Tag Archives: Skype for Business

#Skype4b: Standard vs. Enterprise Edition


This is an on-demand article, I am writing it because one of the follower was asking about it and definitely it will help others as well. J I hope it will motivate others as well to ask any thing on Insidemstech.com and I’ll try my best to help each one of you.

Lync/Skype for Business server comes in two different editions i.e. Standard Edition and Enterprise Edition. Both the editions offer same features and functionalities. I would say end user can’t recognize the version of Lync/Skype for Business. Let me explain the difference through comparison.

The above comparison shows very high level difference but these are core differentiation points between standard and enterprise edition. * shows that these are technical possibilities and support matrix but doesn’t guarantee any performance. For example, if you collocate Mediation server with Front End servers then concurrent call reduces. For more details and in-depth information you can search role specific blog posts here and if don’t find any information please let me know, I’ll try to help you out.

#Skype4b: Error while requesting certificate


Requesting and assigning a certificate to Lync/Skype for Business server is a crucial process. Any kind of ignorance while requesting the certificate can trouble end-user services. If you are requesting the certificate for Lync/Skype for Business server, you may notice “WARNING: The chain of the certificate “xxxxxxxxxxxxxxxxxxxx” is invalid”.

If you will look into the logs then you can easily find it out that the process couldn’t find certificate chain and it happens because of root certificate. It simply means that the root certificate of certification authority does not exist on the local server from where the request is being generated.

Note: To reproduce this problem you should not install and configure local AD CS before Lync/Skype for Business Server installation. Install and configure AD CS after Lync/Skype for Business installation and try to request certificate without restarting the Lync/Skype for Business server. Most probably you will see the same error.

Now, let me use step by step process to identify and resolve this problem.

Below snapshot shows warning message while requesting certificate.

Open certificate snap-in through MMC and look for the root certificate of certification authority by which you are trying to request certificate.

You will not find the root CA in both “Current User” and “Local Computer”.

Now, Reboot the Lync/Skype for Business server and check again, now you may find the root certificate. In my case, certification authority name is “dcloud-AD-CA”. If you could not find the root certificate or not using AD CS then install the root certificate chain manually.

You can check this root certificate chain in both the locations “Local Computer” and “Current User”.

Now, you should try to request and assign the certificate.

Hope, it helps you.

#Skype4b: Key planning considerations for SfB on Azure IaaS Part III


Part I and Part II of this blog post series covers basic of key designs considerations, typical server configuration in traditional datacenter environment, Azure IaaS nomenclature and mapping Azure IaaS components with traditional datacenter. This part of the blog post covers the limitation of Azure IaaS for Skype for Business Server.

First, let me describe the Skype for Business role wise limitations.

Skype for Business Server Role Limitations on Azure IaaS
Front End Technically feasible
Back End Supported
Mediation Technically not feasible
Director Technically feasible
Persistent Chat Technically feasible
Video Interop Technically not feasible
Edge Technically not feasible

Supported: Server role such as Back End server is fully supported because it uses SQL server in the background and SQL server is a supported application on Azure IaaS.

Technically feasible: Technically feasible server roles are those server role that can be deployed but there is no performance study data exist.

Technically not feasible: Technically not feasible server role are those server roles their recommended configuration can’t be met on Azure IaaS. However, technically you may deploy these roles on Azure IaaS VM.

Above mentioned “technically not feasible” server roles are lacking technically because of network configuration most of the time. As everybody knows that Lync/Skype for Business is network intensive application and network requirement are little complex for Skype for Business deployment. Following are the key limitations in Skype for Business deployment on Azure IaaS:

  • All the VMs type doesn’t support more than one NIC. If you don’t select right VM in the beginning, you will have to redeploy the VM to support more than one NIC.
  • Azure IaaS doesn’t support multiple VNet for single VM.
  • Quality of Services can’t be configured as you can’t access Network switch deployed in Azure datacenter.
  • Enterprise Voice can’t be configured.
  • Video Integration Server configuration is difficult if you have Skype for Business infra on Azure IaaS.

Though, these functionality may be enabled in future but as of now not available. Therefore, Microsoft doesn’t recommend or support Lync / Skype for Business deployment on Azure IaaS.

#Skype4b: Key planning considerations for SfB on Azure IaaS – Part II


Part I of this blog post series covers basic of key designs considerations and typical server configuration in traditional datacenter environment. Now, let’s discuss first thing first.

Create a mind map or sketch a rough design diagram of Skype for Business deployment and collect all the information that you need to size the application.

Create a rough Bill of Material and Bill of Quantity in your mind or note it down somewhere.

Create a list of things that you need to finish the deployment process such as DNS and Certificate requirement.

Look at the end user connectivity as well because at the end of the day end users have to consume these services.

Now, start mapping your rough design diagram component with Azure IaaS components.

Traditional datacenter and Azure IaaS uses the same logic but has different naming conventions. Below table shows you the right set of Azure IaaS services/component mapping with traditional datacenter.

Traditional Datacenter

Azure IaaS

Server – Physical / Virtual Machine

Server – Virtual Machine

Storage – External (SAN/NAS) / Internal

Storage – Storage Account and Disks

Network – NIC and LAN

Network – NIC and VNet

Load Balancer

Load Balancer

Firewall

Network Security Group

Reverse Proxy

Reverse Proxy

Voice Gateway

NA

Based on the table above, it really looks simple. But in actual, it is not. There are many limitations which you can find while deploying Lync / Skype for Business on Azure IaaS. As of now, you should get familiar with all the terminologies. Next part of this blog post will cover the limitations and will describe why Microsoft does not recommend Lync / Skype for Business on Azure IaaS.

#Skype4b: Key planning considerations for SfB on Azure IaaS – Part I


Microsoft Azure is one of the key Infrastructure as a Service platform in public cloud space. Many organizations are looking at it as an alternative option for traditional datacenter. Therefore, it is necessary for consultant and architects to know about the enterprise application suitability on Azure IaaS. When customer look for Microsoft Public Cloud offerings, most of the time you can observe that customer is looking for Microsoft based applications or custom applications which runs on Microsoft operating system.

Let me take an opportunity to discuss about Microsoft Business Productivity applications and their suitability with Azure IaaS. Microsoft SharePoint was the first enterprise application from business productivity suite which was ready long back to deploy on Azure IaaS. Next precedence had been given to Exchange and now it is chance for Lync / Skype for Business.

In this blog post, I am going to discuss about key consideration for deploying skype for business on Azure IaaS. As of now, production deployment of skype for business is not recommended. I would say, there are technical limitations because of that deployment for Lync / Skype for Business is not recommended.

Below diagram illustrates how traditional datacenter deployment should look like in high level.

I am describing this traditional deployment first because you easily can correlate it with Azure IaaS later point in time. Now, let’s assume customer has basic infrastructure in-place such as Active Directory, Office Web Apps or Office Online server and Reverse Proxy. Therefore, it is a time for you to design or size Skype for Business server roles. I am taking a simple example of Skype for Business Enterprise Edition pool with three servers. In this example, I am collocating server roles wherever possible and not focusing on few additional server roles such as persistent chat and VIS.

Below table shows the typical server configuration based on Microsoft recommendation.

SfB Server Role

Processor

Memory

Network

Storage

Front End

12 core

32 GB

1 NIC

Based on the MS recommendations

Back End

12 core

32 GB

1 NIC

Edge

8 core

16 GB

2/4 NIC

Numbers of network card mentioned in above table consider basic configuration. You can opt for NIC teaming for all the server roles. Skype for Business edge server role can have either 2 interfaces (one for internal and one for external) or 4 interfaces (one for internal and 3 for external).

Apart from this you need to consider many other factors in datacenter such as Network, Firewall, Load Balancers and Quality of service configuration capability. Next part of this article, maps these requirements with Azure IaaS and covers the best possible configuration.

#Skype4b: Skype for Business PSTN Calling


PSTN calling is an add-on service to Skype for Business Cloud PBX. If you want to learn more about Skype for Business online voice offerings, please read the entire series here.

PSTN calling feature in Skype for Business online allows users to make calls to and receive calls from people inside and outside the organization. This feature enables administrators to search, acquire and assign the phone numbers to the users in the organization. Users enabled for PSTN calling in Office 365 can make voice calls across all Skype for Business devices including PCs, mobile devices and VOIP phones. Users can also control their calls through mute/unmute, hold/resume, call transfers, and call forwarding features, and if necessary, make emergency calls. It provides two different types of PSTN voice calling plans:

  • PSTN Domestic Calling
  • PSTN Domestic and International Calling

PSTN Domestic Calling: PSTN Domestic Calling allows user to make domestic calls with in the same country or region. User’s license usage location determines what is considered “domestic” for a specific user. Each user gets PSTN calling minutes that consist of both domestic outgoing, and domestic and international inbound calls (originating from anywhere in the world). Following are the PSTN calling minutes for specific locations:

Untied States: 3000 minutes (including Puerto Rico)

United Kingdom: 1200 minutes

PSTN Domestic and International Calling: PSTN Domestic and International Calling allows user to make domestic and international (196 countries) calls. User’s license usage location determines what is considered “domestic” and what is considered “international” for a specific user. Each user gets PSTN calling minutes that consist of both domestic and international outgoing, and domestic and international inbound calls (originating from anywhere in the world). Following are the PSTN calling minutes for specific locations:

Untied States: 3000 domestic minutes (including Puerto Rico) OR 600 international minutes

United Kingdom: 1200 domestic minutes OR 600 international minutes

Country and regions specific monthly minute’s details can be found here.

Courtesy: Microsoft

Skype for Business Cloud Connector Edition: Release 1.4.1


Skype for Business Cloud Connector Edition release 1.4.1 is 3rd release. To learn more about Skype for Business Cloud PBX, Cloud Connector Edition and different releases, click here. Skype for Business Cloud Connector Edition version 1.4.1 was released in August 22, 2016 with the following updates:

  • Customization available in CloudConnector.ini file:
Configuration setting Description
Site Name Site name is required and it should be unique for each site and must match with PSTN site name defined in Office 365.
Hardware Type Type of Hardware can be defined, by default it is set to “Normal” but it can be set to “Minimum” for smaller deployments that can support up to 50 simultaneous calls.
CorpDNSIPAddress “CorpDNSIPAddress” must be configured in .ini file to allow windows update for the base VM image. It will be configured on internal interface of temporary VM and should provide the name resolution to the public names. Otherwise, internet connection will fail because of name resolution and deployment will not finish.
WSUSServer The address of WSUS server can be configured for Microsoft updates if required.
WSUSStatusServer The address of WSUS server can be configured for WSUS status update if required.
EnableReferSupport EnableReferSupporyt parameter is used to define the SIP REFER support, either enabled or disabled on the Trunk configuration to your IP/PBX. By default it is set to “True” otherwise it can be changed to “False”. If you are not sure if your gateway supports REFER, please reference Microsoft Unified Communications Open Interoperability Program for Qualified IP-PBXs Gateways.
ForwardPAI ForwardPAI determines whether PAI (P-Asserted-Identity) field is forwarded from the Mediation Server to the gateways. By default, it is set to “True” but it can changed to “False”
  • New CCE Management service has been added on host server to manage HA Detection/Recover, binary auto-upgrade, and operating system auto-upgrade.
  • There has been 5 new cmdlets introduced and at the same time 3 cmdlets have been deprecated. You can refer to the Cloud Connector cmdlet reference for latest cmdlets. While 2 cmdlets have been updated Install-CcInstance and Uninstall-CcInstance to Install-CcAppliance and Uninstall-CcAppliance.

Skype for Business Cloud Connector Edition: Release 1.3.8


Skype for Business Cloud Connector Edition release 1.3.8 is 2nd release. To learn more about Skype for Business Cloud PBX, Cloud Connector Edition and different releases, click here. Skype for Business Cloud Connector Edition version 1.3.8 was released in May 24, 2016 with the following updates:

  • This version had resolved the issues related to failures of transferring calls to a phone number. If you are facing following challenges then upgrade to latest version of Skype for Business Cloud Connector Edition.
    • Your Office 365 user account is configured to use Cloud PBX.
    • You have an active PSTN call using the Skype for Business client on Windows, where the voice for this call uses Skype for Business Cloud Connector Edition.
    • You start a transfer to another phone number by selecting or entering the phone number from a list of suggested phone numbers on the transfer menu.

In this scenario, the other phone number rings, and you can answer the transferred call, but you hear no audio. Additionally, the client window of the existing active PSTN call shows the following error:

Cannot complete the transfer.

  • This version also take care about unnecessary files after finishing deployment process such as
    • The temporary copies of certificates
    • Exported topology files for the Skype for Business Cloud Connector Edition appliance
  • There was one major improvement as well in terms of DNS
    • Now, you can specify multiple DNS IP addresses, separated by spaces, in the CloudConnector.ini file for “CorpnetDNSIPAddress” and “InternetDNSIPAddress” values.

Courtesy: Microsoft Technet

Skype for Business Cloud Connector Edition Releases/Versions


Skype for Business Cloud Connector Edition is a revolutionary offering from Microsoft to connect on-premises voice infrastructure with Skype for Business online. I wrote a series of articles about Skype for Business Cloud PBX and Cloud Connector Edition and this post will give you a holistic view of all the Cloud Connector Edition current and upcoming releases (versions).

Below are the series of blogposts related to Skype for Business Cloud PBX and Cloud Connector Edition:

Skype for Business Cloud PBX

Skype for Business Cloud Connector

Skype for Business Cloud Connector Components

Skype for Business Cloud Connector Supported Topology

Skype for Business Cloud Connector Infrastructure Requirements Part I

Skype for Business Cloud Connector Infrastructure Requirements Part II

Skype for Business Cloud Connector Edition Public DNS, IP and Certificates requirements

Call flow with Cloud Connector Edition

Now, I am going to cover the different releases of Skype for Business Cloud Connector Edition in the following table.

Product Release Remarks
Skype for Business Cloud Connector Edition 1.3.4 Initial release
1.3.8  Read more
1.4.1  Read more

For the initial release, please read the series of blogposts and for specific release updates read the respective blogposts which covers the changes and enhancement.

#skype4b: Director Server role


There are myths around the director server role in Lync Server 2013 and Skype for Business Server 2015. Let me give you the facts:

What, When, Why, Where and How?

Many IT professionals, even consultants and architects who work on Microsoft Unified Communication area may have all these questions in their mind.

What: Director is an optional server role in Lync Server 2013 and Skype for Business Server 2015. Director authenticates user requests, but doesn’t home any user accounts.

When: Director may require in following conditions:

  • If you deploy, multiple Front End pools at a central site.
  • If you want to increase security against denial of service attacks.

Why: Director protects Front End pools from denial of service attacks, avoid unnecessary traffic by pre-authenticating inbound requests, and redirecting users to their home pool.

Where: Director can be deployed in corporate network where you deploy Front End servers and can never be collocated with any other role.

How: You need to use the same process which you use to add mediation server or any other additional server role in Lync/Skype for Business site.

As I mentioned in the beginning, director is an optional server role and deployment of director totally depends on the business need and discretion.

Definitely, it increases the level of security and simplify the authentication process for external users who comes through Edge server, Director does the pre-authentication for them and passes these request to internal servers. By doing this, it saves Front End pool server from the authentication overhead and also help isolate internal Front End pools from malicious traffic such as denial-of-service attacks.

It serves as an internal next hop server to which an Edge Server routes inbound SIP traffic intended for internal servers. If the network is flooded with invalid external traffic in such an attack, this traffic ends at the Director.

If you deploy multiple Front End pools at a central site, by adding a Director to that site you can streamline authentication requests and improve performance. In this scenario, all requests go first to the Director, which then routes them to the correct Front End pool.

Now, I think you can pick the best option and design your Skype for Business solution based on the specific requirements.