Skype for Business Storage Service Event 32054


The well known and annoying Lync\Skype for Business event “Storage Service had an EWS Autodiscovery failure” error event. This event comes up in Skype for business server. 

There are 2 reasons this could happen.

  1. Does not have Partner Applications configured with Exchange server 2013
  2. Having Exchange 2010 with Lync Server 2013\Skype for Business server

The 1st one is relatively easy. Use this Technet article to configure partner applications with Exchange Server. This will allow the features like Unified Contact Store and Exchange end Archiving to be enabled.

If the Exchange is Exchange Online, then it gets little tricky. To get rid of this event, it requires to configure oAuth between Skype for Business server and Exchange Online. This one is little difficult compare to what mentioned above. Luckily, there’s a script written by Aaron Marks to simplify this.

Now, for the reason 2, which is the main reason i’m writing this article. Till last November, there was no cure for this error. As Exchange 2010 does not support partner applications, there was no such integration possible. And the error keep on piling up.

Luckily, this issue is now fixed with Skype for Business Server CU4 update, along with fixes for some other issues. Process to install this CU is exactly the same as before. Follow the steps mentioned the official article and it will be fine. The most important part is that, now we can get rid on this annoying error once and for all.

 

Step-by-Step Guide to Deploy Skype for Business Statistics Manager


Skype for Business Statistics Manager (StatsMan) is a powerful tool that process Key Health Indicator data real time and provide reports in web portal. Statics Manager poll data real time from various different server roles that are deployed within Skype for Business topology. Further information regarding StatsMan and it’s capabilities can be found here.

Deployment of the StatsMan is relatively easy. It will require a dedicated Windows Server to run StatsMan bits. There is no additional Skype for Business license involvement, apart from the Windows OS license that required for the StatsMan server.

Moving on with the deployment, StatsMan requires Redis, which is an open source base that StatsMan runs on. The Redis can be downloaded from here and StatsMan bits can be downloaded from here 

When ready, double click to run Redis-x64-3.2.100.msi file. 

Click on Next and accept license agreement. Set the destination folder, if required the bits to be installed on a specific location.

Click on Next and on the “Port Number and Firewall Exception”, check the “Add an exception to the Firewall” check box.

Click on Next. leave the “Set the max memory limit” box unchecked.

Click on Next and then click on Install to install the Redis bits.

Next, we move on to generate the certificate. It’s not mandatory to do it as soon as installing the Redis. but, i prefer to do it. To generate the CSR for the certificate, in StatsMan server, go to MMC console using Run. Add the Certificates on Local Computer Snap-in to the console.

Right click on the “Personal” store and expand “All Tasks” menu. In “All Tasks”, expand “Advanced Operations”, in “Advanced Operations”, select “Create Custom Request”.

Click on Next to proceed with the certificate enrollment process.

Select “Active Directory Enrollment Policy” and click on Next. 

Select “Web Server” template from drop down. Click on Next to continue.

Click on Next to move on. In :Certificate Information”, “Active Directory Enrollment Policy”, click on “Properties”.

In “Certificate Properties”, Subject component, select “Common Name” and specify the FQDN of the Server. In “Alternative Names”, select “DNS” and specify the server FQDN. If there’s a requirement to access the StatsMan web portal with a specific name instead of server FQDN (reports.domain.com, statsman.domain.com), this name must to be specified in DNS component.

Navigate to General tab and specify a name for the certificate with a proper description. 

In “Private Key”, check the “Mark private key exportable” box and apply the configuration.

Click on Next.

Specify a location to save the CSR and click on Finish.

Browse to the CA web portal and select to submit a custom request. Set the template as “Web Server” and paste the CSR on the request window. Submit to generate the certificate. 

Download the certificate that was issued from CA and import it in to the personal certificates container of the StatsMan server.

Open the certificate and note down the Thumb Print. This will be used later during the install process.

Now the certificate configuration is done, let’s move in to StatsMan installation. On the Server, run Statistics Manager Agent Listener (StatsManPerfAgentListener.msi) application.

Click on Next and accept the license agreement. On next window, specify a Password and Certificate Thumb Print that was previously noted down. Keep the password safe as it will be used during agent installations. Click on “Install” to install the bits.

Click on “Finish” to finish the installation process.

Now, the StatsMan Agent Listener installation is done. To test the functionality of the application, browse to https://localhost/8443. It will display some statistics and most importantly, check the value for the KnownServerCount. This should be set to 1.

Let’s install some agents on Skype for Business application servers. The StatsMan agent application must be installed on all Skype for Business servers that are added in to the topology. Else, those missing servers will not be reporting their KHI information.

To install the agent, run the StatsManPerfAgent.msi application. Click on “Next” and accept the license agreement. Click on”Next” to continue.

Mention the Service Password that was used before setup. Add the Certificate Thumbprint that was noted before. The Service URI will be https://<Agenet Listener Server FQDN>:8443. Click on “Install” to install the agent. Follow the same steps to install the agent on all Skype for Business related application servers.

Next in the agenda is the Web Site. On the StansMan server, run the StatsManWebSite.msi application. Click “Next” to continue and accept the license agreement. Click “Next” to continue.

Specify the Service Port as 8080 (if port 80 is vacant on the IIS, then that can be used as well). Click on “Install” to continue. 

We are almost there. The StatsMan need to be told what the Skype for Business topology looks like and what are the server roles and how many of them exist. To do this, the topology must be exported and then imported in to the StatsMan.

Note: an exported topology file from the topology builder will not fit to this purpose.

To export the topology, from the Skype for Business Management Shell, run the command Get-CsPool | Export-Clixml -Path “C:\Topology\topology.xml”

Copy the .xml file to StatsMan server and in PowerShell, navigate to the StatsMan installation directory. Run the script .\Update-StatsManServerInfo.ps1 -CsPoolFile “D:\Topology\topology.xml”. Enter “Y” when asked to update.

It’s all done now. In web browser, browse to the StatsMan Web Site. If the Servers are reporting KHI information, it will appear as windows on the web page. Note that it will take some time for KHI information to be displayed on the WebSite. 

I hope the information that i was given above is clear. If there’s any problem, please comment below. I’ll make sure to reply to them.

Configure Skype for Business Hybrid with Office 365 (O365)


There are a lot of blogs out there explaining how to configure the hybrid relationship between on premises Skype for Business Server and O365 Skype for Business Online. But, not most of the blogs contain all the information that requires to complete the configuration. Because of this reason, I thought of writing a post to cover end to end configuration without holding anything back.

In high level, Hybrid configuration requires;

  • Edge server with Federation enabled
  • Hosting Provider configured for Skype for Business online
  • DNS SRV (_sipfederationtls._tcp.domain.com) resolve to on premises Access Edge.
  • Port 5061 allowed from\to internet on the corporate Firewall for Access Edge interface
  • Enable SharedAddressSpace in O365
  • Skype for Business Hybrid setup in Skype for Business Control Pannel

Edge Server with Federation

Before even thinking about configuring Hybrid, The Skype for Business Edge server role must be deployed within the organization. Edge server is the component that act as a gateway in between On-premises servers and O365 Skype for Business Online.

If the Edge server exist, then the Federation need to be enabled in the Topology. Once federation is enabled, running below script will prepare the external services to support Skype for Business Hybrid;

Set-CSAccessEdgeConfiguration -AllowOutsideUsers 1 -AllowFederatedUsers 1 -EnablePartnerDiscovery 1 -UseDnsSrvRouting.

Hosting Provider Configuration

O365 is a hosted platform and Skype for Business Online is deployed on that platform. So, the Skype for Business Online need to be added as a Hosting Provider for On-premises server. Below command can be run on Skype for Business Management Shell as it is to configure the Hosting Provider;

New-CSHostingProvider -Identity SkypeforBusinessOnline -ProxyFqdn “sipfed.online.lync.com” -Enabled $true -EnabledSharedAddressSpace $true -HostsOCSUsers $true -VerificationLevel UseSourceVerification -IsLocal $false -AutodiscoverUrl https://webdir.online.lync.com/Autodiscover/AutodiscoverService.svc/root

Once configured, running Get-CsHosingProvider will show the current configuration.

DNS SRV configuration

Up in Edge server Federation configuration, the routing was set to DnsSrvRouting. This is where the SRV part comes in. System uses DNS SRV record to route traffic that suppose to be sent to the O365 Skype for Business Online. The SRV record that in question is _sipfederationtls._tcp.domain.com record. This record must be configured in public DNS and must resolve to Access Edge FQDN.

Also, is it mandatory that the Edge server resolve this DNS record externally. This means that the external interface of the Edge server must have public DNS configured. Usually, when Edge server deployed, the internal server names that it should resolve, will be added to the local host file. And the DNS is left blank on the internal interface. The external interface will have public DNS configured so that it can properly resolve external DNS entries and route traffic to the relevant destination.

Firewall Rules

When enabling federation on Skype for Business servers, TCP port 5061 must be opened both ways on the perimeter firewall against the Access Edge DMZ IP address. The same port will be used for Hybrid communication as it leverage Federation services on Skype for Business platform.

O365 Side Configuration

Specifically, Shared Address Space need to be enabled within O365. This attribute was enabled above, when configuring the Access Edge services. Once enabled, both Skype for Business Online and On-Premises servers will use the same domain name space as the SIP Domain.

To log in to O365 Skype for Business Online, use below commands in Windows PowerShell. Note that Skype for Business Online Connector Module must be installed before running  below commands. Replace the proper domain name in “OverrideAdminDoamin. Use a global tenant administrator account when prompt for credentials (user@domain.onmicrosoft.com)

$credential = get-credential

Import-Module MSOnline

Connect-MsolService -Credential $credential

Import-Module SkypeforBsuinessOnlineConnector

$lyncSession = New-CsOnlineSession -Credential $cred -OverrideAdminDomain domain.onmicrosoft.com

Import-PSSession $lyncSession -AllowClobber

Once connected, run below command to enable SharedAddressSpace in Skype for Business Online;

Set-CsTenantFederationConfiguration -SharedSipAddressSpace $true

Hybrid Setup in Skype for Business Control Panel

We are almost there. To complete the Hybrid setup, the configuration need to be completed in Skype for Business Control Panel. This bit is often getting missed out on most of the blogs out there.

Open Skype for Business Control Panel and then click on “Setup Hybrid with Skype for Business Online”

capture1

Notice that it mentioned the prerequisites the need to be completed before setting up Hybrid. Confirm the first 3 points are addresses before moving forward. Else, it will come up with an error when configuring each stage.

capture1

Click on “Sign in to O365” and type the user name and the password on the prompt. Note that the user name must be a tenant admin user (user@domain.onmicrosoft.com).

capture1

Couple of “Next”s after, confirm that the all components are checked in green. If all above bits in this article was configures, the checks will come up as green.

capture1

Now, the Skype for Business hybrid configuration with O365 Skype for Business Online is done. But, if the users that are enabled in O365 Skype for Business Online will see the presence of On Premises users. But the On Premises user will not be able to see the presence of online users.

To fix this, Online users need to be configured as “Hybrid” users. The below command will set the user’s msRTCSIP-DeploymentLocator attribute with Skype for Business Online server value so that when an On Premises user search for an Online user, the SUBSCRIPTION will forward to O365 and will not look at the On Premises server for that user.

Enable-CsUser -identity <SIP Address> -SipAddressType <Email, UserPrincipleName> -HostingProviderProxyFqdn “sipfed.online.lync.com”

Once the command completes, this users will be shown in Skype for Business Control Panel as an “Online” user. Give it a go and post any question on this one, if there’s any.

Skype for Business Server CU3 with 3 most wanted features


Microsoft have released the Skype for Business Server CU3 and it’s packed with 3 most wanted features, among the general bug fixes. The new features that it introduced are;

  • Busy on Busy (the most wanted)
  • Multiple Emergency Number Support
  • Video Based Screen Sharing

CU update it self and deployment information can be found in official Microsoft Support site. 

Busy on Busy

I get this feature asked all the time, when i replaced a legacy PBX with Skype for Business Server. Most of PBX users are not fond of getting multiple calls while they are in call with someone else and most of the time, it was raised as a concern.

Devices like Polycom VVX series have this feature built in to it. It was not really usable as it only works when the user only signed in to VVX and not Skype for Business and VVX at the same time. With this CU update, administrators have the capability to configure the voice policies to react in 2 different methods when user is busy with a call. These are;

  • Busy on Busy (Busy signal sent to calling party as the user is busy with another call)
  • Busy with Voicemail (Incoming all will be notified that the desired endpoint is busy and the call will be sent to the Voicemail)

Further information regarding the Busy on Busy option can be found here

Video based Screen Sharing

Video Based Screen Sharing (VBSS) is introduced as a better and efficient way to handle desktop sharing, oppose to the current RDP method within conferences. VBSS was already there with Skype for Business 16.xx as a default methodology for P2P desktop sharing. With the CU3 addition, VBSS will now be available to use within the conferences as well.

Further information regarding the VBSS functionality and enhancements can be found in Jeff’s blog post.

Multiple Emergency Number Support

Skype for Business Server only supported single emergency number. Some countries like Australia, there are multiple emergency numbers. Apart from the general 000, there is 112 that is widely used as well. With the new CU3 addition, both of these numbers can be configured within the Skype for Business Server.

Further information regarding the Multiple Emergency Number Support can be found here

The Skype for Business CU3 update can be download from official Microsoft site. The deployment instruction can be found here. It’s important to read the deployment instructions first. Also, this CU requires a back end database update. Do not forget that. Happy CU updating everyone.

Updating firmware of Polycom Trio 8800 using Provisioning Server


RealPresence Trio 8800 device is becoming one the most popular choice of conference room device that came from Polycom. Under it’s pretty looking skin and 5″ LED colour display, it has Polycom VVX firmware running on it. Which means that it can be managed via the Provisioning Server.

Capture.PNG

Thinking of Firmware upgrade for the device, there are several ways to skin the cat. If the device is meant to work with Skype for Business Server platform, then the Skype for Business device update service can be utilise to upgrade the firmware of the device.

If the requirement is to update a standalone device, the it can be upgraded by using a USB stick that have required files copied to it. Jeff Schertz have written a nice blog post covering this method.

The method that i’m going to  explain here is to leverage Provisioning server to update the firmware of the device. Most of VVX deployments would have a local Provisioning server deployed to support the device fleet and same server can be used to push the firmware to Trio 8800 as well.

Latest firmware version that’s available as of 25/05/2016 can be downloaded from here. Upon downloading the .zip file. Extract and copy the 3111-65290-001.sip.ld file in to the root folder of the Provisioning Server.

Capture

Open the 000000000000.cfg file using XMLNotepad and include the new .ld file in to the APP_FILE_PATH.

Capture

Reboot the device. It should be able to fetch the .ld file and update the running firmware version. You can verify the current running firmware version from either logging in to the device web portal or navigating though the Settings>Status menu of the device. Hope it’s helpful and happy updating.

What is The Skype for Business Cloud Connector.


As you all aware that the Skype for Business Cloud Connector Edition is now available to download and ready to use (Also license free). Before deciding to go ahead and deploy the CCE it’s important to know if the CCE is the best choice for the requirement. To assist with the planning and decision making, the “Plan Your Cloud PBX Solution”  Technet article can be used.

The ultimate purpose of the CCE is to allow clients that having On-Premises PSTN connectivity, to be used with O365 Skype for Business Online. In a nutshell, CCE only have the components that require to to handle the PSTN related workload. The rest is all O365 Skype for Business Online.

The ideal topology for CCE as shown below. It must have 2 Cloud Connectors deployed within DMZ to support High Availability and 2 PSTN Gateways to support PSTN level High Availability.

Capture

The users will be registered in O365 and when they make\receive PSTN calls, then only the CCE comes in to play. The peer to Peer Skype for Business calls and conferences will be handled by O365 Skype for Business Online.  CCE can be an ideal solution for greenfield Skype for Business requirements that must support on-premises PSTN or existing Skype for Business Online deployment that require on-premises PSTN.

Looking at the hardware requirement for CCE, it is based on the number of concurrent PSTN calls. If the requirement is to have 500 calls, then the hardware requirement per CCE would be;

  • 64-bit dual processor, six core (12 real cores), 2.50 gigahertz (GHz) or higher
  • 64 gigabytes (GB) ECC RAM
  • Four 600 GB (or better) 10K RPM 128M Cache SAS 6Gbps disks, configured in a RAID 5 configuration
  • Three 1 Gbps RJ45 high throughput network adapters
  • Must be on an isolated host (must not have any other VMs running on this host)

If the requirement is smaller, say 50 calls, then the requirement per CCE would be;

  • Intel i7 4790 quad core with Intel 4600 Graphics (no high end graphics needed)
  • 32 GB DDR3-1600 non ECC
  • 2: 1TB 7200RPM SATA III (6 Gbps) in RAID 0
  • 2: 1 Gbps Ethernet (RJ45)
  • Must be on an isolated host (must not have any other VMs running on this host)

Apart from above, it require;

  • Public IPs\DNS
  • Certificate
  • O365 E5 tenant
  • Firewall configuration to allow required ports and protocols

Even though the CCE might seems to be the ideal solution, there are set of unsupported scenarios that need to be aware of.

CCE does not support Hosting Scenarios.

Delivering hosted Skype for Business services using hosting model, leveraging on CCE is not supported. The 70% traffic must generated within the internal interfaces of CCE. Rest of the 30% can be on external interface. To make the  long story short, Skype for Business services cannot be delivered using Edge services, if the CCE is in use.

If a MPLS is in use between the client site and the data center that host CCE, then it is consider as Private Cloud and it is supported as the traffic that generated is considered as an Internal Traffic.

CCE does not support VMWare Hyper-visor 

This one is going to be a mood changer for most of System Administrators. As of now, CCE is not supported to be deployed on top of VMWare based Hyper-Visor. Only Hper-V is considered as the supported Hyper-Visor platform. This statement will probably change in the future or probably not. But, have to play ball, if you plan to deploy the CCE.

Does not support custom Dial Plans

CCE is not designed to support custom Dial Plans or voice routes. Set of default Dial Plans will get crated based on the Country that mentioned within the .ini file, by the time that CCE was deployed.

Does not support integration between on-premises\Hybrid Skype for Business deployments

This one is a huge let down. CCE cannot coexist with any on-premises or hybrid Skype for Business\ Lync deployments. As mentioned above, CCE can only be deployed in a greenfield environment.

Further to above there are several other known limitations mentioned in Technet.

  • Consultative transfer is not supported.
  • You cannot transfer an active call to your cell phone that is registered in your Active Directory by picking it from a list of suggested phones in the transfer menu. You can transfer to any other number.
  • Escalation to conference from a call between a PSTN and Skype for Business user is not possible (you can, however, escalate call to conference between two Skype for Business users).
  • Dial plan is not applied on Polycom phones and Skype for Business clients for Android and Windows phone. To dial a number, you must use the full E.164 phone number.

So that was Skype for Business Cloud Connector edition in brief. In detailed information can be found in “Plan for Skype for Business Cloud Connector Edition” Technet article.

 

Call Forwarding Configuration Between Skype for Business and Audiocodes Mediant 800


As you all know, in a PSTN call forwarding scenario, Skype for Business\Lync server always forward the original caller ID to PSTN. In an ISDN, this will be fine as PSTN provider will mask the calling number with the pilot number of the ISDN.

But, in a PSTN SIP Trunk scenario, this will be problematic as SIP Trunk provider will refuse to send any numbers that are unknown to the trunk. Basically, the calling number presentation must have a number that belongs to the SIP trunk.

This issue an be overcome by employing IP-to-IP Outbound number manipulation to manipulate the calling number and replace it with any number that belongs to the SIP Trunk. The downside of this method is that, when ever a call forward configured on Skype for Business\Lync client, the call will get forwarded to the configured destination with the number presentation of pre-configured number and not the original DID of the user. Some organizations accept this as it is but in my experience, most prefer to have the user DID be sent as the calling ID.

With Audiocodes, a SIP header manipulation rule can be configured to cater this requirement. Before doing that, there is a small configuration change need to be done on Skype for Business\Lync server voice routing. In the Skype for Business\Lync control panel, “Trunk Configuration”, enable “Enable forward call history” and save. Let it to replicate the changes. Capture

 

 

 

 

 

 

 

 

 

Once enabled, run a logging on SBC and see if the “Diversion” header appears. The Diversion header will contain the DID of the user that forwarding the call.
Contact: <sip:862712345;ext=12345@172.22.10.10:5060;ms-opaque=a30ebed1bacc5eac>
Supported: 100rel
ALLOW: ACK
Allow: CANCEL,BYE,INVITE,PRACK,UPDATE
Diversion: <sip:862712345;ext=12345@test.wa.gov.au;user=phone>;reason=unconditional;counter=1
User-Agent: Mediant 800B/v.7.00A.035.012
Privacy: none
P-Asserted-Identity: <sip:862712345@test.wa.gov.au;user=phone>
Content-Type: application/sdp
Content-Length: 382
v=0
o=- 1673518669 1456751675 IN IP4 172.22.10.10
s=session
c=IN IP4 172.22.10.10
b=CT:1000
t=0 0
m=audio 7760 RTP/AVP 8 0 97 18 13 101
c=IN IP4 172.22.10.10
a=label:Audio
a=sendrecv

Now the user DID number is appearing in Diversion SIP header, a message manipulation rule can be configured and assigned to SIP trunks IP Group against “Outbound Message Manipulation Set”

Go in to SBC Configuration and in “Msg policy & Manipulations”, create a Message Manipulation rule as below;

Capture

Once the header manipulation has been configured, the “FROM” header will get modified from the content that present in “Diversion” header.

13:37:42.094 : 172.22.10.10 : NOTICE : [S=304817] [SID=8a25e1:12:26893] INVITE sip:0430912345@test.wa.gov.au;user=phone SIP/2.0
Via: SIP/2.0/UDP 172.22.10.10:5060;branch=z9hG4bKac819203857
Max-Forwards: 10
From: <sip:862712345;ext=12345@test.wa.gov.au;user=phone>;tag=1c427358178;epid=DBF2EBCAFA
To: <sip:0430912345@test.wa.gov.au;user=phone>
Call-ID: 6326964502212016133741@172.22.10.10
CSeq: 2 INVITE
Contact: <sip:862793101;ext=3101@172.22.10.10:5060;ms-opaque=a30ebed1bacc5eac>
Supported: 100rel
ALLOW: ACK
Allow: CANCEL,BYE,INVITE,PRACK,UPDATE
Diversion: <sip:862712345;ext=12345@test.wa.gov.au;user=phone>;reason=unconditional;counter=1
Authorization: Digest username=”N9744″,realm=”test.wa.gov.au”,nc=00000001,nonce=”BroadWorksXijp9b5qgTla8pieBW”,Cnonce=”Default_Cnonce”,uri=”sip:0430912345@test.wa.gov.au”,qop=auth,algorithm=MD5,response=”0fa04b1d8cf108f8f48545baa53362cb”
User-Agent: Mediant 800B/v.7.00A.035.012
Privacy: none
P-Asserted-Identity: <sip:862712345@test.wa.gov.au;user=phone>
Content-Type: application/sdp
Content-Length: 382

At this point, the call must be ringing on the forwarded destination and it should be presenting with the forwarded user’s DID number instead of any fixed generic number.