Saturday, March 26, 2016

Issue With Provisioning Skype for Business Online DNS Records in Office 365 for Recycled Domain

Happy Weekend, UC Geeks!

So, I was inspired to write a little blog post based on some odd behavior that I ran into the other day in Office 365 when trying to allow the Domain Management wizard to auto-create my required DNS records for Skype for Business Online. Yeah, sure, I could have just gone into GoDaddy's DNS tool (yes, I use GoDaddy for domain registration and DNS management - let the hazing begin!), but what is the fun in that when Office 365 has a handy little wizard for taking care of those DNS records for you?

The Scenario


Alright, in this particular Office 365 tenant, I have my domain, 's4blab.org', added in and verified. This domain was added in previously for other testing, but in the previous tests, the domain was used in a Hybrid environment, so I also used the domain name in my on-prem Skype for Business deployment as well. As such, my DNS records originally pointed to my on-prem Edge and Reverse Proxy servers. Savvy?

Now, that on-prem environment is long-since gone, but the Office 365 tenant has been left up, and therefore the domain was still verified and ready for use. I still had Skype for Business Online (Plan 2) licenses purchased. That meant that it was now time to make sure everything looked OK with the domain itself (DNS, etc.) within Office 365 so that I could start creating user accounts and assigning licenses.

To verify I was good to go, I first logged into the Office 365 Admin Center Preview (yeah, I am using the Preview interface cause I am awesome like that), hovered over the Settings menu item in the left-hand navigation, and then clicked Domains:

















This brought me to my Domains page. Here we can see that I only have the Default 'onmicrosoft.com' domain, and my custom 's4blab.org' domain. Clearly the domain is not ready for production. It has a warning icon beside the domain name, and tells us that there are "Possible Service Issues":










Clicking on the domain itself brings up another modal screen that shows us that there are DNS errors. It then proceeds to highlight all of the required DNS records for the various Office 365 services that can be used in our tenant. Next I click on View Errors:


















The next screen shows us what the expected CNAME Records are, compared with the Current values, which are empty. Reading the text at the top of this screen we can already see that Office 365 recognizes GoDaddy as the location of our authoritative DNS zone file for s4blab.org. We can also see that it lets us know that we can use that handy little Fix My Records button up top instead of going to GoDaddy and manually fixing the records. Sure, why not?!















Once we click the Fix My Records button, another pop-up window appears asking us to input our credentials. In my case, this is my GoDaddy credentials.





















Upon successfully authenticating at the above screen, you are now presented with another screen in which you must click Accept, authorizing Office 365 to make DNS changes to your domain in the DNS zone file hosted at GoDaddy. Of course, we click Accept here:














Once we click Accept, this GoDaddy pop-up disappears, and we now see a grey box across the screen showing us that our DNS records are being configured:


















The Problem


So, what's the problem? Normally, if this domain had not ever been used for another Skype for Business (or Lync) deployment before, your records would simply be created, and you would be on about your business! Remember though, I had used this domain for an on-prem Skype for Business Server 2015 deployment previously. So, at this stage in the game, that Configuring your DNS records... box just kept spinning, never completing. After about a few minutes I figured something was wrong.

My next step was to log into my GoDaddy portal and navigate to the 's4blab.org' DNS zone file. The Office 365 Domain Management wizard claimed that the CNAME records flat-out did not exist. Looking at my CNAME record section, I can see that this was indeed the case: no 'SIP' or 'Lyncdiscover' records were present:










Alright, so why won't the wizard just create the records and finish. Aha! My eyes glance up at the A Records above, and that's when I see the problem: The 'SIP' and 'Lyncdiscover' records did exist...as A Records!









Yes, I blotted out the IP addresses of the other A Records to protect the identities of the Innocent. And I put in fake IPs (non-routable on the internet) for these records. After all, I am just reproducing the problem for demonstration purposes!

In case DNS is not your bread and butter and you are wondering why this is a problem since the CNAMEs did not exist, and Office 365 was trying to create the CNAMEs instead of A Records, you cannot have similarly named records in the same DNS zone, regardless of record type. Therefore, I cannot have a 'SIP' A Record, and a 'SIP' CNAME. A conflict is detected on GoDaddy's end, and that is why the wizard never finishes in Office 365. It knows there is a problem, but has not been coded to properly display the problem to the Office 365 admin user.

The Solution


Now I know what needs to be done. First, as I am no longer using those A Records any longer, I delete both the 'SIP' and 'Lyncdiscover' A Records from my GoDaddy DNS zone file. Don't forget to click on Save Changes!











Perfect, now the A Records section does not reflect the records anymore:







However, going back into Office 365, I see that the grey bar is still present, and it still shows that it is trying to Configure the DNS records. Finally, I decide to try it from scratch. I click on the Fix My Records button again, and I am once again prompted to input my GoDaddy credentials:






















After another successful authentication, click on Accept again, and like before, the GoDaddy window disappears. This time, however, we have much different results! We VERY briefly see the grey 'Configuring' bar, but then it disappears and we see a beautiful green bar showing us that the records have been created successfully! We can even see that the yellow warning icon has disappeared from beside our domain name:








Going over to our GoDaddy portal, we can see that the new CNAME Records are indeed created:












And there you have it, folks! The Domain Management wizard within Office 365 is quite the wonderful tool, making DNS management a walk in the park for admins across the world! However, if you have used your domain in a previous Skype for Business deployment and did not properly clean up your DNS zone file afterwards, the Office 365 wizard will not ever finish, but also won't tell you what the problem is. Now, thanks to my bumbling lab work, you know why!

Stay Techy, my friends!