Configure Skype for Business Hybrid with Office 365 (O365)


There are a lot of blogs out there explaining how to configure the hybrid relationship between on premises Skype for Business Server and O365 Skype for Business Online. But, not most of the blogs contain all the information that requires to complete the configuration. Because of this reason, I thought of writing a post to cover end to end configuration without holding anything back.

In high level, Hybrid configuration requires;

  • Edge server with Federation enabled
  • Hosting Provider configured for Skype for Business online
  • DNS SRV (_sipfederationtls._tcp.domain.com) resolve to on premises Access Edge.
  • Port 5061 allowed from\to internet on the corporate Firewall for Access Edge interface
  • Enable SharedAddressSpace in O365
  • Skype for Business Hybrid setup in Skype for Business Control Pannel

Edge Server with Federation

Before even thinking about configuring Hybrid, The Skype for Business Edge server role must be deployed within the organization. Edge server is the component that act as a gateway in between On-premises servers and O365 Skype for Business Online.

If the Edge server exist, then the Federation need to be enabled in the Topology. Once federation is enabled, running below script will prepare the external services to support Skype for Business Hybrid;

Set-CSAccessEdgeConfiguration -AllowOutsideUsers 1 -AllowFederatedUsers 1 -EnablePartnerDiscovery 1 -UseDnsSrvRouting.

Hosting Provider Configuration

O365 is a hosted platform and Skype for Business Online is deployed on that platform. So, the Skype for Business Online need to be added as a Hosting Provider for On-premises server. Below command can be run on Skype for Business Management Shell as it is to configure the Hosting Provider;

New-CSHostingProvider -Identity SkypeforBusinessOnline -ProxyFqdn “sipfed.online.lync.com” -Enabled $true -EnabledSharedAddressSpace $true -HostsOCSUsers $true -VerificationLevel UseSourceVerification -IsLocal $false -AutodiscoverUrl https://webdir.online.lync.com/Autodiscover/AutodiscoverService.svc/root

Once configured, running Get-CsHosingProvider will show the current configuration.

DNS SRV configuration

Up in Edge server Federation configuration, the routing was set to DnsSrvRouting. This is where the SRV part comes in. System uses DNS SRV record to route traffic that suppose to be sent to the O365 Skype for Business Online. The SRV record that in question is _sipfederationtls._tcp.domain.com record. This record must be configured in public DNS and must resolve to Access Edge FQDN.

Also, is it mandatory that the Edge server resolve this DNS record externally. This means that the external interface of the Edge server must have public DNS configured. Usually, when Edge server deployed, the internal server names that it should resolve, will be added to the local host file. And the DNS is left blank on the internal interface. The external interface will have public DNS configured so that it can properly resolve external DNS entries and route traffic to the relevant destination.

Firewall Rules

When enabling federation on Skype for Business servers, TCP port 5061 must be opened both ways on the perimeter firewall against the Access Edge DMZ IP address. The same port will be used for Hybrid communication as it leverage Federation services on Skype for Business platform.

O365 Side Configuration

Specifically, Shared Address Space need to be enabled within O365. This attribute was enabled above, when configuring the Access Edge services. Once enabled, both Skype for Business Online and On-Premises servers will use the same domain name space as the SIP Domain.

To log in to O365 Skype for Business Online, use below commands in Windows PowerShell. Note that Skype for Business Online Connector Module must be installed before running  below commands. Replace the proper domain name in “OverrideAdminDoamin. Use a global tenant administrator account when prompt for credentials (user@domain.onmicrosoft.com)

$credential = get-credential

Import-Module MSOnline

Connect-MsolService -Credential $credential

Import-Module SkypeforBsuinessOnlineConnector

$lyncSession = New-CsOnlineSession -Credential $cred -OverrideAdminDomain domain.onmicrosoft.com

Import-PSSession $lyncSession -AllowClobber

Once connected, run below command to enable SharedAddressSpace in Skype for Business Online;

Set-CsTenantFederationConfiguration -SharedSipAddressSpace $true

Hybrid Setup in Skype for Business Control Panel

We are almost there. To complete the Hybrid setup, the configuration need to be completed in Skype for Business Control Panel. This bit is often getting missed out on most of the blogs out there.

Open Skype for Business Control Panel and then click on “Setup Hybrid with Skype for Business Online”

capture1

Notice that it mentioned the prerequisites the need to be completed before setting up Hybrid. Confirm the first 3 points are addresses before moving forward. Else, it will come up with an error when configuring each stage.

capture1

Click on “Sign in to O365” and type the user name and the password on the prompt. Note that the user name must be a tenant admin user (user@domain.onmicrosoft.com).

capture1

Couple of “Next”s after, confirm that the all components are checked in green. If all above bits in this article was configures, the checks will come up as green.

capture1

Now, the Skype for Business hybrid configuration with O365 Skype for Business Online is done. But, if the users that are enabled in O365 Skype for Business Online will see the presence of On Premises users. But the On Premises user will not be able to see the presence of online users.

To fix this, Online users need to be configured as “Hybrid” users. The below command will set the user’s msRTCSIP-DeploymentLocator attribute with Skype for Business Online server value so that when an On Premises user search for an Online user, the SUBSCRIPTION will forward to O365 and will not look at the On Premises server for that user.

Enable-CsUser -identity <SIP Address> -SipAddressType <Email, UserPrincipleName> -HostingProviderProxyFqdn “sipfed.online.lync.com”

Once the command completes, this users will be shown in Skype for Business Control Panel as an “Online” user.

Note: There can be a scenario that AD prep for Lync\Skype for Business was done after the AAD Connect or MIM deployed. In such scenario, a schema refresh will be needed in AAD Connect\MIM to replicate attributes to O365. Once the schema being refreshed in AAD Connect\MIM, the required attributes must be mapped and synced to O365. It’s always a must to have attributes (specifically the msRTCSIP-DeploymentLocator attribute) properly synced between on-premises AD and O365.

Go through with this article to get an overall idea of what attributes are needed sync for Lync\Skype for Business Hybrid deployment.

Give it a go and post any question on this one, if there’s any.

Skype for Business Server CU3 with 3 most wanted features


Microsoft have released the Skype for Business Server CU3 and it’s packed with 3 most wanted features, among the general bug fixes. The new features that it introduced are;

  • Busy on Busy (the most wanted)
  • Multiple Emergency Number Support
  • Video Based Screen Sharing

CU update it self and deployment information can be found in official Microsoft Support site. 

Busy on Busy

I get this feature asked all the time, when i replaced a legacy PBX with Skype for Business Server. Most of PBX users are not fond of getting multiple calls while they are in call with someone else and most of the time, it was raised as a concern.

Devices like Polycom VVX series have this feature built in to it. It was not really usable as it only works when the user only signed in to VVX and not Skype for Business and VVX at the same time. With this CU update, administrators have the capability to configure the voice policies to react in 2 different methods when user is busy with a call. These are;

  • Busy on Busy (Busy signal sent to calling party as the user is busy with another call)
  • Busy with Voicemail (Incoming all will be notified that the desired endpoint is busy and the call will be sent to the Voicemail)

Further information regarding the Busy on Busy option can be found here

Video based Screen Sharing

Video Based Screen Sharing (VBSS) is introduced as a better and efficient way to handle desktop sharing, oppose to the current RDP method within conferences. VBSS was already there with Skype for Business 16.xx as a default methodology for P2P desktop sharing. With the CU3 addition, VBSS will now be available to use within the conferences as well.

Further information regarding the VBSS functionality and enhancements can be found in Jeff’s blog post.

Multiple Emergency Number Support

Skype for Business Server only supported single emergency number. Some countries like Australia, there are multiple emergency numbers. Apart from the general 000, there is 112 that is widely used as well. With the new CU3 addition, both of these numbers can be configured within the Skype for Business Server.

Further information regarding the Multiple Emergency Number Support can be found here

The Skype for Business CU3 update can be download from official Microsoft site. The deployment instruction can be found here. It’s important to read the deployment instructions first. Also, this CU requires a back end database update. Do not forget that. Happy CU updating everyone.

Updating firmware of Polycom Trio 8800 using Provisioning Server


RealPresence Trio 8800 device is becoming one the most popular choice of conference room device that came from Polycom. Under it’s pretty looking skin and 5″ LED colour display, it has Polycom VVX firmware running on it. Which means that it can be managed via the Provisioning Server.

Capture.PNG

Thinking of Firmware upgrade for the device, there are several ways to skin the cat. If the device is meant to work with Skype for Business Server platform, then the Skype for Business device update service can be utilise to upgrade the firmware of the device.

If the requirement is to update a standalone device, the it can be upgraded by using a USB stick that have required files copied to it. Jeff Schertz have written a nice blog post covering this method.

The method that i’m going to  explain here is to leverage Provisioning server to update the firmware of the device. Most of VVX deployments would have a local Provisioning server deployed to support the device fleet and same server can be used to push the firmware to Trio 8800 as well.

Latest firmware version that’s available as of 25/05/2016 can be downloaded from here. Upon downloading the .zip file. Extract and copy the 3111-65290-001.sip.ld file in to the root folder of the Provisioning Server.

Capture

Open the 000000000000.cfg file using XMLNotepad and include the new .ld file in to the APP_FILE_PATH.

Capture

Reboot the device. It should be able to fetch the .ld file and update the running firmware version. You can verify the current running firmware version from either logging in to the device web portal or navigating though the Settings>Status menu of the device. Hope it’s helpful and happy updating.

What is The Skype for Business Cloud Connector.


As you all aware that the Skype for Business Cloud Connector Edition is now available to download and ready to use (Also license free). Before deciding to go ahead and deploy the CCE it’s important to know if the CCE is the best choice for the requirement. To assist with the planning and decision making, the “Plan Your Cloud PBX Solution”  Technet article can be used.

The ultimate purpose of the CCE is to allow clients that having On-Premises PSTN connectivity, to be used with O365 Skype for Business Online. In a nutshell, CCE only have the components that require to to handle the PSTN related workload. The rest is all O365 Skype for Business Online.

The ideal topology for CCE as shown below. It must have 2 Cloud Connectors deployed within DMZ to support High Availability and 2 PSTN Gateways to support PSTN level High Availability.

Capture

The users will be registered in O365 and when they make\receive PSTN calls, then only the CCE comes in to play. The peer to Peer Skype for Business calls and conferences will be handled by O365 Skype for Business Online.  CCE can be an ideal solution for greenfield Skype for Business requirements that must support on-premises PSTN or existing Skype for Business Online deployment that require on-premises PSTN.

Looking at the hardware requirement for CCE, it is based on the number of concurrent PSTN calls. If the requirement is to have 500 calls, then the hardware requirement per CCE would be;

  • 64-bit dual processor, six core (12 real cores), 2.50 gigahertz (GHz) or higher
  • 64 gigabytes (GB) ECC RAM
  • Four 600 GB (or better) 10K RPM 128M Cache SAS 6Gbps disks, configured in a RAID 5 configuration
  • Three 1 Gbps RJ45 high throughput network adapters
  • Must be on an isolated host (must not have any other VMs running on this host)

If the requirement is smaller, say 50 calls, then the requirement per CCE would be;

  • Intel i7 4790 quad core with Intel 4600 Graphics (no high end graphics needed)
  • 32 GB DDR3-1600 non ECC
  • 2: 1TB 7200RPM SATA III (6 Gbps) in RAID 0
  • 2: 1 Gbps Ethernet (RJ45)
  • Must be on an isolated host (must not have any other VMs running on this host)

Apart from above, it require;

  • Public IPs\DNS
  • Certificate
  • O365 E5 tenant
  • Firewall configuration to allow required ports and protocols

Even though the CCE might seems to be the ideal solution, there are set of unsupported scenarios that need to be aware of.

CCE does not support Hosting Scenarios.

Delivering hosted Skype for Business services using hosting model, leveraging on CCE is not supported. The 70% traffic must generated within the internal interfaces of CCE. Rest of the 30% can be on external interface. To make the  long story short, Skype for Business services cannot be delivered using Edge services, if the CCE is in use.

If a MPLS is in use between the client site and the data center that host CCE, then it is consider as Private Cloud and it is supported as the traffic that generated is considered as an Internal Traffic.

CCE does not support VMWare Hyper-visor 

This one is going to be a mood changer for most of System Administrators. As of now, CCE is not supported to be deployed on top of VMWare based Hyper-Visor. Only Hper-V is considered as the supported Hyper-Visor platform. This statement will probably change in the future or probably not. But, have to play ball, if you plan to deploy the CCE.

Does not support custom Dial Plans

CCE is not designed to support custom Dial Plans or voice routes. Set of default Dial Plans will get crated based on the Country that mentioned within the .ini file, by the time that CCE was deployed.

Does not support integration between on-premises\Hybrid Skype for Business deployments

This one is a huge let down. CCE cannot coexist with any on-premises or hybrid Skype for Business\ Lync deployments. As mentioned above, CCE can only be deployed in a greenfield environment.

Further to above there are several other known limitations mentioned in Technet.

  • Consultative transfer is not supported.
  • You cannot transfer an active call to your cell phone that is registered in your Active Directory by picking it from a list of suggested phones in the transfer menu. You can transfer to any other number.
  • Escalation to conference from a call between a PSTN and Skype for Business user is not possible (you can, however, escalate call to conference between two Skype for Business users).
  • Dial plan is not applied on Polycom phones and Skype for Business clients for Android and Windows phone. To dial a number, you must use the full E.164 phone number.

So that was Skype for Business Cloud Connector edition in brief. In detailed information can be found in “Plan for Skype for Business Cloud Connector Edition” Technet article.

 

Fixing PSTN Music On Hold In Lync When AudioCodes M800 In Use


I was recently informed by one of the clients that i deployed Lync Server 2013, is having issues when calls put on hold. There were 2 issue. The first and major is that, when a call put on hold and retrieved, there’s no audio from caller end. It’s basically one-way audio. And the other issue is that Lync MoH no longer works. Meaning that the caller hears nothing but dead silence.

Given that the PSTN integration was done using a SIP Trunk, i suspected that the provider must have done a change on the trunk which cause the feature to break and cause one-way audio when calls put on hold.

Digging in to the M800 Sys Logs, it seems that when a call put on hold by Lync client, the hold method that Lync use is “Inactive”. Below is the Re-INVITE sent from Lync to M800.

INVITE sip:SD4tl71-vv9pmjn1vl07h0t6in0808cjov84opsv-7@10.0.0.154:5067;transport=tls SIP/2.0
FROM: <sip:+61732680000@uctect.com.au;user=phone>;epid=D273FA8C4C;tag=575613f4b
TO: <sip:0451984283@lyngw01.ac-onebox.com;user=phone>;tag=1c1714098312
CSEQ: 433019 INVITE
CALL-ID: b01bc354-481a-4faa-aa5f-e4d14b46c1a7
MAX-FORWARDS: 70
VIA: SIP/2.0/TLS 10.0.0.151:60001;branch=z9hG4bKb6b1af81
CONTACT: <sip:UC-FE.ac-onebox.com:5067;transport=Tls;ms-opaque=9928a17d8863ebef>
CONTENT-LENGTH: 469
SUPPORTED: 100rel
USER-AGENT: RTCC/5.0.0.0 MediationServer
CONTENT-TYPE: application/sdp
v=0
o=- 34278 2 IN IP4 10.0.0.151
s=session
c=IN IP4 10.0.0.151
b=CT:1000
t=0 0
m=audio 51466 RTP/AVP 8 101
c=IN IP4 10.0.0.151
a=tcap:1 RTP/SAVP
a=pcfg:1 t=1
a=rtcp:51467
a=label:Audio
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:Y8xM2t1C3q2zKVguMXQW3TPExRfQX8Dy6YPV+xVK|2^31|2:1
a=crypto:2 AES_CM_128_HMAC_SHA1_80 inline:35UmPksBksSuS3iCs+kjjTw2uruKKYS4ZRufvTYY|2^31
a=inactive
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16

The “Remote Hold Format” parameter in IP Profile configuration for both Lync and PSTN profiles are set to “Transparent”. Which means that the SBC will not do any modification and it will send the SIP traffic as-is to the PSTN.

Capture1

As suspected, The M800 uses “inactive” method when call put on hold which pretty much grantee that there won’t be MoH.

SIP/2.0 200 OK
Via: SIP/2.0/UDP 172.0.0.158:5060;branch=z9hG4bKac1164951996
From: “Support” <sip:0892000000@ipsystems.com.au;user=phone>;tag=1c1718935812;epid=D273FA8C4C
To: <sip:0451980000@ipsystems.com.au;user=phone>;tag=SDu8t2799-1701991312-1456809140654
Call-ID: 1718912646132016131218@172.0.0.158
CSeq: 4 INVITE
Allow: ACK,BYE,CANCEL,INFO,INVITE,OPTIONS,PRACK,REFER,NOTIFY,UPDATE
Supported: timer
Accept: application/media_control+xml,application/sdp
Contact: <sip:SD4tl71-vv9pmjn1vl07h0t6in0808cjov84opsv-7@202.0.0.5:5060;transport=udp>
Content-Type: application/sdp
Content-Disposition: session;handling=required
Content-Length: 240
v=0
o=BroadWorks 34676300 2 IN IP4 202.0.0.5
s=-
c=IN IP4 0.0.0.0
t=0 0
m=audio 16496 RTP/AVP 8 101
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=inactive
a=maxptime:20
a=bsoft: 1 image udptl t38

To fix this, set of message manipulation rules can be configured and assigned against both Lync and SIP Trunk IP Groups. These manipulation rules will change the hold method from “inactive” to “sendrecv” before sending it to PSTN. And it will change the hold method to “inactive” instead of “sendrecv”, before sending it to Lync Mediation Server. There should be both inbound and outbound manipulation sets. Manipulation rules should looks like below;

Capture

The Manipulation Set ID 2 should be configured in to SIP Trunk IP Group Table “Outbound Message Manipulation Set” and Manipulation Set ID 1 should be configured in to both Lync and SIP Trunk  IP Group Tables “Inbound Message Manipulation Set”.

Capture4

Lync IP Group

Capture5

SIP Trunk IP Group

Upon configuring, run a test call and put it on hold. The caller was able to hear the MoH and audio was there when the call was retrieved. When looking at the Sys log of the call, the message manipulation was clearly doing what was expected.

SIP/2.0 200 OK
Via: SIP/2.0/UDP 172.0.0.158:5060;branch=z9hG4bKac25768176
From: “Support” <sip:0732684306@ipsystems.com.au;user=phone>;tag=1c1900081337;epid=D273FA8C4C
To: <sip:0451984283@ipsystems.com.au;user=phone>;tag=SDi988799-1512955841-1456808868261
Call-ID: 190005820313201613745@172.0.0.158
CSeq: 4 INVITE
Allow: ACK,BYE,CANCEL,INFO,INVITE,OPTIONS,PRACK,REFER,NOTIFY,UPDATE
Supported: timer
Accept: application/media_control+xml,application/sdp
Contact: <sip:SD4tl71-vv9pmjn1vl07h0t6in0808cjov84opsv-7@202.0.0.5:5060;transport=udp>
Content-Type: application/sdp
Content-Disposition: session;handling=required
Content-Length: 244
v=0
o=BroadWorks 34627140 1 IN IP4 202.0.0.5
s=-
c=IN IP4 202.0.0.5
t=0 0
m=audio 16670 RTP/AVP 8 101
a=rtpmap:8 PCMA/8000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-15
a=sendrecv
a=ptime:20
a=bsoft: 1 image udptl t38

If you have a similar  issue with a SIP Trunk with MoH, this could most probably be the solution.

Call Forwarding Configuration Between Skype for Business and Audiocodes Mediant 800


As you all know, in a PSTN call forwarding scenario, Skype for Business\Lync server always forward the original caller ID to PSTN. In an ISDN, this will be fine as PSTN provider will mask the calling number with the pilot number of the ISDN.

But, in a PSTN SIP Trunk scenario, this will be problematic as SIP Trunk provider will refuse to send any numbers that are unknown to the trunk. Basically, the calling number presentation must have a number that belongs to the SIP trunk.

This issue an be overcome by employing IP-to-IP Outbound number manipulation to manipulate the calling number and replace it with any number that belongs to the SIP Trunk. The downside of this method is that, when ever a call forward configured on Skype for Business\Lync client, the call will get forwarded to the configured destination with the number presentation of pre-configured number and not the original DID of the user. Some organizations accept this as it is but in my experience, most prefer to have the user DID be sent as the calling ID.

With Audiocodes, a SIP header manipulation rule can be configured to cater this requirement. Before doing that, there is a small configuration change need to be done on Skype for Business\Lync server voice routing. In the Skype for Business\Lync control panel, “Trunk Configuration”, enable “Enable forward call history” and save. Let it to replicate the changes. Capture

 

 

 

 

 

 

 

 

 

Once enabled, run a logging on SBC and see if the “Diversion” header appears. The Diversion header will contain the DID of the user that forwarding the call.
Contact: <sip:862712345;ext=12345@172.22.10.10:5060;ms-opaque=a30ebed1bacc5eac>
Supported: 100rel
ALLOW: ACK
Allow: CANCEL,BYE,INVITE,PRACK,UPDATE
Diversion: <sip:862712345;ext=12345@test.wa.gov.au;user=phone>;reason=unconditional;counter=1
User-Agent: Mediant 800B/v.7.00A.035.012
Privacy: none
P-Asserted-Identity: <sip:862712345@test.wa.gov.au;user=phone>
Content-Type: application/sdp
Content-Length: 382
v=0
o=- 1673518669 1456751675 IN IP4 172.22.10.10
s=session
c=IN IP4 172.22.10.10
b=CT:1000
t=0 0
m=audio 7760 RTP/AVP 8 0 97 18 13 101
c=IN IP4 172.22.10.10
a=label:Audio
a=sendrecv

Now the user DID number is appearing in Diversion SIP header, a message manipulation rule can be configured and assigned to SIP trunks IP Group against “Outbound Message Manipulation Set”

Go in to SBC Configuration and in “Msg policy & Manipulations”, create a Message Manipulation rule as below;

Capture

Once the header manipulation has been configured, the “FROM” header will get modified from the content that present in “Diversion” header.

13:37:42.094 : 172.22.10.10 : NOTICE : [S=304817] [SID=8a25e1:12:26893] INVITE sip:0430912345@test.wa.gov.au;user=phone SIP/2.0
Via: SIP/2.0/UDP 172.22.10.10:5060;branch=z9hG4bKac819203857
Max-Forwards: 10
From: <sip:862712345;ext=12345@test.wa.gov.au;user=phone>;tag=1c427358178;epid=DBF2EBCAFA
To: <sip:0430912345@test.wa.gov.au;user=phone>
Call-ID: 6326964502212016133741@172.22.10.10
CSeq: 2 INVITE
Contact: <sip:862793101;ext=3101@172.22.10.10:5060;ms-opaque=a30ebed1bacc5eac>
Supported: 100rel
ALLOW: ACK
Allow: CANCEL,BYE,INVITE,PRACK,UPDATE
Diversion: <sip:862712345;ext=12345@test.wa.gov.au;user=phone>;reason=unconditional;counter=1
Authorization: Digest username=”N9744″,realm=”test.wa.gov.au”,nc=00000001,nonce=”BroadWorksXijp9b5qgTla8pieBW”,Cnonce=”Default_Cnonce”,uri=”sip:0430912345@test.wa.gov.au”,qop=auth,algorithm=MD5,response=”0fa04b1d8cf108f8f48545baa53362cb”
User-Agent: Mediant 800B/v.7.00A.035.012
Privacy: none
P-Asserted-Identity: <sip:862712345@test.wa.gov.au;user=phone>
Content-Type: application/sdp
Content-Length: 382

At this point, the call must be ringing on the forwarded destination and it should be presenting with the forwarded user’s DID number instead of any fixed generic number.

Microsoft’s Cloud PBX based on Office 365


Microsoft have announced bunch of new services to their Skype for Business Preview services that are based on O365. One of the services that was announced, was the preview availability of the cloud PBX with on-premises PSTN Connectivity.  With the cloud PBX service, organizations will now have the ability to leverage their existing on-premises PSTN lines such as ISDN or SIP Trunks to terminate calls to users that are enabled for O365.

What you need to have.

Before jumping on to preview Cloud PBX services, there’s a very important prerequisite that need to be fulfilled. That is having a Lync\Skype for Business Server hybrid setup already in place that configured with Enterprise Voice. Also, you would need to have Office 365 E4 licenses for the number of users that are enabled within Office 365.

This option is available for organizations that are having Lync 2010 servers that are running with CU no earlier than October 2012. But, the catch is that, they need to have Lync server 2013 or Skype for Business Server 2015 Edge servers to support the hybrid integration. So if you’re having Lync Server 2010 and considering Cloud PBX, it’s high time to move to Skype for Business Server 2015.

Features and Drawbacks.

With the Cloud PBX service, you now get to configure Enterprise Voice for O365 enabled users with desired Voice Policies and PSTN Usages. But, not all the features that available for on-premises users be available for Cloud PBX enabled users. Cloud enabled users will miss out on using call park, private line and several other features. Below are the list of Enterprise Voice features that are available for Cloud enabled users;Capture

Even though cloud enable users are losing some of features, most of important and critical features are still available for them which is really good.

How to Make it Better.

Microsoft have announced the availability of Azure Express Route to Office 365 several months ago. Organizations can leverage on this to enhance the connectivity to O365 with assuring a better bandwidth availability and control rather than using the standard internet services. This would also benefit in configuring Quality of Service (QoS) for media traffic that is essential to improve the media quality and overall cloud user experience. On side note, this would improve the user sign in time as well. Below is a sample diagram that illustrate the connectivity between corporate network and O365 over express route. Azure-ExpressRoute-1

Moving users to Cloud PBX and enabling for Enterprise Voice.

Once the Hybrid setup in place, you can move users to O365 and enabled Enterprise Voice for them. Before that, since the service are still in preview, you need to get a promotion code from Microsoft. The promo code can be retried by registering for service using https://www.skypepreview.com/Register URL. If you have the promo code already, follow the steps to enable uses;

  • Enable users for Enterprise Voice (performed while the users are homed on-premises).
  • Assign a voice routing policy (performed while the users are homed on-premises).
  • Obtain and activate a promo code, so that you can preview this feature.
  • Synchronize users to the cloud and assign licenses (performed using Office 365).
  • Move users to Skype for Business Online (performed using Windows PowerShell on-premises, but using your Office 365 administrator credentials).
  • Enable the users for Enterprise Voice and Cloud PBX Voicemail (performed using Remote PowerShell).

Migration of user accounts should be none intrusive and users will not lose any configuration that they made on their client.

As mentioned above, the service is still on it’s preview stage and it will become GA pretty soon and this would be a one step forward for the organizations that are looking forward to move in to Office 365.

Supported Survivable Branch Appliance (SBA) for Skype for Business


Since the Skype for Business server 2015 public release, one of the concerns that came up when upgrading existing Lync Server platforms to Skype for Business, is the support for SBAs. Microsoft issued a statement mentioning that the existing SBAs that are running with Lync server 2013 image, will be supported for Skype for Business till the hardware vendors come up with the Skype for Business image on their appliances.

Now, Sonus has announced that their newer software version V 5.0 for SBC 1000\2000 that supports Skype for Business Server, will be released on 28th of July 2015.

Audiocodes however, stated that their E-SBC (Enterprise SBC) appliance will fully support Skype for Business server 2015 since 07th of July 2015.

What’s new with Sonus Version 5.0 

Key Features in Release 5.0 in support of Skype for Business deployments include:

  • Presence: The new presence feature provides Skype for Business users with presence reporting when engaged in calls from non-Skype for Business endpoints.
  • Provisioning templates: The updated provisioning templates significantly reduce the complexity of configuring Skype for Business interworking. This feature is designed to enable an enterprise to deploy its Skype for Business application with greater speed-to-market, saving time and money.
  • Survivable Branch Appliance Support: Delivering continued market leading support for Survivable Branch Appliance (SBA) functions, this feature ensures that real-time communications are delivered even if the wide area network (WAN) goes down.

For more information about this software release, please visit;

http://www.sonus.net/en/resources/press-releases/sonus-sbc-1000-and-sbc-2000-update-generally-available.

Audiocodes Enterprise Session Border Controller (E-SBC)

Based on the statement that released on 07th of July, their E-SBC appliance is supported for the Skype for business Server. However, it’s not clear that the SBA image that been used within the SBA, is for Skype for Business Server or just the Lync Server 2013.

Capture

For more information about the Audiocodes E-SBC product range, Please visit;

http://www.audiocodes.com/filehandler.ashx?fileid=2211670.

So, if you have plans to upgrade existing Lync server platforms to Skype for Business Server, now you have the SBA component addressed by above product range. Plan the upgrade schedule with keep the software release days in mind.

In-place Upgrade Lync Server 2013 to Skype for Business Server 2015


It has been a while that the Skype for Business server 2015 released for public. I reckon it would be the time to upgrade the existing Lync server 2013 platform to Skype for Business Server 2015.

Before moving forward, there are concerns that need to be addressed upfront. The major one would be the overall downtime that occur because of the upgrade. If the existing deployment have multiple pools, then users can be moved to one of the pools and get the other one upgraded and have services running as usual. But, if there’s only one pool available, then the upgrade could be a potential risk and a lengthy downtime.

Also, it’s important to have an idea of what CU version that the existing Lync server 2013 platform is running. Make sure to upgrade the Lync server pool before moving forward with the Skype for Business upgrade and also plan adequate downtime that incorporate the existing pool CU upgrade as well as the in-place upgrade.

Moving forward with the Skype for Business 2015 upgrade, install the Skype for Business server Admin Tools on a domain joined machine (admin tools would not install on any Lync server 2013 front end servers). Download the topology from existing deployment, upon installing of the admin tools.Capture5

Once downloaded, drill down to the existing Lync server 2013 pool. Right click on the pool and select to “Upgrade to Skype for Business Server 2015”Capture6

Select “Yes” on the confirmation window. Capture7

As soon as selecting “Yes”, the Lync server 2013 pool will be moved to “Skype for Business Server 2015” section. This is as expected and should not be worried. Capture8

Now, publish the topology by selecting “Publish Topology” in “Action” menu.Capture9

The publishing process is as same as Lync Server 2013.  Do not change anything related to the Databases. Leave everything as it is.Capture11

Select “Next” and proceed with the topology publishing process.Capture12

Open up the “to-do list” to check that need to be done next. Capture13

Log in to Lync Server 2013 Front End server and run the Skype for Business Server 2014 set up from media. Capture3

Select to connect to the internet and check for updates. It will download the required windows patches and install. Capture4

Upon completing the download process, select next to proceed with the deployment. As for the first step, it will check the status of the existing pool. It will error out if the pool services are still running.Capture14

Open up the Lync server 2013 management shell and run Stop-CsWindowsServices to stop the Lync server services. This process need to be done on all front end servers. Capture15

Once all the services are down, retry the deployment process. It should continue through the process. It would take up to 45 – 60 minutes to complete the update. The upgrade process can be run on all Lync server 2013 front end servers simultaneously. No need to do it one by one.Capture1

select “Ok” to complete the upgrade process. Capture16

Now, the upgrade process is successfully completed. Wait till the process completed on all front end servers. Upon completion, run the command Start-CsPool -PoolFqdn <pool fqdn> . This is a new command that introduced in Skype for Business Server 2015. This command can be used to stop and start the pool without being worried about messing with the fabric and the quorum.Capture17

Capture19

Confirm that all the windows services relate to Skype for Business server are up and running.Capture18

The Lync Server 2013 clients should get a prompt that the back end server is changed to Skype for Business and it require to restart the client.Capture20

Upon restarting the Lync 2013 client, the client will change the skin to Skype for Business 2015.

Capture21

The upgrade process is now completed. Carry out the test plan to verify the features and functionality of the platform.

Integrate Lync Server 2013 with O365 Exchange for Unified Messaging


Lot of clients are now moving away from on premises Exchange and in to O365 these days. Exchange online came a long way and grown up a lot. In terms of Unified Communications, how should we get Voicemail out of O365 exchange?. And what will be the configuration that involves in?. To answer those questions, let’s have a look at what the prerequisites are and what the configuration should be.

Before moving forwards, there’s several critical points need to be addressed and understood;

  • On premises Lync Server 2013 deployment must have Edge servers installed and federation enabled
  • Edge server DNS resolution should be done via the External interface and not over the internal. It must have public DNS servers configured instead of internal DNS.
  • _sipfederationtls._tcp.domain.com SRV record must be configured in public DNS and resolve against the access edge FQDN (sip.domain.com)
  • The O365 Tennent domain must be set to “Authoritative” accepted domain

Form above mentioned 2 points, I cannot stress the importance of proper DNS configuration enough. If the DNS wasn’t properly configured, the whole partner federation component will get broken as a result and it will not be a pleasant experience.

To check if the domain is accepted and authoritative within O365, below command can be used

Get-AcceptedDomain  | Format-List

So, to begin with the configuration within Lync Server, verify the configuration of the Access Edge. It should be as mentioned below;Capture4

Next, a Hosting Provider needs to be configured. To configure this, run the command; New-CsHostingProvider -Identity “Exchange Online” -Enabled $True -EnabledSharedAddressSpace $True -HostsOCSUsers $False -ProxyFQDN “exap.um.outlook.com” -IsLocal $False -VereficationLevel UseSourceVerificationCapture1

Now, create a Hosted Voicemail Policy. This is the policy that get assigned to a user who needs to be enabled for O365 Unified Messaging. To configure the policy, run the command; New-CsHostedVoicemailPolicy -Identity “CloudUMPolicy” -Destination exap.um.outlook.com -Description “Hosted Voicemail Policy for Lync Users” -Organization “contosoltd.onmicrosoft.com”Capture8

In above command, the Organization parameter must be specified as the tenant name and not the shared name space. Ex, contoso.com (shared name space), contosoltd.conmicrosoft.com (Tenant Name). Then run; Invoke-CsmanagementStoreReplication to replicate the changes.

Now to create UM contact object for Subscriber access and Voicemail. Usually for on-premises Exchange, we use OCSUMUtil.exe tool to create these objects. But in O365 UM scenario, we have to use Lync Server management Shell to create these objects. In order to create the contact object for Subscriber Access, the command; New-CsExUmContact -SipAddress sip:exumaa1@domain.com -RegistrarPool lyncPool.domain.com -OU “OU=ExUmContacts,DC=domain,DC=com” -DisplayNumber -AutoAttendant $False -IsSubscriberAccess $True can be used. Capture

Now we are done with Lycn server bits and move on to O365 portal to configure the UM Dial Plan. Log in to the O365 portal using https://portal.office.com and go to the Admin Centre. Capture2

Go to “Exchange” and select “UM Dial Plans”. Select “+” to create a new dial plan. Configure the dial plan name, number of digits of an extension. Select “SIP URI” from the drop down for “Dial plan type”. Set the language, the country code and save the configuration.Capture2

 

 

 

 

 

 

 

 

 

 

 

 

Open the newly configured Dial plan and select “Configure” to configure the rest of the parameters of the dial plan.Capture3

 

 

 

 

 

 

 

 

 

 

 

Move to “Outlook Voice Access” tab and configure the DID number for the Subscriber Access in E.164 format as shown below. If you want to use a custom greeting, the audio file can be uploaded in to the “Default Greeting” configuration.Capture

 

 

 

 

 

 

 

 

 

 

Then go to “Settings and configure the operator extension. This will help to transfer the calls to the operator, if the caller couldn’t be served by the subscriber access component. Capture5

 

 

 

 

 

 

 

 

 

 

Next to configure the “Dialling Rules”. Dialling rules are configured to dictate which number or number patterns can be routed via the subscriber access as well as the auto attendant. Usually, the dialling rules are configured to route all digits without any restriction, unless if there’s a special requirement that need to configure specific numbers. Configure the dialling rules as mentioned below. This dialling rule will be later on assigned to the Um Mailbox policy as well.Capture6

Now to assigned the dialling rule to the dialling authorization table. Configuring this will allow users who are coming in to the Subscriber Access and Auto Attendant to reach out to internal user extensions. Assign the dialling rule to the authorization table and check “Calls in the same dial plan” and “Allow calls to any extension” components.Capture7

In Transfer and Search tab, verify that the “Transfer to Users are selected. The rest of the parameters can be left alone.Capture8

Now, go back and open up the configured Dial Plan and double click on the default UM Mailbox Policy. This policy get created automatically upon completion of the UM dial plan creation.Capture2

In “General” we usually leave the parameters as it is. If required, some of the UM functionalities can be controlled within this section.Capture15

In The “Pin Policy” tab, you can change the number of digits that are required for the PIN and whether to allow the common patterns for the PIN. Usually, the PIN would be set to 4 digits length and allow common patterns. Capture16

The  “Dialling Authorization” is the most important part within the UM Mailbox policy. If not configured with a number policy, it will not allow calls to be routed to internal extensions from the subscriber access or auto attendant. Assign the previously configured number policy to allow all digits and “Calls within the same UM dial plan” and “Call to any Extension” should be checked.Capture17

This is all that is to the Subscriber Access component of the Exchange UM in O365. The same steps can be followed to configure the Auto Attendant. It will require to configure a UM Object for the Auto Attendant in Lync Server and then need to configure the Auto Attendant within O365.