library/ee790580.aspx

Now we can successfully sign in to Office 365 in the Skype for Business Control Panel: