This article applies to:
Lync 2013 client on Android devices
Skype for Business service hosted on Office 365
user logging into Office 365 via Active Directory Federation Services (ADFS)
PROBLEM
A user is unable to login to Skype for Business Service hosted on Office 365 from his Android mobile device using the Lync 2013 client
The same user is able to login without any problem from the desktop Skype for Business client, or Skype for Business client on an iOS mobile device.
CAUSE
The https connection request sent by the Android device does not contain the Server Name Indication (SNI) and therefore the cannot be processed properly on the server side.
SOLUTION
On the ADFS Proxy Server, use NETSH to add a binding for ip address 0.0.0.0 port 443. This will allow for proper processing of request that do not contain the SNI.
Detailed steps:
- On the ADFS Proxy Server, start the command prompt with the Run As Administrator option.
- Type the following command to show the current SSL certificate bindings:
netsh http show sslcert
The command will give an answer that looks similar to this:
SSL Certificate bindings:
————————-Hostname:port : sts.mydomain.com:443
Certificate Hash : 177866c8d8827f2b66d02e3e2e67bc860a4ca638
Application ID : {5d89a20c-beab-4389-9447-324788eb944a}
Certificate Store Name : MY
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier : (null)
Ctl Store Name : AdfsTrustedDevices
DS Mapper Usage : Disabled
Negotiate Client Certificate : DisabledHostname:port : sts.mydomain.com:49443
Certificate Hash : 177866c8d8827f2b66d02e3e2e67bc860a4ca638
Application ID : {5d89a20c-beab-4389-9447-324788eb944a}
Certificate Store Name : MY
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier : (null)
Ctl Store Name : (null)
DS Mapper Usage : Disabled
Negotiate Client Certificate : Enabled
2. Note/copy the values of the certificate hash and the application ID fields used by the ADFS service.
3. Create a new binding by typing the following command (use values noted in step 2)
netsh http add sslcert ipport=0.0.0.0:443 certhash=177866c8d8827f2b66d02e3e2e67bc860a4ca638 appid={5d89a20c-beab-4389-9447-324788eb944a}
How to check if this worked?
Type
netsh http show sslcert
If the command was executed successfully you will get a new entry in the SSL bindings list looking similar to this:
SSL Certificate bindings:
————————-IP:port : 0.0.0.0:443
Certificate Hash : 177866c8d8827f2b66d02e3e2e67bc860a4ca638
Application ID : {5d89a20c-beab-4389-9447-324788eb944a}
Certificate Store Name : (null)
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier : (null)
Ctl Store Name : (null)
DS Mapper Usage : Disabled
Negotiate Client Certificate : Disabled
- FAQ 000181 – How to enable mailbox auditing using PowerShell - August 1, 2023
- FAQ 000180 – How to set Microsoft Teams Room Device to use internal NTP server - December 15, 2021
- FAQ 000178 – How to change the sender and reply E-mail address in Microsoft Bookings - January 11, 2021