Lync On-Premise Mobility Configuration Can Cause issues with Lync Online (O365) Meetings




In this scenario:

  • Bob, a Lync On-Premise user, receives a Lync Meeting request from Carol, a Lync Online (Office 365) user
  • These users are not in the same organization
  • Federation is not setup for these domains
  • Open Federation is not setup for the Lync On-Premise environment
  • Mobility has been setup in the Lync On-Premise environment



When Bob, the Lync On-Premise user receives a Lync Meeting request from Carol, a Lync Online (O365) user, and clicks on the Join Lync Meeting meet URL, he receives the following error in his client “A server error occurred.  Please contact your support team.”

Using Snooper, we open the Lync client diagnostic logs: Communicator-uccapi-0.uccapilog

We see the following error message:

SIP/2.0 500 The server encountered an unexpected internal error

ms-diagnostics: 1028;reason="Domain resolved by DNS SRV to a configured hosting service but the domain is not in the allow list";domain="";fqdn1="";source=""




As I mention in the setup, there is no federation setup between the two Lync environments, and Open Federation is not setup for the Lync On-Premise environment.  What we notice in the error message however is that the client is trying to communicate with a domain configured as a “Hosting Service”, and is trying to connect to

We can check the configured hosting providers in Lync with the following:


Identity                                   : LyncOnline
Name                                      : LyncOnline
ProxyFqdn                              :
VericiationLevel                      : UseSourceVerification
Enabled                                  : True
EnableSharedAddressSpace    : False
HostsOCSUsers                      : False
IsLocal                                   : False
AutoDiscoverUrl                      :


Here we can see that is setup as a Hosting Provider.  This was configured as part of the Lync Mobility configuration.  Why is the Lync Meeting trying to talk to the hosting provider used for Lync Mobility? is also used as the access edge for federation with Office 365. 

So let’s check the federation SRV record for and see if it is configured to point to Office 365.

Using nslookup for the SIP Federation SRV record:


Default Server:

>set type=srv
Default Server:

Non-authoritative answer: SRV service location:
          priority       = 100
          weight         = 1
          port           = 5061
          svr hostname   =

Here we can see the SRV record for is pointing to  Which means Carol’s Lync environment is hosted with Office 365.

When Bob attempts to join Carol’s meeting, Lync does a federation validation for Carol’s domain “” and finds a valid SRV record pointing to  Bob’s On-Premise Lync environment has configured as a valid hosting provider. 

Since is a valid hosting provider, Lync next checks to see if “” is an Allowed Domain.  In this scenario, the only Allowed Domain configured is Push.Lync.Com.



Identity                    :
Domain                     :
ProxyFqdn                :
Comment                  :
MarkForMonitoring    : False


In the results we see only “Push.Lync.Com”, which is configured for push notifications with Lync Mobility.

Since is not an Allowed Domain, Lync blocks the connection with the error: “Domain resolved by DNS SRV to a configured hosting service but the domain is not in the allow list”



Since is hosted on Office 365, which uses the same FQDN for Federation as Lync Mobility, it is necessary to add as an Allowed Domain. Keep in mind though that this not only allows Lync Meetings, but essentially enables federation with this entire domain.  So keep in mind your other policies that may target federation.

Set-CsAllowedDomain –Identity

An alternate method would be to allow Open Federation.  This comes with its own warnings however, as Open Federation isn’t always the best solution.

Leave a Reply

Your email address will not be published. Required fields are marked *