Tag Archives: Skype for Business Server

#skype4b: Director Server role

There are myths around the director server role in Lync Server 2013 and Skype for Business Server 2015. Let me give you the facts:

What, When, Why, Where and How?

Many IT professionals, even consultants and architects who work on Microsoft Unified Communication area may have all these questions in their mind.

What: Director is an optional server role in Lync Server 2013 and Skype for Business Server 2015. Director authenticates user requests, but doesn’t home any user accounts.

When: Director may require in following conditions:

  • If you deploy, multiple Front End pools at a central site.
  • If you want to increase security against denial of service attacks.

Why: Director protects Front End pools from denial of service attacks, avoid unnecessary traffic by pre-authenticating inbound requests, and redirecting users to their home pool.

Where: Director can be deployed in corporate network where you deploy Front End servers and can never be collocated with any other role.

How: You need to use the same process which you use to add mediation server or any other additional server role in Lync/Skype for Business site.

As I mentioned in the beginning, director is an optional server role and deployment of director totally depends on the business need and discretion.

Definitely, it increases the level of security and simplify the authentication process for external users who comes through Edge server, Director does the pre-authentication for them and passes these request to internal servers. By doing this, it saves Front End pool server from the authentication overhead and also help isolate internal Front End pools from malicious traffic such as denial-of-service attacks.

It serves as an internal next hop server to which an Edge Server routes inbound SIP traffic intended for internal servers. If the network is flooded with invalid external traffic in such an attack, this traffic ends at the Director.

If you deploy multiple Front End pools at a central site, by adding a Director to that site you can streamline authentication requests and improve performance. In this scenario, all requests go first to the Director, which then routes them to the correct Front End pool.

Now, I think you can pick the best option and design your Skype for Business solution based on the specific requirements.

How does Office Web Apps / Office Online server integration work with Lync/SfB Server?

Office Online Server (OOS) is a latest version or new release of Office Web Apps Server. It plays an inimitable role for Microsoft UCC (Exchange, Lync/SfB, SharePoint) applications. In this blogpost, I’ll cover the integration workflow between Lync/SfB and OOS.

OOS provides enriched PowerPoint presentation view to Lync/SfB end-users.

When a user uploads PowerPoint file into the meeting, the file is sent to the OOS server without any conversion.

OOS performs encryption and saves the file to Lync/SfB content file share.

When you configure OOS in Lync/SfB at the time of topology configuration, you define base URL. When a user presents a file, the url is taken for customization with unique identifier, file ID and meeting ID etc as well as with additional security using session lifetime token and send it to all the clients.

Whenever an end user connects to this meeting and try to access broadcast URL, OOS send the instruction to the Lync/SfB FE server to get the file details.

FE server fetch the file details based on the file ID from Lync/SfB share folder and uploads to the OOS.

Finally, OOS sends the http response with current page to the participants.

Totally confuse L

Let’s try to understand this process through illustration:

Courtesy: MVA

When a user setups a conference and upload the presentation file, it first connects to the conference server and then share the file. As shown above in the image it works as follows:

  1. The Presenter/Sharer uploads the file to the Front End.
  2. The Front End save the shared file to the Skype for Business file share folder.
  3. The sharer user starts the file presentation though the Front End server.
  4. The Front End user send the broadcasting URL with a defined file ID and authentication token to all the participants.
  5. Participants send the HTTP instruction to get the broadcast URL though the Office Online server / Office Web Apps server.
  6. The Office Online server / Office Web Apps server send the instruction to the Front End server to get the file with the defined file ID.
  7. Front End server takes the file of that file ID from the Skype for Business file share folder.
  8. Front End server uploads the file to the Office Online server / Office Web Apps server.
  9. Office Online server / Office Web Apps server sends the
    HTTP response with current page to the participants.

#Skype4B : Install cumulative updates on Skype for Business Part III

This is a continuation of my preceding blog post Install cumulative updates on Skype for Business Part II and focus on backend database updates. In part II of this blog series we updated all the Skype for Business servers. Now, In this post will update backend databases and Central Management Store.

First you have to make sure your all the databases are Principal on Primary Server.

When I cross checked my Back End server, I found locslog is not principal on primary server.

Now run Invoke-CsDatabaseFailover –PoolFqdn <FE Pool Fqdn> -NewPrincipal Primary –DatabaseType <Database type>

Note: Database type will be User, Application, Archiving and Monitoring whichever are applicable in your case.

Now check the database again and make sure all the databases are on Primary and Synchronized otherwise troubleshoot.

Run Install-CsDatabase –ConfigurationDatabases –SqlServerFqdn <BE Fqdn> -Verbose

(In my case, BE databases, Archiving and Monitoring are collocated)

Now update the Persistent Chat database if applicable.

Install-CsDatabase –ConfiguartionDatabases –SqlServerFqdn <PChat BE Fqdn> -Verbose

Update all the Standard Edition and Enterprise Edition FE pools/servers, in my case I have 2 SE server and 1 EE FE pool.

Once you are done with all the SfB servers.

Update Central Management Server.

Install-CsDatabase –CentralManagementDatabase –SqlServerFqdn <CMS Fqdn> -SqlInstance <Instance name> -Verbose

Update topology by running Enable-CsTopology

Run Bootstrapper.exe in all the SfB servers.

I hope this document helped you J

#Skype4B : Install cumulative updates on Skype for Business Part II

This post is a continuation of my preceding post which describes Lync/SfB CU installation process. In this part, I’ll follow the steps which are mentioned in my preceding post and will update my SfB Enterprise Edition pool.

To begin with the CU installation process, download SfB cumulative update and copy it to all the SfB servers.

Open SfB management shell on one of the FE server.

Run Get-CsPoolUpgradeReadinessState to verify the pool readiness state. State should be Ready for the pool and IsReadyForUpgarde should be True for all the upgrade domains with in the same pool.

Run Invoke-CsComputerFailover -NoStop -ComputerName <Computer.FQDN> to failing over the FE server which needs to be updated.

The above cmdlet will disable all the SfB services.

Now, stop all the services by running Stop-CsWindowsService -Graceful

Cross verify the services state through services.msc

Note: Run SkypeServerUpdateInstaller.exe, it will verify all the SfB services state if services are running it will show you all the services which are running or in paused state. Stop all the services and run again.

Once everything is fine, update installer will come up and you can click on Install Update tab to start the installation.

Command prompt will show you the progress.

After successful installation server will reboot.

After reboot you can verify the services, you will find all the services are still in disabled state.

Now, you need to run Invoke-CsComputerFailback -ComputerName <Computer.FQDN> to failback the computer.

Once failback will complete, you can see the message “Machine <FE.fqdn> successfully failed back.

And you can verify all the services.

Now, follow the same process for all the SfB servers except Back End database servers.

Part III of this post will cover the Back End and CMS update process.

#Skype4B : Install cumulative updates on Skype for Business Part I

To update existing system or technology is a continual process in Information Technology. It is applicable in all circumstances either personal devices or business infrastructure.

In this blogpost, I’ll cover the step by step process to update Skype for Business server infrastructure. To make this process simple, Lets divide this process in three phases.

  • Planning
  • Execution
  • Verification

Part I of this blogpost will describe the planning phase while Part II with cover the execution and verification.

Your existing SfB infra may have simple topology or complex topology. When I say simple topology; it means your SfB infra has single site or two site with site resiliency configuration while complex topology means you have multiple sites with different versions and editions of SfB.

Though steps are common for all kind of topologies but sequence may change based on the configuration. Below are the steps in detail which you need to perform at the time of upgrade.

  • Download the latest cumulative updates. If Lync Server 2013 still exist in your topology you can download the CU here.
  • Verify the upgrade readiness state of your SfB pool.

Run Get-CsPoolUpgradeReadinessState on Standard Edition Server or Front End Server in Enterprise Edition to verify the readiness state.

In the result you can get three different values. In Enterprise Edition if State is Ready and IsReadyForUpgrade is True under UpgradeDomains for the same upgrade domain then you are good to go otherwise try to resolve the issue if State is Busy or InsufficientActiveFrontEnds. While in Standard Edition you have to make sure State is not Busy and IsReadyForUpgrade is True under UpgradeDomains for the same upgrade domain.

  • Install the CU on each Front End, Mediation, Director, Persistent Chat and VIS.

    First failover the computer by running Invoke-CsComputerFailover -NoStop -ComputerName <Computer.FQDN> in Enterprise Edition pool and then stop the services gracefully by running Stop-CsWindowsService –Graceful. If you have Lync 2013 servers, SfB Standard Edition or updating SfB servers in scheduled downtime then you can run Stop-CsWindowsService –Graceful to stop the services gracefully.

Run SkypeServerUpdateInstaller.exe or LyncServerUpdateInstaller.exe to install all the updates based on the version.

Run Invoke-CsComputerFailback -ComputerName <Computer.FQDN> for failback of each FE server after update in SfB Enterprise Edition pool.

Note: Follow the same process for each upgrade domains until all upgrade domains in the pool are updated.

  • Update the Back End servers.

In this step update all the Back End servers which are associated with the updated Standard Edition or Enterprise Edition Front End pool.

Standard Edition:

Install-CsDatabase -ConfiguredDatabases –SqlServerFqdn <SE.FQDN> -Verbose

Enterprise Edition:

If you are using Enterprise Edition you can have three different configuration for Back End databases. Make sure Primary Server is Principal for all the databases if you are using SQL Mirror for the Back End database. Run Invoke-CsDatabaseFailover -NewPrincipal and verify Primary Server is Principal for all the databases. Once you have confirmed, run the following cmdlets based on your database configuration.

  1. All databases including Archiving, Monitoring and Persistent Chat on the same server.

    Install-CsDatabase -ConfiguredDatabases -SqlServerFqdn <FEBE.FQDN> -ExcludeCollocatedStores -Verbose

    Install-CsDatabase -DatabaseType PersistentChat -SqlServerFqdn <PChatBE.FQDN> -SqlInstanceName <DBInstance> -Verbose

  2. Only Archiving and Monitoring databases are collocated with FE Back End database.

    Install-CsDatabase -ConfiguredDatabases -SqlServerFqdn <FEBE.FQDN> -Verbose

  3. Archiving, Monitoring and Persistent Chat databases are not collocated with FE Back End server.

    Install-CsDatabase -ConfiguredDatabases -SqlServerFqdn <FEBE.FQDN> -Verbose

    Install-CsDatabase -ConfiguredDatabases -SqlServerFqdn <SQLServer.FQDN> -Verbose

Note: Specify SQL server fqdn in all the cmdlets if you are not using default instance.

  • Update the Central Management Store.

Upgrade the Central Management store by running Install-CsDatabase -CentralManagementDatabase -SqlServerFqdn <CMS.FQDN> -SqlInstanceName <DBInstanceName> -Verbose

Note: All the existing FE pools and BE servers have been updated successfully before running this cmdlet. If you have coexistent environment with Lync 2013 or Lync 2010 don’t run this command. For more information contact Microsoft or refer TechNet articles.

  • Enable Mobility.

Run Enable-Topology.

  • Run the bootstrapper.exe on all the FEs, Mediations and Directors on which the web components are installed and updated.

In Part II of this blog post, I’ll cover all the steps which are required for execution and verification process.

#Skype4B : Verify active directory schema version for Lync/SfB

Active Directory is a backbone for Microsoft enterprise applications such as Exchange / Lync. If you are deploying these enterprise applications either in production or test environment, first you have to prepare active directory schema, forest and domain. In this Active Directory preparation process, schema comes first. Once you are done with planning processes and about to start the installation process, you have to begin with schema preparation. Let’s assume you have prepared your active directory schema for SfB installation either in greenfield or brownfield environment.

Now, How will you confirm that your ad has been prepared successfully?

The best way is to go to the schema partition under ADSI edit and look for the upper range value of ms-RTC-SIP-Schemaversion.

If you find the values listed below then you can assure that your schema has been prepared successfully for the respective version of Lync/SfB.

LCS2005 à 1006

OCS2007R1 à 1007

OCS2007R2 à 1008

Lync2010 à 1100

Lync 2013 à 1150

Skype for Business 2015 à 1150

To verify from the adsiedit is a best method, otherwise you can use Lync/SfB management shell to verify the current state of schema version but it is not useful because it just shows SCHEMA_VERSION_STATE_CURRENT

Step by step Persistent Chat pool deployment: Skype for Business Server 2015 Part II

This post continues the Part I and focus on persistent chat server specific deployment steps. The same process apply to all persistent servers in a pool.

Open PowerShell with administrative privilege, install prerequisite.

Add-WindowsFeature Net-Framework-Core, RSAT-ADDS, Windows-Identity-Foundation, NET-WCF-HTTP-Activation45, Web-Asp-Net45, MSMQ –Source D:\Sources\SxS\

Note: In my setup, Windows Server 2012 R2 media is connected as D:

Install windows update (KB2982006).

Install Silverlight.

Run setup.exe from Skype for Business Server 2015 installation media and follow the steps.

Open Skype for Business Server Deployment Wizard and run “Install Administrative Tools”

Open Skype for Business Server 2015 deployment wizard and run “Install or Update Skype for Business Server System”

Run step 1 “Install Local Configuration Store”

Run step 2 “Setup or Remove Skype for Business Server Components”

Note: Everything is common till step 2 for all persistent chat servers.

Run step 3 “Request, Install or Assign Certificates”

Click on Request.

Fill the required information and click on “Advanced”.

Enter friendly name and select “Mark the certificate’s private key as exportable”.

Add all the persistent chat servers fqdn which are going to be part of the same persistent chat pool.

Export the same certificate for rest of the persistent chat servers.

Import and assign the certificate to rest of the persistent chat servers.

Once you have done with the configuration of all persistent servers within a pool. Start the services by running “Start-CswindowsService” on each server.