Tag Archives: Skype for Business

#Skype4b: Standard vs. Enterprise Edition

This is an on-demand article, I am writing it because one of the follower was asking about it and definitely it will help others as well. J I hope it will motivate others as well to ask any thing on Insidemstech.com and I’ll try my best to help each one of you.

Lync/Skype for Business server comes in two different editions i.e. Standard Edition and Enterprise Edition. Both the editions offer same features and functionalities. I would say end user can’t recognize the version of Lync/Skype for Business. Let me explain the difference through comparison.

The above comparison shows very high level difference but these are core differentiation points between standard and enterprise edition. * shows that these are technical possibilities and support matrix but doesn’t guarantee any performance. For example, if you collocate Mediation server with Front End servers then concurrent call reduces. For more details and in-depth information you can search role specific blog posts here and if don’t find any information please let me know, I’ll try to help you out.


#Skype4b: Error while requesting certificate

Requesting and assigning a certificate to Lync/Skype for Business server is a crucial process. Any kind of ignorance while requesting the certificate can trouble end-user services. If you are requesting the certificate for Lync/Skype for Business server, you may notice “WARNING: The chain of the certificate “xxxxxxxxxxxxxxxxxxxx” is invalid”.

If you will look into the logs then you can easily find it out that the process couldn’t find certificate chain and it happens because of root certificate. It simply means that the root certificate of certification authority does not exist on the local server from where the request is being generated.

Note: To reproduce this problem you should not install and configure local AD CS before Lync/Skype for Business Server installation. Install and configure AD CS after Lync/Skype for Business installation and try to request certificate without restarting the Lync/Skype for Business server. Most probably you will see the same error.

Now, let me use step by step process to identify and resolve this problem.

Below snapshot shows warning message while requesting certificate.

Open certificate snap-in through MMC and look for the root certificate of certification authority by which you are trying to request certificate.

You will not find the root CA in both “Current User” and “Local Computer”.

Now, Reboot the Lync/Skype for Business server and check again, now you may find the root certificate. In my case, certification authority name is “dcloud-AD-CA”. If you could not find the root certificate or not using AD CS then install the root certificate chain manually.

You can check this root certificate chain in both the locations “Local Computer” and “Current User”.

Now, you should try to request and assign the certificate.

Hope, it helps you.

#Skype4b: Key planning considerations for SfB on Azure IaaS Part III

Part I and Part II of this blog post series covers basic of key designs considerations, typical server configuration in traditional datacenter environment, Azure IaaS nomenclature and mapping Azure IaaS components with traditional datacenter. This part of the blog post covers the limitation of Azure IaaS for Skype for Business Server.

First, let me describe the Skype for Business role wise limitations.

Skype for Business Server Role Limitations on Azure IaaS
Front End Technically feasible
Back End Supported
Mediation Technically not feasible
Director Technically feasible
Persistent Chat Technically feasible
Video Interop Technically not feasible
Edge Technically not feasible

Supported: Server role such as Back End server is fully supported because it uses SQL server in the background and SQL server is a supported application on Azure IaaS.

Technically feasible: Technically feasible server roles are those server role that can be deployed but there is no performance study data exist.

Technically not feasible: Technically not feasible server role are those server roles their recommended configuration can’t be met on Azure IaaS. However, technically you may deploy these roles on Azure IaaS VM.

Above mentioned “technically not feasible” server roles are lacking technically because of network configuration most of the time. As everybody knows that Lync/Skype for Business is network intensive application and network requirement are little complex for Skype for Business deployment. Following are the key limitations in Skype for Business deployment on Azure IaaS:

  • All the VMs type doesn’t support more than one NIC. If you don’t select right VM in the beginning, you will have to redeploy the VM to support more than one NIC.
  • Azure IaaS doesn’t support multiple VNet for single VM.
  • Quality of Services can’t be configured as you can’t access Network switch deployed in Azure datacenter.
  • Enterprise Voice can’t be configured.
  • Video Integration Server configuration is difficult if you have Skype for Business infra on Azure IaaS.

Though, these functionality may be enabled in future but as of now not available. Therefore, Microsoft doesn’t recommend or support Lync / Skype for Business deployment on Azure IaaS.

#Skype4b: Key planning considerations for SfB on Azure IaaS – Part II

Part I of this blog post series covers basic of key designs considerations and typical server configuration in traditional datacenter environment. Now, let’s discuss first thing first.

Create a mind map or sketch a rough design diagram of Skype for Business deployment and collect all the information that you need to size the application.

Create a rough Bill of Material and Bill of Quantity in your mind or note it down somewhere.

Create a list of things that you need to finish the deployment process such as DNS and Certificate requirement.

Look at the end user connectivity as well because at the end of the day end users have to consume these services.

Now, start mapping your rough design diagram component with Azure IaaS components.

Traditional datacenter and Azure IaaS uses the same logic but has different naming conventions. Below table shows you the right set of Azure IaaS services/component mapping with traditional datacenter.

Traditional Datacenter

Azure IaaS

Server – Physical / Virtual Machine

Server – Virtual Machine

Storage – External (SAN/NAS) / Internal

Storage – Storage Account and Disks

Network – NIC and LAN

Network – NIC and VNet

Load Balancer

Load Balancer


Network Security Group

Reverse Proxy

Reverse Proxy

Voice Gateway


Based on the table above, it really looks simple. But in actual, it is not. There are many limitations which you can find while deploying Lync / Skype for Business on Azure IaaS. As of now, you should get familiar with all the terminologies. Next part of this blog post will cover the limitations and will describe why Microsoft does not recommend Lync / Skype for Business on Azure IaaS.

#Skype4b: Key planning considerations for SfB on Azure IaaS – Part I

Microsoft Azure is one of the key Infrastructure as a Service platform in public cloud space. Many organizations are looking at it as an alternative option for traditional datacenter. Therefore, it is necessary for consultant and architects to know about the enterprise application suitability on Azure IaaS. When customer look for Microsoft Public Cloud offerings, most of the time you can observe that customer is looking for Microsoft based applications or custom applications which runs on Microsoft operating system.

Let me take an opportunity to discuss about Microsoft Business Productivity applications and their suitability with Azure IaaS. Microsoft SharePoint was the first enterprise application from business productivity suite which was ready long back to deploy on Azure IaaS. Next precedence had been given to Exchange and now it is chance for Lync / Skype for Business.

In this blog post, I am going to discuss about key consideration for deploying skype for business on Azure IaaS. As of now, production deployment of skype for business is not recommended. I would say, there are technical limitations because of that deployment for Lync / Skype for Business is not recommended.

Below diagram illustrates how traditional datacenter deployment should look like in high level.

I am describing this traditional deployment first because you easily can correlate it with Azure IaaS later point in time. Now, let’s assume customer has basic infrastructure in-place such as Active Directory, Office Web Apps or Office Online server and Reverse Proxy. Therefore, it is a time for you to design or size Skype for Business server roles. I am taking a simple example of Skype for Business Enterprise Edition pool with three servers. In this example, I am collocating server roles wherever possible and not focusing on few additional server roles such as persistent chat and VIS.

Below table shows the typical server configuration based on Microsoft recommendation.

SfB Server Role





Front End

12 core

32 GB


Based on the MS recommendations

Back End

12 core

32 GB



8 core

16 GB

2/4 NIC

Numbers of network card mentioned in above table consider basic configuration. You can opt for NIC teaming for all the server roles. Skype for Business edge server role can have either 2 interfaces (one for internal and one for external) or 4 interfaces (one for internal and 3 for external).

Apart from this you need to consider many other factors in datacenter such as Network, Firewall, Load Balancers and Quality of service configuration capability. Next part of this article, maps these requirements with Azure IaaS and covers the best possible configuration.

#Skype4b: Skype for Business PSTN Calling

PSTN calling is an add-on service to Skype for Business Cloud PBX. If you want to learn more about Skype for Business online voice offerings, please read the entire series here.

PSTN calling feature in Skype for Business online allows users to make calls to and receive calls from people inside and outside the organization. This feature enables administrators to search, acquire and assign the phone numbers to the users in the organization. Users enabled for PSTN calling in Office 365 can make voice calls across all Skype for Business devices including PCs, mobile devices and VOIP phones. Users can also control their calls through mute/unmute, hold/resume, call transfers, and call forwarding features, and if necessary, make emergency calls. It provides two different types of PSTN voice calling plans:

  • PSTN Domestic Calling
  • PSTN Domestic and International Calling

PSTN Domestic Calling: PSTN Domestic Calling allows user to make domestic calls with in the same country or region. User’s license usage location determines what is considered “domestic” for a specific user. Each user gets PSTN calling minutes that consist of both domestic outgoing, and domestic and international inbound calls (originating from anywhere in the world). Following are the PSTN calling minutes for specific locations:

Untied States: 3000 minutes (including Puerto Rico)

United Kingdom: 1200 minutes

PSTN Domestic and International Calling: PSTN Domestic and International Calling allows user to make domestic and international (196 countries) calls. User’s license usage location determines what is considered “domestic” and what is considered “international” for a specific user. Each user gets PSTN calling minutes that consist of both domestic and international outgoing, and domestic and international inbound calls (originating from anywhere in the world). Following are the PSTN calling minutes for specific locations:

Untied States: 3000 domestic minutes (including Puerto Rico) OR 600 international minutes

United Kingdom: 1200 domestic minutes OR 600 international minutes

Country and regions specific monthly minute’s details can be found here.

Courtesy: Microsoft

Skype for Business Cloud Connector Edition: Release 1.4.1

Skype for Business Cloud Connector Edition release 1.4.1 is 3rd release. To learn more about Skype for Business Cloud PBX, Cloud Connector Edition and different releases, click here. Skype for Business Cloud Connector Edition version 1.4.1 was released in August 22, 2016 with the following updates:

  • Customization available in CloudConnector.ini file:
Configuration setting Description
Site Name Site name is required and it should be unique for each site and must match with PSTN site name defined in Office 365.
Hardware Type Type of Hardware can be defined, by default it is set to “Normal” but it can be set to “Minimum” for smaller deployments that can support up to 50 simultaneous calls.
CorpDNSIPAddress “CorpDNSIPAddress” must be configured in .ini file to allow windows update for the base VM image. It will be configured on internal interface of temporary VM and should provide the name resolution to the public names. Otherwise, internet connection will fail because of name resolution and deployment will not finish.
WSUSServer The address of WSUS server can be configured for Microsoft updates if required.
WSUSStatusServer The address of WSUS server can be configured for WSUS status update if required.
EnableReferSupport EnableReferSupporyt parameter is used to define the SIP REFER support, either enabled or disabled on the Trunk configuration to your IP/PBX. By default it is set to “True” otherwise it can be changed to “False”. If you are not sure if your gateway supports REFER, please reference Microsoft Unified Communications Open Interoperability Program for Qualified IP-PBXs Gateways.
ForwardPAI ForwardPAI determines whether PAI (P-Asserted-Identity) field is forwarded from the Mediation Server to the gateways. By default, it is set to “True” but it can changed to “False”
  • New CCE Management service has been added on host server to manage HA Detection/Recover, binary auto-upgrade, and operating system auto-upgrade.
  • There has been 5 new cmdlets introduced and at the same time 3 cmdlets have been deprecated. You can refer to the Cloud Connector cmdlet reference for latest cmdlets. While 2 cmdlets have been updated Install-CcInstance and Uninstall-CcInstance to Install-CcAppliance and Uninstall-CcAppliance.