Usually, the AD Based Routing comes to mind when replacing a traditional PBX with Skype for Business. There will be a time where both platforms will run side-by-side and there should be seamless call routing between two systems, as users will be homed in both the side.

Ideally, the gateway will be deployed “Upstream” to the PBX and Mediation Server and the task is to find a easier way to route calls to migrated uses in Skype for Business. If it’s just handful of users, static route can be configured based on the destination number in the gateway, to route calls to Skype for Business based users. But, this involves configuration in the gateway and usually, a person with required AudioCodes knowledge will need to involve and do the configuration.

But, with AD Based Routing, end customer can move users in to Skype for Business by just setting the Line URI for the user and no change in the Gateway will be needed to route calls to Skype for Business. As soon as the Line URI is set, the inbound PSTN calls will get routed to Skype for Business.

Mediant Gateway will use LDAP to look at the msRTCSIP-Line attribute for the user configured in AD, and try to match the inbound number with the configured value. If it find a match, based on the routing configuration, calls will be routed to the mediation Server. If no match found, it will fall back to the next route available, which is configured to send calls to the PBX.

To setup AD Based Routing, bit of configuration required within the Gateway. In a nutshell;

• Enable LDAP Service.
• Configure LDAP Server Groups.
• Configure LDAP server and base DN for look up.
• Configure Routing Policy.
• Configure Call Setup Rules.
• Configure Routing.

The LDAP related configuration is located in IP Network component.

Going in to the details of the configuration;

Enable LDAP Service

By default, LDAP services is set as disabled. This need to be enabled. Go to LDAP Settings and enable LDAP Service. Once enabled the setting, the gateway need to be restarted to apply the configuration.

Configure LDAP Server Groups.

Go to LDAP Server Groups and set “Server Search Method” as Sequential and “DN Search Method” as Parallel.

Configure LDAP server and base DN for look up.

In LDAP Servers, Set the LAN Interface in General settings. In Connection, set the IP address of the Domain Controller which the gateway will be connecting to, to query based on LDAP. In Query, set the “LDAP Bind DN” with the user account that has read access to the Active Directory. Check whether the “Connection Status” shows as “LDAP Connected”

The “LDAP Server Search Based DNs“, add the base DN as shown below.

We are done configuring LDAP settings. Go to Routes and Routing Policy, set the “LDAP Server Group Name” as shown below;

Next step is to configure “Call Setup Rules”. This can be found in “SIP Definitions” section in the configuration. In total, there are 7 rules that need to be configured. The purpose of those rules are, to normalize the inbound destination ID to match with the Line URI, Match the destination number with the msRTCSip-Line attribute value, Normalize the Calling ID presentation.

Note that the below example rules have +618 added as a prefix. This will be different in each country and also, based on the Telco provider.  Check the source and destination number format offered by the Telco provider, before configuring the rules. Configure the rules as shown below, in mentioned order. Only change the prefix, based on the number presentation.

Rule #1

Rule #2

Rule #3

Rule #4

Rule #5

Rule #6

Rule #7

Now, the rules are configured for AD lookups. But, the route is still not set to use these rules for call routing purpose. To enable this in the route, edit the route that’s configured to send calls from PSTN to Skype for Business. In “Advance”, “Call Setup Rule ID Set”, set the ID as 1.

So looking at how the routing will function, an inbound call from PSTN will go through the AD base lookup to find if there’s any telephone number configured in msRTCSip-Line attribute, if any found, it will route the call to the destination set in the route, which is the Skype for Business Mediation Server.

If no match found, the it will fall back to the secondary route which is set to route calls to PBX. Give it a go and if there’s any issues, please post in the comments below. Thanks.

During last few weeks, there was lot of confusion going on whether the .net 4.7 is compatible with Skype for Business. When the .net 4.6 was released, it effected the Skype for Business web component which resulted in causing issues with online meetings. Then, there was few bug fixes came up to remedy the situation.

But, Exchange team was first to confirm that the new .net 4.7 is not compatible with Exchange 2013\2016 platforms. But, there were no official recommendation from Microsoft, with regards to the compatibility with Skype for Business.

Few days ago, Microsoft have advised to follow the guidelines that put in by Exchange team, with regards to the compatibility between .net 4.7 and Skype for Business. So the bottom line is, it’s not supported with Skype for Business. If the automatic updates enabled in Skype for Business servers (they definitely should not), use the below method to block the .net updates form being applied

1. Back up the registry.
2. Start Registry Editor. To do this, click Start, type regedit in the Start Search box, and then press Enter.
3. Locate and click the following subkey:
   HKEY_LOCAL_MACHINE\Software\Microsoft\NET Framework Setup\NDP
4. After you select this subkey, point to New on the Edit menu, and then click Key.
5. Type WU, and then press Enter.
6. Right-click WU, point to New, and then click DWORD Value.
7. Type BlockNetFramework47, and then press Enter.
8. Right-click BlockNetFramework47, and then click Modify.
9. In the Value data box, type 1, and then click OK.
10. On the File menu, click Exit to exit Registry Editor.

If the update is already applied, use the guidelines that was put in by Exchange team to uninstall the update and repair the .net 4.6.x version on all servers.

I hope this helps 🙂

I’ve been deploying lot of Polycom VVX devices with different types of Skype for Business typologies. I have never had issues with calendar integration when both Skype for Business and Exchange are in O365 (Skype for Business and Exchange Online).

But, when one of them becomes on-premises, as in users having either Skype for Business or Exchange services in O365 and the other is On-Premises (Hybrid topology), there will be issues with Exchange integration, when try to sign in to the device using the extension and PIN..

So consider Skype for Business Hybrid and Exchange online (most common scenario), to get the exchange integration working between two platforms (OWA integration, UCS), Modern Auth (oAuth) need to be configured between Skype for Business server and Exchange Online. This will allow the Skype for Business users to seamlessly authenticate with Exchange server to get the calendar information and based on the configuration, contact list (UCS).

When VVX device sign in to Skype for Business servers with an extension and PIN, VVX doesn’t do oAuth with Exchange online. As in, the seamless authentication to Exchange online does not work. It will always prompt to enter credentials to connect to exchange. There is no way around this.

Only possible workaround available is, use domain credentials to sign in to the device. Given that the credentials are based on UPN and not SPN, the device will use the same credentials to sign in to Exchange and pull Calendar, Recent calls and Voicemail information for that user.

The easiest way to sign in to the VVX will be using the web portal. By using the “User” credentials, users will be able to sign in to the device and not be able to change any configuration of the device, that been pushed by the Provisioning server. It’s a long winded and not a desired process. But, that’s the way around it for the time being.

The well known and annoying Lync\Skype for Business event “Storage Service had an EWS Autodiscovery failure” error event. This event comes up in Skype for business server. 

There are 2 reasons this could happen.

1. Does not have Partner Applications configured with Exchange server 2013
2. Having Exchange 2010 with Lync Server 2013\Skype for Business server

The 1st one is relatively easy. Use this Technet article to configure partner applications with Exchange Server. This will allow the features like Unified Contact Store and Exchange end Archiving to be enabled.

If the Exchange is Exchange Online, then it gets little tricky. To get rid of this event, it requires to configure oAuth between Skype for Business server and Exchange Online. This one is little difficult compare to what mentioned above. Luckily, there’s a script written by Aaron Marks to simplify this.

Now, for the reason 2, which is the main reason i’m writing this article. Till last November, there was no cure for this error. As Exchange 2010 does not support partner applications, there was no such integration possible. And the error keep on piling up.

Luckily, this issue is now fixed with Skype for Business Server CU4 update, along with fixes for some other issues. Process to install this CU is exactly the same as before. Follow the steps mentioned the official article and it will be fine. The most important part is that, now we can get rid on this annoying error once and for all.

Skype for Business Statistics Manager (StatsMan) is a powerful tool that process Key Health Indicator data real time and provide reports in web portal. Statics Manager poll data real time from various different server roles that are deployed within Skype for Business topology. Further information regarding StatsMan and it’s capabilities can be found here.

Deployment of the StatsMan is relatively easy. It will require a dedicated Windows Server to run StatsMan bits. There is no additional Skype for Business license involvement, apart from the Windows OS license that required for the StatsMan server.

Moving on with the deployment, StatsMan requires Redis, which is an open source base that StatsMan runs on. The Redis can be downloaded from here and StatsMan bits can be downloaded from here 

When ready, double click to run Redis-x64-3.2.100.msi file. 

Click on Next and accept license agreement. Set the destination folder, if required the bits to be installed on a specific location.

Click on Next and on the “Port Number and Firewall Exception”, check the “Add an exception to the Firewall” check box.

Click on Next. leave the “Set the max memory limit” box unchecked.

Click on Next and then click on Install to install the Redis bits.

Next, we move on to generate the certificate. It’s not mandatory to do it as soon as installing the Redis. but, i prefer to do it. To generate the CSR for the certificate, in StatsMan server, go to MMC console using Run. Add the Certificates on Local Computer Snap-in to the console.

Right click on the “Personal” store and expand “All Tasks” menu. In “All Tasks”, expand “Advanced Operations”, in “Advanced Operations”, select “Create Custom Request”.

Click on Next to proceed with the certificate enrollment process.

Select “Active Directory Enrollment Policy” and click on Next. 

Select “Web Server” template from drop down. Click on Next to continue.

Click on Next to move on. In :Certificate Information”, “Active Directory Enrollment Policy”, click on “Properties”.

In “Certificate Properties”, Subject component, select “Common Name” and specify the FQDN of the Server. In “Alternative Names”, select “DNS” and specify the server FQDN. If there’s a requirement to access the StatsMan web portal with a specific name instead of server FQDN (reports.domain.com, statsman.domain.com), this name must to be specified in DNS component.

Navigate to General tab and specify a name for the certificate with a proper description. 

In “Private Key”, check the “Mark private key exportable” box and apply the configuration.

Click on Next.

Specify a location to save the CSR and click on Finish.

Browse to the CA web portal and select to submit a custom request. Set the template as “Web Server” and paste the CSR on the request window. Submit to generate the certificate. 

Download the certificate that was issued from CA and import it in to the personal certificates container of the StatsMan server.

Open the certificate and note down the Thumb Print. This will be used later during the install process.

Now the certificate configuration is done, let’s move in to StatsMan installation. On the Server, run Statistics Manager Agent Listener (StatsManPerfAgentListener.msi) application.

Click on Next and accept the license agreement. On next window, specify a Password and Certificate Thumb Print that was previously noted down. Keep the password safe as it will be used during agent installations. Click on “Install” to install the bits.

Click on “Finish” to finish the installation process.

Now, the StatsMan Agent Listener installation is done. To test the functionality of the application, browse to https://localhost/8443/. It will display some statistics and most importantly, check the value for the KnownServerCount. This should be set to 1.

Let’s install some agents on Skype for Business application servers. The StatsMan agent application must be installed on all Skype for Business servers that are added in to the topology. Else, those missing servers will not be reporting their KHI information.

To install the agent, run the StatsManPerfAgent.msi application. Click on “Next” and accept the license agreement. Click on”Next” to continue.

Mention the Service Password that was used before setup. Add the Certificate Thumbprint that was noted before. The Service URI will be https://<Agent Listener Server FQDN>:8443. Click on “Install” to install the agent. Follow the same steps to install the agent on all Skype for Business related application servers.

Next in the agenda is the Web Site. On the StansMan server, run the StatsManWebSite.msi application. Click “Next” to continue and accept the license agreement. Click “Next” to continue.

Specify the Service Port as 8080. Click on “Install” to continue. 

We are almost there. The StatsMan need to be told what the Skype for Business topology looks like and what are the server roles and how many of them exist. To do this, the topology must be exported and then imported in to the StatsMan.

Note: an exported topology file from the topology builder will not fit to this purpose.

To export the topology, from the Skype for Business Management Shell, run the command Get-CsPool | Export-Clixml -Path “C:\Topology\topology.xml”

Copy the .xml file to StatsMan server and in PowerShell, navigate to the StatsMan installation directory. Run the script .\Update-StatsManServerInfo.ps1 -CsPoolFile “D:\Topology\topology.xml”. Enter “Y” when asked to update.

It’s all done now. In web browser, browse to the StatsMan Web Site. If the Servers are reporting KHI information, it will appear as windows on the web page. Note that it will take some time for KHI information to be displayed on the WebSite. 

I hope the information that i was given above is clear. If there’s any problem, please comment below. I’ll make sure to reply to them.