When you acquire the AD endpoint there is a subtree search performed against the "CN=Pools,CN=RTC Service,CN=Services,CN=Configuration,DC=***,DC=yyy" for that AD domain with a filter of "(&objectClass=msRTCSIP-Pool)(msRTCSIP-PoolVersion>=327680))" to retrieve the dnsHostName attribute value. If this search is successful those values would be stored within the Provisioning Repository in the CA IM AD endpoint's eTADSlyncAvailableSIPPool attribute and this would have triggered the IDM UI to display the "Skype for Business Server" tab which would have display this value as the "Front-end pool".
What you would want to do as a first step would be to enable logging for the acquired AD endpoint for all message severity to a text file destination and review what the log captures for that search. You could also try using an ldapbrowser to directly search the AD domain controller itself using the same credentials used to acquire the AD endpoint to determine if there is a permissions/ACL restriction in viewing those objects.
If further assistance is needed I recommend opening a support case.