Microsoft Teams does not allow remote users to connect

We came across a client that was unable to communicate out to people outside of the organization. A check of the Teams admin settings in the GUI showed that everything was configured properly but it didn’t work. Still we had to solve the problem. If you have a similar situation, here are the troubleshooting steps to take.

Verify that Teams is not in Islands mode

First using the Teams Admin center, verify that the Teams is not in Island Mode but has been upgraded to Teams Only. This upgrade can take 24 hours to happen.

https://admin.teams.microsoft.com/dashboard

Look in Org Side settings, then click on External access then later Teams upgrade.

Under external access both items should be set to ON as shown below. There will normally be no domains listed in the Add a domain box. This means that all domains are allowed to communicate with them. If there are any domains in the box then those are the only domains that they will be able to communicate with.

If there are domains in the list then there is your solution. Either remove them or add the new domain that they wish to not communicate with.

Check the Teams upgrade status

Make sure that it is set to Teams Only. Other modes exist to make your transition from Skype for Business phone system go smoother through various stages. If that isn’t you, then you should be in Teams only.

Check for domains in AllowedDomains

If oc-existance mode is set to Teams only and it is still not working. Next we want to verify using Powershell that the AllowDomains setting is equal to AllowAllKnownDomains as shown below. While you’re at it verify that all of the items match as shown below.

To run this powershell command you need to download the Skype powershell module. It is available here: https://www.microsoft.com/download/details.aspx?id=39366

Once you have that installed, open Windows Powershell remembering to run Windows Powershell as Administrator.

Import the module into powershell as show below and connect to the client’s tenant.

When successful you’ll get this:

Now check the federation status using the get command.  Get-CsTenantFederationConfiguration If there is a list of domains in the AllowedDomains field, then proceed to remove them and replace with AllowAllKnownDomains. This is done in a single step.

Run these commands:

$x = New-CsEdgeAllowAllKnownDomains

Set – CsTenantFederationConfiguration -AllowedDomain $x

Then verify that it now looks correct as the screenshot above by running Get-CsTenantFederationConfiguration

Here is the documentation for the commandlet https://docs.microsoft.com/en-us/powershell/module/skype/new-csedgeallowallknowndomains?view=skype-ps

The External access should work. When I did this during the remote work flood of 2020 it took over night to take effect. If you are reading this during a time of normalcy rather than pandemic if should be faster.

Verify that you can invite people to remote meetings and they can join the remote meeting by opening Teams online. Go to Calendar, create new Meeting. Send an invitation to a public IP address like @gmail.com @yahoo.com address. Try to join the meeting from that address. Note: that you do not need to wait until the meeting time to attempt to join.

All we do is support IT professionals. Help for IT Pros, Super Secret News, Women in IT Scholarship program, Security community, Kits, papers and more. https://www.thirdtier.net

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.