Beruflich Dokumente
Kultur Dokumente
20334B
Core Solutions of Skype for Business 2015
MCT USE ONLY. STUDENT USE PROHIBITED
ii Core Solutions of Skype for Business 2015
Information in this document, including URL and other Internet Web site references, is subject to change
without notice. Unless otherwise noted, the example companies, organizations, products, domain names,
e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with
any real company, organization, product, domain name, e-mail address, logo, person, place or event is
intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the
user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in
or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical,
photocopying, recording, or otherwise), or for any purpose, without the express written permission of
Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property
rights covering subject matter in this document. Except as expressly provided in any written license
agreement from Microsoft, the furnishing of this document does not give you any license to these
patents, trademarks, copyrights, or other intellectual property.
The names of manufacturers, products, or URLs are provided for informational purposes only and
Microsoft makes no representations and warranties, either expressed, implied, or statutory, regarding
these manufacturers or the use of the products with any Microsoft technologies. The inclusion of a
manufacturer or product does not imply endorsement of Microsoft of the manufacturer or product. Links
may be provided to third party sites. Such sites are not under the control of Microsoft and Microsoft is not
responsible for the contents of any linked site or any link contained in a linked site, or any changes or
updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission
received from any linked site. Microsoft is providing these links to you only as a convenience, and the
inclusion of any link does not imply endorsement of Microsoft of the site or the products contained
therein.
© 2016 Microsoft Corporation. All rights reserved.
Released: 05/2016
MCT USE ONLY. STUDENT USE PROHIBITED
MICROSOFT LICENSE TERMS
MICROSOFT INSTRUCTOR-LED COURSEWARE
These license terms are an agreement between Microsoft Corporation (or based on where you live, one of its
affiliates) and you. Please read them. They apply to your use of the content accompanying this agreement which
includes the media on which you received it, if any. These license terms also apply to Trainer Content and any
updates and supplements for the Licensed Content unless other terms accompany those items. If so, those terms
apply.
BY ACCESSING, DOWNLOADING OR USING THE LICENSED CONTENT, YOU ACCEPT THESE TERMS.
IF YOU DO NOT ACCEPT THEM, DO NOT ACCESS, DOWNLOAD OR USE THE LICENSED CONTENT.
If you comply with these license terms, you have the rights below for each license you acquire.
1. DEFINITIONS.
a. “Authorized Learning Center” means a Microsoft IT Academy Program Member, Microsoft Learning
Competency Member, or such other entity as Microsoft may designate from time to time.
b. “Authorized Training Session” means the instructor-led training class using Microsoft Instructor-Led
Courseware conducted by a Trainer at or through an Authorized Learning Center.
c. “Classroom Device” means one (1) dedicated, secure computer that an Authorized Learning Center owns
or controls that is located at an Authorized Learning Center’s training facilities that meets or exceeds the
hardware level specified for the particular Microsoft Instructor-Led Courseware.
d. “End User” means an individual who is (i) duly enrolled in and attending an Authorized Training Session
or Private Training Session, (ii) an employee of a MPN Member, or (iii) a Microsoft full-time employee.
e. “Licensed Content” means the content accompanying this agreement which may include the Microsoft
Instructor-Led Courseware or Trainer Content.
f. “Microsoft Certified Trainer” or “MCT” means an individual who is (i) engaged to teach a training session
to End Users on behalf of an Authorized Learning Center or MPN Member, and (ii) currently certified as a
Microsoft Certified Trainer under the Microsoft Certification Program.
g. “Microsoft Instructor-Led Courseware” means the Microsoft-branded instructor-led training course that
educates IT professionals and developers on Microsoft technologies. A Microsoft Instructor-Led
Courseware title may be branded as MOC, Microsoft Dynamics or Microsoft Business Group courseware.
h. “Microsoft IT Academy Program Member” means an active member of the Microsoft IT Academy
Program.
i. “Microsoft Learning Competency Member” means an active member of the Microsoft Partner Network
program in good standing that currently holds the Learning Competency status.
j. “MOC” means the “Official Microsoft Learning Product” instructor-led courseware known as Microsoft
Official Course that educates IT professionals and developers on Microsoft technologies.
k. “MPN Member” means an active Microsoft Partner Network program member in good standing.
MCT USE ONLY. STUDENT USE PROHIBITED
l. “Personal Device” means one (1) personal computer, device, workstation or other digital electronic device
that you personally own or control that meets or exceeds the hardware level specified for the particular
Microsoft Instructor-Led Courseware.
m. “Private Training Session” means the instructor-led training classes provided by MPN Members for
corporate customers to teach a predefined learning objective using Microsoft Instructor-Led Courseware.
These classes are not advertised or promoted to the general public and class attendance is restricted to
individuals employed by or contracted by the corporate customer.
n. “Trainer” means (i) an academically accredited educator engaged by a Microsoft IT Academy Program
Member to teach an Authorized Training Session, and/or (ii) a MCT.
o. “Trainer Content” means the trainer version of the Microsoft Instructor-Led Courseware and additional
supplemental content designated solely for Trainers’ use to teach a training session using the Microsoft
Instructor-Led Courseware. Trainer Content may include Microsoft PowerPoint presentations, trainer
preparation guide, train the trainer materials, Microsoft One Note packs, classroom setup guide and Pre-
release course feedback form. To clarify, Trainer Content does not include any software, virtual hard
disks or virtual machines.
2. USE RIGHTS. The Licensed Content is licensed not sold. The Licensed Content is licensed on a one copy
per user basis, such that you must acquire a license for each individual that accesses or uses the Licensed
Content.
2.1 Below are five separate sets of use rights. Only one set of rights apply to you.
2.2 Separation of Components. The Licensed Content is licensed as a single unit and you may not
separate their components and install them on different devices.
2.3 Redistribution of Licensed Content. Except as expressly provided in the use rights above, you may
not distribute any Licensed Content or any portion thereof (including any permitted modifications) to any
third parties without the express written permission of Microsoft.
2.4 Third Party Notices. The Licensed Content may include third party code tent that Microsoft, not the
third party, licenses to you under this agreement. Notices, if any, for the third party code ntent are included
for your information only.
2.5 Additional Terms. Some Licensed Content may contain components with additional terms,
conditions, and licenses regarding its use. Any non-conflicting terms in those conditions and licenses also
apply to your use of that respective component and supplements the terms described in this agreement.
a. Pre-Release Licensed Content. This Licensed Content subject matter is on the Pre-release version of
the Microsoft technology. The technology may not work the way a final version of the technology will
and we may change the technology for the final version. We also may not release a final version.
Licensed Content based on the final version of the technology may not contain the same information as
the Licensed Content based on the Pre-release version. Microsoft is under no obligation to provide you
with any further content, including any Licensed Content based on the final version of the technology.
b. Feedback. If you agree to give feedback about the Licensed Content to Microsoft, either directly or
through its third party designee, you give to Microsoft without charge, the right to use, share and
commercialize your feedback in any way and for any purpose. You also give to third parties, without
charge, any patent rights needed for their products, technologies and services to use or interface with
any specific parts of a Microsoft technology, Microsoft product, or service that includes the feedback.
You will not give feedback that is subject to a license that requires Microsoft to license its technology,
technologies, or products to third parties because we include your feedback in them. These rights
survive this agreement.
c. Pre-release Term. If you are an Microsoft IT Academy Program Member, Microsoft Learning
Competency Member, MPN Member or Trainer, you will cease using all copies of the Licensed Content on
the Pre-release technology upon (i) the date which Microsoft informs you is the end date for using the
Licensed Content on the Pre-release technology, or (ii) sixty (60) days after the commercial release of the
technology that is the subject of the Licensed Content, whichever is earliest (“Pre-release term”).
Upon expiration or termination of the Pre-release term, you will irretrievably delete and destroy all copies
of the Licensed Content in your possession or under your control.
MCT USE ONLY. STUDENT USE PROHIBITED
4. SCOPE OF LICENSE. The Licensed Content is licensed, not sold. This agreement only gives you some
rights to use the Licensed Content. Microsoft reserves all other rights. Unless applicable law gives you more
rights despite this limitation, you may use the Licensed Content only as expressly permitted in this
agreement. In doing so, you must comply with any technical limitations in the Licensed Content that only
allows you to use it in certain ways. Except as expressly permitted in this agreement, you may not:
• access or allow any individual to access the Licensed Content if they have not acquired a valid license
for the Licensed Content,
• alter, remove or obscure any copyright or other protective notices (including watermarks), branding
or identifications contained in the Licensed Content,
• modify or create a derivative work of any Licensed Content,
• publicly display, or make the Licensed Content available for others to access or use,
• copy, print, install, sell, publish, transmit, lend, adapt, reuse, link to or post, make available or
distribute the Licensed Content to any third party,
• work around any technical limitations in the Licensed Content, or
• reverse engineer, decompile, remove or otherwise thwart any protections or disassemble the
Licensed Content except and only to the extent that applicable law expressly permits, despite this
limitation.
5. RESERVATION OF RIGHTS AND OWNERSHIP. Microsoft reserves all rights not expressly granted to
you in this agreement. The Licensed Content is protected by copyright and other intellectual property laws
and treaties. Microsoft or its suppliers own the title, copyright, and other intellectual property rights in the
Licensed Content.
6. EXPORT RESTRICTIONS. The Licensed Content is subject to United States export laws and regulations.
You must comply with all domestic and international export laws and regulations that apply to the Licensed
Content. These laws include restrictions on destinations, end users and end use. For additional information,
see www.microsoft.com/exporting.
7. SUPPORT SERVICES. Because the Licensed Content is “as is”, we may not provide support services for it.
8. TERMINATION. Without prejudice to any other rights, Microsoft may terminate this agreement if you fail
to comply with the terms and conditions of this agreement. Upon termination of this agreement for any
reason, you will immediately stop all use of and delete and destroy all copies of the Licensed Content in
your possession or under your control.
9. LINKS TO THIRD PARTY SITES. You may link to third party sites through the use of the Licensed
Content. The third party sites are not under the control of Microsoft, and Microsoft is not responsible for
the contents of any third party sites, any links contained in third party sites, or any changes or updates to
third party sites. Microsoft is not responsible for webcasting or any other form of transmission received
from any third party sites. Microsoft is providing these links to third party sites to you only as a
convenience, and the inclusion of any link does not imply an endorsement by Microsoft of the third party
site.
10. ENTIRE AGREEMENT. This agreement, and any additional terms for the Trainer Content, updates and
supplements are the entire agreement for the Licensed Content, updates and supplements.
12. LEGAL EFFECT. This agreement describes certain legal rights. You may have other rights under the laws
of your country. You may also have rights with respect to the party from whom you acquired the Licensed
Content. This agreement does not change your rights under the laws of your country if the laws of your
country do not permit it to do so.
13. DISCLAIMER OF WARRANTY. THE LICENSED CONTENT IS LICENSED "AS-IS" AND "AS
AVAILABLE." YOU BEAR THE RISK OF USING IT. MICROSOFT AND ITS RESPECTIVE
AFFILIATES GIVES NO EXPRESS WARRANTIES, GUARANTEES, OR CONDITIONS. YOU MAY
HAVE ADDITIONAL CONSUMER RIGHTS UNDER YOUR LOCAL LAWS WHICH THIS AGREEMENT
CANNOT CHANGE. TO THE EXTENT PERMITTED UNDER YOUR LOCAL LAWS, MICROSOFT AND
ITS RESPECTIVE AFFILIATES EXCLUDES ANY IMPLIED WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.
14. LIMITATION ON AND EXCLUSION OF REMEDIES AND DAMAGES. YOU CAN RECOVER FROM
MICROSOFT, ITS RESPECTIVE AFFILIATES AND ITS SUPPLIERS ONLY DIRECT DAMAGES UP
TO US$5.00. YOU CANNOT RECOVER ANY OTHER DAMAGES, INCLUDING CONSEQUENTIAL,
LOST PROFITS, SPECIAL, INDIRECT OR INCIDENTAL DAMAGES.
It also applies even if Microsoft knew or should have known about the possibility of the damages. The
above limitation or exclusion may not apply to you because your country may not allow the exclusion or
limitation of incidental, consequential or other damages.
Please note: As this Licensed Content is distributed in Quebec, Canada, some of the clauses in this
agreement are provided below in French.
Remarque : Ce le contenu sous licence étant distribué au Québec, Canada, certaines des clauses
dans ce contrat sont fournies ci-dessous en français.
EXONÉRATION DE GARANTIE. Le contenu sous licence visé par une licence est offert « tel quel ». Toute
utilisation de ce contenu sous licence est à votre seule risque et péril. Microsoft n’accorde aucune autre garantie
expresse. Vous pouvez bénéficier de droits additionnels en vertu du droit local sur la protection dues
consommateurs, que ce contrat ne peut modifier. La ou elles sont permises par le droit locale, les garanties
implicites de qualité marchande, d’adéquation à un usage particulier et d’absence de contrefaçon sont exclues.
EFFET JURIDIQUE. Le présent contrat décrit certains droits juridiques. Vous pourriez avoir d’autres droits
prévus par les lois de votre pays. Le présent contrat ne modifie pas les droits que vous confèrent les lois de votre
pays si celles-ci ne le permettent pas.
Acknowledgements
Microsoft Learning wants to acknowledge and thank the following for their contribution toward
developing this title. Their effort at various stages in the development has ensured that you have a good
classroom experience.
Contents
Module 1: Design and Architecture of Skype for Business Server 2015
Module Overview 1-1
Lab: Designing and Publishing a Skype for Business Server Topology 1-21
Lab A: Configuring DNS and Simple URLs for Skype for Business Server 2-17
Lab A: Using the Administrative Tools to Manage Skype for Business Server 3-8
Lab A: Configuring Users and Clients in Skype for Business 2015 4-15
Lab B: Configuring Policies and the Address Book in Skype for Business Server 4-28
Lesson 2: Designing and Configuring Audio/Video and Web Conferencing Policies 6-7
Lab A: Implementing and Troubleshooting Conferencing Policies 6-11
Lesson 3: Additional Disaster Recovery Options in Skype for Business Server 11-18
Lab: Implementing and Performing Disaster Recovery 11-24
Module 13: Planning and Implementing an Upgrade to Skype for Business Server 2015
Module Overview 13-1
Lesson 1: Overview of Upgrade and Migration Paths 13-2
Module 2 Lab A: Configuring DNS and Simple URLs for Skype for Business Server L2-5
Module 3 Lab A: Using the Administrative Tools to Manage Skype for Business Server L3-11
Module 3 Lab B: Using the Skype for Business Troubleshooting Tools L3-14
Module 4 Lab A: Configuring Users and Clients in Skype for Business 2015 L4-19
Module 4 Lab B: Configuring Policies and the Address Book in Skype for Business Server L4-22
Course Description
This course provides students with the knowledge and skills required to plan, deploy, configure, and
administer a Skype for Business 2015 solution. Students will learn how to deploy a multi-site and highly
available Skype for Business infrastructure that supports instant messaging, conferencing, Persistent Chat,
archiving, and monitoring. Students will also learn how to manage and maintain the infrastructure, and
troubleshoot issues that might arise.
This course focuses primarily on the on-premises deployment of Skype for Business, but it does include
information on how to integrate the on-premises deployment with Skype for Business Online and how to
migrate from previous versions of Microsoft Lync Server.
Audience
The primary audience for this course is information technology (IT) professionals who are responsible for
the Skype for Business 2015 deployment in their organizations. Experience with previous versions of Lync
Server is beneficial but not required to take this course. Students should be proficient with Active
Directory Domain Services (AD DS), data networks, and telecommunications standards and components
that support the configuration of Skype for Business. Students should also be familiar with Microsoft
Exchange Server and Microsoft Office 365.
The secondary audience for this course includes IT professionals who are planning to take the Exam
70- 334: Core Solutions of Skype for Business 2015 as a stand- alone exam or as part of the requirement
for the Microsoft Certified Solutions Expert (MCSE): Communications certification exam.
Student Prerequisites
This course requires that you meet the following prerequisites:
Minimum of two years of experience administering either Windows Server 2012 or Windows Server
2008 R2.
Minimum of two years of experience working with name resolution, including Domain Name System
(DNS).
Experience working with certificates, including public key infrastructure (PKI) certificates.
Course Objectives
After completing this course, students will be able to:
Describe the architecture of Skype for Business 2015 and design a Skype for Business 2015 topology.
Implement additional conferencing options, such as dial-in conferencing, Lync Room System, and
Skype Meeting Broadcast.
Design and implement monitoring and archiving in Skype for Business 2015.
Plan and implement an upgrade from Lync Server to Skype for Business Server 2015.
Course Outline
The course outline is as follows:
Module 1, “Design and Architecture of Skype for Business Server 2015," describes the high - level
components and features of Skype for Business 2015. It describes how to work with the Skype for Business
administrative tools. It describes the main components of Skype for Business Online and coexistence with
on-premises Skype for Business servers.
Module 2, “Installing and Implementing Skype for Business Server 2015,” explains the external
dependencies for Skype for Business Server. It describes the Session Initiation Protocol (SIP) domain
requirements to ensure a successful implementation. It also explains how to install Skype for Business
Server and describes how Skype for Business Server integrates with Microsoft Exchange Server and
Microsoft SharePoint Server.
Module 3, “Administering Skype for Business Server 2015,” explains how to administer and manage Skype
for Business Server by using Skype for Business Server Control Panel and the Skype for Business Server
Management Shell. It also explains how to implement role- based access control (RBAC) in Skype for
Business and how to use important Test cmdlets and tools to troubleshoot Skype for Business.
Module 4, “Configuring Users and Clients in Skype for Business 2015," explains how to configure users by
using Skype for Business Server Control Panel and the Skype for Business Server Management Shell. It
then describes how to deploy Skype for Business clients and explains the sign-in, registration, and
authentication process for Skype for Business clients. It also explains how to configure in-band policies
and group policies. Finally, it explains how to configure Skype for Business Server settings and manage the
Address Book.
Module 5, “Configuring and Implementing Conferencing in Skype for Business 2015," describes Skype for
Business conferencing features and modalities. It explains how to integrate Skype for Business Server 2015
with Office Online Server. It also explains how to plan for conferencing bandwidth utilization. Finally, it
explains how to configure conferencing settings and policies.
Module 6, “Implementing Additional Conferencing Options in Skype for Business Server 2015," describes
the conferencing lifecycle and explains how to administer it. It then explains how to use conferencing and
meeting policies. It also explains how to deploy dial-in conferencing and configure the infrastructure for
Lync Room System. Finally, it explains how to configure large meetings and Skype Meeting Broadcast.
Module 7, “Designing and Implementing Monitoring and Archiving in Skype for Business 2015," describes
the Monitoring Service components in Skype for Business Server, and how to implement monitoring. It
then describes archiving and explains how to design an archiving policy, Finally, it explains how to
implement archiving.
Module 8, “Deploying Skype for Business 2015 external access," describes the components for external
access. It then explains how to configure external access policies and security, configure certificates, and
MCT USE ONLY. STUDENT USE PROHIBITED
About This Course xxi
configure reverse proxy. Also it describes how to configure Skype for Business Server 2015 for mobile
clients. Finally, it explains how to design and configure federation in Skype for Business Server.
Module 9, “Implementing Persistent Chat in Skype for Business 2015," explains how to design a Skype for
Business 2015 topology that includes Persistent Chat. It then explains how to deploy Persistent Chat in
Skype for Business. Finally, it explains how to configure and manage Persistent Chat.
Module 10, “Implementing High Availability in Skype for Business 2015," describes how to design and
implement a high-availability solution for Front End Servers and Back End Servers in a Skype for Business
Server environment. It also explains how to design and implement a high-availability solution for file
stores, Edge Servers, Mediation Servers, Office Online Server farms, and reverse proxy servers in a Skype
for Business Server environment.
Module 11, “Implementing Disaster Recovery in Skype for Business 2015," describes the disaster recovery
options in Skype for Business Server 2015. It then explains how to implement disaster recovery in Skype
for Business Server. Additionally, it describes the disaster recovery options for Persistent Chat, the Central
Management store, the Location Information Service (LIS) database, and user data.
Module 12, “Integrating with Skype for Business Online," describes Skype for Business Online features. It
then explains how to prepare an on-premises environment for a hybrid Skype for Business deployment. It
also explains how to configure a hybrid Skype for Business deployment.
Module 13, “Planning and Implementing an Upgrade to Skype for Business Server 2015," describe how
to plan a side-by-side migration from Lync Server 2010 and Lync Server 2013 to Skype for Business Server
2015. It also explains how to perform an in-place upgrade from Lync Server 2013 to Skype for Business
Server.
MCT USE ONLY. STUDENT USE PROHIBITED
xxii About This Course
Course Materials
The following materials are included with your kit:
Course Handbook: a succinct classroom learning guide that provides the critical technical
information in a crisp, tightly-focused format, which is essential for an effective in-class learning
experience.
o Lessons: guide you through the learning objectives and provide the key points that are critical to
the success of the in-class learning experience.
o Labs: provide a real-world, hands-on platform for you to apply the knowledge and skills learned
in the module.
o Module Reviews and Takeaways: provide on-the-job reference material to boost knowledge
and skills retention.
Modules: include companion content, such as questions and answers, detailed demo steps and
additional reading links, for each lesson. Additionally, they include Lab Review questions and answers
and Module Reviews and Takeaways sections, which contain the review questions and answers, best
practices, common issues and troubleshooting tips with answers, and real-world issues and scenarios
with answers.
Resources: include well-categorized additional resources that give you immediate access to the most
current premium content on TechNet, MSDN, or Microsoft Press.
Course evaluation: at the end of the course, you will have the opportunity to complete an online
evaluation to provide feedback on the course, training facility, and instructor.
Important: Pay close attention to the steps at the end of each lab that explain what you
need to do with the virtual machines. In most labs, you will revert the virtual machine to the
checkpoint created during classroom setup. In some labs, you will not revert the virtual
machines, but will keep them running for the next lab.
The following table shows the role of each virtual machine that is used in this course:
Classroom Setup
Each classroom computer will have the same virtual machine configured in the same way.
Processor: 64 - bit Intel Virtualization Technology (Intel VT) or AMD Virtualization (AMD - V)
processor (2.8 gigahertz dual core or better recommended)
Hard Disk: Dual 500 gigabyte (GB) hard disks 7200 RPM SATA labeled C drive and D drive. Solid State
drives are strongly recommended.
RAM: 32 GB or higher
Network Adapter
Additionally, the instructor ’s computer must be connected to a projection display device that supports
SVGA 1024 × 768 pixels, 16 - bit colors.
MCT USE ONLY. STUDENT USE PROHIBITED
1-1
Module 1
Design and Architecture of Skype for Business Server 2015
Contents:
Module Overview 1-1
Lab: Designing and Publishing a Skype for Business Server Topology 1-21
Module Overview
Skype for Business Server 2015 offers several enhancements to server roles and client features, and it
provides new tools for administration. You should understand the overall architecture of Skype for
Business Server and the core capabilities that it offers. This understanding will help you plan and design
a Skype for Business Server implementation that meets organizational and user needs.
Objectives
After completing this module, you will be able to:
• Describe the high-level components and features of Skype for Business 2015.
Lesson 1
Overview of Skype for Business Components and Features
Skype for Business Server introduces many new features and significant enhancements to existing features
and functionality from previous versions. To use Skype for Business Server, you should understand its
architecture, server roles and features, and deployment options. This will help you to design a Skype for
Business Server implementation that meets your organizational needs. Skype for Business Server has a
Session Initiation Protocol (SIP)–based foundation. You should know how Skype for Business Server uses
SIP to create, modify, and terminate sessions.
Lesson Objectives
After completing this lesson, you will be able to:
• Identify the protocols and media that Skype for Business Server uses.
• Design a topology.
• Standard Edition servers. Standard Edition servers are single servers that provide all standard
functionality on a single server. A Standard Edition server includes a collocated Microsoft SQL Server
Express database. You can deploy multiple Standard Edition servers in a Skype for Business
deployment.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 1-3
• Enterprise Edition servers. When you deploy Enterprise Edition Skype for Business Server, you deploy
one or more Front End Servers and one or more Back End Servers, which is an SQL database. You can
deploy multiple Enterprise Edition servers in a single site, or you can deploy multiple sites with
Enterprise Edition or Standard Edition servers.
• External users. These users access Skype for Business Server features from outside the organization.
• External partners (federated). Skype for Business Server users can communicate with users from other
organizations with Skype for Business through federation. Federated partners can communicate by
using instant messaging (IM), they can see presence information, and they can place Skype audio and
video calls.
• Microsoft Office 365. While Skype for Business features are available online through stand-alone
plans, users can also purchase these features with other services, such as email, through various
offerings from Office 365. Some of these plans include Office 365 Business Essentials and Office 365
Business Premium.
• Skype for Business Edge Servers. This server role in Skype for Business Server provides
communications with external users. This server role is necessary for providing communication
between Skype for Business Server and Skype users.
• Reverse proxy. This server role is necessary for external users to join Skype for Business online
meetings.
Skype for Business Server Standard Edition is suitable for small organizations and for pilot projects in
large organizations. Standard Edition has many Skype for Business Server features, such as IM, presence,
conferencing, Enterprise Voice, and the necessary databases to run on a single server. By using Skype for
Business Server Standard Edition, you can help users experience most of the rich features of Skype for
Business Server. On the other hand, Enterprise Edition provides all of the features in Standard Edition, in
addition to providing scalable high availability. To support high availability in Standard Edition, you need
to deploy two Standard Edition servers and pair them together.
• Presence information. Skype for Business Server tracks presence information for all Skype for Business
users, and it provides this information to the Skype for Business client and other apps, such as
Microsoft Outlook 2013 or later.
• Web conferencing. Skype for Business Server can host on-premises conferences, which you can
schedule or run ad-hoc. Conferences can include IM, audio, video, app sharing, slide presentations,
and other forms of data collaboration.
• Audio and video conferencing. Users can join Skype for Business Server–based audio conferences
by using any desktop or mobile phone. When connecting to an audio conference by using a web
browser, users can provide a telephone number that the audio conferencing service calls. In addition
to audio conferencing, Skype for Business enables users to connect through high quality video
sessions. Both person-to-person and multiparty (three or more users) sessions are supported.
• Integration with Microsoft Office 2013 or later apps. When you implement Skype for Business Server,
Exchange Server 2013, Microsoft SharePoint Server 2013, and Office 2013 or later, you can provide a
seamless user experience between all the apps. For example, if you receive an email from another
user, you can see the user presence information when you read the email. When a user sets an out-
of-office response in Outlook 2013 or later, you will see that same response in your Skype for
Business client when viewing the user’s presence information.
• Unified Contact Store. The Unified Contact Store feature enables users to store all contact information
in their Exchange Server 2013 mailbox so that the contact list is available in Skype for Business 2015,
Outlook 2013 or later, and Outlook Web App. The Unified Contact Store is enabled by default in
Skype for Business Server.
• Voice over Internet Protocol (VoIP) telephony. In addition to Enterprise Voice, Cloud Private Branch
Exchange (PBX) with the PSTN Calling service enables Skype for Business users to place calls from
Office 365 with their computers by clicking an Outlook or Skype for Business contact. Users receive
calls simultaneously on all their registered user endpoints, which might include a VoIP phone, mobile
phone, or Skype for Business client.
Note: You might also consider using the Cloud PBX with on-premises PSTN connectivity if
you prefer to use your existing PSTN carrier. In this scenario, cloud-based users are enabled for
Cloud PBX, but their calls process through on-premises software.
• Support for remote users. Skype for Business Server has an Edge Server role that enables remote users
to utilize all Skype for Business Server features without a virtual private network connection.
• Support for federation. You can configure federation with other organizations that are running Skype
for Business Server, Lync Server, or Microsoft Office Communications Server, and you can provide full
Skype for Business functionality for users in the two organizations.
• Server-side conversation history. To allow mobile device access to conversation history, missed IM,
and call log data, Skype for Business Servers now archive this information for all mobile clients.
Integration with Exchange Server 2013 is necessary.
With Skype for Business, users can keep track of their contacts’ availability (presence), conduct IM sessions,
make calls by using VoIP, and initiate or join an audio, video, or web conference. User can also make
phone calls within the Skype for Business organization, with federated partners, or call phones on the
PSTN. The Skype for Business desktop client is available for the Windows and Macintosh operating
systems, and mobile versions are available for Windows Phone, iPhone, iPad, and Android devices.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 1-5
Exchange Server 2013 and Skype for Business Server integrate and work together to provide a complete
email and voice system. Together, they provide features that include IM, presence information, web
conferencing, and VoIP telephony. Exchange Server 2013 provides an email-messaging system, while
Skype for Business Server provides a telephony system when you configure it for Enterprise Voice.
UM can use Skype for Business Server to provide telephony services, while Skype for Business Server can
use UM to provide voicemail services. When you configure Exchange Server 2013 and Skype for Business
Server integration, Exchange Server 2013 will use Skype for Business Server as an IP-PBX. On the server
that is running Microsoft Server 2013, you will configure an IP gateway that references the server this is
running Skype for Business Server.
• Edge Server
• Mediation Server
• Director
With most server roles, for scalability and high availability, you can deploy pools of multiple servers that
are all running the same server role. Each server in a pool must run an identical server role or roles. For
most pools in Skype for Business Server, you must deploy a load balancer to spread traffic between the
various servers in the pool. Skype for Business Server supports Domain Name System (DNS) load
balancing and hardware load balancers.
MCT USE ONLY. STUDENT USE PROHIBITED
1-6 Design and Architecture of Skype for Business Server 2015
A Standard Edition server is for small organizations and for pilot projects in large organizations. It
provides many of the features of Skype for Business Server, including the necessary databases to run on
a single server. This enables you to deploy Skype for Business Server functionality at a lower cost, but it
does not provide a true high availability solution.
A Standard Edition server enables you to use IM, presence, conferencing, and Enterprise Voice from a
single server. For a high availability solution, use Skype for Business Server Enterprise Edition.
In Skype for Business Server Enterprise Edition, a Front End Server is the core server role, and it runs many
basic Skype for Business Server functions. Front End Servers and Back End Servers are the only required
server roles in any Skype for Business Server Enterprise Edition deployment.
A Front End pool is a set of identically configured Front End Servers that work together to provide services
for a common group of users. A pool of multiple servers that are running the same role provides
scalability and failover capability.
A Front End Server includes the following features:
• Web components to support web-based tasks, such as Skype for Business Web Scheduler and Join
Launcher.
• Optionally, monitoring, to collect usage information in the form of call detail recordings (CDRs) and
call error records. This information provides metrics about the quality of the media (audio and video)
that traverses your network for both Enterprise Voice calls and audio/video conferences.
• Optionally, if Persistent Chat is enabled, Persistent Chat web services for chat room management and
Persistent Chat web services for file upload/download.
Front-end pools are also the primary store for user and conference data. Information about each user
replicates among all of the front-end severs in a pool, and the data backs up on the Back End Servers.
Additionally, one front-end pool in the deployment also runs the Central Management Server, which
manages and deploys basic configuration data to all servers that are running Skype for Business Server.
The Central Management Server also provides the Skype for Business Server Management Shell and file
transfer capabilities.
Back End Servers are database servers that are running SQL Server, and they provide database services for
front-end pools. Back End Servers function as backup stores for pool users and for conference data, and
they are the primary stores for other databases, such as the Response Group database. You can have a
single Back End Server, but a solution that provides high availability for SQL Server is better. High
availability options include database mirroring, AlwaysOn Availability Groups, AlwaysOn Failover Cluster
Instances, and SQL failover clustering. Back End Servers do not run any Skype for Business Server software.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 1-7
We do not recommend collocating Skype for Business Server databases with other databases. Doing so
might affect availability and performance. Information stored in Back End Server databases includes
presence information, users' contacts lists, and conference data, including persistent data about the state
of all current conferences, and conference scheduling data.
Edge Server
Edge Server enables users to communicate and collaborate with users who are outside the organization’s
firewall. These external users can include the organization’s own users who are working offsite, users from
federated partner organizations, and users who have been invited to join conferences that your Skype for
Business Server deployment hosts. Edge Server also enables connectivity to public IM providers, including
Skype.
Deploying Edge Server also enables mobility services, which support Skype for Business functionality on
mobile devices. Users can use supported iOS, Android, Windows Phone, or Nokia mobile devices to
perform activities such as sending and receiving IMs, viewing contacts, and viewing presence. Additionally,
mobile devices support some Enterprise Voice features, such as click to join a conference, Call via Work,
Single-Number Reach, voicemail, and missed calls. The mobility service can also provide push notifications
for mobile devices that do not support running apps in the background. A push notification is a
notification sent to a mobile device about an event that occurs while a mobile app is inactive.
Edge Servers also include a fully integrated Extensible Messaging and Presence Protocol (XMPP) proxy,
with an XMPP gateway included on Front End Servers. You can configure these XMPP components to
enable Skype for Business Server users to add contacts from XMPP-based partners, such as Google Talk,
for IM and presence.
Mediation Server
Mediation Server is a necessary component for implementing Enterprise Voice and dial-in conferencing.
Mediation Server translates signaling, and in some configurations, media between an internal Skype for
Business Server infrastructure and a PSTN gateway, IP-PBX, or a SIP trunk. You can collocate Mediation
Server on the same server as the Front End Server, or you can separate it into a stand-alone Mediation
Server pool.
Director
Directors can authenticate Skype for Business Server user requests, but they do not host user accounts
or provide presence or conferencing services. Directors are most useful for enhancing security in
deployments that enable external user access. A Director can authenticate requests before sending them
to internal servers. In the case of a denial-of-service attack, the attack ends with the Director and does not
reach the Front End Servers. In large organizations with multiple front-end pools, Directors can direct
authentication requests to the appropriate pool that hosts users. Although front-end pools typically direct
authentication requests, Directors can offload the requirement from the front-end pools. For high
availability, you can group multiple Director servers in a Director pool.
Persistent Chat
Persistent Chat enables users to participate in multiparty, topic-based conversations that persist over time.
A Persistent Chat Front End Server runs the Persistent Chat service. A Persistent Chat Back End Server
stores the chat history data, in addition to information about categories and chat rooms. An optional
Persistent Chat Compliance Back End Server can store chat content and compliance events for compliance
purposes.
Servers that run Skype for Business Server Standard Edition can also collocate Persistent Chat on the same
server. You cannot collocate a Persistent Chat Front End Server with an Enterprise Edition Front End
Server. However, you can collocate Persistent Chat back-end databases on Back End Servers for a front-
end pool. For high availability, you can group multiple Persistent Chat Front End Servers in a Persistent
Chat Server pool.
MCT USE ONLY. STUDENT USE PROHIBITED
1-8 Design and Architecture of Skype for Business Server 2015
A new server role, the Skype for Business Server Video Interoperability Server, functions as an intermediary
between servers that are running Skype for Business Server and a third-party video teleconferencing
systems such as a Cisco-TANDBERG video teleconferencing system. Skype for Business Server Video
Interoperability Server is a stand-alone server role. You cannot collocate it with any other server role.
While some features available in a Skype for Business Server on-premises deployment are not available
in Skype for Business Online, there are also feature differences between Office 365 plans. For a
comprehensive list of available features across the Office 365 plans, including on-premises Skype for
Business Server, refer to the following link.
presence, and meetings, without sacrificing the business-class capabilities of Skype for Business
Server. With Skype for Business Online, Microsoft deploys and maintains the required server
infrastructure, and it handles ongoing maintenance, patches, and upgrades. Some features that are
available in an on-premises deployment are not available in Skype for Business Online.
• Skype for Business Hybrid (split domain). In a full Skype for Business hybrid deployment, on-premises
and online environments share a single SIP domain name. This requires an Office 365 tenant with
Skype for Business Online enabled. Skype for Business supports multiple scenarios for hybrid
deployments. For example, an organization can choose to host its email from Exchange Online in
Office 365, but it can elect to keep Skype for Business on-premises. The value of hybrid Skype for
Business scenarios is the possibility of migrating everybody, or just a subset of users, to Skype for
Business Online from on-premises Skype for Business Server. You can therefore move users to the
cloud based on their location or their usage profile.
The goal of a hybrid Skype for Business architecture is to offer multiple scenarios that can
accommodate most existing and new customers based on their technical and functional needs.
By knowing the features that are available in the cloud and what you can migrate between on-
premises and online environments, you can make the migration scenario clear and predictable.
The best deployment scenario will depend on the workloads that you want to provide and the
geographical and business demands of your organization.
When you deploy Skype for Business Server as the sole telephony solution for part or all of an
organization, the two possible deployment topologies are:
• Incremental deployment. This topology scenario includes integration with an existing PBX to provide
Enterprise Voice incrementally to an organization.
• VoIP-only deployment. This topology scenario does not include integration with an existing PBX and
frequently deploys to an entire organization with direct PSTN connectivity.
MCT USE ONLY. STUDENT USE PROHIBITED
1-10 Design and Architecture of Skype for Business Server 2015
Depending on your choice of integration method, implementing Enterprise Voice or PBX integration can
be complex. The simplest method to perform Enterprise Voice or PBX integration is by using a qualified
SIP-to-PSTN gateway or a SIP trunk. In all voice deployments, but especially when implementing Direct
SIP and Call via Work, knowledge of SIP is important because you can debug and troubleshoot any issues
during integration.
Skype for Business Server includes several features that enhance Enterprise Voice:
• Call features. Skype for Business Server provides a significantly wider range of configuration options
for call forwarding and simultaneous ringing. For example, if an organization does not want incoming
calls to forward externally to PSTN, an administrator can apply a special voice policy to deploy this
restriction.
• Call via Work. This is a new feature in Skype for Business Server. When a user places a call from a
Skype for Business client, the call routes from the Skype for Business Server to the caller’s PBX or PSTN
phone. After the caller answers the phone, the call is made to the destination number. Skype for
Business Server continues serving as the control panel.
• Caller ID. Skype for Business Server provides an administrator the flexibility to modify the format of
the calling party’s phone number. This caller ID presentation feature enables an administrator to
modify the calling party’s phone number to a dialing format that the trunk peer understands, if
necessary. Additionally, delegates can now set up simultaneous ringing to their mobile devices for
incoming calls to their managers. This provides delegates with more flexibility, enabling them to
answer calls on behalf of their managers, without requiring a desk phone.
• Voicemail. If you plan to deploy Exchange Server in the organization, you can use Exchange Server
UM features to provide voicemail to Enterprise Voice users.
• Voicemail Escape. Skype for Business Server provides Voice Mail Escape, an enhancement for
managing voicemail. You can use the feature to detect when a call has routed to voicemail, and you
can prevent the call from immediately routing to a user’s mobile phone voicemail without giving the
user the opportunity to answer the call. This scenario occurs when a user enables simultaneous
ringing on his or her mobile phone, and his or her mobile phone is off, out of battery power, or out of
range. Voicemail Escape detects that the user’s mobile phone voicemail immediately answered the
call, and it disconnects the call to the mobile phone voicemail. The call continues to ring on the user’s
other endpoints, giving the user the opportunity to answer the call. If the user does not answer the
call, the call routes to the organization’s voicemail.
• M:N trunk support. For high availability, Mediation Servers can route calls through multiple gateways,
and multiple Mediation Servers in the pool can integrate with multiple gateways.
• Response Group application. This application manages calls in scenarios like customer service, an
internal help desk, or general telephone support for a department.
• Enterprise Voice. Enterprise Voice is now available in the cloud.
• Media bypass. By enabling media bypass, you can reduce audio latency, eliminate unnecessary codec
translations, and reduce the number of hops. Overall, these benefits will help improve VoIP quality.
The only requirements for this feature is that the Mediation Server's next hop must be able to handle
multiple forked responses during the media bypass session, and the Mediation Server must be able to
accept media traffic directly from a Skype for Business client.
• Audio/video support in a Virtual Desktop Infrastructure environment. The local computer directly
captures audio/video.
• Branch site resiliency. With a Survivable Branch Appliance or Survivable Branch Server, the Enterprise
Voice service can remain available for users in a branch site during a loss of connectivity to the central
site.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 1-11
• Mobile device support. Mobile devices support some Enterprise Voice features, such as click to join a
conference, Call via Work, single number reach, voicemail, and missed calls. You can also support
external access from mobile devices over Enterprise Voice.
Question: What is media bypass and what are the benefits to enabling this setting in a Skype
for Business Server deployment?
SIP definition
The abstract of RFC 3261 defines SIP as an application-layer control or signaling protocol for creating,
modifying, and terminating sessions between one or more participants. These sessions include Internet-
based telephone calls, multimedia distribution, and multimedia conferences. You can use SIP to set up
media sessions of any kind (not just telephony), modify current sessions, and then terminate the
connections after the sessions are complete. For example, a participant can start an IM session with
another participant, add audio and then video to the existing call, and finally terminate it. There is more
to SIP than just handling media; you can extend SIP to perform multiple tasks. For example, SIP can
manage the publishing and requesting of presence information and the delivery of IMs.
Because of the dynamic evolution of UC, Skype for Business Server and similar products are not based on
RFC 3261 only, but also on the 200 or more IETF Internet drafts and proposed standards, and SIP-related
RFCs. UC products are based on a range of these RFCs. The following table describes some drafts and
standards on which Skype for Business Server is built.
RFC/draft Description
RFC 2782 This is a DNS resource record for specifying the location of services, for
example, DNS service (SRV) resource records. It locates servers and services in
Skype for Business Server.
RFC 3428 This relates to the SIP for IM and presence-leveraging extension for IM
conferencing.
RFC 3966 This relates to the Uniform Resource Identifier for telephone numbers. It
defines how phone numbers should be represented in SIP communications.
RFC 5239 This is a framework for centralized conferencing, and it is the architecture
behind A/V conferencing and web conferencing in Skype for Business Server.
MCT USE ONLY. STUDENT USE PROHIBITED
1-12 Design and Architecture of Skype for Business Server 2015
RFC/draft Description
RFC 6336 This relates to Information and Content Exchange (ICE), a protocol for
network address translation traversal for offer/answer. These Internet drafts
for ICE are used in Office Communications Server 2007, Office
Communications Server 2007 R2, Lync Server 2013, and Skype for Business
Server.
There are many more RFCs. If you are interested in knowing more about standard and non-standard
protocols and their uses, you can read the Office protocol documents on the Microsoft website.
Office Protocols
http://aka.ms/otsij7
Demonstration Steps
1. Sign in to the LON-SFB1 virtual machine with the following credentials:
o Password: Pa$$word
2. From the Start screen, click the Down arrow button, and then click to open Skype for Business
Server 2015, Planning Tool.
3. In the Welcome to the Skype for Business Server 2015, Planning Tool window, click Get Started.
4. In the Welcome to the Skype for Business Server 2015, Planning Tool Wizard, select the following
features, and then click Design Sites:
o High Availability
5. In Design Sites, set the following options, and then click Draw:
Lesson 2
Introduction to the Skype for Business Administrative
Tools
Skype for Business administrative tools install by default on every Skype for Business Server Front
End Server and Director, and optionally on other server roles or computers that provide dedicated
administrative consoles. The administrative tools consist of the Skype for Business Server Deployment
Wizard, the Skype for Business Server Topology Builder, Skype for Business Server Control Panel, the
Skype for Business Server Management Shell, and the Skype for Business Server Centralized Logging
Service.
Lesson Objectives
After completing this lesson, you will be able to:
• Describe and explain how to use the Skype for Business Deployment Wizard.
• Describe how to install and configure the Skype for Business Topology Builder.
• Describe the purpose of the Skype for Business Server Centralized Logging Service.
• Install or Update Skype for Business Server System. The wizard installs or updates the appropriate
server roles and core components of Skype for Business Server on the server in a multiple-step
process. The wizard also installs a local configuration store database on the server, which is a read-
only replica of the Central Management store. This process allows you to install or assign any required
certificates for Skype for Business Server.
• Prepare first Standard Edition server. Optionally, if you deploy a Skype for Business Server
Standard Edition server, this process will prepare the first server in your deployment for hosting the
Central Management store.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 1-15
• Install Administrative Tools. By default, Skype for Business administrative tools install on every
Skype for Business Server Front End Server and Director, and optionally on other server roles or
computers that provide dedicated administrative consoles. The administrative tools consist of the
following:
o Skype for Business Server Deployment Wizard. Use this to deploy the components of the Skype
for Business Server environment.
o Skype for Business Server Topology Builder. Use this to define components like server roles in
your Skype for Business Server deployment.
o Skype for Business Server Control Panel. Use this for ongoing, daily management of your Skype
for Business Server environment through a web-based interface.
o Skype for Business Server Management Shell. Use this for ongoing, daily management of your
Skype for Business Server environment at the command line.
o Skype for Business Server Centralized Logging Service. Use this to troubleshoot problems in your
Skype for Business Server environment.
• Deploy Monitoring Reports. Optionally, if a Skype for Business Server deployment requires
reporting on CDR and Quality of Experience data, this process will install a set of standard reports that
SQL Server Reporting Services publishes.
• Media Quality Dashboard. A new feature, the Media Quality Dashboard, provides similar data about
CDR media quality in a graphical dashboard.
• First Run Videos. Provides links to online videos to assist with a Skype for Business Server
deployment.
• Documentation. Provides links to online content to assist with a Skype for Business Server
deployment, planning, and operations.
• Tools and Resources. Provides links to online tools and resources to assist with the management of a
Skype for Business Server deployment.
• Prepare AD DS.
Demonstration Steps
1. Sign in to the LON-SFB1 virtual machine with the following credentials:
o Password: Pa$$w0rd
2. Open the deployment wizard.
4. Review the Install or Update Skype for Business Server System option.
MCT USE ONLY. STUDENT USE PROHIBITED
1-16 Design and Architecture of Skype for Business Server 2015
Some of the available options in Skype for Business Server Topology Builder include:
• Upgrade to Skype for Business Server 2015. This is a new feature. You can use Skype for Business
Server Topology Builder to upgrade an existing Lync 2013 deployment.
• Define and configure central sites. Often referred to as a datacenter, a central site includes one or
more Skype for Business Server front-end pools or a Skype for Business Server Standard Edition
server. Sites in Skype for Business Server are not based on Active Directory sites. All front-end pools
and Standard Edition servers in a site can share these common components:
o Director pool
o Mediation pool
o Edge pool
o Monitoring
o Archiving
• Define and configure a Skype for Business Server front-end pool. Includes one or more Skype for
Business Server Front End Servers.
• Define and configure a Skype for Business Server Standard Edition server. Includes one or more
Skype for Business Server Standard Edition servers.
• Define and configure a Skype for Business Server Director pool. Includes one or more Skype for
Business Server Directors.
• Define and configure a Skype for Business Server Mediation pool. Includes one or more Skype
for Business Server Mediation Servers.
• Define and configure a Skype for Business Server Edge pool. Includes one or more Skype for
Business Server Edge Servers.
• Define and configure a Skype for Business Server Persistent Chat pool. Includes one or more
Skype for Business Server Persistent Chat servers.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 1-17
• Define and configure trusted application servers. One or more trusted application servers that
Skype for Business Server trusts. Trusted application servers use an application that is based on the
UC Managed API (UCMA) 3.0 core software development kit (SDK), such as Exchange Server 2013.
For more information about UCMA applications, refer to the following website.
UC Managed API 3.0 core SDK documentation
http://aka.ms/ebykkp
o SQL Server stores. One or more Skype for Business Server Back End Server databases.
o File stores. One or more file shares that store replication data, the Address Book, and conference
content for Skype for Business Server.
o PSTN gateways. One or more peers that provide PSTN connectivity to the Skype for Business
Server Mediation Servers.
o Trunks. One or more peers that provide SIP connectivity to the Skype for Business Server
Mediation Servers.
o Microsoft Office Online servers. One or more Microsoft Office Online servers that stream
Microsoft PowerPoint presentations to Skype for Business Server web conference meetings.
• Define and configure branch sites. One or more remote branch sites. Each branch site must be
associated with a parent central site and have one or more of these components: IP/PSTN gateway,
Mediation Server role, or Survivable Branch Appliance.
• Merge using the Topology Builder Merge Wizard. The Skype for Business Server Topology Builder
Merge Wizard enables integration with legacy versions of Skype for Business Server.
3. Switch to NYC-SQL3.
4. On NYC-SQL3, create a file share for Skype for Business Server by using the following settings:
o Share permissions: Administrators group should be the owner, and the administrator should have
Read/Write permissions.
5. On LON-SFB1, use the topology builder to create a new central site with the following information:
o Name: New York
o Features: Conferencing
MCT USE ONLY. STUDENT USE PROHIBITED
1-18 Design and Architecture of Skype for Business Server 2015
6. In Topology Builder, on LON-SFB1, right-click the newly created New York site, and then publish the
topology. After publishing is complete, review the log files as needed.
Note: When you publish the topology, you may receive a status of Completed with
warnings for the step Creating Database NYC-SQL3.adatum.com\Default.
To configure settings by using Skype for Business Server Control Panel, you must sign in by using an
account that is assigned to the CsAdministrator role. To configure settings by using Skype for Business
Server Control Panel, you must use a computer with a minimum screen resolution of 1024 × 768.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 1-19
• Centralized Logging Service controller. The Centralized Logging Service controller sends Start, Stop,
Flush, and Search commands to the Centralized Logging Service agents on all the Skype for Business
Servers in a specified pool. In previous versions of Lync Server, you would use a command-line tool
called ClsController.exe to control the Centralized Logging Service agents on the servers. In Skype for
Business Server, you can use Skype for Business Server Centralized Logging Service cmdlets to run
debug sessions on any server role in Skype for Business Server. Windows PowerShell cmdlets send the
commands through a dynamic-link library called ClsControllerLib.dll. Most of the configurable set of
features for Centralized Logging Service are available via the Skype for Business Server Management
Shell. These features allow you to configure and define new scenarios that target the problem space,
custom flags, and logging levels.
Some of these targeted scenarios include protocol messages from the server and client, such as SIP and
HTTP, for troubleshooting authentication issues, CDRs from the Monitoring Server for troubleshooting call
failures, or conference details for troubleshooting online meetings.
During a log search, the ClsController decides to which computer that is running Skype for Business Server
it should send the request, based on the search scenario. After completing the search, the ClsController
receives the results and merges them into a single-ordered result.
MCT USE ONLY. STUDENT USE PROHIBITED
1-20 Design and Architecture of Skype for Business Server 2015
Snooper
If a Skype for Business Server administrator exports ClsController results to a text file, you can open this
file by using Notepad or Snooper. Snooper is a troubleshooting tool that assists in finding and analyzing
Skype for Business Server debugging information. You can download this tool as part of the Skype for
Business Server Debugging Tools from the Microsoft website.
Question: What are some benefits of using the Centralized Logging Service over its
predecessor, OCSLogger?
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 1-21
Objectives
After completing this lab, you will be able to:
Lab Setup
Estimated Time: 30 minutes
Virtual machines: 20334B-LON-DC1, 20334B-LON-RTR, 20334B-LON-SQL1, 20334B-LON-SFB1,
20334B-LON-SFB2, 20334B-NYC-SFB3, and 20334B-NYC-SQL3.
For this lab, you will use the available virtual machine environment. Before beginning the lab, you must
complete the following steps:
1. On the host computer, start Hyper-V Manager.
2. In Hyper-V Manager, click 20334B-LON-DC1, and then in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts.
o Password: Pa$$w0rd
o Domain: Adatum
• You must enable all New York users for IM, presence, and audio and video conferencing.
• Although there is an Internet connection in New York, there are no plans to implement Internet
access to the Skype for Business infrastructure in New York.
• A server that is running SQL Server 2014 deployed in New York, and it has available capacity.
• The organization is still evaluating various high availability and disaster recovery options for Skype for
Business. The organization has set a goal that all critical IT services, including Skype for Business, will
be highly available.
The main tasks for this exercise are as follows:
1. Plan for the New York Skype for Business Server deployment.
3. Design a topology.
Task 1: Plan for the New York Skype for Business Server deployment
Review the information in the exercise scenario, and then answer the following questions:
1. What type of Skype for Business Server will you deploy in New York?
2. What server roles in Skype for Business Server will you deploy in New York?
3. What would you need to change in your plan to enable high availability?
2. In the Welcome to the Skype for Business Server 2015, Planning Tool window, click Get Started.
3. In the Welcome to the Skype for Business Server 2015, Planning Tool Wizard, select the following
features, and then click Design Sites:
o Audio/Video Conferencing
o Web Conferencing
o High Availability
4. In Design Sites, configure the following options, and then click Draw:
Results: After completing this exercise, you should have identified the necessary servers and configuration
for the workloads that A. Datum plans to deploy in New York.
o Share permissions: Administrators group should be the owner, and the administrator should have
Read/Write permissions.
2. On LON-SFB1, use the topology builder to create a new central site with the following information:
o Features: Conferencing
o Collate Mediation Server: Selected
MCT USE ONLY. STUDENT USE PROHIBITED
1-24 Design and Architecture of Skype for Business Server 2015
Note: When you publish the topology, you may receive a status of Completed with
warnings for the step Creating Database NYC-SQL3.adatum.com\Default.
Results: After completing this exercise, you should have added the required servers and configuration to
the topology based on your design of the Skype for Business deployment in the New York site.
Question: Which tool would you use to prepare Active Directory and to install the
administrative tools?
Question: Which Skype for Business Server administrative tools do you install when you run
Setup.exe the first time?
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 1-25
Review Question
Question: After publishing the topology, what should you do before clicking Finish in the
publishing wizard?
Answer: They should deploy Enterprise Edition first to host the Central Management store. If they plan to
start a pilot with Standard Edition, they first need to prepare the Standard Edition server to host the
Central Management store, and then move it.
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED
2-1
Module 2
Installing and Implementing Skype for Business Server 2015
Contents:
Module Overview 2-1
Lab A: Configuring DNS and Simple URLs for Skype for Business Server 2-17
Lesson 4: Integrating Skype for Business Server with Exchange Server and
SharePoint Server 2-27
Module Overview
Skype for Business Server 2015 provides several enhanced features. To take full advantage of this
potential, you must understand the core dependencies, deployment options, and integration offerings
and how these relate to your organizational demands. This understanding will help you deploy a
successful Skype for Business Server implementation that meets organizational and user needs.
Objectives
After completing this module, you will be able to:
• Identify the Session Initiation Protocol (SIP) domain requirements to ensure a successful
implementation.
• Describe how Skype for Business Server integrates with Microsoft Exchange Server and Microsoft
SharePoint Server.
MCT USE ONLY. STUDENT USE PROHIBITED
2-2 Installing and Implementing Skype for Business Server 2015
Lesson 1
Server and Service Dependencies
Before you begin designing your Skype for Business Server deployment, you must understand the server
and service dependencies of Skype for Business Server. This includes the requirements for Active Directory
Domain Services (AD DS), Domain Name System (DNS), certificates, and Microsoft SQL Server. With this
knowledge, you will have the necessary foundation to build a successful Skype for Business Server
infrastructure.
Lesson Objectives
After completing this lesson, you will be able to:
Role of AD DS
Although the Skype for Business Server Central
Management store stores most configuration data,
AD DS stores many global settings and other
configuration data. These settings and data are
necessary for the deployment and management of
Skype for Business Server. Skype for Business Server
relies on AD DS to store:
• Schema extensions for Microsoft Lync Server 2013 and Lync Server 2010 to maintain backward
compatibility with previous supported versions.
• User SIP Uniform Resource Identifier (URI), phone number, and other user settings.
• Contact objects for applications (for example, the Response group application and the Conferencing
Attendant application).
• Data published for backward compatibility (for example, a small version of a photograph is written to
the thumbnailPhoto attribute in AD DS).
AD DS also provides support for Skype for Business Server user authentication.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 2-3
Supported AD DS topologies
Although organizations might deploy AD DS in a variety of ways, Skype for Business Server supports the
following AD DS topologies:
• Multiple forests in a Skype for Business resource forest topology with Microsoft Exchange Online
• Multiple forests in a resource forest topology with Skype for Business Online and Microsoft Azure
Active Directory Connect
Note: If your organization is running in a resource forest model, you should deploy
Microsoft Identity Manager 2016 or similar directory synchronization software to support your
forest model.
You must raise all the forests in which you deploy Skype for Business Server to a forest functional
level of Windows Server 2003 or higher. You must raise all the domains in which you deploy
Skype for Business Server to a domain functional level of Windows Server 2003 or higher. You can
deploy read-only domain controllers as part of AD DS if there are writable domain controllers.
Note: The minimum version of Windows Server 2003 ensures that all AD DS domain
controllers can utilize Linked Value Replication, which is the replication mechanism introduced
with Windows Server 2003.
MCT USE ONLY. STUDENT USE PROHIBITED
2-4 Installing and Implementing Skype for Business Server 2015
• Enable unified communications (UC) devices that are not signed in to discover the Front End pool or
the Standard Edition server running the Device Update web service to obtain updates and send logs.
• Enable external UC devices to connect to Device Update web service through Edge Servers or the
HTTP reverse proxy and obtain updates.
• Provide DNS load balancing.
Note: Skype for Business Server does not support internationalized domain names (IDNs),
which are DNS names with non-English characters.
DNS records
The following table describes the DNS records that you create and publish to a DNS service within the
corporate network for the domain name adatum.com.
You will learn more about simple URLs later in this lesson.
When you deploy Skype for Business Server for external access, you also have to configure DNS records
for external access. Module 8, “Deploying Skype for Business 2015 External Access,” will provide more
details about this.
Demonstration Steps
1. Sign in to LON-DC1 as adatum\administrator with the password Pa$$w0rd.
o IP: 172.16.10.20
MCT USE ONLY. STUDENT USE PROHIBITED
2-6 Installing and Implementing Skype for Business Server 2015
o Name: _sipinternaltls._tcp.Adatum.com
o Port: 5061
o Weight: 10
o Host: NY-pool.Adatum.com
Note: When deploying an internal CA to issue private certificates, a key item that you must
configure is the certificate revocation list (CRL) download location. When deploying public
certificates, you need to consider CRL download locations and root certificate support.
When you request certificates for Skype for Business Server, ensure that they meet the following
certificate requirements:
• All server certificates must support server authorization (Server enhanced key usage).
• All server certificates must contain a certificate revocation list distribution point (CDP).
• All certificates must be signed by using a signing algorithm that the operating system supports.
Skype for Business Server supports the Secure Hash Algorithm 1 (SHA-1) and SHA-2 suite of digest
sizes (224-bit, 256-bit, 384-bit, and 512-bit). These types of certificates meet or exceed most current
operating system requirements.
• Auto enrollment is supported for internal servers running Skype for Business Server.
• Auto enrollment is not supported for Skype for Business Server Edge Servers.
• Key lengths of 1,024, 2,048, and 4,096 are supported. Microsoft recommends key lengths of 2,048
and greater.
• The default digest, or hash signing, algorithm is RSA. The ECDH_P256, ECDH_P384, and ECDH_P521
hash algorithms are also supported.
Note: After a certificate is renewed automatically, you have to assign the new certificate to
the appropriate Skype for Business Server service.
• Enables TLS and mutual TLS connections to multiple SIP domain names (for example, sip.adatum.com
and sip.contoso.com).
• Enables TLS and mutual TLS connections to multiple host names (for example, meet.adatum.com and
dial-in.adatum.com).
• Provides wildcard support for multiple host names in a domain name (for example, *.adatum.com).
MCT USE ONLY. STUDENT USE PROHIBITED
2-8 Installing and Implementing Skype for Business Server 2015
The following Skype for Business Server 2015 server roles can use certificates with SAN:
• Directors
• Edge Servers
• Mediation Servers
The Central Management store is included in the xds database on the Back End Servers. The xds database
is contained within the SQL Server instance, RTC. Each Skype for Business Server 2015 Front End server
contains replicas, Microsoft SQL Server Express databases, which are a copy of the complete topology
from the Central Management store databases in the two SQL Server instances, LYNCLOCAL and
RTCLOCAL. Therefore, when a server starts and finds that its configuration replica is current, it does not
require a connection with any root forest global catalog or domain controller server to start its services.
Moreover, if the Central Management store database is offline, each Skype for Business Server 2015 Front
End server role will use the data from its local replica, which results in more resiliency.
In most environments, the databases deployed in Skype for Business Server include:
• Xds. This is the main database of Skype for Business Server and is part of the Central Management
store, which maintains the topology information, policies, and configuration. The Front End Servers
maintain a read-only copy of the xds database from the Back End database server in the SQL Server
instance, RTCLOCAL.
• Cpsdyn. This database maintains the dynamic information database for the Call Park application.
• Rgsconfig. This database maintains the response group configuration service data file.
• Rgsdyn. This database maintains the runtime data for the response group configuration service data
file.
• Lcslog. This database maintains the data file that stores instant messaging and conferencing data on
an archiving server.
• QoE. This database maintains the Quality of Experience (QoE) data to provide Skype for Business
Server users with the best communication experience.
• Rtc. This database stores persistent user data such as the contact list, scheduled conferences, and
access control lists.
• Rtcdyn. This database maintains dynamic user data such as Presence, within the SQL Server instance
RTCLOCAL, on the Front End Servers.
• Lyss. Lync Storage Service (LYSS) is a storage framework in Skype for Business Server 2015 that
replaces Microsoft Message Queueing (MSMQ). This framework is used by different LYSS consumers
for accessing storage platforms in your Skype for Business Server 2015 system. To support high
availability, LYSS accepts and saves copies of the data to the lyss databases on the Front End Servers
in the pool temporarily. LYSS removes the data from the lyss databases after the data is delivered to
the final long-term storage location, such as SQL Server or Exchange Server. The type of data that the
lyss database temporarily stores includes archiving, for Exchange Server and SQL Server, and the
unified contact store, for Exchange Server.
You are the Skype for Business administrator for your company, A. Datum Corporation. Your
company uses the SIP domain named adatum.com. Which of these URLs are simple URLs in your
Skype for Business Server environment?
admin.adatum.com
pool.adatum.com
dial-in.adatum.com
lyncdiscoverinternal.adatum.com
meet.adatum.com
MCT USE ONLY. STUDENT USE PROHIBITED
2-10 Installing and Implementing Skype for Business Server 2015
Which of the following is an example of a SRV record in Skype for Business Server?
_sip.adatum.com
_sipinternaltls._tcp.adatum.com
sip.adatum.com
Sip._tls.adatum.com
Question: What support does Skype for Business Server have for wildcard certificates?
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 2-11
Lesson 2
Planning SIP Domains
A Skype for Business Server design contains various components. Before you begin deploying
Skype for Business Server, you should review your organization’s infrastructure to assess SIP domain
requirements for design documentation. This will help you to plan, design, and implement
Skype for Business Server so that it works well for your organizational needs.
Lesson Objectives
After completing this lesson, you will be able to:
• Describe how Skype for Business Server supports organizations with multiple SIP domains.
• Describe the need for a single SIP URI in Skype for Business Server.
The following are the three simple URLs that Skype for Business Server communications software supports.
In most environments, these URLs will include the SIP domain name:
• meet. It is the base URL for all conferences in the site or organization. You can define a different meet
URL per SIP domain.
• dial-in. It enables access to the Dial-in Conferencing Settings webpage. This page displays conference
dial-in numbers with their available languages, assigned conference information, and in-conference
dual-tone multi-frequency signaling (DTMF) controls. This simple URL supports management of PIN
and assigned conferencing information.
• admin. It enables quick access to the Skype for Business Server Control Panel. The design for simple
URLs also applies to the admin URL. This simple URL is for internal use only.
MCT USE ONLY. STUDENT USE PROHIBITED
2-12 Installing and Implementing Skype for Business Server 2015
By using a split-brain DNS, you can host a DNS zone on various networks with different DNS records.
Therefore, the FQDN can point the Internet to your reverse proxy, but the same FQDN points to the pool
in your internal deployment.
The following are some options that you can consider when you decide to support multiple SIP domains
in your Skype for Business Server deployment.
There are three recommended options for naming your simple URLs. The option you choose has
implications on how you set up your DNS A records and certificates, which support simple URLs. In each
option, you must configure one meet simple URL for each SIP domain in your organization. You always
need just one simple URL in your whole organization for dial-in and one for admin, no matter how many
SIP domains you have. The three recommended options are:
• Option 1. You create a new SIP domain name for each simple URL. If you use this option, you need a
separate DNS A record for each simple URL, and you must include each simple URL on the SAN of
your certificates.
dial-in https://dial-in.contoso.com
admin https://admin.contoso.com
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 2-13
• Option 2. Simple URLs are based on the domain name lync.contoso.com. Therefore, you need only
one DNS A record, which enables all three types of simple URLs. This DNS A record references
lync.contoso.com. Additionally, you still need separate DNS A records for other SIP domains in your
organization.
Simple
Example
URL
dial-in https://lync.contoso.com/dial-in
admin https://lync.contoso.com/admin
• Option 3. This option is most useful if you have many SIP domains, and you want them to have
separate meet simple URLs, but want to minimize the DNS record and certificate requirements for
these simple URLs.
Simple
Example
URL
meet https://lync.contoso.com/contosoSIPdomain/meet
https://lync.contoso.com/fabrikamSIPdomain/meet
dial-in https://lync.contoso.com/dial-in
admin https://lync.contoso.com/admin
Certificate options
The complexity for certificates within your Skype for Business Server deployment increases when
Skype for Business Server hosts more than one SIP domain. This is because each SIP domain must be
present in each certificate. However, not all URLs in your Skype for Business Server deployment need to be
included in the SAN for each hosted SIP domain.
For example, the web conferencing service on your Skype for Business Server Edge Server is an
independent service that does not have to be tied to a hosted SIP domain. The dial-in URL in your
Skype for Business Server deployment is a global URL for all your SIP domains and does not require a SAN
for each hosted SIP domain. However, all of the other URLs in your Skype for Business Server deployment
are unique to each hosted SIP domain and therefore need to be included in the SAN.
MCT USE ONLY. STUDENT USE PROHIBITED
2-14 Installing and Implementing Skype for Business Server 2015
• Determine how to choose the SIP address for users who have different email addresses, for example,
claus.hansen@contoso.com, claush@contoso.com, and claus@contososales.com.
You can ensure that there is a single SIP domain in a Skype for Business Server deployment by planning
thoroughly and determining effective methods to collate existing domain names. For example, you can
identify the SMTP domain names to determine the required SIP domains by using a Windows PowerShell
script.
The following code example shows how you can gather SMTP domains that are currently in use in the
organization from Exchange Server:
By designing the namespace around a single public domain name, you will simplify both the certificate
requirements and DNS configuration.
Simple URLs share the reverse proxy listener with other web services by using host header information;
this information can only be read if a successful TLS connection between the client and the proxy is
established. This is why all names for web services need to be on the subject alternative name list on the
certificate or represented by a wildcard certificate for the domain portion of the FQDN. For example,
dialin.adatum.com and meet.adatum.com could both use *.adatum.com.
You are the Skype for Business administrator for your company, A. Datum. Your company uses the
SIP domain named adatum.com. Your company merged with Contoso, Ltd., which uses the SIP
domain named contoso.com. You need to plan the simple URLs of your Skype for Business Server
infrastructure to support both SIP domains. Which of the following simple URLs should you
choose?
meet.adatum.com
meet.contoso.com
dial-in.adatum.com
dial-in.contoso.com
admin.adatum.com
meet.adatum.com
meet.contoso.com
dial-in.adatum.com
admin.adatum.com
meet.adatum.com
dial-in.adatum.com
dial-in.contoso.com
admin.adatum.com
meet.adatum.com
dial-in.adatum.com
admin.adatum.com
MCT USE ONLY. STUDENT USE PROHIBITED
2-16 Installing and Implementing Skype for Business Server 2015
You are the Skype for Business administrator for A. Datum. Your company uses the SIP domain
named adatum.com. Your company merged with Contoso, which uses the SIP domain name of
contoso.com. The management wants you to minimize the certificate requirements. You need to
plan the simple URLs of your Skype for Business Server infrastructure to support both SIP
domains.
Which of the following simple URLs should you choose?
skype.adatum.com/meet
skype.contoso.com/meet
skype.adatum.com/dial-in
skype.adatum.com/admin
meet.adatum.com
dial-in.adatum.com
admin.adatum.com
skype.adatum.com/adatum.com/meet
skype.adatum.com/contoso.com/meet
skype.adatum.com/dial-in
skype.adatum.com/admin
meet.adatum.com
meet.contoso.com
dial-in.adatum.com
admin.adatum.com
skype.adatum.com/adatum.com/meet
skype.contoso.com/contoso.com/meet
skype.adatum.com/dial-in
skype.adatum.com/admin
Question: How is the SIP URI different from the mail URI?
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 2-17
Objectives
After completing this lab, you will be able to:
• Create the required DNS records for the deployment of Skype for Business Server in New York and for
the simple URLs.
Lab Setup
Estimated Time: 30 minutes
Password: Pa$$w0rd
For this lab, you will use the available virtual machine environment. Before you begin the lab, complete
the following steps:
1. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2. In Microsoft Hyper-V Manager, click 20334B-LON-DC1, and then in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts.
o Password: Pa$$w0rd
o Domain: Adatum
Exercise 1: Configuring the Required DNS Records and Simple URLs for
Skype for Business Server
Scenario
A. Datum wants you to create the necessary DNS records to enable the sales users in the New York site
with Instant Messaging, Presence, and Audio and Video Conferencing. In addition, you need to create the
DNS records for the simple URLs and update the topology with the simple URLs.
1. Create the required DNS records for Skype for Business Server.
Task 1: Create the required DNS records for Skype for Business Server
• On LON-DC1, open DNS Manager and create the following internal DNS records for
Skype for Business Server:
o A Records:
Name: NY-pool.Adatum.com, NY-webint.Adatum.com, dialin.Adatum.com,
meet.Adatum.com
IP: 172.16.10.20
o SRV Record:
Name: _sipinternaltls._tcp.Adatum.com
Port: 5061
Weight: 10
Host: NY-pool.Adatum.com
Results: After completing this exercise, you will have created the required Domain Name System (DNS)
records to support the workloads that A. Datum Corporation plans to deploy in New York and to support
the simple URLs.
Question: Why do some SRV records reference port 5061 and others reference port 443?
MCT USE ONLY. STUDENT USE PROHIBITED
2-20 Installing and Implementing Skype for Business Server 2015
Lesson 3
Installing Skype for Business Server
As you progress to the deployment of Skype for Business Server, you will need to coordinate the
deployment activities among various teams. This will include discussions with your network team for
internal and external DNS requirements, with your security team for certificate requirements, and with
your infrastructure team for SQL requirements. Even if these roles overlap, the deployment phase will
require good coordination to be successful.
Lesson Objectives
After completing this lesson, you will be able to:
• Describe how to request and assign certificates for Skype for Business Server Front End Servers.
• Describe the considerations for planning the SQL databases required for Skype for Business Server
Back End Servers.
In Skype for Business Server Enterprise Edition, you must prepare the Back End Server with SQL Server
before you publish the topology, because it provides the database services for the Central Management
store and for the Front End pool. You will learn about preparing the Back End Server later in this lesson.
You can find the steps prior to installing Skype for Business Server in Module 1, “Design and Architecture
of Skype for Business Server 2015.”
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 2-21
4. Start services.
5. Verify that services have started (optional).
During the installation of the local configuration store, the bootstrapper, or setup routine, retrieves a
reference of a service control point object from AD DS. This object points the setup to the Central
Management Database. The bootstrapper installs an instance of SQL Server Express, called RTCLOCAL,
and the core Skype for Business Server components. Next, the bootstrapper instantiates the local Central
Management store replica by importing the configuration from the Central Management store database
and then replicating the database data. When the setup completes, you should review the log files to
verify successful completion.
During the setup of Skype for Business Server components, the bootstrapper performs a prerequisite
check before installing additional components. These components include a second SQL Server Express
instance, called LyncLocal, and additional Windows Speech Recognition components and foreign
language packs. After the prerequisite check, the installation of the Skype for Business Server components
starts. These components include the services and server roles on the Skype for Business Server Front End
Server, such as Audio/Video Conferencing Server and Mediation Server. After the install, you should
review the log files to verify successful completion.
Note for the operating system support: Although Windows Server 2008 R2 is still supported, Microsoft
recommends using Windows Server 2012 R2 for all new servers for Skype for Business. You should use
Windows Server 2008 R2 only when you have existing servers with Lync Server 2013 already installed, and
you intend to do an in-place upgrade. Windows Server 2008 R2 reached the end of the mainstream
support lifecycle on January 13, 2015.
Demonstration Steps
• Perform the following steps in the Skype for Business Server Deployment Wizard:
You can use the certificate wizard to generate a certificate request. The following is a list of the required
subject names and SANs for the Skype for Business Server Front End Server. You will learn about the
certificate requirements for other Skype for Business Server 2015 server roles in later modules.
The certificate request for the OAuth certificate is only necessary during setup of the first
Skype for Business Server 2015 server. Because server-to-server mutual TLS communications require
this certificate, it is downloaded automatically during the installation of the local configuration store
for each subsequent Skype for Business Server 2015 server.
After you request the certificates, you should review the log files to verify successful completion.
Demonstration Steps
Perform the following steps by using the Skype for Business Server Deployment Wizard:
1. On NYC-SFB3, on the Skype for Business Server 2015 - Deployment Wizard page, next to Step 3:
Request, Install or Assign Certificates, click Run.
2. Request a default certificate for Skype for Business Server by entering the following information in the
Certificate Wizard dialog box:
o CA: LON-DC1.Adatum.com/AdatumCA
o Organization: A Datum
o Organizational Unit: IT
3. Assign a default Skype for Business Server certificate to the following services:
o Server Default
Although database mirroring is the only high-availability option that you can configure in the Topology
Builder, Skype for Business Server supports the following SQL Server high-availability options:
• Database mirroring. When you deploy synchronous database mirroring in a Skype for Business Server
Front End pool, all of the databases in the pool are mirrored. This includes the Central Management
store, if it is located in this pool, and the Response Group application database and the Call Park
application database, if these applications are running in the pool. With database mirroring, you do
not need to use shared storage for the servers, because each server keeps a copy of the databases in
the local storage. Asynchronous database mirroring is not supported for Back End Server high
availability in Skype for Business Server.
• AlwaysOn Availability Groups. Only SQL Server 2014 Enterprise Edition and SQL Server 2012
Enterprise Edition support AlwaysOn Availability Groups. Skype for Business Server supports AlwaysOn
Availability Groups only as active/passive and not active/active. To use AlwaysOn Availability Groups,
you first use SQL Server to set up and configure the high-availability solution. You can then use
Topology Builder to associate it with a Front End pool.
• AlwaysOn failover cluster instances. Only SQL Server 2014 Enterprise Edition and SQL Server 2012
Enterprise Edition support AlwaysOn failover cluster instances. Skype for Business Server supports
AlwaysOn Availability Groups only as active/passive and not active/active. To use AlwaysOn failover
cluster instances, you first use SQL Server to set up and configure the high-availability solution. You
can then use Topology Builder to associate it with a Front End pool.
• SQL Server failover clustering. You can implement a second layer of failover at the server layer by
deploying SQL Server failover clustering. To deploy SQL Server failover clustering, you should
configure the SQL Server cluster before deploying your Front End pool.
With Skype for Business Server, you can collocate each of the following databases on the same database
server:
• Back-end database. This database stores the topology of the Central Management store.
• Monitoring database. This database stores users’ communication sessions, including call detail
recording data and QoE data.
• Archiving database. This database stores content from Skype for Business Server peer-to-peer IM,
conferences, whiteboards, and polls, if you have enabled an archiving policy. Persistent Chat content
is not archived in the archiving database.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 2-25
• Persistent Chat database. This database stores Persistent Chat room content and other system
metadata, such as authorization rules.
• Persistent Chat compliance database. This database is responsible for archiving Persistent Chat
content and events, such as joining and leaving rooms. This database is typically deployed if your
organization has regulations that require Persistent Chat activity to be archived.
You can collocate any or all of these databases on a single instance of SQL Server or use a separate
instance of SQL Server for each, with the following limitations:
• Each instance of SQL Server can contain only a single back-end database, a single monitoring
database, a single archiving database, a single Persistent Chat database, and a single Persistent Chat
compliance database.
• The database server can support one Front End pool, one archiving deployment, and one monitoring
deployment, but it cannot support more than one of each, regardless of whether the databases use
the same instance of SQL Server or separate instances of SQL Server.
What are the names of the SQL Server database instances that are installed on the
Skype for Business Server Front End Servers?
RTC
RTCLOCAL
LyncLocal
LyncRTC
SkypeLocal
MCT USE ONLY. STUDENT USE PROHIBITED
2-26 Installing and Implementing Skype for Business Server 2015
Which of the following options represents the correct order of steps for preparing and installing
Skype for Business Server?
Lesson 4
Integrating Skype for Business Server with Exchange
Server and SharePoint Server
A Skype for Business Server design might also contain other systems that are outside of the
Skype for Business Server product. These systems can include Exchange Server and SharePoint Server.
Before you begin deploying Skype for Business Server, you should assess the requirements for Exchange
Server integration, Skype for Business client integration, SharePoint Server integration, and Enterprise
Voice, and then update your Skype for Business Server design.
Lesson Objectives
After completing this lesson, you will be able to:
• Describe the integration of Exchange Server with Skype for Business Server.
• Describe the role of Exchange Server in providing free/busy information.
• Describe how to configure the integration of Skype for Business Server and Exchange Server.
• Describe Open Authorization (OAuth) and trusted applications in Skype for Business Server.
• Describe the integration of SharePoint Server with Skype for Business Server.
• Describe how to configure the integration of Skype for Business Server and SharePoint Server.
To display information about a contact in an email message, Outlook 2013 first retrieves the contact’s SIP
address locally, and then makes a remote procedure call (RPC) to the server running Exchange Server, if
required. During a single Outlook 2013 session, the number of RPCs decreases as more SIP addresses are
cached. In Skype for Business Server, the integration features either use Messaging Application
Programming Interface (MAPI) or make EWS calls to Exchange Server for the following purposes:
• To access conversation history and missed calls
You need to remember that Outlook 2013 makes RPCs to resolve SIP addresses only if you select the
Display online status next to a person name option. To view this option in Outlook 2013, on the Tools
menu, click Options, click Other, and then click Person Names. Select an appropriate Exchange Server
communication interface.
You can evaluate the communication interfaces that Skype for Business Server uses to access and update
the features shared with Outlook 2013. Skype for Business Server makes Exchange Server calls directly,
through MAPI or EWS, or indirectly, by using the Microsoft Outlook object model.
Controlling integration
All Outlook 2013 integration features are enabled by default, but you can control them individually
by using Skype for Business Server or by using in-band server settings. When you plan for the
Skype for Business Server solution, you can use the in-band server settings to enable or disable individual
integration features, either during deployment or during maintenance.
Skype for Business Server supports integration with the following versions of Exchange:
For Skype for Business Server, you can use an existing Skype for Business Server certificate as your server-
to-server authentication certificate. For example, you can use your server default certificate as the
OAuthTokenIssuer certificate. Skype for Business Server allows you to use any web server certificate as the
certificate for server-to-server authentication, provided that:
• The certificate includes the name of your SIP domain in the Subject field.
• You have configured the same certificate as the OAuthTokenIssuer certificate on all of your
Skype for Business Server Front End Servers.
You must configure the autodiscover service in Exchange Server before you can integrate
Skype for Business Server and Exchange Server.
Demonstration Steps
Perform the following steps in the Skype for Business Server Deployment Wizard:
o CA: LON-DC1.Adatum.com/AdatumCA
o Organization: A Datum
o Organizational Unit: IT
o OAuthTokenIssuer
Configuring SharePoint Server to search for archived Skype for Business Server data
If you want to use SharePoint Server to search for archived Skype for Business Server data (including IM
and web conferencing transcripts), you must first complete all the steps required to configure Exchange
Server archiving in Skype for Business Server. You learned about this earlier in the lesson.
After successfully integrating Exchange Server and Skype for Business Server, you must install the EWS
Managed API 2.2 on each of your SharePoint Server 2013 servers. You can download the setup program
for the EWS API from the following Microsoft website.
What are the three steps required to integrate Skype for Business Server 2015 with Exchange
Server?
Assign the appropriate certificates to Skype for Business Server and to Exchange Server.
Assign the OAuth certificate to the Skype for Business Server 2015 server.
Configure Skype for Business Server to be a partner application for Exchange Server.
Configure Exchange Server to be a partner application for Skype for Business Server.
What are the four steps required to enable the discovery of content from Skype for Business
Server through eDiscovery in SharePoint Server?
Configure Skype for Business Server to be a partner application for Exchange Server.
Configure Exchange Server to be a partner application for Skype for Business Server.
Install the EWS Managed API 2.2 on each of your servers running SharePoint Server.
MCT USE ONLY. STUDENT USE PROHIBITED
2-34 Installing and Implementing Skype for Business Server 2015
Objectives
After completing this lab, you will be able to:
Lab Setup
Estimated Time: 60 minutes
Password: Pa$$w0rd
For this lab, you will use the available virtual machine environment. Before beginning the lab, complete
the following steps:
1. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2. In Hyper-V Manager, click 20334B-LON-DC1, and in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts.
o Password: Pa$$w0rd
o Domain: Adatum
You will also need to mount the ISO images needed for the lab by performing the following steps:
1. Open the Hyper-V Manager console.
2. Use the Skype for Business Server 2015 - Deployment Wizard to install the local configuration store
on NYC-SFB3. Retrieve the data directly from the Central Management store. This step will take about
15 minutes to execute.
3. Use the Skype for Business Server 2015 - Deployment Wizard to set up Skype for Business Server
components on NYC-SFB3. This step will take approximately 15 minutes to run.
Results: After completing this exercise, you will have installed the local configuration store and the core
components on the Skype for Business Server Front End Server in the New York site.
a. In the Select a CA from the list detected in your environment drop-down list, verify that
LON-DC1.Adatum.com\AdatumCA is present.
b. In the Friendly Name box, type NYC-SFB3 Skype for Business Server Default Certificate.
h. In the Select one or more SIP Domains list, select Adatum.com, and then complete the
certificate request.
2. On the Online Certificate Request Status page, verify that Assign this certificate to Skype for
Business Server certificate usages is selected.
3. Verify that the default certificate has been assigned to Server Default, Web Services Internal and
Web Services External.
Start-CsPool NY-pool.adatum.com
Task 3: Verify the Skype for Business client connectivity to New York
1. Switch to LON-SFB1.
2. On LON-SFB1, on the taskbar, click Skype for Business Server Control Panel.
5. In the new Skype for Business Server user panel, click add, and then click add filter.
6. In the first drop-down list box, select Department. In the second drop-down list box, select equal to.
In the text box, type Sales, and then click Find.
7. Click the first user, and then press Ctrl+A to select all the users from the search results. Click OK.
8. In the assign users to a pool drop-down list box, select NY-pool.adatum.com, change the
Telephony drop-down list box to Enterprise Voice, and then at the upper-left corner, click Enable.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 2-37
2. In the Virtual Machines list, right-click 20334B-LON-DC1, and then click Revert.
Results: After completing this exercise, you will have requested and assigned the certificates and started
the services for the Skype for Business Server Front End Server in the New York site.
Question: For a new deployment of Skype for Business Server or migration from a legacy version,
which two actions must you complete before you can publish a topology by using Topology
Builder?
Question: After publishing the topology, but before clicking Finish in the publishing wizard,
what should you do?
MCT USE ONLY. STUDENT USE PROHIBITED
2-38 Installing and Implementing Skype for Business Server 2015
Review Questions
Question: Which Skype for Business feature or integration excites you the most about the
product? Which Skype for Business feature or integration intimidates you the most in design
or deployment? Why?
Tools
The tools used in this module include:
• Skype for Business Server Topology Builder. This tool configures the design of your Skype for Business
Server 2015 deployment and publishes the topology to Active Directory Domain Services (AD DS).
• Skype for Business Server Deployment Wizard. This tool installs the components, databases,
certificates, and administrative tools in your Skype for Business Server Standard or Enterprise Edition
deployment.
• The Skype for Business Server Management Shell. This tool allows you to manage your Skype for
Business Server deployment from a command-line interface.
• DNS Manager. This tool allows you to create and manage the Domain Name System (DNS) records
required in your Skype for Business Server deployment.
• The Certificates console. This tool allows you to manage the certificates required in your Skype for
Business Server deployment.
MCT USE ONLY. STUDENT USE PROHIBITED
3-1
Module 3
Administering Skype for Business Server 2015
Contents:
Module Overview 3-1
Lesson 2: Using the Skype for Business Server Management Shell 3-5
Lab A: Using the Administrative Tools to Manage Skype for Business Server 3-8
Module Overview
This module describes the foundation for the administrative infrastructure of Skype for Business 2015.
Skype for Business Server Control Panel is the primary tool for managing any Skype for Business
environment. You can perform other administrative functions by using the Skype for Business Server
Management Shell. You can use the Skype for Business Server Management Shell to automate processes
by using scripts. Role-based access control (RBAC) governs all capabilities of administrative users. You can
examine many of the functions of Skype for Business by using the set of Test cmdlets to emulate
transactions. In addition to these administrative tools and cmdlets, many tools are available for
troubleshooting the Skype for Business deployments.
Objectives
After completing this module, you will be able to:
Lesson 1
Using Skype for Business Server Control Panel
This lesson introduces Skype for Business Server Control Panel. In the Control Panel, you can open the
work areas by clicking the tabs on the left side of the console. In these work areas, you can configure all
the server settings and the settings for single or multiple users.
Lesson Objectives
After completing this lesson, you will be able to:
• Describe the various work areas in Skype for Business Server Control Panel.
• Explain the deployment options for Skype for Business Server Control Panel.
• Enable or disable users. After you create a user account in Active Directory Users and Computers, you
can enable or disable a user account in Skype for Business Server. When you disable a previously
enabled user account, you do not lose the Skype for Business Server settings that you configured for
that user account. Therefore, you can choose to re-enable the user without reconfiguring the user
account.
• Assign policies to users. You can assign specific policies to a user or a group of users, such as
conferencing policies, supported client version policies, archiving policies, or remote user access
policies.
• Assign users to a server or a pool. You can assign users to a server or move them to a specific pool.
• Set a user’s dial-in conferencing PIN. You can configure global PIN policies, such as the required
minimum length. In addition, you can configure PIN policies for individual users or sites. You can
choose to generate the PIN automatically or create one manually.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 3-3
• Start or stop services in the Skype for Business topology. You can view the core services that are
running on all Skype for Business Server 2015 servers, and in a single view, you can see the relative
health of the entire topology.
• Create network configuration for voice and conferencing. You can create the paths that
communication streams will take internally and configure the mechanisms for the messages that go
outside your organization.
Skype for Business Server Control Panel is automatically installed on every Front End Server or Standard
Edition server in your deployment. In Skype for Business Server, you can remotely manage edge servers by
using Skype for Business Server Control Panel, which is not exposed externally to the web.
Note: You cannot use Skype for Business Server Control Panel to manage users who are
members of the Active Directory Domain Admins group. For Domain Admin users, you can use
the Control Panel to perform read-only search operations. To perform write operations on
Domain Admin users, such as enabling or disabling Skype for Business Server, or changing pool
or policy assignments, telephony settings, or SIP address, you must use the Skype for Business
Server Management Shell cmdlets while signed in as a Domain Administrator with appropriate
RBAC credentials.
You can install the entire set of administrative tools from the Skype for Business Deployment Wizard on
the 64-bit versions of Windows 10, Windows 8.1, Windows 8, and Windows 7 workstations, with the
current set of service packs.
MCT USE ONLY. STUDENT USE PROHIBITED
3-4 Administering Skype for Business Server 2015
Demonstration Steps
1. On LON-SFB1, open Skype for Business Server Control Panel.
4. On the Select from Active Directory page, type Alex Darrow, and then click Find.
6. On the User Search page, in the Assign users to a pool section, select pool.adatum.com.
7. Click Enable.
10. In the Select from Active Directory page, click Add filter.
17. On the User Search page, type Amr Zaki, and then click Find.
18. Confirm that Amr Zaki is enabled for Skype for Business by verifying that there is a check mark in the
enabled column.
In which tab of Skype for Business Server Control Panel can you configure the assignment of a
user’s meeting policy?
Conferencing
Users
Meeting
Clients
Policy
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 3-5
Lesson 2
Using the Skype for Business Server Management Shell
The Skype for Business Server Management Shell is particularly useful when you perform bulk
transactions. In this lesson, you will learn how to use the Skype for Business Server Management Shell
to perform administrative tasks.
Lesson Objectives
After completing this lesson, you will be able to:
• Explain how to use the Skype for Business Server Management Shell.
In other words, the Skype for Business Server Management Shell is Windows PowerShell 3.0 with the
Skype for Business module loaded in it. It follows the Verb-noun syntax that all Windows PowerShell
modules employ.
For example, the cmdlet Get-CsPool will provide information about each pool and the services that are
running in the topology. You can use parameters to limit the scope of the inquiry. For example:
The wildcard character in the Skype for Business Server Management Shell is *. It is particularly useful with
the Get cmdlets. For example, Get-CsUser –Identity “Bob*” returns the names of all the enabled users
whose names begin with Bob.
MCT USE ONLY. STUDENT USE PROHIBITED
3-6 Administering Skype for Business Server 2015
• Enable-CsComputer activates the recently installed services on a Skype for Business Server 2015
server.
• Get-CsAdUser provides all the accounts in Active Directory Domain Services (AD DS) regardless of
their activation for Skype for Business.
• New-CsDialPlan is used primarily in Enterprise Voice deployments to create a dial plan. However,
you will see its application for dial-in conferencing in Module 6, “Implementing Additional
Conferencing Options in Skype for Business Server 2015”.
• Set-CsCertificate assigns certificates to a Skype for Business Server 2015 server or service.
• Test-CsPresence confirms that two users can exchange presence information.
Demonstration Steps
1. Open the Skype for Business Server Management Shell.
3. Confirm that the user was enabled by typing Get-CsUser –Identity “Aidan Delaney”, and then
pressing Enter.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 3-7
Verify the correctness of the statement by placing a mark in the column to the right.
Statement Answer
Which of the following cmdlets activates the recently installed services on a Skype for Business
Server 2015 server?
Enable-CsComputer
Set-CsCertificate
Test-CsPresence
Enable-CsTopology
MCT USE ONLY. STUDENT USE PROHIBITED
3-8 Administering Skype for Business Server 2015
Objectives
After completing this lab, you will be able to:
Lab Setup
Estimated Time: 45 minutes
Virtual Machines: 20334B-LON-DC1, 20334B-LON-SFB1, 20334B-LON-SFB2, 20334B-LON-SQL1,
20334B-LON-CL1, 20334B-LON-CL2, 20334B-LON-RTR, 20334B-LON-EX1
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must
complete the following steps:
1. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2. In Microsoft Hyper-V Manager, click 20334B-LON-DC1, and then in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts.
o Password: Pa$$w0rd
o Domain: Adatum
11. Start 20334B-LON-RTR and 20334B-LON-EX1. Do not sign in to these virtual machines.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 3-9
If you do not start the Front End Servers at the same time, a loss of quorum might mean that the pool fails
to start. You will know this has happened if the Skype for Business Server Front-End Service fails to start. If
the failure occurs, run the following command:
2. On LON-CL1, open File Explorer, right-click the DVD drive, and then click Install or run program
from your media.
3. In the Skype for Business Server install window that appears, select Don’t check for updates right
now, and then click Install.
4. Select I accept the terms in the license agreement, and then click OK.
5. In the Welcome to Skype for Business Server 2015 deployment window, select Install Administrative
Tools.
Results: After completing this exercise, you will have installed the administrative tools for Skype for
Business on LON-CL1.
2. In the Windows Security dialog box, type Administrator as the user name and Pa$$w0rd as the
password.
3. From the Users page, assign and enable the default SIP address for Carol Troup. Assign the user to
pool.adatum.com.
Results: After completing this exercise, you will have enabled Carol Troup and all the members of the
information technology (IT) organizational unit (OU) to use Skype for Business.
2. In the Skype for Business Server Management Shell, type the following command, and then press
Enter:
$rootDN = ([adsi]"").distinguishedName
3. In the Skype for Business Server Management Shell, type the following command, and then press
Enter:
$sipDomain = “adatum.com”
4. In the Skype for Business Server Management Shell, type the following command, and then press
Enter:
$csPool = 'pool.adatum.com'
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 3-11
5. In the Skype for Business Server Management Shell, type the following command, and then press
Enter:
6. In the Skype for Business Server Management Shell, type the following command, and then press
Enter:
$users = $group.member
7. In the Skype for Business Server Management Shell, type the following command, and then press
Enter:
2. Close the Skype for Business Server 2015 Control Panel and sign out of LON-CL1.
Results: After completing this exercise, you will have enabled all the users in the Managers security group
for Skype for Business.
Question: Northwind Traders has a large Skype for Business deployment with three pools in their
headquarters in Chicago. This year, Northwind Traders will add two dozen new Skype for
Business users per week. You will assign the new users to their pools based on their departments.
As the administrator responsible for enabling these users, what is the best method you can use
for accomplishing the task?
Question: Adventure Works Cycles has a small deployment of Skype for Business Server with a
single pool and plans to add no more than 20 users to Skype for Business over the next year. As
the administrator responsible for enabling these users, what is the best method you can use for
accomplishing the task?
MCT USE ONLY. STUDENT USE PROHIBITED
3-12 Administering Skype for Business Server 2015
Lesson 3
Implementing Role-Based Access Control
To enable you to delegate administrative tasks while maintaining high standards for security, Skype for
Business Server offers RBAC. With RBAC, you can grant administrative privileges to users by assigning
administrative roles to them. Skype for Business Server includes a rich set of built-in administrative roles.
You can also create new roles and specify a custom list of cmdlets for each new role. Additionally, you can
add scripts of cmdlets to the allowed tasks of both predefined and custom RBAC roles.
Lesson Objectives
After completing this lesson, you will be able to:
RBAC restrictions work only on administrators who are working remotely and using either Skype for
Business Server Control Panel or Skype for Business Server Management Shell. RBAC does not restrict a
user sitting at a server running Skype for Business Server. Therefore, physical security of your Skype for
Business Server deployment is important to preserve RBAC restrictions.
In RBAC, you enable a role to use a list of cmdlets that are designed to be useful for a certain type of
administrator or technician. A scope is the set of objects on which the cmdlets defined in a role can
operate. The objects that a scope affects can be either user accounts (grouped by organizational unit) or
servers (grouped by site).
All predefined roles shipped in Skype for Business Server have a global scope, which you cannot modify.
To follow least privilege practices, you should not assign users to roles with global scope if they are going
to administer only a limited set of servers or users. To follow least privilege practices, you can create roles
that are based on an existing role, but with a more limited scope.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 3-13
You can configure each of the RBAC roles by using the CSAdminRole noun in the Skype for Business
Server Management Shell. There are two limitations of the CSAdminRole cmdlet:
• All CSAdminRoles are based on the available templates. For example, you can use the
CsServerAdministrator role as a template to create a new role.
• Every CSAdminRole must be based on only one template. When you create a new role, you can use
only one template or default role.
Templates include config and user scopes. A config scope defines a portion of the topology that you can
delegate, such as a site. The user scope limits a role to a particular collection of users, such as members of
a particular organizational unit.
Predefined Roles
There are 11 predefined RBAC roles in Skype for
Business. Each has a global scope; you create a
custom role if you require a more limited scope of
management. The following are the built-in roles:
• CsVoiceAdministrator can create, configure, and manage voice-related settings and policies.
• CsServerAdministrator can manage, monitor, and troubleshoot servers and services. It can prevent
new connections to servers, stop and start services, and apply software updates. However, it cannot
make changes with global configuration impact.
• CsViewOnlyAdministrator can view the deployment, including user and server information, to monitor
deployment health.
• CsHelpDesk can view the deployment, including users’ properties and policies. It can run specific
troubleshooting tasks. However, it cannot change user properties or policies, server configuration, or
services.
• CsLocationAdministrator can manage Enhanced 9-1-1 (E9-1-1), including creating locations and
network identifiers, and associating these with each other.
• CsPersistentChatAdminstrator can manage the Persistent Chat feature and specific Persistent Chat
rooms.
MCT USE ONLY. STUDENT USE PROHIBITED
3-14 Administering Skype for Business Server 2015
In addition to the RBAC roles, there are security groups that are available to administer the Skype for
Business Server infrastructure. Each security group has an RTC prefix. The most prominent security group
is RTCUniversalServerAdmins, which has full control of the Skype for Business Server infrastructure.
2. Add or remove cmdlets or scripts based on what the role holder can run.
To create a role that has access to a set of cmdlets that are not in one of the predefined roles or to a set
of scripts or modules, you can start by using one of the predefined roles as a template. Note that you
must store the scripts and modules that roles can run in the following locations:
• The Skype for Business module path, which is, by default, C:\Program Files\Common Files
\Microsoft Skype for Business Server 2015\Modules\Skype for Business.
• The user script path, which is, by default, C:\Program Files\Common Files\Microsoft Skype for Business
Server 2015\AdminScripts.
To create a new role, you use the New-CsAdminRole cmdlet. Before running New-CsAdminRole, you
must create the underlying security group that will be associated with this role.
The following cmdlets serve as an example for creating a new role. They create a new role type called
MyHelpDeskScriptRole. The new role has the abilities of the predefined CsHelpDesk role and can run the
functions in a script named testscript. For this cmdlet to work, you must first create the security group,
MyHelpDeskScriptRole, and then run the following script:
After this cmdlet runs, you can assign users to this role by placing them in the security group (in which
case they have the global scope), or you can create a scoped role based on this role.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 3-15
RBAC Scope
Large organizations divide administrative functions
by location or functional team. You
can use scope to support those delineations.
Set-CsAdminRole -Identity
"LondonHelpDesk" -UserScopes @{Remove="OU:ou=New York,dc=adatum,dc=com"}
• The config scope, which enables you to define a Skype for Business site for which an administrator
can manage servers and policies.
For example:
• Administrative
o RTCUniversalServerAdmins
o RTCUniversalUserAdmins
o RTCUniversalReadOnlyAdmins
• Infrastructure
o RTCUniversalGlobalWriteGroup
o RTCUniversalGlobalReadOnlyGroup
o RTCUniversalUserReadOnlyGroup
o RTCUniversalServerReadOnlyGroup
o RTCUniversalSBATechnicians
MCT USE ONLY. STUDENT USE PROHIBITED
3-16 Administering Skype for Business Server 2015
• Service
o RTCHSUniversalServices
o RTCComponentUniversalServices
o RTCProxyUniversalServices
o RTCUniversalConfigReplicator
o RTCSBAUniversalServices
Each of the RTC groups has access control entries on appropriate containers in the infrastructure
permitting its members to perform administrative functions.
Demonstration Steps
1. In Active Directory Users and Computers, create a universal security group named
CsLondonHelpDesk in the Users container.
3. In the Skype for Business Server Management Shell, create a new RBAC role by using the CsHelpDesk
role as a template. Define a config scope that limits the control to the London site.
4. Confirm that Brad Sutton is assigned the CsLondonHelpDesk role.
CSHelpDesk
CsServerAdministrator
CsAdministrator
CsUserAdministrator
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 3-17
Lesson 4
Using Test Cmdlets
The Test cmdlets run synthetic transactions against Skype for Business clients and servers to obtain a
snapshot view of the overall health of the infrastructure. You can use these cmdlets with existing accounts
or accounts created for testing proposes.
Lesson Objectives
After completing this lesson, you will be able to:
The transactions that the Test cmdlets perform are in the context of a user. The users that the cmdlet will
utilize can be actual Skype for Business users or test users that you can create and enable in advance. You
can set up the test user accounts by using the New-CsHealthMonitoringConfiguration cmdlet. The
following example shows how to create two test user accounts:
• Test-CsGroupIM determines whether two users are capable of conducting an instant messaging (IM)
conference.
There are several Test cmdlets that are server-oriented, including the following:
• Test-CsTopology verifies that the topology is properly configured and performing as expected.
Demonstration Steps
1. Open the Skype for Business Server Management Shell.
Statement Answer
Lesson 5
Tools for Troubleshooting Skype for Business
Like most complex server installations, Skype for Business will not always perform optimally. You can use a
number of tools to troubleshoot issues in the Skype for Business deployment. In this lesson, you will learn
about these tools, which you will continue to use throughout the remaining modules.
Lesson Objectives
After completing this lesson, you will be able to:
• Identify the purpose of local logs that are maintained on the Skype for Business clients.
Local Logs
The primary local log in Skype for Business is the
UccApilog. You can find this log in the user profile
of the person who signed in to the computer, not
necessarily the Skype for Business user. The default
location of this log is C:\Users\username\AppData
\Local\Microsoft\Office\15.0\Lync\Tracing
\Lync-UccApi-#.UccApilog.
In addition to the information that is logged in UccApilog, you can also track and view the Skype for
Business Windows events in the local Event Viewer. By default, the local Skype for Business events are not
logged. You can activate the logging settings locally by performing the following steps:
1. In the Skype for Business client, on the Tools menu, click Options.
2. In the Skype for Business Options dialog box, select Also collect troubleshooting info using
Windows Event logging.
After activating, you can view the events under the Windows\Applications node of the Event Viewer.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 3-21
Snooper
Snooper is a tool for parsing the Skype for Business
logs. You can use Snooper for local logs or server
logs. The Messages tab in Snooper is where you do
most of your diagnostic work.
The Remote Connectivity Analyzer site is organized by a series of five tabs across the top of the webpage.
On the Client tab, there is a link to download the Microsoft Lync Connectivity Analyzer Tool, which
verifies if the external DNS records permit access to the Windows Store.
Message Analyzer
Skype for Business is ultimately dependent on the
health of the networks on which it runs. Therefore,
you must examine the network when you
troubleshoot problems in the Skype for Business
infrastructure. For example, you might want to
examine if the Quality of Service (QoS) settings are
being properly applied. Message Analyzer is the
next generation tool for capturing, displaying, and
interpreting protocol messaging traffic. This tool
helps in diagnosing network issues. Message
Analyzer has a robust set of features that make it
more effective than its predecessor, Microsoft
Network Monitor.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 3-23
To gain the highest level of insight into your Skype for Business environment, you must download and
install the Custom Real-Time Transport Protocol (RTP) configuration file for the Lync and Skype codecs.
You can find this file at the following website:
Microsoft Message Analyser Custom RTP config file for Lync and Skype Codecs
http://aka.ms/nsh115
The following is the process for installing the new RTP.opn file:
3. Delete the C:\Program Files\Microsoft Message Analyzer\ folder and its subfolders.
The new configuration file shows all the Skype for Business and Skype codecs.
You can start a Message Analyzer session by clicking New Session on the toolbar at the top of the
Message Analyzer interface. You can then enter a name for the session, specify a data source, and then
specify the starting search type and a parsing level.
Typically, you run a live trace, add a provider, and then save your configuration. While the live trace runs,
all messages appear in the central work area. You can click a message to view its details. After you have
captured sufficient data, you can stop the trace. Then you can perform further filtering and grouping of
the messages.
Demonstration Steps
1. On LON-SFB1, confirm that CLSLogging is not running by typing Get-CsCLSConfiguration in the
Skype for Business Server Management Shell.
Snooper
Message Analyzer
Objectives
After completing this lab, you will be able to:
• Use Skype for Business Server Management Shell cmdlets to create an RBAC structure.
Lab Setup
Estimated Time: 45 minutes
Virtual Machines: 20334B-LON-DC1, 20334B-LON-SFB1, 20334B-LON-SFB2, 20334B-LON-SQL1,
20334B-LON-CL1, 20334B-LON-RTR, 20334B-LON-EX1
For 20334B-LON-CL2:
Password: Pa$$w0rd
For this lab, you will use the available virtual machine environment. In the event that you shut down the
virtual machines at the end of Lab A, before you begin the lab, you must complete the following steps:
1. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2. In Hyper-V Manager, click 20334B-LON-DC1, and then in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machines starts.
4. Sign in by using the following credentials:
o Password: Pa$$w0rd
o Domain: Adatum
11. Start 20334B-LON-RTR and 20334B-LON-EX1. Do not sign in to these virtual machines.
If you do not start the Front End Servers at the same time, a loss of quorum might mean that the pool fails
to start. You will know this has happened if the Skype for Business Server Front-End Service fails to start. If
the failure occurs, run the following command:
3. Confirm that the access is denied. You should see an Access is denied message.
2. Create a new universal security group in the Users container and name the group
CSManagersUserAdmin.
3. Click the Start button, click All apps, and then click Skype for Business Server Management Shell.
4. At the command prompt, type Get-CsAdminRoleAssignment –Identity “Ed”, and then press Enter.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 3-27
3. Click Add.
6. Switch to LON-SFB1.
7. In the Skype for Business Server Management Shell, confirm that Ed Meadows is assigned the
CsManagersUserAdmin role by typing Get-CsAdminRoleAssignment –Identity “Ed” at the
command prompt.
Results: After completing this exercise, you will have assigned Ed Meadows the CSAdministrator role. You
will also have assigned the members of the Managers organizational unit the CSUserAdministrator role
that is scoped to their OU.
4. Use Snooper.
3. Open the Skype for Business Server Management Shell, type the following command, and then press
Enter:
Get-CsClsConfiguration
MCT USE ONLY. STUDENT USE PROHIBITED
3-28 Administering Skype for Business Server 2015
4. Start a logging scenario with the Centralized Logging Service by typing the following command, and
then pressing Enter:
3. On LON-CL1, in the Skype for Business window, click the drop-down arrow next to the settings icon,
and then click Meet Now.
4. If a Join Meeting Audio dialog box appears, select Use Skype for Business and Don’t show this
again, and then click OK.
5. In the new conversation window, click the People icon, and then click Invite More People.
6. In the Send an IM dialog box, type Amr. Select Amr Zaki, and then click OK.
Sync-CsClsLogging
2. Execute a search against the currently running logging scenario and output the results to a file by
executing the following command and pressing Enter:
3. Stop the AudioVideoConferencingIssue logging scenario by entering the following command and
pressing Enter:
4. Click the Messages tab, and then observe the collected data.
5. Close Snooper.
Results: After completing this exercise, you will have captured the messages that are transmitted in an ad
hoc meeting by using the Centralized Logging Service.
2. Click Do not update items, click No, I do not want to participate, and then click OK.
7. In the View Filter box, type TLS, and then click Apply.
2. On LON-CL1, in the results pane, notice the Transport Layer Security (TLS) traffic that is being
generated.
3. Review several of the TLS packets to see the traffic exchanged between the Skype for Business server
and the client.
2. In the Virtual Machines list, right-click 20334B-LON-DC1, and then click Revert.
Results: After completing this exercise, you will have examined a network capture.
Question: A. Datum wants to ensure that message logs are maintained at all times without
generating a substantial amount of data. What CLSLogging scenario should you apply?
Question: When attempting to enable a member of the Domain Admins group by using Skype
for Business Server Control Panel, Amr Zaki received an error message. What is he doing wrong?
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 3-31
o What do you mean when you say that the Skype for Business client is slow?
o Can you show me how it is slow?
o Does the problem produce any error message? If so, what is the exact message?
o How often does the problem occur?
o What was the last change in the environment, and when did it occur?
Next, establish the scope of the problem. Is it related to a single user, multiple users, a single location, or is
it an enterprise-wide issue or outage? The larger the scope, the higher the priority becomes in resolving
the problem.
The most common problems that you will encounter with a Skype for Business Server deployment will
involve the network infrastructure. To investigate network issues, you can perform standard network tests
by using Ping, Telnet, NSLookup, and Internet Explorer.
Running IPCONFIG/DisplayDNS will show the current client DNS resolver cache on the local computer.
You can follow this with queries to the lyncdiscover.domainname record. As a last resort, you should
examine the DNS Service Location records, which the client will use if the Autodiscover records are not
available.
Review Questions
Question: Which Skype for Business Server cmdlets can you use to verify service activation
and group permissions for your installation of Skype for Business Server?
Question: For Centralized Logging Service to work, the controller must be able to contact
each Skype for Business Server Centralized Logging Service agent. Which ports must you
open inbound on every Skype for Business Server 2015 server, including the Skype for
Business Edge Server?
MCT USE ONLY. STUDENT USE PROHIBITED
4-1
Module 4
Configuring Users and Clients in Skype for Business 2015
Contents:
Module Overview 4-1
Lab A: Configuring Users and Clients in Skype for Business 2015 4-15
Lab B: Configuring Policies and the Address Book in Skype for Business Server 4-28
Module Overview
Effectively managing a Skype for Business infrastructure requires that you understand how to enable users
and control what they can do when they connect to Skype for Business Server. Additionally, it is important
that you understand how users connect to Skype for Business Server so that you can troubleshoot issues
when they occur.
In this module, you will learn how to manage users and clients in a Skype for Business environment.
Additionally, you will examine the user configuration by using Skype for Business Server Control Panel and
the Skype for Business Server Management Shell. You will also see how to deploy the Skype for Business
client.
Objectives
After completing this module, you will be able to:
Configure users by using Skype for Business Server Control Panel and the Skype for Business Server
Management Shell.
Explain the registration, sign-in, and authentication process for Skype for Business clients.
Lesson 1
Configuring Users
While configuring users, it is important that you understand how to assign users to an appropriate pool,
to designate how their Session Initiation Protocol (SIP) address will be created, how to control their
audio/video and telephony capabilities, and how to set policies for access to Skype for Business features.
Lesson Objectives
After completing this lesson, you will be able to:
Describe how to configure users by using Skype for Business Server Control Panel.
Describe how to configure users by using the Skype for Business Server Management Shell.
Display name
SIP address
Registrar pool
Telephony (PC-to-PC, audio/video disabled, remote call control, Enterprise Voice, or remote call
control only)
LineURI
Additionally, the client policies that establish Skype for Business user capabilities can be assigned to each
user by selecting policies from its own drop-down menu. A full discussion of client policies will follow later
in this module.
As with all Silverlight-based consoles, you must commit all changes that you make to the attributes or
they will not apply. However, if you navigate away from any page in Skype for Business Control Panel
without committing your modifications, a warning message will display.
You also can select multiple users on the Users tab in Skype for Business Control Panel. To manage
multiple users, click the Action tab, and then select one of the following options:
Assign policies
Lock PIN
Unlock PIN
Note that the settings on the Action tab are also available for an individual user, which includes
additional functions for viewing PIN status and setting a PIN. You can also use Skype for Business Server
Control Panel to enable users for Skype for Business.
The process for enabling a new user for Skype for Business in Skype for Business Server Control Panel
includes:
Clicking Enable users on the USER SEARCH page.
Clicking Add.
Selecting the users that you wish to enable for Skype for Business on the Select from Active
Directory page.
You can use the following nouns in the Skype for Business Server Management Shell to configure users:
CsAdUser
o The Get verb of this cmdlet returns all users in Active Directory Domain Services (AD DS).
Running the Get-CsAdUser cmdlet is generally the first step in enabling users for Skype for
Business.
CsUser
o Disable only disables the Skype for Business account for the user.
The following is an example of a command to move all users in the Sales OU to the London pool:
Demonstration Steps
1. Open Skype for Business Server Control Panel.
5. At the command prompt, type the following command, and then press Enter:
6. At the command prompt, type the following command, and then press Enter:
7. At the command prompt, type the following command, and then press Enter:
8. At the command prompt, type the following command, and then press Enter:
9. At the command prompt, type the following command, and then press Enter:
A user’s Session Initiation Protocol (SIP) address can include which of the following suffixes?
@OrganizationUnit
SAMAccountName@sipdomain
Lesson 2
Deploying the Skype for Business Client
To use all of the features of Skype for Business, users require a Skype for Business client. In this lesson, you
will learn the various methods for deploying Skype for Business clients to users.
Lesson Objectives
After completing this lesson, you will be able to:
Describe how to deploy the Skype for Business client as an update to Microsoft Lync 2013.
Describe how to deploy the Skype for Business client by using Click-to-Run for Microsoft Office 365
ProPlus.
Office component
In a departure from previous releases, Microsoft
introduced a different approach to client deployment in Lync 2013. Instead of having a separate installer,
Microsoft included the Lync 2013 client with the Microsoft Office 2013 setup program. To deploy the
Skype for Business client, you can use similar deployment methods and customization tools that you use
for Lync 2013.
The Office 2013 installer is a Windows Installer–based installation package that consists of multiple .msi
files. A language-neutral core Windows Installer package combines with one or more language-specific
packages to create a complete product. The setup program assembles the individual packages and
performs customization and maintenance tasks during and after Office 2013 installation on users'
computers. The topics in this lesson describe how to customize the Office 2013 installer to deploy Lync
2013 and update it to Skype for Business 2015.
Note: The Online Meeting add-in for Skype for Business 2015, which supports meeting
management from within the Microsoft Outlook messaging and collaboration client, installs
automatically with the Skype for Business 2015 update.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 4-7
If you choose to allow users to install the Skype for Business client, you can deploy it by using a file server
on your network as a software distribution point for the Windows Installer package. You can then send an
email message to users that explains the installation process and provides a link to the distribution point.
Until they install the new client, the old client will remain functional against the new Skype for Business
Server 2015 infrastructure.
Managed deployment
If you plan to perform a managed deployment of Skype for Business Server, you have the following
installation options:
Microsoft System Center 2012 R2 Configuration Manager. You can use this option for more complex
software-installation scenarios that require scheduling, inventory, reporting, status, and support for an
installation across a wide area network (WAN).
Group Policy. You can create a Group Policy Object (GPO) to deploy Skype for Business clients to
specific users or computers based on group memberships.
Windows sign-in scripts. You can use a sign-in script to perform an unattended installation of Skype
for Business when a user signs in to their device. You can use GPOs to target sign-in scripts to specific
devices or users.
Deploy Click-to-Run for Office 365 products by using the Office Deployment Tool
http://aka.ms/mt55xj
Deploying the Skype for Business Client by Using Office 2013 and then
Upgrading from Lync 2013
The Lync 2013 client installs as part of an Office
2013 deployment. Organizations that deployed
Lync 2013 and Office 2013 can install the Skype
for Business client by upgrading from Lync 2013.
The upgrade performs through an update
(2889923) that includes the Skype for Business
upgrade package.
Question: Contoso, Ltd. has been using Lync Server 2010 and Lync Server 2013 in two of its three
locations:
Boston has 5,000 Lync 2010 and Microsoft Office 2010 users.
Atlanta has 2,000 Lync 2013 and Microsoft Office 2013 users.
Los Angeles has 500 users who will receive Office 365 accounts, including Microsoft Office
Professional Plus.
Contoso wants to ensure that all of its users receive the Skype for Business user experience. What
are the available deployment options?
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 4-9
Lesson 3
Registration, Sign-In, and Authentication
Sometimes a user will be unable to connect by using the Skype for Business client. In this lesson, you will
learn more about the SIP registration process, and you will examine the SIP messages that registration
generates. With this knowledge, you can troubleshoot a failed sign-in.
Lesson Objectives
After completing this lesson, you will be able to:
Registration
The first step in the registration process involves
locating the appropriate registrar pool or server,
for Enterprise Edition or Standard Edition
respectively. Prior to Lync 2013, Domain Name
System (DNS) service (SRV) resource records were
the primary method of locating that pool or
server.
The Skype for Business client uses the Autodiscover service records as the primary source of the registrar
pool or server. The following is a list of the DNS resource records that client registration requires, in the
order that the Skype for Business client queries them to the DNS server.
lyncdiscover. organization_name.com. A record for the Autodiscover service for external web services
(external DNS).
MCT USE ONLY. STUDENT USE PROHIBITED
4-10 Configuring Users and Clients in Skype for Business 2015
_sip._tls. organization_name.com. A service (SRV) resource record for external TCP connections
(external DNS).
sip. organization_name.com. This is a host (A) resource record for the Front End pool when the client
is on the internal network; host (A) resource records also are for Access Edge Server when the client is
external with no virtual private network (VPN) access (external DNS).
sipexternal. organization_name.com. This is a host (A) resource record for Access Edge Server when
the client is external with no VPN access (external DNS).
In this sign-in process, the client's first DNS resolution request is sent to lyncdiscoverinternal and
lyncdiscover fully qualified domain names (FQDNs). This means that internal Lync clients could potentially
redirect out to the reverse proxy and get treated like external clients. This is why Autodiscover service
DNS records are a big part of the deployment picture and need to realign to their proper locations. The
lyncdiscoverinternal FQDNs should exist only in the internal DNS and point to internal Front End Servers
or Director servers if you have them in place. You should publish a lyncdiscover DNS host (A) resource
record only in an external DNS and point it to a reverse proxy server. In the event that you have an
internal DNS host (A) resource record for lyncdiscover, it should still point to the external IP address that
resolves to the reverse proxy server, and it should act in the same manner as if it directed to the Front End
Server pool.
Authentication
Skype for Business Server 2015 authentication happens in two steps:
2. The client and the server use the existing security association to sign messages that they send to
each other and to verify the messages that they receive from each other. A server does not accept
unauthenticated messages from a client when authentication is enabled on the server. The server
checks each message for valid user credentials. If the user credentials are valid, the message is
unchallenged not only by the first server that receives it, but by all other servers in the Front End
Server pool.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 4-11
Authentication is providing user credentials to a trusted server. Skype for Business Server uses the
following authentication protocols, depending on the location of the user:
NTLM. This challenge and response authentication protocol only requires protocol-layer connectivity
with AD DS. It is for remote sign-in by using the domain user name and password.
Kerberos version 5 authentication protocol. This is a mutual ticket authentication based on AD DS. It
is the preferred authentication protocol for AD DS, and it requires a connection to AD DS. It enables
single sign-on by passing a Kerberos ticket that a domain controller obtains after Windows sign-in,
and it requires time synchronization between the client and the domain controller. The default
tolerance for the time skew is 5 minutes.
Note: Note that the Lync AppData folder is used regardless of version. Skype for Business
2015 uses the %localappdata%\Microsoft\Office\15.0\Lync\Tracing folder, and Skype for Business
2016 uses the %localappdata%\Microsoft\Office\16.0\Lync\Tracing folder.
The log file name is Lync-UccApi-0.UccApiLog.
While you can read the log file by using any text editor, Snooper provides a parsed and organized view.
You can download Snooper with the Skype for Business Server debugging tools.
The download package also includes the deprecated CLSLogger, which you should avoid. Instead, use the
centralized logging cmdlets, which provide additional scenarios for evaluation and more options for
configuration. The following is a list of best practices for performing a log capture:
1. It is best to perform a clean capture of the log files before analyzing a sign-in issue. To perform a
clean capture on a client device, ensure that you have exited the Skype for Business client and that no
processes are running for Lync.exe, which is the executable file for the Skype for Business client.
2. Delete all of the logs in the Tracing folder and delete the sip_username@sipdomain folder, which can
be in the same folder as the tracing folder referenced above.
In the log file, you will see a series of eight messages in the client’s attempt to register and authenticate to
Skype for Business. The initial attempt to sign in will be unsuccessful, followed by two additional failed
attempts to send an SIP REGISTER before the 200 OK message returns. That should be followed by a series
of SUBSCRIBE messages to send and receive presence information.
It is a good practice to enable the collection of event logs by following these instructions:
1. In the Windows 8.1 or Windows 10 operating system, press the Windows logo key, type Event
viewer, and then click View event logs.
2. In the Event Viewer window, in the pane on the left, double-click Windows Logs, and then click
Application.
3. Double-click the listing for the Skype for Business error that you are trying to locate (usually, the most
recent Skype for Business error appears toward the top) to display the error details.
Another good troubleshooting option is to use the Test-CsClientAuthentication cmdlet. This cmdlet
requires that you specify the registrar pool of the evaluated user’s account. The Test-
CsClientAuthentication cmdlet also requires the user’s SIP address and credentials. The test essentially
confirms the existence and validity of the client authentication certificate. When a failure occurs, the best
places to look are usually DNS and certificates. Additionally, you should also check if all users are enabled
for Skype for Business.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 4-13
IM and Presence
Skype for Business uses SIP for transmitting
IMs. Presence in Skype for Business provides
information about the availability or willingness of
a user to participate in a communication. In the
Skype for Business client, a user can set his or her
presence as Available, Busy, Do Not Disturb, Be
Right Back, or Appear Away. As an administrator,
you can also configure custom presence states by
creating an XML file that contains the presence
information and referencing that file in a new
client policy.
Note: While written for Lync Server 2013, this TechNet article still applies to Skype for
Business Server.
To obtain presence information, the Skype for Business client must confirm the existence of a presence
subscription. The process for obtaining the presence information of a contact involves sending an SIP
SUBSCRIBE message to the SIP address of the contact. If the contact is willing to supply presence
information, an SIP/2.0 200 OK message returns with the presence status. Unsuccessful attempts to
confirm a presence subscription usually result in an “SIP/2.0 404 Not Found” reply.
Skype for Business IMs transmit through SIP. Peer-to-peer IMs only use Skype for Business servers for
creation and teardown of a conversation. After additional parties add to an IM session, the IM Multipoint
Control Unit joins the process to manage what is now deemed an IM conference.
After an organization fully deploys the Skype for Business client, it might choose to alter the allowed
Office Communicator version to require that all users utilize the Skype for Business client.
In addition to the Client Version Policy tab, you must configure an additional area in Skype for Business
Server Control Panel for a client version policy to be effective. The Client Version Configuration tab is
essentially an on/off switch for client version policy. The default client version configuration is to enable
client version policy globally. You can alter that by disabling it globally or at the site, pool, or user level.
An organization can further control the allowable versions by issuing new version policies. In addition to
modifying the global policy, policies that are more detailed can be set at the site or user levels.
Demonstration Steps
1. In the Skype for Business client on LON-CL1, confirm that Logging in Skype for Business is set to Full.
5. Open \\LON-CL1\C$\Users\Amr\AppData\Local\Microsoft\Office\16.0\Lync\Tracing
\Lync-UccApi-0.UccApilog.
6. Examine the log file.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 4-15
Objectives
After completing this lab, you will be able to:
Enable users for Skype for Business by using the Skype for Business Server Management Shell.
Lab Setup
Estimated Time: 30 minutes
Password: Pa$$word
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must
complete the following steps:
3. In the Actions pane, click Connect. Wait until the virtual machines starts.
o Password: Pa$$w0rd
o Domain: Adatum
1. Use the Skype for Business Server Management Shell to enable users for Skype for Business and to
disable their use of the audio and video features.
Task 1: Use the Skype for Business Server Management Shell to enable users for
Skype for Business and to disable their use of the audio and video features
1. In LON-SFB1, on the taskbar, open the Skype for Business Server Management Shell.
2. At the command prompt, type the following command, and then press Enter:
3. At the command prompt, type the following command, and then press Enter:
With the -whatif parameter, this command displays the accounts that will be enabled, without
actually enabling them.
4. At the command prompt, run the previous command without the -whatif parameter.
5. At the command prompt, type the following command, and then press Enter:
If you do not receive an error message, you can assume that the command ran properly.
2. Confirm that Adam Barr is enabled for Skype for Business by confirming that the Enabled parameter
is set to TRUE.
3. Switch to LON-CL1.
5. Sign in to the Skype for Business client as Adam@adatum.com with the password Pa$$w0rd. Clear
the Save my password check box.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 4-17
6. Confirm that Adam can connect to Skype for Business by successfully signing in.
Results: After completing this exercise, you should have enabled all members of the Marketing OU.
1. Attempt to sign in as a user who has not been enabled in Skype for Business Server.
3. Verify the user's Skype for Business status and enable the user.
Task 1: Attempt to sign in as a user who has not been enabled in Skype for Business
Server
1. In the Skype for Business client, click the gear icon, click Tools, and then click Options.
2. On the Skype for Business-Options General page, verify that Logging in Skype for Business is set
to Full, and then click Cancel.
3. In the Skype for Business client, click the gear icon, click File, and then click Exit.
Note: If you cannot find the AppData folder, on the View tab, click Options, and then
select Change folder and search options. In the Folder Options window, click the View tab, and
then under the Hidden files and folders section, select Show hidden files, folders, and drives.
Do not select the Hide extensions for known file types check box.
5. Select all files with the .log extension, and then delete them.
7. On LON-CL1, click Start, click All apps, and then click Skype for Business 2016. If necessary, click
Cancel sign-in to cancel the previous sign-in task.
8. In the Skype for Business client, sign in as Dan@adatum.com with the password Pa$$w0rd.
9. Note that you cannot sign in, and then click OK.
MCT USE ONLY. STUDENT USE PROHIBITED
4-18 Configuring Users and Clients in Skype for Business 2015
2. On LON-SFB1, open File Explorer, browse to C:\Program Files\Skype for Business Server 2015
\Debugging Tools\, and then double-click Snooper.exe.
3. In Snooper, on the File menu, click OpenFile, and then browse to \\LON-CL1\C$\Users
\Administrator.Adatum\AppData\Local\Microsoft\Office\16.0\Lync\Tracing\.
4. Select Lync-UccApi-0.UccApilog, and then click Open. Click the Messages tab, and then note that
no data generated for the dan@adatum.com user sign-in.
5. Close Snooper.
Task 3: Verify the user's Skype for Business status and enable the user
1. On LON-SFB1, open the Skype for Business Server Management Shell.
3. Confirm that Dan Park is not enabled for Skype for Business.
4. Type Enable-CsUser –Identity “Dan Park” –RegistrarPool “pool.adatum.com” –SipAddress
sip:dan@adatum.com, and then press Enter.
3. Repeat the “Examine the local logs by using Snooper” task above to view the uccapilog and event log
data.
Results: After completing this exercise, you should have addressed Dan Park’s sign-in issue.
Question: Besides the local logs, are there any other logs that you can use to diagnose a
problem with a user’s sign-in?
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 4-19
Lesson 4
Configuring Skype for Business Client Policies
You must configure policies to manage the features that will be available to users who are enabled for
Skype for Business. This lesson examines two types of policies. You create and manage in-band policies in
Skype for Business Server Control Panel or the Skype for Business Server Management Shell. Configure
settings that must apply prior to signing in to Skype for Business, known as bootstrapping policies, by
using AD DS Group Policy. In this lesson, you will see how to configure these policies.
Lesson Objectives
After completing this lesson, you will be able to:
Explain how to create global, site, and client Skype for Business policies.
Explain how to create Group Policy settings for Skype for Business Server.
Create a bootstrapping policy for Skype for Business.
Creating Global, Site, and User Skype for Business Client Policies
Most organizations that deploy Skype for Business
will have users with different capabilities and
access to features. Applying policies at the global,
site, and user levels primarily controls who does
what.
Global policies apply to all users in the absence of a policy that is set at the site or user level. Many global
policy settings are configured by default at the time of installation. Administrators can reconfigure global
policies to suit an organization’s needs.
Site policies override a global policy in the event of a conflict. Site policies apply to users who are assigned
to a pool in the site to which the policy links. Administrators can create user policies for almost all settings,
and they can tag policies to a particular user or a collection of users. A user policy will always override a
global-or site-based policy.
MCT USE ONLY. STUDENT USE PROHIBITED
4-20 Configuring Users and Clients in Skype for Business 2015
In Skype for Business Server Control Panel, you can apply the following policies at the user (tag) level:
Client Version
PIN
External Access
Archiving
Location
Mobility
Persistent Chat
Client
For example, you can create user or tagged policies for external access, allowing for federated user access,
remote user access, or public provider access. Likewise, the same policies can be set at the site or global
level.
Conferencing
Conferencing policies determine the capabilities of users who are participating in a conference. Some
examples of conferencing policy settings include:
While Skype for Business Server Control Panel can apply many conferencing policy settings, you can also
use the Skype for Business Management Shell. In this example, a site policy for London is created that
allows audio but not video conferences, and it allows desktop sharing:
Clients
Two policies fall under the clients category:
You cannot set some policies at the user (tag) level. The best examples of these are IM and presence
policies. You can set IM and presence policies at the global, site, or pool levels. Examples of settings in
Skype for Business Server Management Shell that you can apply at the site level are:
You can use the following two commands to exclude the .ps1 extension and the rtsp and urn prefixes
respectively:
In Skype for Business Server Control Panel, you can configure the settings for each in-band policy by
clicking the appropriate tabs. Therefore, it follows that conferencing policies are set on the Conferencing
tab, IM policies on the IM and Presence tab, and so forth.
Demonstration Steps
1. On LON-SFB1, modify the Global External Access Policy to allow communications with remote users.
2. Create a site policy for Adatum that allows all forms of remote access.
3. Create a user policy named Limited Access that does not allow any external access.
4. Verify the settings by examining the check marks in the External Access Policy notification area.
You set Group Policies in AD DS through the Group Policy Management Console (GPMC). An
administrative user must have an appropriate level of privileges to create and apply Group Policies. You
apply these policies at Active Directory sites, domains, or OUs that hold either users or computers. The
Lync16.admx administrative template includes Group Policy settings, which you can download as part of
the Office 2013 Administrative Template files (ADMX/ADML) and Office Customization Tool.
MCT USE ONLY. STUDENT USE PROHIBITED
4-22 Configuring Users and Clients in Skype for Business 2015
Office 2013 Administrative Template files (ADMX/ADML) and Office Customization Tool
http://aka.ms/t3bxli
You can configure the following Group Policy settings by using the Skype for Business administrative
template:
Specify server
Default UI Theme
Demonstration Steps
1. On LON-DC1, open File Manager, and then copy C:\Labfiles\lync15.admx to C:\Windows
\PolicyDefinitions.
3. In the Server Manager, click Tools, and then click Group Policy Management.
4. In the GPMC, expand Forest, expand Domains, right-click Adatum.com, and then click Create a
GPO in the domain, and Link it here.
5. In the Name text box, type Address Book No Delay GPO, and then click OK.
6. In the console tree, expand Adatum.com, and then click Group Policy Objects. Right-click Address
Book No Delay GPO, and then click Edit.
7. On LON-DC1, in the Group Policy Management Editor, expand User Configuration, expand Policies,
expand Administrative Templates, expand Microsoft Lync 2013, click Microsoft Lync Features
Policies, and then double-click Global Address Book Download Initial Delay.
8. Click Enabled, in maximum possible number of minutes to delay download type 0, and then click OK.
You must remember that user policies, when applied to members of an OU, do not affect the new
members of that OU who are added after application of the policy. Additionally, when you apply a policy
to an OU member, the policy is effective even if the member leaves the OU. When provisioning new users
or moving users in an organization, you should consider how in-band policies will apply.
This command prevents presence status from being set by a calendar status or by being on the phone.
The policy could then apply at the user or site levels. You can use the Set-CsClientPolicy cmdlet to
modify the global policy.
Users subscribing to presence information affects network activity. By applying CsPresencePolicy
cmdlets, you can control the maximum number of presence subscribers (the default is 200) and the
maximum number of category subscriptions (the default is 1,000).
Question: Bob is a user in the New York site, and he is tagged with a conferencing policy named
Limited User. The Limited User policy does not allow users to send invitations to anonymous
users or to start multiple video streams. However, the New York site policy allows both
anonymous users and multiple video streams. Don, a user in the London site, organizes a meeting
and invites Bob. Bob wants to invite anonymous users. Will he be able to do so?
MCT USE ONLY. STUDENT USE PROHIBITED
4-24 Configuring Users and Clients in Skype for Business 2015
Which of the following policies can you set for Skype for Business clients?
Lesson 5
Managing the Skype for Business Address Book
The Address Book provides contact information to Skype for Business users. It derives from several sources
and downloads to Skype for Business clients daily on a configurable schedule. This lesson examines how
to create and distribute the Address Book.
Lesson Objectives
After completing this lesson, you will be able to:
Book Web Query, services all client types in Skype for Business Server. The Address Book Service further
enhances query performance by contacting AD DS at scheduled intervals to collect and update
information in Address Book Service databases. Address Book Service databases are part of Microsoft SQL
Server Express databases that deploy on an Enterprise or Standard Edition Front End Server, similar to the
information that is managed and maintained for presence information.
Address Book Service and Address Book Web Query perform similar functions, but they do so in different
ways. Address Book Service queries and downloads user information from AD DS, which is maintained in a
full download of contact information, delta files, or as compact delta files. The information is stored in the
RTC database on the back-end SQL Server or on the Standard Edition server. By maintaining three types
of download extracts, Address Book Web Query ensures that a new client receives the full download and
then receives delta files or compact delta files based on the client’s ongoing needs.
Distribution List Expansion is a feature inherent to the way that contacts are stored in Address Book
Service database files or the Address Book Web Query. With Address Book Service files, a contact is
associated with groups and members of groups. Group information becomes available to the client
through updated Address Book Service files. However, Address Book Web Query directly queries AD DS
when a client requests group membership details, and Address Book Web Query returns the received
information back to the client.
For a fully functional communications system that involves telephony, normalizing phone numbers into a
usable format—regardless of where the client is—is critical. If a user makes a voice call to another person
on a public switched telephone network (PSTN), the phone number of the other person might be in a
format that might not work without reformatting to conventions that the PSTN accepts. For example, a
user calls one of his contacts at his listed number. The listed number for the contact is from AD DS, which
does not perform any phone number normalization. The number is in the form of 555-1010. Phone
number normalization converts this phone number from 555-1010 to +14255551010. Normalization
occurs when the Address Book Service reads the information from AD DS, normalizes it, and then stores it
in the Address Book file and index databases.
By design, the time for downloading the Address Book is randomized between 0 and 60 minutes. Setting
the value of the registry key that controls the download to 0 can eliminate a delay of up to an hour. The
registry key for a Skype for Business client that installs during an upgrade from Lync 2013 to Skype for
Business Server is HKLM\Software\Policies\Microsoft\Office\15.0\Lync\GALDownloadInitialDelay.
However, if the Skype for Business client installs during a new Skype for Business Server deployment, then
the registry key is HKLM\Software\Policies\Microsoft\Office\16.0\Lync\GALDownloadInitialDelay.
To confirm that the Address Book Service can be contacted, perform the following steps:
1. Copy the URL from the GAL Status field in the Skype for Business Configuration Information window
that you can open by pressing the Ctrl key, and then right-clicking the Skype for Business icon in
the Windows notification area.
2. Start Internet Explorer, and then paste the URL in the address bar. A message displays from Internet
Explorer, indicating whether the computer can access the URL:
a. Successful. Internet Explorer cannot display the webpage. The connection is successful, but
because there is no HTML page to display, Internet Explorer cannot display the page.
b. Unsuccessful. The webpage cannot be found. If the URL is inaccessible from the system, Internet
Explorer reports that the location cannot be found or is inaccessible.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 4-27
Demonstration Steps
1. In the Skype for Business Server Management Shell, type the following command, and then press
Enter to get the current configuration:
2. Examine the description and the list of available parameters and examples, type the following
command, and then press Enter to get the current configuration:
Get-
CsAddressBookConfiguration
6. Confirm that the Address Book download time changed to 2:30 A.M.
When you finish the demonstration, revert the virtual machines to their initial state. To do this, perform
the following steps:
Objectives
After completing this lab, you will be able to:
Lab Setup
Estimated Time: 30 minutes
Password: Pa$$word
For this lab, you will use the available virtual machine environment. Each of the virtual machines that were
started in Lab A should still be running. In addition, you should:
1. Start 20334B-LON-CL2.
Task 1: Make a script to create the settings that the scenario requires
1. On LON-SFB1, on the taskbar, right-click Windows PowerShell, and then select Windows
PowerShell ISE.
2. In the Windows PowerShell Integrated Scripting Environment (ISE) Script Pane type the following
command, and then press Enter:
Import-Module SkypeforBusiness
3. In the Windows PowerShell ISE Script Box, type the following command, and then press Enter:
4. In Windows PowerShell ISE, type the following commands on separate lines, and then press Enter:
5. On the toolbar at the top of the Windows PowerShell ISE window, click File, click Save As, click Local
Disk (C:), and then click Labfiles. In the File name text box, type ClientPolicies.ps1, and then click
Save.
Note: If you cannot click Save As, click the Script drop-down list, and then you can click
Save As.
6. Open the Skype for Business Server Management Shell, type the following command, and then press
Enter:
C:\labfiles\ClientPolicies.ps1
7. In the Skype for Business Server Management Shell, type the following command, and then press
Enter:
2. On LON-CL2, click Start, click All apps, and then click Skype for Business 2016.
3. Sign in to the Skype for Business client as Adam@adatum.com with the password Pa$$w0rd. Clear
the Save my password check box.
4. On LON-CL1, in the Skype for Business search box, type Adam@adatum.com, and then double-
click Adam Barr. Type some message text, and then press Enter.
5. On LON-CL2, click the Amr Zaki notification that appears on the screen.
MCT USE ONLY. STUDENT USE PROHIBITED
4-30 Configuring Users and Clients in Skype for Business 2015
7. The message should display indicating all communications will be logged in each message window.
8. After verifying that the message displays, sign out of Skype for Business on both LON-CL1 and
LON-CL2.
Results: After completing this exercise, you should have created the global policy that will apply to users
who do not receive the tagged policy.
2. Edit a GPO that sets no delay for the Address Book download.
3. On LON-DC1, in Server Manager, click Tools, and then click Group Policy Management.
4. In the GPMC, expand Forest, expand Domains, right-click Adatum.com, and then click Create a
GPO in the domain, and Link it here.
5. In the Name text box, type Address Book No Delay GPO, and then click OK.
6. In the console tree, expand Adatum.com, and then click Group Policy Objects.
7. In the Group Policy Management Console, right-click Address Book No Delay GPO that you just
created, and then click Edit.
Task 2: Edit a GPO that sets no delay for the Address Book download
1. On LON-DC1, in the Group Policy Management Editor, expand User Configuration, expand Policies,
expand Administrative Templates, expand Microsoft Lync 2013, click Microsoft Lync Features
Policies, and then double-click Global Address Book Download Initial Delay.
2. Click Enabled, below the Option section, type 0, and then click OK.
4. Restart the Skype for Business client, and then sign in as Amr@adatum.com with the password
Pa$$w0rd.
2. In the Virtual Machines list, right-click 20334B-LON-DC1, and then click Revert.
Results: After completing this exercise, you should have created a Group Policy Object (GPO) that will
eliminate the delay in deploying the Address Book.
Question: What do you use to deploy Skype for Business Group Policy settings?
Question: Some users in your organization want to keep using Lync 2013 after upgrading the
clients to Skype for Business 2015. What is the best way to accomplish this?
MCT USE ONLY. STUDENT USE PROHIBITED
4-32 Configuring Users and Clients in Skype for Business 2015
What do you do? The answer is to create pinpoint DNS zones. This type of DNS zone is a single record
that is represented by the zone itself. For example, if you need to have _sipinternaltls._tcp.adatum.com as
a service (SRV) resource record that points to pool.adatum.com for internal client resolution, you would
create a pinpoint DNS zone record for both zones, "_sipinternaltls._tcp.adatum.com" and
"pool.adatum.com" by using, for example, the Dnscmd command-line tool.
The following is an example:
Module 5
Configuring and Implementing Conferencing in
Skype for Business 2015
Contents:
Module Overview 5-1
Lesson 2: Integrating Skype for Business Server and Office Online Server 5-11
Module Overview
Conferencing is one of the important business drivers behind many Skype for Business Server 2015
adoptions, either in the cloud, on-premises, or as a hybrid deployment.
Skype for Business Server 2015 includes an intuitive UI, broad device support, web-based meetings,
familiar Skype interface, and easy scheduling by using Microsoft Outlook or web scheduling. With such
features, conferencing in Skype for Business Server 2015 provides a robust and scalable platform for
employees, partners, and external contacts to collaborate and share information.
Objectives
After completing this module, you will be able to:
• Integrate Skype for Business Server 2015 with Microsoft Office Online Server.
Lesson 1
Introduction to Conferencing in Skype for Business 2015
Conferencing is a core feature of Skype for Business Server. The use of the conferencing features in Skype
for Business Server requires a good understanding of the components and the dependencies for carrying
out tasks that relate to managing and administering the conferencing platform.
Skype for Business Server includes various conferencing modes, intuitive conferencing features, and
conferencing architecture and infrastructure components. To implement conferencing, you should be
familiar with all of these components. You should also be familiar with call flows among conferencing
components, and you should be able to describe the considerations for deploying and migrating Skype
for Business Server.
Lesson Objectives
After completing this lesson, you will be able to:
• Describe the conferencing modes in Skype for Business Server.
• Compare the Skype for Business desktop client with the Skype for Business Web App.
• Describe how Skype for Business integrates with Outlook.
A/V conferencing
A/V conferencing enables users to have real-time
audio and video conferences without the need for
external services such as the Microsoft Office Live
Meeting service or a non-Microsoft audio bridge.
A/V conferencing requires appropriate client devices such as headsets for audio conferences and
webcams for video conferences.
With a single click, users can schedule a meeting from Outlook. Details such as meeting time, location,
and attendees are based on the familiar Outlook meeting-scheduling experience. Additionally, conference
call–specific information such as dial-in numbers, meeting IDs, and PIN reminders are automatically
populated.
To help ensure that only authorized people participate in a conference, Skype for Business Server provides
multiple levels of authentication for participants. Users who join by using Skype for Business desktop
client (Skype for Business Client) automatically authenticate through Active Directory Domain Services
(AD DS) and do not need to enter a PIN, pass code, or meeting ID.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 5-3
Skype for Business helps simplify the video conferencing experience for users by incorporating video
into the unified client so that joining a conference with video or spontaneously escalating to video is
seamless—users simply start their webcams. Skype for Business Server helps makes it easy to add video
to a standard call with just one click. When multiple participants are in a video call or a conference, each
user can see video from up to five other users simultaneously, or a presenter can choose for all attendees
to see just one video source.
High-definition video (resolution 1920 × 1080 or 1270 × 720, aspect ratio 16:9) and VGA video (resolution
640 × 480, aspect ratio 4:3) are supported for peer-to-peer calls between users who are running
Skype for Business on computers with the required configuration. The resolution at which each participant
in a conversation views video might differ depending on the video capabilities of each user’s hardware.
Web conferencing
Web conferencing allows users to share and collaborate on documents, such as Microsoft PowerPoint
presentations, during online conferences. Additionally, users can share all or part of their desktop
with each other in real time. Web conferencing is integrated with the overall enterprise messaging
infrastructure of Skype for Business Server. When combined with A/V conferencing, web conferencing
delivers real-time collaboration that is simple to manage by using conferencing policies, which is where
you can control all aspects of conferencing features.
Dial-in conferencing
Dial-in conferencing enables users to join the audio portion of a Skype for Business Server conference
by using a public switched telephone network (PSTN) phone without requiring a non-Microsoft audio
conferencing provider.
Note: Module 6, “Skype for Business Server Additional Conferencing Options,” will cover
dial-in conferencing.
Broadcast meetings
Skype for Business Server supports broadcast meetings with up to 10,000 participants. This is possible
through the use of the Microsoft Office 365 infrastructure in a cloud-based deployment or in a hybrid
deployment.
Note: Module 6, “Skype for Business Server Additional Conferencing Options,” covers
broadcast meetings.
MCT USE ONLY. STUDENT USE PROHIBITED
5-4 Configuring and Implementing Conferencing in Skype for Business 2015
• Join Launcher:
o Skype for Business Server automatically detects a connecting client’s capabilities and starts the
locally installed, supported client, or it redirects to the Skype for Business Web App.
• Video enhancements:
o Gallery View and HD video conferencing. In video conferences, users can see videos of up to five
conference participants at the same time.
o HD video. Users can experience resolutions up to HD 1080p in two-party presenter only video
mode. Presenters can configure a conference so that only the presenter’s video displays. This
mode prevents distractions in large conferences when multiple video streams are available and
locking to different sources. This mode also applies to video that conferencing devices capture
and provide.
o Video Spotlight. Presenters can configure a conference so that everyone in the conference sees
only the video from a selected participant who is a video source. This mode also applies to video
that conferencing devices capture and provide for panoramic video.
• VDI plug-in:
o The Skype for Business client supports audio and video in a Virtual Desktop Infrastructure (VDI)
environment. A user can connect an audio or video device (for example, a headset or a camera)
to the local computer (for example, a thin client or a repurposed computer) from where the
connection to the VDI environment is made. The user can connect to the virtual machine, sign in
to the Skype for Business client that is running on the virtual machine, and participate in real-
time audio and video communication as though the client is running locally. The client
connection is split between two IP addresses: the IP address of the virtual environment, and the
IP address of the local client on which the VDI plug-in is running. All audio and video is sent
directly to the local client IP thus bypassing the virtual environment.
Note: The use of VDI plug-In requires the client policy to allow for media redirection.
Beware of bitness requirements that differ between Microsoft and non-Microsoft VDI solutions.
VDI plug-in clients receive only active speaker video; Gallery View is not supported.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 5-5
Administrative features
The Skype Meeting Add-in, an Outlook scheduling add-in, includes the following administrative features:
Participant features
Skype for Business Server includes the following participant features:
• Merge This Call Into:
o While in a meeting, users can merge another open conversation into a meeting by using the
Merge This Call Into feature from the More Options menu.
If a user who is already in a call answers an incoming call or initiates a new call, the first call is
automatically placed on hold. On the More Options (…) menu, the user can merge the second call
(or any other call that is currently on hold) into the first call.
MCT USE ONLY. STUDENT USE PROHIBITED
5-6 Configuring and Implementing Conferencing in Skype for Business 2015
o To see participants’ names, users can click the View Participants button, or they can click Show
Participant List to dock the panel in the meeting window.
Presenter features
Skype for Business Server includes the following presenter features:
o Users can use the Manage Presentable Content menu to choose the content they want to
share.
o Users can switch between content types by using the Present button.
o When Skype for Business detects that a user is sharing, Skype for Business automatically assigns
the user a Presenting status. This status equals Do Not Disturb and blocks all incoming
communications unless the sender is assigned the Workgroup privacy relationship. If the user is
using the sharing feature entirely on a secondary monitor, Skype for Business does not assign a
Presenting status.
• Presentation mode:
o In an A/V conference, a presenter can set the conference state so that all other participants,
including anybody who subsequently joins the meeting, are muted. While the conference is in
this state, individual participants cannot unmute themselves. The presenter can later change the
conference state—for example, to open the conference for questions. At that time, users receive
a notification that they can now unmute themselves.
Conferencing Clients
Using the Skype for Business full client provides the
optimal user experience with access to features like
recording and changing the conferencing layout—
for instance, moving a video feed to a different
monitor. If the client is installed locally, the Join
Launcher will automatically start it when a Skype
meeting invitation is selected.
The Skype for Business client builds on the success of the Lync 2013 client. When a user upgrades from
Lync 2013 to the Skype for Business, the user will find all base functionality to be equal between the
versions. One major difference in terms of functionality is the shift from using mouse hovering to actual
clicks when selecting menus and actions.
There are no user interface differences between the Skype for Business 2015 and the Skype for Business
2016 client.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 5-7
Besides the full-featured clients that are available for Mac and Windows, Skype for Business Server
supports a wide range of conferencing clients that run on mobile devices. Free clients are available in
the respective app stores for the iOS, Windows Phone, and Android platforms.
If connecting from a PC or Mac that does not have a locally installed Skype for Business client or another
supported client, a user will be taken to the Skype for Business Web App for a nearly full-featured
conferencing experience that runs directly in most common browsers.
• iOS devices
• Windows 8 or later
• Internet Explorer 10
Join Launcher is a small application that runs on each Front End Server. It helps you start the right client
(such as a computer or mobile, even without a Skype for Business or Lync client endpoint installed). If no
installed client endpoint is found, the Skype for Business Web App starts. If it starts from a supported
mobile device that does not have a client, the user is redirected to the appropriate app store to download
the free Skype for Business mobile client.
If the necessary plug-in to start the Skype for Business Web App is not already installed, the user will be
offered the option to install it. This does not require local administrator permissions, but runs as a user-
level install.
Participating from the Skype for Business Web App offers a meeting experience very close to that of the
full-featured Skype for Business client, with a few limitations. For instance, recording is not supported
from the Skype for Business Web App, nor is access to granular device controls.
Note: Although an end user can install the Skype for Business meeting plug-in without
administrative rights, the user cannot reconfigure Windows Firewall if it is active and controlled
by Group Policy.
In a multiple-pool environment, the pool that is conducting the conference will service Skype for Business
Web App requests, as all front-ends and directors across the Skype for Business and Lync server
infrastructure can act as proxies for the home pool of the meeting organizer. If internal, clients will receive
a redirect to connect to the appropriate pool.
MCT USE ONLY. STUDENT USE PROHIBITED
5-8 Configuring and Implementing Conferencing in Skype for Business 2015
In a hybrid deployment, the meeting URL will point to the on-premises installation of Skype for Business
Server 2015. Here the Deployment Locator will determine whether the meeting is on-premises or in the
cloud, and it will update the client connection URL to point to the actual meeting location.
Note: To bypass Join Launcher and go straight to the Skype for Business Web App, you can
append ?SL=1 to the end of the meeting join URL.
Demonstration Steps
1. Sign in to LON-CL1 as Adatum\Ed with the password Pa$$w0rd and then switch to the Skype for
Business client.
4. Paste the meeting URL into Internet Explorer, and then append ?SL=1 to the URL to skip client
detection and to go straight to the web app.
5. Join the meeting as a guest—type your name as display name.
Outlook Integration
When installing Skype for Business, a new plug-in
named New Skype Meeting is installed if Outlook
2010, Outlook 2013, or Outlook 2016 is already
installed on the computer.
2. When you click New Skype Meeting on the Home tab in Calendar view, Outlook calls the locally
running Skype for Business client, which in turn checks your conferencing policy and meeting
configuration and then requests a meeting ID.
3. The Skype for Business client hands the required meeting link, including the meeting ID, back to
Outlook, which displays the received information as Join Skype Meeting content in the meeting
invitation.
4. From here, you can schedule the meeting by using the Outlook Scheduling Assistant as usual.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 5-9
After you have set up a Skype meeting, you can access Skype meeting options from the Skype Meeting
group on the Meeting tab of the meeting invitation.
From the Skype Meeting Options window, an organizer can access the following settings:
• Meeting space:
o My dedicated space
• Lobby settings:
o Organizer only
o People I choose
• Limit participation:
o Disable IM
If the conferencing policy assigned to the organizer allows dial-in conferencing, the Phone menu
provides access to:
o Invitations will contain numbers from the selected region. You can configure regions in the dial-
in plan. The Dial-In page groups the numbers according to the defined regions.
o All numbers that are found on the Dial-In page can be used.
When a user changes options in the Skype Meeting Options window, the user can choose to remember
the settings for future Skype meetings.
Question: How do you install the New Skype Meeting plug-in in Microsoft Outlook?
Verify the correctness of the statement by placing a mark in the column to the right.
Statement Answer
Question
What happens to a presenter’s presence when he or she chooses to share his or her desktop?
Lesson 2
Integrating Skype for Business Server and Office Online
Server
For using PowerPoint presentations in Skype for Business meetings, Office Online Server is the preferred
method over sharing the actual PowerPoint app.
Sharing an app such as PowerPoint uses Remote Desktop Protocol (RDP). This potentially uses
unnecessary bandwidth and hinders the use of media files such as embedded video clips in presentations
that require higher bandwidth. RDP bandwidth requirements might give users on low-bandwidth
connections an inferior experience to that of showing a PowerPoint presentation by using Office Online
Server via the Present PowerPoint Files option in Skype for Business. Further, local playback and local
annotations require Office Online Server.
Lesson Objectives
After completing this lesson, you will be able to:
• Install and configure Office Online Server for Skype for Business Server.
You use Office Online Server in read-only mode with Skype for Business Server; however, you can share
Office Online Server with other products, such as Microsoft SharePoint and Microsoft Exchange.
From a topology viewpoint, you might want to consider the physical placement of Office Online Servers.
When a participant uses a PowerPoint file, it is presented to the participants from the Office Online
Servers by using HTTPS, with a Proxy as an intermediary when the participant is external. In most
deployments, you will find that each configured Skype for Business pool has its own Office Online
Server farm.
MCT USE ONLY. STUDENT USE PROHIBITED
5-12 Configuring and Implementing Conferencing in Skype for Business 2015
7. Office Online Server retrieves file information from Skype for Business Server.
8. Office Online Server retrieves the file.
9. The presenter presents the PowerPoint presentation from Office Online Server to the client.
• Configure certificates
Demonstration Steps
1. On LON-SVR1, start Office Online Server setup by running D:\Setup.exe as an administrator, and
then complete the installation by accepting all defaults.
3. Obtain a Transport Layer Security (TLS) certificate from the internal certification authority (CA).
4. Request a new personal certificate.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 5-13
5. Use the Adatum Web Server template with the following details:
o Name: WACCert
7. Configure an Office Online Server farm by using the Windows PowerShell command-line interface
running as Administrator.
8. Use the following command to set up the Office Online Server farm:
9. Check that the Office Online Server responds with configuration settings:
o Confirm that you get an XML document that contains the configuration settings.
10. Switch to LON-SFB1, add a new Office Online Server to the Skype for Business Server topology, and
then publish it.
Sequencing Activity
The following are the steps for installing and configuring Office Online for Skype for Business. Arrange
them in the correct order by numbering each step.
Steps
Obtain a certificate.
Objectives
After completing this lab, you will be able to:
• Obtain and configure the certificate that Office Online Server uses.
Lab Setup
Estimated Time: 30 minutes
Password: Pa$$w0rd
For this lab, you will use the available virtual machine environment.
Before you begin the lab, complete the following steps:
1. You need access to the Office Online installation CD on your host machine at C:\Program Files
\Microsoft Learning\20334\Drives\OfficeOnlineServerTechPreview.iso. You can add the ISO image
as DVD media in Hyper-V Manager to 20334B-LON-SVR1. Your instructor will show you how.
a. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V
Manager.
b. In Microsoft Hyper-V Manager, click 20334B-LON-DC1, and then in the Actions pane, click
Start.
c. In the Actions pane, click Connect. Wait until the virtual machine starts.
Note: At the end of this lab, do not shut down or revert the virtual machines; they are
needed in the next lab.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 5-15
3. Obtain a TLS certificate from the internal CA. Request a new personal certificate.
4. Use the Adatum Web Server template with the following details:
Task 2: Configure an Office Online Server farm for Skype for Business
1. On LON-SVR1, configure an Office Online Server farm by using Windows PowerShell running as
Administrator.
2. Use the following command to set up the Office Online Server farm:
3. Check that the Office Online Server responds with configuration settings:
o Validate that you get an XML document that contains the configuration settings.
MCT USE ONLY. STUDENT USE PROHIBITED
5-16 Configuring and Implementing Conferencing in Skype for Business 2015
Task 3: Add Office Online Server to the Skype for Business topology
• Switch to LON-SFB1, open Skype for Business Server 2015 Topology Builder, add a new Office Online
Server named LON-SVR1.adatum.com to the Skype topology, and then publish it.
Note: This completes this lab. Please do not shut down the virtual machines—you will need
them in the next lab.
Results: After completing this exercise, you should have installed and configured Microsoft Office Online
Server on LON-SVR1, and added Office Online Server to the Skype for Business topology.
Question: Why did you add the name LON-SVR1.adatum.com twice on the request
certificate?
Question: Can you use the same name as both an internal and external URL when
configuring Office Online Server?
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 5-17
Lesson 3
Bandwidth Planning
Using conferencing features such as audio, video, desktop sharing, and application sharing has a big
impact on the overall load on a network. This is particularly true if your organization has a large number
of concurrent users who attend conferences, or if your organization has bandwidth restrictions between
organizational locations or the Internet. Understanding the bandwidth requirements for each
conferencing option will help you plan for your network requirements.
Note: Skype for Business Server supports using Group Policy–based Quality of Service
(QoS), but configuring these policies is out of the scope of this course.
Lesson Objectives
After completing this lesson, you will be able to:
• Describe the codecs that audio and video conferences use.
• Describe the basic configuration and function of call admission control (CAC).
• Explain how user behavior and conferencing settings affect network usage.
o Who are the users, and what are their needs? Different job functions have different needs. For
example, an IT professional’s needs are different from someone working on a manufacturing line.
• Network assessment:
o How much bandwidth will be available for Skype for Business Server?
• QoS:
o Should you revise current Group Policy design to accommodate for QoS configuration of client
machines?
SIP
Session Initiation Protocol (SIP) is an Internet
Engineering Task Force–defined signaling protocol
that is widely used for controlling communication
sessions such as voice and video calls over IP. The
protocol can be used for creating, modifying, and
terminating two-party (unicast) or multiparty
(multicast) sessions. Sessions might consist of one or
several media streams.
SRTP
The Real-Time Transport Protocol (RTP) defines a standardized packet format for delivering audio and
video over IP networks. RTP is used extensively in communication and entertainment systems that involve
streaming media, such as telephony, video teleconferencing apps, television services, and web-based
push-to-talk features. RTP is used with the Real-Time Control Protocol (RTCP). While RTP carries media
streams (for example, audio and video), RTCP is used to monitor transmission statistics and QoS, and it
aids synchronization of multiple streams. RTP is originated and received on even port numbers, and the
associated RTCP communication uses the next higher odd port number. RTP is one of the technical
foundations of Voice over Internet Protocol (VoIP), and in this context, it is often used with a signaling
protocol to assist in setting up connections across a network.
Secure Real-Time Transport Protocol, or Secure RTP (SRTP), is an extension of RTP that incorporates
enhanced security features. Like RTP, it is intended particularly for VoIP communications.
RTCP
RTCP is the corresponding protocol to RTP. The RTP specification (RFC 3550) defines its basic functionality
and packet structure, superseding its original standardization in 1996 (RFC 1889). RTCP provides out-of-
band statistics and control information for an RTP flow. It partners RTP in the delivery and packaging of
multimedia data, but it does not transport any media streams itself. Typically, RTP will be sent on an even-
numbered User Datagram Protocol (UDP) port, with RTCP messages sent over the next higher odd-
numbered port. The primary function of RTCP is to provide feedback on QoS in media distribution by
periodically sending statistics information to participants in a streaming multimedia session. RTCP gathers
statistics for a media connection and information such as transmitted octet and packet counts, lost packet
counts, jitter, and round-trip delay time. An application might use this information to control QoS
parameters, perhaps by limiting flow, or by using a different codec.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 5-19
What happens when a network suffers from high packet loss? In this case, the forward error correction
(FEC) process occurs. Because both clients continuously report on network conditions by using RTCP, they
observe the need for mitigation of poor network conditions. FEC essentially adds redundant information
to each packet. In the example on the slides, the packets that the yellow boxes numbered 2, 3, and 4
represent are transmitted twice in separate packets.
This results in missing packets at the receiver site. During a normal transmission, about 50 percent of the
packets would be lost, meaning that boxes 2, 3, and 4 are permanently lost. Because of FEC, only 3 is now
lost. However, because of error correction, the impact is not as severe as it would have been without FEC.
Finally, to reconstruct lost packet number 3, the slide shows that the audio healer tries to reconstruct the
original information based on prediction. The audio quality will not be optimal for that portion of the call,
but it will be better than it otherwise might have been.
Note: Official server hardware recommendations are based on a 12-server pool with 80,000
configured users. Some real-life deployments call for downscaling.
The table on the slide provides some general metrics to show how different network conditions affect
audio and video quality, and it can help you establish some network performance goals. The more
performance deviates from these goals, the more likely that users will experience poor voice quality. The
table also lists some of the attributes of the network conditions that contribute to overall voice quality.
MCT USE ONLY. STUDENT USE PROHIBITED
5-20 Configuring and Implementing Conferencing in Skype for Business 2015
Components such as routers and switches cause latency, as do the laws of physics. The length of the cable
(Ethernet or fiber) will also introduce delays.
Jitter (average)
Jitter leads to latency or packet loss. Jitter is the undesired deviation from true periodicity of an assumed
periodic signal in electronics and telecommunications. Although packets are sent at regular intervals, the
arrival (reception) might not be as predictable because of network conditions, competing data streams,
and other factors.
• Siren
• G.722
For conferencing, Skype for Business Server does not use the SILK codec that Skype Public uses. Skype
Public is only supported in P2P sessions.
Also, note that P2P communications between Skype for Business clients use the RTAudio codec. Only
PSTN calls use G.711, either directly from a Skype for Business client to audio gateway (media bypass) or,
more commonly, from mediation server to audio gateway.
G.722 stereo is only used in conjunction with Lync Room Systems (LRS).
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 5-21
Bandwidth
Bandwidth
audio Bandwidth audio
Audio audio
payload, IP payload, IP
payload payload
Audio codec Scenario header, header, UDP,
bit rate and IP
UDP, RTP, RTP, SRTP, and
(Kbps) header
and SRTP FEC (Kbps)
only (Kbps)
(Kbps)
RTVideo
RTVideo is the Microsoft default video codec for
Office Communications Server 2007 and the
Communicator 2007 client. It is a proprietary
Microsoft implementation of the VC-1 codec for
real-time transmission purposes. Microsoft
extensions to VC-1 are based on cached frame and
Super P-frame (SP-frame). Additionally, it includes system-level enhancements for recovery of packet loss
on IP networks—FEC and error concealment.
MCT USE ONLY. STUDENT USE PROHIBITED
5-22 Configuring and Implementing Conferencing in Skype for Business 2015
H.264
Skype for Business builds on the hardware acceleration for video encoding and decoding of the
H.264/MPEG-4 Part 10 Advanced Video Coding standard, which Lync 2013 introduced. This feature allows
computers with lower central processing unit (CPU) clock speeds to encode and decode higher resolution
video. Video hardware requirements vary depending on the computer configuration and the desired
video resolution.
Note that video always contains FEC data, so no separate data is available.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 5-23
Overview of CAC
Skype for Business Server includes the optional use
of CAC. By using bandwidth policies that apply to
defined network sites and network region link,
Skype for Business Server can prevent over-
subscription of bandwidth by limiting the number
of concurrent audio and video sessions and by
dictating the maximum allowed bandwidth per
session, thus controlling the available codec options
like FEC.
When CAC and bandwidth policies apply, the client that receives an incoming call requests permission
from the CAC system to accept the call. If there are available connections, the CAC system informs the
client of the bandwidth allowance and displays the incoming call toast. If no available connections exist,
the CAC system can redirect the incoming call if the receiving client’s voice policy allows it.
If the caller and the receiver are on different sites, each with its own A/V Edge Server (also known as Edge
server for Media in Topology Builder), the two Edge servers can redirect the call via the Internet. If
redirection via the Internet is not available, PSTN redirects the call when a direct inward dialing number
exists for the call’s receiver and when the receiver’s voice policy has the Enable PSTN reroute option
enabled.
Administrators can exempt individuals or groups of users from CAC by assigning a voice policy with the
Enable bandwidth policy override option enabled. Emergency dialing (911 and 112) is never blocked
because of CAC.
• Configure subnets
• Configure sites
Demonstration Steps
1. On LON-SFB1, open Skype for Business Server Control Panel, and then go to Network Configuration.
4. Add the subnet 172.16.0.0/24, and then link it to the London site.
5. Create a bandwidth policy named London Limit with the following values:
Lesson 4
Configuring Conferencing Settings
Skype for Business Server offers a full-featured conference solution. Knowing how to configure and
control access to the different functionalities is crucial for a successful deployment of Skype for Business
Server conferencing.
This lesson will show you how to configure the conferencing settings and policies, and it will introduce the
concept of limiting IP ports that are used for different modalities such as audio, video, sharing, and file
transfers.
Lesson Objectives
After completing this lesson, you will be able to:
• Explain how to use the Skype for Business Server Management Shell to configure conferencing
policies.
• Manage conferencing policies by using the Skype for Business Server Management Shell.
Ground rules
Any given conference has only one applied
conferencing policy—namely, that of the meeting
organizer. A conferencing policy sets the level of
access and the features that are available; all
presenters in a meeting share the conferencing
policy that belongs to the organizer.
You must grant user-level conferencing policies by using Skype for Business Server Control Panel or the
Skype for Business Server Management Shell.
Most conferencing policy settings are available by using Skype for Business Server Control Panel, but
certain settings, like maximum bandwidth allowance for audio, video, application and screen sharing, and
file transfers, are only available by using the Skype for Business Server Management Shell.
o Number of allowed participants; overflow users will be turned away with a notice that the
meeting is full
• Anonymous users:
• Recording:
o Either users from same deployment only or all users can record
• Audio/video:
o Disable or enable audio only or enable audio and video
o Control multiple video streams—that is, gallery view or only the active speaker
• Data collaboration:
• Application sharing:
• Participant policy:
AllowAnonymousUsersToDialOut
AllowAnonymousParticipantsInMeetings
AllowFederatedParticipantJoinAsSameEnterprise
AllowExternalUsersToSaveContent
AllowExternalUserControl
AllowExternalUsersToRecordMeeting
AllowPolls
AllowSharedNotes
AllowQandA
AllowOfficeContent
EnableDialInConferencing
EnableAppDesktopSharing
AllowConferenceRecording
EnableP2PRecording
EnableFileTransfer
EnableP2PFileTransfer
EnableP2PVideo
AllowLargeMeetings
EnableOnlineMeetingPromptForLyncResources
EnableDataCollaboration
MaxVideoConferenceResolution
MaxMeetingSize
AudioBitRateKb
VideoBitRateKb
AppSharingBitRateKb
FileTransferBitRateKb
TotalReceiveVideoBitRateKb
EnableMultiViewJoin
MCT USE ONLY. STUDENT USE PROHIBITED
5-28 Configuring and Implementing Conferencing in Skype for Business 2015
Note: You can control settings that relate to resolution and transfer bit rates only from the
Skype for Business Server Management Shell.
When creating a new conferencing policy by using the Skype for Business Server Management Shell, use
the following format:
For example:
For example:
For example:
To delete a conferencing policy from Skype for Business Server, use the following format:
For example:
Note: Skype for Business Server will issue a warning if a policy is currently assigned to any
users.
With the Skype for Business Server Management Shell, you can perform batch operations on multiple
users by using filters in your queries.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 5-29
• Open the Skype for Business Server 2015 Management Shell as an administrator
• Create a new policy called Testpol
Demonstration Steps
1. On LON-SFB1, open the Skype for Business Server Management Shell as Administrator.
2. Create a new conferencing policy named Testpol by using New-CsConferencingPolicy.
3. Disallow the use of Q&A sessions in the Testpol conferencing policy by using Set-
CsConferencingPolicy.
4. Validate the new setting in the Testpol conferencing policy by using Get-CsConferencingPolicy.
Verify the correctness of the statement by placing a mark in the column to the right.
Statement Answer
Statement Answer
Server Management Shell.
Question: Which conferencing policy is applied in a meeting: that of the organizer or the
current presenter?
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 5-31
Your task is to configure the required conferencing policies and assign them to users based on their
location in the adatum.com Active Directory domain.
Objectives
After completing this lab, you will be able to:
Lab Setup
Estimated Time: 30 minutes
Password: Pa$$w0rd
For this lab, you will use the available virtual machine environment. This lab requires the following virtual
machines, which should still be running from the previous lab:
• 20334B-LON-DC1
• 20334B-LON-SFB1
• 20334B-LON-SFB2
• 20334B-LON-SQL1
• 20334B-LON-RTR
• 20334B-LON-EX1
• 20334B-LON-SVR1
For this lab, you also need to start 20334B-LON-CL1 and 20334B-LON-CL2.
Before you begin the lab, complete the following steps:
1. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2. In Hyper-V Manager, click 20334B-LON-CL1, and then in the Actions pane, click Start.
o User name: Ed
o Password: Pa$$w0rd
o Domain: Adatum
5. In Hyper-V Manager, click 20334B-LON-CL2, and then in the Actions pane, click Start.
o Password: Pa$$w0rd
o Domain: Adatum
2. Use Skype for Business Server 2015 Control Panel to configure a new conferencing policy named
Management, and then disallow external participants from downloading content. Sign in to
Skype for Business Server 2015 Control Panel as Adatum\Administrator with the password
Pa$$w0rd.
2. Grant the Management policy to all users in the Managers OU by using Skype for Business Server
2015 Control Panel.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 5-33
4. In the Conversation (2 Participants) window, in the lower-right corner, click More Options. Note that
there is no option to share the desktop or applications.
5. On both client machines, hang up and close the conference windows.
8. Switch to LON-CL1, and then accept the invitation from Amr Zaki.
10. Switch to LON-CL1, and then check how remote desktop sharing works.
11. Switch to LON-CL1, and then stop presenting.
2. In the Virtual Machines list, right-click 20334B-LON-DC1, and then click Revert.
Results: After completing this exercise, you should have configured two new conferencing policies named
IT and Management, and you will have configured them according to A. Datum specifications.
Question: When would you use the Skype for Business Server Management Shell be over
Skype for Business Control Panel?
Bad audio
Review Question
Question: What is the default meeting size?
• High-definition video is not enabled by default; you can enable it by using Set-
CsMediaConfiguration.
MCT USE ONLY. STUDENT USE PROHIBITED
6-1
Module 6
Implementing Additional Conferencing Options in
Skype for Business Server 2015
Contents:
Module Overview 6-1
Module Overview
Skype for Business Server 2015 enables an administrator to exert a high degree of control on the
conferencing life cycle and the policies that control the conferencing experience. Understanding the
conferencing life cycle and policies will help you design and implement additional conferencing options,
such as content retention and the lifetime of abandoned meetings. Additionally, this knowledge will assist
you with troubleshooting.
Skype for Business Server includes support for dial-in conferencing, which allows external participants to
join the audio portion of a meeting via a public switched telephone network (PSTN). This module will
teach you the basics of Session Initiation Protocol (SIP) trunking and the required minimum setup for
dial-in conferencing.
Skype for Business Server includes support for LRS, the Microsoft-endorsed meeting room solution. This
module will teach you how to perform basic LRS setup, including required configuration in the Microsoft
Exchange environment.
The recommended default meeting size in Skype for Business Server is up to 250 participants. However,
designing an on-premises Skype for Business Server deployment that supports up to 1,000 simultaneous
participants is possible. Obviously, hosting a meeting with 1,000 simultaneous audio and/or video streams
would require substantial available bandwidth. With Skype for Business Server configured in the cloud or
as a hybrid deployment, Skype Meeting Broadcast can now support up to 10,000 participants. This
module discusses Skype Meeting Broadcast later.
MCT USE ONLY. STUDENT USE PROHIBITED
6-2 Implementing Additional Conferencing Options in Skype for Business Server 2015
Objectives
After completing this module, you will be able to:
• Configure the infrastructure for the Microsoft Lync Room System (LRS).
Lesson 1
Overview of the Conferencing Life Cycle
The conferencing life cycle refers to the entire process of setting up and hosting conferences in
Skype for Business. The conferencing life cycle includes conference creation, content upload, and
using shared content until a meeting expires and all content deletes.
To support and operate a conferencing system, you need to know Skype for Business Server’s default
behavior, and you need to know how to change the required policies to control the environment—for
example, when to delete uploaded content from a meeting space.
Lesson Objectives
After completing this lesson, you will be able to:
1. Conference creation:
2. Conference activation:
o For scheduled meetings, activation occurs when the first authenticated user joins the meeting.
3. Conference deactivation:
o Conferences deactivate when the presenter clicks End Meeting in the More Options menu.
o Conferences deactivate 10 minutes after the last authenticated user leaves the conference.
4. Conference expiration:
o Conference expiration is the time from conference deactivation until the information about the
conference is removed from Skype for Business Server Back End databases and the content that
was in the meeting space deletes.
Conference creation
When a user schedules a conference or uses the
Meet Now feature, the meeting client—the Skype
meeting plug-in for Microsoft Outlook or the Lync
2010, Lync 2013, or Skype for Business 2013
client—contacts the Focus Factory in
Skype for Business Server.
Focus Factory is a component that checks the conferencing policy of a meeting organizer and responds
to the meeting client with the conferencing capabilities and connection information. In a Meet Now
meeting, the Skype for Business client consumes the returned information to connect immediately. If the
Skype meeting plug-in for Outlook is used, the returned information passes as connection information
that displays in the meeting invitation.
When Focus Factory determines that a user might schedule a meeting, it generates a meeting ID and
writes the references regarding the meeting to the back-end database.
Note: Meet Now meetings are scheduled meetings that activate immediately. Focus
Factory has the same responsibilities regardless of a meeting being Meet Now or scheduled.
Conference activation
Conference activation occurs when an authenticated user joins a meeting, which in turn starts the
conferencing deactivation timer. A Meet Now meeting activates when the meeting starts.
Authenticated users validate by using user names and passwords against Active Directory Domain Services
(AD DS) or by using phone numbers and PINs. When connecting from a Skype for Business 2015 client,
authentication occurs at sign-in.
Conference Deactivation
Conference deactivation occurs when a meeting is
idle, no authenticated users are in the meeting
space, or a presenter clicks End Meeting on the
More Options menu.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 6-5
Note: Authenticated users are users from an organization’s Skype for Business 2015
deployment who have accounts in the AD DS domain. Users validate through the
Skype for Business client or another supported client. If a user joins a meeting as an
authenticated user via dial-in conferencing, then the user authenticates by using their PIN
and phone number.
When a meeting is in a deactivated state, an authenticated user can reactivate it by joining the meeting
before it expires. A reactivated conference has the same properties as a newly activated conference.
If users leave a Skype for Business meeting without ending it, the deactivation timer works as follows:
After reaching the deactivation state, the meeting expiration timer starts.
Conference Expiration
Conference expiration is the point in time where
references in back-end databases and any meeting
content in the Skype for Business file share deletes.
After expired and deleted, a URL to join a meeting
is invalidated and returns an error if activated.
You can apply conferencing configuration settings at the global, site, or service level. The service level is
actually the web conferencing service, which in turn would be the same as the pool level.
MCT USE ONLY. STUDENT USE PROHIBITED
6-6 Implementing Additional Conferencing Options in Skype for Business Server 2015
Demonstration Steps
1. On LON-SFB1, open the Skype for Business Server Management Shell as an administrator.
3. Create new conferencing configuration settings for the A. Datum Corporation’s headquarters site by
using the New-CsConferencingConfiguration command, and then set the content grace period to
24 hours.
5. Delete the conferencing configuration for A. Datum headquarters by using the Remove-
CsConferencingConfiguration command.
Question: What are the three different scopes in which you can apply a conferencing
configuration?
Question: When does content delete from the meeting file share?
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 6-7
Lesson 2
Designing and Configuring Audio/Video and Web
Conferencing Policies
Skype for Business Server administrators control most aspects of the conferencing experience by
configuring and using policies. While some settings are available in Skype for Business Server Control
Panel, some are available only through the Skype for Business Server Management Shell.
A fresh Skype for Business Server installation has all the required policies in place for enabled users to start
using the Skype for Business Server conferencing system. By default, conferencing policies that apply on
the global scope grant permissions to the conferencing system for users who have an Enterprise client
access license (CAL).
In a production environment, it is common for different users with different needs to have different Skype
CAL allowances. As a Skype for Business Server administrator, you must know what different policies
control.
Lesson Objectives
After completing this lesson, you will able to:
• Identify the differences between Skype for Business Server Control Panel versus the
Skype for Business Server Management Shell.
Since Lync 2013, the default setting in the Skype meeting plug-in is to use a new meeting ID for all new
meetings.
MCT USE ONLY. STUDENT USE PROHIBITED
6-8 Implementing Additional Conferencing Options in Skype for Business Server 2015
Note: If you change the Assigned conference type by default setting, a pop-up message
in Outlook will inform users with previously scheduled Skype for Business meetings that the
security settings have changed, and that existing meetings might need to be updated and sent
again. This relates to all meetings that use the organizer’s default meeting URL—these all need to
be assigned new, unique meeting IDs, and hence, new meeting URLs.
When users click New Skype Meeting, Outlook contacts the Skype for Business client that is running
locally, which in turn pulls the customization settings from the assigned meeting configuration settings.
Customization includes:
• Logo URL, which inserts an organizational logo into Skype meeting invitations:
o There is no actual size restriction, but for best results, the recommended maximum size should be
30 pixels high × 188 pixels wide.
• Help URL, which enables a custom link to an organization’s own help pages. If not set, it will point to
Microsoft help pages:
o Change the help link from official Microsoft support pages to your own webpage.
• Custom footer text, which inserts any text as footer text in meeting invitations:
Demonstration Steps
1. On LON-SFB1, sign in to Skype for Business Server 2015 Control Panel, and then configure the global
meeting configuration with custom footer text.
2. On LON-CL1, open Outlook, schedule a new Skype meeting, and then verify that the custom footer is
visible in the invitation.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 6-9
Standard CAL users are not permitted to initiate audio/video conferencing and web conferencing.
Additionally, they are not permitted to share applications or the desktop. Standard CAL users can only use
these features if a presenter with an Enterprise CAL organizes the meeting.
If Standard CAL users are supported, you should reconfigure the default conferencing policy to match the
access permissions of a Standard CAL user to avoid unintentionally granting Enterprise CAL access. You
should grant Enterprise CAL access—that is, access to all conferencing modalities—by using user-level
conferencing policies.
Note: Most settings in the conferencing policy of any user also apply for peer-to-peer
communications; for instance, one user can use video while the other cannot.
MCT USE ONLY. STUDENT USE PROHIBITED
6-10 Implementing Additional Conferencing Options in Skype for Business Server 2015
Question: To which scope can a participant policy apply: global, site, pool, user, or all?
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 6-11
• You will configure a policy for the managers that will give them the right to hand over control to
federated and anonymous users when sharing and allow recording.
You have been tasked with configuring the policies to achieve the desired result. Additionally, you will
troubleshoot issues with recording at the A. Datum headquarters site.
Objectives
After completing this lab, you will be able to:
• Create and configure conferencing policies.
Lab Setup
Estimated Time: 45 minutes
Password: Pa$$w0rd
For this lab, you will use the available virtual machine environment. Before beginning the lab, you must
complete the following steps:
2. In Hyper-V Manager, click 20334B-LON-DC1, and then in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts.
o Password: Pa$$w0rd
o Domain: Adatum
o User name: Ed
o Password: Pa$$w0rd
o Domain: Adatum
MCT USE ONLY. STUDENT USE PROHIBITED
6-12 Implementing Additional Conferencing Options in Skype for Business Server 2015
o Password: Pa$$w0rd
o Domain: Adatum
At the end of this lab, leave all the virtual machines running because the next lab needs them.
• You will configure a policy for managers that will give them the right to hand over control to
federated and anonymous users when sharing and recording.
You will solve this task by using Skype for Business Server Control Panel and the Skype for Business Server
Management Shell.
4. Grant the Managers Conferencing Policy to all members of the AD DS global group named
Managers.
2. Enable all the users in the Managers organizational unit to be Skype users.
3. In the global conferencing policy, change the Maximum meeting size setting to 20, and then click
Commit.
2. Enable organizer recording and participant peer-to-peer recording, and then click Commit.
2. Create new conferencing policy named Managers Conferencing Policy, and then set
AllowExternalUserControl, AllowConferenceRecording, and EnableP2PRecording to True.
Task 4: Grant the Managers Conferencing Policy to all members of the AD DS global
group named Managers
• Use variables in the Windows PowerShell command-line interface to grant the Managers
Conferencing Policy to all members of the global group named Managers:
$rootDN = ([adsi]"").distinguishedName
$group = [adsi]("LDAP://cn=Managers, ou=Managers,"+$rootDN)
$users = $group.member
Results: After completing this exercise, you should have configured the default global conferencing policy
by using Skype for Business Control Panel, created and assigned a site-level conferencing policy to A.
Datum headquarters, and created and assigned a user-level conferencing policy to all managers.
Your task is to investigate the conferencing policies, to figure out why Amr is unable to record, and to
resolve the issue.
The main tasks for this exercise are as follows:
4. Initiate a Skype call between Ed and Amr, and then verify that Amr is unable to record.
5. Switch to LON-SFB1, and then in the Skype for Business Server Management Shell, type
.\Lab6AFixIt.ps1, and then press Enter.
Results: After completing this exercise, you should have verified that Amr Zaki is correctly configured for
conferencing.
Question: Why use the Skype for Business Server Management Shell?
Lesson 3
Deploying Dial-In Conferencing
Skype for Business Server supports dial-in conferencing so that users who require audio only can connect
by using any phone that has access to the PSTN. The infrastructure for deploying PSTN connectivity is the
same as Enterprise Voice.
This lesson introduces the Enterprise Voice infrastructure, which comprises PSTN gateways, SIP trunks,
Mediation Servers, dial plans, and voice policies. When Enterprise Voice is already configured in
Skype for Business Server, the common steps for enabling dial-in conferencing support are:
a. Dial plans handle number manipulation and consist of normalization rules for interpreting
received numbers. For example, a user in Denmark might just dial eight digits to reach a Danish
subscriber; a dial plan normalization rule would detect the eight digits and add “+45” in front of
the number to format it according to E.164, the recommended format. For example, “xxxxxxxx”
becomes “+45xxxxxxxx” before being sent to the gateway.
c. The dial-in conferencing region in the user’s dial plan sets the default dial-in numbers, which
Skype meeting invitations include.
2. Assign or reserve a direct inward dialing (DID) number, which is a publicly accessible phone number
that a phone provider supplies.
3. Configure the DID number as a dial-in access number:
Knowledge of these components enables you to deploy and configure dial-in conferencing in
Skype for Business Server.
Lesson Objectives
After completing this lesson, you will be able to:
• Describe the requirements for dial-in conferencing in Skype for Business Server.
• Describe the configuration options for dial-in conferencing in Skype for Business Server.
• List the deployment steps for dial-in conferencing in Skype for Business Server.
Note: Enterprise users who dial-in from a device with a known number in the AD DS
domain only have to enter their PIN. If the number exists as a phone number on the user account
in AD DS, that user’s PIN is required as authentication.
Dial-in participants
Dial-in participants hear music if they are waiting to be admitted to a conference. After admission to a
conference, dial-in users can participate in the audio portion of the conference and can use dual-tone
multiple-frequency (DTMF) commands by using a phone keypad.
Dial-in participants, whether or not they are dialing in from a PSTN phone, hear personal announcements
during the conference, such as whether:
All dial-in participants can use DTMF commands to hear help content, to listen to the conference roster,
and to mute themselves.
Dial-in leaders
Dial-in leaders and some client users can use DTMF commands to turn on or off the participants' ability
to unmute, lock or unlock the conference, admit participants from the lobby, and turn entry and exit
announcements on or off. Leaders and some client users can also use a DTMF command to admit
everyone from the lobby, which changes the permissions of the meeting to allow anyone who
subsequently joins.
The Conferencing Attendant service and the Conferencing Announcement service require that Windows
Media Format Runtime is installed on Front End Servers. This is included in the Desktop Experience in
Windows Server 2008 R2 and in the Microsoft Media Foundation in Windows Server 2012.
Windows Media Format Runtime is required to play Windows Media Audio files for on-hold music,
recorded names, and prompts. Windows Media Format Runtime installs automatically when you install
Skype for Business Server.
Port requirements
If you use a load balancer, ensure that you configure the load balancer for the ports that any applications
that will run in the pool use. These ports are default settings that you can change by using the Set-
CsApplicationServer cmdlet.
All instances of the same application in a pool use the same SIP listening port.
The following table lists and describes the ports that dial-in conferencing uses.
MCT USE ONLY. STUDENT USE PROHIBITED
6-18 Implementing Additional Conferencing Options in Skype for Business Server 2015
5072 Used by the Conferencing Attendant service for SIP listening requests
Other ports might be in use depending on the setup. For example, SIP trunks, PSTN gateways, trusted
apps, and third-party apps might use these ports.
Application service
Application service provides a platform for
deploying, hosting, and managing UC applications.
Dial-in conferencing uses two UC applications that
require Application services—the Conferencing Attendant service and Conferencing Announcement
service.
• A PSTN gateway
• A Session Border Controller for an Internet telephony service provider to which you connect by
configuring an SIP trunk
Note: If your Skype for Business Server design includes Enterprise Voice, Mediation Servers,
and PSTN, connectivity options will already be part of the deployment. If you are not deploying
Enterprise Voice, you will need to deploy at least one Mediation Server and at least one PSTN
connectivity option for dial-in conferencing to function.
File store
A file store is used for Recorded name audio files use a file store. A file store is a standard component in
every Skype for Business Server 2015 Enterprise Edition or Standard Edition deployment.
User store
The Skype for Business user store stores users’ PINs. The user store is a standard component in every
Skype for Business Server 2015 Enterprise Edition or Standard Edition deployment.
Note: This step is necessary only if you do not deploy Enterprise Voice and do not collocate
the Mediation Server with the Enterprise Edition Front End Server or Standard Edition server. If
you deploy Enterprise Voice, you install and configure Mediation Servers and PSTN gateways as
part of the Enterprise Voice deployment. If you collocate the Mediation Server, you install and
configure the Mediation Server as part of the Front End pool or the Standard Edition server
deployment.
o RTCUniversalServerAdmins group
o CsVoiceAdministrator
o CsAdministrator
1. Create one or more dial plans for routing dial-in access phone numbers.
3. Set the dial-in conferencing region to the geographic location to which the dial plan applies. The
region associates the dial plan with dial-in access numbers.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 6-21
Membership in one of the following groups or equivalent is necessary to configure dial plans for dial-in
conferencing:
• CsVoiceAdministrator
• CsAdministrator
Membership in at least one of the following groups or equivalent is necessary to assign regions to dial
plans:
• CsVoiceAdministrator
• CsAdministrator
3. Unauthenticated users can join a conference by using a dial-out phone. With a dial-out phone, the
conference server calls the user, and the user answers the phone to join the conference.
CsAdministrator permissions are necessary to configure a conferencing policy for dial-in conferencing.
Note: After you create dial-in access numbers, you can use the Set-
CsDialInConferencingAccessNumber cmdlet to modify the display name of the
Active Directory contact objects so that users can easily identify the correct access number.
Membership in any of the following groups is necessary to verify dial-in conferencing settings:
• CsAdministrator
• CsViewOnlyAdministrator
• CsServerAdministrator
• CsHelpDesk
CsAdministrator permissions are necessary to modify conference join and leave announcements.
• CsAdministrator
• CsUserAdministrator
Step 12: Welcome users to dial-in conferencing and set the initial PIN (optional)
Use the Set-CsPinSendCAWelcomeMail cmdlet to set users' initial PINs and to send a welcome email
message that contains the initial PIN and a link to the dial-in conferencing settings webpage.
For example:
The following groups can welcome users to dial-in conferencing and set their initial PIN:
• CsAdministrator
• CsUserAdministrator
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 6-23
Demonstration Steps
1. Open Skype for Business Topology Builder, download the topology from the existing deployment,
and then save it as Dialin.
2. Add the following modalities to the Skype for Business Server Front End pool:
o Dial-In conferencing
o Enterprise Voice
o PSTN gateway
o Trunks
4. Validate replication, and then bootstrap Skype for Business Front End Servers.
5. Configure the conferencing region.
Question: How many languages can be offered per dial-in access number?
Lesson 4
Configuring an LRS
Video teleconferencing from various original equipment manufacturers (OEMs) was around long before
Microsoft UC systems entered the market. However, until the LRS specification, there was no true Lync or
Skype for Business Video Teleconferencing (VTC) solution. Instead, users had to develop their own
solutions, such as bringing their own laptops to meeting rooms, trying to connect to existing equipment
and other infrastructure such as projectors, and gaining network access, and using USB-based
speakerphones and cameras for audio/video—all with varying degrees of success.
The Microsoft RoundTable device, a special 360° view camera with multiple microphones in the base and
the special 360 “ribbon feed,” has been one of the ways users have converted existing meeting rooms into
Skype for Business VTCs.
Existing OEM VTC vendors have made their own solutions to integrate with
Skype for Business Server 2015 and previous versions. Solutions vary from being a simple
Skype for Business/Lync endpoint to being the host of the meeting and letting Skype for Business act
as a client. Most integration solutions required special licenses or hardware, depending on the required
functionality.
Note: Skype for Business Server includes Video Interop Server, which is a license-free role
that facilitates interoperability with third-party VTCs. Video Interop Server is out-of-scope for this
course.
This lesson will teach you the required steps for integrating LRS into your Skype for Business Server
topology.
Lesson Objectives
After completing this lesson, you will be able to:
• Describe LRS.
• Describe the LRS home screen.
from Microsoft Partners like Crestron Electronics, Lifesize, Polycom, and SMART Technologies. With LRS,
users can take advantage of the Skype for Business Server infrastructure and bring it to the meeting room
without having to bring any devices or prepare a room in any way.
For a successful meeting experience, users schedule a Skype for Business meeting like usual—the only
difference is that a meeting room that is equipped with LRS has to be booked like a resource room. If a
user books the room for an ordinary physical meeting, LRS can automatically remind the organizer that
the room is indeed an LRS, and by adding Skype for Business meeting information to the meeting, users
can participate from anywhere.
Like traditional VTC systems, LRS consists of one or two large HD displays with touchscreen functionality
and built-in wide-angle cameras. LRS comes with a table stand console for easy handling of meetings by
using the touchscreen interface of the console. It also comes with connectors to allow users to connect
their own PCs directly to LRS—for example, to upload PowerPoint presentations to a meeting. When set
up correctly, all that users have to do when entering the room is to click or tap the meeting entry on the
home screen, and then the meeting starts.
When configuring LRS, you will need to perform steps in Exchange and Skype for Business Server. While
performing the configuration steps, be aware of role-based access control.
LRS is based on Windows Embedded 7, and it can run as a stand-alone appliance or join an AD DS
domain for management reasons, especially the expected Microsoft Exchange Key Management Server
activation of LRS.
When initially configuring a new LRS, the requirements are the same from an administrative point of view,
regardless of the vendor:
• An Exchange resource mailbox account, which facilitates calendar functions and scheduling for the
LRS-equipped meeting room
• A Skype for Business–enabled LRS account on Skype for Business Server 2015 or Lync Server 2013
The permissions that are necessary to configure LRS are the same as for configuring other Skype for
Business users.
You can control a meeting directly by using the UI on the large HD displays or via the desktop controller,
from where you can invite or call others into the meeting without interrupting what happens on the HD
displays. You can also control what content displays on the screen from a specified input by using the
controller.
MCT USE ONLY. STUDENT USE PROHIBITED
6-26 Implementing Additional Conferencing Options in Skype for Business Server 2015
One of the LRS features is a one-click meeting, which starts a meeting directly from the home screen.
Those who have worked with third-party VTCs are used to meeting initiations that typically involve many
steps and instructions before a meeting actually starts—especially if some participants are remote or are
in other organizations.
The familiar Skype for Business interface helps simplify the learning curve for managing LRS. Those who
have used the desktop Skype for Business 2015 client or even Lync 2010 or Lync 2013 will quickly find the
usual functions to be in the expected places. Because LRS has a specific, configured account, it can be
invited to a Meet Now meeting like any other user or contact.
• Manually creating named groups in AD DS according to the LRS Administrative Web Portal
Deployment Guide and assigning permissions.
Microsoft Lync Room System Deployment Guide
http://aka.ms/q7l637
When the LRS Administrative Web Portal has deployed, you can access the portal through the /LRS
subsite on Skype for Business Server Front End Servers; that is, https://webint.adatum.com/LRS.
When accessing the portal, you are prompted for credentials to sign in. After signing in, you see a list of
configured LRS rooms, their presence state, health, next meeting, LRS version, manufacturer, and so on.
Clicking an individual room name on the portal takes you to the details and the room settings. Settings
include volume settings, update settings, and options to collect logs for troubleshooting purposes.
Demonstration Steps
1. Create a resource mailbox in Exchange.
2. Enable automatic calendar processing.
Lesson 5
Configuring Large Meetings and Skype Meeting
Broadcasts
Skype for Business Server is for meetings with up to 20 participants, but it does allow meetings with as
many as 250 users in the default global conferencing policy. If needed, you can configure an on-premises
deployment of Skype for Business to support up to 1,000 participants. Obviously, having that many
participants join an on-premises meeting will put a significant drain on server and network resources.
A new offering in Microsoft Office 365 is Skype Meeting Broadcast, which enables a live meeting
broadcast for up to 10,000 participants by using an Office 365 infrastructure. To use Skype Meeting
Broadcast, you need to be on Skype for Business Online or have a Skype for Business hybrid deployment.
This lesson will teach you how to configure Skype for Business Server for large meetings and to identify
Skype Meeting Broadcast requirements.
Lesson Objectives
After completing this lesson, you will be able to:
• Set up Skype for Business for large meetings.
A large meeting pool should not contain any unnecessary modalities, and it should not collocate with a
Mediation Server. The scheduling accounts should not have any contacts in Lync, and they should not be
added to other users’ contact lists to avoid presence traffic. When conducting very large meetings, you
will need to set up one-way audio and video, to limit resolution, and to avoid application and desktop
sharing.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 6-29
You should configure the following conferencing policy settings for users in a large meeting pool:
• AllowLargeMeetings: True
• EnableAppDesktopSharing: None
• AllowUserToScheduleMeetingsWithAppSharing: False
• AllowSharedNotes: False
• AllowAnnotations: False
• DisablePowerPointAnnotations: True
• AllowMultiview: False
• EnableMultiviewJoin: False
The limit of 1,000 participants for large meetings is not a hard limit; it is the limit to which Microsoft has
tested the system.
The minimum setup that Skype Meeting Broadcast requires is a hybrid deployment with at least an E3
plan. When the hybrid setup is complete, all that is necessary is to add a few Microsoft domains as
allowed domains. Even if running with open federation, adding allowed domains makes
Skype for Business Server allow a higher rate of incoming messages without throttling.
The following are the steps that are necessary for setting up a hybrid solution to work with Skype Meeting
Broadcast, all of which you can perform in the Skype for Business Server Management Shell.
MCT USE ONLY. STUDENT USE PROHIBITED
6-30 Implementing Additional Conferencing Options in Skype for Business Server 2015
Note: Organizers are not required to be hosted in the cloud. You can run a Skype Meeting
Broadcast as an on-premises user if a hybrid deployment with a shared SIP namespace is in place.
Because an Office 365 infrastructure is the engine for Skype Meeting Broadcast, no support exists for
scheduling these meetings in Outlook; instead, you have to set up Skype Meeting Broadcast by using the
https://sched.services.skype.net broadcast scheduling URL. When signed in, you can schedule a meeting
and exercise limited control over Skype Meeting Broadcast before sending an invitation. Because of
hybrid deployment requirements, you must sign in by using your organizational credentials.
The steps for joining a Skype Meeting Broadcast are the same as joining any other meeting in
Skype for Business, with one exception. Even though users connect by using the familiar method,
participants will not receive any presentation until a presenter turns on audio. In a traditional
Skype for Business meeting, audio is not a requirement.
When running a Skype Meeting Broadcast, you can use a web browser and the Skype for Business Web
App, or you can use the Skype for Business 2015 client. Regardless, the client layout and the options
change slightly when in a broadcast session. For example, you can only show one video feed at a time,
and the only sharing that can occur is by using PowerPoint via Office Online Server.
Demonstration Steps
1. Sign in to Skype for Business Server, and then open the Skype for Business Server Management Shell
as an administrator.
3. Add the Skype Meeting Broadcast Office 365 SIP domains as allowed domains.
Question: What is the default maximum meeting size in Skype for Business Server?
Question: You are setting up a large meeting pool—should this be a Standard Edition or
Enterprise Edition of Skype for Business Server 2015?
MCT USE ONLY. STUDENT USE PROHIBITED
6-32 Implementing Additional Conferencing Options in Skype for Business Server 2015
Objectives
After completing this lab, you will be able to:
Lab Setup
Estimated Time: 45 minutes
Password: Pa$$w0rd
For this lab, you will use the available virtual machine environment, which was started at the beginning of
Lab A.
• Configure meeting invitations so that the local regional number displays as the first choice.
2. Open Skype for Business Topology Builder, click Download Topology from existing deployment,
and then save the topology as Lab6B.
6. When the installation is complete, close all open windows on LON-SFB1 and LON-SFB2. It will take
some time for the command to complete.
Task 2: Add a user-level dial plan for North America and Europe
1. On LON-SFB1, open Skype for Business Server Control Panel. Sign in as Administrator with the
password Pa$$w0rd.
2. In the navigation pane, click Voice Routing. This opens the DIAL PLAN tab, displaying the currently
configured dial plans.
3. On the DIAL PLAN tab, click New, and then click User dial plan.
4. On the New Dial Plan page, in the Name text box, type North America, and then press the Tab key
on your keyboard. This will move the focus to the next box and will prefill the Simple name text box.
5. In the Dial-In conferencing region text box, type North America.
6. On the New Dial Plan page, at the upper left, click OK. This takes you back to the DIAL PLAN page.
7. On the DIAL PLAN tab, you now see the Global and the North America dial plans. Click New, and
then click User dial plan to create a similar user dial plan for Europe.
8. In the Name text box, type Europe, and then press the Tab key on your keyboard to prefill the
Simple Name text box.
9. In the Dial-In conferencing region text box, type Europe.
10. On the New Dial Plan page, at the upper left, click OK. This takes you back to the DIAL PLAN page.
11. On the DIAL PLAN tab, you now see the three dial plans: two plans that you configured, and the
Global plan.
12. On the menu bar, click Commit, and then click Commit all.
13. In the Uncommitted Voice Configuration Settings window, validate the settings displaying the
changes that you just made, and then click OK.
3. Select Ed Meadows, and then on the Edit menu, click Show details.
5. Under Dial plan policy, select North America, and then click Commit.
6. Search for Amr, select Amr Zaki, and then on the Edit menu, click Show details.
8. Under Dial plan policy, select Europe, and then click Commit.
MCT USE ONLY. STUDENT USE PROHIBITED
6-34 Implementing Additional Conferencing Options in Skype for Business Server 2015
o pool.adatum.com
o confeu@adatum.com
o +1 (555) 123-1234
o Adatum Conferencing North America
o Tel:+15551231234
o pool.adatum.com
o confus@adatum.com
3. Switch to LON-CL2.
4. Open Outlook 2016, switch to Calendar, and then create a new Skype meeting. Note that the default
dial-in number for Amr is in the European format.
Results: After completing this exercise, you should have deployed two unique dial-in conferencing
numbers, associated the dial-in conferencing region with the correct dial plan, and associated two users
with dial plans to test functionality.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 6-35
5. Invite LRS.
2. Type the following command, and then press Enter to create a resource mailbox for LRS:
Set-Mailbox -Identity LRS01@adatum.com -MailTip "This room is equipped with Lync Room
System (LRS), please make it a Skype Meeting to take advantage of the enhanced
meeting experience from LRS”
2. On LON-SFB1, open the Skype for Business Server Management Shell, type the following command,
and then press Enter to enable an LRS account in Skype for Business Server:
3. In the meeting invitation, to the right of where it reads “Skype Meeting,” click Rooms.
4. Select LRS-01, click the Rooms button in the lower-left corner, click OK, and then click Yes.
2. In the Virtual Machines list, right-click 20334B-LON-CL1, and then click Revert.
o 20334B-LON-CL2
o 20334B-LON-DC1
o 20334B-LON-SFB1
o 20334B-LON-SFB2
o 20334B-LON-SQL1
o 20334B-LON-EX1
o 20334B-LON-RTR
Results: After completing this exercise, you will have configured a Microsoft Exchange resource mailbox
for LRS, and you will have configured an LRS account for Skype for Business Server.
Question: Besides the setup in the lab, what are other dial-in conferencing requirements?
Question: Do you have any real life experience with LRSs or other Video TeleConferences
(VTCs)?
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 6-37
• Note that changing the Assigned conference type by default setting might result in existing
scheduled Skype meetings needing to be re-sent.
• Dial-in conferencing has the same requirements as Enterprise Voice regarding trunks and gateways.
• Skype Meeting Broadcast allows town hall–like meetings with up to 10,000 participants by relaying
PowerPoint presentations, audio, and video via a Microsoft Office 365 infrastructure—this requires a
cloud or hybrid setup.
Review Question
Question: What are the benefits of allowing meeting invitation customization?
If the current VTC solution is based on Cisco Unified Communications Manager, consider using the
Skype for Business Video Interop Server role.
Tools
The following tool is covered in this module:
Microsoft Lync Room System Administrative Web Portal for Skype for Business Server 2015
http://aka.ms/ft8z29
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED
7-1
Module 7
Designing and Implementing Monitoring and Archiving in
Skype for Business 2015
Contents:
Module Overview 7-1
Module Overview
Skype for Business Server 2015 provides detailed insight in to the various modalities and content. To gain
access to this information, it is critical that you understand the configuration requirements, deployment
options, integration options, and how these relate to your organizational demands. This understanding
will help you implement Skype for Business Server in a way that meets the needs of your organization and
users.
Objectives
After completing this module, you will be able to:
Implement monitoring.
Implement archiving.
MCT USE ONLY. STUDENT USE PROHIBITED
7-2 Designing and Implementing Monitoring and Archiving in Skype for Business 2015
Lesson 1
Components of the Monitoring Service
In Skype for Business Server, the monitoring service collects performance metrics and then provides you
with reporting capabilities to help ensure the quality of your Skype for Business Server communications
system. You can use Quality of Experience (QoE) and call detail recording (CDR) features and monitoring
service capabilities to monitor and improve the quality of your communication.
Lesson Objectives
After completing this lesson, you will be able to:
Describe supported Microsoft SQL Server topologies for the monitoring service.
Audio/video conversations
Meetings
Application sharing
File transfers
Unified data collection agents. The CDR and QoE agents install automatically on every Front End
Server.
Monitoring databases. To store and collect data, the monitoring service requires databases that use
SQL Server. The databases can be collocated on the Back End Server SQL instance or on a different
computer. Separate databases are required for CDR and QoE information. However, they both always
run on the same SQL Server instance.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 7-3
Microsoft Systems Center Operations Manager (SCOM) Management Pack. This is an optional
component. The call reliability and media quality monitoring component of SCOM uses the
monitoring server CDR and QoE data to generate near real-time alerts about call reliability health
and media quality.
Monitoring server reports. This also is an optional component. It contains built-in reports on usage,
call diagnostic information, and media quality information based on data that is stored in the CDR
and QoE databases. SQL Server Reporting Services generates the reports.
Supported topologies
Each monitoring database can capture data from one or more Skype for Business Server Enterprise Edition
pools and Skype for Business Server Standard Edition servers.
Reporting services
Skype for Business Server uses SQL Server Reporting Services to publish monitoring reports. These reports
publish to a web server where you can view them by using a web browser. You also have the ability to
schedule report deliveries via email messages. The monitoring reports contains a standard set of reports
that describe the data and define the reports that SQL Server Reporting Services will create.
You must install the monitoring reports on a SQL Server instance that is running SQL Server Reporting
Services. Skype for Business Server supports the following 64-bit versions of SQL Server:
1. Open Reporting Services Configuration Manager from SQL Server Configuration Tools.
You deploy monitoring server reports to this URL. You have the option to use HTTP or HTTPS to publish
the reports. If both are available, SQL Server Reporting Services publishes to the HTTPS URL.
QoE
QoE records not only store numerical data about
the quality of calls on your network, but they also
store information about the following parameters
during calls and sessions:
Participants
Device names
Drivers
IP addresses
Endpoint types
These quality metrics are collected at the end of every VoIP call and every video call from participant
endpoints, including IP phones, Skype for Business 2015, some legacy clients, Audio/Video Conferencing
Servers, and Mediation Servers.
The path between the Mediation Server and unified communications (UC) endpoints.
The path between the Mediation Server and the media gateway.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 7-5
You can run the following query against the QoEMetrics database to get jitter and packet loss averages
for all audio streams:
CDR
CDRs capture usage information about:
VoIP calls
IMs
Audio/video conversations
Meetings
File transfers
Application sharing
Remote assistance
Note: Actual IM content is not captured in CDR data. To preserve IM content for
compliance reasons, use the Archiving Server feature.
CDR data is frequently used for billing purposes and is therefore very important in many deployments. In
Skype for Business Server, CDR data is captured for both peer-to-peer and multiple party conferences.
The CDR database in Skype for Business Server includes new usage and diagnostic data for Skype for
Business Server features, including conferencing, registration, and device diagnostics. It also includes
comprehensive data for usage tracking and voice quality diagnostics.
For example, you can use SQL Server Management Studio to run the following query against the LcsCDR
database to find the total number of public switched telephone networks (PSTNs) that are connected to
UC calls:
Monitoring Policy
You can configure monitoring settings for CDR
and QoE by using Skype for Business Server
Control Panel or Skype for Business Server
Management Shell cmdlets. The configuration
options include:
Configuring monitoring service by using Skype for Business Server Control Panel
To configure the monitoring service:
2. Click Monitoring and Archiving, and then complete the following steps:
o Click the Call Detail Recording tab. Enable or disable CDR, and then configure the CDR purging
settings.
o Click the QoE Data tab. Enable or disable QoE, and then configure the QoE purging settings
(as shown on the slide).
Configuring monitoring service by using the Skype for Business Server Management
Shell
Using the Skype for Business Server Management Shell or Control Panel is purely a matter of preference. If
you prefer to use the Management Shell, you can use the following cmdlets to configure a monitoring
service.
To configure CDR settings, use the following cmdlets:
Reporting and analysis by using the speed of SQL Server Analysis Services. CQD uses SQL Server
Analysis Services to provide fast summary, filter, and pivoting capabilities to power the dashboard via
an Analysis Services cube. Reporting execution speed and the ability to drill down into data can
reduce analysis time dramatically.
New data schema that is optimized for call quality reporting. The cube has a schema that is designed
for voice quality reporting and investigations. CQD web portal users can focus on the reporting tasks
instead of figuring out how the QoE metrics database schema maps to the views that they need.
Combining the QoE Archive and the Cube provides an abstraction that reduces reporting and analysis
complexity via CQD. The QoE Archive database schema also contains tables that can be populated
with deployment-specific data to enhance the overall value of the data.
Built-in report designer and in-place report editing. The Portal component comes with several built-in
reports that are modeled on the Call Quality Methodology. Portal users can modify the reports and
create new reports via the Portal’s editing functionality.
Web application programming interface (API) access to the report structure and Analysis Cube data.
The dashboard reporting framework is not the only way to display data from the Cube. CQD provides
several examples that use HTML and JavaScript to retrieve data from CQD Web APIs and to render
the data in a custom format. Combining the Query Editor and CQD Web APIs allows rapid
prototyping of reports and custom report layout.
CQD components—including the QoE Archive, Cube, and repository databases—can be installed on the
Front End Server with the monitoring service, installed on its own server, or installed across multiple
servers. The particular installation method depends on CQD performance demands and the effect on
other processes on the same servers.
Question: Does the CQD rely on SQL Server Reporting Services like the monitoring service?
Detailed quality information about each call leg is stored in the Skype for Business Server QoE database.
Each Skype for Business Server component that processes media creates and sends a record to the QoE
database, reporting on the quality of the call leg. This rich set of call quality data in the QoE database is
the foundation of CQM. CQM uses a set of Transact-SQL queries to report on call paths and devices. CQM
establishes quality targets that are used for troubleshooting and operational procedures. CQM assumes
that you have visibility into the network and the capability to troubleshoot problematic media streams
across it.
Note: The QoE database does not have information on your edge or perimeter network.
The PreCall Diagnostics tool helps you identify and diagnose network problems in your
perimeter.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 7-9
Server Plant. Server Plant incorporates all Skype for Business Server elements that terminate or
originate media:
o Server health. Assures that your Skype for Business Server media servers (audio/video multipoint
control unit and Mediation Servers) are healthy and are not contributing to conditions that will
cause poor media quality, including packet loss and jitter.
o Between audio/video multipoint control unit (AV MCU) and Mediation Server. Analyzes streams
between these two server roles that service dial-in conferencing users.
o Between Mediation Server and gateway. Analyzes streams between Skype for Business Server
Mediation Servers and their gateway peers that service dial-in conferencing users.
o PSTN gateway to PSTN. Analyzes the final leg from the PSTN gateway out to the PSTN.
o In a conference call, other elements handle media including the Conferencing Announcement
Server (CAS) and the Conferencing Auto Attendant (CAA).
Note: QoE has no telemetry data for the sessions between the gateway and PSTN, so you
will need to work with your gateway manufacturer to derive a data-driven approach here.
Endpoints. A collection of call quality measurements that are generated when an endpoint makes or
receives a Skype for Business call:
o Device. The IP or USB device that places or receives a call. Devices that have not been qualified
for Skype for Business 2015 are often the source of call quality problems.
o System. The device that places or receives a call. Glitch generation is a common system problem
that causes quality degradation.
o Media path. Ideally, peer-to-peer calls go directly between two systems. A common issue is
internal firewalls that cause internal calls to relay across the internal interface of an edge server.
This is not optimal and can cause quality and capacity issues.
o Media transport. User Datagram Protocol (UDP) is the ideal transport for media; however, if UDP
cannot be negotiated, Transmission Control Protocol (TCP) is used, which results in poor media
quality.
Last Mile. Last Mile includes call quality measurements based on how each Skype for Business
endpoint is connected to the network:
Note: Wired is the first priority for client connections because it should always provide high
quality. When resolving last mile issues, wired is expected to deliver the highest quality and
correspondingly must be your initial focus. After you optimize the call quality of your wired
connections, improving wireless call quality becomes easier because the wireless infrastructure
sits atop the wired core at each location. Depending on the maturity of your wireless
deployment, you might not want to include wireless connections in your call quality scope.
MCT USE ONLY. STUDENT USE PROHIBITED
7-10 Designing and Implementing Monitoring and Archiving in Skype for Business 2015
CQM can measure and control each of these elements. In most cases, CQM pulls from the rich set of data
in the QoE database to determine a baseline for each element, and then CQM tracks it with the goal of
reaching and maintaining a stated quality target.
Each element in CQM is independent; however, there is a natural priority for addressing each. For
example, in Server Plant, you first need to examine your Skype for Business Server servers’ health to
ensure that they are not the source of poor quality. It does not make sense to examine the underlying
network for problematic call legs until you have assessed the health of your servers.
A key concept of media quality is your managed network versus your unmanaged network. For example,
for call legs that traverse the Internet, it is not possible to assess and maintain a quality service level
agreement (SLA). In the same way, as you assess other areas of your network, such as wireless, your users
might not experience achievable, quality SLA because of factors outside of your control; you would
consider these call legs to be unmanaged. As you customize CQM for your uses, focus on the areas that
you consider managed—the ones that you control.
Load the comma-separated value (CSV) files that the CQM.ps1 script generates into individual Excel
spreadsheets.
Skype for Business introduces the Rate My Call feature, where users can give a star rating to a call, with
the maximum being five stars. The rating is retrieved by the media path element, and it is presented with
the corresponding trend chart.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 7-11
Objectives
After completing this lab, you should be able to enable report monitoring.
Lab Setup
Estimated Time: 25 minutes
Password: Pa$$w0rd
For this lab, you will use the available virtual machine environment. Before beginning the lab, you must
complete the following steps:
3. In the Actions pane, click Connect. Wait until the virtual machine starts.
o Password: Pa$$w0rd
o Domain: Adatum
o User name: Ed
o Password: Pa$$w0rd
o Domain: Adatum
o Password: Pa$$w0rd
o Domain: Adatum
1. Add the monitoring Server SQL store to the Skype for Business Server Topology Builder.
2. Deploy monitoring reports from the Skype for Business Server Deployment Wizard.
3. Generate data from simulated activities.
3. In the Save Topology As dialog box, in the File Name text box, type
AdatumTopologyMonLab7.tbxml, and then click Save.
4. In the Skype for Business Server Topology Builder, expand Skype for Business Server, expand
Adatum Headquarters, expand Skype for Business Server 2015, expand Enterprise Edition Front
End Pools, right-click pool.adatum.com, and then click Edit Properties.
7. In the Monitoring SQL Server store drop-down list box, select LON-SQL1.adatum.com/Default,
and then click OK.
8. In the Action drop-down list box, select Topology, and then click Publish to publish the changes in
the topology.
9. In the Publish Topology window, click Next to validate the changes that were made in the topology.
10. On the Select databases page, ensure that LON-SQL1.adatum.com\Default is selected, and then
click Next.
11. On the Publishing wizard complete page, verify that all steps show as Success or Warning.
12. On the Publishing wizard complete page, click the Click here to open the to-do list link.
13. When the file opens in Notepad, read the steps listed, and then close Notepad.
16. On LON-SFB1, on the task bar, click Skype for Business Server Management Shell.
17. In the Skype for Business Server Management Shell, type the following command, and then press
Enter to start the stopped Skype for Business Server services.
Start-CsWindowsService
18. On LON-SFB1, on the task bar, click Skype for Business Server Deployment Wizard.
19. In the Skype for Business Server Deployment Wizard, click the Deploy Monitoring Reports link.
20. On the Specify Monitoring Database page, verify that LON-SQL1.adatum.com is listed for both
the Monitoring Database and the SQL Server Reporting Services instance, and then click Next.
21. On the Specify Credentials page, in the User name text box, type Adatum\Administrator, in the
Password text box, type Pa$$w0rd, and then click Next.
Note: The account that is specified here will be granted read access to the reporting
databases. This is the account that is used when accessing reports. For lab purposes, we will use
the Administrator account. The user who deploys monitoring reports must be a SQL Server
system administrator.
22. On the Specify Read-Only Group page, type RTCUniversalReadOnlyAdmins, and then click Next.
23. On the Executing Commands page, verify that the last line reads Monitoring Reports have been
successfully deployed, and then click Finish.
2. On LON-CL1, establish a Skype call from Ed to Amr Zaki. In the Skype for Business client, in the Find
someone field, type Amr, right-click Amr Zaki, point to Call, and then click Skype Call.
3. On LON-CL2, accept the call. Leave the call up for about two minutes, and then hang up.
4. On LON-SFB1, click Skype for Business Server Control Panel on the taskbar.
5. In the Windows Security dialog box, in the User Name text box, type Administrator. In the
Password text box, type Pa$$w0rd, and then click OK.
6. On the Home screen, under Top Actions, expand View Monitoring Reports, and then click
LON-SQL1.adatum.com. Wait for Microsoft Internet Explorer to open the Monitoring Reports
page.
9. In the Monitoring Server Dashboard, in the upper-right corner, click Monthly View.
10. In the Monitoring Server Dashboard, in the upper-right corner, click Reports.
11. On the Monitoring Reports page, view each report that is listed under System Usage Reports, and
then review the collected data.
12. On the Monitoring Reports page, view each report that is listed under Call Diagnostic Reports
(Per User), and then review the collected data.
13. On the Monitoring Reports page, review each report that is listed under Call Diagnostic Reports,
and then review the collected data.
14. On the Monitoring Reports page, view each report that is listed under Media Quality Diagnostic
Reports, and then review the collected data.
15. In one of the reports, at the uppermost part of the page, click Save, and then from the drop-down list
box, click Excel.
16. In the File Download dialog box, click Save.
Results: After completing this exercise, you should have deployed monitoring reports on the Skype for
Business Server Back End Server and verified access to the CDR and QoE monitoring reports.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 7-15
Lesson 2
Overview of Archiving
Corporations and other organizations are subject to an increasing number of industry and government
regulations that require retaining specific types of communications. With the Archiving Server feature,
Skype for Business Server provides a way for you to archive IM content, web conferencing (meeting)
content, or both. The Archiving service provides various components that you can use to archive IM and
meeting content. To do this, you should be aware of the process for configuring the Archiving service and
the capabilities that the Archiving Server role offers.
Lesson Objectives
After completing this lesson, you will be able to:
What Is Archiving?
Skype for Business Server communications
software provides several features and
components that enhance your ability to
archive, retain, and record IM and meeting
content for compliance purposes.
Archived content
Content that is archived includes:
Peer-to-peer IM content.
Multiparty IM content.
Note: You can record audio/video, application sharing, or both in the Skype for
Business 2015 client.
MCT USE ONLY. STUDENT USE PROHIBITED
7-16 Designing and Implementing Monitoring and Archiving in Skype for Business 2015
Note: Skype for Business Server does not archive Persistent Chat conversations. To archive
Persistent Chat conversations, you must enable and configure the Compliance service, which is a
component that you can deploy with Persistent Chat Server.
Features
Archiving features in Skype for Business Server include:
Collocation on Front End Servers. The Archiving service is collocated on the Front End Server role in
Skype for Business Server in the form of unified data collection agents. In some of the previous
versions of Microsoft Lync Server, the Archiving role deployed as a separate Archiving Server role. In
Skype for Business Server, Archiving is an optional feature that is available on all Front End Servers.
An Exchange Server integration option. Archiving data storage can integrate with Microsoft Exchange
Server 2013 for all users who have mailboxes in Exchange Server 2013 and have their mailboxes put
on In-Place Hold. This removes the need to deploy separate SQL databases for archiving.
A searchable transcript of archived information. Data that archives to Exchange 2013 is searchable
and discoverable. If Exchange 2013 integration is not used, Skype for Business Server provides a
session export option that you can use by running the Skype for Business Server Export-
CsArchivingData cmdlet.
Archiving SQL Server store. If Exchange 2013 integration is not used, Skype for Business Server
Archiving uses SQL databases to store archive data. In support of high availability for the archiving
SQL Server databases, you might deploy SQL Server database mirroring or AlwaysOn Availability
Groups.
Archiving in IM
If you deploy Archiving, you can set it to archive
IMs and conferences, and you can specify the
users who have archiving enabled. When you
deploy Archiving, a global policy is created by
default. You can use the global policy to archive
internal communications (communications among
internal users) and external communications
(communications that include at least one external
user). You also can specify the users who have
archiving enabled by creating policies for specific
users or sites. If archiving is enabled for at least
one user, you can archive IMs from multiparty
conferences even if all users in the conference have not been configured for archiving.
If Exchange Server 2013 integration is configured, you can control archiving for a user by configuring an
In-Place Hold on the user’s mailbox in Exchange. Additional control is available by using the
ExchangeArchivingPolicy parameter of the Set-CsUser cmdlet.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 7-17
When you enable archiving for a particular user, all IMs and meeting content in both IM conferences and
web conferences that the user participates in are archived.
Group conferences are archived if one of the following policies is configured to enable archiving:
At least one of the participants has a user policy that is configured to require archiving.
The global policy or site policy is configured to enable archiving of all group conferencing.
Archiving data storage. Archived data can be stored in the following locations:
o Exchange Server 2013 storage. Skype for Business Server users who have mailboxes in Exchange
Server 2013 will store archived data on the Exchange Server, but only if the mailboxes have been
put on In-Place Hold in Exchange.
o SQL Server storage. Archiving data is stored in an SQL Server database when Exchange
integration is not enabled, when Skype for Business Server users do not have mailboxes in
Exchange Server 2013, or when Skype for Business Server users with mailboxes have not been put
on In-Place Hold in Exchange.
Exchange storage
If you choose to integrate with Exchange, you will use Exchange 2013 policies and configurations to
control Skype for Business Server archiving. You can configure archiving configuration options at the
global level, site level, and pool level. If your deployment includes multiple forests, you must synchronize
the settings between Skype for Business Server and Exchange Server 2013.
When adding SQL Server storage databases to your topology, you can choose to collocate the Archiving
databases with any of the following:
Monitoring database
Back End Server database of an SQL Server Enterprise Edition Front End pool
Database collocation
If you collocate the Archiving database with the monitoring database, Back End Server database, or both
of these databases, you can either:
Note: We do not recommended collocating the Archiving database with the Back End
Server database. Although the server that hosts the Archiving database can host other databases,
be aware that if you are archiving more than a few users’ messages, the disk space that the
Archiving database needs can grow very large.
Question: In what scenarios might you decide not to use Exchange Server 2013 as your archiving
storage even if you have deployed Exchange Server 2013 integration?
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 7-19
Lesson 3
Designing an Archiving Policy
Before you deploy an archiving policy, it is important to understand the design of an archiving policy. This
is important when other Microsoft products are deployed within an enterprise, such as Exchange Server
2013. You might also need to plan for retention of your archive content in accordance with your
organization’s legal requirements.
Lesson Objectives
After completing this lesson, you will be able to:
Internal communications
External communications
Scope
You can specify policies to control the archiving of specific content. Your scope should include which
policies are required, whether archiving is enabled for internal communications, external communications,
or both, and which workloads are to be archived.
You can control the scope of archiving for your organization by configuring policies at three levels:
Global
Site
User
For each archiving policy, you can specify whether to archive only IM sessions or to archive both IM and
conferencing sessions.
MCT USE ONLY. STUDENT USE PROHIBITED
7-20 Designing and Implementing Monitoring and Archiving in Skype for Business 2015
For example, to disable archiving support for specific users at a site, you can:
Set the global archiving policy to not archive internal and external communications.
If you create both site and user policies, user policies override site policies.
Exchange Archiving
If your Skype for Business Server users have
mailboxes in Exchange Server 2013 and their
mailboxes have been enabled for an In-Place
Hold, you can archive content from Skype for
Business Server to the Exchange Server. To
manage archiving for Skype for Business Server
users, you will use Exchange In-Place Hold policies
and settings, and Skype for Business Server
configuration options, to control:
Whether to select the Exchange integration option to use Exchange 2013 for storage of archived
data.
Scope
You can control archiving configuration for your organization by configuring policies at three levels:
Global
Site
Pool (service)
For each archiving configuration, you can specify whether archiving is enabled, whether to archive IM or
IM and web conferencing, whether to enable Exchange integration, and whether to configure purging.
Note: You can modify the global configuration, but you should not delete it. If you choose
to delete the global configuration, it will reset to the default settings.
For example, if you enable Archiving for only IM in the global configuration and you enable Archiving for
IM and conferencing in a new site level configuration, then conferencing would be archived only for the
site and not for the entire organization.
For example, if you enable archiving for only IM in the global configuration, Archiving for IM and
conferencing in the site level configuration, and Archiving for only IM in a new pool configuration,
then the content for IM only would be archived for the users in the pool. The content for both IM and
conferencing would be archived for all users in the site except the users in the specified pool. The content
for IM only would be archived for all other users in your organization.
Uninitialized. Indicates that archiving will be based on the In-Place Hold settings that are configured
for the user's Exchange mailbox. If an Exchange In-Place Hold has not been enabled on the user's
mailbox, the user will have his or her messaging and web conferencing transcripts archived in Skype
for Business Server.
UseLyncArchivingPolicy. Indicates that the user's IM and web conferencing transcripts should be
archived in Skype for Business Server rather than in Exchange Server.
NoArchiving. Indicates that the user's IM and web conferencing transcripts should not archive at all.
Note that this setting overrides any Skype for Business Server archiving policies that are assigned to
the user.
ArchivingToExchange. Indicates that the user's IM and web conferencing transcripts should be
archived in Exchange Server, regardless of the In-Place Hold settings that have or have not been
assigned to the user's mailbox.
Question: Is it possible to archive to Skype for Business Server storage and to Exchange Server
storage at the same time?
Blocking IM and conferencing does not affect any other Skype for Business Server feature and
functionality because it is primarily intended to ensure that compliance requirements are met.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 7-23
Long-Term Archiving
The archiving SQL Server database is not intended
for long-term retention. Therefore, you need to
move data to other storage locations periodically.
To run the session export tool, use the following Skype for Business Server Management Shell cmdlet:
You configure purge settings by using the Archiving Configuration tab in Skype for Business Server
Control Panel.
MCT USE ONLY. STUDENT USE PROHIBITED
7-24 Designing and Implementing Monitoring and Archiving in Skype for Business 2015
Lesson 4
Implementing Archiving
After planning your archiving policy, you will need to implement archiving across various systems,
including Exchange Server 2013 and Microsoft SharePoint Server 2013. Archived content is only beneficial
if it can be reproduced later. To do this, you should be aware of the available steps to retrieve archive
data.
Lesson Objectives
After completing this lesson, you will be able to:
Describe how to enable integration with the eDiscovery feature in SharePoint Server 2015.
2. Open the Skype for Business Server Topology Builder, and then add the Archiving SQL Server store.
3. Configure Skype for Business Server for archiving.
5. Export archived data by using the Skype for Business Server Management Shell cmdlet Export-
CSArchiving.
If you plan to integrate with Exchange Server 2013, you must configure server-to-server authentication.
To configure integration of Skype for Business Server with Exchange Server 2013, you must:
Configure Skype for Business Server to be a partner application for Exchange Server 2013.
Configure Exchange Server 2013 to be a partner application for Skype for Business Server.
More information on how to configure integration of Skype for Business Server with Exchange Server
2013 is available in the module, Integration Skype for Business Server with Exchange Server and
SharePoint Server.
For each Skype for Business Server site that you deploy, you can create an archiving policy to control
whether archiving is enabled or disabled for internal communications, external communications, or both.
The configuration in the site policy overrides the global policy, but only for the specific site that the site
policy covers. For example, if you enable internal and external communications archiving in the global
policy, you might specify a site policy that disables archiving for internal communications, external
communications, or both for that one site.
Note: You cannot delete the global policy. If you attempt to delete it, the configuration
resets to the default value.
The configuration in the user policy overrides the global policy and site policies, but only for the
specific users that the user policy covers. For example, if you enable archiving of internal and external
communications in the global policy, you might specify a site policy that disables it for internal
communications, external communications, or both for that one site. You might then specify a user
policy that enables archiving for a specific group of users at that site.
When Exchange archiving integration is enabled, you can configure the ExchangeArchivingPolicy
parameter through the Skype for Business Server Management Shell only; you cannot access this setting
in the Skype for Business Server Control Panel.
For example, to configure a user account so that IM and web conferencing transcripts are always archived
to Exchange, you can use a command that is similar to the following code example:
Question: Can you enable archiving in Skype for Business Server to use a SQL Server store and
Exchange Server 2013 simultaneously?
MCT USE ONLY. STUDENT USE PROHIBITED
7-26 Designing and Implementing Monitoring and Archiving in Skype for Business 2015
Data in Archiving databases is not searchable or in a readable format, but you can use the Export-
CsArchivingData cmdlet in the Skype for Business Server Management Shell to extract records from the
database and to save them as an Outlook .eml file.
The following command exports all archiving data that has been written to the archiving database
LON-SQL2.adatum.com since July 1, 2015. The resulting output file will be stored in the
C:\ArchiveExport folder:
Objectives
After completing this lab, you should be able to implement Skype for Business archiving by using
Exchange Server archiving.
Lab Setup
Estimated Time: 40 minutes
Password: Pa$$w0rd
For this lab, you will use the available virtual machine environment. Before beginning the lab, you must
complete the following steps:
3. In the Actions pane, click Connect. Wait until the virtual machine starts.
o Password: Pa$$w0rd
o Domain: Adatum
o User name: Ed
o Password: Pa$$w0rd
o Domain: Adatum
o Password: Pa$$w0rd
o Domain: Adatum
1. Configure partner applications on Skype for Business Server and Exchange Server.
2. Generate IM traffic.
2. In the left navigation pane, expand Adatum.com, and then click Users.
3. In the right navigation pane, right-click Administrator, and then click Properties.
5. In the Select Groups dialog box, type RTCUniversalServerAdmins, and then click Check Names.
Ensure that the typed name is underlined, and then click OK.
6. In the Administrator Properties dialog box, click OK to close the dialog box.
7. Sign out from LON-SFB1, and then sign back in to LON-SFB1 as Adatum\Administrator with the
password Pa$$w0rd.
8. Switch to LON-EX1.
10. Type the following command, and then press Enter to locate the value of IsExcludedFromProvisioning
for the Mailbox Database:
11. If the value is True, type the following command, and then press Enter to update the Mailbox
Database so that it is enabled for provisioning:
12. Type the following command, and then press Enter to navigate to the Exchange Scripts folder:
13. At the [PS] C:\Program Files\Microsoft\Exchange Server\V15\scripts> command prompt, type the
following command, and then press Enter:
.\Configure-EnterprisePartnerApplication.ps1 -AuthMetaDataUrl
“https://pool.adatum.com/metadata/json/1” -ApplicationType Lync
14. If you receive the error, “Load balancing failed to find a valid mailbox database,” repeat step 11 of this
task.
15. Type the following command, and then press Enter to stop and restart Internet Information Services
(IIS):
Iisreset
16. On LON-EX1, type the following command, and then press Enter to locate the value for
AutodiscoverServiceInternalURI:
17. Record the value from the last script below so that you can recall it later.
https://
18. On LON-SFB1, on the task bar, click Skype for Business Server Management Shell.
19. Type the following command, and then press Enter to configure Skype for Business Server with the
Autodiscover information:
20. Type the following command in the Skype for Business Server Management Shell, and then press
Enter to create a new partner application for Exchange:
21. Type the following command, and then press Enter to test the connectivity between Skype for
Business Server and Exchange Server:
22. You should receive the result, Test Passed. If not, contact your instructor.
23. On LON-SFB1, type the following command, and then press Enter to enable Exchange Archiving
globally:
24. On LON-SFB1, on the task bar, click Skype for Business Server Control Panel.
25. In the Windows Security dialog box, type Administrator in the User Name text box, type
Pa$$w0rd in the Password text box, and then click OK.
26. In the left navigation pane, click Monitoring and Archiving, click the Archiving Policy tab, click
New, and then from the drop-down list box, click User policy.
27. In the Name text box, type LondonArchivingPolicy. Select Archive internal communications and
Archive external communications, and then click Commit.
28. In the left navigation pane, click Users, in the search box, type Ed, click Find, and then double-click
the Ed Meadows user. Scroll down to the Archiving Policy, click the drop-down arrow, select
LondonArchivingPolicy, and then click Commit.
29. In the Skype for Business Server Management Shell, type the following command, and then press
Enter to enable Exchange Archiving for all users in the London pool:
30. Type the following command in the Skype for Business Server Management Shell, and then press
Enter to display a list of users that have been enabled for Exchange Archiving:
4. In the Select Users, Contacts, Computers, Services Accounts, or Groups dialog box, type
Administrator, click Check Names, and then click OK.
8. On the Exchange Admin Center page, in the User name text box, type Adatum\Administrator, in
the Password text box, type Pa$$w0rd, and then click Sign In.
10. Under In-Place eDiscovery & Hold, click the plus sign (+).
11. In the new in-place eDiscovery & hold window, in the Name and description text box, type
SfBItems, and then click Next.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 7-31
12. In the Mailboxes window, click Search all mailboxes, and then click Next.
13. In the Search query window, click Filter based on criteria, and then click select message types.
14. In the message types to search window, click select the messages types to search, select Skype for
Business items, and then click OK.
18. In the Exchange Admin Center, in the right navigation pane, click SfBItems. On the toolbar above,
click Refresh. In the right pane, notice the status of Estimate in progress. Do not continue until the
status shows Estimate Succeeded.
19. In the right navigation pane, click SfBItems. In the right pane, scroll down, and then select preview
search results.
Note: A new window opens. Notice the results of the archived message content.
3. On LON-SFB1, on the task bar, click Skype for Business Server Control Panel.
4. Click Monitoring and Archiving, and then click the Archiving Configuration tab.
5. Verify that the new archiving configuration settings exist for the Adatum Headquarters site. The site
configuration settings override the global configuration settings. Leave Skype for Business Server
Control Panel open.
6. In Skype for Business Server Control Panel, click New, and then from the drop-down list box, click
Pool configuration.
7. In the Select a Service window, click the Registrar:pool.adatum.com service, and then click OK.
8. In the New Archiving Setting window, verify that the Name box is already populated with
Registrar:pool.adatum.com.
9. In the Archiving setting drop-down list box, select Archive IM and web conferencing sessions,
select Exchange Server integration, and then click Commit.
Note: The pool configuration settings override the global and site configuration settings.
MCT USE ONLY. STUDENT USE PROHIBITED
7-32 Designing and Implementing Monitoring and Archiving in Skype for Business 2015
2. In the Virtual Machines list, right-click 20334B-LON-CL1, and then click Revert.
20334B-LON-CL2
20334B-LON-DC1
20334B-LON-SFB1
20334B-LON-SFB2
20334B-LON-SQL1
20334B-LON-EX1
20334B-LON-RTR
Results: After completing this exercise, you should have configured archiving settings, including policies,
configurations, and Exchange integration for Adatum. You also should have generated some IM and web
conferencing traffic to archive. Finally, you should have viewed the archived data by using Exchange
Control Panel.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 7-33
Module 8
Deploying Skype for Business 2015 External Access
Contents:
Module Overview 8-1
Module Overview
In Skype for Business Server, external access extends the functionality to users outside the organizational
network, facilitates federation, and makes meetings with external participants possible. This module will
teach you how to install and configure the required components, configure policies and users, and publish
Skype for Business web services to the Internet by using Windows Server 2012 R2 Web Application Proxy.
Objectives
After completing this module, you will be able to:
Identify the components for external access.
Lesson 1
Overview of External Access
To provide external access to Skype for Business, you need to know which components you require.
This lesson will introduce the Skype for Business Edge Server role and the requirement for reverse proxy
services. You will also learn how to define different remote user types.
Lesson Objectives
After completing this lesson, you will be able to:
Define remote, federated, Public IM Connectivity (PIC), and anonymous user types.
Add the Skype for Business Server Edge Server role to the topology. The Skype for Business Server
Edge Server role:
o Handles all non-web service traffic for external access; for example, Session Initiation Protocol
(SIP), Persistent Shared Object Model (PSOM), and Real-Time Transport Protocol (RTP).
o Handles all web service traffic for external access; for example, lyncdiscover, meet, and dial-in.
o Must support port redirection. You can use Web Application Proxy in Windows Server 2012 R2.
Configure policies:
o External access policies. You can configure these at the global, site, or user level.
o Access Edge configuration. You can configure these at the global level only.
The same applies to DirectAccess. If you use DirectAccess, the Name Resolution Partition Table, which is a
part of the DirectAccess Group Policies, must exempt all internal Skype for Business Domain Name System
(DNS) names. This forces the Skype for Business 2015 client to use the external Edge interface rather than
DirectAccess because internal server names cannot resolve. Users are classified as follows:
Remote users. All users from a Skype for Business deployment who validate in Active Directory
Domain Services (AD DS) have the same Skype for Business experience inside or outside the
organizational network.
Federated users. These users are also referred to as authenticated users because they validate in their
respective Active Directory infrastructure. Administrators of the federated organization control the
displayed information, such as display name.
PIC. Access from Skype for Business to Skype public. PIC is free, but it requires PIC provisioning via
https://pic.lync.com. When enabled, users can search the public Skype Directory without the need for
the Skype public users to merge their accounts with a Microsoft account. Communication with Skype
public is limited to one-to-one instant messaging (IM), audio, and video.
MCT USE ONLY. STUDENT USE PROHIBITED
8-4 Deploying Skype for Business 2015 External Access
Extensible Messaging and Presence Protocol (XMPP). Many third-party organizations use this alternate
signaling protocol, which is for both public and internal use. Skype for Business supports federation
with XMPP-based systems for IM and presence, without the need for additional components.
Anonymous/guest. Users who join a Skype meeting without validating are considered anonymous,
and they choose their own display name.
Question: Which Skype for Business Server role is necessary to enable external access?
Lesson 2
Configuring External Access Policies and Security
External access policies grant or deny users’ access to external communications. Like all other policies
within Skype for Business, only one policy applies to any user, either through inheritance (global or site) or
granted directly to the user as a user level policy.
The Edge Server role is not a member of the internal domain, but functions in workgroup mode, as it is
located in the perimeter network. The Edge server can be a domain member, i.e., member of a perimeter
network domain for update services.
Because an Edge server is not a member of the internal domain, it cannot use domain controllers to
validate received credentials from a connecting user. Instead, Edge servers are configured with a next hop
server, which is usually internal Front End Servers or Directors, if deployed.
You can configure an Edge server’s next hop server or pool by using the Skype for Business Server
Topology Builder. Allowing external traffic to internal Front End Servers for validation could potentially
place unwanted load on the servers.
By design, the Director role functions as the next hop server for incoming traffic from Edge servers. The
Director functions as a SIP proxy, relaying SIP to the appropriate internal Front End Serve, and it handles
all validation before relaying.
Lesson Objectives
After completing this lesson, you will be able to:
Enable communications with XMPP federated users. Skype for Business supports federation with
XMPP-based systems such as Google Talk and Cisco Jabber.
MCT USE ONLY. STUDENT USE PROHIBITED
8-6 Deploying Skype for Business 2015 External Access
Enable communications with remote users. Allows user to communicate with colleagues through
an Edge server and allows a user to connect through the Edge server as a remote user.
Enable communications with public users. Allows access to the public Skype user base.
Note: For a user to connect from the Internet to Skype for Business via a Skype for Business
Server Edge server, the user’s external access policy needs to allow communication with remote
users.
Besides the external access policy, you must allow the Edge server to transport traffic. You can do so by
using the global Access Edge configuration.
On the Access Edge Configuration tab, you can allow your Edge server to do federation and PIC, and if
enabled, allow for partner domain discovery. Further, if you enabled archiving for external
communications, you can select to send an archiving disclaimer to federated partners—you might be
obliged to do so by local laws.
Also on the Access Edge Configuration tab, you can control whether Edge servers allow remote users,
and optionally, whether to allow anonymous user access to conferences.
When using Skype for Business Server Control Panel, you can select the user-level external access policy
from a drop-down menu. By using the Skype for Business Management Shell, you can grant an external
access policy directly to an individual user. Alternatively, you can use queries to bulk assign, depending on
criteria such as placement in AD DS or membership of specific AD DS groups.
The following will grant the external access policy named ExternalAccessLondon to the user with the SIP
address adam@adatum.com.
You can safely exclude the Director from your topology design with confidence that the Front End Servers
will provide the same services. When you do deploy Directors, internal DNS for web services points to the
Director instead of the Front End Server pool.
When you use the Director role, it is configured as the Next Hop server for the Edge servers, and therefore
authenticates external users. If you do not deploy the Director role, the Front End Server handles
authentication.
Directors host the web service, such as Lyncdiscover, Meet, and Dialin, and they forward traffic to the
appropriate home pool for external users.
Lesson 3
Configuring External Access Network and Certificates
Understanding the functionality of the Edge server and knowing the traffic types and port numbers used
is key to successful deployment of external connectivity.
All Skype for Business traffic is encrypted by default. Most traffic is encrypted by using Transport Layer
Security (TLS), which relies on certificates. When deploying Edge servers, you use two certificates: one
public certificate on the Internet-facing network interface and an internal certificate on the internal-facing
network interface for encrypting internal traffic.
Lesson Objectives
After completing this lesson, you will be able to:
The IP addresses that you configure on the external network adapter must match the IP addresses in
Skype for Business Server Topology Builder for the services to start successfully. In Skype for Business
Server Topology Builder, you determine whether to deploy NAT. If you use NAT, you define the public IP
address that is used for A/V conferencing in the Skype for Business Server Topology Builder. This instructs
the Edge server to use the public IP address from the Skype for Business Server Topology Builder instead
of the address that is configured on the Skype for Business Server Edge server A/V interface when
negotiating A/V and sharing connections.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 8-9
If you can use three public IP addresses per Edge server, most of the traffic can communicate on port 443.
Port 443 is typically available for outbound connections from most networks, so it is more likely to
traverse the firewall without being blocked. If you set aside only one public IP address per Edge server,
traffic differentiates based on port rather than IP address. This is less firewall-friendly because the ports
that are used might not be available for outbound connections on all networks.
Configuration with three public IP addresses per Edge server (default setup):
Access Edge Server handles all inbound SIP traffic through port TCP/443 for remote users, and
inbound and outbound traffic through port TCP/5061 for federated users.
Web Conferencing Edge Server handles inbound PSOM traffic through port TCP/443.
A/V Edge server handles RTP traffic for audio, video, and sharing. Sharing uses port TCP/443 for
inbound traffic, and audio and video use port UDP/3478 for inbound traffic, but it can fall back to
TCP/443 if User Datagram Protocol (UDP) fails.
Configuration with one shared public IP address per Edge server (default setup):
Access Edge Server uses port TCP/5061 for remote users and federation.
Web Conferencing Edge Server uses port TCP/444.
Note: Application-layer firewalls might consider TCP/443 to be HTTPS and block packets
that do not appear to be HTTPS during inspection. Even though you use TCP/443, the traffic is
not HTTPS, and the firewall might block the traffic. You can often solve the problem by defining
your own TCP/443 traffic type in the firewall.
Before the release of Office Communications Server 2007 R2, the Edge server role was divided into the
A/V Conferencing Edge Server and the Access Edge Server. The A/V Conferencing Edge Server role did
not support NAT and had specific requirements for the external firewall. The external firewall needed to
allow ports 50,000–59,999 for both TCP and UDP. Since Office Communications Server 2007 R2, the Edge
Server role functions as a consolidated Edge server, meaning that only the Edge Server role is now
necessary. Skype for Business Server still supports opening the inbound port range of 50,000–59,999 for
both TCP and UDP in the external firewall toward the A/V interface on Skype for Business Server Edge
servers. Skype for Business clients will still attempt to use the high ports. If access to the high ports is
blocked, the Skype for Business client will use UDP/3478 or TCP/443, depending on whether the traffic is
A/V or sharing.
Opening the ports inbound towards the Skype for Business Server A/V Edge Server interface is still
supported and might help circumvent firewall equipment found between the clients that are blocking
UDP/3478 or TCP/443. This could help reduce issues regarding external A/V and sharing connections.
The Skype for Business client or other supported client that is connecting to the A/V Edge Server on either
port TCP/443 or UDP/3478 always uses the 50,000–59,999 range as the source port. The external firewall
needs to allow outbound traffic from the A/V Edge Server interface in the 50,000–59,999 UDP/TCP port
range.
When negotiating media paths, Skype uses the Internet Connectivity Establishment (ICE) protocol, which
in turn uses two different mechanisms for the media stream: Session Traversal Utilities for NAT (STUN)
and/or Traversal Using Relays around NAT (TURN). ICE, STUN, and TURN are necessary for Edge traversal
to function correctly.
MCT USE ONLY. STUDENT USE PROHIBITED
8-10 Deploying Skype for Business 2015 External Access
This demonstration will show how to set up an Edge server with one routed public IP address.
Demonstration Steps
1. On LON-SFB1, open Skype for Business Server Topology Builder, and then configure the Edge pool.
Use the following details:
o Single server
o Lon-edg.adatum.com
o Sip.adatum.com
The Edge server negotiates the setup of A/V conferencing and sharing channels via Session Description
Protocol (SDP), which is a part of the SIP specification. For this to succeed, the Edge server needs to know
the actual public IP address. If using the locally configured IP address from the private IP range, no
connections are possible.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 8-11
You should ensure that the IP addresses that you configure in Skype for Business Server Topology Builder
are the same IP addresses configured on the Edge server network adapters. If they differ, services will not
start.
If NAT is not in use, the public IP addresses will be on the external-facing network adapter on the Edge
server, and those public IP addresses will assign to the external Edge services by using Skype for Business
Server Topology Builder. This setup requires routing from the Internet to the perimeter network and vice
versa.
When on an organizational LAN, internal clients must not be able to make IP connections to any of the
external IP addresses on the Edge server. If an internal client discovers that it can connect to the external
IP addresses, the connection fails with an error in the SIP stack. The actual error message can vary
depending on which external port is connected, but it will likely mention that the connection failed
because both endpoints are internal.
Internally, you must manually add the Edge internal fully qualified domain name (FQDN) and the IP
address to the internal DNS servers. This applies to host names and to pool names. The following are the
most common external DNS records that you must ensure are in place. For the SIP domain adatum.com,
the records would be:
Dialin.adatum.com. Dial-in conferencing numbers and access to personal PIN and conference ID
reset.
ExternalWebService.adatum.com. For external access to web services, including Skype for Business for
mobile clients.
Sip.adatum.com. SIP channel used for all modalities, both remote users and federation.
Note: If you are using closed federation where traffic can only flow to allowed domains,
_sipfederationtls._tcp.adatum.com might not be necessary.
In organizations with multiple sites, each with its own Edge server pool for media and high availability,
each site can continue without administrator intervention if a complete Edge server pool failure occurs.
This is possible by using the priority part of the DNS service (SRV) resource records.
DNS load balancing requires supported clients and servers. Only clients and servers that run Lync 2010 or
later supports DNS load balancing.
On the internal-facing network adapter, it is a best practice to use internal certificates from your own,
internal certificate server or CA. The internal-facing network adapter only connects with clients and
servers that are internal.
The Certificate Wizard in the Skype for Business Server Deployment Wizard marks the private key as
exportable on the public certificate in order to reuse the same certificate on all external network adapters
that are in the same Edge server pool. You need to do the same on the internal network adapters, but be
aware that the Certificate Wizard will not warn you about the internal requirement.
When you run the Certificate Wizard to request and assign the certificates, it automatically adds the
required names to the subject name and subject alternative name (SAN). When requesting the internal
certificate as an Edge server pool member, the wizard only adds the Edge server pool name to the internal
certificate. We recommend that you manually add the individual FQDNs of the Edge pool members to the
SAN. Then, if you ever need to move from an Edge server pool to a single Edge server, you will not need
new certificates.
Remember that the Edge server should not be a member of the internal AD DS. Because the Edge server
is typically in workgroup mode or is a member of a perimeter network domain, it does not automatically
trust the internal CA. You will need to add the necessary root certificate, and if necessary, intermediate
certificates to the certificate store on the Edge servers.
Commonly, when you request certificates for Edge servers, you will use the offline request feature, which
generates a certificate request file that contains the public key of the certificate. This file is used when
requesting certificates from both a public CA and the internal, private CA.
Note: You can successfully request and install internal certificates on the Edge server
without having root trust in place. No services will start until the certificate is from a trusted CA.
Depending on the firewall settings that are governing the traffic between the LAN and the perimeter
network, you might be able to access the web services URL of the certificate infrastructure. From here, you
can request both the root and intermediate certificates, in addition to requesting new certificates.
If the web services interface has deployed on your AD DS CA, you can access it by using the URL in the
format http(s)://certificate.server.name/certsrv.
Demonstration Steps
1. Switch back to LON-EDG.
5. Request the external certificate offline. Use lon-dc1.adatum.com/certsrv to request and issue the
external certificate. Add the following SANs:
o Lyncdiscover.adatum.com
o Dialin.adatum.com
o Meet.adatum.com
o Pool.adatum.com
o Wac.adatum.com
Your task is to add a single consolidated Edge server by using routing in the London office. A server
named LON-EDG is prepared with the prerequisites.
Objectives
After completing this lab, you will be able to:
Lab Setup
Estimated Time: 45 minutes
Password: Pa$$w0rd
For this lab, you will use the available virtual machine environment. Before beginning the lab, you must
complete the following steps:
1. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2. In Hyper-V Manager, click 20334B-LON-DC1, and then in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts.
o Domain: Adatum
6. After completing this lab, leave the virtual machines running. You will need them in the next lab.
2. Switch to LON-SFB1, and if not already signed in, sign in as adatum\administrator with the
password Pa$$w0rd.
3. Open Topology Builder, and then save the current topology as C:\Lab08A.tbxml.
4. Add lon-edg.adatum.com as a single Edge server, without NAT, and with all the following functions
enabled:
6. Set as the default federation route for Adatum Headquarters for both SIP and XMPP.
7. Publish the topology.
Results: After completing this exercise, you should have added an Edge server to the topology and
publish it, and then exported the topology.
4. Restart LON-EDG.
3. In the Windows Security window, authenticate by using the user name adatum\administrator with
the password Pa$$w0rd.
4. On the Microsoft Active Directory Certificate Services – AdatumCA page, click Download a CA
certificate, certificate chain, or CRL.
5. In the Download a CA Certificate, Certificate Chain, or CRL window, click Download CA certificate.
6. In the Do you want to open or save certnew.cer (863 bytes) from lon-dc1.adatum.com? window, click
Open.
9. In the Certificate Import Wizard, select Local Machine, and then click Next.
10. On the Certificate Store page, select Place all certificates in the following store, and then click
Browse.
11. In the Select Certificate Store window, select Trusted Root Certification Authorities, and then click
OK.
13. In the Completing the Certificate Import Wizard window, click Finish.
16. Switch back to the Skype for Business Server Deployment Wizard. If the previous steps completed
without error, you can continue even if Step 2 is not marked as complete.
17. Go to Step 3: Request, Install or Assign Certificates, and then click Run. This opens the Certificate
Wizard.
18. In the Certificate Wizard, select Edge Internal, and then click Request.
19. In the Certificate Request window, accept the default selection Send the request immediately to an
online certification authority, and then click Next.
20. On the Choose a Certification Authority (CA) page, in the Specify another certification authority
text box, type lon-dc1.adatum.com\AdatumCA, and then click Next.
21. On the Certification Authority Account page, leave the default selection, type
adatum\administrator in the User name text box, Pa$$w0rd in the Password text box, and then
click Next.
MCT USE ONLY. STUDENT USE PROHIBITED
8-18 Deploying Skype for Business 2015 External Access
23. On the Name and Security Settings page, select Mark the certificate’s private key as exportable,
and then click Next.
24. In the Organization Information window, in the Organization text box, type A Datum.
25. In the Organizational unit text box, type IT, and then click Next.
26. On the Geographical Information page, from the Country/Region drop-down list, select United
Kingdom.
28. In the City/Locality text box, type London, and then click Next.
29. On the Subject Name / Subject Alternate Names page, click Next.
30. On the Configure Additional Subject Alternative Names page, click Next.
31. On the Certificate Request Summary page, click Next.
32. An “Executing Commands” message displays. Wait for the Task status to display Completed, and
then click Next.
33. On the Online Certificate Request Status page, accept the default selection for Assign this
certificate to Skype for Business Server certificate usages, and then click Finish.
36. Wait for the assignment to complete. When complete, click Finish. This closes the Certificate
Assignment Wizard and takes you back to the Certificate Wizard.
37. In the Certificate Wizard, select External Edge certificate (public Internet), and then click Request.
38. On the Delayed or Immediate Requests page, select Prepare the request now, but send it later
(offline certificate request), and then click Next.
39. On the Certificate Request File page, in the File name text box, type C:\CertReq.req, and then click
Next.
44. On the Subject Name / Subject Alternative Names page, click Next.
45. On the SIP Domain setting on Subject Alternative Names page, click Next.
46. On Configure Additional Subject Alternative Names page, add the following names (because you
are going to use the same certificate for reverse proxy), and then click Next:
o Lyncdiscover.adatum.com
o Dialin.adatum.com
o Meet.adatum.com
o Pool.adatum.com
o Wac.adatum.com
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 8-19
48. An “Executing Commands” message displays. When command execution is complete, click Next.
49. On the Certificate Request File page, click View. This opens the CertReq.req file in Notepad.
50. Select all the content by pressing Ctrl+A, and then copy the content by pressing Ctrl+C. You now
have the request data on the Clipboard.
51. Click Finish to close the Certificate Request window.
54. On the Microsoft Active Directory Certificate Services -- AdatumCA home page, click Request a
certificate.
56. On the Advanced Certificate Request page, click Submit a certificate request by using a base-
64-encoded CMC or PKCS#10 file, or submit a renewal request by using a base-64-encoded
PKCS #7 file.
57. In the Saved Request text box, paste the content of the Clipboard by pressing Ctrl+V.
58. In the Certificate Template drop-down list, select Web Server, and then click Submit.
61. In the The certnew.cer download has completed window, click Open.
62. In the Certificate Information window, click Install Certificate. This opens the Certificate Import
Wizard.
63. In the Welcome to the Certificate Import Wizard, under Store Location, select Local Machine, and
then click Next.
64. In the Certificate Store window, select Place all certificates in the following store, and then click
Browse.
65. In the Select Certificate Store window, select the Personal store, and then click OK.
71. Select External Edge certificate (public Internet), and then click Assign.
73. On the Certificate Store page, select Skype for Business Server 2015 External Edge certificate,
and then click Next.
75. Wait for the Certificate Assignment task to complete, and then click Finish.
76. In the Certificate Wizard, note the green check marks, and then click Close.
MCT USE ONLY. STUDENT USE PROHIBITED
8-20 Deploying Skype for Business 2015 External Access
77. Open the Skype for Business Server Management Shell, type the following command, and then press
Enter:
Start-CsWindowsService
78. In the Skype for Business Server Management Shell, type the following command, and then press
Enter to validate that the services are running:
Get-CsWindowsService
2. Open Skype for Business Server 2015 Control Panel from the taskbar. Sign in as
Adatum\Administrator with the password Pa$$w0rd.
4. Under External Access Policy, double-click the Global policy to edit its settings.
5. In the External Access Policy - Global window, select all check boxes, and then click Commit.
6. Still in the Federation and External Access window, select Access Edge Configuration.
7. Double-click the Global policy, configure the following options, and then click Commit:
Results: After completing this exercise, you should have installed an Edge server, installed certificates and
started services, and then enabled external access by using policies.
Question: Why did you do an offline certificate request for the external interface on LON-EDG?
Question: Why did you add the DNS suffix to LON-EDG?
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 8-21
Lesson 4
Configuring Reverse Proxy
When deploying external access in Skype for Business Server, you must configure access to the web
services via a reverse proxy. A reverse proxy handles all HTTPS traffic to and from external clients. By using
a reverse proxy, the actual packets that the Front End Server or the Director (if deployed) receives will not
be the original data that the reverse proxy received—the reverse proxy generated those packets.
The key requirement for the reverse proxy is port redirection. On the Skype for Business Server Front End
Server and Director, you will find two different websites: one for internal users on port 443 (80), and
another for external users on port 4443 (8080).
When an external user attempts to contact lyncdiscover.adatum.com, the connection will be toward the
external interface on the reverse proxy on port TLS/443. The reverse proxy then contacts the external
website on port TLS/4443 (8080) that is running on the Skype for Business Front End Server or Director.
Lesson Objectives
After completing this lesson, you will be able to:
This process is also known as publishing. The reverse proxy publishes external web services for Skype for
Business Server, including meeting content, address book, and group expansion.
MCT USE ONLY. STUDENT USE PROHIBITED
8-22 Deploying Skype for Business 2015 External Access
Depending on the type and brand of reverse proxy, you can implement varying levels of inspection, such
as malware or antivirus. After the discontinuation of Microsoft Forefront Threat Management Gateway,
the supported offerings from Microsoft include:
Web Application Proxy, which is new in Windows Server 2012 R2. This component of the Remote
Access group allows publication of apps and services. It requires Active Directory Federation Services
(AD FS) deployment.
Microsoft Internet Information Services Application Request Routing (IIS ARR). This downloadable
add-in allows IIS to work like a reverse proxy.
A true wildcard certificate with *.adatum.com is not supported in the Subject Name portion of a
certificate. Skype for Business only supports wildcard certificates on the SAN.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 8-23
If you have already deployed AD FS, it makes sense to use Web Application Proxy. However, deploying
AD FS solely just to use Web Application Proxy might seem like a waste of time and resources. In this case,
IIS ARR is the better choice.
Note: Many of the most commonly used firewalls have reverse proxy functionality built in,
so you can also consider using that as an alternative.
Demonstration Steps
1. Sign in to LON-PXY as adatum\administrator with the password Pa$$w0rd.
2. Open Remote Access Management, click Web Application Proxy, and then run the Web Application
Proxy Configuration Wizard.
o Password: Pa$$w0rd
4. Switch to LON-EDG, and then sign in as adatum\administrator with the password Pa$$w0rd.
5. Open the Microsoft Management Console (MMC).
7. Export the sip.adatum.com certificate, including the private key, and then save it to
C:\EdgeExport.pfx.
8. Switch to LON-PXY, and then import the certificate, including the private key, from
\\lon-edg\c$\EdgeExport.pfx.
o Name: lyncdiscover
o Certificate: sip.adatum.com
o Dialin.adatum.com
o Pool.adatum.com
13. Repeat steps 9 through 11 for wac.adatum.com. Publish without appending :4443 because Office
Online Server does not require port redirection.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 8-25
Lesson 5
Designing Mobility in Skype for Business Server
Skype for Business Server supports mobile clients, such as the Skype for Business Mobile app running on
iOS, Android, and Windows Phone. This lesson will teach you how to configure Skype for Business Server
for mobile clients.
Lesson Objectives
After completing this lesson, you will be able to:
Describe how to configure settings for external access to the Skype for Business Mobility Service.
If they do not want to use the data channel for VoIP, users can use Call Via Work – a callback from the
server to the mobile devise. If the user configures the mobile client to require Wi-Fi for VoIP and Wi-Fi is
unavailable, users receive an ordinary call on their mobile phone using the carrier’s technology, such as
Wideband Code Division Multiple Access, Global System for Mobile Communications, or Universal Mobile
Telecommunications System. This also applies to outbound calls from the mobile client.
If making an outbound Skype for Business or Lync call when VoIP is restricted, the user receives a call from
Skype for Business Server. When the user answers the incoming call, the Skype for Business Server
establishes a connection to the other party before joining them on the server.
Note: Call via Work can result in cost savings when users roam abroad. It is typically
cheaper to receive a call than make an outbound call when roaming.
Besides giving users access to presence, IM, VoIP, and video, the mobile client also gives access to the
calendar from Microsoft Exchange with today’s and tomorrow’s meetings.
MCT USE ONLY. STUDENT USE PROHIBITED
8-26 Deploying Skype for Business 2015 External Access
If Exchange 2013 or later is in use, Skype for Business Server can offer a server-side conversation history.
With server-side conversation history enabled, the call history, including IMs, synchronizes across desktop
and mobile clients. With server-side conversation history, you can leave an IM session on your PC and pick
up where you left off from your mobile device.
Mobile clients support click-to-join Skype meetings. When you click the link in an invitation, the built-in
browser on the mobile device hands over control to the Skype for Business mobile client and joins the
audio part of the meeting. This is also true when VoIP is unavailable; the user simply receives a public
switched telephone network (PSTN) callback.
You can control the mobile settings by using a mobility policy. From the Skype for Business Server
Management Shell, you can use the Set-CsMobilityPolicy cmdlet to control the mobile settings. Policies
are available at the global, site, and user level.
Run the Get-CsMobilityPolicy cmdlet to list the current mobility policies.
Autodiscover Service
When you include the Skype for Business Mobile
app or Lync 2013 mobile in your deployment, you
will want to use automatic discovery of the Skype
for Business Server deployment. When configured
for automatic discovery, users only need to enter
their SIP address and password to sign in.
If a user’s UPN does not match the SIP address, users can enter their user name, either as domain\user or
as the UPN user@domain.xyz. Mobile clients use lyncdiscover and lyncdiscoverinternal to discover the
Skype for Business Mobility Service, which runs as part of the web service.
Lync 2010 for mobile clients introduced lyncdiscover and lyncdiscoverinternal. This is the preferred
automatic discovery method for Lync 2013 and newer desktop clients.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 8-27
Note that when mobile clients connect to Skype for Business Server via a reverse proxy, they redirect to
the external web service address by default. If the mobile client is on internal Wi-Fi, this configuration
requires hairpinning through the external firewall. Hairpinning happens when an internal client makes an
outbound connection that loops back through the same firewall.
Having users connect to the external interface when using mobile devices makes reconnections faster.
This is because the endpoint information remains the same even when the client shifts from Wi-Fi to
mobile data and vice versa.
You can keep mobile devices on the inside of a network by using the Set-CsMcxConfiguration Windows
PowerShell command.
Demonstration Steps
1. Sign in to LON-SFB1 as adatum\administrator with the password Pa$$w0rd.
2. In Skype for Business Server Management Shell, type the following commands, and then review the
settings:
Get-CsMcxConfiguration
Get-CsMobilityPolicy
Note: This completes the last demonstration in this module—please revert all virtual
machines.
MCT USE ONLY. STUDENT USE PROHIBITED
8-28 Deploying Skype for Business 2015 External Access
2. In the Virtual Machines list, right-click 20334B-LON-CL1, and then click Revert.
o 20334B-LON-CL2
o 20334B-LON-DC1
o 20334B-LON-SFB1
o 20334B-LON-SFB2
o 20334B-LON-SQL1
o 20334B-LON-EDG
o 20334B-LON-PXY
o 20334B-LON-RTR
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 8-29
Lesson 6
Designing Federation in Skype for Business Server
Federation enables communication and collaboration with users in other organizations who are running
Skype for Business Server or one of its predecessors. Skype for Business Server also supports federation
with XMPP-based systems.
Federation with a Skype public network is commonly known as PIC. It requires completion of the
provisioning process.
Lesson Objectives
After completing this lesson, you will be able to:
Allowed Partner Server. This enables communication with allowed domains with configured Skype
for Business Edge server addresses only.
Allowed Partner Domain. This enables communication with allowed domains and automatic
discovery of Edge server addresses and ports.
MCT USE ONLY. STUDENT USE PROHIBITED
8-30 Deploying Skype for Business 2015 External Access
Discovered Partner Domain. Skype for Business Server automatically identifies the federation
partners. This federation option works in combination with a block list, where you can block
communications for certain domains. It is the most user-friendly federation option. However, you
must initiate a process to monitor the Event Viewer and Skype for Business Server logs to add
partners to the list of enhanced federation partners or SIP domains that you want to block. The open
federation option has the following limitations:
o Requests only 1,000 SIP Uniform Resource Identifiers (URIs); add to the allowed list to remove this
limitation.
o Allows only 20 messages per second; add to the allowed list to remove this limitation.
PIC Provisioning
You need both licensing and provisioning for
public IM in Skype for Business Server. You do not
require any additional licenses beyond your Skype
for Business client access license to federate.
However, you do need Skype for Business PIC to
federate with Skype public. The Skype for Business
PIC provisioning guide describes the provisioning
process for public IM in detail.
You can start the provisioning process when you set up external access to Skype for Business Server for
federation. As part of the provisioning process, you need to provide Microsoft the following information:
Contact information
When Microsoft receives the required information via https://pic.lync.com, the information is tested and
your credibility is established. After testing, you receive a notification, and the provisioning process for
each PIC domain begins.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 8-31
XMPP Federation
A Skype for Business Server Edge server can
function as an XMPP proxy, forwarding XMPP
traffic to the XMPP translation gateway that is
included on the Front End Servers. The translation
gateway performs the necessary translation
between SIP and XMPP.
Like SIP federation, XMPP federation requires DNS records for automatic discovery.
The service (SRV) resource record should be in the format _xmpp-server._tcp.adatum.com 0 0 5269
sip.adatum.com.
XMPP operates on TCP 5269, so you must allow this port through the external firewall.
From the Edge server to the Front End Servers, use port TCP 23456.
You can configure XMPP federated partners by using the Skype for Business Server 2015 Control
Panel or the Skype for Business Management Shell.
MCT USE ONLY. STUDENT USE PROHIBITED
8-32 Deploying Skype for Business 2015 External Access
Objectives
After completing this lab, you will be able to:
Lab Setup
Estimated Time: 30 minutes
Password: Pa$$w0rd
Virtual machines are running from the previous lab. Start 20334B-LON-PXY, 20334B-LON-CL1, and
20334B-LON-CL2. Sign into LON-CL1 as Adatum\Ed with the password Pa$$w0rd.
3. Create publishing rules for Skype for Business Server and Office Online servers.
3. In the Run dialog box, type MMC, and then click OK. This opens an empty MMC.
5. In the Add or Remove Snap-ins window, select Certificates, and then click Add.
6. In the Certificates snap-in, select Computer account, and then click Next.
9. In the left navigation pane, expand Certificates (Local Computer), expand Personal, and then click
Certificates. This lists the installed certificates.
11. On the shortcut menu, point to All Tasks, and then click Export.
15. Click Password. Type the password Pa$$w0rd twice to confirm, and then click Next.
16. On the File to Export page, click Browse.
19. On the Completing the Certificate Export Wizard page, click Finish, then click OK.
21. Open File Explorer, browse to \\lon-edg\c$\, and then double-click edgeexport.pfx.
22. On the Welcome to the Certificate Import Wizard page, select Local Machine, and then click
Next.
23. On the File to Import page, type the following, and then click Next:
\\lon-edg\c$\EdgeExport.pfx
24. On the Private key protection page, in the Password text box, type Pa$$word.
25. Select Mark this key as exportable, and then click Next.
26. On the Certificate Store page, click Next, click Finish, and then click OK.
Task 3: Create publishing rules for Skype for Business Server and Office Online
servers
1. On LON-PXY, in the Remote Access Management Console, under Tasks, click Publish.
o Name: lyncdiscover
o External URL: https://lyncdiscover.adatum.com
o Certificate: sip.adatum.com
o Meet.adatum.com
o Dialin.adatum.com
o Pool.adatum.com
5. Repeat the above steps for wac.adatum.com. Publish without appending :4443 because Office
Online Server does not require port redirection.
6. Open Network Connections, and then enable the Perimeter network adapter.
Results: After completing this exercise, you should have configured Web Application Proxy, exported and
imported a certificate, including a private key, and then created publishing rules for Skype for Business
Server and Office Online servers.
2. In the search box, type Notepad, right-click Notepad from the results, on the shortcut menu, click
Run as administrator, and then click Yes.
3. In Notepad, on the File menu, click Open, go to c:\windows\system32\drivers\etc\hosts, and then
open the Hosts file.
o 192.168.1.5 sip.adatum.com
o 192.168.1.6 lyncdiscover.adatum.com
o 192.168.1.6 meet.adatum.com
o 192.168.1.6 dialin.adatum.com
o 192.168.1.6 pool.adatum.com
o 192.168.1.6 wac.adatum.com
3. Validate the IPv4 configuration on the Internet connection. The settings should be:
o IP: 131.107.0.51
o Subnet: 255.255.255.0
o DNS: Blank
2. In the Virtual Machines list, right-click 20334B-LON-CL1, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.
o 20334B-LON-CL2
o 20334B-LON-DC1
o 20334B-LON-SFB1
o 20334B-LON-SFB2
o 20334B-LON-SQL1
o 20334B-LON-EDG
o 20334B-LON-PXY
o 20334B-LON-RTR
Results: After completing this exercise, you should have added public Domain Name System (DNS) to
LON-CL2 via the Hosts file, and moved LON-CL2 to the outside of the network and validate the
connection.
Question: Why did you add :4443 to the published Skype for Business Server URLs?
Question: Why did you install the AdatumCA root certificate on LON-EDG and LON-PXY?
MCT USE ONLY. STUDENT USE PROHIBITED
8-36 Deploying Skype for Business 2015 External Access
Do not place NAT between the internal network adapter on the Edge server and the local area
network (LAN).
Skype public requires the Public IM Connectivity provisioning process to complete before you can
enable it.
Extensible Messaging and Presence Protocol (XMPP) federation only allows presence and one-to-one
instant messaging (IM).
Review Question
Question: What type of federation might your organization deploy?
An organization can have only one active federation route per SIP domain, so manual action might
be necessary in case of an outage.
Use the service (SRV) resource record priority in DNS to add backup routes for federation and remote
user access.
MCT USE ONLY. STUDENT USE PROHIBITED
9-1
Module 9
Implementing Persistent Chat in Skype for Business 2015
Contents:
Module Overview 9-1
Module Overview
An organization’s employees need to interact with each other in the course of their work. Skype for
Business 2015 provides peer-to-peer and multiparty conferencing modes to support this need.
Additionally, if employees require conversations to persist beyond real-time communications, then
it is necessary to plan, design, and deploy Persistent Chat Server in Skype for Business Server 2015.
Objectives
After completing this module, you will be able to:
Lesson 1
Designing a Persistent Chat Server Topology
Designing a Persistent Chat Server deployment properly for your organization is as important as any
other Skype for Business component. You need to ensure that organizational productivity is not adversely
affected. Additionally, you must ensure compliance with legal requirements and standards. To design a
Persistent Chat deployment, you should be familiar with the elements in the Persistent Chat infrastructure.
This lesson provides an overview of Persistent Chat in Skype for Business, and it provides details and
considerations for designing a Persistent Chat deployment.
Lesson Objectives
After completing this lesson, you will be able to:
Information overload.
Disjointed communications.
Knowledge management.
By using Persistent Chat, teams can efficiently share information, ideas, and decisions with one another.
Messages that post to chat rooms (discussion forums) can persist—that is, they can be available over
time—so that people from different locations and departments can participate even when they are not
simultaneously online. When a user connects to a chat room, backchat, which is a configurable number of
chat history messages, automatically loads in the chat room to give the user context for the conversation.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 9-3
Client-side filters allow users to define conditions, such as keywords in message content or the value of
the From field in a message. When those conditions are met, users receive notifications in Persistent Chat
instant messages or chat room messages. Because of this, users can stay up to date with the content that
interests them most. Users also can add chat rooms that they want to follow to their contact list.
By making it easy to collaborate in long-running topics with others in an organization, and by providing a
persistent place to share information, Persistent Chat helps improve communication.
Identify the scenarios where you can use Persistent Chat Server.
Employees in the United States need to have running conversations with peers in the
United Kingdom on international sales activity.
Executives are inundated with communications from various business units and want to
be notified if a priority conversation takes place.
Project teams need to search for conversations that occurred several months back.
One or more computers that host a SQL Server back-end database for hosting the Persistent Chat
compliance database, if compliance is enabled
MCT USE ONLY. STUDENT USE PROHIBITED
9-4 Implementing Persistent Chat in Skype for Business 2015
Each computer that hosts Persistent Chat Server must have access to an existing Skype for Business
topology, which includes a Skype for Business Front End Server. The Front End Server is the foundation for
Session Initiation Protocol (SIP) routing, which makes the communication between computers that are
running Persistent Chat Server and Persistent Chat functionality possible. When Persistent Chat deploys,
the Front End Server that is designated as the next hop in the topology will be configured to host
Persistent Chat web services for the File Upload and Download service and Persistent Chat web services
for chat room management.
Before you begin to deploy the Persistent Chat Server role, use the Skype for Business Topology Builder to
verify the current deployment of Skype for Business Server Standard Edition, the Skype for Business Server
Front End pool, and any other internal computers that are running Skype for Business. Your existing
infrastructure will affect how you deploy Persistent Chat Server.
Persistent Chat Server uses the Persistent Chat database to store chat history, configuration, and user
provisioning data. Optionally, it uses the Persistent Chat compliance database to store compliance data.
The Persistent Chat Compliance service manages the Persistent Chat compliance database. The role of the
Compliance service is to record and archive information in the compliance database. When members of a
Persistent Chat Server that has the Compliance service enabled have conversations in a chat room, some
information will be collected and archived. This information includes actions and data such as:
Joining a Persistent Chat room.
Posting a message.
Viewing chat history.
Uploading a file.
Downloading a file.
Best Practice: If you deploy Persistent Chat Server on Skype for Business Server Enterprise
Edition, we recommend that you configure a dedicated Persistent Chat file store in addition to
the file store that is created for the front end.
Single-server
Multiple-server
An Enterprise Edition Skype for Business Server pool with a single dedicated Persistent Chat Server
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 9-5
Although deploying a single-server topology might reduce the cost and complexity of a Skype for
Business infrastructure, it will not scale as well as a multiple-server topology. One of the easiest
configurations for cost-savings is collocated Persistent Chat Server and Front End Servers on the
Skype for Business Server Standard Edition. However, you should avoid collocating Persistent Chat Server
and Front End Server on the Standard Edition of Skype for Business Server, especially if your organization
requires performance and scalability. Collocation is an excellent option for proof-of-concept and pilot
projects.
Best Practice: Standard Edition supports installing Persistent Chat Server as a collocated or
stand-alone instance. We recommend the stand-alone option over collocation.
Stand-alone, single Persistent Chat Server topologies provide greater flexibility for organizations that want
to start small and scale out as needed. As long as the Persistent Chat Server is not collocated with the
Front End Server on Skype for Business Server Standard Edition, you can add additional Persistent Chat
Servers to scale to a multiple-server topology at a later time.
Note: The Enterprise Edition of Skype for Business Server does not support collocation. You
must deploy Persistent Chat Server as a stand-alone instance on the Enterprise Edition of
Skype for Business Server. You can use an Enterprise Edition Back End Server for the Persistent
Chat store and optionally for a Persistent Chat compliance store.
The Persistent Chat Back End Server and the optional Compliance service can collocate with Persistent
Chat Server and the Front End Server on the Standard Edition of Skype for Business Server. Additionally, a
single-server topology supports the following Persistent Chat Back End Server and Compliance service
options for the Persistent Chat and Persistent Chat compliance stores:
Collocated on a Standard Edition server
Multiple-Server Topology
To provide greater capacity and reliability, you
can deploy a multiple-server topology. A multiple-
server topology can include as many as four active
computers that are running Persistent Chat Server.
High availability and disaster recovery
configurations will allow up to eight, but only four
can be active; the remaining four are standby.
Each active server can support as many as 20,000
concurrent users, totaling 80,000 concurrent users
that connect to a Persistent Chat Server pool with
four servers.
Servers in a Persistent Chat pool communicate with one another over TCP port 8011. Client connections
distribute across the active servers in the pool. Chat history and uploaded data on one server in a pool can
be accessed by other servers in the pool. Users on different servers in a pool can communicate with other
users in the same pool. In the event of a server failure, users are automatically transferred to other servers
in the pool.
Note: The “Planning a Lync Server 2013 Deployment on Virtual Servers” document at the
URL below has not been updated to include Skype for Business at the time of writing this
module. However, the recommendations in the document will provide a solid basis for deploying
Skype for Business Server on virtual machines.
The base hardware and software requirements for a stand-alone Persistent Chat Server instance are the
same as the Front End Server, the Back End Server, and the Standard Edition Server. The following table
lists the hardware requirements.
Central processing unit 64-bit dual processor, hex-core, 2.26 gigahertz (GHz) or faster
(CPU)
Back-end databases Microsoft SQL Server 2014 Enterprise (x64) with Cumulative Update 6
(CU6)
Microsoft SQL Server 2014 Standard (x64) with CU6
Microsoft SQL Server 2012 Enterprise (x64) with the latest service pack
Microsoft SQL Server 2012 Standard (x64) with the latest service pack
Microsoft SQL Server 2008 R2 Enterprise (x64) with the latest service pack
Microsoft SQL Server 2008 R2 Standard (x64) with the latest service pack
Note: It is possible to upgrade to Skype for Business Server on a Windows Server 2008 R2
computer. However, we do not recommend new deployments because mainstream support for
Windows Server 2008 R2 expired on January 13, 2015. For more information, refer to the
following website.
Persistent Chat Server also requires MSMQ, which is used in communications from the Persistent Chat
Server to the Persistent Chat Compliance service.
Each Persistent Chat Server can support up to 20,000 active users. Each Persistent Chat Server pool will
support up to four active servers for a total of 80,000 concurrent users and 150,000 provisioned users
(enabled by policy). The total concurrent users can have no more than 120,000 combined endpoint
connections.
Note: Although you can create multiple Persistent Chat Server pools in a single
Skype for Business Server organization, for compliance reasons, multiple pools will not allow you
to support more than 80,000 concurrent users in the same organization.
MCT USE ONLY. STUDENT USE PROHIBITED
9-8 Implementing Persistent Chat in Skype for Business 2015
Are you migrating from a previous version of Persistent Chat Server, formerly known as Group Chat
Server, or are you deploying Persistent Chat Server for the first time? Existing Group Chat data might
need to be migrated. Refer to the following link for more details.
Migration from Lync Server 2010, Group Chat or Office Communications Server 2007 R2
Group Chat to Lync Server 2013, Persistent Chat Server
http://aka.ms/hi72cj
Are there compliance requirements? Persistent Chat Server supports compliance. The Compliance
service runs collocated on the Persistent Chat Server, as opposed to the requirement for a separate
computer in Group Chat Server deployments. Compliance is optional, and if chosen, requires a
compliance database that you must configure to store compliance data and events. You might also
want to configure an adapter to take the data from the compliance database and convert it to
another format, such as XML files or Microsoft Exchange–hosted archives.
How do you want to control scopes, ethical boundaries, and access? You can define categories in
Skype for Business Server Control Panel or the Skype for Business Server Management Shell to
segregate these boundaries and to choose who can be in chat rooms in each of these categories.
How do you want to control who can create chat rooms? You can configure creators, appropriate to
your categories, who can create rooms. Creators can assign other members as chat room managers
for ongoing management of the rooms, such as adding or removing additional members. The
AllowedMembers and DeniedMembers lists that you configure in the corresponding category
define who can and cannot be added to a chat room.
How do you want to create chat rooms? Persistent Chat Server provides a web-based feature for
creating and managing rooms from the Skype for Business client. You can choose to define a custom
chat room creation solution by using the Persistent Chat Server software development kit (SDK).
Custom solutions can support more complex business requirements and workflows. Persistent Chat
Server can also direct users to your custom solution.
What kind of add-ins do you want to provision? Add-ins enhance the in-room experience by taking
advantage of the extensibility pane in the Skype for Business client to provide context that is relevant
to the room. You can choose what general add-ins might be most useful—for example, your
organization’s website and internal collaboration documents. Chat room managers can choose one of
the registered add-ins and associate it with their rooms, if required.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 9-9
What kind of high availability and disaster recovery requirements do you have? Persistent Chat Server
supports SQL Server mirroring and AlwaysOn Availability Groups for high availability. It also supports
up to eight servers—four active and four standby—in a stretched pool with SQL Server log shipping
for disaster recovery.
Question: You are the administrator for an organization that has 25,000 users. Fifty percent
of the users will be enabled for Persistent Chat. Your Chief Financial Officer (CFO) said that
you must implement a communications solution that minimizes cost. Your Chief Technology
Officer (CTO) said that you must implement a solution that can scale to 100 percent of the
users over the next 12 months. What design recommendations would you make to
leadership?
Question: You are the administrator for an organization that has 3,000 users. Ten percent
of the users will be enabled for Persistent Chat. Your CFO said that you must implement a
communications solution that minimizes cost. Your CTO said that none of the content
is critically important. Your Chief Security Officer (CSO) stated that all electronic
communications must be discoverable by legal counsel. What design recommendations
would you make to leadership?
MCT USE ONLY. STUDENT USE PROHIBITED
9-10 Implementing Persistent Chat in Skype for Business 2015
Lesson 2
Deploying Persistent Chat Server
After you design and plan Persistent Chat Server for your Skype for Business Server organization, you will
need to deploy it. This includes publishing the topology and installing the Persistent Chat Server role on
the server or servers that will host your chat rooms. To do this, you should be familiar with the
deployment process and the tools to deploy Persistent Chat Server.
Lesson Objectives
After completing this lesson, you will be able to:
By creating two or more categories, organizations can create ethical walls between different groups of
individuals. Ethical walls are defined as: “A process for avoiding conflicts of interest by limiting disclosure
of information to certain attorneys or individuals within a firm or corporation, thereby building a
metaphorical wall between the holders of information and colleagues who represent interests or hold
opinions which conflict” (Susan Ellis Wild, Webster's New World Law Dictionary, [Hoboken, New Jersey:
Wiley Publishing, Inc., 2006], 135).
Categories are particularly helpful if you want to prevent users from seeing certain rooms when they
browse the list of available rooms. It is worth noting, however, that within the scope of a category, secret
rooms are only visible to the members of that room. All other chat rooms are visible to anyone within a
category whether they are a member of a chat room or not.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 9-11
Within a category, it is possible to define specific user roles. User roles allow organizations to control user
access to individual chat rooms. For example, users can be allowed or denied access to a category. Users
cannot be added to chat rooms in a category they are not configured as allowed or they are explicitly
denied. The following table describes each of the user roles.
Some tasks cannot be performed by any of the user roles. Administrator roles perform such tasks. These
roles allow an organization to control who can deploy Persistent Chat, create ethical walls, and perform
advanced administrative tasks on chat rooms.
Persistent Chat administrator Manage Persistent Chat configuration (pool, global settings,
(CsPersistentChatAdministrator) and compliance configuration)
Manage all chat rooms
Create and manage categories
Disable and delete chat rooms
Migrate from Group Chat
Mange Persistent Chat from the Windows PowerShell
command-line interface
Identify the size of chat rooms so that you can determine the number of chat rooms your server or
pool can support. Keep in mind that there is a maximum of 20,000 active users per server and 80,000
per pool. Here is an example of how you can identify the size based on the number of users:
Limit the number of access control lists (ACLs) that are created for each chat room. You can create a
maximum of 2 million ACL entries before server performance starts to degrade. We recommend that
you use AD DS security groups instead of individual users to grant access to rooms if possible.
Minimize the use of invitations sent from and stored by Persistent Chat Servers. Although invitations
sent from a chat room are an excellent tool to illicit participation in a chat room, they come with a
potentially steep price. If the number of generated invitations exceeds 1 million, performance can
severely degrade. Use the Set-CsPersistentChatCategory cmdlet to change the settings for
invitations for an entire category. You can use the Set-CsPersistentChatRoom cmdlet to change
the settings for a specific chat room.
Monitor chat room performance metrics to determine if changes in the design are necessary over
time.
Capacity planning for Persistent Chat Server in Skype for Business Server 2015
http://aka.ms/lzqeei
As you create your categories and Persistent Chat rooms, design your scoping and membership. The
following guidelines can help you in your planning:
If your organization does not require an ethical wall, do not narrow the scope in your category tree.
Put all of your users in the scope of one category, and create all chat rooms in that category.
Subsequently, use membership lists only to grant or restrict access to each chat room.
In most cases, you should enable users to create new chat rooms so that they can start discussions
about new topics at any time. Enable this by making the Creators list the same as the
AllowedMembers list. However, if you only want to allow a central support team or designated users
to create rooms, then make the Creators list the appropriate subset.
Give each chat room a complete name and description summary that describes where it fits in your
organization. Because users cannot see the category name when they use a chat room, you cannot
rely on the category name to help users determine the intended discussion forum for the chat room.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 9-13
You might want to have a custom room-creation workflow if you have certain naming conventions or
other access controls or validations to implement. The Set-CsPersistentChatConfiguration cmdlet
enables you to customize the RoomManagementUrl setting to a workflow that you have built. For
example, when users click Create a room in their Skype for Business client, they bypass the built-in
workflow and connect to your custom solution.
Question: If your organization decides to deploy Persistent Chat Server, which of the following
capacity planning methods do you feel would be appropriate for your organization?
You can create a new add-in by using Skype for Business Server Control Panel. The Persistent Chat page
in Skype for Business Server Control Panel contains an Add-in section. When you specify a URL for an
add-in, the layout of the chat room modifies to include a conversation extensibility pane. The add-in’s
active content displays in this pane. To make an add-in available for chat rooms, chat room administrators
must register the add-in. After a chat room manager associates a registered add-in with a room, the
members will be able to see the upgraded content. Registered add-ins are reusable by more than one
chat room.
You can configure add-ins in Skype for Business Server Control Panel and Windows PowerShell. The
following are the high-level tasks that you must perform to use an add-in with Persistent Chat:
1. Identify an add-in or optionally develop one by using the Microsoft Lync Server 2013 Persistent
Chat SDK.
3. Associate the add-in with a Persistent Chat room by using the Set-CsPersistentChatRoom cmdlet.
If this pool will be the default for the site in which it is created.
The SQL Server name and instance name for the Persistent Chat store.
Note: You can enable the Compliance service by using the Topology Builder tool. After
it is enabled, it can be configured only by using Windows PowerShell. You must run the
Set-CsPersistentChatComplianceConfiguration cmdlet to configure an adapter type.
The internal XML adapter is:
Microsoft.Rtc.Internal.Chat.Server.Compliance.XmlAdapter,compliance
You can also specify third-party adapters.
Note: Troubleshooting tip: If you receive an error when you publish the topology, make
sure that the Administrator account that you are using is not only a local administrator, but also a
member of the RTCUniversalServerAdmins security group. The account also needs Full Control
permissions on the file store that is defined for the Persistent Chat Server pool.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 9-15
On the server or servers to which you want to deploy Persistent Chat Server, verify that:
In Domain Name System (DNS), a record exists for server and pool FQDNs.
The Skype for Business Server Deployment Wizard is the tool that you use to deploy Persistent Chat
Server. The deployment wizard will walk you through the process of setting up a new server. When the
wizard completes, the following deployment tasks will be completed:
You can use Active Directory Users and Computers (Dsa.msc) to create a Persistent Chat administrator.
After you select or create an administrative account, add the account to the
CsPersistentChatAdministrator security group. Make sure that you sign in and sign out by using the
administrator account to update the administrator’s permissions before you perform administrative tasks
for Persistent Chat Server.
You can use Skype for Business Server Control Panel to verify a Persistent Chat Server installation. To do
this, open Skype for Business Server Control Panel, and then browse to the Topology tab.
Demonstration Steps
1. Open Topology Builder on the Front End Server.
2. Select Download Topology from existing deployment, and then click OK.
3. In the dialog box, type Persistent Chat for the file name, and then click Save.
4. Expand the Skype for Business Server and Skype for Business Server 2015 containers.
5. Right-click the Persistent Chat pools container, and then select New Persistent Chat Pool.
6. In the Pool FQDN text box, type pchatpool.adatum.com, verify that This pool has multiple
servers is selected, and then click Next.
7. Enter the computer FQDN of the first server in the pool, click Add, and then click Next.
8. Enter the display name of the Persistent Chat pool, select Enable compliance, and then click Next.
MCT USE ONLY. STUDENT USE PROHIBITED
9-16 Implementing Persistent Chat in Skype for Business 2015
11. Verify that new SQL Server is selected as the SQL Server store, and then click Next.
12. On the Define the compliance SQL Server store page, select new SQL Server as the Compliance
SQL Server store, and then click Next.
13. On the Define the file store page, select Define a new file store, and then enter the FQDN of the
file server.
14. In the File share text box, type PChatShare, and then click Next.
15. On the Front End Server, verify that Topology Builder is still open from the previous task. Click the
Actions menu, select Topology, click Publish, and then click Next.
16. On the Select databases page, verify that the new SQL Server is selected in the Choose the
databases you would like to create when you publish your topology list, and then click Next.
17. On the Publishing wizard complete page, click Click here to open to-do list in the Next Steps
section.
18. Confirm that all the steps are successful.
19. After reviewing the NextSteps.txt file, close Notepad, and then click Finish.
At what point are the Persistent Chat stores created on the Back End Server?
They are created when you add a new SQL Server for the Persistent Chat Server pool in
Topology Builder, but before you publish the topology.
They are created when you add a new SQL Server for the Persistent Chat Server pool in
Topology Builder while you are publishing the topology.
They are created after publishing a new SQL Server for the Persistent Chat Server pool in
Topology Builder by using the Windows PowerShell command-line interface.
Question: Scenario: You work for a small business that has decided to deploy Skype for Business.
You identified an organizational requirement for Sales department executives to keep a running
conversation about sales. You want to enhance the executives’ experience by adding the portal
for the customer relationship management (CRM) app to their chat room. What steps must you
perform?
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 9-17
Additionally, your IT department director also requested that you create a monitoring add-in for
Persistent Chat so that the IT team can support the Skype for Business solution at A. Datum.
Objectives
After completing this lab, you will be able to:
Lab Setup
Estimated Time: 45 minutes
Password: Pa$$word
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must
complete the following steps:
2. In Hyper-V Manager, click 20334B-LON-DC1, and then in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts.
o Password: Pa$$w0rd
o Domain: Adatum
MCT USE ONLY. STUDENT USE PROHIBITED
9-18 Implementing Persistent Chat in Skype for Business 2015
5. Repeat steps 2 through 4 for the following machines. Please start them in the specified order to
prevent service time-out errors:
a. 20334B-LON-SQL1
b. 20334B-LON-SFB1
c. 20334B-LON-SFB2
d. 20334B-LON-SVR1
e. 20334B-LON-RTR
8. In the Hardware list, click DVD Drive, click Image File, click Browse, and then browse to
C:\Program Files\Microsoft Learning\20334\Drives\.
9. Select SfB-E-9319.0-enUS.ISO, click Open, and then click OK.
3. Verify that Administrator has Read/Write permissions and that Everyone has Read permissions.
2. Download the topology from the existing deployment, and then save the configuration file as
Persistent Chat.tbxml.
3. Expand the Skype for Business Server container, expand the Adatum Headquarters container,
expand the Skype for Business Server 2015 container, right-click the Persistent Chat pools
container, and then select New Persistent Chat Pool.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 9-19
o This pool has multiple servers: Verify that the option is selected
o Display name of the Persistent Chat pool: Adatum Headquarters Persistent Chat Pool
o Use this pool as default for site Adatum Headquarters: Select this option
5. On the Define the SQL Server store page, select LON-SQL1.adatum.com\Default, and click Next.
6. On the Define the compliance SQL Server store page, select lon-sql1.adatum.com\Default as the
Compliance SQL Server store, and then click Next.
7. On the Define the file store page, select Define a new file store, and then type
LON-SQL1.adatum.com.
8. In the File share text box, type PChatShare, click Next, and then click Finish.
2. On the Select databases page, verify that lon-sql1.adatum.com\Default is selected in the Choose
the databases you would like to create when you publish your topology list, and then click Next.
3. On the Publishing wizard complete page, click Click here to open to-do list in the Next Steps
section, and then click Finish.
4. Close the Topology Builder window.
Results: After completing this exercise, A. Datum should have the Persistent Chat Server and Persistent
Chat Compliance service topology published in the Central Management store, which will support the
organizational requirements. The IT department should also have a registered add-in that IT members
can use when they create their own chat rooms.
o lon-svr1.adatum.com
o pchatpool.adatum.com
4. On LON-SVR1, click the Windows PowerShell icon on the taskbar, and then run the following
cmdlet:
o Windows PowerShell
o Media Foundation
2. In the Skype for Business Server installation window that appears, select Don’t check for updates
right now, and then click Install.
3. Select I accept the terms in the license agreement, and then click OK.
4. In the Skype for Business Server 2015 Deployment Wizard, click Install or Update
Skype for Business Server System.
5. On the Install or update member system page, perform Step 1: Install Local Configuration Store.
6. On the Install or update member system page, perform Step 2: Setup or Remove
Skype for Business Server Components.
2. On the Certificate Wizard page, select Default certificate Server default, and then click Request.
9. In the City/Locality text box, type London, and then click Next.
10. Review the Certificate Request Summary page, and then click Next.
11. On the Online Certificate Request page, verify that the Task Status is Completed, and then click
Next. If the task fails, click View Log, and then notify your instructor.
12. On the Online Certificate Request Status page, verify that Assign the certificate to
Skype for Business Server certificate usages is selected, and then click Finish.
13. In the Certificate Assignment Wizard that appears, click Next.
14. Confirm that the Subject Name (SN) is pchatpool.adatum.com, and then click Next.
15. Verify that the Task Status is Completed, click Finish, and then click Close.
16. Click Exit in the Skype for Business Server 2015 Deployment Wizard.
3. Click Topology, and then select Status. When prompted for credentials, type Administrator in the
Username text box and Pa$$w0rd in the Password text box.
4. Confirm that lon-svr1.adatum.com has successfully replicated and that the service status is healthy,
as indicated by the green play symbol.
Results: After completing this exercise, you should have deployed Persistent Chat Server and the
Persistent Chat Compliance service on LON-SVR1.
3. Verify that the add-in URL is working. You should see an A. Datum Skype for Business Reports
webpage.
Results: After completing this exercise, you should have created an add-in that will be available as a
resource for Persistent Chat room creators and managers in the IT department at A. Datum.
Question: Verify the correctness of the statement by placing a mark in the column to the right.
Statement Answer
Question: A. Datum acquires another company that has 30,000 users. You need to extend the
Persistent Chat infrastructure to support all of the new users. What is the fastest way to
accomplish this based on the current infrastructure?
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 9-23
Lesson 3
Configuring and Managing Persistent Chat
Persistent Chat facilitates an organization’s ability to manage its chat rooms with minimal effort. This
lesson will explain the administrative features and tools that you can use to manage Persistent Chat.
Specifically, you will learn how to create a Persistent Chat policy, configure categories, and create and
manage chat rooms.
Lesson Objectives
After completing this lesson, you will be able to:
Explain how to configure the Compliance service for Persistent Chat Server.
You can use Skype for Business Server Control Panel or Windows PowerShell to create new Persistent Chat
policies. The following are some examples for each of the four scopes:
Global
To configure a global policy, run the following command in Windows PowerShell:
Site
To create a site policy, run the following command in Windows PowerShell:
Pool
To create a pool policy, perform the following steps in Skype for Business Server Control Panel:
4. Select a front-end pool from the Service list, and then click OK.
7. Click Commit.
User
To create a user policy, run the following command in Windows PowerShell:
Granting a policy is automatic for all the scopes except the user policy. The following is an example of
how you can grant a user policy:
After a policy successfully applies to users, the Persistent Chat icon appears as a new tab in their
Skype for Business client. Users might have to sign out of the client and sign back in so that the in-band
policy takes effect.
o Distribution groups
o Domains
o Individuals
A list of denied members. Member options are the same as the Allowed members list.
A list of creators. We recommend making the creators list the same as the Allowed members list,
unless centralizing (limiting) room creation is an organizational requirement.
You can create and manage categories from Skype for Business Server Control Panel and Windows
PowerShell. The following example will create a new category for HR department users with all features
enabled:
Set-CsPersistentChatConfiguration
MCT USE ONLY. STUDENT USE PROHIBITED
9-26 Implementing Persistent Chat in Skype for Business 2015
4. Complete the form by providing the following information, and then click Create:
a. A meaningful room name.
b. A meaningful description.
e. Define one or more managers. The creator will be the default manager.
f. Define one or more members. The creator will be the default member.
g. Select an invitation option: Inherit invitation setting from category (True) or No invitation
sent to members.
You can also create Persistent Chat rooms from Windows PowerShell by using the following cmdlet:
New-CsPersistentChatRoom
If you want to create an auditorium chat room, you must use Windows PowerShell. This is because the
auditorium type is not available as an option on the Create a room page. The following is an example
to create an auditorium. Note that the –Managers and –Presenters parameters are not part of the New-
CsPersistentChatRoom cmdlet, so they have to be added by using the Set cmdlet:
Name/rename rooms X X
Edit descriptions X X
Configure invitations X X
As mentioned earlier, you can create new rooms from Windows PowerShell by using the New-
CsPersistentChatRoom cmdlet. However, it is not possible to add a manager, members, or presenters by
using this cmdlet. To perform these tasks, you must use the Set-CsPersistentChatRoom cmdlet as shown
in this example:
You can also add OUs, distribution groups, and entire domains.
Note: The account that is used to manage Persistent Chat from Windows PowerShell must
also be a member of RtcUniversalServerGroup.
You can also use the Set-CsPersistentChatRoom cmdlet to disable or enable a chat room and to modify
the following additional settings:
Add-ins
Invitations
Privacy
If you want to display information on one or more chat rooms, you can use the Get-
CsPersistentChatRoom cmdlet.
In addition to chat room managers, Persistent Chat administrators can also manage rooms. These
administrators are the only ones who can perform advanced administrative tasks, such as clearing the
content from a chat room. Persistent Chat administrators can clear content in two ways. They can clear all
the content from a room, or they can clear individual messages from a room.
To clear all content from a chat room, administrators can use the Clear-CsPersistentChatRoom cmdlet
as shown in the following example:
To clear messages from a particular user in a chat room, administrators can use the Remove-
CsPersistentChatMessage cmdlet as shown in the following example:
You can add the –ReplaceMessage parameter to remove messages with specific text, such as offensive
words or confidential information.
Administrators can also remove rooms from Persistent Chat Server by using the command as shown in the
following example:
Set-CsPersistentChatComplianceConfiguration
–Identity “global” -AdapterName
"XmlCompliance" -AdapterOutputDirectory
“C:\ComplianceOutput\” -AdapterType
“Microsoft.Rtc.Internal.Chat.Server.Complia
nce.XmlAdapter,compliance” -
AddChatRoomDetails $true -AddUserDetails $true –Confirm -CreateFileAttachmentsManifest
$true -OneChatRoomPerOutputFile $false
Best Practice: If you have multiple configured categories, it is a best practice to use a site
scope (for example, site:London) rather than a global scope to re-enforce compliance settings.
After you define the XML adapter, you can use the default output from the XML adapter, or you
can customize the output. If you already created custom XML adapters, you also can use those.
Microsoft includes some sample XML input and output and Extensible Stylesheet Language
Transformation (XSLT) files on the drive on which Persistent Chat is installed (System:
\Program Files\Skype for Business Server 2015\Persistent Chat Server\Support). For more
information on customizing files, refer to the following website.
Configure the Compliance service for Persistent Chat Server in Skype for Business Server
2015
http://aka.ms/v0tzoz
Question: Troubleshooting scenario: You have deployed Persistent Chat, but your users are
having problems when they try to view previous conversations in a room. All of the real-time
communications are working fine. What could be causing the problem?
MCT USE ONLY. STUDENT USE PROHIBITED
9-30 Implementing Persistent Chat in Skype for Business 2015
You need to create a new chat room called Research Project X for the Research department. The
room must not be visible to anyone but the members of the chat room. Which command will
you use to accomplish this?
Objectives
After completing this lab, you will be able to:
Lab Setup
Estimated Time: 30 minutes
Password: Pa$$word
2. On the USER SEARCH page, change the Maximum users to display value to 400, leave the search
box blank, and then click Find. Confirm how many users are currently enabled for Skype for Business.
MCT USE ONLY. STUDENT USE PROHIBITED
9-32 Implementing Persistent Chat in Skype for Business 2015
4. On the New Skype for Business Server User page, click Add.
5. On the Select from Active Directory page, change the Maximum users to display value to 400.
Leave the search box blank, and then click Find.
6. In the search results, click Aaren Ekelund, and then press Ctrl+A to select all the users in the list, and
then click OK.
7. In the Assign users to a pool section, select pool.adatum.com from the drop-down list.
8. In the Generate user’s SIP URI section, select Use the user principal name (UPN). Leave the
default values for all other settings, and then click Enable.
Note: The Administrator, Discovery Search Mailbox, Guest, and krbtgt user accounts and
system mailboxes for Exchange Server are expected to fail. You can disregard these errors and
continue with lab.
9. On the New Skype for Business Server User page, click Cancel to return to the USER SEARCH
page.
10. On the USER SEARCH page, leave the search box blank, and then click Find.
11. Confirm that all users in the organization are now enabled for Skype for Business (385 users in the
search results).
13. On the top navigation bar, click Persistent Chat Policy, click New, and then select User policy.
14. On the New Persistent Chat Policy page, in the Name text box, type Adatum Persistent Chat User
Policy.
15. In the Description text box, type Enables Persistent Chat for Individual Users in Adatum, select
Enable Persistent Chat, and then click Commit.
16. On the taskbar, click Skype for Business Server Management Shell.
17. In the Skype for Business Server Management Shell, grant the Adatum Persistent Chat user policy to
the Sales, IT, and Research departments by using the following cmdlets:
2. In the left navigation pane, click Persistent Chat, click Category, click New, select
PersistentChatServer:pchatpool.adatum.com from the list, and then click OK.
3. On the New Category page, in the Name text box, type Adatum Sales Category.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 9-33
4. In the Description text box, type Dedicated Category for the Adatum Sales team, and then enable
the following features:
o Enable invitations
6. On the New Category page, configure the Creators option to include Sales: Organizational Unit,
and then click OK.
Note: It is not necessary to populate the Denied members section in this scenario.
However, if you need to deny access to a user in the Sales OU, you could add the user’s name to
the Denied members list.
8. On the New Category page, in the Name text box, type All Adatum Category.
9. In the Description text box, type Category for all Adatum departments except Sales.
10. On the New Category page, leave the Enable invitations option cleared. Select Enable file upload,
and then verify that Enable chat history is selected.
11. On the Select Allowed Members page, configure the Allowed Members option to include
Adatum: Domain DNS.
12. On the Select Denied Members page, configure the Denied members option to include Sales:
Organizational Unit.
13. On the Select Creators page, configure the Creators option to include Adatum: Domain DNS.
14. On the New Category page, click Commit.
o Password: Pa$$w0rd
o Domain: Adatum
3. Click Start, click All apps, and then select Skype for Business 2016.
4. In the First things first dialog box, select Ask me later, and then click Accept. If the Microsoft Office
Activation Wizard appears, click Close.
5. Confirm that Vivian Atlas from the Sales department automatically signs in.
MCT USE ONLY. STUDENT USE PROHIBITED
9-34 Implementing Persistent Chat in Skype for Business 2015
Note: Pin Skype for Business to your taskbar for easy access.
6. In the Skype for Business client, click the Chat Rooms icon, click Add a room (the plus sign), and
then select Create a Chat Room.
7. On the Manage Persistent Chat Rooms page, type vivian@adatum.com as the user name and
Pa$$w0rd as the password, and then click Sign In.
9. Complete the Create a room page by using the information in the following table, and then click
Create.
Privacy Open
10. On the My Rooms page, click Create A New Room. Use the following information to create the
room, and then click Create.
Privacy Secret
11. On the My Rooms page, confirm that there are two new rooms, click Sign Out, and then close the
web browser.
Note: Now that you have created some chat rooms for the Sales team, you need to create
some rooms for the other departments so that you can verify that the organization’s
requirements are met.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 9-35
12. On the host machine, browse to C:\Program Files\Microsoft Learning\20334\, and then double-
click LON-CL2.RDP. Click Connect, and then accept all other notifications.
o Password: Pa$$w0rd
o Domain: Adatum
14. Confirm that Amr Zaki from the IT department automatically signs in. If the Microsoft Office
Activation Wizard appears, click Close.
15. In the Skype for Business client, select the Chat Rooms icon, click the Add a room button (the plus
sign), and then select Create a Chat Room.
16. On the Manage Persistent Chat Rooms page, type amr@adatum.com as the user name and
Pa$$w0rd as the password, and then click Sign In.
Privacy Closed
Add-in IT Reports
20. Next to the Your session has expired. Please sign in again message, click Sign-in.
21. Sign in to the Manage Persistent Chat Rooms page as Maxim Goldin from the Research
department by typing maxim@adatum.com as the user name, Pa$$w0rd as the password,
and then click Sign In.
MCT USE ONLY. STUDENT USE PROHIBITED
9-36 Implementing Persistent Chat in Skype for Business 2015
22. On the Create a room page, create an additional room by using the information in the following
table, and then click Create.
Privacy Secret
23. On the My Rooms page, click Sign Out, and then close the web browser.
Note: Although it is possible to add individual users to the members list for each of the
chat rooms, you might be able to take advantage of an existing scope that is already managed
elsewhere, such as an OU or a distribution group.
3. In the Skype for Business Server Management Shell, run the following cmdlets to populate the
members of the distribution groups:
4. In the Skype for Business Server Management Shell, run the following cmdlets to manage the chat
room user roles:
b. To change the Sales Team Chat Room privacy setting to Closed from Open and to configure
members of the AllSalesDG group to be the only members of the Sales Team Chat Room, run the
following command:
c. To configure members of the AllITDG group to be members of the Skype for Business
Administration Chat Room, run the following command:
Note: You must add presenters as members, or you will receive an error.
Note: In the previous lab, you installed the Persistent Chat Compliance service and
compliance store. In this task, you will configure the adapter to send compliance information
output from the compliance store on LON-SQL1 to a local directory on LON-SVR1 for eDiscovery
purposes.
1. On LON-SFB1, in the Skype for Business Management Shell, verify the current configuration by
running the following command:
Get-CsPersistentChatComplianceConfiguration
MCT USE ONLY. STUDENT USE PROHIBITED
9-38 Implementing Persistent Chat in Skype for Business 2015
2. Create a new site-level Persistent Chat compliance configuration by running the following command:
Get-CsPersistentChatComplianceConfiguration
Results: After completing this exercise, Sales team members should have access to their chat rooms only.
All users in the organization who are enabled with Persistent Chat should be able to create and use chat
rooms, but they should not be able to use the Sales chat rooms. Persistent Chat compliance also should
be fully functional.
3. Open Skype for Business 2016, and then click the Chat rooms icon. You should have a new invitation
on the New tab.
4. In the Chat rooms view, click the Member Of tab. Notice that you are already defined as a member.
What it does not show is that you are also a manager of this room.
5. On the Member Of tab, right-click Sales Team Chat Room, and then click Follow this room.
6. Click the Followed tab. Notice that there are now two new objects, Ego Feed and Sales Team
Chat Room.
7. On the Followed tab, right-click Sales Team Chat Room, and then click Open.
8. In the Sales Team Chat Room window, type Hello Sales Team!, and then press Enter.
9. Confirm that the message posted, and then close the chat room.
12. Open Skype for Business, and then click the Chat room view icon. You should have a new invitation
on the New tab.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 9-39
13. Right-click Sales Team Chat Room, and then click Follow this room.
14. Right-click Sales Team Chat Room, and then click Open.
15. Notice that Eric is still listed as a participant even though you closed the chat room on his client.
16. Type Hello Eric, thank you for the invite!, and then press Enter.
17. On LON-CL1, click the Followed tab in the Persistent Chat view of Eric’s client. Notice that there is
one new Ego Feed and two new posts in the Sales Team Chat Room.
18. Right-click Ego Feed, and then click View Topic Feed Results. Notice that Eric is highlighted. This is
because the default Ego Feed will track any time a post mentions your name in any of the chat rooms
that you are following.
21. Notice that Jed Brown has a green check mark next to his name. This indicates that he is online. If you
point to Jed Brown’s name, you will see the list of all Skype for Business communication modes.
23. In the search box, type Administration. There should be no matches. Type Management. There
should not be any matches because that is a secret chat room.
25. Open Skype for Business 2016, and then click the Chat room view icon. Notice that all Sales users
received an invitation to the Sales Team Chat Room.
26. In the Find someone or a room search box, type Administration. There should not be any match.
Type Management. As a presenter and a member, you should be able to find the Sales Management
Communications chat room.
27. Right-click the Sales Management Communications chat room, and then click Follow this Room.
28. Click the Followed tab, right-click the Sales Management Communications chat room, and then
click Open.
29. Type Hello Sales Managers! Please follow this chat room so that you will be able to get critical
sale communications for your region.
32. Open Skype for Business 2016, and then click the Chat Rooms icon.
33. In the Find someone or a room search box, type management, right-click Sales Management
Communications, and then click Open.
34. Type Thank you Aaren!, and then press Enter. What happens?
Note: Now that you have confirmed that Sales team functionality is working, you need to
test that the ethical wall is also working from outside the Sales department.
39. Open Skype for Business 2016, and then click the Chat Rooms icon.
40. In the Find someone or a room search box, type Administration, right-click Skype for Business
Administration Chat Room, and then click Follow this Room.
41. Right-click Skype for Business Administration Chat Room, and then click Open. Notice that the
chat room opens with the add-in.
43. In the search box, type Management. There should not be any results. Type Sales. There should not
be any results.
2. Expand Local Disk (C:), and then click the ComplianceOutput folder.
3. In the ComplianceOutput folder, verify that a number of XML files and an Attachments folder are in
the ComplianceOutput folder.
4. In the ComplianceOutput folder, look at the Date modified column, and then find the first file that
was created. Right-click the file, point to Open With, and then click Internet Explorer.
5. In Internet Explorer, examine the file content. This file should contain a logged message from
eric@adatum.com in the Sales Team Chat Room.
6. Close Internet Explorer.
7. In the ComplianceOutput folder, open some of the other files, and then review the captured
information.
8. Close the Internet Explorer windows when you are done.
Results: After completing this exercise, you should know if the ethical wall for the Sales team is working
or if additional changes are necessary. You will also have experienced Persistent Chat as a manager and as
a member.
Note: Hint: Think about the process that you went through to enable all the other
A. Datum users.
3. In the Virtual Machines list, right-click 20334B-LON-CL1, and then click Revert.
o 20334B-LON-CL2
o 20334B-LON-DC1
o 20334B-LON-RTR
o 20334B-LON-SVR1
o 20334B-LON-SFB1
o 20334B-LON-SFB2
o 20334B-LON-SQL1
Results: After completing this exercise, you should have identified the root cause of Carlos’ Persistent
Chat issue and resolved it.
Question: What is the purpose of a category in Skype for Business Server Persistent Chat?
When you create a new chat room, which of the following tools can you use?
Custom workflows
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 9-43
Use categories to configure as many of the settings as you can for your chat rooms so that you do
not have as much administrate work to do when managing a large number of chat rooms.
Decide who will be a manager of a chat room before you create the chat room.
Review Question
Question: Invitations are a great way to let people know that they are a member of a chat group.
Why would you want to avoid using invitations?
Tools
The following tools are covered in this module:
The Lync Server 2013 Persistent Chat Resource Kit, which still works with Skype for Business Persistent
Chat, can be found at the following website:
http://aka.ms/t6al82
AffCheck, which checks database affiliations with Active Directory Domain Services (AD DS).
ChatUpgrade Verifier, which compares Group Chat databases with Persistent Chat databases to verify
post-migration health.
ChatUsageReport, which provides HTML usage report of users and chat rooms.
ScheduleADSyncForPrincipal, which forces synchronization between SQL and AD DS.
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED
10-1
Module 10
Implementing High Availability in Skype for Business 2015
Contents:
Module Overview 10-1
Module Overview
After your organization deems one or more communication modes of Skype for Business Server 2015 to
be mission-critical, you must deploy a high-availability solution with disaster recovery. As part of that
solution, you must implement procedures to minimize the downtime and recovery time, and achieve the
appropriate level of application availability in the event of a failure. To do this, you should be aware of the
requirements for high availability with Skype for Business Server. You should also be able to plan and
design for load balancing with Skype for Business Server.
Objectives
After completing this module, you will be able to:
Design and implement a high-availability solution for Front End Servers in a Skype for Business Server
environment.
Design and implement a high-availability solution for Back End Servers in a Skype for Business Server
environment.
Design and implement a high-availability solution for file stores, Edge Servers, Mediation Servers,
Office Online Server farms, and reverse proxy servers in a Skype for Business Server environment.
MCT USE ONLY. STUDENT USE PROHIBITED
10-2 Implementing High Availability in Skype for Business 2015
Lab Setup
Estimated Time: 85 minutes (15 minutes for the lab steps and 70 minutes for the script to complete)
Password: Pa$$w0rd
1. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2. In Microsoft Hyper-V Manager, click 20334B-LON-DC1, and then in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts.
4. Repeat steps 1 and 2 for the following machines. Start them in the specified order to prevent service
timeout errors:
a. 20334B-LON-RTR
b. 20334B-LON-SQL1
c. 20334B-NYC-SQL3
d. 20334B-LON-SFB1
e. 20334B-LON-SFB2
f. 20334B-NYC-SFB3
g. 20334B-LON-CL1
o Password: Pa$$w0rd
o Domain: Adatum
6. Verify that all services that have a Startup Type of Automatic or Automatic (Delayed Start) are
running on LON-SFB1 and LON-SFB2.
7. On LON-CL1, click Start, click Administrator, and then click Sign out. Do not sign back in until
directed to do so.
8. In Hyper-V Manager, right-click 20334B-LON-SFB3, and then click Settings.
9. On the Settings page, select IDE Controller 1: DVD Drive from the Hardware list.
10. In the DVD Drive pane, select Image File, and then click Browse.
2. On the taskbar, click the Skype for Business Server Management Shell icon.
3. In the Skype for Business Server Management Shell, type the following cmdlet, and then press Enter:
4. In the Skype for Business Server Management Shell, type the following cmdlet, and then press Enter:
Get-CsManagementStoreReplicationStatus
5. Repeat step 4 until the UpToDate status on LON-SFB1 and LON-SFB2 changes to True.
6. In the Skype for Business Server Management Shell, type the following cmdlet, and then press Enter:
7. Verify that the installation completes without errors (you may see a few warnings which you can
ignore). Close the Skype for Business Server Management Shell window.
4. In the Windows PowerShell ISE window, verify that the 20334B_NYCPoolSetup.ps1 file is open.
5. At the Windows PowerShell command prompt, type the following cmdlet, and then press Enter:
6. In the Windows PowerShell ISE window, on the toolbar, click Run Script (the play icon).
Results: After completing this exercise, you will have prepared the lab environment for this module.
MCT USE ONLY. STUDENT USE PROHIBITED
10-4 Implementing High Availability in Skype for Business 2015
Lesson 1
Planning for Front End Pool High Availability
High availability in Skype for Business Server uses a distributed systems architecture, Back End Server
availability options including AlwaysOn, file sharing with Distributed File System (DFS), and Persistent Chat
availability. You can select from various infrastructure options that provide additional resiliency. At the
core of Skype for Business Server’s high availability is the Enterprise Edition Front End pool.
Lesson Objectives
After completing this lesson, you will be able to:
Explain the brick model approach to deploying Skype for Business Server.
Disaster recovery describes a situation in which Skype for Business Server services continue to be available
after a force majeure or manmade disaster occurs. Disaster recovery is a key component of business
continuity. With a disaster recovery plan, an organization can strive to mitigate data loss by using the
organization’s Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs). Skype for
Business Server uses pool pairing as one of its features for disaster recovery. Both the Enterprise Edition
and Standard Edition of Skype for Business Server 2015 support disaster recovery. This module does not
cover disaster recovery, but Module 11 does.
Prior to Lync Server 2013, the back-end SQL database was the real-time data store. Although this
provided a central location for pool members to utilize, it became a performance bottleneck. In Lync
Server 2013, information about a particular user is kept on local SQL Server instances on the Front End
Servers. Three servers in a Front End pool store user data; one is the primary for the routing group and the
other two are secondary replicas. The Front End pool promotes another available Front End Server in the
pool to a secondary idle server if either the primary or the secondary active server is offline. The Fabric
Manager automatically distributes the load across the Front End Servers in the pool, thereby improving
performance and scalability in the pool and eliminating a single Back End Server as a single point of
failure. Skype for Business Server 2015 also takes advantage of Windows Fabric and now supports
Windows Fabric 3.0 on the following operating systems:
Windows Server 2008 R2, which supports Windows Fabric 2.0 and can coexist with
Windows Fabric 3.0
Best Practice: It is a best practice not to use Windows Server 2008 R2 in high-availability
scenarios because of limited support for Windows Fabric 3.0. Consider a side-by-side migration
as opposed to an in-place upgrade if the operating system is Windows Server 2008 R2.
In Lync Server 2013 and Skype for Business Server 2015, the brick model approach takes user states and
copies directly between the Front End Servers in a pool. Each user belongs to a specific routing group, and
a three-server peer pool holds a copy of the data of each user group. If one of the servers is not online,
the secondary active or secondary idle server will automatically take over for this routing group.
Additionally, in Skype for Business Server 2015 with Windows Fabric 3.0, conferencing data is now
synchronously written to the Back End Server to improve recovery time in the event of a failure.
When you need to scale a Front End pool to meet the needs of the organization, you can add servers
(figurative bricks) to the pool (figurative building). Windows Fabric will dynamically reallocate resources to
maximize the user/pool ratio and the overall performance.
It is important to note that in this model, there must be a minimum number of servers to guarantee that
all users in a pool will function. To have at least one server per user group available, you must maintain
the quorum. You will learn about quorum later in this lesson.
MCT USE ONLY. STUDENT USE PROHIBITED
10-6 Implementing High Availability in Skype for Business 2015
In Skype for Business Server 2015, it is a best practice to deploy a minimum of three Front End Servers in
an Enterprise Edition pool. With three replicas of data, the pool will continue to support all users even if
the back-end database servers fail. If you deploy only two servers in a Front End pool, there is a heavier
dependency on the back-end database. If the back-end database fails on a two-node Front End pool,
users will be forced into a resiliency mode. When users are in Resiliency mode, they will not be able to
perform any tasks that will require a change to persistent data on a Skype for Business Server 2015 server.
Although deploying three Front End Servers in an Enterprise Edition Front End pool is the minimum
recommendation, you can deploy up to 12 servers in a pool to scale out to meet your organization’s
needs.
If one Front End Server fails, you should try to recover the failed server as soon as you can. Similarly, if
you upgrade one of the two servers, bring it back online as soon as the upgrade is complete.
If you need to stop both servers at the same time, do one of the following when bringing them back
online:
o The best practice is to restart both Front End Servers at the same time.
o If you cannot restart the two servers at the same time, you should restart them in the reverse
order of the order in which they were stopped.
o If you cannot restart them in that order, run the following cmdlet before starting the pool:
Best Practice: If you prefer to have only two servers deployed, you should install them as
Standard Edition servers and then pair them together. This will eliminate the need to have a
specialized pool management process as previously described.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 10-7
Pool Quorum
When you deploy a Front End pool, it is critical
that a minimum number of Front End Servers are
running to ensure that the pool is functional. The
following table shows the details of the pool size
and the minimum number of servers required.
Number of servers in a Front End pool Number of servers that must be running
2 1
3–4 Any 2
5–6 Any 3
7 Any 4
You must take preventative measures to ensure that the total number of functional servers in a pool does
not fall below 50 percent. The table above shows the thresholds for each supported pool size. If the
threshold is crossed, the servers that are running will go into survivability mode. You should actively
monitor the event logs or create alerts. Your monitoring solution should look for Local Pool Manager
has been disconnected from Pool Fabric Manager (Event ID: 32163).
You will have five minutes from the time this event is generated until the remaining servers stop all
Skype for Business Server services. As the remaining servers’ services stop, the following events will be
generated:
Event ID: 32170. Pool Manager failed to connect to Fabric Pool Manager.
Event ID: 32173. Server is being shut down because Fabric Pool Manager could not be
initialized.
If you add or remove servers from the pool configuration in Topology Builder, and then publish the new
Front End Server successfully, you must restart the existing Front End Servers. The order in which you
restart the servers is very significant in pools with eight or more servers.
We recommend restarting the servers one at a time. In the unlikely event that the entire pool was offline
when the configuration change occurred, you must run the following cmdlet:
Note: Note that in this scenario, you can use the ServiceReset reset type. It is not
necessary to use the QuorumLossRecovery reset type, as described earlier, when quorum is lost.
For more information on the available reset types including FullReset, refer to the following
website:
Reset-CsPoolRegistrarState
http://aka.ms/en8ekn
Routing groups
While Windows Fabric makes it is possible to have up to 12 servers in an Enterprise Front End pool, the
construct of the routing group defines how user state data is managed on the Front End Servers in a pool.
Routing groups set the replication boundaries and define the three servers within the pool to which
individual users’ state is replicated.
You assign users to a Front End pool (registrar) when you enable them for Skype for Business Server. Front
End pools have one or more routing groups, created automatically when the servers start. The number of
routing groups grows based on the number of servers and users added to the pool. Each routing group
will be assigned to three servers within the pool: the primary server, the secondary active server, and the
secondary idle server.
Different routing groups can have overlapping servers. When the servers start, a primary server is assigned
to each routing group. The primary server rehydrates the pool by querying the Back End Server. The
primary server performs lazy writes to the Back End Server and secondary servers.
Best Practice: Avoid virtualization in a pool because a single host outage has the potential
to take down numerous virtual servers in the pool, thereby increasing the risk for loss of both
pool level quorum and routing group quorum.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 10-9
2 1
3 3
4 3
5 4
6 5
7 5
8 6
9 7
10 8
11 9
12 10
If the routing group quorum has failed, but the pool level quorum has not, you can run the following
cmdlet to recover:
Note: A pool with an even number of servers uses the primary SQL Back End Server as a
tiebreaker vote.
Director pools
The following table provides a list of DNS configurations for DNS load balancing for a
Skype for Business Server 2015 Front End pool. In the example, pool.adatum.com running on
Skype for Business Server 2015 has three Front End Servers—lon-sfb1, lon-sfb2, and lon-sfb3.
6. Enter an FQDN that resolves to the hardware load-balanced virtual IP address of the servers in the
pool, for example, webint.adatum.com. Make sure you create an A record for this FQDN that
resolves to the virtual IP (VIP) address of the HLB.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 10-11
7. Under External web services, type an FQDN that resolves to the reverse proxy, and then click OK.
This should be a different name from the FQDN of the Front End pool and the override FQDN, for
example, webext.adatum.com.
8. In the console tree, select Skype for Business Server 2015, and then in the Actions pane, click
Publish Topology.
9. Start the Deployment Wizard on each Skype for Business Server 2015 server that is impacted, and
then run the setup again.
Best Practice: It is a best practice to use DNS load balancing, except in the following
scenarios:
Federation with Microsoft Office Communications Server 2007 or
Microsoft Office Communications Server 2007 R2
Microsoft Exchange Server 2007 Unified Messaging or Microsoft Exchange Server 2010 Unified
Messaging
Legacy clients (previous to Lync 2010)
If you use HLB for the external interface of the Edge Server role, you cannot use DNS load balancing
on the internal interface. If you use HLB for the internal interface of the Edge Server role, you cannot
use DNS load balancing on the external interface
If one of these scenarios applies to you, then you should utilize hardware load balancing.
Note: The support boundary for Skype for Business Server 2015 is N-2. This means that,
although Lync Server 2013 and Lync Server 2010 are supported for coexistence,
Office Communications Server 2007 R2 is not.
While planning for coexistence, you need to be aware that you can perform server draining (draining all
active connections from a server) by using Skype for Business Server Control Panel only if you configure
DNS load balancing. If this is a required feature, you might want to verify with your HLB manufacturer if it
can perform server draining. Whether you decide to use an existing load-balancing solution or deploy a
new hardware load-balancing solution, ensure that the selected solution aligns with the long-term goals
of the Skype for Business Server 2015 deployment and the long-term needs of the organization.
MCT USE ONLY. STUDENT USE PROHIBITED
10-12 Implementing High Availability in Skype for Business 2015
A DNS load balancing–aware client stores the results in a local cache. The client will try to connect to the
first server in the list. Because DNS load balancing is implemented at the application level, the client will
automatically try the next server in the list without a new DNS query if the first server is not available.
The client will continue this process until it runs out of servers in the cache. After the client connects
successfully to a server in the pool, it will identify the primary registrar of its routing group and negotiate
a secure Transport Layer Security (TLS) connection over port 443. If the last server from the cache fails to
respond, the client notifies the user that Skype for Business Server is unavailable.
Demonstration Steps
1. On LON-SFB1, sign in as Administrator@adatum.com with the password Pa$$w0rd.
2. Click Start, click Power Options (the power icon at the top-right corner), and then click Shutdown.
Click Continue to confirm that you want to shut down. Wait for it to shut down completely.
4. In Event Viewer, expand Applications and Services Logs, and then click the Lync Server log.
5. In the Lync Server log, look for the most recent Event ID 32108 from the LS User Services. Confirm
the warning Pool Manager changed state of Registrar with FQDN: LON-SFB1.Adatum.com to
Inactive. Minimize the Event Viewer window.
6. On LON-SFB2, open Internet Explorer, navigate to https://lon-sfb2.adatum.com/cscp to connect to
the Skype for Business Server Control Panel, and then sign in as Adatum\Administrator with the
password Pa$$w0rd.
7. In the left navigation pane, click Users.
9. On the New Skype for Business Server User page, click Add.
10. On the Select from Active Directory page, change the Maximum users to display value to 400.
Leave the search box blank, and then click Find.
11. In the search results, click Adam Barr, press Ctrl+A to select all the users in the list, and then click OK.
12. In the Users list, locate Administrator and Guest, and any HealthMailbox*, Krbtgt, and Microsoft
Exchange* users. Select each account, and then click Remove.
13. In the Assign users to a pool section, select pool.adatum.com from the drop-down list.
14. In the Generate user’s SIP URI section, confirm that Use the user principal name (UPN) is selected.
15. On the New Skype for Business Server User page, leave the default values for all other settings, and
then click Enable.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 10-13
16. On the New Skype for Business Server User page, click Cancel to return to User Search. Leave the
search box blank, change Maximum users to display 400, and then click Find.
17. Confirm that all users in the organization are now enabled for Skype for Business.
18. On LON-CL1, sign in as Adam@adatum.com with the password Pa$$w0rd, and then open
Skype for Business 2015.
19. On LON-SFB2, click the Windows PowerShell icon on the taskbar and run the following cmdlet to
see the information about the routing group that Adam’s account is in:
20. From the results of the cmdlet in the Windows PowerShell window, document the following
information for Adam.
PrimaryPoolFQDN
UserServicesPoolFQDN
PrimaryPoolMachinesInPreferredOrder
PrimaryPoolPrimaryRegistrars
PrimaryPoolPrimaryUserService
21. In Windows PowerShell, run the following command to get the current state of Windows Fabric:
22. Review the results. Locate the Pool All Server and Services Summary section. What is the suggested
resolution to the problem?
23. On LON-SFB2, shut down the server. Wait for it to shut down completely.
25. In Hyper-V Manager, in the Virtual Machines section, start 20334B-LON-SFB1 and
20334B-LON-SFB2. Right-click each virtual machine, click Connect, and then wait for them to start.
29. In Event Viewer, expand Applications and Services logs, and then select the Lync Server log.
32. Review the Lync Server log for errors or warnings. Are there any errors or warning?
MCT USE ONLY. STUDENT USE PROHIBITED
10-14 Implementing High Availability in Skype for Business 2015
33. In the Actions pane, click Find. Use the Find dialog box to look for and review the following
Event IDs:
In most organizations, one team manages the Skype for Business Server deployment, while a different
team provides the setup and maintenance of HLBs. When you implement Skype for Business Server with
an HLB, you must ensure that the environment meets all the prerequisites and infrastructure
requirements. You must also ensure that you have properly deployed the HLB before deploying your
Edge Servers.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 10-15
Must provide a configurable TCP idle-timeout interval with a maximum value greater than or equal to
the minimum of the REGISTER refresh or SIP Keep-Alive interval of 30 minutes.
Can support a rich set of metrics, such as round robin, least connections, and weighted. We
recommend least connections–based load balancing for the HLB.
Must detect service availability by port (often called a heartbeat or monitor). The polling interval must
be a configurable value with a minimum value of at least five seconds.
Must allow for adding and removing Front End pool member servers from the HLB without restarting
the HLB.
Note: TCP handshakes and half-open TCP connections are commonly used to perform
health checks on load balancers. The half-open TCP connection sends a SYN. If it receives a SYN-
ACK from the server, it marks it up. However, if you have configured TCP-Half-Open monitoring
and one or more ports is generating errors in the event log on the HLB, try modifying the port-
monitoring rules to allow a full TCP handshake (SYN/SYN-ACK/ACK).
The Skype for Business Server 2015 server behind the HLB must have a registered FQDN. The IP
address registered for this FQDN must be publicly accessible from within the enterprise.
The network adapter must have exactly one static IP address. This IP address will be used for the
incoming load-balanced traffic.
Question: A. Datum Corporation plans to deploy Skype for Business Server 2015. They would
also like to deploy Enterprise Voice soon afterwards. A. Datum’s current messaging system is
Microsoft Exchange Server 2007, but they will be upgrading to Microsoft Exchange Server 2013
in six months. How will this affect the current Skype for Business Server 2015 deployment from a
high-availability perspective?
MCT USE ONLY. STUDENT USE PROHIBITED
10-16 Implementing High Availability in Skype for Business 2015
Back End Servers are no longer a performance bottleneck for client requests.
You can have a total of 12 Front End Servers in each Front End pool.
Windows Fabric allows the Back End Server to create AlwaysOn Availability Groups.
Lesson 2
Planning for Back End Server High Availability
Back End Servers do not use the Windows Fabric distributed architecture for high availability. They take
advantage of SQL Server technologies to provide high availability. In this lesson, you will learn about the
specific high-availability features of SQL Server that Skype for Business Server 2015 supports. You will also
learn how to plan the high availability for Back End Servers.
Lesson Objectives
After completing this lesson, you will be able to:
Database mirroring
You can set up database mirroring by using Topology Builder. However, to implement AlwaysOn
Availability Groups, AlwaysOn failover cluster instances, or SQL Server failover clustering, you must first
use SQL Server to create the high-availability solution, and then use Topology Builder to associate it with
a Front End pool. If you have paired a Front End pool with another Front End pool for disaster recovery,
you should use the same Back End high-availability solution in both the pools.
MCT USE ONLY. STUDENT USE PROHIBITED
10-18 Implementing High Availability in Skype for Business 2015
Database Mirroring
Lync Server 2013 was the first version to support
database mirroring, and Skype for Business Server
2015 continues this support. Database mirroring
provides both high availability and disaster
recovery for Back End Servers. The process of
creating a database mirror is integrated with the
Skype for Business Server Topology Builder. Prior
to support for database mirroring, it was
necessary to deploy SQL clusters to provide high
availability to Back End Servers. Administrators
required a specialized skill set to deploy Back End
Server SQL clusters. Database mirroring made the
processes much simpler. This simplicity allows Skype for Business Server administrators who are not as
familiar with SQL Server clusters to be less dependent on a separate team for deploying and managing
high availability for Back End Servers.
Note: The disadvantage of database mirroring is that the SQL Server team has deprecated
this feature as of SQL Server 2012. This means that at some point in the future, SQL Server will
not include database mirroring. For additional information on deprecated database engine
features in SQL Server 2012, refer to the following website:
Skype for Business Server supports database mirroring with the following database software:
SQL Server 2014, both Enterprise Edition and Standard Edition
SQL Server 2012 Service Pack 2 (SP2) and Cumulative Update 2, both Enterprise Edition and Standard
Edition
SQL Server 2008 R2 SP2, both Enterprise Edition and Standard Edition
Skype for Business Server does not support asynchronous database mirroring for Back End Server high
availability. In the context of this course, database mirroring means synchronous database mirroring,
unless explicitly stated otherwise. Database mirroring can have only two replicas; Principal and Mirror.
The active replica will be the Principal replica by default.
When you deploy database mirroring in a Front End pool, all Skype for Business Server databases in the
pool are mirrored. This includes the Central Management store, if it is located in this pool, and the
Response Group application database and the Call Park application database, if those applications are
running in the pool.
With database mirroring, you do not have to use shared storage for the servers. Each server keeps its copy
of the databases in local storage.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 10-19
Best Practice: You might choose to deploy database mirroring with or without a witness.
As a best practice, use a witness, because it enables automatic failover of the Back End Server.
If you plan to use a witness, you can use a single witness for multiple pairs of Back End Servers. There is no
strict 1:1 correspondence between witnesses and pairs of Back End Servers. Deployments that use a single
witness for multiple pairs of Back End Servers are not as resilient as topologies with a separate witness for
each Back End Server pair.
To update an existing SQL Server instance to an AlwaysOn solution, you must upgrade your Front End
pool to Skype for Business Server 2015 first.
SQL Server 2012 SP2 and CU2, both Enterprise Edition and Standard Edition
SQL Server 2008 R2 SP2, both Enterprise Edition and Standard Edition
Although there is support for SQL Server failover clustering, it is not a best practice for
Skype for Business Server 2015. For more information on setting up a SQL Server failover cluster, see the
following articles:
How to: Create a New SQL Server Failover Cluster (Setup)
http://aka.ms/qhslme
AlwaysOn Requirements
AlwaysOn support
Only SQL Server 2014 Enterprise Edition and SQL
Server 2012 Enterprise Edition support AlwaysOn
Availability Groups and AlwaysOn failover cluster
instances. Neither Lync Server 2013 nor Lync
Server 2010 support AlwaysOn.
The hardware must pass validation in the Windows Server Failover Cluster’s Create Cluster Wizard.
You must specify a cluster name and VIP address for the failover cluster.
No shared storage between nodes should be in use. Only local storage should be in use. However,
each node will need the same drive letter and folder path for its local storage to be able to replicate
to other nodes. You can use Xcopy with the /t /e parameters to copy the directory structure.
You must specify file share witness for failover clusters with an even number of servers. This cannot be
a node in the cluster.
You must install stand-alone Enterprise Edition of SQL Server on each node.
You must enable the AlwaysOn Availability Groups feature on each node after installing failover
clustering.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 10-21
You must change the recovery mode from Simple to Full for all databases by using SQL Server
Management Studio.
You must perform backup on each database to flush out transaction logs.
Databases must exist on at least one node in the cluster before you can build an AlwaysOn
Availability Group. Use Topology Builder to create databases if they do not exist.
1. Install the Failover Clustering role on each server that will be a part of the AlwaysOn Availability
Group.
2. Validate the configuration by using Failover Cluster Manager and remediate any errors.
6. Create the availability group with the New Availability Group Wizard.
7. When you add the new Front End pool in Topology Builder, specify the AlwaysOn Availability Group
as the SQL Store.
8. Update the Skype for Business Server topology initially to use the availability group listener, and then
update the databases on each replica.
MCT USE ONLY. STUDENT USE PROHIBITED
10-22 Implementing High Availability in Skype for Business 2015
For more information on the options for deploying an AlwaysOn Availability Group, see the article at the
following link:
Deploy an availability group on a Back End Server in Skype for Business Server 2015
http://aka.ms/dz3u8w\
Note: If the deployment of the availability group is for an existing Front End pool that is
currently designated as the Central Management store, you must deploy an additional pool or a
Standard Edition server so that you can move the Central Management store. You must do this
before the Skype for Business Topology Builder will allow you to change the association to the
SQL instance.
Question: You are a Skype for Business Server 2015 consultant. Your client has determined that
Skype for Business Server communications are mission-critical. They have asked you, their trusted
advisor, to recommend a high-availability solution for their Back End Servers. They currently have
a single-server Enterprise Edition Front End pool deployed for 800 of their 8000 users. They have
a single SQL Server 2014 server deployed as their Back End Server. What should you recommend?
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 10-23
Lesson 3
High Availability for Other Component Servers
Although the Front End and Back End Servers are critical for high availability, they are not the only
components that you can configure to be highly available. In this lesson, you will learn about the
Skype for Business Server roles and supporting services that you can configure for high availability.
Lesson Objectives
After completing this lesson, you will be able to:
Describe the high-availability solutions for the Skype for Business Server file store.
Describe the deployment process for multi-server Office Online Server farms.
High-Availability Solutions for the Skype for Business Server File Store
The file store associated with each Front End pool
in Skype for Business Server 2015 contains system
data and conferencing content. Each Front End
pool that you deploy must have a file store
associated with it. Multiple pools can share a
single file store.
When you use DFS, you must remember that Distributed File System Replication (DFS Replication) is a
best-effort file replication mechanism. However, for business continuity, DFS does not provide published
RTO and RPO numbers. Generally, failover between DFS servers happens quickly; however, data
replication delays might prevent users from being able to work when a failover occurs.
If the data that a file store contains is critical, you should back it up frequently. DFS Replication does not
protect against accidental data deletion or corruption, so backing up the data is advisable.
MCT USE ONLY. STUDENT USE PROHIBITED
10-24 Implementing High Availability in Skype for Business 2015
Scaled consolidated edge, DNS load balancing with private IP addresses using NAT
In this topology, you deploy two or more Edge Servers with private IP addresses on the internal and
external interfaces. The firewall will perform NAT for the external private IP addresses to the Internet. DNS
load balancing of the private IP addresses, on both the internal and external interfaces, is used to
distribute the communication across the pool.
The following table lists the total number of required IP addresses when you use a dedicated IP address
for each Edge role.
2 6 3 VIPs +6
3 9 3 VIPs +9
4 12 3 VIPs +12
5 15 3 VIPs +15
The following table lists the number of required IP addresses when you use one IP address for all Edge
roles.
2 2 1 VIP +2
3 3 1 VIP +3
4 4 1 VIP +4
5 5 1 VIP +5
Note: The maximum number of servers that you can add to an Edge Server pool in
Topology Builder is 20. However, the maximum number of servers that a Skype for Business Edge
Server pool supports is 12.
Note: In addition to the IP addresses for an organization’s Edge servers, you must consider
IP addresses for reverse proxy servers. High availability for reverse proxy solutions is covered later
in this lesson.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 10-27
Note: The Mediation Server is a key role for Skype for Business Enterprise Voice. This course
does not cover Enterprise Voice in detail. However, the Mediation Server is required for the Dial-
in Conferencing feature. You will learn more about dial-in conferencing in Module 6,
“Skype for Business Server 2015 Additional Conferencing Options”.
1. Create the Office Online Server farm on the first server by running the following command:
3. Verify that you have successfully created the Office Online Server farm by navigating to
https://lon-wac1.adatum.com/hosting/discovery.
Note: Office Online Server is the new version of Office Web Apps Server. Although the
server name has changed, the Windows PowerShell cmdlet names have not changed.
Layer 7 routing
Client affinity
It is not necessary to have a hardware load-balancing solution. Virtually any load-balancing solution will
work for Office Online Server. It is also possible to utilize Application Request Routing (ARR) as a load-
balancing solution for Office Online Server farms. You must install the certificate for the Office Online
Server on the load-balancing solution if you want to offload SSL.
Additional Reading: For more information about configuring Skype for Business Server
2015 with Office Online Server, refer to Module 6, “Implementing Additional Conferencing
Options in Skype for Business Server 2015”.
Configure integration with Office Web Apps Server in Skype for Business Server 2015
http://aka.ms/fn4znc
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 10-29
You can use many reverse proxy solutions. You can choose between Microsoft and non-Microsoft
solutions. The high-availability options depend on the solution that you choose to use. Microsoft provides
two reverse proxy solutions:
ARR
o Supports preauthentication
o Requires Windows Server 2012 R2
For a full list of qualified reverse proxies, including non-Microsoft products, see the following website:
For more information on using IIS ARR as a proxy server for your Skype for Business Server 2015 servers,
refer to the following website:
For more information on configuring the Windows Server 2012 Web Application Proxy as a reverse proxy
for Lync Server, refer to the following website:
Note: As of November 2012, Microsoft Forefront Threat Management Gateway 2010 (TMG)
licenses are no longer available for purchase. However, it is still supported through 2020 for
organizations that purchased TMG prior to this date.
Question: Your organization needs to implement a high-availability solution for all remote user
connections. Your company had supportability problems with the designs of some other
information technology (IT) projects. For this reason, your organization now requires that all
solutions follow the best practice guidelines from Microsoft. You currently have five public IP
addresses available. What should you recommend?
Sequencing Activity
The following are the steps for deploying an Office Web Apps Server farm. Put them in the correct order.
Steps
Connect to https://servername.adatum.com/discovery.
Configure Skype for Business Server for Office Web App integration.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 10-31
Objectives
After completing this lab, you will be able to:
Configure DNS and Skype for Business Server to use a hardware load-balancing solution.
Troubleshoot hardware load-balancing configuration.
Lab Setup
Estimated Time: 60 minutes
Virtual machines: 20334B-LON-CL1, 20334B-LON-DC1, 20334B-LON-RTR, 20334B-LON-SFB1,
20334B-LON-SFB2, 20334B-LON-SQL1, 20334B-NYC-SFB3, 20334B-NYC-SQL3, 20334B-LON-LB
This lab depends on the completion of the “Pre-Lab Configuration” lab. Be sure to perform the “Pre-Lab
Configuration” lab at least 85 minutes before starting this lab.
2. Click Start, click Power Options (the power icon at the top-right corner), and then click Shutdown.
Click Continue to confirm that you want to shut down. Wait for it to shut down completely.
4. In Event Viewer, expand Applications and Services Logs, and then click the Lync Server log.
MCT USE ONLY. STUDENT USE PROHIBITED
10-32 Implementing High Availability in Skype for Business 2015
5. In the Lync Server log, look for the most recent Event ID 32108 from the LS User Services. Confirm
the warning Pool Manager changed state of Registrar with FQDN: LON-SFB1.Adatum.com to
Inactive. Minimize the Event Viewer window.
9. On the New Skype for Business Server User page, click Add.
10. On the Select from Active Directory page, change the Maximum users to display value to 400.
Leave the search box blank, and then click Find.
11. In the search results, select all the users in the list, and then click OK.
12. In the Users list, locate Administrator and Guest, and any HealthMailbox*, Krbtgt, and Microsoft
Exchange* users. Select each account, and then click Remove.
13. In the Assign users to a pool section, select pool.adatum.com from the drop-down list.
14. In the Generate user’s SIP URI section, confirm that Use user’s email address is selected.
15. On the New Skype for Business Server User page, leave the default values for all other settings, and
then click Enable.
16. On the New Skype for Business Server User page, click Cancel to return to User Search. Leave the
search box blank, change Maximum users to display 400, and then click Find.
17. Confirm that all users in the organization are now enabled for Skype for Business.
18. On LON-CL1, sign in as Adam@adatum.com with the password Pa$$w0rd, and then open
Skype for Business 2015.
19. On LON-SFB2, click the Windows PowerShell icon on the taskbar, and then run the following cmdlet
to see the information about the routing group that Adam’s account is in:
20. From the results of the cmdlet in the Windows PowerShell window, document the following
information for Adam.
PrimaryPoolFQDN
UserServicesPoolFQDN
PrimaryPoolMachinesInPreferredOrder
PrimaryPoolPrimaryRegistrars
PrimaryPoolPrimaryUserService
21. In Windows PowerShell, run the following command to get the current state of Windows Fabric:
22. Review the results. Locate the Pool All Server and Services Summary section. What is the suggested
resolution to the problem?
23. On LON-SFB2, shut down the server. Wait for it to shut down completely.
25. In Hyper-V Manager, in the Virtual Machines section, start 20334B-LON-SFB1 and
20334B-LON-SFB2. Right-click each virtual machine, click Connect, and then wait for them to start.
29. In Event Viewer, expand Applications and Services logs, and then select the Lync Server log.
32. Review the Lync Server log for errors or warnings. Are there any errors or warning?
33. In the Actions pane, click Find. Use the Find dialog box to look for and review the following Event
IDs:
2. When the User Account Control dialog box appears, click Yes.
3. In the Command Prompt window, type ping pool.adatum.com. Confirm that the FQDN resolves to
one of the following two IP addresses: 172.16.0.20 or 172.16.0.21.
4. At the command prompt, type ipconfig /flushdns, and then press Enter.
5. Repeat steps 3 and 4 until the IP address being pinged changes to the other IP address (for example,
from 172.16.0.21 to 172.16.0.20).
Note: DNS round robin is configured on the DNS server and is the feature that changes the
sequence of the round robin records provided to the client. After the IP addresses have been
resolved, the client caches them and uses them for the DNS load-balancing process.
6. Type ipconfig /displaydns, and press Enter. Verify that the cache contains both IP addresses.
7. If the first IP address in the local cache is not 172.16.0.20, repeat steps 3 and 4 again until the first IP
address is 172.16.0.20, and then proceed to the next step.
MCT USE ONLY. STUDENT USE PROHIBITED
10-34 Implementing High Availability in Skype for Business 2015
8. On LON-SFB1, open Services and stop the Skype for Business Server Front-End Service. Leave this
window open.
If you can sign in successfully, then you can confirm that DNS load balancing is working.
11. Sign out of LON-CL1.
12. On LON-SFB1, start the Skype for Business Server Front-End service.
Results: After completing this exercise, you will have simulated the maintenance process and determined
the root cause of outages. You will also have determined the current health of DNS load balancing and
the Windows Fabric.
2. Double-click the webint record, change the IP address to 172.16.0.120, and then click OK.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 10-35
o admin
o dialin
o lyncdiscoverinternal
o meet
o scheduler
5. In the ZEN Load Balancer GUI window, click the Settings menu, and then select Interfaces.
6. On the Settings::Interfaces page, in the Table interfaces table, locate the eth0 interface, and then
click the add virtual network interface icon in the Actions column.
7. In the new row in the Table interfaces table, type 1 in the Name text box, type 172.16.0.120 in the
Addr text box, and then in the Actions column, click save virtual interface.
8. On the Settings::Interfaces page, in the Default gateway table, click edit default GW in the
Actions column. Type 172.16.0.1 in the Addr text box, and then click save default GW in the
Actions column.
9. In the ZEN Load Balancer GUI window, on the Manage menu, click Farms.
Name: SfBport80
Virtual IP: eth0:1->172.16.0.120
Virtual Port: 80
Profile: TCP
Real Server 0: 172.16.0.20
Real Server 0 Port: 80
Real Server 1: 172.16.0.21
Real Server 1 Port: 80
Name: SfBport8080
Virtual IP: eth0:1->172.16.0.120
Virtual Port: 8080
Profile: TCP
Real Server 0: 172.16.0.20
Real Server 0 Port: 8080
Real Server 1: 172.16.0.21
Real Server 1 Port: 8080
Name: SfBport443
Virtual IP: eth0:1->172.16.0.120
Virtual Port: 443
Profile: TCP
Real Server 0: 172.16.0.20
Real Server 0 Port: 443
Real Server 1: 172.16.0.21
Real Server 1 Port: 443
MCT USE ONLY. STUDENT USE PROHIBITED
10-36 Implementing High Availability in Skype for Business 2015
Name: SfBport4443
Virtual IP: eth0:1->172.16.0.120
Virtual Port: 4443
Profile: TCP
Real Server 0: 172.16.0.20
Real Server 0 Port: 4443
Real Server 1: 172.16.0.21
Real Server 1 Port: 4443
2. Open File Explorer. Navigate to the C:\PortQryUI\ folder, and then double-click portqueryui.exe.
3. In the Port Query window, in the Enter destination IP or FQDN to query text box, type
webint.adatum.com. On the File menu, click Open Config.
4. In the Open dialog box, navigate to C:\PortQryUI\, select SfBconfig.xml, and then click Open.
5. In the Port Query window, verify that Query predefined service is selected. Select
Skype for Business Server 2015 HLB with DNS from the Service to Query list, and then click
Query. This process can take several minutes. The Query button will be enabled when the process
completes.
6. What are the results?
3. In the Skype for Business 2016 client, open Dial-in Conferencing Settings.
4. Did the Dial-in Conferencing Settings and PIN Management window appear?
6. What does the sign-in dialog box say that you are connecting to?
Note: If you were able to connect to the Dial-in and Admin web services, then the
hardware load balancer is working properly.
2. In DNS Manager, delete the pool record for 172.16.0.20 and the pool record for 172.16.0.21.
4. Download the topology from the existing deployment, and save the topology as HLBConfig.tbxml.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 10-37
5. Expand the Skype for Business Server node, expand the Adatum Headquarters node, expand the
Skype for Business Server 2015 container, expand the Enterprise Edition Front End pools
container, right-click pool.adatum.com, and then click Edit Properties.
9. On LON-SFB1, on the taskbar, click Skype for Business Server Management Shell, and then run the
following cmdlet:
Get-CsManagementStoreReplicationStatus
11. At the command prompt, type the following command, and then press Enter:
.\Bootstrapper.exe
14. At the command prompt, type the following command, and then press Enter:
.\Bootstrapper.exe
2. On LON-CL1, sign in as anil@adatum.com with the password Pa$$w0rd, and then document the
results.
5. What do you think is the reason for what you just observed?
Test the connections with port query UI, and then document the results
1. On LON-CL1, open File Explorer, navigate to the C:\PortQryUI\ folder, and then double-click
portqueryui.exe.
2. In the Port Query window, query pool.adatum.com by using the predefined query in the
SfBconfig.xml file. Select Skype for Business Server 2015 HLB ONLY from the Service to Query
list, and then click Query.
2. In the address bar of Internet Explorer, type https://172.16.0.2:444, and then press Enter.
3. In the Windows Security dialog box, sign in as admin with the password Pa$$w0rd.
4. In the ZEN Load Balancer GUI window, click the Settings menu, and then select Backup.
5. On the Settings::Backup page in the Backup Files section, click the upload backup icon in the
Action column.
6. In the Upload File – Internet Explorer window, click the Browse button.
7. In the Choose File to Upload window, navigate to C:\Labfiles, select backup-HLBOnly.tar.gz, and
then click Open.
8. In the Upload File – Internet Explorer window, click Upload Backup, and then close the Upload File
window.
9. On the Settings::Backup page in the Backup Files section, click the Apply backup-HLBOnly.tar.gz
backup and restart Zen Load Balancer service icon (green checkmark) in the Action column.
10. In the ZEN Load Balancer GUI window, click the Settings menu, select Manage, and then select
Farms. Confirm that additional ports for Skype for Business Server have been added.
You must complete this lab before you can start the lab in Module 11, “Implementing Disaster Recovery in
Skype for Business 2015”.
Results: After completing this exercise, you will have identified the HLBs that are qualified to work with
Skype for Business Front End pools. You will also have configured DNS to support an HLB and fixed HLB
connectivity issues.
Question: Carol Troup recently started as the new chief financial officer (CFO) for A. Datum. You
enabled her account for Skype for Business Server 2015. Unfortunately, she cannot sign in with
the new account. Other users in the accounting department are able to sign in. Your desktop
support team has confirmed that the CFO’s machine is configured properly and her account
appears to be configured properly. What can you do to check if it is a Front End pool issue?
Question: During a recent maintenance period, the hardware load-balancing solution for
A. Datum went offline. This caused a large number of after-hours users to lose connectivity to
Skype for Business. Because this was during a planned maintenance period, there were no
repercussions for the outage. However, A. Datum management expects the implemented high-
availability solution to allow Skype for Business Server services to be available for after-hours
users even in the event that a single server goes offline. To prevent this type of outage in the
future, what should you recommend to A. Datum management?
MCT USE ONLY. STUDENT USE PROHIBITED
10-40 Implementing High Availability in Skype for Business 2015
Review Question
Question: Based on what you learned in this module, do you plan to change anything in your
production deployments or in your Skype for Business Server designs for upcoming
deployments?
How to Configure Availability Sets in VMM for Virtual Machines on a Host Cluster
http://aka.ms/y2t7i2
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 10-41
Tools
The following tools are covered in this module:
PortQryUI. Allows you to create custom configuration files for scanning the TCP and User Datagram
Protocol (UDP) ports’ availability on your high-availability solutions.
PortQryUI - User Interface for the PortQry Command Line Port Scanner
http://aka.ms/os9l3l
Database Mirror Manager. If you deploy mirrored databases without the AlwaysOn Availability
Groups, this tool can help you manage the databases on the mirror.
My Skype Lab
http://aka.ms/hytott
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED
11-1
Module 11
Implementing Disaster Recovery in
Skype for Business 2015
Contents:
Module Overview 11-1
Lesson 3: Additional Disaster Recovery Options in Skype for Business Server 11-18
Module Overview
Even with an excellent high-availability design in a Skype for Business 2015 deployment, service outages
or data loss are always risks. Only a disaster-recovery solution can provide you with the ability to recover
when a disaster occurs and wipes out an entire site in your organization. In this module, you will learn
about various options for disaster recovery in Skype for Business.
Objectives
After completing this module, you will be able to:
Describe the disaster recovery options for Persistent Chat, the Central Management store, the
Location Information Service (LIS) database, and user data.
MCT USE ONLY. STUDENT USE PROHIBITED
11-2 Implementing Disaster Recovery in Skype for Business 2015
Lesson 1
Disaster Recovery Options in Skype for Business Server
Skype for Business Server provides a number of configurable disaster recovery options such as Front End
pool pairing, which installs the Backup Service, and Persistent Chat Server stretched pools. In this lesson,
you will learn about various disaster recovery options and tools that you can use to manage disaster
recovery in Skype for Business Server.
Lesson Objectives
After completing this lesson, you will be able to:
Describe how Front End pool failover affects the user experience.
Explain the Persistent Chat Server stretched pool topologies.
Design Server and capacity Manual Microsoft Lync Server 2013 Planning
planning with disaster Tool
recovery
Front End Pairing two Skype for Manual Skype for Business Server Topology
pool disaster Business Server pools Builder, Skype for Business Server
recovery Deployment Wizard
configuration
Back End AlwaysOn Availability Manual SQL Server Management Studio can
maintenance Groups failover (primary be used for manual failover during
to secondary) maintenance
Public Route calls to backup Automatic The Voice Routing tab in Skype for
switched trunk Business Server Control Panel
telephone
network
(PSTN) trunk
failure with
voice
resiliency
configured
PSTN trunk Route calls to backup Manual Skype for Business Server Topology
failure trunk Builder, Skype for Business Server
without voice Control Panel, Windows PowerShell
resiliency cmdlets
configured
Director/Edge Repoint next hop Manual Skype for Business Server Topology
Server/ Builder
Reverse Proxy
failures
After you experience a disaster in your Skype for Business Server environment, it is important to
document the lessons you learn during the recovery process. Based on those findings, you can improve
the design for high availability and disaster recovery.
MCT USE ONLY. STUDENT USE PROHIBITED
11-4 Implementing Disaster Recovery in Skype for Business 2015
o Pools that use the same editions should pair with each other—Enterprise Edition pool with
Enterprise Edition pool and Standard Edition server with Standard Edition server.
o Pools that run on the same type of platform should pair with each other—physical with physical
and virtual with virtual.
There is no restriction on the distance between the pools that pair with each other. However, we
recommend that you keep paired pools within the same geographical region.
Each pool in a pair should have the capacity to handle both pools if one of them fails.
Even though backup relationships between two Front End pools must be one to one and symmetrical,
each Front End pool can still also be the backup Registrar for any number of Survivable Branch
Appliances (SBAs) or Survivable Branch Servers (SBSs). However, disaster recovery support does not
extend to these appliances. Consider a scenario where Pool1 and Pool2 are paired and SBA1 is using
Pool1 for its backup Registrar. In this case, when Pool1 fails and the administrator invokes failover to
Pool2, SBA1 will not be able to use Pool2 for user services. The administrator must redefine the
relationship in Topology Builder for SBA1.
The Recovery Time Objective (RTO) in Skype for Business Server paired pools is 15–20 minutes. RTO
defines the time that is required for a failover to happen after a disaster has occurred and the process
to initiate the failover starts. This does not include the amount of time that is required to identify the
problem, to make a decision on what to do, and to reconnect clients after the service is available.
The Recovery Point Objective (RPO) in Skype for Business Server is five minutes. RPO defines the
amount of data that might be lost during a disaster because of replication latency of the Backup
Service. For example, if a pool goes down at 9:00 AM and the RPO is five minutes, data that writes to
the pool between 8:55 AM and 9:00 AM might not replicate to the backup pool and might be lost.
All RTO and RPO numbers assume two datacenters within the same world region with high-speed,
low-latency transport between them.
Pool pairing will protect the Central Management store, assuming the pool that is paired is the
Central Management store master.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 11-5
Although synchronization is bidirectional, you can configure the synchronization intervals differently
for each direction. For example, the synchronization interval from London to New York can be three
minutes and the synchronization interval from New York to London can be two minutes.
The Backup Service contains multiple backup modules—one for the Central Management store, one
for the file store, and one for the user store. Each module interacts with the Backup Service to send
data to the peer in a secondary site.
Get–CsBackupServiceConfiguration
To set the Backup Service synchronization interval, type the following command:
For example, the following command sets the interval to one minute:
Note: Although you can use this cmdlet to change the default synchronization interval for
the Backup Service, you should not do so unless it is absolutely necessary. This is because the
synchronization interval greatly affects Backup Service performance and the RPO.
To get the Backup Service status for a particular pool, type the following command:
Note: The Backup Service synchronization status is defined as unidirectional from a pool
(P1) to its backup pool (P2). The synchronization status from P1 to P2 can be different from P2 to
P1. For P1 to P2, the Backup Service is in a steady state if all the changes made in P1 completely
replicate to P2 within the synchronization interval. It is in the final state if there are no more
changes to synchronize from P1 to P2. It is important to note that this information is point-in-
time and is only valid at the moment the cmdlet is run. This does not imply that the state
returned will stay as it is. The only way P1 will remain in its current state is if no changes are
made after you run the cmdlet. This is true in the case of failing P1 over to P2 after P1 is
placed in read-only mode as part of the Invoke-CsPoolfailover execution logic.
To get information about the backup relationship for a particular pool, type the following command:
CMS failover
One Front End pool or Standard Edition server will be designated as the Central Management store for
your organization. The Back End Server that is associated with this Front End pool or Standard Edition
server houses the Central Management store. The Central Management store stores critical configuration
data for Skype for Business Server.
Pairing a server or pool that has the Central Management store will provide additional resiliency. The
Backup Service will replicate the Central Management store database to the secondary pool, creating a
standby Central Management store database.
If you decide to fail over a pool that contains the Central Management store, you must first fail over the
Central Management store before you fail over the Front End pool.
Note: Both RTO and RPO for the Central Management store are five minutes.
User Experience
While planning for Skype for Business Server
disaster recovery, you should be aware of the
impact that a failover and subsequent failback has
on users.
After you invoke a failover, users will be able to re-establish calls, meetings that they organized, and
conversations that they were a part of prior to the pool failure. Meetings that users organized on any
Front End pool that did not fail will be active during the failover.
The failover process does not migrate a user from one pool to another pool. The backup pool simply
provides a temporary service for users on the failed pool. You need to initiate a failback manually after
the failed pool comes back online for the users to be able to sign in to their home pool.
The failback process can take significantly longer than the failover process. A failed pool with 20,000 users
will probably take up to an hour to process a failback request. Affected users who are signed in to a
backup pool can still interact with users on functional pools. However, because it takes time to fail back,
user experiences will vary during the failback process.
For additional information on the user experience during failover and failback operations, refer to the
following website:
User experience during pool failure in Skype for Business Server 2015
http://aka.ms/lwdkjc
Two active servers and two passive servers in the first datacenter, and two active and two passive
servers in the second datacenter. This strategy requires high bandwidth and low latency on the wide
area network (WAN) connection between the two datacenters.
Four active servers in the first datacenter and four passive servers in the second datacenter. You can
use this strategy when there is low bandwidth and high latency on the WAN between the two
datacenters.
Database requirements
A stretched Persistent Chat Server pool has additional requirements for Persistent Chat Back End Servers.
This is because of the additional complexity that you introduce when you stretch a Persistent Chat pool
between two sites. The following is a list of Persistent Chat store requirements for disaster recovery:
A dedicated database instance in the same physical datacenter in which the Front End pool, which is
associated with the Persistent Chat Server pool, is located. This database will serve as the SQL Server
mirror for the primary Persistent Chat database. Optionally, designate an additional SQL Server to
serve as the mirroring witness if you want an automated failover to the mirror database.
A dedicated database instance located in the backup physical datacenter. This database will serve as
the secondary SQL Server log-shipping database for the database in the primary datacenter.
MCT USE ONLY. STUDENT USE PROHIBITED
11-8 Implementing Disaster Recovery in Skype for Business 2015
An additional dedicated database instance in the backup physical datacenter. This database serves as
the SQL Server mirror for the secondary database. Optionally, designate an additional SQL Server to
serve as the mirroring witness. Both of these must be in the same physical datacenter as the
secondary database.
If Persistent Chat Server compliance is enabled, three additional dedicated database instances are
required. For these instances, use the same distribution requirement as previously outlined for the
Persistent Chat store.
Note: Although it is possible for the compliance database to share the same SQL Server
instance as the Persistent Chat database, we recommend having stand-alone instances for high
availability and disaster recovery.
Data replication
SQL log shipping replicates Persistent Chat data across a WAN between two geographically separated SQL
Server instances. You must create an additional file share for SQL Server log-shipping transaction logs.
You must grant read/write access on the share for SQL Servers in both datacenters. This share is not
defined as part of the Persistent Chat Server's file store in Skype for Business Server Topology Builder. For
more information about SQL log shipping, refer to the following website:
Note: You will not be able to use your Distributed File System (DFS) shares with a Persistent
Chat Server stretched pool. This is because SQL log shipping does not support them.
Create a Persistent Chat Server pool in Skype for Business Server Topology Builder, and designate
specific Persistent Chat Servers as active or passive.
Configure SQL log shipping between the primary SQL Server instance and the secondary SQL Server
instance—or primary mirror and secondary database if you use SQL Server mirroring.
For more information about setting up log shipping for the primary SQL Server database and setting up
log shipping between the primary mirror and the log shipping secondary database, refer to the following
website:
Configure high availability and disaster recovery for Persistent Chat Server in Skype for
Business Server 2015
http://aka.ms/xsf79f
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 11-9
Which of the following statements are true about Front End pool pairing?
Branch site users will register on the backup pool if the central site pool fails.
Question: You have deployed a Persistent Chat Server pool for A. Datum Corporation. Your task
is to configure disaster recovery for Persistent Chat by using a new disaster recovery site. You
have already enabled compliance and deployed database mirroring at the current site. How
many additional dedicated database instances are required?
MCT USE ONLY. STUDENT USE PROHIBITED
11-10 Implementing Disaster Recovery in Skype for Business 2015
Lesson 2
Implementing Disaster Recovery in
Skype for Business Server
Disaster recovery is often part of an organization’s far-reaching business continuity plan (BCP). A BCP sets
the requirements for the disaster-recovery solution for Skype for Business Server 2015 servers. In this
lesson, you will learn how to implement a disaster-recovery solution and manage the disaster recovery
process.
Lesson Objectives
After completing this lesson, you will be able to:
Explain how a BCP can affect a Skype for Business Server implementation.
Explain how to manage a paired pool failover with or without a Central Management store failover.
To address an organization’s business continuity requirements, Skype for Business Server needs to deploy
a disaster-recovery solution such as the ones covered in Lesson 1, “Disaster Recovery Options in Skype for
Business Server.” Carefully consider the solution that you choose to implement. It must meet your
organization’s RTO and RPO requirements. An organization’s BCP typically defines these. In the
government agencies of the United States, it might also be referred to as a Continuity of Operations
(COOP) plan.
As mentioned earlier in this module, Skype for Business Server can support a 15–20 minute RTO and a
five-minute RPO. However, these numbers will vary based on an organization’s size and scope, and how it
has deployed Skype for Business Server.
It is also important to identify what type of disasters you need to protect Skype for Business Server
against. The answer to this question will affect how far apart you need the paired pools to be from one
another. There is no technical limit on how close they can be to each other. However, if you are trying to
protect against an earthquake or a hurricane, they would need to be far enough so that one of the sites
can avoid a natural disaster.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 11-11
There are limitations on how far paired pools should be from one another. For real-time communications
such as Voice over Internet Protocol (VoIP), the International Telecommunication Union recommends 150
milliseconds (ms) or fewer for latency. Available bandwidth and network reliability are additional factors
that you need to consider.
If you are upgrading from a previous version of Skype for Business Server, such as Microsoft Lync Server
2010, you might have deployed a disaster-recovery solution that is no longer supported; for example,
Lync Server 2010 supported a metropolitan stretched Front End pool. Because of the changes in Lync
Server 2013 and Skype for Business Server 2015, this is no longer supported. Therefore, in Skype for
Business Server 2015, you have to implement paired pools between two separate sites with GeoDNS load
balancing for your Skype for Business deployment.
The United States government has some resources to help businesses document a BCP. You can access
those resources from the following website:
3. In the box below Associated Backup Pool, select the other pool.
4. Select Automatic failover and failback for Voice if you have Enterprise Voice deployed. Otherwise,
you can leave this cleared, and then click OK.
5. Right-click one of the two pools, click Topology, click Publish, and then click Next.
After you publish the changes and replicate the Central Management store, you have to install the Backup
Service on each of the Front End pool member servers. Although you can do this by using the Skype for
Business Server Deployment Wizard, it is easier to run bootstrapper. After the Backup Service installs on all
the appropriate Front End Servers, you can use the Skype for Business Server Management Shell to start
the synchronization and verify the state of the Backup Service.
MCT USE ONLY. STUDENT USE PROHIBITED
11-12 Implementing Disaster Recovery in Skype for Business 2015
2. At the Skype for Business Server Management Shell command prompt, run the following command:
3. Synchronize the data between the two pools by running the following command against each pool:
4. Confirm if synchronization is occurring in both directions and that the Backup Service states are
healthy by running the following command against each pool:
The first step to implement GeoDNS is to document the Autodiscover and simple URL settings for your
organization. The next step is to create GeoDNS host (A) resource records that will resolve to the IP
address of the GeoDNS service. You can also configure GeoDNS service settings to perform a round robin
or a primary then secondary distribution method. The final step is to configure alias canonical name
(CNAME) resource records that resolve to corresponding GeoDNS records.
The following table provides a sample GeoDNS configuration based on the lab environment for this class.
GeoDNS
Alias (CNAME) settings
GeoDNS record Pool records
resource records
(pick one)
GeoDNS
Alias (CNAME) settings
GeoDNS record Pool records
resource records
(pick one)
Microsoft Azure has a GeoDNS feature called Traffic Manager that you can use for an on-premises Skype
for Business Server deployment. For more information about Traffic Manager, refer to the following
website:
Traffic Manager
http://aka.ms/j5h413
MCT USE ONLY. STUDENT USE PROHIBITED
11-14 Implementing Disaster Recovery in Skype for Business 2015
Demonstration Steps
2. To move the Sales users, type the following command, and then press Enter:
Define the paired pool in Topology Builder and publish the topology
1. On LON-SFB1, open Skype for Business Server Topology Builder.
2. In Skype for Business Server 2015 Topology Builder, download and save the topology as PoolPairing.
3. In Skype for Business Server 2015 Topology Builder, enable pool pairing between pool.adatum.com
and ny-pool.adatum.com.
4. In the pool.adatum.com Edit Properties dialog box, click Resiliency in the navigation pane, and
then select Associated Backup Pool.
5. Under the Resiliency section, in the box below Associated Backup Pool, select
ny-pool.adatum.com. Select Automatic failover and failback for Voice, and then
click OK.
6. In Skype for Business Server 2015 Topology Builder, right-click pool.adatum.com, click Topology,
and then click Publish.
8. On the Select databases page, verify that NYC-SQL3.adatum.com\Default is selected, and then
click Next.
2. At the Windows PowerShell command prompt, run the following commands to install and configure
the Backup Service:
3. On LON-SFB2, open the Skype for Business Server Management Shell and repeat step 2.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 11-15
4. On NYC-SFB3, open the Skype for Business Server Management Shell and repeat step 2.
2. In the Skype for Business Server Management Shell, verify that synchronization is occurring in both
directions by running the following commands:
__________
1. Ensure that you have a backup of the Central Management store by running the following commands
in the Skype for Business Server Management Shell:
2. If the Central Management store is not available, use the –LocalStore option as shown in the
examples below:
3. Locate the Central Management Server. If the pool that failed is the Central Management Server, it
must fail over first. To identify the Central Management Server, and then, if necessary, fail over the
server, run the following command:
Get-CsConfigurationStoreLocation
Invoke-CsManagementServerFailover -WhatIf
Invoke-CsManagementServerFailover
4. When you fail over the Central Management Server, first determine if the pool that hosted the
Central Management Server was using database mirroring, and determine which Back End Server
is the principal. You can do this by running the following command:
5. Initiate failover of the Central Management store by running the following command:
Invoke-CsManagementServerFailover
7. Fail over the users from the failed pool to its backup pool by running the following command:
8. If applicable, change the Edge Server association to use the new next hop pool:
o If the Edge Server pool is in the same site as the failed pool, use Topology Builder to make the
Edge Server association change.
o If the Edge Server pool is in a different site than the failed pool, use the following cmdlet:
Invoke-CsPoolFailback
1. You can initiate a Backup Service synchronization by running the following command:
2. You can check the status of the restoration process by running the following command:
Which of the following statements are true about the BCP of an organization that implements Skype
for Business?
Identifies what type of disasters Skype for Business Server needs protection against
Sequencing Activity
The following are the steps for implementing GeoDNS. Arrange them in the correct order by numbering
each step.
Steps
Create the GeoDNS host (A) resource records that will resolve to the IP address of the
GeoDNS service.
Configure alias (CNAME) resource records that resolve to the corresponding GeoDNS
records.
MCT USE ONLY. STUDENT USE PROHIBITED
11-18 Implementing Disaster Recovery in Skype for Business 2015
Lesson 3
Additional Disaster Recovery Options in
Skype for Business Server
The pool pairing feature does not comprehensively cover all the disaster recovery scenarios that you
might face with your Skype for Business Server 2015 servers. In addition to pool pairing, you might have
to back up databases and export key configurations. In this lesson, you will learn how to perform disaster
recovery backup and export procedures. You will also learn about additional recovery procedures.
Lesson Objectives
After completing this lesson, you will be able to:
Xds. This file maintains the configuration of the current Skype for Business Server topology as defined
and published by Topology Builder.
Rtcxds. This file contains persistent user data such as access control lists (ACLs), contacts, and
scheduled conferences.
Rgsconfig. This file contains Skype for Business Server Response Group service data.
Rgsdyn. This file maintains Presence runtime data for the Response Group service.
Cpsdyn. This file contains dynamic data for the Call Park service application.
Lcslog. This file contains archived instant messaging and conference data.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 11-19
LcsCdr. This file contains data that is related to the call detail recording (CDR) process of the
monitoring service.
QoEMetrics. This file contains Quality of Experience (QoE) data from the Monitoring service.
Mgc. This file contains Persistent Chat data, which is the actual chat content that is posted in chat
rooms.
Backing up Rgsconfig
Response Group is an Enterprise Voice call management feature. Pairing pools do not protect the
Rgsconfig database. You should back up the Rgsconfig database as part of your operational procedures
and your change management processes. In this way, you can incrementally restore configurations. This is
especially helpful if a recent change to the Response Group configuration creates an outage. Skype for
Business Server includes a number of Response Group–specific Windows PowerShell commands.
To back up Response Group configurations for a pool, run the following command:
For example, you type the following command to back up Response Group configurations to an
RgsConfig.zip file:
Restoring Rgsconfig
To restore Response Group configurations for a pool, run the following command:
For example, you type the following command to restore Response Group configurations from the
RgsConfig.zip file:
Get-CsService –ApplicationServer
This command will return all application servers in the topology. You can select the appropriate
AppServerserviceID (for example, NewYork-ApplicationServer-1) and then use it in the following
command to retrieve the Universal Naming Convention (UNC) path of the application server:
This command returns the UNC path, \\nyc-sql3\mcs, of the application server, NewYork-
ApplicationServer-1. This is where the MOH file, \\nyc-sql3\mcs\NewYork-ApplicationServer-1
\AppServerFiles\CPS\CpsMoH.wma, is stored. Because this is a simple file, you can back up the file by
using any backup method.
MCT USE ONLY. STUDENT USE PROHIBITED
11-20 Implementing Disaster Recovery in Skype for Business 2015
The following are SQL Server system databases that you must back up:
Master
Model
msdb
If you have enabled the Monitoring service, then you must also back up the SQL Server Reporting Services
files. These files include:
ReportServer
ReportServerTempDB
To export the configuration to a file, use the following Skype for Business Server Management Shell
command:
3. Select the local file, and then select the exported .zip file.
While SQL backups take care of preserving data, you must use the following Skype for Business Server
Management Shell command to export an LIS configuration:
In addition to recovering a configuration, you must republish or import the settings to ensure that the
restoration takes effect. To republish, run the following command in the Skype for Business Server
Management Shell:
Publish-CsLisConfiguration
MCT USE ONLY. STUDENT USE PROHIBITED
11-22 Implementing Disaster Recovery in Skype for Business 2015
In Skype for Business Server 2015, you can use the following Windows PowerShell cmdlet to export user
data:
In the following example, all user data on a pool exports to a .zip file:
In the following example, all users in a pool have the data restored:
Which of the following Skype for Business Server databases stores persistent user data?
Xds
Lis
Rtcxds
Lcslog
UserDyn
Question: A. Datum user Amr Zaki was accidentally deleted from Active Directory Domain
Services (AD DS). AD DS administrators have created a new user account for Amr. You have
enabled the new user account as a Skype for Business user. However, when Amr signed in to
Skype for Business, he could not see any of his contacts. How should you resolve this issue?
MCT USE ONLY. STUDENT USE PROHIBITED
11-24 Implementing Disaster Recovery in Skype for Business 2015
Objectives
After completing this lab, you will be able to:
Configure pool pairing between the London and New York pools.
Lab Setup
Estimated Time: 60 minutes
Password: Pa$$w0rd
This lab depends on the completion of the “Implementing High Availability” lab in Module 10.
1. If the virtual machines are not running already, please start them in the specified order to prevent
service time-out errors:
o 20444A-LON-DC1
o 20334B-LON-RTR
o 20334B-LON-SQL1
o 20334B-NYC-SQL3
o 20334B-LON-SFB1
o 20334B-LON-SFB2
o 20334B-NYC-SFB3
o 20334B-LON-CL1
o 20334B-LON-CL2
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 11-25
o Password: Pa$$w0rd
o Domain: Adatum
Task 1: Define paired pools in Topology Builder and publish the topology
1. On LON-SFB1, open Skype for Business Server Topology Builder.
2. In Skype for Business Server 2015 Topology Builder, download and save the topology as PoolPairing.
3. In Skype for Business Server 2015 Topology Builder, enable pool pairing between pool.adatum.com
and ny-pool.adatum.com.
4. In the pool.adatum.com Edit Properties dialog box, click Resiliency in the navigation pane, and
then select Associated Backup Pool.
5. Under the Resiliency section, in the box below Associated Backup Pool, select
ny-pool.adatum.com. Select Automatic failover and failback for Voice, and then
click OK.
6. In Skype for Business Server 2015 Topology Builder, right-click pool.adatum.com, click Topology,
and then click Publish.
7. On the Publish the Topology page, click Next.
8. On the Select databases page, verify that NYC-SQL3.adatum.com\Default is selected, and then
click Next.
2. At the Windows PowerShell command prompt, run the following commands to install and configure
the Backup Service:
3. On LON-SFB2, open the Skype for Business Server Management Shell and repeat step 2.
4. On NYC-SFB3, open the Skype for Business Server Management Shell and repeat step 2.
2. To move the Sales users, at the Windows PowerShell command prompt, type the following command,
and then press Enter:
2. In the Skype for Business Server Management Shell, verify that synchronization is occurring in both
directions by running the following commands:
__________
Question: What is the OverallImportStatus on each pool?
__________
Results: After completing this exercise, you will have enabled pool pairing and installed the Backup
Service on pool.adatum.com and ny-pool.adatum.com. Finally, you will have confirmed the Backup
Service synchronization.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 11-27
4. Confirm capabilities.
5. Recover the failed pool and initiate failback.
4. Open the Network and Sharing Center, and then click Change adapter settings.
5. In Network Connections, right-click LON_Network, and then click Disable.
8. Open Skype for Business. Confirm that Aaren Ekelund automatically signs in to the Skype for Business
client.
9. In the Skype for Business client, add the ed@adatum.com contact to Aaren’s favorites.
10. Leave the Skype for Business client open.
2. On LON-CL2, verify the state of the Skype for Business client, and then answer the following question:
Is Aaren still signed in?
3. On LON-CL1, verify the state of the Skype for Business client, and then answer the following question:
4. On LON-CL2, wait for five minutes, and then confirm that Aaren is able to sign in to the backup
Registrar automatically.
5. Confirm that Aaren’s client is now in Resiliency mode by observing the limited functionality error in
the client, and then answer the following question:
2. At the Windows PowerShell command prompt, run the following command to locate the Central
Management Server:
Invoke-CsManagementServerFailover -WhatIf
3. At the Windows PowerShell command prompt, run the following command to identity if the failed
pool was using database mirroring, and which Back End Server is the principal:
4. At the Windows PowerShell command prompt, run the following command to fail over the users
from ny-pool.adatum.com (New York) to pool.adatum.com (London):
5. In the Windows PowerShell window, when prompted, type Y, and then press Enter.
Note: Verify that all Skype for Business Server services set to Automatic (Delayed start) on
NYC-SFB3 are running before continuing.
4. At the Windows PowerShell command prompt, run the following command to get the Backup Service
status for ny-pool.adatum.com:
6. At the Windows PowerShell command prompt, run the following command to start the failback
process:
8. On LON-CL2, view the configuration information for the Skype for Business 2016 client. In the Skype
for Business Configuration Information window, confirm that NY-Pool.adatum.com is the server
running Skype for Business Server
9. On LON-CL1, verify the state of the Skype for Business client, and then answer the following question:
2. In Hyper-V Manager, click 20334B-LON-DC1, and then in the Checkpoints pane, click the
StartingImage checkpoint.
3. In the Actions pane, click Apply. When the Apply Checkpoint dialog box appears, click Apply.
4. Repeat steps 2 and 3 for the following virtual machines:
o 20334B-LON-RTR
o 20334B-LON-CL1
o 20334B-LON-CL2
o 20334B-LON-SQL1
o 20334B-LON-SFB1
o 20334B-LON-SFB2
o 20334B-NYC-SQL3
o 20334B-NYC-SFB3
Results: After completing this exercise, you will have simulated the New York pool outage and initiated
pool failover from ny-pool.adatum.com to pool.adatum.com. You will also have validated the user
experience during the failover and failback process.
Question: Based on your experience in the lab, what recommendation would you make to
A. Datum to improve the failover and failback process in the future?
Although there is no limit on the distance between paired pools, we recommend that you keep them
in the same geographical area.
When there is a low-bandwidth and high-latency WAN connection between Persistent Chat Server
stretched pools, place all the active servers in the same site.
Use a GeoDNS solution to reduce the administrative effort involved with failing over web traffic
during a pool failure.
Review Question
Question: Describe a few scenarios where it would be inappropriate to pair two Standard Edition
servers for disaster recovery.
Tools
The following tools are covered in this module:
Traffic Manager. You can use Traffic Manager for GeoDNS load balancing.
Traffic Manager
http://aka.ms/dji7a9
Lync Server 2013 Planning Tool. You can use the Lync Server 2013 Planning Tool to plan a disaster-
recovery solution for Skype for Business Server 2015.
Microsoft Lync Server 2013, Planning Tool
http://aka.ms/ikzdqb
MCT USE ONLY. STUDENT USE PROHIBITED
12-1
Module 12
Integrating with Skype for Business Online
Contents:
Module Overview 12-1
Module Overview
Skype for Business Online is available as part of Microsoft Office 365. Skype for Business Online provides
much of the same functionality as on-premises Skype for Business 2015, with the benefit that you do not
need to manage the actual Skype for Business Servers. If your organization currently has an on-premises
Skype for Business deployment, you can migrate all of your users to Skype for Business Online, or you can
configure a hybrid deployment where some users are hosted on-premises and some are hosted online.
This module provides an overview of Skype for Business Online, and it then provides details on how to
design and implement a hybrid deployment.
Objectives
After completing this module, you will be able to:
Lesson 1
Overview of Skype for Business Online
Skype for Business Online is one of several online services that are included with the Office 365
platform. Office 365 is a subscription-based service that provides messaging and collaboration tools
for organizations of any size. Office 365 provides several options for purchasing Skype for Business
Online services, including subscriptions that include many other services and stand-alone
Skype for Business Online options. You also have a couple of options to integrate Skype for Business
services with an on-premises environment. This lesson provides an overview of Office 365 and
Skype for Business Online, and it describes options for integrating an on-premises environment with
an online environment.
Lesson Objectives
After completing this lesson, you will be able to:
Describe Office 365.
Explain how to manage Skype for Business Online by using the Skype for Business Server
Management Shell.
Note: All Office 365 subscriptions provide access to Microsoft Office Online, which provides
online versions of Word, Excel, PowerPoint, and OneNote.
Office 365 ProPlus supports streaming deployment, which enables users to click an application installation
icon and start using the application while the program installs in the background. This deployment
method also enables users to run Office 365 ProPlus alongside earlier versions of Microsoft Office.
Yammer
The Microsoft enterprise social networking tool now integrates more with Office 365, with the option for
SharePoint Online users to replace their activity stream in SharePoint Online with Yammer. To make this
change, users click a Yammer link and then sign in to this service by using a separate browser window.
Sway
With Sway, you can create and share interactive web-based reports, presentations, or other types of online
content by using mobile devices or desktops.
MCT USE ONLY. STUDENT USE PROHIBITED
12-4 Integrating with Skype for Business Online
Desktop version N Y Y N Y Y Y
of Office
Online version of Y Y Y Y Y Y Y
Office
1 terabyte (TB) of Y Y Y Y Y Y Y
file storage per
user (OneDrive for
Business)
Organizational Y N Y Y N Y Y
email, calendar,
and contacts
(Exchange Online)
Unlimited online Y N Y Y N Y Y
meetings
(Skype for Business)
Organizational Y N Y Y N Y Y
social network
(Yammer)
Personalized search Y N Y Y N Y Y
and discovery
across Office 365
Voicemail N N N N N Y Y
integration (Unified
Messaging)
Cloud PBX N N N N N N Y
Compliance, N N N N N Y Y
information
protection, and
eDiscovery
MCT USE ONLY. STUDENT USE PROHIBITED
12-6 Integrating with Skype for Business Online
Organizational Office 365 subscription options change frequently. You can check the following website to
see the current subscriptions and additional components that each subscription includes:
You can purchase additional features that are not part of your base subscription. For example, if you have
an E1 subscription and you would like to add dial-in conferencing or Cloud PBX, you can purchase these
options as add-ins to your subscription.
Option Online plan 1 Online plan 2 Skype for Business Server 2015
Presence and Y Y Y
instant messaging
Audio and HD N N N
video calling to
Skype for Business
users
Group HD video N Y Y
calling
Schedule N Y Y
meetings in
Microsoft Outlook
Join meetings N Y Y
from desktops
and web
browsers,
including
anonymously
Desktop and N Y Y
application
sharing and
remote control
Persistent Chat N N Y
Dial-in audio N N Y
conferencing
Enterprise Voice N N Y
For more details on the Skype for Business Online stand-alone plans, refer to the following website.
Skype for Business Compare plans
http://aka.ms/vqcfmt
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 12-7
In online-only with SSO mode, you configure all users as Skype for Business Online users. You also can
implement directory synchronization and SSO by using a product such as AD FS. When you configure
SSO, users will always authenticate in on-premises AD DS and then use those credentials to access
Skype for Business Online.
In hybrid mode, you can configure some users to use an on-premises Skype for Business deployment
and some to use Skype for Business Online. With Skype for Business, you can use the same Session
Initiation Protocol (SIP) domain or domains for an on-premises Skype for Business deployment and
Skype for Business Online.
Note: The last two lessons in this module provide details on how to design and implement
a hybrid Skype for Business deployment.
DNS requirements
To enable client connectivity to Skype for Business Online, you need to configure the following Domain
Name System (DNS) records for your SIP domain:
If you have deployed split-brain DNS and you want users who are both inside and outside your network
to access Skype for Business Online, you need to enter these resource records for your internal DNS
servers and the Internet-accessible DNS servers.
Configure whether presence information will display to all users or just to a user’s contacts.
Configure mobile phone notifications by using Microsoft Push Notification Service, Apple Push
Notification Service, or both.
Configure whether your users can communicate with other Skype for Business or Microsoft Lync
organizations. You can configure access to all domains except for a block list, or you can disable
access to all domains except for an allow list. You can also allow users to communicate with Skype
users outside of your organization.
Enable or disable dial-in conferencing. Depending on your subscription type, you might need to set
up an account with an approved audio conferencing provider.
Audio and video settings. You can configure whether users can use audio, video, or both, and
whether they can use HD video.
Enable or disable recording of conversations and meetings.
2. Open the Skype for Business Server Management Shell, and then type the following commands:
a. Import-Module SkypeOnlineConnector. This command adds the Skype for Business Online
connector module to your Windows PowerShell session.
b. $cred = Get-Credential. This command will present an authentication dialog box where you can
enter administrator credentials for Skype for Business Online.
After running these commands, you can use the Skype for Business Server Management Shell to manage
Skype for Business Online.
You configured an Office 365 tenant and created a user account in your tenant. What must you do
next to ensure that the user can sign in to Skype for Business Online?
Configure the DNS resource records for your domain to reference Skype for Business Online.
Configure the Skype for Business Online settings for the user account.
Assign a license that includes Skype for Business Online to the user account.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 12-11
Lesson 2
Preparing for a Hybrid Skype for Business Deployment
One deployment option for Skype for Business Online is to deploy a hybrid solution. In a hybrid solution,
you have users who utilize on-premises Skype for Business and Skype for Business Online. This lesson
describes the prerequisite components that are necessary before you can enable a hybrid
Skype for Business deployment.
Lesson Objectives
After completing this lesson, you will be able to:
List and verify the prerequisites for a hybrid Skype for Business deployment.
Configure SSO.
User authentication. Depending on where users are located, they need to authenticate in the on-
premises Skype for Business environment or in the Skype for Business Online environment. To simplify
the user experience, you also can configure SSO to utilize users’ domain credentials when connecting
to the Skype for Business Online environment. Deploying SSO requires you to deploy some type of
federation server in the on-premises environment.
Skype for Business Edge Server deployment. You must configure a Skype for Business Edge Server
deployment before you enable hybrid mode. All communication that relates to Skype for Business
traverses an Edge Server deployment.
MCT USE ONLY. STUDENT USE PROHIBITED
12-12 Integrating with Skype for Business Online
Federation. A hybrid deployment uses federation to enable communication between the two
Skype for Business environments. You must enable an on-premises Skype for Business environment
to allow federation.
Client connectivity. In a hybrid deployment, client computers and mobile devices will always
connect first to the on-premises Skype for Business environment, and then they will redirect to
Skype for Business Online if the users are in Skype for Business Online. To enable client connectivity,
all DNS resource records that clients use must point to the on-premises deployment.
Note: If GoDaddy hosts your domain, you can allow the domain setup wizard to create the
text (TXT) resource record for you automatically. To do this, you will need to authenticate at
GoDaddy with an account that has permission to modify the DNS zone. Be aware that if you use
this option, the wizard will configure other settings in addition to the text (TXT) resource record.
The wizard will also configure mail exchanger (MX) resource records for email, and it will
configure the alias (CNAME) and service (SRV) resource records that are required for client
connectivity. All of these records will point to the Office 365 servers, so you need to verify that
you want to use Office 365 for all of these services. In particular, if you are enabling a hybrid
Skype for Business deployment, you will need to modify the Skype for Business alias (CNAME)
and service (SRV) resource records to point to the on-premises environment rather than the
cloud environment.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 12-13
Note: If you are using a private internal DNS name, such as adatum.local, you will not be
able to use it as your public SIP domain. You will also not be able to register this name in Office
365. If you are using this type of domain, you need to configure all users with a UPN that uses a
public DNS name, such as adatum.com, and configure all users to use this domain name as their
SIP address. You can then add the public DNS name to Office 365.
3. Configure DNS resource records. All Skype for Business clients must connect to the on-premises
Skype for Business Server environment to determine whether a user is in an on-premises pool or in
the cloud. This means that you must configure the following DNS resource records to reference your
on-premises deployment:
o Lyncdiscover.domainname
o _sip._tls.domainname
o _sipfederationtls._tcp.domainname
Note: If you deployed Skype for Business Edge Servers for external connectivity, these DNS
resource records should already be in place.
4. Deploy an Edge Server and enable federation. You must implement external access to your on-
premises Skype for Business deployment and configure federation with external Skype for Business
organizations. You must also enable federation with external Skype for Business organizations on
your Skype for Business Online tenant.
5. Verify that the blocked and allowed domains for federation are identical in both the on-premises
environment and the online environment.
Verify the DNS records for the Office 365 custom domain.
Demonstration Steps
1. Connect to the Office 365 admin center.
2. Review the domain settings. Verify that the custom domain is added to Office 365.
3. Verify the DNS records that are assigned to the custom domain.
Note: Although all Office 365 users and groups are stored in Azure AD, you do not have to
use Azure management tools to manage these accounts if you are implementing only Office 365
and you are not implementing other Azure services. To manage user accounts in Office 365, you
can use the Office 365 admin center.
Azure AD Connect
Azure AD Connect is the current directory synchronization tool that you can use to synchronize on-
premises AD DS with Azure AD. Azure AD Connect provides the following improvements over previous
directory synchronization options:
It uses the new Microsoft Identity Manager (MIM) synchronization, which is built on a Microsoft
SQL Server Express 2012 R2 database.
It supports simple multiple-forest scenarios.
It enables filtering on individual attributes and synchronization of just those filtered accounts by using
a specific Microsoft online service, such as Exchange Online or SharePoint Online.
Note: Microsoft released two other directory synchronization tools that are still supported
but are not recommended. These tools are DirSync and Azure AD Sync, which is a stand-alone
directory synchronization component that now integrates with Azure AD Connect.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 12-15
For more information on Azure AD Connect and to download the tool, refer to the following website.
Preparing on-premises AD DS
Before you implement Azure AD Connect, you should ensure that your on-premises AD DS and related
technologies are checked for potential issues, and you should remediate any discovered issues. These
checks should include:
Analyzing the on-premises environment for invalid characters in AD DS object attributes and for
incorrect UPNs.
Identifying domain functional levels and schema extensions, and identifying custom attributes that
are in use.
Recording network port use and DNS resource records that relate to Office 365.
You can use the IdFix tool to identify and remediate the majority of object synchronization errors in
AD DS, including common issues such as duplicate or malformed proxyAddresses and userPrincipalName
attributes. You can select the organizational units (OUs) for IdFix to check. You also can fix common errors
within the tool.
You can download the IdFix tool from the following website.
Demonstration Steps
1. Run the Azure AD Connect tool.
2. Start a custom configuration of Azure AD Connect.
7. Connect to the Office 365 admin center, and then verify that the user accounts synchronized.
Overview of SSO
When you configure directory synchronization by
using Azure AD Connect, you can configure
password synchronization. This means that when
you first synchronize a user account with Office
365, the password also synchronizes. If a user
changes his or her password in the on-premises
AD DS domain, the password synchronizes with
Office 365.
SSO components
If you configure SSO, users will always authenticate in the on-premises AD DS domain, and they will then
use those credentials to access Office 365 services. You can implement SSO by configuring federated
trusts and claims-based authentication. To configure SSO, you need the following components:
Federated trust, which establishes a relationship between two partner organizations, where one
partner provides access to an application and the other partner manages the user accounts that
access the application. In a hybrid deployment, Office 365 with Azure AD provides that application,
and you manage the user accounts in your on-premises AD DS domain.
Identity provider, which is a directory service that authoritatively authenticates a user. In a hybrid
deployment, the identity provider is your on-premises AD DS environment.
Application provider, also known as a relying party, provides access to applications. Office 365
applications and Azure AD act as the relying party in a hybrid deployment.
Claims, which is a statement about a user, such as the user’s email address, domain, group
membership, first name and last name, or UPN. The claim enables the relying party to establish the
identity of the user who is requesting access to resources.
Claims provider, also known as the security token service (STS), is a service that generates claims for
users on request. For example, in a hybrid deployment, an AD FS server can provide a claim for a user
who is trying to access an Office 365 application.
Token, which is a file that contains claims about an authenticated user, along with an assertion that
the user has correctly authenticated. Claims typically are signed to prevent alteration in transit, and
they are encrypted.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 12-17
SSO process
The following steps describe what happens when an Office 365 user signs in to Skype for Business:
1. The user starts the Skype for Business client. When the client starts, it connects to Azure AD to check
whether the user’s domain name is a federated domain. If the domain is not a federated domain, the
client continues with a normal domain sign-in.
2. If the user domain is an Office 365 federated domain, the client sends a request for a Security
Assertion Markup Language (SAML) token to the on-premises AD FS server. If the user signs in on a
domain member computer, the federation server accepts the domain credentials. If the user does not
sign in on a domain member computer, the user is prompted for credentials. The AD FS server uses
the credentials to send a request to the on-premises AD DS domain controller to obtain the user’s
claims.
3. The AD FS server then issues a security token to the client that includes the user claims.
4. The client then requests an authentication token from Azure AD to connect to Skype for Business
Online. The client provides the security token that it receives from the on-premises AD FS server.
5. Azure AD validates the security token and issues an authentication token to the client.
6. The client connects to Skype for Business Online, which requests an authentication token. The client
provides the authentication token it received from Azure AD. Skype for Business Online evaluates the
token and provides access to the services based on the token.
o DNS resource records. Client requests to AD FS need to resolve to the correct access point for the
AD FS service, regardless of whether the client is on the internal network or on the Internet.
Typically, internal clients connect to the AD FS server, and external clients connect to a proxy
server. However, both clients need to use the same name, such as adfs.adatum.com. This means
that you will need to configure two different DNS resource records for this name: one for internal
clients by using the internal DNS server, and one for external clients by using the Internet-
accessible DNS server.
MCT USE ONLY. STUDENT USE PROHIBITED
12-18 Integrating with Skype for Business Online
o Certificates. AD FS uses certificates for signing tokens before sending the token to a client and for
Secure Sockets Layer (SSL) encryption. For token exchange, AD FS uses self-signed certificates.
These certificates only validate that the content has been unaltered in transit, so there is typically
no requirement to use third-party issued certificates or to validate to a trusted certification
authority (CA).
For SSL encryption, certificates must come from a CA that federation servers in both partner
organizations trust. With Azure federation servers, this certificate must come from a publicly
trusted CA. With third-party SSL encryption certificates, either the common name (CN) or the
subject alternative name (SAN) on the SSL certificate must match the fully qualified domain name
(FQDN) of the endpoint to which the client request is terminating. Therefore, if the DNS name of
the STS is adfs.adatum.com, the SSL certificate for connecting to the proxy array must include
either a CN or SAN for adfs.adatum.com.
o Firewall configuration. Firewall configuration is relatively simple in that external clients only need
the SSL TCP port 443 to connect to an AD FS proxy server. The proxy server then communicates
with AD FS by using port 443 only.
2. Install and configure AD FS servers. To install and configure AD FS, perform the following steps:
a. Add a publicly trusted certificate to the personal certificate store on a computer that is running
Windows Server 2012 or Windows Server 2012 R2.
b. Add the AD FS role to the computer by using the Add Roles and Features Wizard.
e. Select the publicly trusted certificate as the SSL certificate, and ensure that the Federation Service
name matches the CN in the certificate or is included in the SAN on the certificate.
f. If AD FS is considered a critical service in your organization, you should install additional servers
in the federation farm and configure load balancing between the servers.
Note: You can use Azure AD Connect to configure AD FS servers and web application
servers. To do this, install the AD FS and Web Application Proxy components on Windows Server
2012 R2 servers with remote management enabled, and then complete a custom installation and
configuration of the Azure AD Connect tool. The installation process will connect to the specified
servers and configure the AD FS and Web Application Proxy components.
3. Install and configure AD FS proxy servers or Web Application Proxy servers. You can deploy AD FS
proxy servers or a computer that is running Windows Server 2012 or Windows Server 2012 R2 with
the Web Application Proxy server role installed. In either case, the server is deployed in a perimeter
network and it is not a domain member. When users are outside the network, the AD FS proxy server
or Web Application Proxy server proxies client requests from the Internet to internal AD FS servers. If
you are running Windows Server 2012 R2, we recommend using Web Application Proxy. To install
and configure Web Application Proxy, perform the following steps:
a. Add a publicly trusted certificate to the personal certificate store on a computer that is running
Windows Server 2012 R2. Mostly, this is the same certificate that was used on the internal AD FS
server.
b. Add the Web Application Proxy role service to the computer by using the Add Roles and Features
Wizard. The Web Application Proxy role service is a component of the Remote Access server role.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 12-19
c. Run the Web Application Proxy Configuration Wizard and configure the internal AD FS server
name, the certificate and URLs, and the pre-authentication method.
d. Like the internal AD FS server, you might want to deploy multiple Web Application Proxy servers
and configure load balancing.
Note: Before users can connect to Office 365 by using SSO, you must configure the
Office 365 domain as a federated domain. The next lesson covers this step.
Verify SSO.
Demonstration Steps
1. Run Azure AD Connect, and then configure the AD FS server.
2. Select the Azure AD domain that will be configured for federation.
3. Verify that users are required to use SSO and that SSO works.
As part of a hybrid Skype for Business deployment at A. Datum Corporation, you need to configure
appropriate DNS resource records to ensure that clients can automatically connect to both the on-
premises and cloud deployments of Skype for Business. Which of the following DNS resource
records do you need to configure?
Lesson 3
Configuring a Hybrid Skype for Business Environment
After configuring the prerequisites, you are ready to start configuring the Skype for Business hybrid mode
and moving users from on-premises Skype for Business pools to Office 365. This process is actually quite
easy after all the prerequisites are complete. In some cases, you might also want to configure a hybrid
Skype for Business deployment by enabling online users first and then configuring an on-premises
environment. This configuration is possible, but it requires a few extra steps. This lesson describes how
to configure a hybrid Skype for Business environment.
Lesson Objectives
After completing this lesson, you will be able to:
Explain how to configure a hybrid Skype for Business environment by using Windows PowerShell
commands.
Explain how to configure a hybrid Skype for Business environment by using Skype for Business Server
Control Panel.
This command configures the edge service for your on-premises organization. The command enables
users to access Skype for Business from outside the organization, and it allows on-premises users to
communicate with users in federated domains. The command also instructs the Edge Servers to use
DNS service (SRV) resource records when locating Skype for Business Server Edge Servers for federated
partners. You might have already configured these options if you enabled federation with other
organizations:
This command configures a new hosting provider, which is any external organization that provides SIP-
based services. The command provides the following information:
ProxyFQDN, which identifies the proxy server that the hosting provider uses.
EnabledSharedAddressSpace, which indicates that the hosting provider will host users with the same
SIP address space as the on-premises Skype for Business organization.
HostOCSUsers, which indicates that the hosting provider will host Skype for Business users. If you
were setting up a hosting provider just to provide other services, such as hosted Exchange Server
services, you would set this to False.
Verficationlevel, which configures the required verification for messages that are sent to and from the
hosted provider. Setting this value to UseSourceVerfication means that all messages are checked for
verification.
IsLocal, which indicates that the proxy server that the hosting provider uses is outside the on-premises
environment.
AutodiscoverURL, which identifies the URL for the Autodiscover service that clients use to locate the
user’s home pool.
Configure your Skype for Business Online tenant for a shared SIP address space
In addition to configuring your on-premises Skype for Business environment, you must also configure
your Skype for Business Online tenant to use a shared SIP address space. You can use the
Skype for Business Server Management Shell to configure this setting.
Note: Before running the following command, you need to establish a remote Windows
PowerShell connection to Skype for Business Online. See Lesson 1, “Overview of
Skype for Business Online,” for details on how to do this.
To configure a shared SIP address space, open the Skype for Business Server Management Shell, connect
to Skype for Business Online, and then run the following command:
You can use Skype for Business Server Control Panel to move on-premises users to Skype for Business
Online or to move Skype for Business Online users back to an on-premises Skype for Business
environment.
You can identify which users are in Skype for Business Online. Online users are identified as being in
Skype for Business Online rather than the local Front End pool.
You can configure some settings for online users by using Skype for Business Server Control Panel.
Demonstration Steps
1. In Skype for Business Server Control Panel, connect to Skype for Business Online.
2. Run the Set up hybrid with Skype for Business Online Wizard.
$CREDS=Get-Credential
Move-CsUser -Identity USERNAME@domainname -
Target SIPFED.ONLINE.PARTNER.LYNC.COM -
Credential $CREDS -
HostedMigrationOverrideURL URL
Https://Pool FQDN/HostedMigration/hostedmigrationService.svc
You can determine the URL for the hosted migration service by viewing the Skype for Business Online
Control Panel URL for your Skype for Business Online tenant. To identify the hosted migration service URL
for your Skype for Business Online tenant, perform the following steps:
3. Select and copy the URL in the address bar up to lync.com. The URL looks like the following:
https://webdir1a.online.lync.com/lscp/?language=en-US&tenantID=
https://admin1a.online.lync.com
5. Append /HostedMigration/hostedmigrationservice.svc to the URL. The final URL looks like the
following:
https://admin1a.online.lync.com/HostedMigration/hostedmigrationservice.svc
You can move multiple users at the same time by using the Get-CsUser cmdlet. You can use the –Filter
parameter to identify a collection of users. For example, you can use the RegistrarPool parameter to list all
users who are hosted on a particular pool, and then you can pipe the list of users to the Move-CsUser
cmdlet:
You can also use the –OU parameter to move all users in the specified OU to Skype for Business Online:
You can also use Skype for Business Server Control Panel to move users to and from Skype for Business
Online. When you move a user from on-premises Skype for Business to Skype for Business Online, the
HostingProvider attribute on the user account in the local AD DS domain is modified to indicate that the
user is now hosted online. The value of the HostingProvider attribute for an on-premises user is SRV:.
When the user moves to Skype for Business Online, the attribute changes to sipfed.online.lync.com.
Note: The HostingProvider attribute in the Skype for Business Server Management Shell is
stored in the msRTCSIP-DeploymentLocator attribute in an AD DS user account.
A Skype for Business client uses the HostingProvider attribute to locate the correct Skype for Business
pool when connecting to Skype for Business. Because the Autodiscover DNS resource records point to the
on-premises environment, the client will always connect to the on-premises environment when the client
starts. After the user authenticates, the client checks the HostingProvider attribute. If the user is hosted
in the cloud, the client redirects to connect to Skype for Business Online.
Demonstration Steps
1. In Skype for Business Server Control Panel, connect to Skype for Business Online.
1. Deploy the Skype for Business Server on-premises environment. You must deploy and configure edge
services.
2. Configure directory synchronization between the on-premises environment and Office 365. You must
have user accounts for all users in Skype for Business Online in your local AD DS domain. You can also
deploy AD FS if you want to enable SSO.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 12-25
3. In your on-premises deployment, create the hosting provider for Skype for Business Online by typing
the following commands in the Skype for Business Server Management Shell:
4. Enable the user accounts that are associated with Skype for Business Online users as on-premises
Skype for Business users. You can do this by using the following command. This command enables a
user for Skype for Business, but it identifies the user as an online user:
5. Run directory synchronization to synchronize the updated information from the AD DS domain to
Azure AD.
6. Modify the following Internet-accessible DNS resource records to direct all SIP traffic to on-premises
Skype for Business:
o Update the lyncdiscover.adatum.com host (A) resource record to reference the on-premises
reverse proxy server.
o Update the _sip._tls.adatum.com service (SRV) resource record to reference the Access Edge
service of the on-premises Skype for Business deployment.
7. You can then start moving Skype for Business Online users to the on-premises Skype for Business
environment. To move a user by using the Skype for Business Server Management Shell, run the
following command:
$CRED = Get-Credential
Move-CSUser -Identity USERNAME@Adatum.com -Target "FE-POOL.Adatum.com" -Credential
$CRED -HostedMigrationOverrideURL URL
This command uses the same hosted migration override URL that is used for moving users from an on-
premises environment to an online environment. You can also use Skype for Business Server Control Panel
to move users.
Question: Verify the correctness of the statement by placing a mark in the column to the right.
Statement Answer
Question: Verify the correctness of the statement by placing a mark in the column to the right.
Statement Answer
Objectives
After completing this lab, you will be able to design a hybrid Skype for Business deployment.
Lab Setup
Estimated Time: 15 minutes
All servers are members of the Adatam.local domain. Users sign in to the local domain by using the
format Adatum\username or username@adatum.local. The only SIP domain that Skype for Business Server
uses is username@adatum.local.
The London site is connected to the Internet. The network team in London deployed a perimeter network
that includes a two reverse proxy servers that are behind a hardware load balancer.
The only DNS resource records for Adatum.com that are configured on the Internet are for
www.adatum.com, a mail exchanger (MX) resource record, and a host (A) resource record for
mail.adatum.com. All other servers use the Adatum.local domain name.
Your task is to complete the pilot implementation of Skype for Business on Office 365. In preparation for
this project, you have configured a pilot Office 365 tenant and have purchased 50 Office 365 Enterprise E3
licenses. The only domain that is assigned to the Office 365 tenant is adatum.onmicrosoft.com.
You need to move 40 users from the on-premises Skype for Business environment to
Skype for Business Online.
Users who move to Skype for Business Online must be able to use the same domain name as users
who are hosted in the local Skype for Business environment.
MCT USE ONLY. STUDENT USE PROHIBITED
12-28 Integrating with Skype for Business Online
Users must be able to sign in to Skype for Business Online by using the same user name and
password that they use on the internal network.
Users must be able to connect to Skype for Business Server from the internal network and from
external locations regardless of where the user accounts are located.
Skype for Business is a critical network service at A. Datum. This means that the
Skype for Business Server deployment must be highly available, and it must continue to function in
the event of a single-server failure.
You must design a solution that enables A. Datum to move some users to Skype for Business Online while
meeting business requirements.
2. What changes to the current environment should A. Datum make before it can start the hybrid
Skype for Business deployment?
3. What infrastructure components will A. Datum need to deploy before it can start the hybrid
Skype for Business deployment?
4. What steps will A. Datum need to take to complete the hybrid Skype for Business deployment?
Results: After completing this exercise, you should have designed a hybrid Skype for Business
environment for A. Datum.
Question: Why do you need to configure on-premises Skype for Business and Skype for Business
Online to share an address space when configuring a hybrid Skype for Business deployment?
Question: Why will you decide to include AD FS in your design if you are planning a hybrid
Skype for Business deployment?
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 12-29
Review Question
Question: How can you mitigate any security concerns with either directory synchronization with
password synchronization or SSO?
Tools
The following tools are covered in this module:
Azure AD Connect. Use this tool to synchronize users, groups, and contacts between on-premises
AD DS and Azure AD. The Azure AD Connect configuration wizard can also configure AD FS and Web
Application Proxy.
AD FS. Use this security token service (STS) to enable federation between on-premises AD DS and
Azure AD.
Skype for Business Server Control Panel. Use this tool to configure the hybrid mode and to move
users between on-premises Skype for Business and Skype for Business Online.
Skype for Business Server Management Shell. Use this tool to configure the hybrid mode and to
configure other Skype for Business Online settings.
The Skype for Business Online connector module for Windows PowerShell. This provides the Windows
PowerShell commands that are necessary to configure Skype for Business Online when you use the
Skype for Business Server Management Shell.
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED
13-1
Module 13
Planning and Implementing an Upgrade to
Skype for Business Server 2015
Contents:
Module Overview 13-1
Module Overview
How you upgrade to Skype for Business Server depends on whether your organization currently uses
Microsoft Lync Server 2010 or Lync Server 2013. If your organization uses Lync Server 2010, a side-by-side
migration might be the right choice. However, if Lync Server 2013 is your current version you should
consider an in-place upgrade.
Note: There is no coexistence support for Lync versions prior to Lync 2010. If your
organization is currently running Microsoft Office Communications Server 2007 or Office
Communications Server 2007 R2, you must migrate to either Lync 2010 or Lync 2013 before
upgrading to Skype for Business.
Migrating to Skype for Business from either Lync 2010 or Lync 2013 involves the same steps as a
migration from Lync 2010 to Lync 2013. The client experience will also be the same as in a migration
from Lync 2010 to Lync 2013.
Objectives
After completing this module, you will be able to:
Describe the supported migration and upgrade paths for Skype for Business Server.
Perform an in-place upgrade of Lync Server 2013 to Skype for Business Server.
Lesson 1
Overview of Upgrade and Migration Paths
Upgrading to Skype for Business from either Lync Server 2010 or Lync Server 2013 requires knowledge
of the supported path. If your organization is currently on Lync Server 2013, an in-place upgrade is
supported. You must decide if you should perform an offline, in-place upgrade or a move user upgrade.
Organizations currently on Lync Server 2010 will use a side-by-side migration path. With this option, you
add new Skype for Business infrastructure to the current Lync Server 2010 topology. You move users,
services, and endpoints to the Skype for Business infrastructure prior to decommissioning Lync Server
2010.
Lesson Objectives
After completing this lesson, you will be able to:
Describe the supported upgrade path for Skype for Business Server.
Describe the in-place upgrade of Lync Server 2013 to Skype for Business Server.
Identify the difference between an Offline upgrade and a Move User upgrade.
If your organization is currently on Lync Server 2010, then you can utilize the side-by-side migration path,
in which you add new servers running Skype for Business Server to the topology and move users without
service interruptions. However, there will be a few seconds of interruption when you disconnect from the
old server and reconnect to the new server.
Skype for Business Server supports an in-place upgrade from Lync Server 2013. When using the in-place
upgrade option, the current servers that are running Lync Server 2013 will automatically have the Lync
Server 2013 software uninstalled and replaced by Skype for Business Server. No services will be available
in the Front End Server pool during the in-place upgrade, and all Front End Server pool members must be
upgraded to Skype for Business Server before pool services can resume.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 13-3
If you can plan a service window during which you can interrupt access to Lync Server 2013 services, you
can perform the in-place upgrade without adding the administrative load of moving users, services, and
endpoints. Skype for Business Server will simply replace all services and configurations in the Lync Server
2013 environment.
Sometimes taking the Lync 2013 infrastructure offline is not a viable option. In this case, you can use the
Move Users upgrade option. This involves installing a temporary Lync Server 2013 deployment to host
users, services, endpoints, and conferences for the duration of the upgrade. This approach is very similar
to a migration from either version of Lync Server. However, this approach can reuse current servers and
the load-balancer setup used by the Lync Server 2013 installation, without requiring reconfiguration after
upgrading to Skype for Business Server.
Note: Lync Room System (LRS) Administrative Web Portal for Lync Server 2013 cannot
coexist with Skype for Business Server. Therefore, you must uninstall the LRS Admin tool from
Lync Server 2013 before upgrading the servers to Skype for Business. After the upgrade,
download and install the Microsoft Lync Room System Administrative Web Portal for Skype
for Business Server.
Microsoft Lync Room System Administrative Web Portal for Skype for Business Server 2015
http://aka.ms/hxn4ct
During the upgrade of servers running Lync Server 2013 to Skype for Business Server, the Front End Server
pool cannot offer any services until you have upgraded all the pool members to Skype for Business Server.
If you can schedule a maintenance window in which you can take the Lync Server 2013 servers offline,
then we recommend the Offline upgrade approach.
MCT USE ONLY. STUDENT USE PROHIBITED
13-4 Planning and Implementing an Upgrade to Skype for Business Server 2015
After you have selected the server that is running Lync Server 2013 in the Skype for Business Server
Topology Builder for upgrade to Skype for Business Server and have published the topology, you can
perform an Offline upgrade in five steps:
1. Announce a maintenance window, and inform users that services will be unavailable during this
period.
2. Take the Front End pool offline by using the cmdlet Disable-CsComputer –Scorch. This prevents
services from starting, in case a server reboot is required.
3. Run Skype for Business Server setup to begin an in-place upgrade. Always check for updates before
you upgrade.
4. Bring the Skype for Business Front End pool online by using the Windows PowerShell cmdlet
Start-CsPool.
5. Validate that users can connect and all services work as expected.
If users require continued access to services during the upgrade, use the Move Users upgrade option. In
this scenario, you install and configure a temporary server running Lync Server 2013 or Skype for Business
Server before upgrading the Lync Server 2013 production pool to Skype for Business. You move all users
and required services, such as Response Groups, dial-in conferencing, and conferencing directories, to the
temporary pool to assure continued access during the upgrade. The Move Users upgrade path is very
similar to a migration. If Move Users is the selected solution, consider performing a fresh Skype for
Business Server production pool installation and then migrate to that pool, rather than upgrading the
existing Lync Server 2013 pool.
Once you have configured a temporary Front End Server pool, external pointers from the reverse proxy
and the Edge server are updated to reflect the temporary server. This involves updating publishing rules
on the reverse proxy, and changing the next hop Edge server assignment in Skype for Business Server
Topology Builder.
In an Offline in-place upgrade, you do not use a temporary placement on another Front End Server pool.
As a result, all users that are hosted on the Lync Server 2013 Front End Server pool do not have access to
the services for the duration of the upgrade.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 13-5
When performing an in-place upgrade from Lync Server 2013 to Skype for Business Server, all current
server names, certificates, settings, policies, users, and conferences are preserved. When you have
upgraded all Front End Server pool members with the Skype for Business software components, you
must start the pool by using the Windows PowerShell Start-CsPool cmdlet that Skype for Business Server
introduced. The Start-CsPool cmdlet starts all required services in the right order, including Windows
Fabric.
Note: The Start-CsPool cmdlet does not start local Microsoft SQL Server services. If the
local SQL Server services are not running, Start-CsPool will fail. You must ensure that the SQL
Server services have started and are running before attempting a new pool start.
Only users with the Skype for Business client will be able to notice a difference when the full upgrade is
complete, as the Skype for Business client supports the new Skype Directory search feature. When the
Front End Server, Edge servers, and clients are all running Skype for Business, you can enable access to
the Skype Directory search.
If you use the Skype for Business client, Skype Directory search allows for the discovery of users who use
Skype (the consumer version of Skype) just as it does when using a Skype client. This includes connecting
to Skype public users that have not connected their private Skype account with a Windows Live account.
You also can search for Skype public users by using their Skype name, or search by other parameters such
as name, location, date of birth, and email. Users connecting from Lync clients do not benefit from the
enhanced Skype Directory search features.
MCT USE ONLY. STUDENT USE PROHIBITED
13-6 Planning and Implementing an Upgrade to Skype for Business Server 2015
Question: What is the difference between the Offline and Move Users upgrade paths?
Question: Verify the correctness of the statement by placing a mark in the column to the
right.
Statement Answer
Lesson 2
Migrating to Skype for Business 2015
Organizations that still are on Microsoft Office Communications Server 2007 or Office Communications
Server 2007 R2 must complete a migration to either Lync Server 2010 or Lync Server 2013 before
upgrading to Skype for Business.
Lesson Objectives
After completing this lesson, you will be able to:
4. Move pilot users to the new Skype for Business Server pool and test all Skype for Business
functionality.
5. Move remaining users, services, Response Groups, and dial-in access numbers.
6. Retarget external pointers, including reverse proxy, Edge Server next hop in Skype for Business Server
Topology Builder, external Domain Name System (DNS), and trunks, to the new Skype for Business
Server installation.
7. Move the Central Management store database to the new Skype for Business Server pool.
8. Move the remaining endpoints and services from the old pool, including conferencing directories,
Unified Messaging contacts, and dial-In conferencing numbers.
9. Decommission the old pool by removing it from Skype for Business Server Topology Builder and then
run a local setup to deactivate services in AD DS.
These steps will help ensure minimal service interruption, which should be limited to the time it takes
for the user to disconnect from the old pool and reconnect to the new pool. You can eliminate other
interruptions, such as phone access being limited while Session Initiation Protocol (SIP) trunks are
moved from old pool to new, in cooperation with the trunk provider.
MCT USE ONLY. STUDENT USE PROHIBITED
13-8 Planning and Implementing an Upgrade to Skype for Business Server 2015
Migrating users
If you deployed Archiving Server and Monitoring Server in your Lync Server 2010 environment, you can
collocate these servers on your Skype for Business 2015 environment after you migrate your front-end
pools. If archiving and monitoring functionalities are critical to your organization, you should add
archiving and monitoring to your Skype for Business 2015 pilot pool before you migrate users, so that
the functionality is available during the migration process.
If you deployed Group Chat Server in your Lync Server 2010 environment, you must deploy Skype for
Business 2015 Persistent Chat Server. Group Chat Server and Persistent Chat Server can coexist, but
content (for example, chat rooms) is not shared across these servers. To access the legacy Group Chat
Server content from Persistent Chat Server, you must migrate the Group Chat Server to Persistent Chat
Server.
In general, you must use the administrative tool that corresponds to the server version that you want to
manage. You cannot install the Lync Server 2010 or Lync Server 2013, and the Skype for Business Server
2015 administrative tools on the same computer. Skype for Business Server 2015 supports multisite and
multi-pool deployments.
You should carry out functional tests on the newly deployed pool to ensure that the pool has been
properly deployed. Additionally, you should perform interoperability tests to ensure that users in the
legacy pools can interact successfully with users in the new Skype for Business 2015 pool.
Director with no impact to services provided, you can optionally deploy Directors, if you want to. You also
can safely exclude the Director because the Front End Servers will provide the same services in their place.
Remote Access
To ensure that the users in Skype for Business 201 pools use the Skype for Business 2015 Edge Server
for signaling, you will need to configure the clients to connect manually. Automatic configuration is
controlled through the service (SRV) resource record in Domain Name System (DNS), and you cannot
use DNS to direct clients to specific Edge servers based on the client version. From a Media Relay
Authentication Service (MRAS) perspective, the Skype for Business 2015 pool can utilize the legacy
Edge deployment, or the pool can be configured to use the new Skype for Business 2015 Edge Server.
Federation
Federation continues to use the legacy federation route.
Question: When migrating from Lync 2010 or 2013 to Skype for Business, which application
endpoints do you usually need to migrate?
Question: Verify the correctness of the statement by placing a mark in the column to the right.
Statement Answer
Lesson 3
In-Place Upgrade to Skype for Business
Performing the in-place upgrade from Lync Server 2013 to Skype for Business Server is the same whether
you use the Offline upgrade or Move Users upgrade option. You must fulfill certain requirements before
you can perform an upgrade task. In addition, the upgrade sequence must follow a few rules.
Lesson Objectives
After completing this lesson, you will be able to:
List the prerequisites for an in-place upgrade from Lync Server 2013 to Skype for Business Server.
Describe how to prepare a Lync Server 2013 Front End Server pool for in-place upgrade by using
the Skype for Business Server 2015 Topology Builder.
Describe how to perform an in-place upgrade of a Lync Server 2013 server to Skype for Business
Server.
2. Install Skype for Business Server Topology Builder, which is part of the Skype for Business
administrative tools.
3. In Skype for Business Server Topology Builder, select the Lync Server 2013 pool for in-place upgrade,
and then publish the topology.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 13-13
4. Take the Lync Server 2013 pool offline by using the Windows PowerShell Disable-CsComputer
–Scorch cmdlet.
5. Run Skype for Business Server setup on the Lync Server 2013 server that you want to upgrade.
6. Start the Skype for Business Server pool by using the Windows PowerShell Start-CsPool cmdlet.
The Office Web Apps server that the existing Lync Server 2013 topology uses is usually a part of the
internal AD DS. It does not have Lync Server 2013 Core Components installed on it. Consider using this
server for the initial deployment of the Skype for Business administrative tools. Once you complete the
upgrade, consider uninstalling the administrative tools if they are not needed.
Preparing for an In-Place Upgrade by Using the Skype for Business Server
Topology Builder
After you have installed the Skype for Business
Server Topology Builder, you can upgrade the
Lync Server 2013 Front End Server pool. To do
this, open the Skype for Business Server Topology
Builder, and select the topology. Download the
topology from the existing deployment, and then
save the downloaded topology to a file such as,
PreUpgradeTopology.tbxml.
Publish the topology and resolve any issues that arise. When you have published the topology
successfully, wait for the topology replication to complete. You verify the replication by using the
Windows PowerShell cmdlet Get-CsManagementStoreReplicationStatus.
Before you run the in-place upgrade, stop the Lync Server 2013 services and remove the services by using
the Windows PowerShell cmdlet Disable-CsComputer – Scorch. This prevents the services from starting
in case of a server reboot.
When all services have started successfully, manually check for updates by downloading and running the
latest SkypeServerUpdateInstaller.exe from the Skype for Business downloads and updates site. Do not
forget to update the databases if needed. Database updates are necessary when you deploy updates to
Skype for Business Core Components. Use the Windows PowerShell cmdlet Test-CsDatabase to verify
installed and expected database version numbers.
After the services have started successfully, verify that Skype for Business clients, and end-points such as
phone devices, are able to sign in, and confirm that all the services work as expected.
Sequencing Activity
The following are the steps for performing an in-place upgrade. Arrange them in the correct order by
numbering each step.
Steps
In Skype for Business Server Topology Builder, select the Lync Server 2013 server that you
want to upgrade.
Start Skype for Business services by using the Windows PowerShell cmdlet Start-CsPool.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 13-15
Objectives
After completing this lab, you should be able to:
Prepare and perform an in-place upgrade from Lync Server 2013 to Skype for Business Server.
Lab Setup
Estimated Time: 45 minutes
Password: Pa$$w0rd
For this lab, you will use the available virtual machine environment. Before beginning the lab, you must
complete the following steps:
2. In Hyper-V Manager, click 20334B-TREY-DC1, and then in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts.
o Password: Pa$$w0rd
o Domain: TreyResearch
7. In Hyper-V Manager, right-click 20334B-TREY-SVR1, and then from the context menu, select
Settings.
8. In the Settings window, expand IDE Controller 1, and then select DVD Drive.
9. Under Specify the media to use with your virtual CD/DVD drive, select Image file:, and then type
C:\Program Files\Microsoft Learning\20334\Drives\SfB-E-9319.0-enUS.ISO.
10. Click Apply, and then click OK to close the Settings window.
2. Upgrade the Lync Server 2013 pool to Skype for Business Server, and publish the topology.
2. Run D:\Setup\amd64\Setup.exe.
Task 2: Upgrade the Lync Server 2013 pool to Skype for Business Server, and publish
the topology
1. On TREY-SVR1, from the Start menu, click to the Apps page and open Skype for Business Server
Topology Builder.
2. Download the topology from the existing deployment, and then save the topology as
PreUpgrade.tbxml.
3. Select TREY-LYNC.TreyResearch.net, and select the option to upgrade Skype for Business Server
2015.
4. Publish the Topology.
5. Review the to-do list when the Publish Topology wizard completes.
Results: After completing this exercise, you should have installed the Skype for Business administrative
tools on TREY-SVR1, and opened the Skype for Business Server Topology Builder. In addition, you
should have downloaded topology from the existing deployment, selected the Lync Server 2013
TREY-LYNC.TreyResearch.net for in-place upgrade, and published the topology.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 13-17
10. When the setup is complete, start the pool by running the following command in Skype for Business
Server 2015 Management Shell:
11. Validate the Skype for Business services by running the following command in Skype for Business
Server 2015 Management Shell:
Get-CsWindowsService
You have completed an in-place upgrade from Lync Server 2013 to Skype for Business Server.
12. Shut down all virtual machines (VMs) as they are no longer needed.
Results: After completing this exercise, you should have validated the replication of the Central
Management Store (CMS) and performed an in-place upgrade of TREY-LYNC.TreyResearch.net from
Lync Server 2013 to Skype for Business Server.
Question: Why did you not install the Skype for Business administrative tools on TREY-LYNC?
Question: Why did you run Disable-CsComputer –Scorch instead of Stop-CsWindowsService
to stop services?
MCT USE ONLY. STUDENT USE PROHIBITED
13-18 Planning and Implementing an Upgrade to Skype for Business Server 2015
Review Question
Question: Are there any reasons not to use the in-place upgrade feature?
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 13-19
Course Evaluation
Your evaluation of this course will help Microsoft understand the quality of your learning experience.
Please work with your training provider to access the course evaluation form.
Microsoft will keep your answers to this survey private and confidential and will use your responses to
improve your future learning experience. Your open and honest feedback is valuable and appreciated.
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED
L1-1
a. What type of Skype for Business Server will you deploy in New York?
Answer: You should deploy Enterprise Edition to meet the future high availability requirement.
b. Question: What server roles in Skype for Business Server will you deploy in New York?
Answer: The only server roles that you should deploy at this point are a Front End Server and a
Back End Server.
c. Question: What would you need to change in your plan to enable high availability?
Answer: If you deploy an Enterprise Edition Front End Server, you can easily enable high
availability by deploying a second Front End Server.
2. In the Welcome to the Skype for Business Server 2015, Planning Tool window, click Get Started.
3. In the Audio/Video Conferencing window, select Yes, and then click Next.
4. In the Dial-in Conferencing window, select No, and then click Next.
5. In the Web Conferencing window, select Yes, and then click Next.
6. In the Enterprise Voice window, select No, and then click Next.
7. In the Call Admission Control window, select No, and then click Next.
10. In the Persistent Chat window, select No, and then click Next.
11. In the Video Interop window, select No, and then click Next.
12. In the Mobility window, select No, and then click Next.
13. In the Federation window, clear the following options, and then click Next:
15. In the IP Support window, select Both IPv4 and IPv6, and then click Next.
MCT USE ONLY. STUDENT USE PROHIBITED
L1-2 Design and Architecture of Skype for Business Server 2015
16. In the Disaster Recovery window, select No, and then click Next.
18. In the Central Sites window, in the Site Name text box, type New York, in the Site Homed Users
text box, type 1000, and then click Next.
19. In the SIP Domain window, in the What are your company’s internal SIP Domains text box, type
adatum.com, click Add, and then click Next.
20. In the Conference Settings window, clear Data collaboration is enabled, and then click Next.
21. In the External User Access window, select No for Do you want to enable external user access, and
then click Next.
22. In the High Availability Options window, select Database Mirroring, and then click Next.
24. In the Skype for Business Server 2015, Planning Tool Finished Successfully window, click Draw to
review the proposed topology.
Results: After completing this exercise, you should have identified the necessary servers and configuration
for the workloads that A. Datum plans to deploy in New York.
2. In Topology Builder, click Download Topology from existing deployment, and then click OK.
Note: If the Download Current Topology window appears, wait a few seconds before
continuing.
3. In the Save Topology As window, select the desktop, and then save the topology as Lab1.tbxml.
4. Right-click the SkypeShare folder, and then click Share with specific People.
5. Ensure that Administrator is listed as Read/Write and that the Administrators group is listed as the
owner.
6. On the File Sharing window, click Share, and then click Done.
7. Switch to LON-SFB1.
8. In Topology Builder, on LON-SFB1, right-click Skype for Business Server, and then click New
Central Site.
9. In the Define New Central Site window, in the Name text box, type New York, and then click Next.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 L1-3
10. In the Specify site details window, in the City text box, type New York, and then click Next.
11. In the Central site was successfully defined window, verify that Open the New Front End Wizard
when this wizard closes is selected, and then click Finish.
12. In the Define the New Front End pool window, click Next.
13. In the Pool FQDN text box, type NY-pool.adatum.com, and then click Next.
14. In the Define the computers in this pool window, in the Computer FQDN text box, type
NYC-SFB3.Adatum.com, click Add, and then click Next.
15. In the Select features window, select Conferencing (includes audio, video, and application
sharing), and then click Next.
16. In the Select collocated server roles window, select Collocate Mediation Server, and then click Next.
17. In the Associate server roles with this Front End pool window, verify that Enable an Edge pool to be
used by the media component of this Front End pool is cleared, and then click Next.
18. In the Define the SQL Server store window, click New to open a new Microsoft SQL Server store.
19. In the Define New SQL Server Store window, in the SQL Server FQDN text box, type
NYC-SQL3.adatum.com, click the option for Default instance, and then click OK.
20. Verify that the SQL Server store is populated with NYC-SQL3.adatum.com\Default, and then click
Next.
21. In the Define the file store window, select Define a new file store:
b. In the File Share text box, type SkypeShare, and then click Next.
22. In the Specify the Web Services URL window, leave the default options, and then click Next.
23. In the Select an Office Web Apps Server window, verify that Associate pool with an Office Web
Apps Server is cleared, and then click Finish.
4. After publishing completes, in the Publishing wizard complete window, select a step, and then click
View Logs for review. This might be necessary for reviewing errors or warnings.
Note: When you publish the topology, you may receive a status of Completed with
warnings for the step Creating Database NYC-SQL3.adatum.com\Default.
Results: After completing this exercise, you should have added the required servers and configuration to
the topology based on your design of the Skype for Business deployment in the New York site.
MCT USE ONLY. STUDENT USE PROHIBITED
L2-5
2. In DNS Manager, expand LON-DC1, expand Forward Lookup Zones, and then click Adatum.com.
5. In the IP Address box, type 172.16.10.20, and then click Add Host.
6. At the DNS prompt, click OK.
8. In the IP Address box, type 172.16.10.20, and then click Add Host.
9. At the DNS prompt, click OK.
10. In the New Host window, in the Name box, type dialin.
11. In the IP Address box, type 172.16.10.20, and then click Add Host.
13. In the New Host window, in the Name box, type meet.
14. In the IP Address box, type 172.16.10.20, and then click Add Host. Click OK, and then click Done.
16. In the Select a resource record type window, click Service Location (SRV), and then click
Create Record.
19. Leave the Priority entry as the default. Enter 10 for Weight.
21. In the Host offering this service box, type NY-pool.Adatum.com, and then click OK.
2. In Topology Builder, click Download Topology from existing deployment, and then click OK.
Note: If the Download Current Topology window appears, wait a few seconds before
continuing.
3. In the Save Topology As window, select Desktop, and then save the topology as Lab2.tbxml.
2. In the Edit Properties window, in the left navigation pane, click Simple URLs.
3. In the right navigation pane, under Phone access URLs, click Add.
4. In the right navigation pane, under Phone access URLs, verify the simple URL of
https://dialin.adatum.com already exists. If not, click Add. In the Add simple URL window, in the
URL text box, type https://dialin.adatum.com, select the Make this the active URL check box, and
then click OK.
5. In the right navigation pane, under Meeting URLs, verify the simple URL of
https://meet.adatum.com with the SIP domain Adatum.com already exists. If not, click Add. In the
Add simple URL window,
in the SIP domain drop-down menu, select Adatum.com, in the URL text box, type
https://meet.adatum.com, select the Make this the active URL for the selected domain
check box, and then click OK.
3. After the publishing completes, in the Publishing wizard complete window, select a step, and then
click View Logs for review. This might be necessary for reviewing errors or warnings.
Results: After completing this exercise, you will have created the required Domain Name System (DNS)
records to support the workloads that A. Datum Corporation plans to deploy in New York and to support
the simple URLs.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 L2-7
2. On the Skype for Business Server message box, click Don’t check for updates right now, and then
click Install.
3. On the End User License Agreement page, select I accept the terms in the license agreement,
and then click OK.
4. On NYC-SFB3, on the Skype for Business Server 2015 - Deployment Wizard page, click Install or
Update Skype for Business Server System.
5. On the Skype for Business Server 2015 - Deployment Wizard page, next to Step 1: Install Local
Configuration Store, click Run.
6. On the Configure Local Replica of Central Management Store page, verify that Retrieve directly
from the Central Management Store is selected, and then click Next. This step will take about 15
minutes to execute.
7. On the Executing Commands page, when the Task Status shows Completed, click Finish.
8. On NYC-SFB3, on the Skype for Business Server 2015 - Deployment Wizard page, next to Step 2:
Setup or Remove Skype for Business Server Components, click Run.
9. On the Setup Skype for Business Server Components page, click Next. This step will take
approximately 15 minutes to run.
Results: After completing this exercise, you will have installed the local configuration store and the core
components on the Skype for Business Server Front End Server in the New York site.
MCT USE ONLY. STUDENT USE PROHIBITED
L2-8 Installing and Implementing Skype for Business Server 2015
2. In the Certificate Wizard window, select Default Certificate, and then click Request.
o In the Select a CA from the list detected in your environment drop-down list, verify that
LON-DC1.Adatum.com\AdatumCA is present.
o In the Friendly Name box, type NYC-SFB3 Skype for Business Server Default Certificate.
Note: If the certificate request fails, check if the Active Directory Certificate Services service
is running on LON-DC1. If not, start the service, and then retry the certificate request.
6. On the Online Certificate Request Status page, verify that Assign this certificate to Skype for
Business Server certificate usages is selected, and then click Finish.
9. On the Executing Commands page, when the Task Status shows Completed, click Finish.
10. On the Certificate Wizard, click the down arrow next to Default Certificate to expand the Certificate
Type.
11. Verify that Server Default, Web Services Internal, and Web Services External show as Assigned.
12. On the Certificate Wizard, click the down arrow next to OAuthTokenIssuer to expand the Certificate
Type.
2. At the prompt, type the following command. and then press Enter:
Start-CsPool NY-pool.adatum.com
5. On the Skype for Business Server 2015 – Deployment Wizard page, click Exit.
Task 3: Verify the Skype for Business client connectivity to New York
1. Switch to LON-SFB1.
2. On LON-SFB1, on the taskbar, click Skype for Business Server Control Panel.
3. Select https://ny-pool.adatum.com/Cscp, click OK, and then sign in as adatum\administrator
with the password Pa$$w0rd.
4. Select users on the left menu, and then click enable users.
5. In the new Skype for Business Server user panel, click add, and then click add filter.
6. In the first drop-down list box, select Department. In the second drop-down list box, select equal to.
In the text box, type Sales, and then click Find.
7. Click the first user, and then press Ctrl+A to select all the users from the search results. Click OK.
8. In the assign users to a pool drop-down list box, select NY-pool.adatum.com, change the
Telephony drop-down list box to Enterprise Voice, and then at the upper-left corner, click Enable.
Results: After completing this exercise, you will have requested and assigned the certificates and started
the services for the Skype for Business Server Front End Server in the New York site.
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED
L3-11
7. In the Skype for Business Server install window, select Don’t check for updates right now, and then click
Install.
8. Select I accept the terms in the license agreement, and then click OK.
9. In the Welcome to Skype for Business Server 2015 deployment window, select Install Administrative
Tools.
11. In the Executing Commands window, verify that the task status is Completed, and then click Finish.
Results: After completing this exercise, you will have installed the administrative tools for Skype for
Business on LON-CL1.
2. In the Windows Security dialog box, type Administrator as the user name and Pa$$w0rd as the
password. Click OK.
6. Type Carol Troup in the search box, click Find, and then click OK.
MCT USE ONLY. STUDENT USE PROHIBITED
L3-12 Administering Skype for Business Server 2015
7. On the User Search page, in the Assign users to a pool section, select pool.adatum.com.
8. Examine the additional options on the page, and then click Enable.
10. Leave the User Search page open for the next task.
2. Click Add.
8. On the User Search page, in the Assign users to a pool section, click pool.adatum.com.
9. Examine the additional options on the page, and then click Enable.
10. In the User Search box, type Don Funk, and then click Find.
11. Verify that there is a check mark in the Enabled column.
12. Clear the name in the search field and then click Find to view all the enabled users.
Results: After completing this exercise, you will have enabled Carol Troup and all the members of the
information technology (IT) organizational unit (OU) to use Skype for Business.
4. Note that Aidan Delaney and Bill Malone are the members of the Managers security group.
2. In the Skype for Business Server Management Shell, type the following command, and then press Enter:
$rootDN = ([adsi]"").distinguishedName
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 L3-13
3. In the Skype for Business Server Management Shell, type the following command, and then press Enter:
$sipDomain = “adatum.com”
4. In the Skype for Business Server Management Shell, type the following command, and then press Enter:
$csPool = 'pool.adatum.com'
5. In the Skype for Business Server Management Shell, type the following command, and then press Enter:
6. In the Skype for Business Server Management Shell, type the following command, and then press Enter:
$users = $group.member
7. In the Skype for Business Server Management Shell, type the following command, and then press Enter:
4. Close the Skype for Business Server 2015 Control Panel. If a dialog box appears, click Yes.
Results: After completing this exercise, you will have enabled all the users in the Managers security group
for Skype for Business.
MCT USE ONLY. STUDENT USE PROHIBITED
L3-14 Administering Skype for Business Server 2015
3. Confirm that the access is denied. You should see an Access is denied message.
2. In Active Directory Users and Computers, in the navigation pane, expand Adatum.com, and then click the
Users container.
3. In the Results pane, right-click the CSAdministrator group, and then click Properties.
4. On the CSAdministrator Properties page, click the Members tab, and then click Add.
5. On the Select Users, Contacts, Computers, Service Accounts, or Groups page, in the Enter the object
names to select box, type Ed, select Ed Meadows, and then click OK.
7. In Active Directory Users and Computers, right-click the Users container, click New, and then click Group.
Type CSManagersUserAdmin, and then in the Group scope section, click Universal. Click OK.
3. Click the Start button, click All apps, and then click Skype for Business Server Management Shell.
4. At the command prompt, type Get-CsAdminRoleAssignment –Identity “Ed”, and then press Enter.
3. Click Add.
4. Type Managers, and then click OK.
6. Switch to LON-SFB1.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 L3-15
7. In the Skype for Business Server Management Shell, confirm that Ed Meadows is assigned the
CsManagersUserAdmin role by typing Get-CsAdminRoleAssignment –Identity “Ed” at the command
prompt.
Results: After completing this exercise, you will have assigned Ed Meadows the CSAdministrator role. You
will also have assigned the members of the Managers organizational unit the CSUserAdministrator role
that is scoped to their OU.
4. In the Skype for Business Server Management Shell, type the following command, and then press Enter:
Get-CsClsConfiguration
5. Start a logging scenario with the Centralized Logging Service by typing the following command, and then
pressing Enter:
6. Start a second logging scenario (AudioVideoConferencingIssue) with the Centralized Logging Service by
typing the following command, and then pressing Enter:
3. On LON-CL1, in the Skype for Business window, click the drop-down arrow next to the settings icon, and
then click Meet Now.
4. If a Join Meeting Audio dialog box appears, select Use Skype for Business and Don’t show this again,
and then click OK.
5. In the new conversation window, click the People icon, and then click Invite More People.
6. In the Send an IM dialog box, type Amr, select Amr Zaki, and then click OK.
Sync-CsClsLogging
2. Execute a search against the currently running logging scenario and output the results to a file by
executing the following command and pressing Enter:
3. Stop the AudioVideoConferencingIssue logging scenario by entering the following command and
pressing Enter:
4. Click the Messages tab, and then observe the collected data.
5. Close Snooper.
Results: After completing this exercise, you will have captured the messages that are transmitted in an ad
hoc meeting by using the Centralized Logging Service.
2. Click Do not update items, click No, I do not want to participate, and then click OK.
3. Click New Session.
7. In the View Filter box, type TLS, and then click Apply.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 L3-17
a. On LON-SFB1, open the Skype for Business Server Management Shell and start a logging
scenario with the Centralized Logging Service by typing the following command, and then
pressing Enter:
b. On LON-CL1, in the Skype for Business window, click the drop-down arrow next to the settings
icon, and then click Meet Now.
c. In the new conversation window, click the People icon, and then click Invite More People.
d. In the Send an IM dialog box, type Amr, select Amr Zaki, and then click OK. Type some
message text.
Sync-CsClsLogging
3. Execute a search against the currently running logging scenario and output the results to a file by running
the following command and pressing Enter:
4. Stop the AlwaysOn logging scenario by entering the following command and pressing Enter:
5. In File Explorer, go to C:\Program Files\Skype for Business Server 2015\Debugging Tools\, and then
double-click Snooper.exe.
2. On LON-CL1, in the results pane, notice the Transport Layer Security (TLS) traffic that is being generated.
3. Click the first packet with a Source or Destination address of 172.16.0.20, and then observe the Details 1
pane.
4. Review several of the TLS packets to see the traffic exchanged between the Skype for Business server and
the client.
5. Stop the network capture by clicking the square Stop button in the toolbar at the top of the window, and
then close Microsoft Message Analyzer.
MCT USE ONLY. STUDENT USE PROHIBITED
L3-18 Administering Skype for Business Server 2015
2. In the Virtual Machines list, right-click 20334B-LON-DC1, and then click Revert.
Results: After completing this exercise, you will have examined a network capture.
MCT USE ONLY. STUDENT USE PROHIBITED
L4-19
2. At the command prompt, type the following command, and then press Enter:
This shows a list of all users in the Marketing organizational unit (OU).
3. At the command prompt, type the following command, and then press Enter:
With the -whatif parameter, this command displays the accounts that will be enabled, without
actually enabling them. You can use the –whatif parameter when you want to see the consequences
of running a command prior to running it.
4. At the command prompt, run the previous command without the -whatif parameter.
5. At the command prompt, type the following command, and then press Enter:
If you do not receive an error message, you can assume that the command ran properly.
2. Confirm that Adam Barr is enabled for Skype for Business by confirming that the Enabled parameter is
set to TRUE.
3. Switch to LON-CL1.
4. On LON-CL1, click Start, click All apps, expand Microsoft Office 2013, and then click Skype for
Business 2015. Click Ask me later, and then click Accept.
MCT USE ONLY. STUDENT USE PROHIBITED
L4-20 Configuring Users and Clients in Skype for Business 2015
5. Sign in to the Skype for Business client as Adam@adatum.com with the password Pa$$w0rd. Clear
the Save my password check box.
6. Confirm that Adam can connect to Skype for Business by successfully signing in.
7. Beneath Adam Barr’s profile picture, click Available, and then click Sign Out.
Results: After completing this exercise, you should have enabled all members of the Marketing OU.
3. In the Skype for Business client, click the gear icon, click File, and then click Exit.
4. Open File Explorer, and then browse to C:\Users\Administrator.Adatum\AppData
\Local\Microsoft\Office\16.0\Lync\Tracing.
Note: If you cannot find the AppData folder, on the View tab, click Options, and then
select Change folder and search options. In the Folder Options window, click the View tab, and
then under the Hidden files and folders section, select Show hidden files, folders, and drives.
Do not select the Hide extensions for known file types check box.
5. Select all files with the .log extension, and then delete them.
6. Close File Explorer.
7. On LON-CL1, click Start, click All apps, and then click Skype for Business 2016. If necessary, click
Cancel sign-in to cancel the previous sign-in task.
8. In the Skype for Business client, sign in as Dan@adatum.com with the password Pa$$w0rd.
9. Note that you cannot sign in, and then click OK.
2. On LON-SFB1, open File Explorer, browse to C:\Program Files\Skype for Business Server 2015
\Debugging Tools\, and then double-click Snooper.exe.
3. In Snooper, on the File menu, click OpenFile, and then browse to \\LON-CL1\C$\Users
\Administrator.Adatum\AppData\Local\Microsoft\Office\16.0\Lync\Tracing\.
4. Select Lync-UccApi-0.UccApilog, and then click Open. Click the Messages tab, and then note that
no data generated for the dan@adatum.com user sign-in.
5. Close Snooper.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 L4-21
Task 3: Verify the user's Skype for Business status and enable the user
1. On LON-SFB1, open the Skype for Business Server Management Shell.
3. Confirm that Dan Park is not enabled for Skype for Business.
3. Repeat the “Examine the local logs by using Snooper” task above to view the uccapilog and event log
data.
4. Beneath Dan Park’s profile picture, click Available, and then click Sign Out.
Results: After completing this exercise, you should have addressed Dan Park’s sign-in issue.
MCT USE ONLY. STUDENT USE PROHIBITED
L4-22 Configuring Users and Clients in Skype for Business 2015
2. In the Windows PowerShell ISE Script pane, type the following command, and then press Enter:
Import-Module SkypeforBusiness
3. In the Windows PowerShell ISE Script box, type the following command, and then press Enter:
4. In Windows PowerShell ISE, type the following commands on separate lines, and then press Enter:
5. On the toolbar at the top of the Windows PowerShell ISE window, click File, click Save As, click Local
Disk (C:), and then click Labfiles. In the File name text box, type ClientPolicies.ps1, and then click
Save.
Note: If you cannot click Save As, click the Script drop-down list, and then you can click
Save As.
6. Open the Skype for Business Server Management Shell, type the following command, and then press
Enter:
C:\labfiles\ClientPolicies.ps1
7. In the Skype for Business Server Management Shell, type the following command, and then press
Enter:
2. On LON-CL2, click Start, click All apps, and then click Skype for Business 2016.
3. In the First things first dialog box, click Ask me later and click accept.
4. Sign in to the Skype for Business client as Adam@adatum.com with the password Pa$$w0rd. Clear
the Save my password check box.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 L4-23
5. On LON-CL1, in the Skype for Business search box, type Adam@adatum.com, and then double-click
Adam Barr. Type some message text, and then press Enter.
6. On LON-CL2, click the Amr Zaki notification that appears on the screen.
8. The message should display indicating all communications will be logged in each message window.
9. After verifying that the message displays, sign out of Skype for Business on both LON-CL1 and
LON-CL2.
Results: After completing this exercise, you should have created the global policy that will apply to users
who do not receive the tagged policy.
4. In the Group Policy Management Console (GPMC), expand Forest, expand Domains, right-click
Adatum.com, and then click Create a GPO in the domain, and Link it here.
5. In the Name text box, type Address Book No Delay GPO, and then click OK.
6. In the console tree, expand Adatum.com, and then click Group Policy Objects.
7. In the Group Policy Management Console, right-click Address Book No Delay GPO that you just
created, and then click Edit.
Task 2: Edit a GPO that sets no delay for the Address Book download
1. On LON-DC1, in the Group Policy Management Editor, expand User Configuration, expand Policies,
expand Administrative Templates, expand Microsoft Lync 2013, click Microsoft Lync Features
Policies, and then double-click Global Address Book Download Initial Delay.
2. Click Enabled, below the Option section, type 0, and then click OK.
4. Restart the Skype for Business client, and then sign in as Amr@adatum.com with the password
Pa$$w0rd.
2. In the Virtual Machines list, right-click 20334B-LON-DC1, and then click Revert.
Results: After completing this exercise, you should have created a Group Policy Object (GPO) that will
eliminate the delay in deploying the Address Book.
MCT USE ONLY. STUDENT USE PROHIBITED
L5-25
2. On the Microsoft Office Online Server 2016 – Read the Microsoft Software License Terms page,
select I accept the terms of this agreement, and then click Continue.
3. Select C:\Program Files\Microsoft Office Online as the installation location, and then click Install
Now. The installation progress bar displays. Go to the next step while Office Online Server is being
installed.
5. In the Run dialog box, type MMC, and then press Enter.
7. In the Add or Remove Snap-ins window, select Certificates, and then click Add.
8. In the Certificates snap-in dialog box, select Computer account, and then click Next.
9. On Select Computer page, accept the default Local computer: (the computer this console is
running on), and then click Finish.
12. Right-click the Personal store, click All Tasks, and then click Request New Certificate. The
Certificate Enrollment Wizard opens.
14. On the Select Certificate Enrollment Policy page, accept the default Active Directory Enrollment
Policy, and then click Next. Be patient while the templates load, which can take several seconds.
15. On the Request Certificates page, select Adatum Web Server, and then click the link with the
yellow exclamation point (!) named More information is required to enroll for this certificate.
Click here to configure settings. The Certificate Properties dialog box opens.
16. In the Certificate Properties dialog box, on the Subject tab, in the Subject name list, click Common
Name.
17. In the Value text box, type LON-SVR1.adatum.com, and then click Add. The name moves to the
right pane in the format of CN=LON-SVR1.adatum.com.
18. In the left pane, in the Alternative name list, click DNS.
MCT USE ONLY. STUDENT USE PROHIBITED
L5-26 Configuring and Implementing Conferencing in Skype for Business 2015
19. In the Value text box, type LON-SVR1.adatum.com, and then click Add. The name moves to the
right pane in the format of DNS LON-SVR1.adatum.com.
20. In the same Value text box, type wac.adatum.com, and then click Add. The name moves to the right
pane below LON-SVR1.adatum.com.
21. Switch to the General tab, and then in the Friendly name text box, type WACcert.
23. On the Key options menu, click Make private key exportable, click Apply, and then click OK. This
takes you back to the Request Certificates window.
24. In the Request Certificates window, click Enroll. Wait for the “Requesting certificates. Please wait”
message to go away, and then click Finish. This takes you back to the Console1 - [Console Root]
window.
25. Highlight Certificates (Local Computer) – Personal – Certificates, and then validate that the
certificate with the friendly name WACcert is listed.
28. Switch back to the Microsoft Office Online Server 2015 Installation Wizard. The installation process
should be complete by now.
29. Click Close to exit the installer and close File Explorer.
Task 2: Configure an Office Online Server farm for Skype for Business
1. On LON-SVR1, on the taskbar, right-click Windows PowerShell, and then click Run as
Administrator. An administrative Windows PowerShell command-line interface window opens.
3. Wait for the setup to complete. You will get a list of all the settings on the new Office Online Server
farm.
5. Verify that LON-SVR1 returns an XML document that shows the current settings.
Task 3: Add Office Online Server to the Skype for Business topology
1. Switch to LON-SFB1. If not already signed in, sign in as Adatum\Administrator with the password
Pa$$w0rd.
2. From the taskbar, click Skype for Business Server Topology Builder.
3. In the Topology Builder window, select Download Topology from existing deployment, and then
click OK. The current topology starts downloading. Wait for the task to complete.
4. In the Save Topology As dialog box, in the File name text box, type Lab5A, and then click Save.
5. In the Skype for Business Server 2015, Topology Builder window, expand Skype for Business Server,
expand Adatum Headquarters, expand Skype for Business Server 2015, expand Enterprise
Edition Front End pools, and then select pool.adatum.com.
6. Right-click pool.adatum.com, and then click Edit Properties. The Edit Properties window opens.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 L5-27
7. On the General page, under Associations, select Associate pool with an Office Web Apps Server,
and then click New.
8. In the Define New Office Web Apps Server window, in the Office Web Apps Server FQDN text box,
type LON-SVR1.adatum.com, and then click OK.
9. In the Edit Properties window, click OK to close and return to Topology Builder.
10. In the navigation pane, right-click Skype for Business Server, and then click Publish Topology.
Click Next and then wait for the Publish Topology task to complete.
Note: This completes this lab. Please do not shut down the virtual machines—you will need
them in the next lab.
Results: After completing this exercise, you should have installed and configured Microsoft Office Online
Server on LON-SVR1, and added Office Online Server to the Skype for Business topology.
MCT USE ONLY. STUDENT USE PROHIBITED
L5-28 Configuring and Implementing Conferencing in Skype for Business 2015
2. In the Skype for Business Server Management Shell, type the following command, and then press
Enter. This creates a new policy named IT:
New-CsConferencingPolicy –Identity IT
3. In the Skype for Business Server Management Shell, type the following command, and then press
Enter. This configures the IT policy to allow external participants to record meetings:
4. Leave the Skype for Business Server Management Shell running, and then open Skype for Business
Server Control Panel from the taskbar.
5. Sign in to Skype for Business Server 2015 Control Panel as Adatum\Administrator with the password
Pa$$w0rd.
7. In the CONFERENCING POLICY window, click +New, and then click User policy. This takes you to the
New Conferencing Policy page.
10. Under Application Sharing, click Disable application sharing, and then click Commit. This saves
the policy and takes you back to the CONFERENCING POLICY tab. Leave Skype for Business Server
2015 Control Panel open.
2. In the Skype for Business Server Management Shell, type the following command, and then press
Enter. This command grants the IT policy to all users in the IT organizational unit (OU):
4. In the navigation pane, click Users. This opens the USER SEARCH page.
5. On the USER SEARCH page, click +Add filter. This extends the AND filter settings.
6. In the Name list, click Organizational unit (OU). Leave Equal to as is.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 L5-29
7. In the Specify the DN of an OU text box, type the following, and then click Find:
OU=Managers,DC=Adatum,DC=com
All users in the Managers OU who are enabled for Skype for Business will be listed.
8. Select Ed Meadows.
10. In the Assign Policies pop-up window, under Conferencing policy, select Management, and then
click OK. This assigns the Management policy to Ed Meadows.
2. Click Meet Now. This starts an ad hoc meeting. At the Join Meeting Audio prompt, click OK.
3. If the Participant list is not shown, to open it, click Open Participant List at the top-left corner of
the Conversation (1 participant) meeting window.
4. At the bottom of the PARTICIPANTS list, click Invite More People.
5. In the Invite by Name or Phone Number window, type Amr Zaki in the search box, select Amr Zaki
from the search results, and then click OK.
6. Switch to LON-CL2, and then click the notification on the lower-right corner to accept the invitation
from Ed to join the conference.
Note: The meeting runs under Ed’s conferencing policy because he is the meeting’s
organizer. Ed is located in the Managers OU and therefore gets the Management conferencing
policy, which does not allow recording or application sharing.
7. Click the Present button, and verify that there is no option to Present Desktop or Present
Programs.
8. On LON-CL1, click Hang Up to leave the meeting. Close the Conversation window.
9. On LON-CL2, click Hang Up to leave the meeting. Close the Conversation window.
10. On LON-CL2, in the Skype for Business window, to the right of Contacts, Conversations, and
Meetings, click the downward-pointing arrow to the right of the Options menu.
11. Click Meet Now. This starts an ad hoc meeting. At the Join Meeting Audio prompt, click OK.
12. If the Participant list is not shown, to open it, click Open Participant List at the top-left corner of
the Conversation (1 participant) meeting window.
13. At the bottom of the PARTICIPANTS list, click Invite More People.
14. In the Invite by Name or Phone Number window, type Ed Meadows in the search box, select Ed
Meadows from the search results, and then click OK.
15. Switch to LON-CL1, and then click the notification in the lower-right corner to accept Amr Zaki’s
invitation.
18. On the Present menu, click Present Desktop, and then click Present. Click OK. This shares the
desktop.
20. In the meeting window, click Accept meeting content to see Ed’s shared desktop.
4. In the Click to add title text box, type Office Online Test.
7. In the Save As dialog box, in the File Name text box, type Office Online Test, browse to the
desktop, and then click Save. This places the file on the desktop.
8. Close PowerPoint.
11. In the Present PowerPoint dialog box, browse to the desktop, select the Office Online Test file, and
then click Open. This starts uploading the file to Office Online Server. Wait for the file upload to
complete.
13. Validate that the PowerPoint presentation that you uploaded is being presented in the meeting
with Ed.
2. In the Virtual Machines list, right-click 20334B-LON-DC1, and then click Revert.
Results: After completing this exercise, you should have configured two new conferencing policies named
IT and Management, and you will have configured them according to A. Datum specifications.
MCT USE ONLY. STUDENT USE PROHIBITED
L6-31
2. Sign in as Adatum\Administrator with the password Pa$$w0rd, and then on the taskbar, click
Skype for Business Server Control Panel.
5. On the New Skype for Business Server User page, click Add.
6. On the Select from Active Directory page, click Add filter. Enter a filter that states Organizational
unit (OU) is equal to OU=Managers,DC=Adatum,DC=com. Click Find.
8. Under Assign users to a pool, select pool.adatum.com, and then click Enable.
9. In the Skype for Business Server Control Panel navigation pane, click Conferencing.
12. Locate the Maximum meeting size setting, change the value to 20, and then click Commit to save
the change and return to the CONFERENCING POLICY page.
2. In the Select a Site window, select Adatum Headquarters, and then click OK. This opens the New
Conferencing Policy – Adatum Headquarters window.
3. Under Organizer policy, find the Recording setting, and then select Enable recording from the
drop-down list.
4. Scroll down to the bottom of the page, and then under Participant policy, select Enable peer-to-
peer recording.
5. Leave the remaining default settings, and then click Commit. This takes you back to the
CONFERENCING POLICY page. Note the new Adatum Headquarters policy and the check mark
under Recording.
2. In the Administrator: Skype for Business Server Management Shell console, type the following
command, and then press Enter:
This command first creates the policy and then uses the pipe (|) to set the parameters immediately, all
on one line.
Task 4: Grant the Managers Conferencing Policy to all members of the AD DS global
group named Managers
In the Skype for Business Server Management Shell, type each of the following four lines without line
breaks, and then press Enter:
$rootDN = ([adsi]"").distinguishedName
$group = [adsi]("LDAP://cn=Managers, ou=Managers,"+$rootDN)
$users = $group.member
foreach ($user in $users){Grant-CsConferencingPolicy -PolicyName "Managers
Conferencing Policy" -Identity $user}
Results: After completing this exercise, you should have configured the default global conferencing
policy by using Skype for Business Control Panel, created and assigned a site-level conferencing policy
to A. Datum headquarters, and created and assigned a user-level conferencing policy to all managers.
CD C:\LabFiles.\Lab6ABreakIt.ps1
4. Place the two Remote Desktop windows to LON-CL1 and LON-CL2 side by side.
7. On LON-CL2, verify that there is no recording option available under More Options.
4. When you have identified the problem, run the Lab6AFixIt.ps1 script in the C:\LabFiles folder on
LON-SFB1:
a. Switch to LON-SFB1.
b. Open the Skype for Business Server Management Shell from the taskbar.
c. In the Skype for Business Server Management Shell, type the following command, and then press
Enter:
CD C:\LabFiles
Results: After completing this exercise, you should have verified that Amr Zaki is correctly configured for
conferencing.
MCT USE ONLY. STUDENT USE PROHIBITED
L6-34 Implementing Additional Conferencing Options in Skype for Business Server 2015
3. In the Topology Builder dialog box, accept the default to Download Topology from existing
deployment, and click OK.
4. In the Save Topology As dialog box, type Lab6B as the File name, and then click Save.
5. In the navigation pane, expand Skype for Business Server, expand Adatum Headquarters, expand
Skype for Business Server 2015, expand Enterprise Edition Front End Pools, and then highlight
pool.adatum.com. Note that in the detail pane to the right, under Features and functionality,
PSTN conferencing is Disabled.
6. In the navigation pane, right-click pool.adatum.com, and then click Edit Properties.
7. Under Features and functionality, select Dial-in (PSTN) conferencing, and then click OK.
8. In the navigation pane, right-click any item, click Topology – Publish, and then click Next to add the
required features for dial-in conferencing. Wait for replication to complete, and then click Finish.
9. In File Explorer, browse to C:\Program Files\Skype for Business Server 2015\Deployment, and
then run Bootstrapper.exe to reconfigure the server as needed.
10. Repeat step 8 on LON-SFB2.
11. When the installation is complete, close all open windows on LON-SFB1 and LON-SFB2. It will take
some time for the command to complete.
Task 2: Add a user-level dial plan for North America and Europe
1. On LON-SFB1, open Skype for Business Server Control Panel. Sign in as Administrator with the
password Pa$$w0rd.
2. In the navigation pane, click Voice Routing. This opens the DIAL PLAN tab, displaying the currently
configured dial plans.
3. On the DIAL PLAN tab, click New, and then click User dial plan.
4. On the New Dial Plan page, in the Name text box, type North America, and then press the Tab key
on your keyboard. This will move the focus to the next box and will prefill the Simple name text box.
6. On the New Dial Plan page, at the upper left, click OK. This takes you back to the DIAL PLAN page.
7. On the DIAL PLAN tab, you now see the Global and the North America dial plans. Click New, and
then click User dial plan to create a similar user dial plan for Europe.
8. In the Name text box, type Europe, and then press the Tab key on your keyboard to prefill the
Simple Name text box.
10. On the New Dial Plan page, at the upper left, click OK. This takes you back to the DIAL PLAN page.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 L6-35
11. On the DIAL PLAN tab, you now see the three dial plans: two plans that you configured, and the
Global plan.
12. On the menu bar, click Commit, and then click Commit all.
13. In the Uncommitted Voice Configuration Settings window, validate the settings displaying the
changes that you just made, and then click OK.
3. Select Ed Meadows, and then on the Edit menu, click Show details.
5. Under Dial plan policy, select North America, and then click Commit.
6. Search for Amr, select Amr Zaki, and then on the Edit menu, click Show details.
8. Under Dial plan policy, select Europe, and then click Commit.
2. On the New Dial-In Access Number page, in the Display number text box, type the UK number in
the format: +44 (0) 20 1234 1234.
7. Under Primary Language, select English (United Kingdom). Optionally, under Secondary
languages, add additional languages. You can add up to four additional languages.
8. Under Associated Regions, click Add, select Europe from the Select Regions list, click OK, and then
click Commit.
Note: You have now deployed the United Kingdom dial-in access number. Now perform
the same steps for adding North America.
9. Click New on the menu bar. This opens the New Dial-In Access Number page.
10. On the New Dial-In Access Number page, in the Display number text box, type the US number in
the format: +1 (555) 123-1234.
11. In the Display Name text box, type Adatum Conferencing North America.
13. In the SIP URI text box, type sip:confus to the left of the at sign (@), and then select adatum.com
from the drop-down list to the right.
15. Under Primary Language, select English (United States). Optionally, under Secondary languages,
add additional languages. You can add up to four additional languages.
16. Under Associated Regions, click Add, select North America from the Select Regions list, click OK,
and then click Commit.
2. Open Microsoft Outlook 2016, go to Calendar, and then click New Skype Meeting.
Note that the default dial-in number for Ed is in the North American format.
3. Switch to LON-CL2.
4. Open Outlook 2016, go to Calendar, and then click New Skype Meeting.
5. Note that the default dial-in number for Amr is in the European format.
Results: After completing this exercise, you should have deployed two unique dial-in conferencing
numbers, associated the dial-in conferencing region with the correct dial plan, and associated two users
with dial plans to test functionality.
Set-Mailbox -Identity LRS01@adatum.com -MailTip "This room is equipped with Lync Room
System (LRS), please make it a Skype Meeting to take advantage of the enhanced
meeting experience from LRS”
2. On LON-SFB1, open the Skype for Business Server Management Shell, type the following command,
and then press Enter to enable an LRS account in Skype for Business Server:
3. In the meeting invitation, to the right of where it reads Skype Meeting, click Rooms.
4. Select LRS-01, click the Rooms button in the lower-left corner, click OK, and then click Yes.
2. In the Virtual Machines list, right-click 20334B-LON-CL1, and then click Revert.
o 20334B-LON-CL2
o 20334B-LON-DC1
o 20334B-LON-SFB1
o 20334B-LON-SFB2
o 20334B-LON-SQL1
o 20334B-LON-EX1
o 20334B-LON-RTR
Results: After completing this exercise, you will have configured a Microsoft Exchange resource mailbox
for LRS, and you will have configured an LRS account for Skype for Business Server.
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED
L7-39
2. In the Skype for Business Server Topology Builder, click Download Topology from existing
deployment, and then click OK.
3. In the Save Topology As dialog box, in the File Name text box, type
AdatumTopologyMonLab7.tbxml, and then click Save.
4. In the Skype for Business Server Topology Builder, expand Skype for Business Server, expand
Adatum Headquarters, expand Skype for Business Server 2015, expand Enterprise Edition Front
End Pools, right-click pool.adatum.com, and then click Edit Properties.
8. In the Action drop-down list box, select Topology, and then click Publish to publish the changes in
the topology.
9. In the Publish Topology window, click Next to validate the changes that were made in the topology.
10. On the Select databases page, ensure that LON-SQL1.adatum.com\Default is selected, and then
click Next.
11. On the Publishing wizard complete page, verify that all steps show as Success or Warning.
12. On the Publishing wizard complete page, click the Click here to open the to-do list link.
13. When the file opens in Notepad, read the steps listed, and then close Notepad.
16. On LON-SFB1, on the task bar, click Skype for Business Server Management Shell.
17. In the Skype for Business Server Management Shell, type the following command, and then press
Enter to start the stopped Skype for Business Server services.
Start-CsWindowsService
18. On LON-SFB1, on the tasbar, click Skype for Business Server Deployment Wizard.
19. In the Skype for Business Server Deployment Wizard, click the Deploy Monitoring Reports link.
20. On the Specify Monitoring Database page, verify that LON-SQL1.adatum.com is listed for both
the Monitoring Database and the SQL Server Reporting Services instance, and then click Next.
MCT USE ONLY. STUDENT USE PROHIBITED
L7-40 Designing and Implementing Monitoring and Archiving in Skype for Business 2015
21. On the Specify Credentials page, in the User name text box, type Adatum\Administrator, in the
Password text box, type Pa$$w0rd, and then click Next.
Note: The account that is specified here will be granted read access to the reporting
databases. This is the account that is used when accessing reports. For lab purposes, we will use
the Administrator account. The user who deploys monitoring reports must be a SQL Server
system administrator.
22. On the Specify Read-Only Group page, type RTCUniversalReadOnlyAdmins, and then click Next.
23. On the Executing Commands page, verify that the last line reads “Monitoring Reports have been
successfully deployed,” and then click Finish.
2. On LON-CL1, establish a Skype call from Ed to Amr Zaki. In the Skype for Business client, in the Find
someone field, type Amr, right-click Amr Zaki, point to Call, and then click Skype Call.
3. On LON-CL2, accept the call. Leave the call up for about two minutes, and then hang up.
4. On LON-SFB1, click Skype for Business Server Control Panel on the taskbar.
5. In the Windows Security dialog box, in the User Name text box, type Administrator. In the
Password text box, type Pa$$w0rd, and then click OK.
6. On the Home screen, under Top Actions, expand View Monitoring Reports, and then click
LON-SQL1.adatum.com. Wait for Microsoft Internet Explorer to open the Monitoring Reports
page.
9. In the Monitoring Server Dashboard, in the upper-right corner, click Monthly View.
10. In the Monitoring Server Dashboard, in the upper-right corner, click Reports.
11. On the Monitoring Reports page, view each report that is listed under System Usage Reports, and
then review the collected data.
12. On the Monitoring Reports page, view each report that is listed under Call Diagnostic Reports
(Per User), and then review the collected data.
13. On the Monitoring Reports page, review each report that is listed under Call Diagnostic Reports,
and then review the collected data.
14. On the Monitoring Reports page, view each report that is listed under Media Quality Diagnostic
Reports, and then review the collected data.
15. In one of the reports, at the uppermost part of the page, click Save, and then from the drop-down list
box, click Excel.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 L7-41
Results: After completing this exercise, you should have deployed monitoring reports on the Skype for
Business Server Back End Server and verified access to the CDR and QoE monitoring reports.
MCT USE ONLY. STUDENT USE PROHIBITED
L7-42 Designing and Implementing Monitoring and Archiving in Skype for Business 2015
2. In the left navigation pane, expand Adatum.com, and then click Users.
3. In the right navigation pane, right-click Administrator, and then click Properties.
5. In the Select Groups dialog box, type RTCUniversalServerAdmins, and then click Check Names.
Ensure that the typed name is underlined, and then click OK.
6. In the Administrator Properties dialog box, click OK to close the dialog box.
7. Sign out from LON-SFB1, and then sign back in to LON-SFB1 as Adatum\Administrator with the
password Pa$$w0rd.
8. Switch to LON-EX1.
10. Type the following command, and then press Enter to locate the value of IsExcludedFromProvisioning
for the Mailbox Database:
11. If the value is True, type the following command, and then press Enter to update the Mailbox
Database so that it is enabled for provisioning:
12. Type the following command, and then press Enter to navigate to the Exchange Scripts folder:
13. At the [PS] C:\Program Files\Microsoft\Exchange Server\V15\scripts> command prompt, type the
following command, and then press Enter:
.\Configure-EnterprisePartnerApplication.ps1 -AuthMetaDataUrl
“https://pool.adatum.com/metadata/json/1” -ApplicationType Lync
14. If you receive the error, “Load balancing failed to find a valid mailbox database,” repeat step 11 of this
task.
15. Type the following command, and then press Enter to stop and restart Internet Information Services
(IIS):
Iisreset
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 L7-43
16. On LON-EX1, type the following command, and then press Enter to locate the value for
AutodiscoverServiceInternalURI:
17. Record the value from the last script below so that you can recall it later.
https://
18. On LON-SFB1, on the task bar, click Skype for Business Server Management Shell.
19. Type the following command, and then press Enter to configure Skype for Business Server with the
Autodiscover information:
20. Type the following command in the Skype for Business Server Management Shell, and then press
Enter to create a new partner application for Exchange:
21. Type the following command, and then press Enter to test the connectivity between Skype for
Business Server and Exchange Server:
22. You should receive the result, Test Passed. If not, contact your instructor.
23. On LON-SFB1, type the following command, and then press Enter to enable Exchange Archiving
globally:
24. On LON-SFB1, on the task bar, click Skype for Business Server Control Panel.
25. In the Windows Security dialog box, type Administrator in the User Name text box, type
Pa$$w0rd in the Password text box, and then click OK.
26. In the left navigation pane, click Monitoring and Archiving, click the Archiving Policy tab, click
New, and then from the drop-down list box, click User policy.
27. In the Name text box, type LondonArchivingPolicy. Select Archive internal communications and
Archive external communications, and then click Commit.
28. In the left navigation pane, click Users, in the search box, type Ed, click Find, and then double-click
the Ed Meadows user. Scroll down to the Archiving Policy, click the drop-down arrow, select
LondonArchivingPolicy, and then click Commit.
MCT USE ONLY. STUDENT USE PROHIBITED
L7-44 Designing and Implementing Monitoring and Archiving in Skype for Business 2015
29. In the Skype for Business Server Management Shell, type the following command, and then press
Enter to enable Exchange Archiving for all users in the London pool:
30. Type the following command in the Skype for Business Server Management Shell, and then press
Enter to display a list of users that have been enabled for Exchange Archiving:
2. Generate data for the archive by having Ed initiate an IM to Amr, and then have Amr respond to
that IM.
4. In the Select Users, Contacts, Computers, Services Accounts, or Groups dialog box, type
Administrator, click Check Names, and then click OK.
5. Click OK to close the Discovery Management Properties dialog box.
10. Under In-Place eDiscovery & Hold, click the plus sign (+).
11. In the new in-place eDiscovery & hold window, in the Name and description text box, type
SfBItems, and then click Next.
12. In the Mailboxes window, click Search all mailboxes, and then click Next.
13. In the Search query window, click Filter based on criteria, and then click select message types.
14. In the message types to search window, click select the messages types to search, select Skype for
Business items, and then click OK.
18. In the Exchange Admin Center, in the right navigation pane, click SfBItems. On the toolbar above,
click Refresh. In the right pane, notice the status of Estimate in progress. Do not continue until the
status shows Estimate Succeeded.
19. In the right navigation pane, click SfBItems. In the right pane, scroll down, and then select preview
search results.
Note: A new window opens. Notice the results of the archived message content.
2. Type the following command, and then press Enter to disable Archiving for the site:
3. On LON-SFB1, on the taskbar, click Skype for Business Server Control Panel.
4. Click Monitoring and Archiving, and then click the Archiving Configuration tab.
5. Verify that the new archiving configuration settings exist for the Adatum Headquarters site. The site
configuration settings override the global configuration settings. Leave Skype for Business Server
Control Panel open.
6. In Skype for Business Server Control Panel, click New, and then from the drop-down list box, click
Pool configuration.
7. In the Select a Service window, click the Registrar:pool.adatum.com service, and then click OK.
8. In the New Archiving Setting window, verify that the Name box is already populated with
Registrar:pool.adatum.com.
9. In the Archiving setting drop-down list box, select Archive IM and web conferencing sessions,
select Exchange Server integration, and then click Commit.
Note: The pool configuration settings override the global and site configuration settings.
MCT USE ONLY. STUDENT USE PROHIBITED
L7-46 Designing and Implementing Monitoring and Archiving in Skype for Business 2015
2. In the Virtual Machines list, right-click 20334B-LON-CL1, and then click Revert.
o 20334B-LON-CL2
o 20334B-LON-DC1
o 20334B-LON-SFB1
o 20334B-LON-SFB2
o 20334B-LON-SQL1
o 20334B-LON-EX1
o 20334B-LON-RTR
Results: After completing this exercise, you should have configured archiving settings, including policies,
configurations, and Exchange integration for Adatum. You also should have generated some IM and web
conferencing traffic to archive. Finally, you should have viewed the archived data by using Exchange
Control Panel.
MCT USE ONLY. STUDENT USE PROHIBITED
L8-47
6. Switch to LON-SFB1, and if not already signed in, sign in as adatum\administrator with the
password Pa$$w0rd.
7. On LON-SFB1, open Skype for Business Server Topology Builder from the taskbar.
8. In the Topology Builder window, select Download Topology from existing deployment, and then
click OK. The current topology starts downloading. Wait for the task to complete, and then save it as
C:\Lab08A.tbxml.
9. In the Topology Builder, expand Skype for Business Server, expand Adatum Headquarters, expand
Skype for Business Server 2015, right-click Edge pools, and then on the shortcut menu, click New
Edge Pool.
10. In the Define the New Edge Pool window, click Next.
11. On the Define the Edge pool FQDN page, in the Pool FQDN text box, type lon-edg.adatum.com,
select This pool has one server, and then click Next.
12. On the Enable federation page, enable all the options, and then click Next.
13. On the Select features page, select Use a single FQDN and IP address, and then click Next.
14. On the Select IP options page, leave all the options at their default settings, and then click Next.
15. On the External FQDNs page, in the Access Edge Service text box, type sip.adatum.com, and then
click Next.
16. On the Define the internal IP address page, in the Internal IPv4 address text box, type 172.16.0.5,
and then click Next.
17. On the Define the external IP address page, in the External IPv4 address text box, type
192.168.1.5, and then click Next.
18. On the Define the next hop server page, accept the default setting of pool.adatum.com Adatum
Headquarters, and then click Next.
19. On the Associate Front End or Mediation pool page, select pool.adatum.com, and then click
Finish.
20. In the left navigation pane, right-click Adatum Headquarters, and then click Edit Properties.
MCT USE ONLY. STUDENT USE PROHIBITED
L8-48 Deploying Skype for Business 2015 External Access
21. In the Edit Properties window, in the left navigation pane, select Federation route.
22. Under Site federation route assignment, select Enable SIP federation, and then select
lon-edg.adatum.com Adatum Headquarters Edge from the drop-down list.
23. Under Site federation route assignment, select Enable XMPP federation, select
lon-edg.adatum.com Adatum Headquarters Edge from the drop-down list, and then click OK.
24. In the left navigation pane, right-click Adatum Headquarters, from the shortcut menu, expand
Topology, and then click Publish.
Results: After completing this exercise, you should have added an Edge server to the topology and
publish it, and then exported the topology.
2. From the Hardware list, click DVD Drive, click Image File, click Browse, browse to C:\Program Files
\Microsoft Learning\20334\Drives\, select SfB-E-9319.0-enUS.ISO, click Open, and then click OK.
3. Switch to LON-EDG. If not signed in, sign in as administrator with the password Pa$$w0rd.
5. In the Network Connections window, right-click Perimeter, and then click Properties.
6. In the Perimeter Properties window, click Internet Protocol Version 4 (TCP/IPv4), and then click
Properties.
7. In the Default gateway text box, type 192.168.1.1, click OK, and then click Close.
14. In the DNS Suffix and NetBIOS Computer Name window, in the Primary DNS suffix of this
computer text box, type adatum.com, and then click OK.
16. In the pop-up window with the “You must restart your computer to apply these changes” message,
click OK.
18. In the pop-up window with the “You must restart your computer to apply these changes” message,
click Restart Now.
19. Wait while LON-EDG restarts. Sign back in as administrator with the password Pa$$w0rd.
20. Open File Explorer, browse to D:\Setup\amd64, and then run Setup.exe.
22. In the Skype for Business Server Check for Updates window, select Don’t check for updates right
now, accept the default installation location, and then click Install.
24. Wait while the installer installs the core components. When complete, the Skype for Business Server
2015 Deployment Wizard opens automatically.
25. In the Welcome to Skype for Business Server 2015 deployment window, click Install or Update
Skype for Business Server System.
26. On the Install or update member system page, go to Step 1: Install Local Configuration Store,
and then click Run.
Note: The message that the configuration cannot be collected automatically is expected
because this computer is not a member of the Adatum.com domain.
27. In the Configure Local Replica of Central Management Store window, in the Import from a file
(recommended for Edge Servers) text box, type the following, and then click Next:
\\LON-SFB1\c$\Lab08Export.zip
28. Wait for the Install Local Configuration Store task to complete. When complete, click Finish. This
closes the Install Local Configuration Store Wizard.
29. Back on the Install or update member system page, go to Step 2: Setup or Remove Skype for
Business Server Components, and then click Run.
30. In the Set Up Skype for Business Server Components window, click Next.
3. In the Windows Security window, authenticate by using the user name adatum\administrator with
the password Pa$$w0rd.
4. On the Microsoft Active Directory Certificate Services – AdatumCA page, click Download a CA
certificate, certificate chain, or CRL.
5. In the Download a CA Certificate, Certificate Chain, or CRL window, click Download CA certificate.
MCT USE ONLY. STUDENT USE PROHIBITED
L8-50 Deploying Skype for Business 2015 External Access
6. In the Do you want to open or save certnew.cer (863 bytes) from lon-dc1.adatum.com? window, click
Open.
9. In the Certificate Import Wizard, select Local Machine, and then click Next.
10. On the Certificate Store page, select Place all certificates in the following store, and then click
Browse.
11. In the Select Certificate Store window, select Trusted Root Certification Authorities, and then click
OK.
13. In the Completing the Certificate Import Wizard window, click Finish.
16. Switch back to the Skype for Business Server Deployment Wizard. If the previous steps completed
without error, you can continue even if Step 2 is not marked as complete.
17. Go to Step 3: Request, Install or Assign Certificates, and then click Run. This opens the Certificate
Wizard.
18. In the Certificate Wizard, select Edge Internal, and then click Request.
19. In the Certificate Request window, accept the default selection Send the request immediately to an
online certification authority, and then click Next.
20. On the Choose a Certification Authority (CA) page, in the Specify another certification authority
text box, type lon-dc1.adatum.com\AdatumCA, and then click Next.
21. On the Certification Authority Account page, leave the default selection, type
adatum\administrator in the User name text box, Pa$$w0rd in the Password text box, and then
click Next.
23. On the Name and Security Settings page, select Mark the certificate’s private key as exportable,
and then click Next.
24. In the Organization Information window, in the Organization text box, type A Datum.
25. In the Organizational unit text box, type IT, and then click Next.
26. On the Geographical Information page, from the Country/Region drop-down list, select United
Kingdom.
27. In the State/Province text box, type UK.
28. In the City/Locality text box, type London, and then click Next.
29. On the Subject Name / Subject Alternate Names page, click Next.
30. On the Configure Additional Subject Alternative Names page, click Next.
32. An “Executing Commands” message displays. Wait for the Task status to display Completed, and then
click Next.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 L8-51
33. On the Online Certificate Request Status page, accept the default selection for Assign this
certificate to Skype for Business Server certificate usages, and then click Finish.
36. Wait for the assignment to complete. When complete, click Finish. This closes the Certificate
Assignment Wizard and takes you back to the Certificate Wizard.
37. In the Certificate Wizard, select External Edge certificate (public Internet), and then click Request.
38. On the Delayed or Immediate Requests page, select Prepare the request now, but send it later
(offline certificate request), and then click Next.
39. On the Certificate Request File page, in the File name text box, type C:\CertReq.req, and then click
Next.
44. On the Subject Name / Subject Alternative Names page, click Next.
45. On the SIP Domain setting on Subject Alternative Names page, click Next.
46. On the Configure Additional Subject Alternative Names page, add the following names (because
you are going to use the same certificate for reverse proxy), and then click Next:
o Lyncdiscover.adatum.com
o Dialin.adatum.com
o Meet.adatum.com
o Pool.adatum.com
o Wac.adatum.com
48. An “Executing Commands” message displays. When command execution is complete, click Next.
49. On the Certificate Request File page, click View. This opens the CertReq.req file in Notepad.
50. Select all the content by pressing Ctrl+A, and then copy the content by pressing Ctrl+C. You now
have the request data on the Clipboard.
51. Click Finish to close the Certificate Request window.
56. On the Advanced Certificate Request page, click Submit a certificate request by using a base-
64-encoded CMC or PKCS#10 file, or submit a renewal request by using a base-64-encoded
PKCS #7 file.
57. In the Saved Request text box, paste the content of the Clipboard by pressing Ctrl+V.
MCT USE ONLY. STUDENT USE PROHIBITED
L8-52 Deploying Skype for Business 2015 External Access
58. In the Certificate Template drop-down list, select Web Server, and then click Submit.
61. In the The certnew.cer download has completed window, click Open.
62. In the Certificate Information window, click Install Certificate. This opens the Certificate Import
Wizard.
63. In the Welcome to the Certificate Import Wizard, under Store Location, select Local Machine, and
then click Next.
64. In the Certificate Store window, select Place all certificates in the following store, and then click
Browse.
65. In the Select Certificate Store window, select the Personal store, and then click OK.
71. Select External Edge certificate (public Internet), and then click Assign.
72. In the Certificate Assignment window, click Next.
73. On the Certificate Store page, select Skype for Business Server 2015 External Edge certificate,
and then click Next.
74. On the Certificate Assignment Summary page, click Next.
75. Wait for the Certificate Assignment task to complete, and then click Finish.
76. In the Certificate Wizard, note the green check marks, and then click Close.
77. Open the Skype for Business Server Management Shell, type the following command, and then press
Enter:
Start-CsWindowsService
78. In the Skype for Business Server Management Shell, type the following command, and then press
Enter to validate that the services are running:
Get-CsWindowsService
2. Open Skype for Business Server 2015 Control Panel from the taskbar. Sign in as
Adatum\Administrator with the password Pa$$w0rd.
4. Under External Access Policy, double-click the Global policy to edit its settings.
5. In the External Access Policy – Global window, select all check boxes, and then click Commit.
6. Still in the Federation and External Access window, select Access Edge Configuration.
7. Double-click the Global policy, configure the following options, and then click Commit:
Results: After completing this exercise, you should have installed an Edge server, installed certificates and
started services, and then enabled external access by using policies.
MCT USE ONLY. STUDENT USE PROHIBITED
L8-54 Deploying Skype for Business 2015 External Access
3. In the Network Connections window, right-click Perimeter, and then click Properties.
4. In the Perimeter Properties window, click Internet Protocol Version 4 (TCP/IPv4), and then click
Properties.
5. In the Default gateway text box, type 192.168.1.1, click OK, and then click Close.
6. Close the Network Connections window.
12. In the User Name text box, type adatum\administrator, in the Password text box, type Pa$$w0rd,
and then click Next.
13. In the AD FS Proxy Certificate window, click the drop-down list, select adfs1.adatum.com, and then
click Next.
15. Wait for the configuration task to complete, and then click Close.
5. In the Add or Remove Snap-ins window, select Certificates, and then click Add.
6. In the Certificates snap-in, select Computer account, and then click Next.
9. In the left navigation pane, expand Certificates (Local Computer), expand Personal, and then click
Certificates. This lists the installed certificates.
10. Select and then right-click the sip.adatum.com certificate.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 L8-55
11. On the shortcut menu, point to All Tasks, and then click Export.
13. On the Export Private Key page, click Yes, export the private key, and then click Next.
15. Click Password. Type the password Pa$$w0rd twice to confirm, and then click Next.
21. Open File Explorer, browse to \\lon-edg\c$\, and then double-click edgeexport.pfx.
22. On the Welcome to the Certificate Import Wizard page, select Local Machine, and then click
Next.
23. On the File to Import page, type the following, and then click Next:
\\lon-edg\c$\EdgeExport.pfx
24. On the Private key protection page, in the Password text box, type Pa$$word.
25. Select Mark this key as exportable, and then click Next.
26. On the Certificate Store page, click Next, click Finish, and then click OK.
Task 3: Create publishing rules for Skype for Business Server and
Office Online servers
1. On LON-PXY, in the Remote Access Management Console, under Tasks, click Publish.
4. On the Publishing Settings page, in the Name text box, type lyncdiscover.
8. Ignore the "The internal and external URLs don't match” warning, and then click Next.
o Meet.adatum.com
o Dialin.adatum.com
o Pool.adatum.com
Results: After completing this exercise, you should have configured Web Application Proxy, exported and
imported a certificate, including a private key, and then created publishing rules for Skype for Business
Server and Office Online servers.
2. In the search box, type Notepad, right-click Notepad from the results, on the shortcut menu, click
Run as administrator, and then click Yes.
o 192.168.1.5 sip.adatum.com
o 192.168.1.6 lyncdiscover.adatum.com
o 192.168.1.6 meet.adatum.com
o 192.168.1.6 dialin.adatum.com
o 192.168.1.6 pool.adatum.com
o 192.168.1.6 wac.adatum.com
5. Save the Hosts file. Overwrite the existing Hosts file.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 L8-57
4. Validate the IPv4 configuration on the Internet connection. The settings should be:
o IP: 131.107.0.51
o Subnet: 255.255.255.0
o DNS: Blank
5. Restart LON-CL2. Sign back in as adatum\amr with the password Pa$$w0rd.
o 20334B-LON-CL2
o 20334B-LON-DC1
o 20334B-LON-SFB1
o 20334B-LON-SFB2
o 20334B-LON-SQL1
o 20334B-LON-EDG
o 20334B-LON-PXY
o 20334B-LON-RTR
Results: After completing this exercise, you should have added public Domain Name System (DNS) to
LON-CL2 via the Hosts file, and moved LON-CL2 to the outside of the network and validate the
connection.
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED
L9-59
2. On the Home tab, click New folder, type PChatShare as the new folder name, and then press Enter.
3. Right-click the PChatShare folder, click Share with, click Specific people, type Everyone, and then
click Add.
4. Verify that Administrator has Read/Write permissions and that Everyone has Read permissions, click
Share, and then click Done.
5. On LON-DC1, in Server Manager, click Tools, and then select Active Directory Users and
Computers.
7. On the properties page, click the Members tab, click Add, type Administrator, click Check Names,
and then click OK to close the Select User dialog box.
3. Type Persistent Chat as the file name, and then click Save.
4. Expand the Skype for Business Server container, expand the Adatum Headquarters container,
expand the Skype for Business Server 2015 container, right-click the Persistent Chat pools
container, and then select New Persistent Chat Pool.
5. In the Pool FQDN text box, type pchatpool.adatum.com, verify that This pool has multiple
servers is selected, and then click Next.
6. In the Computer FQDN text box, type lon-svr1.adatum.com, click Add, and then click Next.
7. In the Define properties of the Persistent Chat pool page, type Adatum Headquarters Persistent
Chat Pool as the display name of the Persistent Chat pool. Complete the page by using the following
settings, and then click Next:
o Persistent Chat port is 5041.
8. On the Define the SQL Server store page, click the drop-down arrow, and then select
LON-SQL1.adatum.com\Default. Click Next.
MCT USE ONLY. STUDENT USE PROHIBITED
L9-60 Implementing Persistent Chat in Skype for Business 2015
9. On the Define the compliance SQL Server store page, select lon-sql1.adatum.com\Default as the
Compliance SQL Server store, and then click Next.
10. On the Define the file store page, select Define a new file store.
12. In the File share text box, type PChatShare, and then click Next.
13. On the Select the next hop server page, verify that pool.adatum.com Adatum Headquarters is
selected as the Next hop pool, and then click Finish.
2. On the Select databases page, verify that lon-sql1.adatum.com\Default is selected in the Choose
the databases you would like to create when you publish your topology list, and then click Next.
3. On the Publishing wizard complete page, click Click here to open to-do list in the Next Steps
section.
4. After reviewing the NextSteps.txt file, close Notepad, and then click Finish.
5. Close the Topology Builder window.
Results: After completing this exercise, A. Datum should have the Persistent Chat Server and Persistent
Chat Compliance service topology published in the Central Management store, which will support the
organizational requirements. The IT department should also have a registered add-in that IT members can
use when they create their own chat rooms.
2. At the Nslookup command prompt, type lon-svr1.adatum.com, and then press Enter. You should
resolve to 172.16.0.22.
3. At the Nslookup command prompt, type pchatpool.adatum.com, and then press Enter. This will
return a nonexistent domain error because the record has not yet been created in Domain Name
System (DNS). Type exit, and then press Enter.
7. In the console tree, expand Forward Lookup Zones, expand Adatum.com, right-click Adatum.com,
and then click New Host (A or AAAA).
8. In the Name text box, type pchatpool, and then in the IP address text box, type 172.16.0.22. Leave
the remaining values as they are, click Add Host, click OK, and then click Done.
9. On LON-SFB1, click the Windows PowerShell icon on the taskbar, type Nslookup, and then press
Enter.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 L9-61
10. At the Nslookup command prompt, type pchatpool.adatum.com, and then press Enter. This should
now resolve to 172.16.0.22.
11. Type exit, and then press Enter, to leave the Nslookup command prompt.
12. On LON-SVR1, click the Windows PowerShell icon on the taskbar, and then run the following
cmdlet:
13. In the output from the cmdlet, confirm that the following software is included in the list of installed
Windows features:
o Media Foundation
14. Click Start on the taskbar, type Programs, and then select Programs and Features from the search
results list.
15. Confirm that Microsoft Silverlight is installed, and then close the Programs and Features window.
2. If the DVD drive contains Skype for Business media, skip to step 5.
3. Locate the virtual machine menu bar at the top of the virtual machine window, click Media, select
DVD Drive, and then click Insert Disk.
6. In the Skype for Business Server installation window that appears, select Don’t check for updates
right now, and then click Install.
7. Select I accept the terms in the license agreement, and then click OK.
8. In the Skype for Business Server 2015 Deployment Wizard, click Install or Update
Skype for Business Server System.
MCT USE ONLY. STUDENT USE PROHIBITED
L9-62 Implementing Persistent Chat in Skype for Business 2015
9. On the Install or update member system page, click Run for Step 1: Install Local Configuration
Store.
10. On the Configure Local Replica of Central Management Store page, confirm that Retrieve
directly from the Central Management store is selected, and then click Next.
Note: It will take approximately 10 minutes to complete this step. The local SQL Server
Express installation will take the majority of that time.
11. Verify that the Task Status is Completed, and then click Finish. If the task fails, click View Log.
12. On the Install or update member system page, click Run for Step 2: Setup or Remove
Skype for Business Server Components.
13. On the Set Up Skype for Business Server Components page, click Next.
14. Verify that the Task Status is Completed, and then click Finish. If the task fails, click View Log.
2. On the Install or update member system page, click Run for Step 3: Request, Install or Assign
Certificates.
3. On the Certificate Wizard page, select Default certificate Server default, and then click Request.
10. In the City/Locality text box, type London, and then click Next.
11. Review the Certificate Request Summary page, and then click Next.
12. Verify that the Task Status is Completed, and then click Next.
13. On the Online Certificate Request Status page, verify that Assign the certificate to
Skype for Business Server certificate usages is selected, and then click Finish.
15. Confirm that the Subject Name (SN) is pchatpool.adatum.com, and then click Next.
16. Verify that the Task Status is Completed, and then click Finish.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 L9-63
Note: Troubleshooting tip: You can use the deployment wizard to request and assign
certificates, but also to troubleshoot certificates. Notice that two green check marks are next to
the default certificate. If there is a problem with a certificate, a red check mark or a yellow
caution icon will appear next to the certificate. You can also view the details of a certificate to
check for misconfigurations.
18. Click Exit in the Skype for Business Server 2015 Deployment Wizard.
3. At the command prompt in the Windows PowerShell command-line interface, run the following:
6. On LON-SFB1, click the Skype for Business Server Control Panel icon on the taskbar.
7. When prompted for credentials, type Administrator in the Username text box and Pa$$w0rd in the
Password text box, and then click OK.
8. In Skype for Business Server 2015 Control Panel, click Topology, and then select Status.
9. Confirm that lon-svr1.adatum.com has successfully replicated with the Central Management store
and that the status is represented by an icon of a server with a green play symbol (healthy). If
required, click Refresh.
Results: After completing this exercise, you should have deployed Persistent Chat Server and the
Persistent Chat Compliance service on LON-SVR1.
3. Verify that the add-in URL is working. You should see an A. Datum Skype for Business Reports
webpage.
Results: After completing this exercise, you should have created an add-in that will be available as a
resource for Persistent Chat room creators and managers in the IT department at A. Datum.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 L9-65
2. On the USER SEARCH page, change the Maximum users to display value to 400, leave the search
box blank, and then click Find. Confirm how many users are currently enabled for Skype for Business.
4. On the New Skype for Business Server User page, click Add.
5. On the Select from Active Directory page, change the Maximum users to display value to 400.
Leave the search box blank, and then click Find.
6. In the search results, click Aaren Ekelund, and then press Ctrl+A to select all the users in the list, and
then click OK.
7. In the Assign users to a pool section, select pool.adatum.com from the drop-down list.
8. In the Generate user’s SIP URI section, select Use the user principal name (UPN). Leave the
default values for all other settings, and then click Enable.
Note: The Administrator, Discovery Search Mailbox, Guest, and krbtgt user accounts and
system mailboxes for Microsoft Exchange Server are expected to fail. You can disregard these
errors and continue with lab.
9. On the New Skype for Business Server User page, click Cancel to return to the USER SEARCH
page.
10. On the USER SEARCH page, leave the search box blank, and then click Find.
11. Confirm that all users in the organization are now enabled for Skype for Business (385 users in the
search results).
12. On the left navigation bar, click Persistent Chat.
13. On the top navigation bar, click Persistent Chat Policy, click New, and then select User policy.
14. On the New Persistent Chat Policy page, in the Name text box, type Adatum Persistent Chat User
Policy.
15. In the Description text box, type Enables Persistent Chat for Individual Users in Adatum, select
Enable Persistent Chat, and then click Commit.
16. On the taskbar, click Skype for Business Server Management Shell.
MCT USE ONLY. STUDENT USE PROHIBITED
L9-66 Implementing Persistent Chat in Skype for Business 2015
17. In the Skype for Business Server Management Shell, grant the Adatum Persistent Chat user policy to
the Sales, IT, and Research departments by using the following cmdlets:
2. In the left navigation pane, click Persistent Chat, click Category, and click New.
5. In the Description text box, type Dedicated Category for the Adatum Sales team. Select Enable
invitations, select Enable file upload, and then verify that Enable chat history is selected.
6. On the New Category page, in the Allowed members section, click Add.
7. On the Select Allowed Members page, in the search box, type Sales, and then click Find. In the
search results, select Sales: Organizational Unit, and then click OK.
8. On the New Category page, in the Creators section, click Add.
9. On the Select Creators page, in the search box, type Sales, and then click Find. In the search results,
select Sales: Organizational Unit, and then click OK.
Note: It is not necessary to populate the Denied members section in this scenario.
However, if you need to deny access to a user in the Sales organizational unit (OU), you could
add the user’s name to the Denied members list.
13. On the New Category page, in the Name text box, type All Adatum Category.
14. In the Description text box, type Category for all Adatum departments except Sales. Leave the
Enable invitations option cleared. Select Enabled file upload, and then verify that Enable chat
history is selected.
15. On the New Category page, in the Allowed Members section, click Add.
16. On the Select Allowed Members page, in the search box, type Adatum, and then click Find. In the
search results, select Adatum: Domain DNS, and then click OK.
17. On the New Category page, in the Denied members section, click Add.
18. On the Select Denied Members page, in the search box, type Sales, and then click Find. In the
search results, select Sales: Organizational Unit, and then click OK.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 L9-67
19. On the New Category page, in the Creators section, click Add.
20. On the Select Creators page, in the search box, type Adatum, and then click Find. In the search
results, select Adatum: Domain DNS, and then click OK.
o Password: Pa$$w0rd
o Domain: Adatum
3. Click Start, click All apps, and then select Skype for Business 2016.
4. In the First things first dialog box, select Ask me later, and then click Accept. If the Microsoft Office
Activation Wizard appears, click Close.
5. Confirm that Vivian Atlas from the Sales department automatically signs in.
Note: Pin Skype for Business to your taskbar for easy access.
6. In the Skype for Business client, click the Chat Rooms icon, click Add a room (the plus sign), and
then select Create a Chat Room. If the Set up Internet Explorer 11 page appears, select Don’t use
recommended settings, and then click OK.
7. On the Manage Persistent Chat Rooms page, type vivian@adatum.com as the user name and
Pa$$w0rd as the password, and then click Sign In.
9. Complete the Create a room page by using the information in the following table, and then click
Create.
Privacy Open
10. On the My Rooms page, click Create A New Room. Use the following information to create the
room, and then click Create.
Privacy Secret
11. On the My Rooms page, confirm that there are two new rooms, click Sign Out, and then close the
web browser.
Note: Now that you have created some chat rooms for the Sales team, you need to create
some rooms for the other departments so that you can verify that the organization’s
requirements are met.
12. On the host machine, browse to C:\Program Files\Microsoft Learning\20334\, and then double-
click LON-CL2.RDP. Click Connect, and then accept all other notifications.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 L9-69
o Password: Pa$$w0rd
o Domain: Adatum
14. Confirm that Amr Zaki from the IT department automatically signs in. If the Microsoft Office
Activation Wizard appears, click Close.
15. In the Skype for Business client, click the Chat Rooms icon, click the Add a room button (the plus
sign), and then select Create a Chat Room.
16. On the Manage Persistent Chat Rooms page, type amr@adatum.com as the user name and
Pa$$w0rd as the password, and then click Sign In.
18. Complete the Create a room page by using the information in the following table, and then click
Create.
Privacy Closed
Add-in IT Reports
Note: Notice that there was not a category choice visible on the Create a room page. This
is because Amr is not a member of the Adatum Sales category, so the default category for the
room is the All Adatum category.
20. Next to the “Your session has expired. Please sign in again” message, click Sign-in.
21. On Manage Persistent Chat Rooms page, sign in as Maxim Goldin from the Research department
by typing maxim@adatum.com as the user name, Pa$$w0rd as the password, and then click Sign
In.
22. On the My Rooms page, click Create A New Room.
MCT USE ONLY. STUDENT USE PROHIBITED
L9-70 Implementing Persistent Chat in Skype for Business 2015
23. On the Create a room page, create an additional room by using the information in the following
table, and then click Create.
Privacy Secret
24. On the My Rooms page, click Sign Out, and then close the web browser.
Note: Although it is possible to add individual users to the members list for each of the
chat rooms, you might be able to take advantage of an existing scope that is already managed
elsewhere, such as an OU or a distribution group.
1. On LON-DC1, in Server Manager, click Tools, and then select Active Directory Users and
Computers.
2. In Active Directory Users and Computers, expand the Adatum.com container, right-click the IT OU,
click New, and then click Group.
3. In the New Object – Group window, type AllITDG for the Group name, select Universal for the
Group scope and Distribution for the Group Type, and then click OK.
4. Right-click the Sales OU, click New, and then select Group.
5. In the New Object – Group window, type AllSalesDG for the Group name, select Universal for the
Group scope and Distribution for the Group Type, and then click OK.
6. Right-click the Sales OU, click New, and then click Group.
7. In the New Object – Group window type SalesExecutivesDG for the Group name, select Universal
for the Group scope and Distribution for the Group Type, and then click OK.
8. Right-click the Sales OU, click New, and then click Group.
9. In the New Object – Group window, type SalesManagersDG, select Universal for the Group scope
and Distribution for the Group Type, and then click OK.
10. On LON-SFB1, on the taskbar, click Skype for Business Server Management Shell.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 L9-71
11. In the Skype for Business Server Management Shell, run the following cmdlets to populate the
members of the distribution groups:
12. In the Skype for Business Server Management Shell, run the following cmdlets to manage the chat
room user roles:
Note: If you receive the “The current user is not part of the RTCUniversalServerAdmins
group” error while running the commands, verify that you have completed Lab A, Exercise 1,
steps 5 through 8. After adding Adatum\Administrator to the RTCUniversalServerAdmins group,
sign out of LON-SFB1, and then sign back in as Adatum\Administrator.
b. To change the Sales Team Chat Room privacy setting to Closed from Open and to configure
members of the AllSalesDG group to be the only members of the Sales Team Chat Room, run the
following command:
c. To configure members of the AllITDG group to be members of the Skype for Business
Administration Chat Room, run the following command:
Note: You must add presenters as members, or you will receive an error.
Note: In the previous lab, you installed the Persistent Chat Compliance service and
compliance store. In this task, you will configure the adapter to send compliance information
output from the compliance store on LON-SQL1 to a local directory on LON-SVR1 for eDiscovery
purposes.
1. On LON-SFB1, in the Skype for Business Management Shell, verify the current configuration by
running the following command:
Get-CsPersistentChatComplianceConfiguration
2. In the Skype for Business Management Shell, create a new site-level Persistent Chat compliance
configuration by running the following command:
3. In the Skype for Business Management Shell, when asked “Are you sure you want to perform this
action?”, type Y, and then press Enter. Verify that the configuration is successful by running the
following command:
Get-CsPersistentChatComplianceConfiguration
Results: After completing this exercise, Sales team members should have access to their chat rooms only.
All users in the organization who are enabled with Persistent Chat should be able to create and use chat
rooms, but they should not be able to use the Sales chat rooms. Persistent Chat compliance also should
be fully functional.
3. Click Start on the taskbar, click All apps, and then select Skype for Business 2016.
4. In the First things first dialog box, select Ask me later, and then click Accept.
5. In the Skype for Business client, click the Chat rooms icon. You should have a new invitation on the
New tab.
6. In the Chat rooms view, click the Member Of tab. Notice that you are already defined as a member.
What it does not show is that you are also a manager of this room.
7. On the Member Of tab, right-click Sales Team Chat Room, and then click Follow this room.
8. On the Chat rooms view, click the Followed tab. Notice that there are two objects, Ego Feed and
Sales Team Chat Room.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 L9-73
9. On the Followed tab, right-click Sales Team Chat Room, and then click Open.
10. In the Sales Team Chat Room window, type Hello Sales Team!, and then press Enter. Confirm that
the message posted, and then close the Sales Team Chat Room window.
14. In the First things first dialog box click Ask me later, and then click Accept.
15. In the Skype for Business client, click the Chat rooms view icon. You should have a new invitation on
the New tab.
16. On the New tab, right-click Sales Team Chat Room, and then select Follow this room.
17. On the Followed tab, right-click Sales Team Chat Room, and then click Open.
18. In the Sales Team Chat Room, notice that Eric is still listed as a participant even though you closed the
chat room on his client. Type Hello Eric, thank you for the invite! and then press Enter.
19. On LON-CL1, click the Followed tab in the Persistent Chat view of Eric’s client. Notice that there is
one new Ego Feed and two new posts to the Sales Team Chat Room.
20. On the Followed tab, right-click Ego Feed, and then click View Topic Feed Results.
21. In the Ego Feed window, notice that Eric is highlighted. This is because the default Ego Feed will track
any time a post mentions your name in any of the chat rooms that you are following.
23. On the Followed tab, open the Sales Team Chat Room. Notice that Jed Brown has a green check
mark next to his name. This indicates that he is online. If you point to Jed Brown’s name, his contact
information will appear, and you will see the list of all Skype for Business communication modes.
26. On LON-CL1, sign out as the current user (Eric), and then sign in as aaren@adatum.com with the
password Pa$$w0rd.
27. Click Start on the taskbar, click All apps, and then select Skype for Business 2016.
28. In the First things first dialog box, select Ask me later, and then click Accept.
29. Click the Chat rooms view icon. Notice that all Sales users received an invitation to the Sales Team
Chat Room.
30. In the Chat rooms view, in the Find someone or a room search box, type Administration. There
should not be any match. Type Management. As a presenter and a member, you should be able to
find the Sales Management Communications chat room.
31. On the Chat Rooms tab, right-click the Sales Management Communications chat room, and then
click Follow this Room.
32. In the Chat Rooms view, click the Followed tab, right-click the Sales Management
Communications chat room, and then click Open.
33. In the Sales Management Communications chat room, type Hello Sales Managers! Please follow
this chat room so that you will be able to get critical sales communications for your region.
and then press Enter.
MCT USE ONLY. STUDENT USE PROHIBITED
L9-74 Implementing Persistent Chat in Skype for Business 2015
35. On LON-CL2, sign out as the current user (Jed), and then sign in as neven@adatum.com with the
password Pa$$w0rd.
36. Click Start on the taskbar, click All apps, and then select Skype for Business 2016.
37. In the First things first dialog box, select Ask me later, and then click Accept.
38. In the Skype for Business client, click the Chat Rooms icon.
39. In the Chat Rooms view, in the Find someone or a room text box, type management.
40. On the Chat Rooms tab, right-click Sales Management Communications, and then select Open.
41. Type Thank you Aaren! and then press Enter. What happens?
43. Switch back to LON-CL1, and then look at the conversation that is still open in Aaren’s client. Notice
that even though Neven was able to type a message, it is only visible on his computer. Only
information that presenters post is visible to every member of the auditorium chat room.
Note: Now that you have confirmed that Sales team functionality is working, you need to
test that the ethical wall is also working from outside the Sales department.
44. On LON-CL1, sign out as the current user (Aaren), and then sign in as amr@adatum.com with the
password Pa$$w0rd.
45. Click Start on the taskbar, click All apps, and then select Skype for Business 2016.
46. In the First things first dialog box, select Ask me later, and then click Accept.
47. In the Skype for Business client, click the Chat Rooms icon, and then type Administration in the
Find someone or a room search box.
48. On the Chat Rooms tab, right-click Skype for Business Administration Chat Room, and then click
Follow this Room.
49. On the Followed tab, right-click Skype for Business Administration Chat Room, and then click
Open. Notice that the chat room opens with the add-in.
2. Expand Local Disk (C:), and then click the ComplianceOutput folder.
3. Verify that a number of XML files and an Attachments folder are in the ComplianceOutput folder.
4. In the ComplianceOutput folder, look at the Date modified column, and then find the first file that
was created. Right-click the file, point to Open With, and then click Internet Explorer.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 L9-75
5. In Internet Explorer, examine the file content. This file should contain a logged message from
eric@adatum.com in the Sales Team Chat Room.
7. In the ComplianceOutput folder, open some of the other compliance files, and then review the
captured information.
Results: After completing this exercise, you should know if the ethical wall for the Sales team is working
or if additional changes are necessary. You will also have experienced Persistent Chat as a manager and as
a member.
2. Click Start on the taskbar, click All apps, and then select Skype for Business 2016.
3. In the First things first dialog box, select Ask me later, and then click Accept.
4. Verify that the Chat Rooms icon is missing from the Skype for Business client for Carlos.
2. In the User Search results, double-click Carlos Carvallo, locate the Persistent Chat policy value,
document your results, and then click Cancel.
o Persistent Chat policy is set to Automatic. When you click View, it shows the Global policy.
3. On LON-DC1, open Active Directory Users and Computers if it is not already open, right-click the
Adatum.com container, and then click Find.
4. In the Find users, Contacts, and Groups dialog box, in the Name text box, type Carlos, and then
click Find Now.
6. On the Properties page, click the Member Of tab, and then document the groups of which Carlos is
a member.
o Marketing OU
MCT USE ONLY. STUDENT USE PROHIBITED
L9-76 Implementing Persistent Chat in Skype for Business 2015
2. In the Marketing OU, double-click Carlos Carvallo, click the Member Of tab, click Add, type
AllSalesDG, click Check Names, and then click OK.
3. On the Properties page, click Apply, and then click OK to save and close the Properties page.
4. Right-click the Carlos Carvallo user object, and then click Move.
6. Click the Sales OU, and then confirm that Carlos Carvallo is there.
7. On LON-SFB1, open Skype for Business Server Control Panel if it is not already open, click Users, type
Carlos in the search box, and then click Find.
9. Locate Persistent Chat policy, set it to Adatum Persistent Chat User Policy, and then click
Commit.
10. From the taskbar, open the Skype for Business Management Shell if it is not already open.
11. At the command prompt, type the following cmdlet to add Carlos as member of the Sales
Management Communications chat room, and then press Enter:
13. Completely exit Skype for Business by clicking the Show Menu drop-down arrow, clicking File, and
then selecting Exit.
14. Open Skype for Business again. Wait while the client signs in.
15. Click the Chat Rooms view icon, and then verify that Carlos received an invitation to the Sales Team
Chat Room.
16. In the Chat Rooms view, type Management in the Find someone or a room search box, and then
verify that the Sales Management Communications secret chat room is listed.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 L9-77
2. In the Virtual Machines list, right-click 20334B-LON-CL1, and then click Revert.
o 20334B-LON-CL2
o 20334B-LON-DC1
o 20334B-LON-RTR
o 20334B-LON-SVR1
o 20334B-LON-SFB1
o 20334B-LON-SFB2
o 20334B-LON-SQL1
Results: After completing this exercise, you should have identified the root cause of Carlos’ Persistent
Chat issue and resolved it.
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED
L10-79
2. On the taskbar, click the Skype for Business Server Management Shell icon.
3. In the Skype for Business Server Management Shell, type the following cmdlet, and then press Enter:
4. In the Skype for Business Server Management Shell, type the following cmdlet, and then press Enter:
Get-CsManagementStoreReplicationStatus
5. Repeat step 4 until the UpToDate status on LON-SFB1 and LON-SFB2 changes to True.
6. In the Skype for Business Server Management Shell, type the following cmdlet, and then press Enter:
7. Verify that the installation completes without errors (you may see a few warnings which you can
ignore). Close the Skype for Business Server Management Shell window.
4. In the Windows PowerShell ISE window, verify that the 20334B_NYCPoolSetup.ps1 file is open.
5. At the Windows PowerShell command prompt, type the following cmdlet, and then press Enter:
6. In the Windows PowerShell ISE window, on the toolbar, click Run Script (the play icon).
Results: After completing this exercise, you will have prepared the lab environment for this module.
MCT USE ONLY. STUDENT USE PROHIBITED
L10-80 Implementing High Availability in Skype for Business 2015
Note: Before you begin this lab, verify that all Microsoft Skype for Business Server 2015
services set to Automatic (Delayed Start) are running on LON-SFB1 and LON-SFB2.
2. Click Start, click Power Options (the power icon at the top-right corner), and then click Shutdown.
Click Continue to confirm that you want to shut down. Wait for it to shut down completely.
5. In Event Viewer, expand Applications and Services Logs, and then click the Lync Server log.
6. In the Lync Server log, look for the most recent Event ID 32108 from the LS User Services. Confirm
the warning “Pool Manager changed state of Registrar with FQDN: LON-SFB1.Adatum.com to
Inactive”. Minimize the Event Viewer window.
Note: Because of the way DNS is currently set up, it resolves the admin.adatum.com simple
URL to lon-sfb1.adatum.com’s IP address, which is currently offline.
9. In the Windows Security dialog box, type Adatum\Administrator for the user name and
Pa$$w0rd for the password, and then click OK.
12. On the New Skype for Business Server User page, click Add.
13. On the Select from Active Directory page, change the Maximum users to display value to 400.
Leave the search box blank, and then click Find.
14. In the search results, click the top name in the list, press Ctrl+A to select all the users in the list, and
then click OK.
15. In the Users list, locate Administrator, Discovery Search, Guest, and SystemMailbox, and any
HealthMailbox*, Krbtgt, and Microsoft Exchange* users. Select each account, and then click
Remove.
16. In the Assign users to a pool section, select pool.adatum.com from the drop-down list.
17. In the Generate user’s SIP URI section, select Use the user principal name (UPN).
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 L10-81
18. On the New Skype for Business Server User page, leave the default values for all other settings, and
then click Enable.
Note: System/health mailboxes for Microsoft Exchange Server are expected to fail. You can
disregard these errors and continue with the lab.
19. On the New Skype for Business Server User page, click Cancel to return to User Search. Leave the
search box blank, change Maximum users to display 400, and then click Find.
20. Confirm that all users in the organization are now enabled for Skype for Business.
22. Click Start, click All Apps, and then select Skype for Business 2016. In the First things first dialog
box, select Ask me later, and then click Accept. If the Microsoft Office Activation Wizard appears,
click Close.
23. Verify that Skype for Business 2016 signs in automatically as adam@adatum.com. It may take up to
five minutes for Adam to sign in if routing groups are still being reassigned to LON-SFB2.
25. In Windows PowerShell, run the following cmdlet to see the information about the routing group that
Adam’s account is in:
26. From the results of the cmdlet in the Windows PowerShell window, document the following
information for Adam.
1. PrimaryPoolFQDN Pool.adatum.com
UserServicesPoolFQDN Pool.adatum.com
PrimaryPoolMachinesInPreferredOrder
PrimaryPoolPrimaryRegistrars
PrimaryPoolPrimaryUserService
27. In Windows PowerShell, run the following command to get the current state of Windows Fabric:
Note: If it takes more than two minutes to respond, close the Windows PowerShell window
and skip to step 29.
28. Review the results. Locate the Pool All Server and Services Summary section. What is the suggested
resolution to the problem?
Answer: One or more servers is shut down, unhealthy, or deactivated. Ensure that they are running
and activated. Restart a server if problems persist.
MCT USE ONLY. STUDENT USE PROHIBITED
L10-82 Implementing High Availability in Skype for Business 2015
29. On LON-SFB2, click Start, click Power Options (the power icon at the top-right corner), and then
click Shutdown. Click Continue to confirm that you want to shut down. Wait for it to shut down
completely.
31. In Microsoft Hyper-V Manager, in the Virtual Machines section, start 20334B-LON-SFB1 and
20334B-LON-SFB2. Right-click each virtual machine, click Connect, and then wait for them to start.
36. In Event Viewer, expand Applications and Services logs, and then select the Lync Server log.
38. In the Filter Current Log window, expand the Event sources drop-down list, and then select LS User
Services, LS Storage Service, and LS AppDomain Host Process. After selecting the sources, click
OK.
39. Review the Lync Server log for errors or warnings. Are there any errors or warnings?
Answer: There should be a number of warnings and some errors from these Skype for Business Server
Windows Fabric event sources that are generated when shutting down the primary routing group
registrar.
40. In the Actions pane, click Find. Use the Find dialog box to look for and review the following Event
IDs:
41. On LON-CL1, confirm that Adam is now connected. You might have to cancel the current connection
attempt in order to sign in.
2. When the User Account Control dialog box appears, click Yes.
3. In the Command Prompt window, type ping pool.adatum.com, and then press Enter. Confirm that
the fully qualified domain name (FQDN) resolves to one of the following two IP addresses:
172.16.0.20 or 172.16.0.21.
4. At the command prompt, type ipconfig /flushdns, and then press Enter.
5. Press the Up Arrow key twice. This should repeat the entry that you made (ping pool.adatum.com).
Press Enter.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 L10-83
6. Repeat steps 3 through 5 until the IP address being pinged changes to the other IP address (for
example, from 172.16.0.21 to 172.16.0.20).
Note: DNS round robin is configured on the DNS server and is the feature that changes the
sequence of the round robin records provided to the client. After the IP addresses have been
resolved, the client caches them and uses them for the DNS load-balancing process.
7. At the command prompt, type ipconfig /displaydns, and then press Enter. Verify that the cache
contains both the IP addresses.
8. If the first IP address in the local cache is not 172.16.0.20, repeat steps 3 through 5 again until the
first IP address is 172.16.0.20. Close the command prompt, and then proceed to the next step.
11. In the Services window, stop the Skype for Business Server Front-End Service. Leave this window open.
12. On LON-CL1, sign out of Skype for Business by clicking the Down Arrow next to the settings icon,
clicking File, and then clicking Sign Out.
If you can sign in successfully, then you can confirm that DNS load balancing is working.
14. Click Start, click Adam Barr, and then select Sign out.
15. On LON-SFB1, in the Services window, start the Skype for Business Server Front-End service.
Results: After completing this exercise, you will have simulated the maintenance process and determined
the root cause of outages. You will also have determined the current health of DNS load balancing and
the Windows Fabric.
Note: The deployment guides that you can find at this site are an invaluable resource for
properly configuring the hardware load-balancing solution that your organization chooses to
work with Skype for Business Server 2015.
MCT USE ONLY. STUDENT USE PROHIBITED
L10-84 Implementing High Availability in Skype for Business 2015
3. In the DNS Manager tool, expand LON-DC1, expand Forward Lookup Zones, and then select
Adatum.com.
4. In DNS Manager, double-click the webint record, change the IP address to 172.16.0.120, and then
click OK.
o dialin
o lyncdiscoverinternal
o meet
o scheduler
8. When you receive the warning “There is a problem with this website’s security certificate”, click
Continue to this website (not recommended).
9. In the Windows Security dialog box, sign in as admin with the password Pa$$w0rd.
10. In the ZEN Load Balancer GUI window, click the Settings menu, and then select Interfaces.
11. On the Settings::Interfaces page, in the Table interfaces table, locate the eth0 interface, and then
in the Actions column, click the add virtual network interface icon.
12. In the new row in the Table interfaces table, type 1 in the Name text box, type 172.16.0.120 in the
Addr text box, and then click save virtual interface in the Actions column.
13. On the Settings::Interfaces page, in the Default gateway table, click the edit default GW icon in
the Actions column. Type 172.16.0.1 in the Addr text box, and then click the save default GW icon
in the Actions column.
14. In the ZEN Load Balancer GUI window, click the Manage menu, and then select Farms.
15. On the Manage::Farms page, in the Configure a new Farm section, type SfBport80 in the Farm
Description Name text box. Select TCP for the Profile. Click Save & continue.
16. On the Manage::Farms page, in the Configure a new Farm section, select eth0:1->172.16.0.120 as
the Virtual IP, type 80 in the Virtual Port(s) text box, and then click Save.
17. On the Manage::Farms::SfBport80 page, in the Farms table section, locate the SfBport80 row, and
then click the Edit the SfBport80 farm icon in the Actions column.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 L10-85
18. On the Manage::Farms::tcp::SfBport80 page, in the Edit real IP servers configuration table, click
the Add Real Server icon in the Actions column. When the Server 0 row appears, type the following
information, and then click the Save Real Server 0 icon in the Actions column:
o Address: 172.16.0.20
o Port: 80
19. On the Manage::Farms::tcp::SfBport80 page, in the Edit real IP servers configuration table, click
the Add Real Server icon in the Actions column. When the Server 1 row appears, type the following
information, and then click the Save Real Server 1 icon in the Actions column:
o Address: 172.16.0.21
o Port: 80
Name: SfBport8080
Virtual IP: eth0:1->172.16.0.120
Virtual Port: 8080
Profile: TCP
Real Server 0: 172.16.0.20
Real Server 0 Port: 8080
Real Server 1: 172.16.0.21
Real Server 1 Port: 8080
Name: SfBport443
Virtual IP: eth0:1->172.16.0.120
Virtual Port: 443
Profile: TCP
Real Server 0: 172.16.0.20
Real Server 0 Port: 443
Real Server 1: 172.16.0.21
Real Server 1 Port: 443
Name: SfBport4443
Virtual IP: eth0:1->172.16.0.120
Virtual Port: 4443
Profile: TCP
Real Server 0: 172.16.0.20
Real Server 0 Port: 4443
Real Server 1: 172.16.0.21
Real Server 1 Port: 4443
2. Open File Explorer. Navigate to the C:\PortQryUI\ folder, and then double-click portqueryui.exe.
3. In the Port Query window, in the Enter destination IP or FQDN to query text box, type
webint.adatum.com. On the File menu, click Open Config.
4. In the Open dialog box, navigate to C:\PortQryUI\, select SfBconfig.xml, and then click Open.
MCT USE ONLY. STUDENT USE PROHIBITED
L10-86 Implementing High Availability in Skype for Business 2015
5. In the Port Query window, verify that Query predefined service is selected. Select
Skype for Business Server 2015 HLB with DNS from the Service to Query list, and then click
Query.
This process can take several minutes. The Query button will be enabled when the process completes.
All query responses are returned as LISTENING, Endpoints found, or return code 0x00000000.
2. If necessary, click Start, click All Apps, then select Skype for Business 2016. If the Microsoft Office
Activation Wizard window appears, click Close.
4. Click the Show Menu arrow next to the Options icon. Click Tools, and then select Dial-in
Conferencing Settings.
5. Did the Dial-in Conferencing Settings and PIN Management window appear?
Connecting to webint.adatum.com
9. Click Start, click Adam Barr, and then select Sign out.
Note: If you were able to connect to the Dial-in and Admin web services, then the HLB is
working properly.
2. In the New Host window, in the Name text box, type pool, in the IP address text box, type
172.16.0.120, and then click Add Host.
5. In DNS Manager, right-click the pool record for 172.16.0.20, click Delete, and then click Yes to
confirm.
6. In DNS Manager, right-click the pool record for 172.16.0.21, click Delete, and then click Yes to
confirm.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 L10-87
7. On LON-SFB1, on the taskbar, click Skype for Business Server Topology Builder.
8. On the Topology Builder welcome page, click OK to download the topology from the existing
deployment. If the Download Current Topology window appears, wait for a few seconds.
9. In the Save Topology As dialog box, type HLBConfig.tbxml, and then click Save.
10. In the Topology Builder window, expand the Skype for Business Server node, expand the Adatum
Headquarters node, expand the Skype for Business Server 2015 container, expand the Enterprise
Edition Front End pools container, right-click pool.adatum.com, and then click Edit Properties.
14. On the Publish Topology page, click Next. After the publishing wizard completes, under Next
Steps, select Click here to open to-do list. Review the NextSteps.txt file, and then close Notepad.
15. On the Publishing Topology page, click Finish. Close the Topology Builder window.
16. On LON-SFB1, on the taskbar, click Skype for Business Server Management Shell, run the
following cmdlet, and then confirm that the UpToDate value is True on all replicas:
Get-CsManagementStoreReplicationStatus
18. At the command prompt, type the following command, and then press Enter:
.\Bootstrapper.exe
19. Wait for the bootstrapper to complete, and then close the Skype for Business Server Management
Shell window.
22. At the command prompt, type the following command, and then press Enter:
.\Bootstrapper.exe
23. Wait for the bootstrapper to complete, and then close the Skype for Business Server Management
Shell window.
2. If necessary, click Start, click All Apps, and then select Skype for Business 2016. If the Microsoft
Office Activation Wizard window appears, click Close.
4. Click Start, click Adam Barr, and then select Sign Out.
6. Click Start, click All Apps, then select Skype for Business 2016. If you are prompted with the First
things first dialog box, click Ask me later, and then click Accept. If the Microsoft Office Activation
Wizard window appears, click Close.
7. What do you think is the reason for what you just observed?
Adam has cached sign-in information, so he is still connecting directly to the pool and not going
through the HLB. Anil is using the new pool.adatum.com virtual IP address for the HLB, but the HLB is
not configured for this type of connection, and therefore he cannot connect.
8. Click Start, click Anil Elson, and then click Sign Out.
9. On LON-CL1, sign in as adam@adatum.com with the password Pa$$w0rd. Wait for the Skype for
Business 2016 client to start. If the Microsoft Office Activation Wizard window appears, click Close.
10. In the Skype for Business 2016 client, click the Show Menu drop-down arrow next to the Options
icon, click File, and then click Sign Out.
11. Click Delete my sign-in info, and then click Yes to confirm that you want to forget this sign-in
information.
2. In the Port Query window, in the Enter destination IP or FQDN to query text box, type
pool.adatum.com. On the File menu, click Open Config.
3. In the Open dialog box, navigate to C:\PortQryUI\, select SfBconfig.xml, and then click Open.
4. In the Port Query window, verify that Query predefined service is selected. Select
Skype for Business Server 2015 HLB ONLY from the Service to Query list, and then click Query.
This process can take several minutes. When the Query button is no longer disabled, it means that
the process is complete.
5. What are the results?
Web service queries are succeeding for 80, 443, 8080, and 4443. All other query responses are
returned as FILTERED, Endpoints not found, or return code 0x00000002.
MCT USE ONLY. STUDENT USE PROHIBITED
L10-90 Implementing High Availability in Skype for Business 2015
9. Verify that Skype for Business Server 2015 HLB ONLY is still selected in the Service to Query list.
More query responses are returned as LISTENING, Endpoints found, or return code 0x00000000.
Ports and protocols for internal servers in Skype for Business Server
http://aka.ms/h0n2v7
Note: Changing the IP address of the HLB virtual IP (VIP) address to point to one of the
Front End pool nodes is also a good troubleshooting technique to determine the source of the
problem. The disadvantage is that this is just a temporary fix, because it will prevent load
balancing.
2. In the address bar of Internet Explorer, type https://172.16.0.2:444, and then press Enter.
3. When you receive the warning “There is a problem with this website’s security certificate”, click
Continue to this website (not recommended).
4. In the Windows Security dialog box, sign in as admin with the password Pa$$w0rd.
5. In the ZEN Load Balancer GUI window, click the Settings menu, and then select Backup.
6. On the Settings::Backup page in the Backup Files section, click the upload backup icon in the
Action column.
8. In the Choose File to Upload window, navigate to C:\Labfiles, select backup-HLBOnly.tar.gz, and
then click Open.
9. In the Upload File – Internet Explorer window, click Upload Backup, and then close the Upload File
window.
10. On the Settings::Backup page in the Backup Files section, click the Apply backup-HLBOnly.tar.gz
backup and restart Zen Load Balancer service icon (green checkmark) in the Action column.
11. In the ZEN Load Balancer GUI window, click the Manage menu, and then select Farms. Confirm that
additional ports for Skype for Business Server have been added.
Note: If any of the farms show down (red) status, click the corresponding Start the
Farmname Farm icon in the Actions column. Confirm all farms are up (green) before
continuing. It may be necessary to reset the LON-LB virtual machine to get all farms to show a
green status.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 L10-91
2. If the Skype for Business client is still running and the error is still displayed, cancel the sign-in
process.
Yes. Adam can sign in now that additional ports have been added to the HLB configuration.
You must complete this lab before you can start lab in Module 11, “Implementing Disaster Recovery in
Skype for Business 2015”.
Results: After completing this exercise, you will have identified the HLBs that are qualified to work with
Skype for Business Front End pools. You will also have configured DNS to support an HLB and fixed HLB
connectivity issues.
MCT USE ONLY. STUDENT USE PROHIBITED
MCT USE ONLY. STUDENT USE PROHIBITED
L11-93
2. In Skype for Business Server 2015 Topology Builder, select Download Topology from existing
deployment, and then click OK. If the Download Current Topology window appears, wait a few
seconds.
3. In the Save Topology As dialog box, type PoolPairing as the File name, and then click Save.
4. In Skype for Business Server 2015 Topology Builder, expand Skype for Business Server, expand
Adatum Headquarters, expand Skype for Business Server 2015, expand Enterprise Edition Front
End pools, right-click pool.adatum.com, and then click Edit Properties.
5. In the Edit Properties dialog box, click Resiliency in the navigation pane, and then select
Associated Backup Pool.
6. Under the Resiliency section, in the box below Associated Backup Pool, select
ny-pool.adatum.com. Select Automatic failover and failback for Voice, and then
click OK.
7. In Skype for Business Server 2015 Topology Builder, right-click pool.adatum.com, click Topology,
and then click Publish.
2. At the Windows PowerShell command prompt, run the following commands to install and configure
the Backup Service:
4. On LON-SFB2, click the Skype for Business Server Management Shell icon on the taskbar.
6. On NYC-SFB3, click Start, type Skype, and then select Skype for Business Server Management
Shell.
2. To move the Sales users, at the Windows PowerShell command prompt, type the following command,
and then press Enter:
2. In the Skype for Business Server Management Shell, verify that synchronization is occurring in both
directions by running the following commands:
Results: After completing this exercise, you will have enabled pool pairing and installed the Backup
Service on pool.adatum.com and ny-pool.adatum.com. Finally, you will have confirmed the Backup
Service synchronization.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 L11-95
2. If necessary, click Start, click All Apps, and then select Skype for Business 2016.
3. Confirm that Ed Meadows automatically signs in to the Skype for Business client. Leave the Skype for
Business client open.
4. In the Skype for Business client, type aaren@adatum.com in the search box. Right-click Aaren
Ekelund in the My Contacts area, and then click Add to Favorites.
5. On LON-CL2, sign in as aaren@adatum.com with the password Pa$$w0rd.
6. Right-click Start and select Control Panel. In the Control Panel window, select Network and
Internet, and then click Network and Sharing Center.
12. Click Start, click All Apps, and then select Skype for Business 2016.
13. In the First things first dialog box, click Ask me later, and then click Accept. If the Microsoft Office
Activation Wizard window appears, click Close.
14. Confirm that Aaren Ekelund automatically signs in to the Skype for Business client.
15. In the Skype for Business client, type ed@adatum.com in the search box. Right-click Ed Meadows in
the My Contacts area, and then click Add to Favorites.
2. In the Choose a reason dialog box, click Continue. Wait for the virtual machine to shut down.
3. On LON-CL2, verify the state of the Skype for Business client, and then answer the following question:
4. On LON-CL1, verify the state of the Skype for Business client, and then answer the following question:
5. On LON-CL2, wait for five minutes, and then confirm that Aaren is able to sign in to the backup
Registrar automatically.
6. When the Skype for Business dialog box appears, click OK to close it.
7. Confirm that Aaren’s client is now in Resiliency mode by observing the limited functionality error in
the client, and then answer the following question:
2. At the Windows PowerShell command prompt, run the following command to ensure that you have a
Central Management store backup:
3. At the Windows PowerShell command prompt, run the following command to locate the Central
Management Server:
Invoke-CsManagementServerFailover -WhatIf
Note: By using the –WhatIf parameter, you can see the current Central Management Server
and the backup server without making any changes. Currently the Central Management Server is
not the failed pool (ny-pool.adatum.com), so it will not be necessary to fail over the Central
Management Store prior to failing over the pool. If it was on the failed pool, you would need to
run the previous cmdlet without the –WhatIf parameter prior to failing over the pool.
4. At the Windows PowerShell command prompt, run the following command to identity if the failed
pool was using database mirroring, and which Back End Server is the principal:
The message Cannot find a mirror service with role name “CentralMgmtStore” appears if
database mirroring is not used. This is expected in this lab. You can move on to the next step.
5. At the Windows PowerShell command prompt, run the following command to fail over the users
from ny-pool.adatum.com (New York) to pool.adatum.com (London):
6. In the Windows PowerShell window, when prompted, type Y, and then press Enter.
Note: Verify that all Skype for Business Server services set to Automatic (Delayed start) on
NYC-SFB3 are running before continuing.
3. On LON-SFB1, open the Skype for Business Server Management Shell if it is not already open.
4. At the Windows PowerShell command prompt, run the following command to get the Backup Service
status for ny-pool.adatum.com:
5. In the Skype for Business Server Management Shell, verify that OverallExportStatus is in a
SteadyState or FinalState and that OverallImportStatus is in a NormalState for the Backup
Service.
6. At the Windows PowerShell command prompt, run the following command to start the failback
process:
8. In the Skype for Business Server Management Shell, verify that the failback process completes. Review
the warnings, and then confirm that the Users of pool ny-pool.adatum.com will have full services
now warning is generated.
Note: It can take about five minutes for the Backup Service to complete synchronization in
this lab environment. In a production environment, the synchronization duration might be more
or less. If Aaren signs out and signs in, the client will be in Resiliency mode until Backup Service
completes synchronization.
9. On LON-CL2, click the Show hidden icons up arrow in the taskbar. While holding down the Ctrl key
on the keyboard, right-click the Skype for Business 2016 icon, and then select Configuration
Information.
MCT USE ONLY. STUDENT USE PROHIBITED
L11-98 Implementing Disaster Recovery in Skype for Business 2015
10. In the Skype for Business Configuration Information window, confirm that NY-Pool.adatum.com is
the Skype for Business Server.
Note: If the server running Skype for Business Server is pool.adatum.com, then the client is
still connected to the backup Registrar. You can sign out of the Skype for Business client and sign
back in to force the client to connect to its home pool.
11. On LON-CL1, verify the state of the Skype for Business client, and then answer the following question:
2. In Hyper-V Manager, click 20334B-LON-DC1, and then in the Checkpoints pane, click the
StartingImage checkpoint.
3. In the Actions pane, click Apply. When the Apply Checkpoint dialog box appears, click Apply.
o 20334B-LON-RTR
o 20334B-LON-CL1
o 20334B-LON-CL2
o 20334B-LON-SQL1
o 20334B-LON-SFB1
o 20334B-LON-SFB2
o 20334B-NYC-SQL3
o 20334B-NYC-SFB3
Results: After completing this exercise, you will have simulated the New York pool outage and initiated
pool failover from ny-pool.adatum.com to pool.adatum.com. You will also have validated the user
experience during the failover and failback process.
MCT USE ONLY. STUDENT USE PROHIBITED
L12-99
Answer:
You will need to change the user principal name (UPN) and Session Initiation Protocol (SIP) domain.
All users are utilizing Adatum.local as the SIP domain; this will need to change to a publicly routable
domain such as Adatum.com. To make the change, you will need to add this domain name as a UPN
to the domain and assign it to all users. You will then need to add the domain name as a SIP domain
in Skype for Business and instruct all users to use that domain name when they sign in to
Skype for Business.
You will need to add the Adatum.com domain to the Microsoft Office 365 tenant and verify the
domain name. To do this, you will need to add the text (TXT) resource record that is provided when
you register the domain to the external Domain Name System (DNS) zone for adatum.com.
2. What infrastructure components will A. Datum need to deploy before it can start the hybrid
Skype for Business deployment?
Answer:
You will need to complete an Edge Server deployment and configure federation. To meet the high
availability requirements, you will need to deploy at least two Edge Servers and configure DNS load
balancing. When configuring the Edge Server deployment, you need to obtain publicly trusted
certificates for the Edge Servers and the reverse proxy servers.
You will need to deploy a directory synchronization solution to replicate the on-premises domain user
accounts to Office 365. We recommend Microsoft Azure Active Directory (Azure AD) Connect.
Two options are available for ensuring that users can use the same user name and password when
signing in to Skype for Business. You could deploy password synchronization with Azure AD Connect,
or you could deploy Active Directory Federation Services (AD FS). Because AD FS requires several new
servers, we recommend password synchronization.
MCT USE ONLY. STUDENT USE PROHIBITED
L12-100 Integrating with Skype for Business Online
3. What steps will A. Datum need to take to complete the hybrid Skype for Business deployment?
Answer:
If you complete all of the prerequisite steps, you will be able to complete the rest of the hybrid
Skype for Business deployment by using Skype for Business Server Control Panel:
a. In Skype for Business Server Control Panel, authenticate to the Office 365 tenant by using
administrator credentials.
b. Run the Set Up Hybrid with Skype for Business Online Wizard. It will evaluate the current state of
the deployment. Then, it completes the following steps to configure the hybrid environment:
It configures the federated partner settings for your Edge Server deployment.
It configures a new hosting provider for the Skype for Business Online tenant, and it
configures the on-premises environment to share an address space with the hosting
provider.
It configures the Skype for Business Online tenant to share an address space with the on-
premises Skype for Business environment.
c. You then can use Skype for Business Server Control Panel to move the pilot users to
Skype for Business Online.
Results: After completing this exercise, you should have designed a hybrid Skype for Business
environment for A. Datum.
MCT USE ONLY. STUDENT USE PROHIBITED
L13-101
4. In File Explorer, expand drive D, expand Setup, expand amd64, and then click Setup.exe.
5. Wait for Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.21005 to complete.
6. If the Skype for Business Server 2015 window prompts for updates, select Don’t check for updates
right now, and, then click Install.
7. In the License Agreement dialog box, select I accept the terms in the license agreement, and then
click OK.
8. Wait for the installer to install Skype for Business Server Core Components, which consist of the Skype
for Business Deployment Wizard and the Skype for Business Server Management Shell.
9. In the Welcome to Skype for Business Server 2015 deployment window, click Install Administrative
Tools.
Note: Administrative tools include Skype for Business Server Topology Builder and the
Skype for Business Server Control Panel.
12. When the Executing Commands window displays Task status: Completed, click Finish to close the
Install Administrative Tools window.
13. On the Welcome to Skype for Business Server 2015 deployment page, click Exit.
Note: You have now installed the Skype for Business Server administrative tools on
TREY-SVR1.
MCT USE ONLY. STUDENT USE PROHIBITED
L13-102 Planning and Implementing an Upgrade to Skype for Business Server 2015
Task 2: Upgrade the Lync Server 2013 pool to Skype for Business Server, and publish
the topology
1. Switch to TREY-SVR1.
2. On TREY-SVR1, from the Start menu, click to the Apps page (down arrow icon), and open Skype for
Business Server Topology Builder.
3. In the Skype for Business Server 2015 Topology Builder window, accept the default of Download
Topology from existing deployment, and then click OK.
5. In the Save Topology As window, in the File name text box, type PreUpgrade, and then click Save.
6. In the Skype for Business Server 2015 Topology Builder window, in the left navigation pane, expand
Skype for Business Server, expand London, expand Lync Server 2013, and then expand Standard
Edition Front End Servers. Right-click TREY-LYNC.TreyResearch.net, and on the context menu,
click Upgrade to Skype for Business Server 2015.
7. In the Upgrade to Skype for Business Server 2015 window, click Yes. This will move
TREY-LYNC.TreyResearch.net to the Skype for Business Server 2015 folder structure in
the navigation pane.
8. In the left navigation pane, at the top, right-click Skype for Business Server, and then click Publish
Topology.
12. Review the to-do list that opens in Notepad, and then close Notepad.
13. In the Publishing wizard complete page, click Finish.
14. Close the Skype for Business Server 2015 Topology Builder window.
Results: After completing this exercise, you should have installed the Skype for Business administrative
tools on TREY-SVR1, and opened the Skype for Business Server Topology Builder. In addition, you
should have downloaded topology from the existing deployment, selected the Lync Server 2013
TREY-LYNC.TreyResearch.net for in-place upgrade, and published the topology.
3. From the Start menu, click to the Apps page (down arrow icon), and then click Lync Server
Management Shell.
MCT USE ONLY. STUDENT USE PROHIBITED
Core Solutions of Skype for Business 2015 L13-103
4. In the Lync Server Management Shell, at the command prompt, type the following command, and
then press Enter to verify the replication of the topology:
Get-CsManagementStoreReplicationStatus
5. Validate that the replication status UpToDate has a value of True. If it does not, wait a few minutes,
and then rerun the following command:
Get-CsManagementStoreReplicationStatus
6. In the Lync Server Management Shell window, type the following command, and then press Enter to
stop all Lync Server 2013 services prior to upgrading:
Disable-CsComputer –Scorch
10. In File Explorer, expand drive D, expand Setup, expand amd64, and then double-click Setup.exe.
11. Wait for Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.21005 installation to complete.
12. In the Skype for Business Server 2015 Check for Updates? dialog box, select Don’t check for
updates right now, and then click Next.
13. In the License Agreement window, select the I accept the terms in the license agreement check
box, and then click OK.
14. Wait while the Skype for Business Server 2015 In-Place Upgrade wizard completes the full cycle of
verifying prerequisites, uninstalling Lync Server 2013 components, installing Skype for Business Server
2015, and upgrading and re-attaching the databases.
15. When the upgrade completes, click OK twice to exit the installer.
17. From the Start menu, open the Skype for Business Server Management Shell.
18. In the Skype for Business Server Management Shell, at the command prompt, type the following
command, and then press Enter to start the TREY-LYNC.TreyResearch.net pool:
19. Press Y, and when the message “Please make sure all servers in the Skype for Business Server pool
have Skype for Business Server 2015 or greater version” displays, press Enter.
MCT USE ONLY. STUDENT USE PROHIBITED
L13-104 Planning and Implementing an Upgrade to Skype for Business Server 2015
Note: This can take from a few seconds to several minutes depending on
Windows Fabric.
21. When the Start-CsPool cmdlet has completed executing, type the following command, and then
press Enter to validate that services are running:
Get-CsWindowsService
Note: You have now completed a full in-place upgrade to Skype for Business Server.
Results: After completing this exercise, you should have validated the replication of the Central
Management Store (CMS) and performed an in-place upgrade of TREY-LYNC.TreyResearch.net from
Lync Server 2013 to Skype for Business Server.