FAQ 000145 – User unable to login to Skype for Business service in Office 365 from an Android mobile device

This article applies to:

Lync 2013 client on Android devices

Skype for Business service hosted on Office 365

user logging into Office 365 via Active Directory Federation Services (ADFS)

PROBLEM

A user is unable to login to Skype for Business Service hosted on Office 365 from his Android mobile device using the Lync 2013 client

The same user is able to login without any problem from the desktop Skype for Business client, or Skype for Business client on an iOS mobile device.

CAUSE

The https connection request sent by the Android device does not contain the Server Name Indication (SNI) and therefore the cannot be processed properly on the server side.

SOLUTION

On the ADFS Proxy Server, use NETSH to add a binding for ip address 0.0.0.0 port 443. This will allow for proper processing of request that do not contain the SNI.

Detailed steps:

1. On the ADFS Proxy Server, start the command prompt with the Run As Administrator option.
2. Type the following command to show the current SSL certificate bindings:

netsh http show sslcert

The command will give an answer that looks similar to this:

SSL Certificate bindings:
————————-

Hostname:port                : sts.mydomain.com:443
Certificate Hash             : 177866c8d8827f2b66d02e3e2e67bc860a4ca638
Application ID               : {5d89a20c-beab-4389-9447-324788eb944a}
Certificate Store Name       : MY
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check                  : Enabled
Revocation Freshness Time    : 0
URL Retrieval Timeout        : 0
Ctl Identifier               : (null)
Ctl Store Name               : AdfsTrustedDevices
DS Mapper Usage              : Disabled
Negotiate Client Certificate : Disabled

Hostname:port                : sts.mydomain.com:49443
Certificate Hash             : 177866c8d8827f2b66d02e3e2e67bc860a4ca638
Application ID               : {5d89a20c-beab-4389-9447-324788eb944a}
Certificate Store Name       : MY
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check                  : Enabled
Revocation Freshness Time    : 0
URL Retrieval Timeout        : 0
Ctl Identifier               : (null)
Ctl Store Name               : (null)
DS Mapper Usage              : Disabled
Negotiate Client Certificate : Enabled

2. Note/copy the values of the certificate hash and the application ID fields used by the ADFS service.

3. Create a new binding by typing the following command (use values noted in step 2)

netsh http add sslcert ipport=0.0.0.0:443 certhash=177866c8d8827f2b66d02e3e2e67bc860a4ca638 appid={5d89a20c-beab-4389-9447-324788eb944a}

How to check if this worked?

Type

netsh http show sslcert

If the command was executed successfully you will get a new entry in the SSL bindings list looking similar to this:

SSL Certificate bindings:
————————-

IP:port : 0.0.0.0:443
Certificate Hash : 177866c8d8827f2b66d02e3e2e67bc860a4ca638
Application ID : {5d89a20c-beab-4389-9447-324788eb944a}
Certificate Store Name : (null)
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier : (null)
Ctl Store Name : (null)
DS Mapper Usage : Disabled
Negotiate Client Certificate : Disabled

• Author
• Recent Posts

Dejan Foro

CEO at Exchangemaster GmbH

Dejan Foro is founder and CEO of Exchangemaster GmbH.

He lives in Zurich, Switzerland and is a dedicated specialist, with 30 years of professional work experience in IT.

Before starting Exchangemaster GmbH he worked as a system engineer and project manager with customers of all sizes and across many industries: From small ISV startups and a NGO humanitarian organizations up to largest international corporations like Stryker, Swisscom, British Telecom and Nyrstar.

He spent his entire career delivering Microsoft based infrastructure solutions with main focus on Active Directory and Exchange. During those years, he collected a valuable work experience on 8 Exchange generations (2019, 2016, 2013, 2010, 2007, 2003, 2000 and 5.5) and has delivered services to a user base of more than 3.2 million mailboxes in on-premise, hybrid and Office 365 deployments.

Beside working on customer projects, he is a regular speaker and expert at Microsoft conferences and user groups. As a Microsoft Certified Trainer he also teaches Microsoft Official Curriculum courses to technical professionals around Europe.

For his work he has received numerous awards.

In 2005 he was the first member to be elected into the MCP Hall of Fame by Windows IT Pro Magazine readers choice (as 1 of 6 worldwide).

From 2005-2017, Dejan has been awarded by Microsoft Corporation with the yearly Microsoft Most Valuable Professional award in area of Exchange for 12 years in a row (one of approximately 100 worldwide and, at the time, the only 1 such in Switzerland).

Latest posts by Dejan Foro (see all)

• FAQ 000180 – How to set Microsoft Teams Room Device to use internal NTP server - December 15, 2021
• FAQ 000178 – How to change the sender and reply E-mail address in Microsoft Bookings - January 11, 2021
• FAQ 000175 – How to use Windows performance monitor to troubleshoot inbound SMTP mail flow in Exchange - July 10, 2019