Skype for Business Front-End Servers connecting to Exchange online for OAuth doesn't use proxy server

Applies to: Skype for Business Server 2015

Symptoms


Consider the following scenario:

  • You are in a Microsoft Skype for Business Server 2015 on-premises and Exchange hybrid environment.
  • You implement the Skype for Business Server 2015 Front-End pools with the proxy and without a direct access to the Internet.
  • You set up the Skype for Business Server OAuth configuration settings (-ExchangeAutodiscoverUrl-) pointing to your on-premises Exchange CAS server.
  • You enable the server-side conversation history feature by using the conversation history configuration settings for Skype for Business.
  • You set up an account by creating an Exchange online mailbox.

In this scenario, the user of the account can't use the feature of server-side conversation history to save the conversation history in the Exchange online mailbox. In addition, the on-premises users won't be affected.

Cause


The issue occurs because the Exchange CAS server is redirecting the Autodiscover request to Exchange Online directly instead of using the proxy server. As the Exchange on-premises servers can't directly connect to Exchange Online, the connection fails.

In addition, as the on-premises mailboxes are local resource, the Autodiscover process works fine.

Resolution


To fix this issue, install the January 2019 cumulative update 6.0.9319.537 for Skype for Business Server 2015, Front End Server and Edge Server.

Note If the proxy server configuration includes reference to your local domain name in proxy bypass list proxy, then proxy server details without bypass list must be entered in the configuration section of the LysSvc.exe.config file for each front-end server.

You can use netsh to check proxy bypass list through an elevated command line:

  1. Go to Start and type cmd.

  2. Right-click Command prompt and select Run as administrator.

  3. Enter the following command and press Enter:
    netsh winhttp show proxy

Confirm if your local domain is set explicitly in proxy bypass list as the following example (in this example, contoso.com is local domain name):

Current WinHTTP proxy settings:
Proxy Server(s) : 192.168.1.60:8080
Bypass List : *.contoso.com;*.local;

If that's the case, then you need to add the following entry to the configuration section of the LysSvc.exe.config available at C:\Program Files\Skype for Business Server 2019\Server\Core\LysSvc.exe.config for each front-end server as per the following example:

<defaultProxy>
<proxy
proxyaddress="http://192.168.1.60:8080"
bypassonlocal="true" />
</defaultProxy>