While Teams may have its own PowerShell module, many of the management tasks still reside in legacy Skype for Business Online PowerShell. To connect to this service, you need to download and install the latest SkypeOnlineConnector module and create a remote PowerShell session to the service. However, when I was recently working on my PluralSight course, I created a tenant for recording the course demos, and I had some issues connecting to the service with a user using the <tenant name>.onmicrosoft.com domain suffix. The solution for this also assisted a fellow consultant on Twitter who had issues connecting due to a different error. This blog post is going to cover each scenario and the workaround.

Error in XML Document

Let’s first start with my scenario. I was using the following code to create a session out to Skype Online with a user account using the default .onmicrosoft.com domain (replace <tenant name> with your tenant name):

$skypeSession = New-CsOnlineSession -UserName skypeadmin@<tenant name>.onmicrosoft.com -Verbose

Without a prompt for a password, this was the result:

Get-CsOnlinePowerShellEndpoint : There is an error in XML document (1, 123).

Error creating CsOnlineSession

Looking at the details of the error, it is having an issue running this command found in the SkypeOnlineConnectorStartup.psm1 file with the $adminDomain being the UPN of the user trying to sign in:

$targetUri = Get-CsOnlinePowerShellEndpoint -TargetDomain $adminDomain

Unfortunately, the contents of the Get-CsOnlinePowerShellEndpoint command are not defined in the module’s .PSM1 file and are most likely imported from a DLL in the module, so I’m unable to see what this command is doing. Running this command individually with -Verbose does not yield any more information.

I searched around for a solution and came across this option. When creating the online session, use the -OverridePowerShellUri parameter and input a specific URL. In my case, it is:

https://admin4a.online.lync.com/OcsPowerShellLiveId

However, the 4a portion might be different for you as I believe this indicates what forest your Skype for Business Online tenant is located. To locate yours, you’ll need to log into the legacy Skype for Business Online admin center by going to the Teams admin center and selecting Legacy portal:

Navigating to legacy portal

From here, take a look at your URL and take note of what is after webdir:

Finding Skype for Business Online forest information

At this point, my new connection command looks like this and now successfully creates the session:

$skypeSession = New-CsOnlineSession -UserName skypeadmin@<tenant name>.onmicrosoft.com -OverridePowerShellUri "https://admin4a.online.lync.com/OcsPowerShellLiveId" -Verbose
Connecting using OverridePowerShellUri parameter

You’ll notice the third line in the output is a warning message that it converted my URI to a different OAuth URI and asks to use it in the future. I tried the command again using the new URI of https://admin4a.online.lync.com/OcsPowershellOAuth and was also able to successfully connect:

$skypeSession = New-CsOnlineSession -UserName skypeadmin@<tenant name>.onmicrosoft.com -OverridePowerShellUri "https://admin4a.online.lync.com/OcsPowershellOAuth" -Verbose
Connecting using converted OAuth URI

What’s interesting is this seems specific to this tenant created in February 2020. I have a several year old tenant that I can connect using the .onmicrosoft.com tenant domain name just fine. Not sure if there is an issue in provisioning but I have tried multiple accounts in this tenant with varying admin permissions without luck.

LyncDiscover Remote Name Could Not Be Resolved

I recently came across Eric Marsi (@EricMarsi) on Twitter that was having issues creating a Skype for Business Online PowerShell session.

When trying to create his session, he was getting the error:

Get-CsOnlinePowerShellEndpoint : The remote name could not be resolved: ‘lyncdiscover.<tenant name>.onmicrosoft.com’

He was also trying to log in with a user using the .onmicrosoft.com default domain name, and the lyncdiscover record for it was missing. He was able to connect after making a peer-to-peer (P2P) call inside of Teams, and this seemed to finish some lingering automated provisioning issues (looking at other comments, this seems to be a common “solution” to tenant issues).

However, in the reply thread fellow consultant Trevor Miller (@TrevorAMiller) was having the same issue with his fairly new tenant also missing the lyncdiscover.<tenant name>.onmicrosoft.com DNS record. Despite trying the P2P call trick and waiting several days, the record still did not exist. I suggested he try the fix above for specifying the -OverridePowerShellUri to create his PowerShell session and this worked for him.

So if you have a new tenant and the lyncdiscover URL is missing (even after making a P2P call), try using that parameter with your tenant specific admin URL to workaround the issue. Then open a ticket with Microsoft and work through support to find out why your DNS record for your tenant isn’t being created.

Questions or comments? If so, drop me a note below or find me on Twitter or LinkedIn to discuss further.

Leave a Reply