I used to run Skype for Business on-premises (ever since Lync Server 2010) and every year I was struggling with SSL Certificate renewal. Last time (few weeks ago) it didn’t work as expected (every now and then I could not respond to message) I decided to move to Skype for Business Online.

Since not too much SfB enabled users were involved I decided to decommission SfB on-premises first and then enable SfB in Office 365 (user accounts were synchronized from on-premises Active Directory to Azure Active Directory).

After fully decommissioning all Skype for Business servers on-premises I enabled the SfB licenses in the Microsoft Online Portal, but unfortunately I was not able to logon to SfB Online:

Also, the Remote Connectivity Analyzer was not able to test successfully. However, according to the Microsoft Online Portal (domain usage under domains) all DNS settings were correct.

A newly created user did work immediately, so it must be something with the ex SfB enabled accounts. When looking with ADSIEdit I found that the msRTCSIP-DeploymentLocator was still populated, although the only value was “SRV:” as shown in the following figure.

This attribute is used in a split domain topology (i.e. Skype for Business hybrid, where both on-premises and online are used) and it should contain the Skype for Business Online FQDN sipfed.online.lync.com.

The newly created user did not have this property populated, so I decided to remove the value from the users completely. Once removed I was able to logon to Skype for Business Online.