20334B ENU TrainerHandbook PDF

MCT USE ONLY.
STUDENT USE PROHIBITED

O F F I C I A L M I C R O S O F T L E A R N I N G P R O D U C T
20334B
Core Solutions of Skype for Business 2015
MCT USE ONLY. STUDENT USE PROHIBITED
ii Core Solutions of Skype for Business 2015
Information in this document, including URL and other Internet Web site references, is subject to change
without notice. Unless otherwise noted, the example companies, organizations, products, domain names,
e-mail addresses, logos, people, places, and events depicted herein are fictitious, and no association with
any real company, organization, product, domain name, e-mail address, logo, person, place or event is
intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the
user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in
or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical,
photocopying, recording, or otherwise), or for any purpose, without the express written permission of
Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property
rights covering subject matter in this document. Except as expressly provided in any written license
agreement from Microsoft, the furnishing of this document does not give you any license to these
patents, trademarks, copyrights, or other intellectual property.
The names of manufacturers, products, or URLs are provided for informational purposes only and
Microsoft makes no representations and warranties, either expressed, implied, or statutory, regarding
these manufacturers or the use of the products with any Microsoft technologies. The inclusion of a
manufacturer or product does not imply endorsement of Microsoft of the manufacturer or product. Links
may be provided to third party sites. Such sites are not under the control of Microsoft and Microsoft is not
responsible for the contents of any linked site or any link contained in a linked site, or any changes or
updates to such sites. Microsoft is not responsible for webcasting or any other form of transmission
received from any linked site. Microsoft is providing these links to you only as a convenience, and the
inclusion of any link does not imply endorsement of Microsoft of the site or the products contained
therein.
© 2016 Microsoft Corporation. All rights reserved.
Microsoft and the trademarks listed at http://www.microsoft.com/trademarks are trademarks of the

Microsoft group of companies. All other trademarks are property of their respective owners.
Product Number: 20334B
Part Number: X20-83318
Released: 05/2016
MICROSOFT LICENSE TERMS
MICROSOFT INSTRUCTOR-LED COURSEWARE
These license terms are an agreement between Microsoft Corporation (or based on where you live, one of its
affiliates) and you. Please read them. They apply to your use of the content accompanying this agreement which
includes the media on which you received it, if any. These license terms also apply to Trainer Content and any
updates and supplements for the Licensed Content unless other terms accompany those items. If so, those terms
apply.
BY ACCESSING, DOWNLOADING OR USING THE LICENSED CONTENT, YOU ACCEPT THESE TERMS.
IF YOU DO NOT ACCEPT THEM, DO NOT ACCESS, DOWNLOAD OR USE THE LICENSED CONTENT.
If you comply with these license terms, you have the rights below for each license you acquire.
1. DEFINITIONS.
a. “Authorized Learning Center” means a Microsoft IT Academy Program Member, Microsoft Learning
Competency Member, or such other entity as Microsoft may designate from time to time.
b. “Authorized Training Session” means the instructor-led training class using Microsoft Instructor-Led
Courseware conducted by a Trainer at or through an Authorized Learning Center.
c. “Classroom Device” means one (1) dedicated, secure computer that an Authorized Learning Center owns
or controls that is located at an Authorized Learning Center’s training facilities that meets or exceeds the
hardware level specified for the particular Microsoft Instructor-Led Courseware.
d. “End User” means an individual who is (i) duly enrolled in and attending an Authorized Training Session
or Private Training Session, (ii) an employee of a MPN Member, or (iii) a Microsoft full-time employee.
e. “Licensed Content” means the content accompanying this agreement which may include the Microsoft
Instructor-Led Courseware or Trainer Content.
f. “Microsoft Certified Trainer” or “MCT” means an individual who is (i) engaged to teach a training session
to End Users on behalf of an Authorized Learning Center or MPN Member, and (ii) currently certified as a
Microsoft Certified Trainer under the Microsoft Certification Program.
g. “Microsoft Instructor-Led Courseware” means the Microsoft-branded instructor-led training course that
educates IT professionals and developers on Microsoft technologies. A Microsoft Instructor-Led
Courseware title may be branded as MOC, Microsoft Dynamics or Microsoft Business Group courseware.
h. “Microsoft IT Academy Program Member” means an active member of the Microsoft IT Academy
Program.
i. “Microsoft Learning Competency Member” means an active member of the Microsoft Partner Network
program in good standing that currently holds the Learning Competency status.
j. “MOC” means the “Official Microsoft Learning Product” instructor-led courseware known as Microsoft
Official Course that educates IT professionals and developers on Microsoft technologies.
k. “MPN Member” means an active Microsoft Partner Network program member in good standing.
l. “Personal Device” means one (1) personal computer, device, workstation or other digital electronic device
that you personally own or control that meets or exceeds the hardware level specified for the particular
Microsoft Instructor-Led Courseware.
m. “Private Training Session” means the instructor-led training classes provided by MPN Members for
corporate customers to teach a predefined learning objective using Microsoft Instructor-Led Courseware.
These classes are not advertised or promoted to the general public and class attendance is restricted to
individuals employed by or contracted by the corporate customer.
n. “Trainer” means (i) an academically accredited educator engaged by a Microsoft IT Academy Program
Member to teach an Authorized Training Session, and/or (ii) a MCT.
o. “Trainer Content” means the trainer version of the Microsoft Instructor-Led Courseware and additional
supplemental content designated solely for Trainers’ use to teach a training session using the Microsoft
Instructor-Led Courseware. Trainer Content may include Microsoft PowerPoint presentations, trainer
preparation guide, train the trainer materials, Microsoft One Note packs, classroom setup guide and Pre-
release course feedback form. To clarify, Trainer Content does not include any software, virtual hard
disks or virtual machines.
2. USE RIGHTS. The Licensed Content is licensed not sold. The Licensed Content is licensed on a one copy
per user basis, such that you must acquire a license for each individual that accesses or uses the Licensed
Content.
2.1 Below are five separate sets of use rights. Only one set of rights apply to you.
a. If you are a Microsoft IT Academy Program Member:

i. Each license acquired on behalf of yourself may only be used to review one (1) copy of the Microsoft
Instructor-Led Courseware in the form provided to you. If the Microsoft Instructor-Led Courseware is
in digital format, you may install one (1) copy on up to three (3) Personal Devices. You may not
install the Microsoft Instructor-Led Courseware on a device you do not own or control.
ii. For each license you acquire on behalf of an End User or Trainer, you may either:
1. distribute one (1) hard copy version of the Microsoft Instructor-Led Courseware to one (1) End
User who is enrolled in the Authorized Training Session, and only immediately prior to the
commencement of the Authorized Training Session that is the subject matter of the Microsoft
Instructor-Led Courseware being provided, or
2. provide one (1) End User with the unique redemption code and instructions on how they can
access one (1) digital version of the Microsoft Instructor-Led Courseware, or
3. provide one (1) Trainer with the unique redemption code and instructions on how they can
access one (1) Trainer Content,
provided you comply with the following:
iii. you will only provide access to the Licensed Content to those individuals who have acquired a valid
license to the Licensed Content,
iv. you will ensure each End User attending an Authorized Training Session has their own valid licensed
copy of the Microsoft Instructor-Led Courseware that is the subject of the Authorized Training
Session,
v. you will ensure that each End User provided with the hard-copy version of the Microsoft Instructor-
Led Courseware will be presented with a copy of this agreement and each End User will agree that
their use of the Microsoft Instructor-Led Courseware will be subject to the terms in this agreement
prior to providing them with the Microsoft Instructor-Led Courseware. Each individual will be required
to denote their acceptance of this agreement in a manner that is enforceable under local law prior to
their accessing the Microsoft Instructor-Led Courseware,
vi. you will ensure that each Trainer teaching an Authorized Training Session has their own valid
licensed copy of the Trainer Content that is the subject of the Authorized Training Session,
vii. you will only use qualified Trainers who have in-depth knowledge of and experience with the
Microsoft technology that is the subject of the Microsoft Instructor-Led Courseware being taught for
all your Authorized Training Sessions,
viii. you will only deliver a maximum of 15 hours of training per week for each Authorized Training
Session that uses a MOC title, and
ix. you acknowledge that Trainers that are not MCTs will not have access to all of the trainer resources
for the Microsoft Instructor-Led Courseware.
b. If you are a Microsoft Learning Competency Member:

User attending the Authorized Training Session and only immediately prior to the
commencement of the Authorized Training Session that is the subject matter of the Microsoft
Instructor-Led Courseware provided, or
2. provide one (1) End User attending the Authorized Training Session with the unique redemption
code and instructions on how they can access one (1) digital version of the Microsoft Instructor-
Led Courseware, or
3. you will provide one (1) Trainer with the unique redemption code and instructions on how they
can access one (1) Trainer Content,
iv. you will ensure that each End User attending an Authorized Training Session has their own valid
licensed copy of the Microsoft Instructor-Led Courseware that is the subject of the Authorized
Training Session,
v. you will ensure that each End User provided with a hard-copy version of the Microsoft Instructor-Led
Courseware will be presented with a copy of this agreement and each End User will agree that their
use of the Microsoft Instructor-Led Courseware will be subject to the terms in this agreement prior to
providing them with the Microsoft Instructor-Led Courseware. Each individual will be required to
denote their acceptance of this agreement in a manner that is enforceable under local law prior to
vi. you will ensure that each Trainer teaching an Authorized Training Session has their own valid
licensed copy of the Trainer Content that is the subject of the Authorized Training Session,
vii. you will only use qualified Trainers who hold the applicable Microsoft Certification credential that is
the subject of the Microsoft Instructor-Led Courseware being taught for your Authorized Training
Sessions,
viii. you will only use qualified MCTs who also hold the applicable Microsoft Certification credential that is
the subject of the MOC title being taught for all your Authorized Training Sessions using MOC,
ix. you will only provide access to the Microsoft Instructor-Led Courseware to End Users, and
x. you will only provide access to the Trainer Content to Trainers.
c. If you are a MPN Member:
User attending the Private Training Session, and only immediately prior to the commencement
of the Private Training Session that is the subject matter of the Microsoft Instructor-Led
Courseware being provided, or
2. provide one (1) End User who is attending the Private Training Session with the unique
redemption code and instructions on how they can access one (1) digital version of the
Microsoft Instructor-Led Courseware, or
3. you will provide one (1) Trainer who is teaching the Private Training Session with the unique
redemption code and instructions on how they can access one (1) Trainer Content,
iv. you will ensure that each End User attending an Private Training Session has their own valid licensed
copy of the Microsoft Instructor-Led Courseware that is the subject of the Private Training Session,
v. you will ensure that each End User provided with a hard copy version of the Microsoft Instructor-Led
Courseware will be presented with a copy of this agreement and each End User will agree that their
use of the Microsoft Instructor-Led Courseware will be subject to the terms in this agreement prior to
providing them with the Microsoft Instructor-Led Courseware. Each individual will be required to
denote their acceptance of this agreement in a manner that is enforceable under local law prior to
vi. you will ensure that each Trainer teaching an Private Training Session has their own valid licensed
copy of the Trainer Content that is the subject of the Private Training Session,
vii. you will only use qualified Trainers who hold the applicable Microsoft Certification credential that is
the subject of the Microsoft Instructor-Led Courseware being taught for all your Private Training
Sessions,
viii. you will only use qualified MCTs who hold the applicable Microsoft Certification credential that is the
subject of the MOC title being taught for all your Private Training Sessions using MOC,
ix. you will only provide access to the Microsoft Instructor-Led Courseware to End Users, and
x. you will only provide access to the Trainer Content to Trainers.
d. If you are an End User:

For each license you acquire, you may use the Microsoft Instructor-Led Courseware solely for your
personal training use. If the Microsoft Instructor-Led Courseware is in digital format, you may access the
Microsoft Instructor-Led Courseware online using the unique redemption code provided to you by the
training provider and install and use one (1) copy of the Microsoft Instructor-Led Courseware on up to
three (3) Personal Devices. You may also print one (1) copy of the Microsoft Instructor-Led Courseware.
You may not install the Microsoft Instructor-Led Courseware on a device you do not own or control.
e. If you are a Trainer.

i. For each license you acquire, you may install and use one (1) copy of the Trainer Content in the
form provided to you on one (1) Personal Device solely to prepare and deliver an Authorized
Training Session or Private Training Session, and install one (1) additional copy on another Personal
Device as a backup copy, which may be used only to reinstall the Trainer Content. You may not
install or use a copy of the Trainer Content on a device you do not own or control. You may also
print one (1) copy of the Trainer Content solely to prepare for and deliver an Authorized Training
Session or Private Training Session.
ii. You may customize the written portions of the Trainer Content that are logically associated with
instruction of a training session in accordance with the most recent version of the MCT agreement.
If you elect to exercise the foregoing rights, you agree to comply with the following: (i)
customizations may only be used for teaching Authorized Training Sessions and Private Training
Sessions, and (ii) all customizations will comply with this agreement. For clarity, any use of
“customize” refers only to changing the order of slides and content, and/or not using all the slides or
content, it does not mean changing or modifying any slide or content.
2.2 Separation of Components. The Licensed Content is licensed as a single unit and you may not
separate their components and install them on different devices.
2.3 Redistribution of Licensed Content. Except as expressly provided in the use rights above, you may
not distribute any Licensed Content or any portion thereof (including any permitted modifications) to any
third parties without the express written permission of Microsoft.
2.4 Third Party Notices. The Licensed Content may include third party code tent that Microsoft, not the
third party, licenses to you under this agreement. Notices, if any, for the third party code ntent are included
for your information only.
2.5 Additional Terms. Some Licensed Content may contain components with additional terms,
conditions, and licenses regarding its use. Any non-conflicting terms in those conditions and licenses also
apply to your use of that respective component and supplements the terms described in this agreement.
3. LICENSED CONTENT BASED ON PRE-RELEASE TECHNOLOGY. If the Licensed Content’s subject

matter is based on a pre-release version of Microsoft technology (“Pre-release”), then in addition to the
other provisions in this agreement, these terms also apply:
a. Pre-Release Licensed Content. This Licensed Content subject matter is on the Pre-release version of
the Microsoft technology. The technology may not work the way a final version of the technology will
and we may change the technology for the final version. We also may not release a final version.
Licensed Content based on the final version of the technology may not contain the same information as
the Licensed Content based on the Pre-release version. Microsoft is under no obligation to provide you
with any further content, including any Licensed Content based on the final version of the technology.
b. Feedback. If you agree to give feedback about the Licensed Content to Microsoft, either directly or
through its third party designee, you give to Microsoft without charge, the right to use, share and
commercialize your feedback in any way and for any purpose. You also give to third parties, without
charge, any patent rights needed for their products, technologies and services to use or interface with
any specific parts of a Microsoft technology, Microsoft product, or service that includes the feedback.
You will not give feedback that is subject to a license that requires Microsoft to license its technology,
technologies, or products to third parties because we include your feedback in them. These rights
survive this agreement.
c. Pre-release Term. If you are an Microsoft IT Academy Program Member, Microsoft Learning
Competency Member, MPN Member or Trainer, you will cease using all copies of the Licensed Content on
the Pre-release technology upon (i) the date which Microsoft informs you is the end date for using the
Licensed Content on the Pre-release technology, or (ii) sixty (60) days after the commercial release of the
technology that is the subject of the Licensed Content, whichever is earliest (“Pre-release term”).
Upon expiration or termination of the Pre-release term, you will irretrievably delete and destroy all copies
of the Licensed Content in your possession or under your control.
4. SCOPE OF LICENSE. The Licensed Content is licensed, not sold. This agreement only gives you some
rights to use the Licensed Content. Microsoft reserves all other rights. Unless applicable law gives you more
rights despite this limitation, you may use the Licensed Content only as expressly permitted in this
agreement. In doing so, you must comply with any technical limitations in the Licensed Content that only
allows you to use it in certain ways. Except as expressly permitted in this agreement, you may not:
• access or allow any individual to access the Licensed Content if they have not acquired a valid license
for the Licensed Content,
• alter, remove or obscure any copyright or other protective notices (including watermarks), branding
or identifications contained in the Licensed Content,
• modify or create a derivative work of any Licensed Content,
• publicly display, or make the Licensed Content available for others to access or use,
• copy, print, install, sell, publish, transmit, lend, adapt, reuse, link to or post, make available or
distribute the Licensed Content to any third party,
• work around any technical limitations in the Licensed Content, or
• reverse engineer, decompile, remove or otherwise thwart any protections or disassemble the
Licensed Content except and only to the extent that applicable law expressly permits, despite this
limitation.
5. RESERVATION OF RIGHTS AND OWNERSHIP. Microsoft reserves all rights not expressly granted to
you in this agreement. The Licensed Content is protected by copyright and other intellectual property laws
and treaties. Microsoft or its suppliers own the title, copyright, and other intellectual property rights in the
Licensed Content.
6. EXPORT RESTRICTIONS. The Licensed Content is subject to United States export laws and regulations.
You must comply with all domestic and international export laws and regulations that apply to the Licensed
Content. These laws include restrictions on destinations, end users and end use. For additional information,
see www.microsoft.com/exporting.
7. SUPPORT SERVICES. Because the Licensed Content is “as is”, we may not provide support services for it.
8. TERMINATION. Without prejudice to any other rights, Microsoft may terminate this agreement if you fail
to comply with the terms and conditions of this agreement. Upon termination of this agreement for any
reason, you will immediately stop all use of and delete and destroy all copies of the Licensed Content in
your possession or under your control.
9. LINKS TO THIRD PARTY SITES. You may link to third party sites through the use of the Licensed
Content. The third party sites are not under the control of Microsoft, and Microsoft is not responsible for
the contents of any third party sites, any links contained in third party sites, or any changes or updates to
third party sites. Microsoft is not responsible for webcasting or any other form of transmission received
from any third party sites. Microsoft is providing these links to third party sites to you only as a
convenience, and the inclusion of any link does not imply an endorsement by Microsoft of the third party
site.
10. ENTIRE AGREEMENT. This agreement, and any additional terms for the Trainer Content, updates and
supplements are the entire agreement for the Licensed Content, updates and supplements.
11. APPLICABLE LAW.

a. United States. If you acquired the Licensed Content in the United States, Washington state law governs
the interpretation of this agreement and applies to claims for breach of it, regardless of conflict of laws
principles. The laws of the state where you live govern all other claims, including claims under state
consumer protection laws, unfair competition laws, and in tort.
b. Outside the United States. If you acquired the Licensed Content in any other country, the laws of that
country apply.
12. LEGAL EFFECT. This agreement describes certain legal rights. You may have other rights under the laws
of your country. You may also have rights with respect to the party from whom you acquired the Licensed
Content. This agreement does not change your rights under the laws of your country if the laws of your
country do not permit it to do so.
13. DISCLAIMER OF WARRANTY. THE LICENSED CONTENT IS LICENSED "AS-IS" AND "AS
AVAILABLE." YOU BEAR THE RISK OF USING IT. MICROSOFT AND ITS RESPECTIVE
AFFILIATES GIVES NO EXPRESS WARRANTIES, GUARANTEES, OR CONDITIONS. YOU MAY
HAVE ADDITIONAL CONSUMER RIGHTS UNDER YOUR LOCAL LAWS WHICH THIS AGREEMENT
CANNOT CHANGE. TO THE EXTENT PERMITTED UNDER YOUR LOCAL LAWS, MICROSOFT AND
ITS RESPECTIVE AFFILIATES EXCLUDES ANY IMPLIED WARRANTIES OF MERCHANTABILITY,
FITNESS FOR A PARTICULAR PURPOSE AND NON-INFRINGEMENT.
14. LIMITATION ON AND EXCLUSION OF REMEDIES AND DAMAGES. YOU CAN RECOVER FROM
MICROSOFT, ITS RESPECTIVE AFFILIATES AND ITS SUPPLIERS ONLY DIRECT DAMAGES UP
TO US$5.00. YOU CANNOT RECOVER ANY OTHER DAMAGES, INCLUDING CONSEQUENTIAL,
LOST PROFITS, SPECIAL, INDIRECT OR INCIDENTAL DAMAGES.
This limitation applies to

o anything related to the Licensed Content, services, content (including code) on third party Internet
sites or third-party programs; and
o claims for breach of contract, breach of warranty, guarantee or condition, strict liability, negligence,
or other tort to the extent permitted by applicable law.
It also applies even if Microsoft knew or should have known about the possibility of the damages. The
above limitation or exclusion may not apply to you because your country may not allow the exclusion or
limitation of incidental, consequential or other damages.
Please note: As this Licensed Content is distributed in Quebec, Canada, some of the clauses in this
agreement are provided below in French.
Remarque : Ce le contenu sous licence étant distribué au Québec, Canada, certaines des clauses
dans ce contrat sont fournies ci-dessous en français.
EXONÉRATION DE GARANTIE. Le contenu sous licence visé par une licence est offert « tel quel ». Toute
utilisation de ce contenu sous licence est à votre seule risque et péril. Microsoft n’accorde aucune autre garantie
expresse. Vous pouvez bénéficier de droits additionnels en vertu du droit local sur la protection dues
consommateurs, que ce contrat ne peut modifier. La ou elles sont permises par le droit locale, les garanties
implicites de qualité marchande, d’adéquation à un usage particulier et d’absence de contrefaçon sont exclues.
LIMITATION DES DOMMAGES-INTÉRÊTS ET EXCLUSION DE RESPONSABILITÉ POUR LES

DOMMAGES. Vous pouvez obtenir de Microsoft et de ses fournisseurs une indemnisation en cas de dommages
directs uniquement à hauteur de 5,00 $ US. Vous ne pouvez prétendre à aucune indemnisation pour les autres
dommages, y compris les dommages spéciaux, indirects ou accessoires et pertes de bénéfices.
Cette limitation concerne:
• tout ce qui est relié au le contenu sous licence, aux services ou au contenu (y compris le code)
figurant sur des sites Internet tiers ou dans des programmes tiers; et.
• les réclamations au titre de violation de contrat ou de garantie, ou au titre de responsabilité
stricte, de négligence ou d’une autre faute dans la limite autorisée par la loi en vigueur.
Elle s’applique également, même si Microsoft connaissait ou devrait connaître l’éventualité d’un tel dommage. Si
votre pays n’autorise pas l’exclusion ou la limitation de responsabilité pour les dommages indirects, accessoires
ou de quelque nature que ce soit, il se peut que la limitation ou l’exclusion ci-dessus ne s’appliquera pas à votre
égard.
EFFET JURIDIQUE. Le présent contrat décrit certains droits juridiques. Vous pourriez avoir d’autres droits
prévus par les lois de votre pays. Le présent contrat ne modifie pas les droits que vous confèrent les lois de votre
pays si celles-ci ne le permettent pas.
Revised July 2013

Core Solutions of Skype for Business 2015 xi
xii Core Solutions of Skype for Business 2015
Acknowledgements
Microsoft Learning wants to acknowledge and thank the following for their contribution toward
developing this title. Their effort at various stages in the development has ensured that you have a good
classroom experience.
Stan Reimer – Content Developer

Stan Reimer is president of S. R. Technical Services Inc., and he works as a consultant, trainer, and author.
Stan has extensive experience consulting on Exchange Server and Active Directory deployments for some
of the largest companies in Canada. Stan is the lead author for two Active Directory books for Microsoft
Press. For the last ten years, Stan has been writing courseware for Microsoft Learning, specializing in
Active Directory and Exchange Server courses. Stan has been a Microsoft Certified Trainer (MCT) for 14
years.
Allan Jacobs – Content Developer

Allan Jacobs is a trainer, consultant, and writer based in New York City. While technically an independent,
Allan works almost exclusively for Global Knowledge and spends much of his time travelling to client sites
and training centers throughout the United States and Canada. He has taught many Train-the-Trainer
sessions for instructional skills, in addition to Microsoft Lync and System Center at Microsoft Certified
Trainer Summits. For the last nine years, Allan has been selected to staff the Microsoft TechEd conference
and now the Microsoft Ignite conference, and he has served as a subject matter expert on several projects
for Microsoft Learning. Allan also co-authored the revision of the Microsoft courseware for Microsoft
Office Communications Server 2007 R2 and the Lync 2013 Depth Support Engineer course. In his younger
days, Allan practiced law—something he has happily avoided for the last 15 years.
Richard Luckett – Content Developer

Richard Luckett is a consultant and instructor specializing in Unified Messaging and unified
communications. Richard has 20+ years of experience in both the public and private sectors. He is an
experienced instructor with over 15 years of training experience. Richard co-authored Microsoft Exchange
Server 2007: The Complete Reference, published by McGraw-Hill, and he authored seven bestselling
courses for Global Knowledge. Richard co-authored the Microsoft Lync Server 2013 Premier Support for
Lync Partners Depth Support Engineer course. Richard is an expert in deploying and supporting unified
communications solutions that use Unified Messaging and Skype for Business Server. Richard currently
leads the training and consulting practice at Learn IT Solution Group (litsg.com).
Clifton Leonard – Content Developer

Clifton Leonard is a content developer and subject matter expert with more than 25 years of experience in
the IT industry as an engineer, architect, consultant, trainer, and author. Clifton has extensive experience
consulting on Active Directory, Microsoft Exchange Server, Microsoft Lync Server, identity management,
and Microsoft Office 365. His clients include large energy corporations, K–12 schools, universities,
technology manufacturers, financial institutions, the United States Air Force, and the United States
Department of Defense. Clifton has been involved as a subject matter expert for multiple courses on
Windows Desktop, Windows Server, Exchange Server, Microsoft SharePoint Server, Hyper-V, identity
management, and Office 365
Core Solutions of Skype for Business 2015 xiii
Jan Fredborg – Content Developer

Jan Fredborg is a partner of RackPeople in Denmark, and he works as a Skype for Business lead,
consultant, trainer, and author. Jan has extensive experience consulting, primarily on Microsoft Office
Communications Server, Microsoft Lync, and Skype for Business. He has led the implementation of Lync
and Skype for Business for some of the largest Danish companies, such as GN Netcom (Jabra), FLSmidth,
Rockwool, and others, in addition to internal, adapted training for NATO. Jan has been a valued speaker
at Microsoft Campus Days—a yearly, Danish event—for the last three years. Jan has been an active
Microsoft Certified Trainer since 1999, working for various training centers before starting his own
business in 2010. This is the first time Jan has developed Microsoft Official Course (MOC) material as a
subject matter expert.
xiv Core Solutions of Skype for Business 2015
Contents
Module 1: Design and Architecture of Skype for Business Server 2015
Module Overview 1-1
Lesson 1: Overview of Skype for Business Components and Features 1-2
Lesson 2: Introduction to the Skype for Business Administrative Tools 1-14
Lab: Designing and Publishing a Skype for Business Server Topology 1-21
Module Review and Takeaways 1-25
Module 2: Installing and Implementing Skype for Business Server 2015

Module Overview 2-1
Lesson 1: Server and Service Dependencies 2-2

Lesson 2: Planning SIP Domains 2-11
Lab A: Configuring DNS and Simple URLs for Skype for Business Server 2-17
Lesson 3: Installing Skype for Business Server 2-20

Lesson 4: Integrating Skype for Business Server with Exchange Server and
SharePoint Server 2-27
Lab B: Deploying Skype for Business Server 2-34

Module 3: Administering Skype for Business Server 2015

Module Overview 3-1
Lesson 1: Using Skype for Business Server Control Panel 3-2

Lesson 2: Using the Skype for Business Server Management Shell 3-5
Lab A: Using the Administrative Tools to Manage Skype for Business Server 3-8
Lesson 3: Implementing Role-Based Access Control 3-12

Lesson 4: Using Test Cmdlets 3-17
Lesson 5: Tools for Troubleshooting Skype for Business 3-20
Lab B: Using the Skype for Business Troubleshooting Tools 3-25

Core Solutions of Skype for Business 2015 xv
Module 4: Configuring Users and Clients in Skype for Business 2015

Module Overview 4-1
Lesson 1: Configuring Users 4-2
Lesson 2: Deploying the Skype for Business Client 4-6
Lesson 3: Registration, Sign-In, and Authentication 4-9
Lab A: Configuring Users and Clients in Skype for Business 2015 4-15
Lesson 4: Configuring Skype for Business Client Policies 4-19
Lesson 5: Managing the Skype for Business Address Book 4-25
Lab B: Configuring Policies and the Address Book in Skype for Business Server 4-28
Module 5: Configuring and Implementing Conferencing in Skype for Business 2015

Module Overview 5-1
Lesson 1: Introduction to Conferencing in Skype for Business 2015 5-2

Lesson 2: Integrating Skype for Business Server and Office Online Server 5-11
Lab A: Installing and Configuring Office Online Server 5-14
Lesson 3: Bandwidth Planning 5-17

Lesson 4: Configuring Conferencing Settings 5-25
Lab B: Configuring Conferencing in Skype for Business Server 5-31
Module 6: Implementing Additional Conferencing Options in Skype for

Business Server 2015
Module Overview 6-1
Lesson 1: Overview of the Conferencing Life Cycle 6-3
Lesson 2: Designing and Configuring Audio/Video and Web Conferencing Policies 6-7
Lab A: Implementing and Troubleshooting Conferencing Policies 6-11
Lesson 3: Deploying Dial-In Conferencing 6-15
Lesson 4: Configuring an LRS 6-24
Lesson 5: Configuring Large Meetings and Skype Meeting Broadcasts 6-28
Lab B: Configuring Additional Conferencing Modalities 6-32

xvi Core Solutions of Skype for Business 2015
Module 7: Designing and Implementing Monitoring and Archiving in

Skype for Business 2015
Module Overview 7-1
Lesson 1: Components of the Monitoring Service 7-2
Lab A: Implementing Monitoring 7-11
Lesson 2: Overview of Archiving 7-15
Lesson 3: Designing an Archiving Policy 7-19
Lesson 4: Implementing Archiving 7-24
Lab B: Implementing Archiving 7-27
Module 8: Deploying Skype for Business 2015 External Access

Module Overview 8-1
Lesson 1: Overview of External Access 8-2
Lesson 2: Configuring External Access Policies and Security 8-5

Lesson 3: Configuring External Access Network and Certificates 8-8
Lab A: Designing and Implementing External User Access 8-15
Lesson 4: Configuring Reverse Proxy 8-21

Lesson 5: Designing Mobility in Skype for Business Server 8-25
Lesson 6: Designing Federation in Skype for Business Server 8-29
Lab B: Installing the Components for External Users 8-32

Module 9: Implementing Persistent Chat in Skype for Business 2015

Module Overview 9-1
Lesson 1: Designing a Persistent Chat Server Topology 9-2

Lesson 2: Deploying Persistent Chat Server 9-10
Lab A: Designing and Deploying Persistent Chat Server 9-17
Lesson 3: Configuring and Managing Persistent Chat 9-23
Lab B: Configuring and Using Persistent Chat 9-31

Core Solutions of Skype for Business 2015 xvii
Module 10: Implementing High Availability in Skype for Business 2015

Module Overview 10-1
Lab A: Pre-Lab Configuration 10-2
Lesson 1: Planning for Front End Pool High Availability 10-4
Lesson 2: Planning for Back End Server High Availability 10-17
Lesson 3: High Availability for Other Component Servers 10-23
Lab B: Implementing High Availability 10-31
Module 11: Implementing Disaster Recovery in Skype for Business 2015

Lesson 1: Disaster Recovery Options in Skype for Business Server 11-2
Lesson 2: Implementing Disaster Recovery in Skype for Business Server 11-10
Lesson 3: Additional Disaster Recovery Options in Skype for Business Server 11-18
Lab: Implementing and Performing Disaster Recovery 11-24
Module 12: Integrating with Skype for Business Online

Lesson 1: Overview of Skype for Business Online 12-2
Lesson 2: Preparing for a Hybrid Skype for Business Deployment 12-11
Lesson 3: Configuring a Hybrid Skype for Business Environment 12-20

Lab: Designing a Hybrid Skype for Business Deployment 12-27
Module 13: Planning and Implementing an Upgrade to Skype for Business Server 2015
Lesson 1: Overview of Upgrade and Migration Paths 13-2
Lesson 2: Migrating to Skype for Business 2015 13-7
Lesson 3: In-Place Upgrade to Skype for Business 13-12
Lab: Performing an In-Place Upgrade of Microsoft Lync 2013 to

Skype for Business Server 2015 13-15

xviii Core Solutions of Skype for Business 2015
Lab Answer Keys

Module 1 Lab: Designing and Publishing a Skype for Business Server Topology L1-1
Module 2 Lab A: Configuring DNS and Simple URLs for Skype for Business Server L2-5
Module 2 Lab B: Deploying Skype for Business Server L2-7
Module 3 Lab A: Using the Administrative Tools to Manage Skype for Business Server L3-11
Module 3 Lab B: Using the Skype for Business Troubleshooting Tools L3-14
Module 4 Lab A: Configuring Users and Clients in Skype for Business 2015 L4-19
Module 4 Lab B: Configuring Policies and the Address Book in Skype for Business Server L4-22
Module 5 Lab A: Installing and Configuring Office Online Server L5-25

Module 5 Lab B: Configuring Conferencing in Skype for Business Server L5-28
Module 6 Lab A: Implementing and Troubleshooting Conferencing Policies L6-31
Module 6 Lab B: Configuring Additional Conferencing Modalities L6-34
Module 7 Lab A: Implementing Monitoring L7-39
Module 7 Lab B: Implementing Archiving L7-42
Module 8 Lab A: Designing and Implementing External User Access L8-47

Module 8 Lab B: Installing the Components for External Users L8-54
Module 9 Lab A: Designing and Deploying Persistent Chat Server L9-59
Module 9 Lab B: Configuring and Using Persistent Chat L9-65

Module 10 Lab A: Pre-Lab Configuration L10-79
Module 10 Lab B: Implementing High Availability L10-80
Module 11 Lab: Implementing and Performing Disaster Recovery L11-93

Module 12 Lab: Designing a Hybrid Skype for Business Deployment L12-99
Module 13 Lab: Performing an In-Place Upgrade of Microsoft Lync 2013 to

Skype for Business Server 2015 L13-101
About This Course xix
About This Course

This section provides a brief description of the course, audience, suggested prerequisites, and course
objectives.
Course Description
This course provides students with the knowledge and skills required to plan, deploy, configure, and
administer a Skype for Business 2015 solution. Students will learn how to deploy a multi-site and highly
available Skype for Business infrastructure that supports instant messaging, conferencing, Persistent Chat,
archiving, and monitoring. Students will also learn how to manage and maintain the infrastructure, and
troubleshoot issues that might arise.
This course focuses primarily on the on-premises deployment of Skype for Business, but it does include
information on how to integrate the on-premises deployment with Skype for Business Online and how to
migrate from previous versions of Microsoft Lync Server.
Audience
The primary audience for this course is information technology (IT) professionals who are responsible for
the Skype for Business 2015 deployment in their organizations. Experience with previous versions of Lync
Server is beneficial but not required to take this course. Students should be proficient with Active
Directory Domain Services (AD DS), data networks, and telecommunications standards and components
that support the configuration of Skype for Business. Students should also be familiar with Microsoft
Exchange Server and Microsoft Office 365.
The secondary audience for this course includes IT professionals who are planning to take the Exam
70- 334: Core Solutions of Skype for Business 2015 as a stand- alone exam or as part of the requirement
for the Microsoft Certified Solutions Expert (MCSE): Communications certification exam.
Student Prerequisites
This course requires that you meet the following prerequisites:
 Minimum of two years of experience administering either Windows Server 2012 or Windows Server
2008 R2.
 Minimum of two years of experience working with AD DS.
 Minimum of two years of experience working with name resolution, including Domain Name System
(DNS).
 Experience working with certificates, including public key infrastructure (PKI) certificates.
 Experience working with Windows PowerShell.

 Understanding of data networks and telecommunications standards and components.
Course Objectives
After completing this course, students will be able to:
 Describe the architecture of Skype for Business 2015 and design a Skype for Business 2015 topology.
 Install and implement Skype for Business Server 2015.

 Administer Skype for Business Server 2015 by using the various tools.
 Configure users and clients in Skype for Business 2015.
 Configure and implement conferencing in Skype for Business 2015.

xx About This Course
 Implement additional conferencing options, such as dial-in conferencing, Lync Room System, and
Skype Meeting Broadcast.
 Design and implement monitoring and archiving in Skype for Business 2015.
 Deploy Skype for Business 2015 external access.
 Implement Persistent Chat in Skype for Business 2015.

 Implement high availability in Skype for Business 2015.
 Implement disaster recovery in Skype for Business 2015.
 Design and deploy a hybrid Skype for Business environment.
Plan and implement an upgrade from Lync Server to Skype for Business Server 2015.
Course Outline
The course outline is as follows:
Module 1, “Design and Architecture of Skype for Business Server 2015," describes the high - level
components and features of Skype for Business 2015. It describes how to work with the Skype for Business
administrative tools. It describes the main components of Skype for Business Online and coexistence with
on-premises Skype for Business servers.
Module 2, “Installing and Implementing Skype for Business Server 2015,” explains the external
dependencies for Skype for Business Server. It describes the Session Initiation Protocol (SIP) domain
requirements to ensure a successful implementation. It also explains how to install Skype for Business
Server and describes how Skype for Business Server integrates with Microsoft Exchange Server and
Microsoft SharePoint Server.
Module 3, “Administering Skype for Business Server 2015,” explains how to administer and manage Skype
for Business Server by using Skype for Business Server Control Panel and the Skype for Business Server
Management Shell. It also explains how to implement role- based access control (RBAC) in Skype for
Business and how to use important Test cmdlets and tools to troubleshoot Skype for Business.
Module 4, “Configuring Users and Clients in Skype for Business 2015," explains how to configure users by
using Skype for Business Server Control Panel and the Skype for Business Server Management Shell. It
then describes how to deploy Skype for Business clients and explains the sign-in, registration, and
authentication process for Skype for Business clients. It also explains how to configure in-band policies
and group policies. Finally, it explains how to configure Skype for Business Server settings and manage the
Address Book.
Module 5, “Configuring and Implementing Conferencing in Skype for Business 2015," describes Skype for
Business conferencing features and modalities. It explains how to integrate Skype for Business Server 2015
with Office Online Server. It also explains how to plan for conferencing bandwidth utilization. Finally, it
explains how to configure conferencing settings and policies.
Module 6, “Implementing Additional Conferencing Options in Skype for Business Server 2015," describes
the conferencing lifecycle and explains how to administer it. It then explains how to use conferencing and
meeting policies. It also explains how to deploy dial-in conferencing and configure the infrastructure for
Lync Room System. Finally, it explains how to configure large meetings and Skype Meeting Broadcast.
Module 7, “Designing and Implementing Monitoring and Archiving in Skype for Business 2015," describes
the Monitoring Service components in Skype for Business Server, and how to implement monitoring. It
then describes archiving and explains how to design an archiving policy, Finally, it explains how to
implement archiving.
Module 8, “Deploying Skype for Business 2015 external access," describes the components for external
access. It then explains how to configure external access policies and security, configure certificates, and
About This Course xxi
configure reverse proxy. Also it describes how to configure Skype for Business Server 2015 for mobile
clients. Finally, it explains how to design and configure federation in Skype for Business Server.
Module 9, “Implementing Persistent Chat in Skype for Business 2015," explains how to design a Skype for
Business 2015 topology that includes Persistent Chat. It then explains how to deploy Persistent Chat in
Skype for Business. Finally, it explains how to configure and manage Persistent Chat.
Module 10, “Implementing High Availability in Skype for Business 2015," describes how to design and
implement a high-availability solution for Front End Servers and Back End Servers in a Skype for Business
Server environment. It also explains how to design and implement a high-availability solution for file
stores, Edge Servers, Mediation Servers, Office Online Server farms, and reverse proxy servers in a Skype
for Business Server environment.
Module 11, “Implementing Disaster Recovery in Skype for Business 2015," describes the disaster recovery
options in Skype for Business Server 2015. It then explains how to implement disaster recovery in Skype
for Business Server. Additionally, it describes the disaster recovery options for Persistent Chat, the Central
Management store, the Location Information Service (LIS) database, and user data.
Module 12, “Integrating with Skype for Business Online," describes Skype for Business Online features. It
then explains how to prepare an on-premises environment for a hybrid Skype for Business deployment. It
also explains how to configure a hybrid Skype for Business deployment.
Module 13, “Planning and Implementing an Upgrade to Skype for Business Server 2015," describe how
to plan a side-by-side migration from Lync Server 2010 and Lync Server 2013 to Skype for Business Server
2015. It also explains how to perform an in-place upgrade from Lync Server 2013 to Skype for Business
Server.
xxii About This Course
Course Materials
The following materials are included with your kit:
 Course Handbook: a succinct classroom learning guide that provides the critical technical
information in a crisp, tightly-focused format, which is essential for an effective in-class learning
experience.
o Lessons: guide you through the learning objectives and provide the key points that are critical to
the success of the in-class learning experience.
o Labs: provide a real-world, hands-on platform for you to apply the knowledge and skills learned
in the module.
o Module Reviews and Takeaways: provide on-the-job reference material to boost knowledge
and skills retention.
o Lab Answer Keys: provide step-by-step lab solution guidance.
Additional Reading: Course Companion Content on the

http://www.microsoft.com/learning/en/us/companion-moc.aspx Site: searchable, easy-to-
browse digital content with integrated premium online resources that supplement the Course
Handbook.
 Modules: include companion content, such as questions and answers, detailed demo steps and
additional reading links, for each lesson. Additionally, they include Lab Review questions and answers
and Module Reviews and Takeaways sections, which contain the review questions and answers, best
practices, common issues and troubleshooting tips with answers, and real-world issues and scenarios
with answers.
 Resources: include well-categorized additional resources that give you immediate access to the most
current premium content on TechNet, MSDN, or Microsoft Press.
 Course evaluation: at the end of the course, you will have the opportunity to complete an online
evaluation to provide feedback on the course, training facility, and instructor.
o To provide additional comments or feedback on the course, please go to

mcspprt@microsoft.com. To inquire about the Microsoft Certification Program,
send an email to mcphelp@microsoft.com.
About This Course xxiii
Virtual Machine Environment

This section provides the information for setting up the classroom environment to support the course’s
business scenario.
Virtual Machine Configuration

In this course, you will use Microsoft Hyper-V to perform the labs.
Important: Pay close attention to the steps at the end of each lab that explain what you
need to do with the virtual machines. In most labs, you will revert the virtual machine to the
checkpoint created during classroom setup. In some labs, you will not revert the virtual
machines, but will keep them running for the next lab.
The following table shows the role of each virtual machine that is used in this course:
Virtual machine role Virtual machine role
20334B-LON-DC1 Windows Server 2012 R2 domain controller in

the Adatum.com domain
20334B-LON-RTR Windows Server 2012 R2 server configured as a

router
20334B-LON-SFB1 Skype for Business Server 2015 server
20334B-LON-SFB2 Skype for Business Server 2015 server
20334B-LON-SVR Windows Server 2012 R2 server prepared for

several lab roles
20334B-LON-EX1 Exchange Server 2016 server
20334B-LON-CL1 Windows 10 Enterprise computer
20334B-LON-CL2 Windows 10 Enterprise computer
20334B-LON-SQL1 Microsoft SQL Server 2014 server
20334B-LON-LB Linux based hardware load balancer
20334B-NYC-SFB3 Windows Server 2012 R2 server used to install

Skype for Business
20334B-NYC-SQL3 Microsoft SQL Server 2014 server
20334B-LON-EDG Skype for Business Edge server
20334B-LON-PXY Web Application Proxy server
20334B-TREY-DC1 Domain controller in the TreyResearch.com

domain
20334B-TREY-SVR1 Windows Server 2012 R2 server in the

TreyResearch.com domain
20334B-TREY-LYNC Lync Server 2013 server

xxiv About This Course
Course Hardware Level

Software Configuration
The following software is installed on the virtual machines:
 Windows Server 2012 R2
 Windows 10 client (Windows 10 Enterprise)
 Skype for Business Server 2015
 Microsoft SQL Server 2014 Enterprise SP1
 Microsoft Exchange Server 2016
 Microsoft Office 2016
 The Skype for Business client
 Microsoft Lync Server 2013
Classroom Setup
Each classroom computer will have the same virtual machine configured in the same way.
Course Hardware Level

To ensure a satisfactory student experience, Microsoft Learning requires a minimum equipment
configuration for trainer and student computers in all Microsoft Learning Partner classrooms in which
Official Microsoft Learning Product courseware is taught. These configuration requirements include:
 Processor: 64 - bit Intel Virtualization Technology (Intel VT) or AMD Virtualization (AMD - V)
processor (2.8 gigahertz dual core or better recommended)
 Hard Disk: Dual 500 gigabyte (GB) hard disks 7200 RPM SATA labeled C drive and D drive. Solid State
drives are strongly recommended.
 RAM: 32 GB or higher
 DVD/CD: DVD; dual layer recommended
 Network Adapter
 Sound Card with amplified speakers

 Monitor: Dual SVGA monitors 17” or larger supporting 1440X900 minimum resolution
Additionally, the instructor ’s computer must be connected to a projection display device that supports
SVGA 1024 × 768 pixels, 16 - bit colors.
1-1
Module 1
Design and Architecture of Skype for Business Server 2015
Contents:
Module Overview 1-1
Lesson 1: Overview of Skype for Business Components and Features 1-2
Lesson 2: Introduction to the Skype for Business Administrative Tools 1-14
Lab: Designing and Publishing a Skype for Business Server Topology 1-21
Module Overview
Skype for Business Server 2015 offers several enhancements to server roles and client features, and it
provides new tools for administration. You should understand the overall architecture of Skype for
Business Server and the core capabilities that it offers. This understanding will help you plan and design
a Skype for Business Server implementation that meets organizational and user needs.
Objectives
After completing this module, you will be able to:
• Describe the high-level components and features of Skype for Business 2015.
• Work with Skype for Business administrative tools.

1-2 Design and Architecture of Skype for Business Server 2015
Lesson 1
Overview of Skype for Business Components and Features
Skype for Business Server introduces many new features and significant enhancements to existing features
and functionality from previous versions. To use Skype for Business Server, you should understand its
architecture, server roles and features, and deployment options. This will help you to design a Skype for
Business Server implementation that meets your organizational needs. Skype for Business Server has a
Session Initiation Protocol (SIP)–based foundation. You should know how Skype for Business Server uses
SIP to create, modify, and terminate sessions.
Lesson Objectives
After completing this lesson, you will be able to:
• Explain the architecture of Skype for Business Server.
• Identify the key features of Skype for Business.

• Describe each of the server roles in Skype for Business Server.
• Describe Skype for Business Online.
• Describe the Skype for Business deployment options.
• Describe the Skype for Business Enterprise Voice feature.
• Identify the protocols and media that Skype for Business Server uses.
• Design a topology.
Skype for Business Server Architecture
Before planning or deploying Skype for Business,

you should be familiar with its components
and the Skype for Business editions. A basic
understanding of Skype for Business terminology
will help you perform a successful deployment.
Skype for Business components

A Skype for Business deployment can include
several different components:
• Skype for Business clients. Multiple clients are

available for users to interface with Skype for
Business Server. Depending on the features that you require, this might be Skype for Business, Skype
for Business Web App, Microsoft Lync 2013, Lync Windows Store app, Lync 2013 Basic, Lync 2010,
Lync 2010 Attendant, Lync Phone Edition, Microsoft Communicator for Mac 2011, and Lync for
Mac 2011.
• Standard Edition servers. Standard Edition servers are single servers that provide all standard
functionality on a single server. A Standard Edition server includes a collocated Microsoft SQL Server
Express database. You can deploy multiple Standard Edition servers in a Skype for Business
deployment.
Core Solutions of Skype for Business 2015 1-3
• Enterprise Edition servers. When you deploy Enterprise Edition Skype for Business Server, you deploy
one or more Front End Servers and one or more Back End Servers, which is an SQL database. You can
deploy multiple Enterprise Edition servers in a single site, or you can deploy multiple sites with
Enterprise Edition or Standard Edition servers.
• External users. These users access Skype for Business Server features from outside the organization.
• External partners (federated). Skype for Business Server users can communicate with users from other
organizations with Skype for Business through federation. Federated partners can communicate by
using instant messaging (IM), they can see presence information, and they can place Skype audio and
video calls.
• Microsoft Office 365. While Skype for Business features are available online through stand-alone
plans, users can also purchase these features with other services, such as email, through various
offerings from Office 365. Some of these plans include Office 365 Business Essentials and Office 365
Business Premium.
• Skype for Business Edge Servers. This server role in Skype for Business Server provides
communications with external users. This server role is necessary for providing communication
between Skype for Business Server and Skype users.
• Reverse proxy. This server role is necessary for external users to join Skype for Business online
meetings.
Skype for Business Server Standard Edition and Enterprise Edition
Skype for Business Server Standard Edition is suitable for small organizations and for pilot projects in
large organizations. Standard Edition has many Skype for Business Server features, such as IM, presence,
conferencing, Enterprise Voice, and the necessary databases to run on a single server. By using Skype for
Business Server Standard Edition, you can help users experience most of the rich features of Skype for
Business Server. On the other hand, Enterprise Edition provides all of the features in Standard Edition, in
addition to providing scalable high availability. To support high availability in Standard Edition, you need
to deploy two Standard Edition servers and pair them together.
Enterprise Voice and Unified Messaging

A Skype for Business Server Enterprise Voice deployment supports calls to and from a public switched
telephone network (PSTN). If you plan to deploy Microsoft Exchange Server in an organization, you can
use Exchange Server Unified Messaging (UM) features to provide voicemail to Enterprise Voice users.
Skype for Business Server also supports analog devices in the Enterprise Voice environment.
Skype for Business Server Features

Skype for Business Server includes many valuable
features:
• IM. The Skype for Business client provides IM

functionality that the Skype for Business Server
hosts. The solution provides IM features such as
group IM, and it extends the internal IM
infrastructure to external IM providers.
• Presence information. Skype for Business Server tracks presence information for all Skype for Business
users, and it provides this information to the Skype for Business client and other apps, such as
Microsoft Outlook 2013 or later.
• Web conferencing. Skype for Business Server can host on-premises conferences, which you can
schedule or run ad-hoc. Conferences can include IM, audio, video, app sharing, slide presentations,
and other forms of data collaboration.
• Audio and video conferencing. Users can join Skype for Business Server–based audio conferences
by using any desktop or mobile phone. When connecting to an audio conference by using a web
browser, users can provide a telephone number that the audio conferencing service calls. In addition
to audio conferencing, Skype for Business enables users to connect through high quality video
sessions. Both person-to-person and multiparty (three or more users) sessions are supported.
• Integration with Microsoft Office 2013 or later apps. When you implement Skype for Business Server,
Exchange Server 2013, Microsoft SharePoint Server 2013, and Office 2013 or later, you can provide a
seamless user experience between all the apps. For example, if you receive an email from another
user, you can see the user presence information when you read the email. When a user sets an out-
of-office response in Outlook 2013 or later, you will see that same response in your Skype for
Business client when viewing the user’s presence information.
• Unified Contact Store. The Unified Contact Store feature enables users to store all contact information
in their Exchange Server 2013 mailbox so that the contact list is available in Skype for Business 2015,
Outlook 2013 or later, and Outlook Web App. The Unified Contact Store is enabled by default in
Skype for Business Server.
• Voice over Internet Protocol (VoIP) telephony. In addition to Enterprise Voice, Cloud Private Branch
Exchange (PBX) with the PSTN Calling service enables Skype for Business users to place calls from
Office 365 with their computers by clicking an Outlook or Skype for Business contact. Users receive
calls simultaneously on all their registered user endpoints, which might include a VoIP phone, mobile
phone, or Skype for Business client.
Note: You might also consider using the Cloud PBX with on-premises PSTN connectivity if
you prefer to use your existing PSTN carrier. In this scenario, cloud-based users are enabled for
Cloud PBX, but their calls process through on-premises software.
• Support for remote users. Skype for Business Server has an Edge Server role that enables remote users
to utilize all Skype for Business Server features without a virtual private network connection.
• Support for federation. You can configure federation with other organizations that are running Skype
for Business Server, Lync Server, or Microsoft Office Communications Server, and you can provide full
Skype for Business functionality for users in the two organizations.
• Server-side conversation history. To allow mobile device access to conversation history, missed IM,
and call log data, Skype for Business Servers now archive this information for all mobile clients.
Integration with Exchange Server 2013 is necessary.
With Skype for Business, users can keep track of their contacts’ availability (presence), conduct IM sessions,
make calls by using VoIP, and initiate or join an audio, video, or web conference. User can also make
phone calls within the Skype for Business organization, with federated partners, or call phones on the
PSTN. The Skype for Business desktop client is available for the Windows and Macintosh operating
systems, and mobile versions are available for Windows Phone, iPhone, iPad, and Android devices.
Exchange Server 2013 integration
Exchange Server 2013 and Skype for Business Server integrate and work together to provide a complete
email and voice system. Together, they provide features that include IM, presence information, web
conferencing, and VoIP telephony. Exchange Server 2013 provides an email-messaging system, while
Skype for Business Server provides a telephony system when you configure it for Enterprise Voice.
UM can use Skype for Business Server to provide telephony services, while Skype for Business Server can
use UM to provide voicemail services. When you configure Exchange Server 2013 and Skype for Business
Server integration, Exchange Server 2013 will use Skype for Business Server as an IP-PBX. On the server
that is running Microsoft Server 2013, you will configure an IP gateway that references the server this is
running Skype for Business Server.
Server Roles in Skype for Business Server

Each server that is running Skype for Business
Server has one or more server roles. A server role
is a defined set of functionalities that a server
provides—in this case, Skype for Business Server.
You do not need to deploy all available server roles
in your network. Install only the server roles that
contain the functionality that you want.
If you are not familiar with server roles in Skype for

Business Server, you can use the Skype for Business
2015 Planning Tool as a guide to get the best
solution for the servers that you need to deploy,
based on the required features. The following list
provides an overview of the server roles:
• Standard Edition server

• Front End Server and Back End Server
• Edge Server
• Mediation Server
• Director
• Persistent Chat Front End Server
• Persistent Chat store (Persistent Chat Back End Server)

• Persistent Chat Compliance store (Persistent Chat Compliance Back End Server)
• Video Interoperability Server
With most server roles, for scalability and high availability, you can deploy pools of multiple servers that
are all running the same server role. Each server in a pool must run an identical server role or roles. For
most pools in Skype for Business Server, you must deploy a load balancer to spread traffic between the
various servers in the pool. Skype for Business Server supports Domain Name System (DNS) load
balancing and hardware load balancers.
Standard Edition server
A Standard Edition server is for small organizations and for pilot projects in large organizations. It
provides many of the features of Skype for Business Server, including the necessary databases to run on
a single server. This enables you to deploy Skype for Business Server functionality at a lower cost, but it
does not provide a true high availability solution.
A Standard Edition server enables you to use IM, presence, conferencing, and Enterprise Voice from a
single server. For a high availability solution, use Skype for Business Server Enterprise Edition.
Front End Server and Back End Server
In Skype for Business Server Enterprise Edition, a Front End Server is the core server role, and it runs many
basic Skype for Business Server functions. Front End Servers and Back End Servers are the only required
server roles in any Skype for Business Server Enterprise Edition deployment.
A Front End pool is a set of identically configured Front End Servers that work together to provide services
for a common group of users. A pool of multiple servers that are running the same role provides
scalability and failover capability.
A Front End Server includes the following features:
• User authentication and registration.
• Presence information and contact card exchange.

• Address Book services and distribution list expansion.
• IM functionality, including multiparty IM conferences.
• Web conferencing, PSTN dial-in conferencing, and A/V conferencing, if deployed.

• Application hosting for applications that Skype for Business Server includes (for example, the
Conferencing Attendant and Response Group applications) and third-party applications.
• Web components to support web-based tasks, such as Skype for Business Web Scheduler and Join
Launcher.
• Optionally, monitoring, to collect usage information in the form of call detail recordings (CDRs) and
call error records. This information provides metrics about the quality of the media (audio and video)
that traverses your network for both Enterprise Voice calls and audio/video conferences.
• Optionally, archiving IM communications and meeting content for compliance reasons.
• Optionally, if Persistent Chat is enabled, Persistent Chat web services for chat room management and
Persistent Chat web services for file upload/download.
Front-end pools are also the primary store for user and conference data. Information about each user
replicates among all of the front-end severs in a pool, and the data backs up on the Back End Servers.
Additionally, one front-end pool in the deployment also runs the Central Management Server, which
manages and deploys basic configuration data to all servers that are running Skype for Business Server.
The Central Management Server also provides the Skype for Business Server Management Shell and file
transfer capabilities.
Back End Servers are database servers that are running SQL Server, and they provide database services for
front-end pools. Back End Servers function as backup stores for pool users and for conference data, and
they are the primary stores for other databases, such as the Response Group database. You can have a
single Back End Server, but a solution that provides high availability for SQL Server is better. High
availability options include database mirroring, AlwaysOn Availability Groups, AlwaysOn Failover Cluster
Instances, and SQL failover clustering. Back End Servers do not run any Skype for Business Server software.
We do not recommend collocating Skype for Business Server databases with other databases. Doing so
might affect availability and performance. Information stored in Back End Server databases includes
presence information, users' contacts lists, and conference data, including persistent data about the state
of all current conferences, and conference scheduling data.
Edge Server
Edge Server enables users to communicate and collaborate with users who are outside the organization’s
firewall. These external users can include the organization’s own users who are working offsite, users from
federated partner organizations, and users who have been invited to join conferences that your Skype for
Business Server deployment hosts. Edge Server also enables connectivity to public IM providers, including
Skype.
Deploying Edge Server also enables mobility services, which support Skype for Business functionality on
mobile devices. Users can use supported iOS, Android, Windows Phone, or Nokia mobile devices to
perform activities such as sending and receiving IMs, viewing contacts, and viewing presence. Additionally,
mobile devices support some Enterprise Voice features, such as click to join a conference, Call via Work,
Single-Number Reach, voicemail, and missed calls. The mobility service can also provide push notifications
for mobile devices that do not support running apps in the background. A push notification is a
notification sent to a mobile device about an event that occurs while a mobile app is inactive.
Edge Servers also include a fully integrated Extensible Messaging and Presence Protocol (XMPP) proxy,
with an XMPP gateway included on Front End Servers. You can configure these XMPP components to
enable Skype for Business Server users to add contacts from XMPP-based partners, such as Google Talk,
for IM and presence.
Mediation Server
Mediation Server is a necessary component for implementing Enterprise Voice and dial-in conferencing.
Mediation Server translates signaling, and in some configurations, media between an internal Skype for
Business Server infrastructure and a PSTN gateway, IP-PBX, or a SIP trunk. You can collocate Mediation
Server on the same server as the Front End Server, or you can separate it into a stand-alone Mediation
Server pool.
Director
Directors can authenticate Skype for Business Server user requests, but they do not host user accounts
or provide presence or conferencing services. Directors are most useful for enhancing security in
deployments that enable external user access. A Director can authenticate requests before sending them
to internal servers. In the case of a denial-of-service attack, the attack ends with the Director and does not
reach the Front End Servers. In large organizations with multiple front-end pools, Directors can direct
authentication requests to the appropriate pool that hosts users. Although front-end pools typically direct
authentication requests, Directors can offload the requirement from the front-end pools. For high
availability, you can group multiple Director servers in a Director pool.
Persistent Chat
Persistent Chat enables users to participate in multiparty, topic-based conversations that persist over time.
A Persistent Chat Front End Server runs the Persistent Chat service. A Persistent Chat Back End Server
stores the chat history data, in addition to information about categories and chat rooms. An optional
Persistent Chat Compliance Back End Server can store chat content and compliance events for compliance
purposes.
Servers that run Skype for Business Server Standard Edition can also collocate Persistent Chat on the same
server. You cannot collocate a Persistent Chat Front End Server with an Enterprise Edition Front End
Server. However, you can collocate Persistent Chat back-end databases on Back End Servers for a front-
end pool. For high availability, you can group multiple Persistent Chat Front End Servers in a Persistent
Chat Server pool.
Video Interoperability Server
A new server role, the Skype for Business Server Video Interoperability Server, functions as an intermediary
between servers that are running Skype for Business Server and a third-party video teleconferencing
systems such as a Cisco-TANDBERG video teleconferencing system. Skype for Business Server Video
Interoperability Server is a stand-alone server role. You cannot collocate it with any other server role.
Question: Which server roles can you collocate?
Overview of Skype for Business Online

By design, Skype for Business Online is for
organizations that want the cost and agility benefits
of cloud-based IM, presence, and meetings, without
sacrificing the business-class capabilities of Skype
for Business Server. With Skype for Business Online,
Microsoft deploys and maintains the required server
infrastructure, and it handles ongoing maintenance,
security updates, and upgrades. You can selectively
enable users for a Skype for Business Online
subscription in an Office 365 tenant.
Although on-premises Skype for Business Server

contains multiple administrative tools,
administrators in Skype for Business Online are limited to the Skype for Business admin center and the
Windows PowerShell command-line interface to manage settings that are specific to Skype for Business.
While some features available in a Skype for Business Server on-premises deployment are not available
in Skype for Business Online, there are also feature differences between Office 365 plans. For a
comprehensive list of available features across the Office 365 plans, including on-premises Skype for
Business Server, refer to the following link.
Skype for Business Online Service Description

http://aka.ms/qelghw
Skype for Business Deployment Options

When planning for Skype for Business Server, you
should first determine how to deploy Skype for
Business— on-premises Skype for Business Server or
Skype for Business Online—with Office 365 in the
cloud. Consider the following options:
• On-premises Skype for Business Server. This

choice provides the complete Skype for
Business feature set and flexibility in
configuring, customizing, and operating your
deployment. Your organization installs all
servers on-site and maintains them.
• Skype for Business Online. By design, this

choice is for organizations that want the cost-savings and agility benefits of cloud-based IM,
presence, and meetings, without sacrificing the business-class capabilities of Skype for Business
Server. With Skype for Business Online, Microsoft deploys and maintains the required server
infrastructure, and it handles ongoing maintenance, patches, and upgrades. Some features that are
available in an on-premises deployment are not available in Skype for Business Online.
• Skype for Business Hybrid (split domain). In a full Skype for Business hybrid deployment, on-premises
and online environments share a single SIP domain name. This requires an Office 365 tenant with
Skype for Business Online enabled. Skype for Business supports multiple scenarios for hybrid
deployments. For example, an organization can choose to host its email from Exchange Online in
Office 365, but it can elect to keep Skype for Business on-premises. The value of hybrid Skype for
Business scenarios is the possibility of migrating everybody, or just a subset of users, to Skype for
Business Online from on-premises Skype for Business Server. You can therefore move users to the
cloud based on their location or their usage profile.
The goal of a hybrid Skype for Business architecture is to offer multiple scenarios that can
accommodate most existing and new customers based on their technical and functional needs.
By knowing the features that are available in the cloud and what you can migrate between on-
premises and online environments, you can make the migration scenario clear and predictable.
The best deployment scenario will depend on the workloads that you want to provide and the
geographical and business demands of your organization.
Overview of Enterprise Voice

A Skype for Business Server Enterprise Voice
deployment supports calls to and from the
PSTN. Skype for Business Server has SIP-based
architecture similar to most modern enterprise VoIP
and unified communications (UC) solutions. In
addition to IP phones, Skype for Business Server
also supports USB and analog devices in the
Enterprise Voice environment.
A Skype for Business environment that includes

Enterprise Voice requires one or more Skype for
Business Server Mediation Servers and PSTN
connectivity. Although media sessions can bypass
the Skype for Business Server Mediation Server, this server role is necessary for signaling.
Enterprise Voice or PBX integration
When you deploy Skype for Business Server as the sole telephony solution for part or all of an
organization, the two possible deployment topologies are:
• Incremental deployment. This topology scenario includes integration with an existing PBX to provide
Enterprise Voice incrementally to an organization.
• VoIP-only deployment. This topology scenario does not include integration with an existing PBX and
frequently deploys to an entire organization with direct PSTN connectivity.
Depending on your choice of integration method, implementing Enterprise Voice or PBX integration can
be complex. The simplest method to perform Enterprise Voice or PBX integration is by using a qualified
SIP-to-PSTN gateway or a SIP trunk. In all voice deployments, but especially when implementing Direct
SIP and Call via Work, knowledge of SIP is important because you can debug and troubleshoot any issues
during integration.
Skype for Business Server includes several features that enhance Enterprise Voice:
• Call features. Skype for Business Server provides a significantly wider range of configuration options
for call forwarding and simultaneous ringing. For example, if an organization does not want incoming
calls to forward externally to PSTN, an administrator can apply a special voice policy to deploy this
restriction.
• Call via Work. This is a new feature in Skype for Business Server. When a user places a call from a
Skype for Business client, the call routes from the Skype for Business Server to the caller’s PBX or PSTN
phone. After the caller answers the phone, the call is made to the destination number. Skype for
Business Server continues serving as the control panel.
• Caller ID. Skype for Business Server provides an administrator the flexibility to modify the format of
the calling party’s phone number. This caller ID presentation feature enables an administrator to
modify the calling party’s phone number to a dialing format that the trunk peer understands, if
necessary. Additionally, delegates can now set up simultaneous ringing to their mobile devices for
incoming calls to their managers. This provides delegates with more flexibility, enabling them to
answer calls on behalf of their managers, without requiring a desk phone.
• Voicemail. If you plan to deploy Exchange Server in the organization, you can use Exchange Server
UM features to provide voicemail to Enterprise Voice users.
• Voicemail Escape. Skype for Business Server provides Voice Mail Escape, an enhancement for
managing voicemail. You can use the feature to detect when a call has routed to voicemail, and you
can prevent the call from immediately routing to a user’s mobile phone voicemail without giving the
user the opportunity to answer the call. This scenario occurs when a user enables simultaneous
ringing on his or her mobile phone, and his or her mobile phone is off, out of battery power, or out of
range. Voicemail Escape detects that the user’s mobile phone voicemail immediately answered the
call, and it disconnects the call to the mobile phone voicemail. The call continues to ring on the user’s
other endpoints, giving the user the opportunity to answer the call. If the user does not answer the
call, the call routes to the organization’s voicemail.
• M:N trunk support. For high availability, Mediation Servers can route calls through multiple gateways,
and multiple Mediation Servers in the pool can integrate with multiple gateways.
• Response Group application. This application manages calls in scenarios like customer service, an
internal help desk, or general telephone support for a department.
• Enterprise Voice. Enterprise Voice is now available in the cloud.
• Media bypass. By enabling media bypass, you can reduce audio latency, eliminate unnecessary codec
translations, and reduce the number of hops. Overall, these benefits will help improve VoIP quality.
The only requirements for this feature is that the Mediation Server's next hop must be able to handle
multiple forked responses during the media bypass session, and the Mediation Server must be able to
accept media traffic directly from a Skype for Business client.
• Audio/video support in a Virtual Desktop Infrastructure environment. The local computer directly
captures audio/video.
• Branch site resiliency. With a Survivable Branch Appliance or Survivable Branch Server, the Enterprise
Voice service can remain available for users in a branch site during a loss of connectivity to the central
site.
• Mobile device support. Mobile devices support some Enterprise Voice features, such as click to join a
conference, Call via Work, single number reach, voicemail, and missed calls. You can also support
external access from mobile devices over Enterprise Voice.
Question: What is media bypass and what are the benefits to enabling this setting in a Skype
for Business Server deployment?
Skype for Business Server Protocols and Media

Skype for Business Server has SIP-based architecture
similar to most modern enterprise VoIP and unified
communications (UC) solutions. Although SIP has
gained industry-wide acceptance and is more than
10 years old, it is still a fairly new standard. Various
Internet Engineering Task Force (IETF) working
groups are working to further standardize and
develop complementary solutions.
SIP-related Request For Comments (RFCs) and IETF

working group documents are the foundational
design elements underlying the Microsoft UC
solution. To facilitate interoperability and
interfacing with other systems, Microsoft has built Skype for Business Server on standards, wherever
possible.
SIP definition
The abstract of RFC 3261 defines SIP as an application-layer control or signaling protocol for creating,
modifying, and terminating sessions between one or more participants. These sessions include Internet-
based telephone calls, multimedia distribution, and multimedia conferences. You can use SIP to set up
media sessions of any kind (not just telephony), modify current sessions, and then terminate the
connections after the sessions are complete. For example, a participant can start an IM session with
another participant, add audio and then video to the existing call, and finally terminate it. There is more
to SIP than just handling media; you can extend SIP to perform multiple tasks. For example, SIP can
manage the publishing and requesting of presence information and the delivery of IMs.
Because of the dynamic evolution of UC, Skype for Business Server and similar products are not based on
RFC 3261 only, but also on the 200 or more IETF Internet drafts and proposed standards, and SIP-related
RFCs. UC products are based on a range of these RFCs. The following table describes some drafts and
standards on which Skype for Business Server is built.
RFC/draft Description
RFC 2782 This is a DNS resource record for specifying the location of services, for
example, DNS service (SRV) resource records. It locates servers and services in
RFC 3428 This relates to the SIP for IM and presence-leveraging extension for IM
conferencing.
RFC 3966 This relates to the Uniform Resource Identifier for telephone numbers. It
defines how phone numbers should be represented in SIP communications.
RFC 5239 This is a framework for centralized conferencing, and it is the architecture
behind A/V conferencing and web conferencing in Skype for Business Server.
RFC/draft Description
RFC 6336 This relates to Information and Content Exchange (ICE), a protocol for
network address translation traversal for offer/answer. These Internet drafts
for ICE are used in Office Communications Server 2007, Office
Communications Server 2007 R2, Lync Server 2013, and Skype for Business
Server.
There are many more RFCs. If you are interested in knowing more about standard and non-standard
protocols and their uses, you can read the Office protocol documents on the Microsoft website.
Office Protocols
http://aka.ms/otsij7
The A. Datum Corporation Skype for Business Architecture

This topic shows you the design of the lab
environment that this course uses.
Demonstration: Design a Topology

In this demonstration, you will see how to:
• Install the Skype for Business Server 2015,

Planning Tool.
• Use the Planning Tool to design a topology.
Demonstration Steps
1. Sign in to the LON-SFB1 virtual machine with the following credentials:
o User name: ADATUM\Administrator
o Password: Pa$$word
2. From the Start screen, click the Down arrow button, and then click to open Skype for Business
Server 2015, Planning Tool.
3. In the Welcome to the Skype for Business Server 2015, Planning Tool window, click Get Started.
4. In the Welcome to the Skype for Business Server 2015, Planning Tool Wizard, select the following
features, and then click Design Sites:
o Audio/Video Conferencing Web Conferencing
o High Availability
o Both IPv4 and IPv6

5. In Design Sites, set the following options, and then click Draw:
o Site Name: New York
o Site Homed Users: 1000
o Internal SIP Domains: Adatum.com
o Clear Data collaboration is enabled
o Clear Do you want to enable external user access
o High Availability Options: Database Mirroring

Lesson 2
Introduction to the Skype for Business Administrative
Tools
Skype for Business administrative tools install by default on every Skype for Business Server Front
End Server and Director, and optionally on other server roles or computers that provide dedicated
administrative consoles. The administrative tools consist of the Skype for Business Server Deployment
Wizard, the Skype for Business Server Topology Builder, Skype for Business Server Control Panel, the
Skype for Business Server Management Shell, and the Skype for Business Server Centralized Logging
Service.
Lesson Objectives
• Describe and explain how to use the Skype for Business Deployment Wizard.
• Describe how to install and configure the Skype for Business Topology Builder.
• Describe the purpose of Skype for Business Server Control Panel.

• Describe the purpose of the Skype for Business Server Management Shell.
• Describe the purpose of the Skype for Business Server Centralized Logging Service.
Skype for Business Server Deployment Wizard

By using the Skype for Business Server Deployment
Wizard on the installation media,
you can install all the administrative tools on a
computer on which you have not installed Skype for
Business Server. During the administrative tools
installation process, you install the Skype for
Business Server Deployment Wizard, along with
other tools so that you might install or remove
components at any time thereafter.
Some of the available options in the Skype for

Business Server Deployment Wizard include:
• Prepare Active Directory. In preparation for

the Skype for Business Server installation, the required updates to Active Directory Domain Services
(AD DS) will apply in a multiple-step process. The Active Directory updates include additions and
changes to the Active Directory schema, forest, and domain.
• Install or Update Skype for Business Server System. The wizard installs or updates the appropriate
server roles and core components of Skype for Business Server on the server in a multiple-step
process. The wizard also installs a local configuration store database on the server, which is a read-
only replica of the Central Management store. This process allows you to install or assign any required
certificates for Skype for Business Server.
• Prepare first Standard Edition server. Optionally, if you deploy a Skype for Business Server
Standard Edition server, this process will prepare the first server in your deployment for hosting the
Central Management store.
• Install Administrative Tools. By default, Skype for Business administrative tools install on every
Skype for Business Server Front End Server and Director, and optionally on other server roles or
computers that provide dedicated administrative consoles. The administrative tools consist of the
following:
o Skype for Business Server Deployment Wizard. Use this to deploy the components of the Skype
for Business Server environment.
o Skype for Business Server Topology Builder. Use this to define components like server roles in
your Skype for Business Server deployment.
o Skype for Business Server Control Panel. Use this for ongoing, daily management of your Skype
for Business Server environment through a web-based interface.
o Skype for Business Server Management Shell. Use this for ongoing, daily management of your
Skype for Business Server environment at the command line.
o Skype for Business Server Centralized Logging Service. Use this to troubleshoot problems in your
Skype for Business Server environment.
• Deploy Monitoring Reports. Optionally, if a Skype for Business Server deployment requires
reporting on CDR and Quality of Experience data, this process will install a set of standard reports that
SQL Server Reporting Services publishes.
• Media Quality Dashboard. A new feature, the Media Quality Dashboard, provides similar data about
CDR media quality in a graphical dashboard.
• First Run Videos. Provides links to online videos to assist with a Skype for Business Server
deployment.
• Documentation. Provides links to online content to assist with a Skype for Business Server
deployment, planning, and operations.
• Tools and Resources. Provides links to online tools and resources to assist with the management of a
Skype for Business Server deployment.
Demonstration: Using the Skype for Business Server Deployment Wizard

• Open the Skype for Business Server Deployment Wizard.
• Prepare AD DS.
• Install or update the Skype for Business Server system.
Demonstration Steps
1. Sign in to the LON-SFB1 virtual machine with the following credentials:
o User name: Adatum\Administrator
o Password: Pa$$w0rd
2. Open the deployment wizard.
3. Review the Prepare Active Directory option.
4. Review the Install or Update Skype for Business Server System option.
Skype for Business Server Topology Builder

Skype for Business Server Topology Builder is a
program for building, deploying, and managing
topologies. By using this tool, you configure all
the physical and logical settings that you plan to
implement in your Skype for Business Server
deployment. After configuring the topology, you
have to publish it to the Central Management store.
The Skype for Business Server Deployment Wizard
retrieves this information from the Central
Management store and installs the appropriate
server roles and core components.
Skype for Business Server Topology Builder displays

topology information in a hierarchical manner. A topology includes one or more central sites. Each site
includes one or more pools, and each pool includes one or more servers.
Some of the available options in Skype for Business Server Topology Builder include:
• Upgrade to Skype for Business Server 2015. This is a new feature. You can use Skype for Business
Server Topology Builder to upgrade an existing Lync 2013 deployment.
• Define and configure central sites. Often referred to as a datacenter, a central site includes one or
more Skype for Business Server front-end pools or a Skype for Business Server Standard Edition
server. Sites in Skype for Business Server are not based on Active Directory sites. All front-end pools
and Standard Edition servers in a site can share these common components:
o Director pool
o Mediation pool
o Edge pool
o Persistent Chat pool
o Monitoring
o Archiving
o Microsoft Office Online Server
• Define and configure a Skype for Business Server front-end pool. Includes one or more Skype for
Business Server Front End Servers.
• Define and configure a Skype for Business Server Standard Edition server. Includes one or more
Skype for Business Server Standard Edition servers.
• Define and configure a Skype for Business Server Director pool. Includes one or more Skype for
Business Server Directors.
• Define and configure a Skype for Business Server Mediation pool. Includes one or more Skype
for Business Server Mediation Servers.
• Define and configure a Skype for Business Server Edge pool. Includes one or more Skype for
Business Server Edge Servers.
• Define and configure a Skype for Business Server Persistent Chat pool. Includes one or more
Skype for Business Server Persistent Chat servers.
• Define and configure trusted application servers. One or more trusted application servers that
Skype for Business Server trusts. Trusted application servers use an application that is based on the
UC Managed API (UCMA) 3.0 core software development kit (SDK), such as Exchange Server 2013.
For more information about UCMA applications, refer to the following website.
UC Managed API 3.0 core SDK documentation
http://aka.ms/ebykkp
• Define and configure shared components, such as:
o SQL Server stores. One or more Skype for Business Server Back End Server databases.
o File stores. One or more file shares that store replication data, the Address Book, and conference
content for Skype for Business Server.
o PSTN gateways. One or more peers that provide PSTN connectivity to the Skype for Business
Server Mediation Servers.
o Trunks. One or more peers that provide SIP connectivity to the Skype for Business Server
Mediation Servers.
o Microsoft Office Online servers. One or more Microsoft Office Online servers that stream
Microsoft PowerPoint presentations to Skype for Business Server web conference meetings.
• Define and configure branch sites. One or more remote branch sites. Each branch site must be
associated with a parent central site and have one or more of these components: IP/PSTN gateway,
Mediation Server role, or Survivable Branch Appliance.
• Merge using the Topology Builder Merge Wizard. The Skype for Business Server Topology Builder
Merge Wizard enables integration with legacy versions of Skype for Business Server.
Demonstration: Installing and Configuring Topology Builder

Demonstration Steps
1. Sign in to LON-SFB1 as Adatum\Administrator with the password Pa$$w0rd.
2. In Topology Builder, download the existing topology as Demo1.tbxml.
3. Switch to NYC-SQL3.
4. On NYC-SQL3, create a file share for Skype for Business Server by using the following settings:
o Share location: On drive C of NYC-SQL3
o Folder and share name: SkypeShare
o Share permissions: Administrators group should be the owner, and the administrator should have
Read/Write permissions.
5. On LON-SFB1, use the topology builder to create a new central site with the following information:
o Name: New York
o City: New York
o Pool FQDN: NY-pool.adatum.com

o Computer FQDN: NYC-SFB3.adatum.com
o Features: Conferencing
o Collate Mediation Server: Selected
o SQL Server store: NYC-SQL3.adatum.com\Default
o File store: NYC-SQL3.adatum.com
o File share: SkypeShare
o Associate pool with an Office Web Apps Server: Not selected
6. In Topology Builder, on LON-SFB1, right-click the newly created New York site, and then publish the
topology. After publishing is complete, review the log files as needed.
Note: When you publish the topology, you may receive a status of Completed with
warnings for the step Creating Database NYC-SQL3.adatum.com\Default.
Skype for Business Server Control Panel

You can use Skype for Business Server Control Panel
to perform most of the administrative tasks that are
necessary to manage and maintain Skype for
Business Server. This administrative tool provides a
GUI to manage the configuration of the servers that
are running Skype for Business Server, in addition to
the users, clients, policies, and devices in your
organization. Skype for Business Server Control
Panel uses the Skype for Business Server
Management Shell as the underlying mechanism to
configure Skype for Business Server.
automatically installs on every Skype for Business Server Front End Server or Standard Edition server. You
can also install Skype for Business Server Control Panel on another computer, from which you want to
manage Skype for Business Server centrally. Microsoft Silverlight is a prerequisite for installing Skype for
Business Server Control Panel on a server.
To configure settings by using Skype for Business Server Control Panel, you must sign in by using an
account that is assigned to the CsAdministrator role. To configure settings by using Skype for Business
Server Control Panel, you must use a computer with a minimum screen resolution of 1024 × 768.
Skype for Business Server Management Shell

The Skype for Business Server Management Shell
provides a method for administration and
management. This administrative tool is a powerful
management interface that is built on Windows
PowerShell, and it includes a comprehensive set of
cmdlets that are specific
to Skype for Business Server. With the Skype for
Business Server Management Shell, you get a large
set of configuration and automation controls.
Topology Builder and Skype for Business Server
Control Panel both implement subsets of these
cmdlets to support Skype for Business Server
management. The Skype for Business Server Management Shell includes cmdlets for all Skype for Business
administration tasks. You can use the cmdlets individually to manage your deployment.
Skype for Business Server Centralized Logging Service

Like its predecessor, OCSLogger, the Skype for
Business Server Centralized Logging Service
facilitates troubleshooting by capturing logging
and tracing information from the product while the
product is running. This troubleshooting tool can
identify issues ranging from performance problems
to root cause analysis.
The Skype for Business Server Centralized Logging

Service includes the following components:
• Centralized Logging Service agent. An instance

of the Skype for Business Server Centralized
Logging Service agent runs on every Skype for
Business Server in the environment. The Centralized Logging Service agent manages log sessions, and
it listens for commands from the ClsController and then responds with search results.
• Centralized Logging Service controller. The Centralized Logging Service controller sends Start, Stop,
Flush, and Search commands to the Centralized Logging Service agents on all the Skype for Business
Servers in a specified pool. In previous versions of Lync Server, you would use a command-line tool
called ClsController.exe to control the Centralized Logging Service agents on the servers. In Skype for
Business Server, you can use Skype for Business Server Centralized Logging Service cmdlets to run
debug sessions on any server role in Skype for Business Server. Windows PowerShell cmdlets send the
commands through a dynamic-link library called ClsControllerLib.dll. Most of the configurable set of
features for Centralized Logging Service are available via the Skype for Business Server Management
Shell. These features allow you to configure and define new scenarios that target the problem space,
custom flags, and logging levels.
Some of these targeted scenarios include protocol messages from the server and client, such as SIP and
HTTP, for troubleshooting authentication issues, CDRs from the Monitoring Server for troubleshooting call
failures, or conference details for troubleshooting online meetings.
During a log search, the ClsController decides to which computer that is running Skype for Business Server
it should send the request, based on the search scenario. After completing the search, the ClsController
receives the results and merges them into a single-ordered result.
Snooper
If a Skype for Business Server administrator exports ClsController results to a text file, you can open this
file by using Notepad or Snooper. Snooper is a troubleshooting tool that assists in finding and analyzing
Skype for Business Server debugging information. You can download this tool as part of the Skype for
Business Server Debugging Tools from the Microsoft website.
Question: What are some benefits of using the Centralized Logging Service over its
predecessor, OCSLogger?
Lab: Designing and Publishing a Skype for Business Server

Topology
Scenario
A. Datum has begun deploying Skype for Business in its London site. Thus far, administrators have
deployed the Front End Servers and the SQL Server Back End Server for the following workloads: IM,
presence, and audio and video conferencing. A. Datum has a main office in London and a second office
in New York. As the lead Skype for Business administrator at A. Datum, you need to decide what type of
Skype for Business infrastructure to deploy in New York, and you need to start the deployment by
updating the topology.
Objectives
After completing this lab, you will be able to:
• Plan the Skype for Business Server deployment in New York.

• Configure and publish the topology for the deployment in New York.
Lab Setup
Estimated Time: 30 minutes
Virtual machines: 20334B-LON-DC1, 20334B-LON-RTR, 20334B-LON-SQL1, 20334B-LON-SFB1,
20334B-LON-SFB2, 20334B-NYC-SFB3, and 20334B-NYC-SQL3.
User name: Adatum\Administrator

Password: Pa$$w0rd
For this lab, you will use the available virtual machine environment. Before beginning the lab, you must
complete the following steps:
1. On the host computer, start Hyper-V Manager.
2. In Hyper-V Manager, click 20334B-LON-DC1, and then in the Actions pane, click Start.
3. In the Actions pane, click Connect. Wait until the virtual machine starts.
4. Sign in by using the following credentials:
o User name: Administrator
o Domain: Adatum
5. Repeat steps 2 through 4 for 20334B-LON-RTR, 20334B-LON-SQL1, 20334B-LON-SFB1,

20334B-LON-SFB2, 20334B-NYC-SQL3, and 20334B-NYC-SFB3.
Exercise 1: Designing and Creating the Topology

Scenario
A. Datum is planning to install Skype for Business to support users in the New York site. The New York site
has 1,000 users who you will eventually enable for Skype for Business. The project sponsor provided the
following information for the Skype for Business deployment in New York:
• You must enable all New York users for IM, presence, and audio and video conferencing.
• There are currently no plans to implement Persistent Chat in New York.
• Although there is an Internet connection in New York, there are no plans to implement Internet
access to the Skype for Business infrastructure in New York.
• A server that is running SQL Server 2014 deployed in New York, and it has available capacity.
• The organization is still evaluating various high availability and disaster recovery options for Skype for
Business. The organization has set a goal that all critical IT services, including Skype for Business, will
be highly available.
The main tasks for this exercise are as follows:
1. Plan for the New York Skype for Business Server deployment.
2. Discuss your plan with the class.
3. Design a topology.
 Task 1: Plan for the New York Skype for Business Server deployment
Review the information in the exercise scenario, and then answer the following questions:
1. What type of Skype for Business Server will you deploy in New York?
2. What server roles in Skype for Business Server will you deploy in New York?
3. What would you need to change in your plan to enable high availability?
 Task 2: Discuss your plan with the class

Be prepared to discuss your answers to the questions in the previous task.
 Task 3: Design a topology

1. On LON-SFB1, from the Start screen, click the Down arrow button, and then click to open Skype for
Business Server 2015, Planning Tool.
3. In the Welcome to the Skype for Business Server 2015, Planning Tool Wizard, select the following
features, and then click Design Sites:
o Audio/Video Conferencing
o Web Conferencing
o High Availability
o Both IPv4 and IPv6

4. In Design Sites, configure the following options, and then click Draw:
o Site Name: New York
o Site Homed Users: 1000
o Internal SIP Domains: Adatum.com
o Clear Data collaboration is enabled
o Clear Do you want to enable external user access
o High Availability Options: Database Mirroring
Results: After completing this exercise, you should have identified the necessary servers and configuration
for the workloads that A. Datum plans to deploy in New York.
Exercise 2: Updating the Topology for the New York Site

Scenario
Now that you have planned the Skype for Business deployment in New York, you will start the
deployment process by adding the required servers to the topology.
1. Download the existing topology.
2. Update the topology to reflect the New York site.
3. Publish the topology.
4. To prepare for the next module.
 Task 1: Download the existing topology

• On LON-SFB1, use Skype for Business Server Topology Builder to download the existing topology,
and then save it to the desktop as Lab1.tbxml.
 Task 2: Update the topology to reflect the New York site

1. On NYC-SQL3, create a file share for Skype for Business Server by using the following settings:
o Share location: On drive C of NYC-SQL3

o Folder and share name: SkypeShare
o Share permissions: Administrators group should be the owner, and the administrator should have
Read/Write permissions.
2. On LON-SFB1, use the topology builder to create a new central site with the following information:
o Name: New York
o City: New York
o Pool FQDN: NY-pool.adatum.com
o Computer FQDN: NYC-SFB3.adatum.com
o Features: Conferencing
o Collate Mediation Server: Selected
o SQL Server store: NYC-SQL3.adatum.com\Default
o File store: NYC-SQL3.adatum.com
o File share: SkypeShare
o Associate pool with an Office Web Apps Server: Not selected
 Task 3: Publish the topology

• In Topology Builder, on LON-SFB1, right-click the newly created New York site, and then publish the
topology. After publishing is complete, review the log files as needed.
 Task 4: To prepare for the next module

• You will need the configured state of these virtual machines for the next module. Do not revert any of
the virtual machines.
Results: After completing this exercise, you should have added the required servers and configuration to
the topology based on your design of the Skype for Business deployment in the New York site.
Question: Which tool would you use to prepare Active Directory and to install the
administrative tools?
Question: Which Skype for Business Server administrative tools do you install when you run
Setup.exe the first time?
Module Review and Takeaways

Best Practice
Ensure that you identify and involve the stakeholders that are necessary for a successful Skype for Business
Server implementation as early as possible, and get approval on the deployment plans before starting any
work. This helps minimize deployment delays in implementing changes to firewalls or other network
configurations, acquiring certificates, preparing Active Directory Domain Services (AD DS), and
configuring Domain Name System (DNS), Private Branch Exchanges (PBXs), or gateways. The larger your
organization, the less likely it is that one entity owns or manages these items. Unless you involve the
appropriate departments early during the planning phase, you might encounter roadblocks in the
subsequent deployment. In a large organization, remember to schedule the appropriate time for change
management approvals and scheduling.
Common Issues and Troubleshooting Tips

Common Issue Troubleshooting Tip
In Topology Builder, in the Publish Topology

wizard, you might experience the following
status for the step Creating Databases
Database Name:
Completed with warnings
In Topology Builder, in the Publish Topology

wizard, you might notice in the log files that the
database creation fails on the back-end SQL
Server for Lync Server Enterprise Edition
Review Question
Question: After publishing the topology, what should you do before clicking Finish in the
publishing wizard?
Real-world Issues and Scenarios

Administrators at Contoso, Ltd. plan to deploy both Skype for Business Server Standard Edition Server and
Enterprise Edition. Which should they deploy first?
Answer: They should deploy Enterprise Edition first to host the Central Management store. If they plan to
start a pilot with Standard Edition, they first need to prepare the Standard Edition server to host the
Central Management store, and then move it.
2-1
Module 2
Installing and Implementing Skype for Business Server 2015
Contents:
Module Overview 2-1
Lesson 1: Server and Service Dependencies 2-2
Lesson 2: Planning SIP Domains 2-11
Lab A: Configuring DNS and Simple URLs for Skype for Business Server 2-17
Lesson 3: Installing Skype for Business Server 2-20
Lesson 4: Integrating Skype for Business Server with Exchange Server and
SharePoint Server 2-27
Lab B: Deploying Skype for Business Server 2-34
Module Overview
Skype for Business Server 2015 provides several enhanced features. To take full advantage of this
potential, you must understand the core dependencies, deployment options, and integration offerings
and how these relate to your organizational demands. This understanding will help you deploy a
successful Skype for Business Server implementation that meets organizational and user needs.
Objectives
• Identify the external dependencies for Skype for Business Server.
• Identify the Session Initiation Protocol (SIP) domain requirements to ensure a successful
implementation.
• Install Skype for Business Server.
• Describe how Skype for Business Server integrates with Microsoft Exchange Server and Microsoft
SharePoint Server.
2-2 Installing and Implementing Skype for Business Server 2015
Lesson 1
Server and Service Dependencies
Before you begin designing your Skype for Business Server deployment, you must understand the server
and service dependencies of Skype for Business Server. This includes the requirements for Active Directory
Domain Services (AD DS), Domain Name System (DNS), certificates, and Microsoft SQL Server. With this
knowledge, you will have the necessary foundation to build a successful Skype for Business Server
infrastructure.
Lesson Objectives
• Describe the role of AD DS for Skype for Business Server.
• Describe how to configure DNS for Skype for Business Server.
• Describe how Skype for Business Server uses DNS.

• Describe how Skype for Business Server uses certificates.
• Describe the SQL Server databases in Skype for Business Server.
Role of AD DS for Skype for Business Server

When planning a Skype for Business Server
deployment, you need to prepare various network
and infrastructure components. Many of these core
dependencies are components of AD DS.
Role of AD DS
Although the Skype for Business Server Central
Management store stores most configuration data,
AD DS stores many global settings and other
configuration data. These settings and data are
necessary for the deployment and management of
Skype for Business Server. Skype for Business Server
relies on AD DS to store:
• User object schema extensions to provide additional attributes such as MSRTC-LineUri.
• Schema extensions for Microsoft Lync Server 2013 and Lync Server 2010 to maintain backward
compatibility with previous supported versions.
• User SIP Uniform Resource Identifier (URI), phone number, and other user settings.
• Contact objects for applications (for example, the Response group application and the Conferencing
Attendant application).
• Security groups for role-based access control (RBAC).
• Data published for backward compatibility (for example, a small version of a photograph is written to
the thumbnailPhoto attribute in AD DS).
• A service control point for the Central Management store.
• Kerberos Authentication Account (an optional computer object).
AD DS also provides support for Skype for Business Server user authentication.
Role of the service control point in AD DS

The service control point is an object in AD DS that stores the location of the master Central Management
store. Skype for Business Server Topology Builder creates or updates the service control point when it
publishes the topology to AD DS. The service control point object in AD DS specifies the fully qualified
domain name (FQDN) of the master Central Management store and the instance name of the SQL
instance. All of the Skype for Business Server administrative tools use the service control point to locate
and connect to the Central Management store master.
Supported AD DS topologies
Although organizations might deploy AD DS in a variety of ways, Skype for Business Server supports the
following AD DS topologies:
• Single forest with single domain
• Single forest with a single tree and multiple domains
• Single forest with multiple trees and disjoint namespaces
• Multiple forests in a central forest topology

• Multiple forests in a resource forest topology
• Multiple forests in a Skype for Business resource forest topology with Microsoft Exchange Online
• Multiple forests in a resource forest topology with Skype for Business Online and Microsoft Azure
Active Directory Connect
Note: If your organization is running in a resource forest model, you should deploy
Microsoft Identity Manager 2016 or similar directory synchronization software to support your
forest model.
You must raise all the forests in which you deploy Skype for Business Server to a forest functional
level of Windows Server 2003 or higher. You must raise all the domains in which you deploy
Skype for Business Server to a domain functional level of Windows Server 2003 or higher. You can
deploy read-only domain controllers as part of AD DS if there are writable domain controllers.
Note: The minimum version of Windows Server 2003 ensures that all AD DS domain
controllers can utilize Linked Value Replication, which is the replication mechanism introduced
with Windows Server 2003.
How Skype for Business Server Uses DNS

Before building your Skype for Business Server
environment, you need to prepare the DNS
infrastructure. One of the core dependencies in
a Skype for Business Server deployment is DNS. You
can use DNS to:
• Discover internal servers or pools for server-to-

server communications.
• Enable clients to discover the Front End pool or

the Standard Edition server that various SIP
transactions use.
• Associate simple URLs for conferences with the

servers hosting those conferences.
• Enable external servers and clients to connect to Edge Servers or the HTTP reverse proxy for instant
messaging (IM) or conferencing.
• Enable unified communications (UC) devices that are not signed in to discover the Front End pool or
the Standard Edition server running the Device Update web service to obtain updates and send logs.
• Enable external UC devices to connect to Device Update web service through Edge Servers or the
HTTP reverse proxy and obtain updates.
• Provide DNS load balancing.
Note: Skype for Business Server does not support internationalized domain names (IDNs),
which are DNS names with non-English characters.
SIP domain name

The SIP domain refers to the host portion of the SIP URIs that are assigned to users. For example, if SIP
URIs are of the form john@adatum.com, then adatum.com is the SIP domain. Although the SIP domain
might be different from the internal AD DS domain, most of the DNS records will include the SIP domain
name.
Configuring DNS for automatic client sign-in

If your organization chooses to support automatic client sign-in, you should configure DNS records to
enable automatic client discovery of the appropriate Standard Edition server or Front End pool. You must
also create an internal service record (SRV record) that maps to the FQDN of the Director pool (or the
Front End pool/Standard Edition server) that distributes sign-in requests from clients. In addition to the
DNS records required for autoconfiguration, you must create DNS records to provide IP phone
connectivity.
DNS records
The following table describes the DNS records that you create and publish to a DNS service within the
corporate network for the domain name adatum.com.
Name Record type Description
internal web services.adatum.com A Internal web services
pool name.adatum.com A Front End pool
lyncdiscoverinternal.adatum.com A The Autodiscover service on the

internal web services
_sipinternaltls._tcp.adatum.com SRV Internal Transport Layer Security (TLS)

connections for legacy auto discovery
_sipinternal._tcp.adatum.com SRV Internal TCP connections for legacy

auto discovery (nonencrypted)
meet simple url.adatum.com A Meeting simple URL on the internal

web services
dial-in simple url.adatum.com A Dial-in simple URL on the internal web

services
admin simple url.adatum.com A Administration simple URL on the

scheduler.adatum.com SRV Web scheduler simple URL on the

office online.adatum.com A Office Online server (formerly, Office

Web Apps server)
You will learn more about simple URLs later in this lesson.
When you deploy Skype for Business Server for external access, you also have to configure DNS records
for external access. Module 8, “Deploying Skype for Business 2015 External Access,” will provide more
details about this.
Demonstration: Configuring DNS for Skype for Business Server

In this demonstration, you will learn how to:
• Create the DNS records for Skype for Business Server.
Demonstration Steps
1. Sign in to LON-DC1 as adatum\administrator with the password Pa$$w0rd.
2. Create the DNS A records:
o Name: NY-pool.Adatum.com, NY-webint.Adatum.com
o IP: 172.16.10.20
3. Create the SRV record:
o Name: _sipinternaltls._tcp.Adatum.com
o Port: 5061
o Weight: 10
o Host: NY-pool.Adatum.com
How Skype for Business Server Uses Certificates

One of the critical dependencies in a
Skype for Business Server deployment is certificates.
Certificates ensure that the servers
and clients can communicate securely, whether
inside or outside the corporate network. In previous
versions of Lync Server and Office Communications
Server, certificates presented
a challenge during deployment.
Skype for Business Server improves certificate
configuration, with its built-in certificate verification
functionality. However, you do
need to consider the certificate requirements when
designing Skype for Business Server solutions.
Planning for certificate infrastructure support

Skype for Business Server requires a public key infrastructure (PKI) to support TLS and mutual TLS
connections. By default, Skype for Business Server is configured to use TLS for client-to-server connections
and mutual TLS for server-to-server connections. You must use mutual TLS certificates from trusted
certification authorities (CAs). If there is no internal certificate infrastructure available, you will need to
either deploy a certificate infrastructure or buy certificates from a trusted CA provider.
Skype for Business Server uses certificates for:
• TLS connections between client and server.
• Mutual TLS connections between servers.
• Federation that uses automatic DNS discovery of partners.
• Remote user access for IM.
• External user access to audio/video sessions, application sharing, and conferencing.
• Communicating with web applications and Microsoft Outlook Web App.
• Mobile requests that use automatic discovery of web service.
• Persistent Chat web services for file upload/download.

Planning for types of certificates and providers

Most organizations use public certificates, or certificates from a trusted third-party CA provider, for
Skype for Business Server Access Edge, Reverse Proxy, and Exchange Web Services (EWS). They will also
deploy private certificates for all internal Skype for Business Server roles and for the internal interface of
Skype for Business Server Edge Servers.
Note: When deploying an internal CA to issue private certificates, a key item that you must
configure is the certificate revocation list (CRL) download location. When deploying public
certificates, you need to consider CRL download locations and root certificate support.
When you request certificates for Skype for Business Server, ensure that they meet the following
certificate requirements:
• All server certificates must support server authorization (Server enhanced key usage).
• All server certificates must contain a certificate revocation list distribution point (CDP).
• All certificates must be signed by using a signing algorithm that the operating system supports.
Skype for Business Server supports the Secure Hash Algorithm 1 (SHA-1) and SHA-2 suite of digest
sizes (224-bit, 256-bit, 384-bit, and 512-bit). These types of certificates meet or exceed most current
operating system requirements.
• Auto enrollment is supported for internal servers running Skype for Business Server.
• Auto enrollment is not supported for Skype for Business Server Edge Servers.
• Key lengths of 1,024, 2,048, and 4,096 are supported. Microsoft recommends key lengths of 2,048
and greater.
• The default digest, or hash signing, algorithm is RSA. The ECDH_P256, ECDH_P384, and ECDH_P521
hash algorithms are also supported.
Note: After a certificate is renewed automatically, you have to assign the new certificate to
the appropriate Skype for Business Server service.
Subject names and subject alternate names

The subject name of a given X.509 certificate is supported by all PKIs and certificate authority
implementations, including all commercial third-party certificate authorities. The Subject Alternative
Name property on an X.509 certificate:
• Provides subject alternative names (SANs) in the certificate.
• Enables TLS and mutual TLS connections to multiple SIP domain names (for example, sip.adatum.com
and sip.contoso.com).
• Enables TLS and mutual TLS connections to multiple host names (for example, meet.adatum.com and
dial-in.adatum.com).
• Provides wildcard support for multiple host names in a domain name (for example, *.adatum.com).
The following Skype for Business Server 2015 server roles can use certificates with SAN:
• Front End Servers
• Directors
• Edge Servers
• Mediation Servers
The reverse proxy servers also use certificates with SAN.
SQL Server Databases in Skype for Business Server

The Back End Servers are database servers running
SQL Server that provide the database services for
the Front End pool. The Back End Servers serve
as backup stores for the pool users and for
conference data, and they are the primary stores for
other databases such as the Response Group
database. Although you can have a single Back End
Server, Microsoft recommends a solution that uses
SQL Server mirroring or clustering for failover. Back
End Servers do not run any
Skype for Business Server software.
Central Management store database

With Skype for Business Server, the Central Management store database contains configuration data
about servers and services. The Central Management store database provides a robust, schematized
storage of the data needed to define, set up, maintain, administer, describe, and operate a
Skype for Business Server deployment. The Central Management store database also validates data to
ensure configuration consistency. All changes to configuration data happen at the Central Management
store database, which eliminates any out-of-sync data issues. The data in the Central Management store
database replicates as read-only copies to all servers in the topology, including the Edge Servers.
The Central Management store is included in the xds database on the Back End Servers. The xds database
is contained within the SQL Server instance, RTC. Each Skype for Business Server 2015 Front End server
contains replicas, Microsoft SQL Server Express databases, which are a copy of the complete topology
from the Central Management store databases in the two SQL Server instances, LYNCLOCAL and
RTCLOCAL. Therefore, when a server starts and finds that its configuration replica is current, it does not
require a connection with any root forest global catalog or domain controller server to start its services.
Moreover, if the Central Management store database is offline, each Skype for Business Server 2015 Front
End server role will use the data from its local replica, which results in more resiliency.
In most environments, the databases deployed in Skype for Business Server include:
• Xds. This is the main database of Skype for Business Server and is part of the Central Management
store, which maintains the topology information, policies, and configuration. The Front End Servers
maintain a read-only copy of the xds database from the Back End database server in the SQL Server
instance, RTCLOCAL.
• Rtcxds. This database maintains the backup for user data.
• Rtcshared. This database hosts the conferencing directory.
• Rtcab. This database maintains the address book service information.

• Cpsdyn. This database maintains the dynamic information database for the Call Park application.
• Rgsconfig. This database maintains the response group configuration service data file.
• Rgsdyn. This database maintains the runtime data for the response group configuration service data
file.
• Lcslog. This database maintains the data file that stores instant messaging and conferencing data on
an archiving server.
• Cdr. This database maintains the call detail recording data.
• QoE. This database maintains the Quality of Experience (QoE) data to provide Skype for Business
Server users with the best communication experience.
• Mgc. This database maintains Persistent Chat user data.
• Mgccomp. This database maintains Persistent Chat compliance data.
• Rtc. This database stores persistent user data such as the contact list, scheduled conferences, and
access control lists.
• Rtcdyn. This database maintains dynamic user data such as Presence, within the SQL Server instance
RTCLOCAL, on the Front End Servers.
• Lyss. Lync Storage Service (LYSS) is a storage framework in Skype for Business Server 2015 that
replaces Microsoft Message Queueing (MSMQ). This framework is used by different LYSS consumers
for accessing storage platforms in your Skype for Business Server 2015 system. To support high
availability, LYSS accepts and saves copies of the data to the lyss databases on the Front End Servers
in the pool temporarily. LYSS removes the data from the lyss databases after the data is delivered to
the final long-term storage location, such as SQL Server or Exchange Server. The type of data that the
lyss database temporarily stores includes archiving, for Exchange Server and SQL Server, and the
unified contact store, for Exchange Server.
Test Your Knowledge

Question
You are the Skype for Business administrator for your company, A. Datum Corporation. Your
company uses the SIP domain named adatum.com. Which of these URLs are simple URLs in your
Skype for Business Server environment?
Select the correct answer.
admin.adatum.com
pool.adatum.com
dial-in.adatum.com
lyncdiscoverinternal.adatum.com
meet.adatum.com
Test Your Knowledge

Question
Which of the following is an example of a SRV record in Skype for Business Server?
_sip.adatum.com
_sipinternaltls._tcp.adatum.com
sip.adatum.com
Sip._tls.adatum.com
Question: What support does Skype for Business Server have for wildcard certificates?
Lesson 2
Planning SIP Domains
A Skype for Business Server design contains various components. Before you begin deploying
Skype for Business Server, you should review your organization’s infrastructure to assess SIP domain
requirements for design documentation. This will help you to plan, design, and implement
Skype for Business Server so that it works well for your organizational needs.
Lesson Objectives
• Describe how to use SIP domains in Skype for Business Server.
• Describe how Skype for Business Server supports organizations with multiple SIP domains.
• Describe the need for a single SIP URI in Skype for Business Server.
Planning SIP Domains and Simple URLs

You can use SIP to set up, control, and manage
voice and multimedia sessions. A SIP URI is an
address or identity of a SIP entity. The SIP URI
contains two parts, namely, SIP number or identifier
and SIP domain. In a SIP address, the
SIP identifier is followed by an @ symbol, which is
followed by the SIP domain. For example, in the SIP
URI claus@contoso.com, contoso.com is the SIP
domain and claus is the SIP identifier. You can use
a SIP domain as a namespace for creating user IDs.
You can also use the SIP domain for federation with
other systems, such as federated Lync Server 2013,
public instant messaging, or Jabber XMPP.
Designing simple URLs

You use a simple URL to simplify the URLs displayed to users in a meeting. However, internally, the SIP URI
remains the conference ID. For example, consider the following URL:
• Simple URL: https://meet.adatum.com/bill/VT9IKTHG

• SIP URI: sip:bill@adatum.com;gruu;opaque=app:conf:focus:id:VT9IKTHG
The following are the three simple URLs that Skype for Business Server communications software supports.
In most environments, these URLs will include the SIP domain name:
• meet. It is the base URL for all conferences in the site or organization. You can define a different meet
URL per SIP domain.
• dial-in. It enables access to the Dial-in Conferencing Settings webpage. This page displays conference
dial-in numbers with their available languages, assigned conference information, and in-conference
dual-tone multi-frequency signaling (DTMF) controls. This simple URL supports management of PIN
and assigned conferencing information.
• admin. It enables quick access to the Skype for Business Server Control Panel. The design for simple
URLs also applies to the admin URL. This simple URL is for internal use only.
Simple URL scope

You can configure a global scope for simple URLs. You can specify multiple simple URLs for both dial-in
and meet, but you can attach only the meet URLs to a SIP domain. Having a separate meet URL per SIP
domain allows an organization to present multiple SIP domains with separate identities to the outside
world. This is not possible for the dial-in page.
DNS design impact

These simple URLs require a split-brain DNS. The DNS records must be resolved differently for external
and internal clients. Externally, the DNS record must point to the reverse proxy, and internally, the same
DNS record must point to the internal pool.
By using a split-brain DNS, you can host a DNS zone on various networks with different DNS records.
Therefore, the FQDN can point the Internet to your reverse proxy, but the same FQDN points to the pool
in your internal deployment.
Support for Multiple SIP Domains

Most Skype for Business Server deployments will
use a single SIP domain. However, medium to large
organizations might require support for multiple
SIP domains at various times. This might be the
result of corporate acquisitions or mergers, which
might require the users’ SIP addresses to remain the
same for an extended time.
In these scenarios, you might consider using a

separate Skype for Business Server infrastructure to
support each SIP domain. However,
Skype for Business Server can support multiple SIP
domains with overlapping infrastructure. In this
way, you can reduce the amount of administrative overhead and complexity in your environment.
The following are some options that you can consider when you decide to support multiple SIP domains
in your Skype for Business Server deployment.
Simple URL options
There are three recommended options for naming your simple URLs. The option you choose has
implications on how you set up your DNS A records and certificates, which support simple URLs. In each
option, you must configure one meet simple URL for each SIP domain in your organization. You always
need just one simple URL in your whole organization for dial-in and one for admin, no matter how many
SIP domains you have. The three recommended options are:
• Option 1. You create a new SIP domain name for each simple URL. If you use this option, you need a
separate DNS A record for each simple URL, and you must include each simple URL on the SAN of
your certificates.
Simple URL Example
meet https://meet.contoso.com, https://meet.fabrikam.com (one for each SIP domain in

your organization)
dial-in https://dial-in.contoso.com
admin https://admin.contoso.com
• Option 2. Simple URLs are based on the domain name lync.contoso.com. Therefore, you need only
one DNS A record, which enables all three types of simple URLs. This DNS A record references
lync.contoso.com. Additionally, you still need separate DNS A records for other SIP domains in your
organization.
Simple
Example
URL
meet https://lync.contoso.com/meet, https://lync.fabrikam.com/meet (one for each SIP

domain in your organization)
dial-in https://lync.contoso.com/dial-in
admin https://lync.contoso.com/admin
• Option 3. This option is most useful if you have many SIP domains, and you want them to have
separate meet simple URLs, but want to minimize the DNS record and certificate requirements for
these simple URLs.
Simple
Example
URL
meet https://lync.contoso.com/contosoSIPdomain/meet
https://lync.contoso.com/fabrikamSIPdomain/meet
dial-in https://lync.contoso.com/dial-in
admin https://lync.contoso.com/admin
Certificate options
The complexity for certificates within your Skype for Business Server deployment increases when
Skype for Business Server hosts more than one SIP domain. This is because each SIP domain must be
present in each certificate. However, not all URLs in your Skype for Business Server deployment need to be
included in the SAN for each hosted SIP domain.
For example, the web conferencing service on your Skype for Business Server Edge Server is an
independent service that does not have to be tied to a hosted SIP domain. The dial-in URL in your
Skype for Business Server deployment is a global URL for all your SIP domains and does not require a SAN
for each hosted SIP domain. However, all of the other URLs in your Skype for Business Server deployment
are unique to each hosted SIP domain and therefore need to be included in the SAN.
The Need for a Single SIP URI

To use Skype for Business Server features such as
Presence in Microsoft Outlook 2013 in your
organization and in partner organizations, you
should keep users’ primary Simple Mail Transfer
Protocol (SMTP) domain and SIP URI identical.
Otherwise, partner integration will pose a challenge.
For example, if a user has the primary SMTP email
address claus.hansen@contoso.com and the SIP URI
address claush@contoso.com, you cannot provide
transparent integration with federated partners.
Gather existing SMTP domain names on

the network
Planning for required SIP domains is similar to collecting the SMTP domains that are currently in use in
the organization. You can assign only one SIP URI for each user. Although a user can have many email
addresses, that user can have only one primary SMTP email address.
You might start your work assuming that there is only one SMTP domain. However, after further
investigation or during actual deployment, you might discover that there are more SIP domains in use.
In such a situation, you should take the following actions:
• Use only one or a few SIP domains.
• Use one SIP domain for every SMTP domain.
• Determine how to choose the SIP address for users who have different email addresses, for example,
claus.hansen@contoso.com, claush@contoso.com, and claus@contososales.com.
You can ensure that there is a single SIP domain in a Skype for Business Server deployment by planning
thoroughly and determining effective methods to collate existing domain names. For example, you can
identify the SMTP domain names to determine the required SIP domains by using a Windows PowerShell
script.
The following code example shows how you can gather SMTP domains that are currently in use in the
organization from Exchange Server:
get-mailbox | select primarysmtpaddress | % {$_ -replace "^([^@]+)@", ""} | sort -unique
Impact of changing the SIP URI

When you make changes to the SIP URI, you need to consider how the change might affect existing users
within the same Skype for Business Server deployment. Federated users on the contact list will not receive
a notification about this change. Therefore, after the organization shares the SIP URI with external users,
you should not change the SIP URI.
Simple URL Certificate Impact

The public TLS certificate that is used on the reverse
proxy needs to reflect dial-in page URLs and all of
the meeting simple URLs.
Note: Reverse proxy configuration is covered

in Module 8, “Deploying Skype for Business 2015
External Access.”
Skype for Business Server supports using wildcard

certificates for simple URLs—but only if they are on
the subject alternative name list.
Note: Even though they are not officially

supported, you can use wildcard certificates for simple URLs.
By designing the namespace around a single public domain name, you will simplify both the certificate
requirements and DNS configuration.
Simple URLs share the reverse proxy listener with other web services by using host header information;
this information can only be read if a successful TLS connection between the client and the proxy is
established. This is why all names for web services need to be on the subject alternative name list on the
certificate or represented by a wildcard certificate for the domain portion of the FQDN. For example,
dialin.adatum.com and meet.adatum.com could both use *.adatum.com.
Test Your Knowledge

Question
You are the Skype for Business administrator for your company, A. Datum. Your company uses the
SIP domain named adatum.com. Your company merged with Contoso, Ltd., which uses the SIP
domain named contoso.com. You need to plan the simple URLs of your Skype for Business Server
infrastructure to support both SIP domains. Which of the following simple URLs should you
choose?
meet.adatum.com
meet.contoso.com
dial-in.adatum.com
dial-in.contoso.com
admin.adatum.com
meet.adatum.com
meet.contoso.com
dial-in.adatum.com
admin.adatum.com
meet.adatum.com
dial-in.adatum.com
dial-in.contoso.com
admin.adatum.com
meet.adatum.com
dial-in.adatum.com
admin.adatum.com
Test Your Knowledge

Question
You are the Skype for Business administrator for A. Datum. Your company uses the SIP domain
named adatum.com. Your company merged with Contoso, which uses the SIP domain name of
contoso.com. The management wants you to minimize the certificate requirements. You need to
plan the simple URLs of your Skype for Business Server infrastructure to support both SIP
domains.
Which of the following simple URLs should you choose?
skype.adatum.com/meet
skype.contoso.com/meet
skype.adatum.com/dial-in
skype.adatum.com/admin
meet.adatum.com
dial-in.adatum.com
admin.adatum.com
skype.adatum.com/adatum.com/meet
skype.adatum.com/contoso.com/meet
meet.adatum.com
meet.contoso.com
dial-in.adatum.com
admin.adatum.com
skype.adatum.com/adatum.com/meet
skype.contoso.com/contoso.com/meet
Question: How is the SIP URI different from the mail URI?
Lab A: Configuring DNS and Simple URLs for

Skype for Business Server
Scenario
In preparing for the deployment of Skype for Business Server in the New York site, A. Datum must add the
necessary DNS records and simple URLs to support the requirement. As the Skype for Business Server
administrator, your task is to create these DNS records and update the topology with the simple URLs.
Objectives
• Create the required DNS records for the deployment of Skype for Business Server in New York and for
the simple URLs.
• Configure the topology with the required simple URLs.
Lab Setup

20334B-LON-SFB2
Password: Pa$$w0rd
For this lab, you will use the available virtual machine environment. Before you begin the lab, complete
the following steps:
1. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V Manager.
2. In Microsoft Hyper-V Manager, click 20334B-LON-DC1, and then in the Actions pane, click Start.
o Domain: Adatum
5. Repeat steps 2 through 4 for 20334B-LON-RTR, 20334B-LON-SQL1, 20334B-LON-SFB1, and

20334B-LON-SFB2.
Exercise 1: Configuring the Required DNS Records and Simple URLs for
Scenario
A. Datum wants you to create the necessary DNS records to enable the sales users in the New York site
with Instant Messaging, Presence, and Audio and Video Conferencing. In addition, you need to create the
DNS records for the simple URLs and update the topology with the simple URLs.
1. Create the required DNS records for Skype for Business Server.
2. Download the existing topology.
3. Update the topology with the simple URLs.
 Task 1: Create the required DNS records for Skype for Business Server
• On LON-DC1, open DNS Manager and create the following internal DNS records for
Skype for Business Server:
o A Records:
 Name: NY-pool.Adatum.com, NY-webint.Adatum.com, dialin.Adatum.com,
meet.Adatum.com
 IP: 172.16.10.20
o SRV Record:
 Name: _sipinternaltls._tcp.Adatum.com
 Port: 5061
 Weight: 10
 Host: NY-pool.Adatum.com

• On LON-SFB1, use the Skype for Business Server Topology Builder to download the existing topology
and save it to the desktop as Lab2.tbxml.
 Task 3: Update the topology with the simple URLs

• On LON-SFB1, use the Topology Builder to edit the properties of the deployment to add the
following simple URLs:
• Phone access URL:

o https://dialin.adatum.com
o Make this the active URL
• Meeting URL:
o https://meet.adatum.com
o SIP domain: Adatum.com
o Make this the active URL for the selected domain

• In Topology Builder, on LON-SFB1, right-click Skype for Business Server, and then click Publish
Topology to publish the topology. After the publishing is complete, review log files as needed.
Results: After completing this exercise, you will have created the required Domain Name System (DNS)
records to support the workloads that A. Datum Corporation plans to deploy in New York and to support
the simple URLs.
Question: What is the purpose of the weight attribute in a SRV record?
Question: Why do some SRV records reference port 5061 and others reference port 443?
Lesson 3
Installing Skype for Business Server
As you progress to the deployment of Skype for Business Server, you will need to coordinate the
deployment activities among various teams. This will include discussions with your network team for
internal and external DNS requirements, with your security team for certificate requirements, and with
your infrastructure team for SQL requirements. Even if these roles overlap, the deployment phase will
require good coordination to be successful.
Lesson Objectives
• Describe how to install Skype for Business Server.
• Describe how to request and assign certificates for Skype for Business Server Front End Servers.
• Describe the considerations for planning the SQL databases required for Skype for Business Server
Back End Servers.
GUI-Based Installation of Skype for Business Server
Skype for Business Server setup process

Your deployment process for
Skype for Business Server is dependent on the
Skype for Business Server topology and the
components that you plan to install. In addition,
whether you plan to deploy an Enterprise Edition
pool or a Standard Edition server will also affect the
deployment process.
The following are the recommended steps for

deploying Skype for Business Server:
1. Prepare AD DS for Skype for Business Server.
2. Install Topology Builder.
3. Configure the topology.
5. Install the Skype for Business Server system.
In Skype for Business Server Enterprise Edition, you must prepare the Back End Server with SQL Server
before you publish the topology, because it provides the database services for the Central Management
store and for the Front End pool. You will learn about preparing the Back End Server later in this lesson.
You can find the steps prior to installing Skype for Business Server in Module 1, “Design and Architecture
of Skype for Business Server 2015.”
Installing the Skype for Business Server system

After you publish the topology to the Central Management store, you can install the
Skype for Business Server system by using the Skype for Business Server Deployment Wizard.
The steps for installing the Skype for Business Server system are:
1. Install the local configuration store.
2. Set up or remove Skype for Business Server components.
3. Request, install, or assign certificates.
4. Start services.
5. Verify that services have started (optional).
During the installation of the local configuration store, the bootstrapper, or setup routine, retrieves a
reference of a service control point object from AD DS. This object points the setup to the Central
Management Database. The bootstrapper installs an instance of SQL Server Express, called RTCLOCAL,
and the core Skype for Business Server components. Next, the bootstrapper instantiates the local Central
Management store replica by importing the configuration from the Central Management store database
and then replicating the database data. When the setup completes, you should review the log files to
verify successful completion.
During the setup of Skype for Business Server components, the bootstrapper performs a prerequisite
check before installing additional components. These components include a second SQL Server Express
instance, called LyncLocal, and additional Windows Speech Recognition components and foreign
language packs. After the prerequisite check, the installation of the Skype for Business Server components
starts. These components include the services and server roles on the Skype for Business Server Front End
Server, such as Audio/Video Conferencing Server and Mediation Server. After the install, you should
review the log files to verify successful completion.
Note for the operating system support: Although Windows Server 2008 R2 is still supported, Microsoft
recommends using Windows Server 2012 R2 for all new servers for Skype for Business. You should use
Windows Server 2008 R2 only when you have existing servers with Lync Server 2013 already installed, and
you intend to do an in-place upgrade. Windows Server 2008 R2 reached the end of the mainstream
support lifecycle on January 13, 2015.
Changes to the Topology Builder

As you make changes to your Skype for Business Server environment, you need to reflect those changes in
the topology by using the Topology Builder. Then you must publish the new topology. After this, you
should see a prompt to rerun the setup on the Skype for Business Server 2015 servers to update the
configuration changes.
Demonstration: Installing a Skype for Business Server 2015 Server

• Install Skype for Business Server core components.
• Install the local configuration store.

• Set up Skype for Business Server components.
• Review the log file.

Demonstration Steps
• Perform the following steps in the Skype for Business Server Deployment Wizard:
a. Install Skype for Business Server core components.
b. Install the local configuration store.
c. Set up Skype for Business Server components.
d. Review the log file.
Requesting and Assigning Certificates

As part of the third step in the Install
Skype for Business Server System setup process, you
must request certificates and assign them to the
appropriate Skype for Business Server services.
Requesting the certificates

In addition to the basic requirements for
certificates, as discussed earlier in the lesson, you
need to include specific subject names and SANs
when you request certificates from the CA. You will
most likely request them from an internal CA. The
subject names and SANs will vary based on the
Skype for Business Server 2015 server role and
service.
You can use the certificate wizard to generate a certificate request. The following is a list of the required
subject names and SANs for the Skype for Business Server Front End Server. You will learn about the
certificate requirements for other Skype for Business Server 2015 server roles in later modules.
Certificate Subject name SAN Example
Server default FQDN of the FQDN of the pool SN=pool.adatum.com

pool FQDN of the server SN=FE01.adatum.com
Web services FQDN of the FQDN of the server SN=FE01.adatum.com

internal server Internal web FQDN SN=webint.adatum.com
meet simple URL SN=meet.adatum.com
dial-in simple URL SN=dial-in.adatum.com
admin simple URL SN=admin.adatum.com
Web services FQDN of the FQDN of the server SN=FE01.adatum.com

external server External web FQDN SN=webext.adatum.com
meet simple URL SN=meet.adatum.com
dial-in simple URL SN=dial-in.adatum.com
SN=admin.adatum.com
OAuth FQDN of the FQDN of the pool SN=pool.adatum.com

pool
The certificate request for the OAuth certificate is only necessary during setup of the first
Skype for Business Server 2015 server. Because server-to-server mutual TLS communications require
this certificate, it is downloaded automatically during the installation of the local configuration store
for each subsequent Skype for Business Server 2015 server.
After you request the certificates, you should review the log files to verify successful completion.
Assigning the certificates

After running the request wizard, you can install the received certificate response on the server specified
for this purpose and bind the certificate to specified Skype for Business Server services and roles. After
binding, you should review the log files to verify successful completion.
Demonstration: Deploying Certificates for Skype for Business Server

• Request a default certificate for Skype for Business Server.
• Assign a default certificate for Skype for Business Server.
Demonstration Steps
Perform the following steps by using the Skype for Business Server Deployment Wizard:
1. On NYC-SFB3, on the Skype for Business Server 2015 - Deployment Wizard page, next to Step 3:
Request, Install or Assign Certificates, click Run.
2. Request a default certificate for Skype for Business Server by entering the following information in the
Certificate Wizard dialog box:
o CA: LON-DC1.Adatum.com/AdatumCA
o Friendly Name: LON-SFB1 Skype for Business Server Default Certificate
o Organization: A Datum
o Organizational Unit: IT
o Country/Region: United States
o State/Province: New York City

o SIP Domains: Adatum.com
3. Assign a default Skype for Business Server certificate to the following services:
o Server Default
o Web Services Internal
o Web Services External

Planning for SQL Databases
Planning for database software and

clustering support
When you deploy Skype for Business Server, you
need the following database management systems
for the back-end database, the archiving database,
and the monitoring database:
• Microsoft SQL Server 2014, both Standard and

Enterprise Editions
• Microsoft SQL Server 2012 service pack 2 (SP2)
and cumulative update 2 (CU2), both Standard
and Enterprise Editions
• Microsoft SQL Server 2008 R2 SP2, both Enterprise and Standard Editions
Although database mirroring is the only high-availability option that you can configure in the Topology
Builder, Skype for Business Server supports the following SQL Server high-availability options:
• Database mirroring. When you deploy synchronous database mirroring in a Skype for Business Server
Front End pool, all of the databases in the pool are mirrored. This includes the Central Management
store, if it is located in this pool, and the Response Group application database and the Call Park
application database, if these applications are running in the pool. With database mirroring, you do
not need to use shared storage for the servers, because each server keeps a copy of the databases in
the local storage. Asynchronous database mirroring is not supported for Back End Server high
availability in Skype for Business Server.
• AlwaysOn Availability Groups. Only SQL Server 2014 Enterprise Edition and SQL Server 2012
Enterprise Edition support AlwaysOn Availability Groups. Skype for Business Server supports AlwaysOn
Availability Groups only as active/passive and not active/active. To use AlwaysOn Availability Groups,
you first use SQL Server to set up and configure the high-availability solution. You can then use
Topology Builder to associate it with a Front End pool.
• AlwaysOn failover cluster instances. Only SQL Server 2014 Enterprise Edition and SQL Server 2012
Enterprise Edition support AlwaysOn failover cluster instances. Skype for Business Server supports
AlwaysOn Availability Groups only as active/passive and not active/active. To use AlwaysOn failover
cluster instances, you first use SQL Server to set up and configure the high-availability solution. You
can then use Topology Builder to associate it with a Front End pool.
• SQL Server failover clustering. You can implement a second layer of failover at the server layer by
deploying SQL Server failover clustering. To deploy SQL Server failover clustering, you should
configure the SQL Server cluster before deploying your Front End pool.
With Skype for Business Server, you can collocate each of the following databases on the same database
server:
• Back-end database. This database stores the topology of the Central Management store.
• Monitoring database. This database stores users’ communication sessions, including call detail
recording data and QoE data.
• Archiving database. This database stores content from Skype for Business Server peer-to-peer IM,
conferences, whiteboards, and polls, if you have enabled an archiving policy. Persistent Chat content
is not archived in the archiving database.
• Persistent Chat database. This database stores Persistent Chat room content and other system
metadata, such as authorization rules.
• Persistent Chat compliance database. This database is responsible for archiving Persistent Chat
content and events, such as joining and leaving rooms. This database is typically deployed if your
organization has regulations that require Persistent Chat activity to be archived.
You can collocate any or all of these databases on a single instance of SQL Server or use a separate
instance of SQL Server for each, with the following limitations:
• Each instance of SQL Server can contain only a single back-end database, a single monitoring
database, a single archiving database, a single Persistent Chat database, and a single Persistent Chat
compliance database.
• The database server can support one Front End pool, one archiving deployment, and one monitoring
deployment, but it cannot support more than one of each, regardless of whether the databases use
the same instance of SQL Server or separate instances of SQL Server.
Test Your Knowledge

Question
What are the names of the SQL Server database instances that are installed on the
Skype for Business Server Front End Servers?
RTC
RTCLOCAL
LyncLocal
LyncRTC
SkypeLocal
Test Your Knowledge

Question
Which of the following options represents the correct order of steps for preparing and installing
Skype for Business Server?
Prepare AD DS for Skype for Business Server.

Install Topology Builder.
Configure Topology Builder.
Publish the topology.
Install the local configuration store.
Set up or remove Skype for Business Server components.
Request, install, or assign certificates.




Lesson 4
Integrating Skype for Business Server with Exchange
Server and SharePoint Server
A Skype for Business Server design might also contain other systems that are outside of the
Skype for Business Server product. These systems can include Exchange Server and SharePoint Server.
Before you begin deploying Skype for Business Server, you should assess the requirements for Exchange
Server integration, Skype for Business client integration, SharePoint Server integration, and Enterprise
Voice, and then update your Skype for Business Server design.
Lesson Objectives
• Describe the integration of Exchange Server with Skype for Business Server.
• Describe the role of Exchange Server in providing free/busy information.
• Describe how to configure the integration of Skype for Business Server and Exchange Server.
• Describe Open Authorization (OAuth) and trusted applications in Skype for Business Server.
• Describe the integration of SharePoint Server with Skype for Business Server.
• Describe how to configure the integration of Skype for Business Server and SharePoint Server.
Exchange and Outlook Integration Overview
Assessing Exchange Server integration

To integrate Skype for Business 2015 with Microsoft
Office 2013 or later applications successfully, you
need to review and plan the configuration. You
must assess and plan for integration between Skype
for Business and Exchange Server to access and
update shared information. You must also review
the integration features that you can configure
during Skype for Business deployment. You can use
in-band server settings to control the level of Skype
for Business integration with Office 2013 or later
applications.
Skype for Business integration with Exchange Server

Both Skype for Business Server 2015 and Outlook 2013 read and write information directly to Exchange
Server. In this context, you need to know how to plan for the Exchange Server interfaces that
Skype for Business Server 2015 and Outlook 2013 require.
To display information about a contact in an email message, Outlook 2013 first retrieves the contact’s SIP
address locally, and then makes a remote procedure call (RPC) to the server running Exchange Server, if
required. During a single Outlook 2013 session, the number of RPCs decreases as more SIP addresses are
cached. In Skype for Business Server, the integration features either use Messaging Application
Programming Interface (MAPI) or make EWS calls to Exchange Server for the following purposes:
• To access conversation history and missed calls
• To access unified contact store
• To play back voicemail messages
• To display free/busy information and working hours
• To display meeting subject, time, and location
• To display the Out of Office status and note
• To display users’ high-resolution photographs
• To archive IM and web conferencing transcripts
You need to remember that Outlook 2013 makes RPCs to resolve SIP addresses only if you select the
Display online status next to a person name option. To view this option in Outlook 2013, on the Tools
menu, click Options, click Other, and then click Person Names. Select an appropriate Exchange Server
communication interface.
You can evaluate the communication interfaces that Skype for Business Server uses to access and update
the features shared with Outlook 2013. Skype for Business Server makes Exchange Server calls directly,
through MAPI or EWS, or indirectly, by using the Microsoft Outlook object model.
Controlling integration
All Outlook 2013 integration features are enabled by default, but you can control them individually
by using Skype for Business Server or by using in-band server settings. When you plan for the
Skype for Business Server solution, you can use the in-band server settings to enable or disable individual
integration features, either during deployment or during maintenance.
Planning for the appropriate Exchange Server version

Skype for Business Server supports various versions of Exchange Server. The client computer must have
Outlook to handle extended MAPI calls, and some features require the use of EWS. Depending on the
Exchange Server version in the organization, you can plan for integration with Office 2013 or later
applications.
Skype for Business Server supports integration with the following versions of Exchange:
• Microsoft Exchange Server 2016
• Microsoft Exchange Server 2007 SP1 or the latest service pack

Publishing Free/Busy Information

A Skype for Business Server user cannot access
another user’s availability or schedule directly. The
free/busy and Out of Office details are part of a
contact’s extended Presence information. This
works as follows:
• On User A’s computer, Skype for Business sends

EWS calls to determine User A’s free/busy and
Out of Office status.
• Skype for Business Server then updates User A’s

enhanced Presence data with this information.
• Other Skype for Business Server and Outlook

2013 users can now view User A’s schedule details and Out of Office status, if applicable.
The availability of free/busy and Out of Office information about a contact also depends on a user’s
privacy relationship settings in Skype for Business Server.
Configuring Exchange Server Integration

To configure integration of
Skype for Business Server and Exchange Server, you
must:
• Assign the appropriate certificates to each

server.
• Configure Skype for Business Server to be a
partner application for Exchange Server.
• Configure Exchange Server to be a partner

application for Skype for Business Server.
Assigning the appropriate certificates to each server

You must assign server-to-server authentication certificates to both Skype for Business Server and
Exchange Server. These authentication certificates allow Skype for Business Server and Exchange Server
to exchange information.
When you install Exchange Server, a self-signed certificate with the name Microsoft Exchange Server Auth
Certificate is created automatically. Exchange Server uses this certificate for server-to-server
authentication.
For Skype for Business Server, you can use an existing Skype for Business Server certificate as your server-
to-server authentication certificate. For example, you can use your server default certificate as the
OAuthTokenIssuer certificate. Skype for Business Server allows you to use any web server certificate as the
certificate for server-to-server authentication, provided that:
• The certificate includes the name of your SIP domain in the Subject field.
• You have configured the same certificate as the OAuthTokenIssuer certificate on all of your
Skype for Business Server Front End Servers.
• The certificate has a length of at least 2048 bits.
Configuring Skype for Business Server to be a partner application for Exchange

Server
The simplest method to configure Skype for Business Server to be a partner application with Exchange
Server 2013 or Exchange Server 2016 is to run the Configure-EnterprisePartnerApplication.ps1 script, a
Windows PowerShell script that ships with Exchange Server 2013. To run this script, you must provide the
URL for the Skype for Business Server authentication metadata document. The authentication metadata
document will typically be the FQDN of the Skype for Business Server Front End pool followed by the
suffix /metadata/json/1.
You must configure the autodiscover service in Exchange Server before you can integrate
Skype for Business Server and Exchange Server.
Configuring Exchange Server to be a partner application for

After you configure Skype for Business Server to be a partner application for Exchange Server, you must
configure Exchange to be a partner application with Skype for Business Server. You can do so by using the
Skype for Business Server Management Shell. In the Skype for Business Server Management Shell, you
must run the New-CsPartnerApplication cmdlet and specify the authentication metadata document for
Exchange. The authentication metadata document will typically be the URI of the Exchange autodiscover
service followed by the suffix /metadata/json/1.
Verifying the partner applications

If you successfully configured partner applications for both Skype for Business Server and Exchange
Server, it means that you have successfully configured the server-to-server authentication between the
two products. You can use the Skype for Business Server Management Shell to verify this, and to verify
that the Skype for Business Server Storage Service can connect to Exchange 2013. In the
Skype for Business Server Management Shell, you can run the Test-CsExStorageConnectivity cmdlet.
This cmdlet verifies the partner applications by connecting to the mailbox of an Exchange Server 2013
user, writing an item into the Conversation History folder for that user, and then (optionally) deleting that
item.
OAuth and Trusted Applications

The recent releases of Exchange Server, SharePoint
Server, and Skype for Business Server, including
Lync Server 2013, make it easier to integrate these
products, due to significant changes to the
underlying authorization framework. OAuth 2.0 is a
standards-based framework that is widely used
across the web services industry, and within other
Microsoft products such as Xbox and Hotmail.
However, these recent releases include this
technology for the first time.
OAuth typically involves three components: a

trusted authorization server and two realms that
need to communicate. The trusted authorization server, or the token server, issues security tokens to the
two realms. These security tokens verify the authenticity of both realms and ensure that user credentials
and passwords do not pass between servers. Instead, these security tokens control authentication and
authorization. For example, the trusted authorization server might issue security tokens that verify that
users from a specific Skype for Business Server realm are able to access a specific Exchange Server 2013
realm and vice versa. In Skype for Business Server, the default SIP domain acts as the OAuth realm.
As part of its support within the Microsoft Office family of server products (including Office 365 and the
on-premises versions of Skype for Business Server, Exchange, and SharePoint), the OAuth framework
supports on-premises and hybrid topologies. A hybrid topology combines Office 365 with some
combination of on-premises servers. In an on-premises topology, there is no requirement to implement a
trusted authorization server, as the use of partner applications establishes the trust. By creating the
partner application, the server products directly swap security tokens and bypass the need for a third-
party token server.
Demonstration: Requesting and Installing OAuth Certificates

• Request an OAuthTokenIssuer certificate for Skype for Business Server.
• Assign an OAuthTokenIssuer certificate for Skype for Business Server.
• Verify the replication of the OAuthTokenIssuer certificate.
Demonstration Steps
Perform the following steps in the Skype for Business Server Deployment Wizard:
1. Request the OAuthTokenIssuer certificate by using the following details:
o CA: LON-DC1.Adatum.com/AdatumCA
o Friendly Name: Skype for Business Server OAuth Certificate
o Organization: A Datum
o Organizational Unit: IT
o Country/Region: United States
o State/Province: New York
o City/Locality: New York City

2. Assign the OAuthTokenIssuer certificate to the following service:
o OAuthTokenIssuer
3. Verify replication of the OAuthTokenIssuer certificate on LON-SFB1.
SharePoint Server Integration Overview

The integration features of Skype for Business
Server with SharePoint Server 2013 or later include:
• Presence and click-to-communicate in

SharePoint sites
• Skill search, whereby users can find people with

specific sets of skills from SharePoint My Sites
pages
• Search for archived IM and web conferencing

transcripts
One of the major advantages to storing IM and web

conferencing transcripts in Exchange Server instead
of Skype for Business Server is that storing data in the same location allows administrators to use
SharePoint Server to search for archived Exchange data and archived Skype for Business Server data.
Configuring SharePoint Integration (1 of 2)

The steps to configure the integration of Skype for
Business Server and SharePoint Server include:
• Enabling and verifying Presence awareness

integration
• Configuring skill search integration
• Configuring SharePoint Server to search for

archived Skype for Business Server data
Configuring Presence awareness

integration
By default, the Presence status of a Skype for
Business Server user displays in SharePoint Server 2013 through a client-side setting by using a dynamic-
link library called name.dll. This file installs with Microsoft Office. It is an ActiveX control that calls the
Skype for Business application programming interface (API) directly to request and display Presence status
within SharePoint Server 2013 site collections.
Configuring skill search integration

Configuring skill search integration in Skype for Business Server requires you to enable People Search in
SharePoint Server 2013. To enable this feature in Skype for Business Server 2015, you must run the Set-
CsClient Windows PowerShell cmdlet in the Skype for Business Server Management Shell. In this cmdlet,
you must set the SPSearchInternalUrl and SPSearchExternalURl parameters to SharePoint Server My Sites.
This enables skill search in the Skype for Business client through in-band provisioning.
Configuring SharePoint Server to search for archived Skype for Business Server data
If you want to use SharePoint Server to search for archived Skype for Business Server data (including IM
and web conferencing transcripts), you must first complete all the steps required to configure Exchange
Server archiving in Skype for Business Server. You learned about this earlier in the lesson.
After successfully integrating Exchange Server and Skype for Business Server, you must install the EWS
Managed API 2.2 on each of your SharePoint Server 2013 servers. You can download the setup program
for the EWS API from the following Microsoft website.
Microsoft Exchange Web Services Managed API 2.2

http://aka.ms/hzvjdk
Test Your Knowledge

Question
What are the three steps required to integrate Skype for Business Server 2015 with Exchange
Server?
Assign the appropriate certificates to Skype for Business Server and to Exchange Server.
Assign the OAuth certificate to the Skype for Business Server 2015 server.
Configure Skype for Business Server to be a partner application for Exchange Server.
Configure Exchange Server to be a partner application for Skype for Business Server.
Configure Exchange Server to be a partner application for SharePoint Server.
Test Your Knowledge

Question
What are the four steps required to enable the discovery of content from Skype for Business
Server through eDiscovery in SharePoint Server?
Assign the appropriate certificates to each server.
Configure Skype for Business Server to be a partner application for Exchange Server.
Configure Exchange Server to be a partner application for Skype for Business Server.
Configure Exchange Server to be a partner application for SharePoint Server.
Install the EWS Managed API 2.2 on each of your servers running SharePoint Server.
Lab B: Deploying Skype for Business Server

Scenario
A. Datum started deploying Skype for Business Server in the New York site. So far, A. Datum has updated
the topology with an Enterprise Edition pool for the Skype for Business Server Front End Server in New
York and the required DNS records. You need to install Skype for Business Server on the Front End Server
in New York.
Objectives
• Install and configure Skype for Business Server.
• Install Skype for Business Server certificates.
Lab Setup

20334B-LON-SFB2, 20334B-NYC-SQL3, 20334B-NYC-SFB3, 20334B-LON-EX1, and 20334B-LON-CL1
Password: Pa$$w0rd
For this lab, you will use the available virtual machine environment. Before beginning the lab, complete
2. In Hyper-V Manager, click 20334B-LON-DC1, and in the Actions pane, click Start.

o Domain: Adatum
5. Repeat steps 2 through 4 for 20334B-LON-RTR, 20334B-LON-SQL1, 20334B-LON-SFB1, 20334B-

LON-SFB2, 20334B-NYC-SQL3, 20334B-NYC-SFB3, 20334B-LON-EX1, and 20334B-LON-CL1.
You will also need to mount the ISO images needed for the lab by performing the following steps:
1. Open the Hyper-V Manager console.
2. Click 20334B-NYC-SFB3. In the Actions pane, click Settings.
3. Under the Hardware section, click DVD Drive.
4. Click Image file, and then click Browse.
5. Navigate to C:\Program Files\Microsoft Learning\20334\Drives, and then click SfB-E-9319.0-

enUS.iso.
6. Click Open, and then click OK.

Exercise 1: Installing and Configuring Skype for Business Server

Scenario
In this exercise, you will perform the first two steps in the deployment wizard to start the setup of a Skype
for Business Server Front End Server in the New York site. You will install a local configuration store and
set up the components for Skype for Business Server.
1. Run the deployment wizard.
2. Examine the log files.
 Task 1: Run the deployment wizard

1. On NYC-SFB3, from Drive D, run the setup to install Skype for Business Server core components.
2. Use the Skype for Business Server 2015 - Deployment Wizard to install the local configuration store
on NYC-SFB3. Retrieve the data directly from the Central Management store. This step will take about
15 minutes to execute.
3. Use the Skype for Business Server 2015 - Deployment Wizard to set up Skype for Business Server
components on NYC-SFB3. This step will take approximately 15 minutes to run.
 Task 2: Examine the log files

• On NYC-SFB3, on the Executing Commands page, click View logs and examine the log files. Verify
that there are no installation issues, and then click Finish.
Results: After completing this exercise, you will have installed the local configuration store and the core
components on the Skype for Business Server Front End Server in the New York site.
Exercise 2: Installing Skype for Business Server Certificates

Scenario
In this exercise, you will perform the next two steps in the deployment wizard to complete the setup of
the Skype for Business Server Front End Server. You will also request and configure certificates, and then
start the Skype for Business Server services.
1. Request and assign certificates from an online enterprise CA.
2. Start the Skype for Business Server services.
3. Verify the Skype for Business client connectivity to New York.
 Task 1: Request and assign certificates from an online enterprise CA

1. On NYC-SFB3, request and assign a Default Certificate by using the following options:
a. In the Select a CA from the list detected in your environment drop-down list, verify that
LON-DC1.Adatum.com\AdatumCA is present.
b. In the Friendly Name box, type NYC-SFB3 Skype for Business Server Default Certificate.
c. In the Organization box, type A Datum.

d. In the Organizational Unit box, type IT.
e. In the Country/Region drop-down list, select United States.
f. In the State/Province box, type New York.
g. In the City/Locality box, type New York City.
h. In the Select one or more SIP Domains list, select Adatum.com, and then complete the
certificate request.
2. On the Online Certificate Request Status page, verify that Assign this certificate to Skype for
Business Server certificate usages is selected.
3. Verify that the default certificate has been assigned to Server Default, Web Services Internal and
Web Services External.
4. Verify that the OAuthTokenIssuer certificate has been assigned a certificate.
 Task 2: Start the Skype for Business Server services

• On NYC-SFB3, start the Skype for Business Server Management Shell. Use the following command to
start the services:
Start-CsPool NY-pool.adatum.com
 Task 3: Verify the Skype for Business client connectivity to New York
1. Switch to LON-SFB1.
2. On LON-SFB1, on the taskbar, click Skype for Business Server Control Panel.
3. Select https://ny-pool.adatum.com/Cscp, click OK, and then sign in as adatum\administrator

with the password Pa$$w0rd.
4. Select users on the left menu, and then click enable users.
5. In the new Skype for Business Server user panel, click add, and then click add filter.
6. In the first drop-down list box, select Department. In the second drop-down list box, select equal to.
In the text box, type Sales, and then click Find.
7. Click the first user, and then press Ctrl+A to select all the users from the search results. Click OK.
8. In the assign users to a pool drop-down list box, select NY-pool.adatum.com, change the
Telephony drop-down list box to Enterprise Voice, and then at the upper-left corner, click Enable.

When you finish the lab, revert the virtual machines to their initial state. To do this, perform the following
steps:
2. In the Virtual Machines list, right-click 20334B-LON-DC1, and then click Revert.
3. In the Revert Virtual Machine dialog box, click Revert.

4. Repeat steps 2 and 3 for all running virtual machines.
Results: After completing this exercise, you will have requested and assigned the certificates and started
the services for the Skype for Business Server Front End Server in the New York site.
Question: For a new deployment of Skype for Business Server or migration from a legacy version,
which two actions must you complete before you can publish a topology by using Topology
Builder?
Question: After publishing the topology, but before clicking Finish in the publishing wizard,
what should you do?

The certificate assignment task might fail with

an error stating that a Type has not been
provided.
Review Questions
Question: Which Skype for Business feature or integration excites you the most about the
product? Which Skype for Business feature or integration intimidates you the most in design
or deployment? Why?
Question: To where does the Central Management Database replicate configuration

changes? How is that beneficial?

Skype for Business Server is capable of integrating with more non-Microsoft products and services than
any of its predecessors. It might be tempting to design a large-scale deployment with any and all of these
technologies. However, you might experience more success and wider adoption of the technology by
starting with smaller deployments and then building up additional services in Skype for Business Server.
Tools
The tools used in this module include:
• Skype for Business Server Topology Builder. This tool configures the design of your Skype for Business
Server 2015 deployment and publishes the topology to Active Directory Domain Services (AD DS).
• Skype for Business Server Deployment Wizard. This tool installs the components, databases,
certificates, and administrative tools in your Skype for Business Server Standard or Enterprise Edition
deployment.
• The Skype for Business Server Management Shell. This tool allows you to manage your Skype for
Business Server deployment from a command-line interface.
• DNS Manager. This tool allows you to create and manage the Domain Name System (DNS) records
required in your Skype for Business Server deployment.
• The Certificates console. This tool allows you to manage the certificates required in your Skype for
Business Server deployment.
3-1
Module 3
Administering Skype for Business Server 2015
Contents:
Module Overview 3-1
Lesson 1: Using Skype for Business Server Control Panel 3-2
Lesson 2: Using the Skype for Business Server Management Shell 3-5
Lab A: Using the Administrative Tools to Manage Skype for Business Server 3-8
Lesson 3: Implementing Role-Based Access Control 3-12
Lesson 4: Using Test Cmdlets 3-17
Lesson 5: Tools for Troubleshooting Skype for Business 3-20

Lab B: Using the Skype for Business Troubleshooting Tools 3-25
Module Overview
This module describes the foundation for the administrative infrastructure of Skype for Business 2015.
Skype for Business Server Control Panel is the primary tool for managing any Skype for Business
environment. You can perform other administrative functions by using the Skype for Business Server
Management Shell. You can use the Skype for Business Server Management Shell to automate processes
by using scripts. Role-based access control (RBAC) governs all capabilities of administrative users. You can
examine many of the functions of Skype for Business by using the set of Test cmdlets to emulate
transactions. In addition to these administrative tools and cmdlets, many tools are available for
troubleshooting the Skype for Business deployments.
Objectives
• Use Skype for Business Server Control Panel.

• Use the Skype for Business Server Management Shell.
• Explain how to create useful Skype for Business scripts.
• Implement RBAC in Skype for Business.
• Use important Test cmdlets.
• Use the various tools to troubleshoot Skype for Business.

3-2 Administering Skype for Business Server 2015
Lesson 1
Using Skype for Business Server Control Panel
This lesson introduces Skype for Business Server Control Panel. In the Control Panel, you can open the
work areas by clicking the tabs on the left side of the console. In these work areas, you can configure all
the server settings and the settings for single or multiple users.
Lesson Objectives
• Describe the various work areas in Skype for Business Server Control Panel.
• Explain the deployment options for Skype for Business Server Control Panel.
Overview of Skype for Business Server Control Panel (1 of 14)

You can use Skype for Business Server Control Panel
to configure almost all the settings in the Skype for
Business environment. For example, you can
perform the following administrative tasks:
• Search for and configure users. You can search
for users by display name, first name, last name,
Security Accounts Manager (SAM) account
name, Session Initiation Protocol (SIP) address,
or line Uniform Resource Identifier (URI). You
can then use the results of your search query to
configure users for Skype for Business Server
2015 and perform other related tasks, such as
assigning policies and changing or removing personal identification numbers (PINs).
• Enable or disable users. After you create a user account in Active Directory Users and Computers, you
can enable or disable a user account in Skype for Business Server. When you disable a previously
enabled user account, you do not lose the Skype for Business Server settings that you configured for
that user account. Therefore, you can choose to re-enable the user without reconfiguring the user
account.
• Assign policies to users. You can assign specific policies to a user or a group of users, such as
conferencing policies, supported client version policies, archiving policies, or remote user access
policies.
• Assign users to a server or a pool. You can assign users to a server or move them to a specific pool.
• Set a user’s dial-in conferencing PIN. You can configure global PIN policies, such as the required
minimum length. In addition, you can configure PIN policies for individual users or sites. You can
choose to generate the PIN automatically or create one manually.
• Start or stop services in the Skype for Business topology. You can view the core services that are
running on all Skype for Business Server 2015 servers, and in a single view, you can see the relative
health of the entire topology.
• Create network configuration for voice and conferencing. You can create the paths that
communication streams will take internally and configure the mechanisms for the messages that go
outside your organization.
Skype for Business Server Control Panel is automatically installed on every Front End Server or Standard
Edition server in your deployment. In Skype for Business Server, you can remotely manage edge servers by
using Skype for Business Server Control Panel, which is not exposed externally to the web.
Note: You cannot use Skype for Business Server Control Panel to manage users who are
members of the Active Directory Domain Admins group. For Domain Admin users, you can use
the Control Panel to perform read-only search operations. To perform write operations on
Domain Admin users, such as enabling or disabling Skype for Business Server, or changing pool
or policy assignments, telephony settings, or SIP address, you must use the Skype for Business
Server Management Shell cmdlets while signed in as a Domain Administrator with appropriate
RBAC credentials.
Deployment Options for the Control Panel

Skype for Business Server Control Panel is a web-
based user interface. You can run the Control Panel
from any Microsoft Silverlight–capable browser.
During the initial configuration of the topology, you
can configure an administration simple universal
resource locator (URL). This URL, when properly
configured in the Topology Builder and Domain
Name System (DNS), allows administrators to
connect to the Control Panel without specifying the
names of specific Front End Servers. Alternatively,
administrators can establish a connection to the
Control Panel by connecting directly to the virtual
folders named pool fully qualified domain name (FQDN)/cscp or Standard Edition server FQDN/cscp; for
example, http://pool.adatum.com/cscp.
You can install the entire set of administrative tools from the Skype for Business Deployment Wizard on
the 64-bit versions of Windows 10, Windows 8.1, Windows 8, and Windows 7 workstations, with the
current set of service packs.
Demonstration: Working with Skype for Business Server Control Panel

Users must have accounts in Active Directory Domain Services (AD DS) and you should enable them for
Skype for Business so they can use applications. In this demonstration, you will learn how to enable a
single user and multiple users by using Skype for Business Server Control Panel.
Demonstration Steps
1. On LON-SFB1, open Skype for Business Server Control Panel.
2. Click the Users node.
3. Click Enable Users, and then click Add.
4. On the Select from Active Directory page, type Alex Darrow, and then click Find.
5. Click Alex Darrow, and then click OK.
6. On the User Search page, in the Assign users to a pool section, select pool.adatum.com.
7. Click Enable.
8. Click Enable users.

9. On the User Search page, click Add.
10. In the Select from Active Directory page, click Add filter.
11. Change the City drop-down box to Department.
12. Ensure that Equal to is selected, and then type IT.
13. Click Find.
14. Select all the users, and then click OK.

15. In the Assign users to a pool section, select pool.adatum.com.
16. Click Enable.
17. On the User Search page, type Amr Zaki, and then click Find.
18. Confirm that Amr Zaki is enabled for Skype for Business by verifying that there is a check mark in the
enabled column.
Test Your Knowledge

Question
In which tab of Skype for Business Server Control Panel can you configure the assignment of a
user’s meeting policy?
Conferencing
Users
Meeting
Clients
Policy
Lesson 2
Using the Skype for Business Server Management Shell
The Skype for Business Server Management Shell is particularly useful when you perform bulk
transactions. In this lesson, you will learn how to use the Skype for Business Server Management Shell
to perform administrative tasks.
Lesson Objectives
• Explain how to use the Skype for Business Server Management Shell.
• Identify the commonly used cmdlets.
Overview of the Skype for Business Server Management Shell

The Skype for Business Server Management Shell is
another tool for administrating a Skype for Business
Server communications system. The decision to use
Skype for Business Server Control Panel or Skype for
Business Server Management Shell is yours—you
can perform almost all the Skype for Business Server
management tasks by using either tool. One
advantage of the Skype for Business Server
Management Shell is that you can use it for running
scripts to automate common administrative tasks.
The Skype for Business Server Management Shell is

automatically installed on every Skype for Business
Server Enterprise Edition Front End Server or Standard Edition server in your deployment. The Skype for
Business Server Management Shell builds on the Windows PowerShell 3.0 command-line interface, and it
includes more than 700 product-specific cmdlets for administering Skype for Business Server.
In other words, the Skype for Business Server Management Shell is Windows PowerShell 3.0 with the
Skype for Business module loaded in it. It follows the Verb-noun syntax that all Windows PowerShell
modules employ.
For example, the cmdlet Get-CsPool will provide information about each pool and the services that are
running in the topology. You can use parameters to limit the scope of the inquiry. For example:
Get-CsPool –Site “New York”
The wildcard character in the Skype for Business Server Management Shell is *. It is particularly useful with
the Get cmdlets. For example, Get-CsUser –Identity “Bob*” returns the names of all the enabled users
whose names begin with Bob.
Commonly Used Cmdlets (1 of 3)

There are approximately 700 cmdlets in Skype for
Business Server. The Get-Help cmdlet provides
useful information about how and when to run
these cmdlets. For more information on the Skype
for Business Server Management Shell, go to the
following link:
Skype for Business Server cmdlets index

http://aka.ms/as9xiv
The following are some examples of the cmdlets:
• Disable-CsUser disables the Skype for Business

account for the user whose identity is delineated.
• Enable-CsComputer activates the recently installed services on a Skype for Business Server 2015
server.
• Get-CsAdUser provides all the accounts in Active Directory Domain Services (AD DS) regardless of
their activation for Skype for Business.
• Invoke-CsDatabaseFailover allows for a planned failover of a mirrored database.
• New-CsDialPlan is used primarily in Enterprise Voice deployments to create a dial plan. However,
you will see its application for dial-in conferencing in Module 6, “Implementing Additional
Conferencing Options in Skype for Business Server 2015”.
• Set-CsCertificate assigns certificates to a Skype for Business Server 2015 server or service.
• Test-CsPresence confirms that two users can exchange presence information.
Demonstration: Working with the Skype for Business Server Management

Shell
In the previous demonstration, you learned how to enable users and an entire organizational unit by
using Skype for Business Server Control Panel. In this demonstration, you will learn how to enable a user
and an entire organizational unit by using the Skype for Business Server Management Shell.
Demonstration Steps
1. Open the Skype for Business Server Management Shell.
2. At the command prompt, type Enable-CsUser –Identity “Aidan Delaney” –RegistrarPool

“pool.adatum.com” –SipAddressType SamAccountName –SipDomain Adatum.com.
3. Confirm that the user was enabled by typing Get-CsUser –Identity “Aidan Delaney”, and then
pressing Enter.
4. At the command prompt, type Get-AdUser -filter * -Searchbase

“ou=managers,dc=adatum,dc=com” | ForEach {Enable-CsUser –Identity $_.Name -
RegistrarPool “pool.adatum.com” –SipAddressType SamAccountName –SipDomain
Adatum.com}, and then press Enter.
5. Confirm that the user was enabled by typing Get-CsUser –Identity “Carol Troup”, and then
pressing Enter.
Overview of Windows PowerShell Scripting

You can create a Windows PowerShell or Skype for
Business Server Management Shell script by saving
the commands that you would type in the shell to a
file with a .ps1 extension. You can create a script in
any text editor, but it is easier to use the Windows
PowerShell Integrated Scripting Environment
(Windows PowerShell ISE), which is installed on all
servers running the Windows Server operating
system.
However, you must consider a few limitations. The
Windows PowerShell ISE does not automatically
load the Skype for Business module. To load the
module, you must include the Import-Module SkypeforBusiness cmdlet as the first line in your script.
You also must remember that Windows PowerShell does not permit you to run scripts in their default
state. You should set the execution policy as RemoteSigned and digitally sign the script. If you cannot
digitally sign the script, you must set the execution policy as UnRestricted. To sign a script, you must
install a script-signing certificate in the local user certificate store, and then apply the Set-Authenticode
cmdlet to the script.
Verify the correctness of the statement by placing a mark in the column to the right.
Statement Answer
A domain administrator can run scripts in the Skype for Business

Server Management Shell regardless of the execution policy.
Test Your Knowledge

Question
Which of the following cmdlets activates the recently installed services on a Skype for Business
Server 2015 server?
Enable-CsComputer
Set-CsCertificate
Test-CsPresence
Enable-CsTopology
Lab A: Using the Administrative Tools to Manage Skype

for Business Server
Scenario
A. Datum Corporation plans to institute a corporate policy that requires administrators to manage the
Skype for Business environment from their desktops or laptop computers. To meet that requirement, the
desktops or laptop computers must have the administrative tools installed. Additionally, an initial group of
users must be enabled to use Skype for Business. Your task is to install the administrative tools and enable
the users to use Skype for Business.
Objectives
• Install the Skype for Business administrative tools on a Windows 10 client.
• Explore Skype for Business Server Control Panel.

• Use the Skype for Business Server Management Shell.
Lab Setup
Virtual Machines: 20334B-LON-DC1, 20334B-LON-SFB1, 20334B-LON-SFB2, 20334B-LON-SQL1,
20334B-LON-CL1, 20334B-LON-CL2, 20334B-LON-RTR, 20334B-LON-EX1
User Name: Adatum\Administrator

Password: Pa$$word
For this lab, you will use the available virtual machine environment. Before you begin the lab, you must
o Domain: Adatum
5. Start 20334B-LON-SQL1. Sign in as Adatum\Administrator with the password Pa$$w0rd.
6. Start 20334B-LON-SFB1 and 20334B-LON-SFB2 at the same time.

7. Sign in to 20334B-LON-SFB1 and 20334B-LON-SFB2 as Adatum\Administrator with the password
Pa$$w0rd.
8. Start 20334B-LON-CL1 and 20334B-LON-CL2.
9. Sign in to 20334B-LON-CL1 as Adatum\Administrator with the password Pa$$w0rd.
10. Do not sign in to 20334B-LON-CL2 until directed to do so.
11. Start 20334B-LON-RTR and 20334B-LON-EX1. Do not sign in to these virtual machines.
If you do not start the Front End Servers at the same time, a loss of quorum might mean that the pool fails
to start. You will know this has happened if the Skype for Business Server Front-End Service fails to start. If
the failure occurs, run the following command:
Reset -CsPoolRegistrarState -ResetType QuorumLossRecovery -PoolFQDN pool.adatum.com.
Then restart LON-SFB1 and LON-SFB2 at the same time.
Exercise 1: Installing the Skype for Business Administrative Tools on a

Windows 10 Client
Scenario
A. Datum wants to ensure that the administrative tools for Skype for Business are installed on all the
workstations that Skype for Business administrators will use. In this exercise, you must install the
administrative tools on the LON-CL1 computer.
The main task for this exercise is as follows:
1. Install the Skype for Business administrative tools on a workstation.
 Task 1: Install the Skype for Business administrative tools on a workstation

1. In Hyper-V Manager, attach the Skype for Business installation ISO file to the 20334B-LON-CL1
virtual machine. The ISO is located at C:\Program Files\Microsoft Learning\20334\Drives
\SfB-E-9319.0-enUS.ISO.
2. On LON-CL1, open File Explorer, right-click the DVD drive, and then click Install or run program
from your media.
3. In the Skype for Business Server install window that appears, select Don’t check for updates right
now, and then click Install.
4. Select I accept the terms in the license agreement, and then click OK.
5. In the Welcome to Skype for Business Server 2015 deployment window, select Install Administrative
Tools.
Results: After completing this exercise, you will have installed the administrative tools for Skype for
Business on LON-CL1.
Exercise 2: Using Skype for Business Server Control Panel

Scenario
One of the managers at A. Datum, Carol Troup, wants to use Skype for Business to communicate with
other internal users. Additionally, A. Datum wants to ensure that all the members of the information
technology (IT) organizational unit (OU) are enabled for Skype for Business. In this exercise, you will
enable Carol Troup and all the members of the IT OU to use Skype for Business.
1. Enable a user for Skype for Business.
2. Enable all the members of an OU for Skype for Business.

 Task 1: Enable a user for Skype for Business

1. On LON-CL1, open Skype for Business Server Control Panel.
2. In the Windows Security dialog box, type Administrator as the user name and Pa$$w0rd as the
password.
3. From the Users page, assign and enable the default SIP address for Carol Troup. Assign the user to
pool.adatum.com.
 Task 2: Enable all the members of an OU for Skype for Business

• Enable all users that belong to the IT Department. Assign the users to pool.adatum.com.
Results: After completing this exercise, you will have enabled Carol Troup and all the members of the
information technology (IT) organizational unit (OU) to use Skype for Business.
Exercise 3: Using the Skype for Business Server Management Shell

Scenario
A. Datum now wants all the members of the Managers security group to have access to Skype for
Business. Your task is to enable the members of the Managers security group for Skype for Business. You
will use the Skype for Business Server Management Shell to accomplish this task.
1. Validate group members.
2. Enable users for Skype for Business.

3. Validate the configuration.
 Task 1: Validate group members

• On LON-DC1, open Active Directory Users and Computers, and verify that Aidan Delaney and Bill
Malone are the members of the Managers security group.
 Task 2: Enable users for Skype for Business

1. On LON-CL1, open the Skype for Business Server Management Shell.
2. In the Skype for Business Server Management Shell, type the following command, and then press
Enter:
$rootDN = ([adsi]"").distinguishedName
Enter:
$sipDomain = “adatum.com”
Enter:
$csPool = 'pool.adatum.com'
Enter:
$group = [adsi]("LDAP://cn=Managers, ou=Managers,"+$rootDN)
Enter:
$users = $group.member
Enter:
foreach ($user in $users){Enable-CsUser -Identity $user -RegistrarPool $csPool -

SipAddressType SAMAccountName -SipDomain $sipDomain;}
 Task 3: Validate the configuration

1. Use the Skype for Business Server 2015 Control Panel, and from the Users page, verify that you have
enabled Aidan Delaney and Bill Malone for Skype for Business.
2. Close the Skype for Business Server 2015 Control Panel and sign out of LON-CL1.
Results: After completing this exercise, you will have enabled all the users in the Managers security group
for Skype for Business.
Question: Northwind Traders has a large Skype for Business deployment with three pools in their
headquarters in Chicago. This year, Northwind Traders will add two dozen new Skype for
Business users per week. You will assign the new users to their pools based on their departments.
As the administrator responsible for enabling these users, what is the best method you can use
for accomplishing the task?
Question: Adventure Works Cycles has a small deployment of Skype for Business Server with a
single pool and plans to add no more than 20 users to Skype for Business over the next year. As
the administrator responsible for enabling these users, what is the best method you can use for
accomplishing the task?
Lesson 3
Implementing Role-Based Access Control
To enable you to delegate administrative tasks while maintaining high standards for security, Skype for
Business Server offers RBAC. With RBAC, you can grant administrative privileges to users by assigning
administrative roles to them. Skype for Business Server includes a rich set of built-in administrative roles.
You can also create new roles and specify a custom list of cmdlets for each new role. Additionally, you can
add scripts of cmdlets to the allowed tasks of both predefined and custom RBAC roles.
Lesson Objectives
• Explain the RBAC structure in Skype for Business Server.
• Identify the predefined RBAC roles in Skype for Business.
• Explain how to create an RBAC role.

• Explain the methods for configuring RBAC scope.
• Explain the purpose of the RTC administrative groups.
The RBAC Structure in Skype for Business Server

Like most Microsoft application services, Skype
for Business applies the principles of RBAC to
its administrative model. Each delegated
administrator is permitted to perform specific tasks.
These tasks are based on the cmdlets the role
holder is allowed to run. Because each action in
Skype for Business Server Control Panel essentially
involves running Skype for Business Server
Management Shell commands in the background,
RBAC also controls actions in Skype for Business
Server Control Panel.
With RBAC, a user’s Skype for Business Server role
determines his or her access and authorization. This enables the use of the security practice of least
privilege, where administrators and users are granted only the rights that they require for their jobs.
RBAC restrictions work only on administrators who are working remotely and using either Skype for
Business Server Control Panel or Skype for Business Server Management Shell. RBAC does not restrict a
user sitting at a server running Skype for Business Server. Therefore, physical security of your Skype for
Business Server deployment is important to preserve RBAC restrictions.
In RBAC, you enable a role to use a list of cmdlets that are designed to be useful for a certain type of
administrator or technician. A scope is the set of objects on which the cmdlets defined in a role can
operate. The objects that a scope affects can be either user accounts (grouped by organizational unit) or
servers (grouped by site).
All predefined roles shipped in Skype for Business Server have a global scope, which you cannot modify.
To follow least privilege practices, you should not assign users to roles with global scope if they are going
to administer only a limited set of servers or users. To follow least privilege practices, you can create roles
that are based on an existing role, but with a more limited scope.
You can configure each of the RBAC roles by using the CSAdminRole noun in the Skype for Business
Server Management Shell. There are two limitations of the CSAdminRole cmdlet:
• All CSAdminRoles are based on the available templates. For example, you can use the
CsServerAdministrator role as a template to create a new role.
• Every CSAdminRole must be based on only one template. When you create a new role, you can use
only one template or default role.
Templates include config and user scopes. A config scope defines a portion of the topology that you can
delegate, such as a site. The user scope limits a role to a particular collection of users, such as members of
a particular organizational unit.
Predefined Roles
There are 11 predefined RBAC roles in Skype for
Business. Each has a global scope; you create a
custom role if you require a more limited scope of
management. The following are the built-in roles:
• CsAdministrator can perform all the

administrative tasks and modify all settings,
including creating roles and assigning users to
roles. This role can expand a deployment by
adding new sites, pools, and services.
• CsUserAdministrator can enable and disable
users for Skype for Business Server, move users,
and assign existing policies to users. This role
cannot modify policies.
• CsVoiceAdministrator can create, configure, and manage voice-related settings and policies.
• CsServerAdministrator can manage, monitor, and troubleshoot servers and services. It can prevent
new connections to servers, stop and start services, and apply software updates. However, it cannot
make changes with global configuration impact.
• CsViewOnlyAdministrator can view the deployment, including user and server information, to monitor
deployment health.
• CsHelpDesk can view the deployment, including users’ properties and policies. It can run specific
troubleshooting tasks. However, it cannot change user properties or policies, server configuration, or
services.
• CsArchivingAdministrator can modify archiving configuration and policies.
• CsResponseGroupAdministrator can manage the configuration of the Response Group application

within a site.
• CsResponseGroupManager can manage specific response groups.
• CsLocationAdministrator can manage Enhanced 9-1-1 (E9-1-1), including creating locations and
network identifiers, and associating these with each other.
• CsPersistentChatAdminstrator can manage the Persistent Chat feature and specific Persistent Chat
rooms.
In addition to the RBAC roles, there are security groups that are available to administer the Skype for
Business Server infrastructure. Each security group has an RTC prefix. The most prominent security group
is RTCUniversalServerAdmins, which has full control of the Skype for Business Server infrastructure.
Creating New RBAC Roles

The first step in creating a new RBAC role involves
the creation of a universal security group in AD DS.
The default security groups for Skype for Business
Server are located in the Users container. You must
create the security groups for the new roles in the
same container. To ensure consistency, you should
follow the same naming convention as the existing
roles.
After you create the security group, you must

perform the following steps to create a new role:
1. Select an existing role as a template for the

role.
2. Add or remove cmdlets or scripts based on what the role holder can run.
3. Define the scope that you will assign to that role.
To create a role that has access to a set of cmdlets that are not in one of the predefined roles or to a set
of scripts or modules, you can start by using one of the predefined roles as a template. Note that you
must store the scripts and modules that roles can run in the following locations:
• The Skype for Business module path, which is, by default, C:\Program Files\Common Files
\Microsoft Skype for Business Server 2015\Modules\Skype for Business.
• The user script path, which is, by default, C:\Program Files\Common Files\Microsoft Skype for Business
Server 2015\AdminScripts.
To create a new role, you use the New-CsAdminRole cmdlet. Before running New-CsAdminRole, you
must create the underlying security group that will be associated with this role.
The following cmdlets serve as an example for creating a new role. They create a new role type called
MyHelpDeskScriptRole. The new role has the abilities of the predefined CsHelpDesk role and can run the
functions in a script named testscript. For this cmdlet to work, you must first create the security group,
MyHelpDeskScriptRole, and then run the following script:
New-CsAdminRole -Identity "MyHelpDeskScriptRole" -Template CsHelpDesk -ScriptModules

@{Add="testScript.ps1"}
After this cmdlet runs, you can assign users to this role by placing them in the security group (in which
case they have the global scope), or you can create a scoped role based on this role.
RBAC Scope
Large organizations divide administrative functions
by location or functional team. You
can use scope to support those delineations.
There are two types of scope configuration:
• The user scope, which enables you to define

the set of users that can be modified, based on
organizational unit membership. These
permissions are transitive, so sub-users in
sub-OUs can be modified.
For example:
Set-CsAdminRole -Identity
"LondonHelpDesk" -UserScopes @{Remove="OU:ou=New York,dc=adatum,dc=com"}
• The config scope, which enables you to define a Skype for Business site for which an administrator
can manage servers and policies.
For example:
Set-CsAdminRole -Identity "LondonHelpDesk" -ConfigScopes @{Add="site:London"}
The RTC Groups

The RBAC structure applies only for administrators
who are working remotely. However, you can assign
control to an administrator working locally on a
Skype for Business Server 2015 server by using the
RTC groups that are created in AD DS during the
forest preparation stage of the installation.
There are three categories of RTC groups:
• Administrative
o RTCUniversalServerAdmins
o RTCUniversalUserAdmins
o RTCUniversalReadOnlyAdmins
• Infrastructure
o RTCUniversalGlobalWriteGroup
o RTCUniversalGlobalReadOnlyGroup
o RTCUniversalUserReadOnlyGroup
o RTCUniversalServerReadOnlyGroup
o RTCUniversalSBATechnicians
• Service
o RTCHSUniversalServices
o RTCComponentUniversalServices
o RTCProxyUniversalServices
o RTCUniversalConfigReplicator
o RTCSBAUniversalServices
Each of the RTC groups has access control entries on appropriate containers in the infrastructure
permitting its members to perform administrative functions.
Changes made by forest preparation in Skype for Business Server

http://aka.ms/jjhc5f
Demonstration: Creating a New RBAC Role

In this demonstration, you will learn how to create a new RBAC role with a limited scope.
Demonstration Steps
1. In Active Directory Users and Computers, create a universal security group named
CsLondonHelpDesk in the Users container.
2. Add Brad Sutton to the CsLondonHelpDesk group.
3. In the Skype for Business Server Management Shell, create a new RBAC role by using the CsHelpDesk
role as a template. Define a config scope that limits the control to the London site.
4. Confirm that Brad Sutton is assigned the CsLondonHelpDesk role.
Test Your Knowledge

Question
What roles are capable of disabling a Skype for Business user?
CSHelpDesk
CsServerAdministrator
CsAdministrator
CsUserAdministrator
Lesson 4
Using Test Cmdlets
The Test cmdlets run synthetic transactions against Skype for Business clients and servers to obtain a
snapshot view of the overall health of the infrastructure. You can use these cmdlets with existing accounts
or accounts created for testing proposes.
Lesson Objectives
• Explain the purpose of the Test cmdlets.
• Explain how to use the Test cmdlets.
Test Cmdlets Overview

The ability to discover the root cause of a
problem with Skype for Business often requires
reproduction and isolation of the offending issue.
The Test cmdlets will assist in identifying the
potential issues.
To enable you to recreate a problem, Skype

for Business provides 75 Test cmdlets that
perform synthetic transactions that emulate
the connections between Skype for Business
components. By using these cmdlets, you can
evaluate and test most workloads in Skype for
Business. You can view the available Test cmdlets by
running Get-Command Test*.
The transactions that the Test cmdlets perform are in the context of a user. The users that the cmdlet will
utilize can be actual Skype for Business users or test users that you can create and enable in advance. You
can set up the test user accounts by using the New-CsHealthMonitoringConfiguration cmdlet. The
following example shows how to create two test user accounts:
New-CsHealthMonitoringConfiguration –Identity lonlool.adatum.com –FirstTestUserSipUri

“sip:test1@adatum.com” –SecondTestUserSipUri “sip:test2@adatum.com”
Commonly Used Test Cmdlets

With the large number of available Test cmdlets, an
administrator can simulate most Skype for Business
user and server activities. The following are some
useful user Test cmdlets:
• Test-CsRegistration simulates sign-in. You

might employ this for a specific user as follows:
$cred1 = Get-Credential "adatum\Ed"

Test-CsRegistration -TargetFqdn
pool.adatum.com -UserCredential $cred1 -
UserSipAddress “sip:ed@adatum.com”
• Test-CsPresence tests sign-in, in addition to

publication and retrieval of information. With a configured test user, the following is sufficient to run
this cmdlet:
Test-Presence –TargetFqdn pool.adatum.com
• Test-CsClientAuthentication validates that the certificate authentication process is working for a

particular user.
• Test-CsGroupIM determines whether two users are capable of conducting an instant messaging (IM)
conference.
• Test-CsIM tests the ability of two users to engage in an IM session.
There are several Test cmdlets that are server-oriented, including the following:
• Test-CsTopology verifies that the topology is properly configured and performing as expected.
• Test-CsSetupPermission confirms that appropriate permissions are given for installation.
• Test-CSCertificateConfiguration confirms proper deployment of certificates on a server.

For a full listing of the cmdlets and their explanation, go to the following link:
Skype for Business Server cmdlets index

http://aka.ms/klsk33
Demonstration: Using Test Cmdlets

In this demonstration, you will learn how to create test users and run a Test cmdlet. In this demonstration,
existing user accounts are used as test accounts. In the production environment, you will likely use
specifically built test accounts for testing.
Demonstration Steps
2. Type New-CsHealthMonitoringConfiguration Identity pool.adatum.com -FirstTestUserSipUri

"sip:don@adatum.com" -SecondTestUserSipUri sip:holly@adatum.com, and then press Enter.
3. Type Test-CsIM –TargetFqdn pool.adatum.com, and then press Enter.
4. Examine the output.

Statement Answer
It is necessary to set up test accounts prior to running a Test cmdlet.

Lesson 5
Tools for Troubleshooting Skype for Business
Like most complex server installations, Skype for Business will not always perform optimally. You can use a
number of tools to troubleshoot issues in the Skype for Business deployment. In this lesson, you will learn
about these tools, which you will continue to use throughout the remaining modules.
Lesson Objectives
• Identify the purpose of local logs that are maintained on the Skype for Business clients.
• Explain how to use the Snooper log parsing tool.

• Explain how the Centralized Logging Service works.
• Explain the purpose of Remote Connectivity Analyzer.
• Explain the purpose of Microsoft Message Analyzer.
Local Logs
The primary local log in Skype for Business is the
UccApilog. You can find this log in the user profile
of the person who signed in to the computer, not
necessarily the Skype for Business user. The default
location of this log is C:\Users\username\AppData
\Local\Microsoft\Office\15.0\Lync\Tracing
\Lync-UccApi-#.UccApilog.
The logs have a maximum size of 50 megabytes

(MB). When a log meets the threshold, a new log is
created. The log numbering begins with 0.
The default logging level is Full, which captures all

the messages and traces. Although Light logging
and the Off setting are available, you can greatly improve diagnostic evaluation with Full logging
enabled.
In addition to the information that is logged in UccApilog, you can also track and view the Skype for
Business Windows events in the local Event Viewer. By default, the local Skype for Business events are not
logged. You can activate the logging settings locally by performing the following steps:
1. In the Skype for Business client, on the Tools menu, click Options.
2. In the Skype for Business Options dialog box, select Also collect troubleshooting info using
Windows Event logging.
After activating, you can view the events under the Windows\Applications node of the Event Viewer.
Snooper
Snooper is a tool for parsing the Skype for Business
logs. You can use Snooper for local logs or server
logs. The Messages tab in Snooper is where you do
most of your diagnostic work.
You can use the Snooper tool to view SIP and

Centralized Conference Control Protocol (CCCP)
logs that a Skype for Business Server 2015 server
and a Skype for Business client generate. Snooper
loads the supplied log file and displays the
messages that it contains. You can highlight the
messages and group them with related messages.
Messages with the classification Error or Warning
are automatically highlighted in red.
Centralized Logging Service

Prior to the introduction of the Centralized Logging
Service in Lync Server 2013, all server logging was
performed locally on each server.
This made troubleshooting in a distributed
environment complicated and time consuming.
With Centralized Logging Service logging, you have
preconstructed scenarios that select the appropriate
logging settings. You can target these scenarios to
as many servers as needed to diagnose an issue.
Centralized Logging Service provides a means for
controlled collection of data, with a broad or
narrow scope. You can collect data from all servers
in the deployment concurrently, define specific elements to trace, set trace flags, and return search results
from a single computer or an aggregation of all data from all servers. Centralized Logging Service runs on
all servers in your deployment. The Centralized Logging Service architecture includes the Centralized
Logging Service agent and the Centralized Logging Service controller.
The Centralized Logging Service agent

ClsAgent.exe is the service executable that communicates with the controller and receives the commands
of the controller that the administrator issued. The agent runs as a service on each Skype for Business
Server computer. When the agent receives a command, it executes the command, sends messages to the
defined components for tracing, and then writes the trace logs to the disk. It also reads the trace logs for
its computer and sends the trace data back to the controller when requested. The ClsAgent listens for
commands on the following ports: TCP 50001, TCP 50002, and TCP 50003.
The Centralized Logging Service controller

ClsControllerLib.dll is the command execution engine for the Skype for Business Server Management Shell
and for ClsController.exe. CLSControllerLib.dll sends Start, Stop, Flush, and Search commands to the
ClsAgent. When CLSControllerLib.dll sends Search commands, the resulting logs are returned to the
ClsControllerLib.dll and aggregated. The controller is responsible for sending commands to the agent,
receiving the status of those commands, managing the search log file data as it is returned from all the
agents on any computer in the search scope, and aggregating the log data into a meaningful and ordered
output set.
Remote Connectivity Analyzer

Microsoft Remote Connectivity Analyzer is an online
suite of tools that assess the remote access
capabilities of the Skype for Business infrastructure.
Although the tools retain the Lync Server name,
they all work well with Skype for Business Server. In
addition to assisting you in the analysis of the Skype
for Business and Lync infrastructure, Remote
Connectivity Analyzer also provides you with tests
for Microsoft Exchange Server.
To access the tests on the Remote Connectivity

Analyzer site, the URL is
https://testconnectivity.microsoft.com. The primary
tests are the Lync Server Remote Connectivity Test and the Lync Autodiscover Web Service Remote
Connectivity Test. The former evaluates the ability to connect to the on-premises Skype for Business
environment. The Autodiscover test essentially confirms that the DNS configuration supports the
connectivity to the Windows Store for Windows Phone clients.
The Remote Connectivity Analyzer site is organized by a series of five tabs across the top of the webpage.
On the Client tab, there is a link to download the Microsoft Lync Connectivity Analyzer Tool, which
verifies if the external DNS records permit access to the Windows Store.
Message Analyzer
Skype for Business is ultimately dependent on the
health of the networks on which it runs. Therefore,
you must examine the network when you
troubleshoot problems in the Skype for Business
infrastructure. For example, you might want to
examine if the Quality of Service (QoS) settings are
being properly applied. Message Analyzer is the
next generation tool for capturing, displaying, and
interpreting protocol messaging traffic. This tool
helps in diagnosing network issues. Message
Analyzer has a robust set of features that make it
more effective than its predecessor, Microsoft
Network Monitor.
To gain the highest level of insight into your Skype for Business environment, you must download and
install the Custom Real-Time Transport Protocol (RTP) configuration file for the Lync and Skype codecs.
You can find this file at the following website:
Microsoft Message Analyser Custom RTP config file for Lync and Skype Codecs
http://aka.ms/nsh115
The following is the process for installing the new RTP.opn file:
1. Close Message Analyzer.
2. Go to C:\Program Files\Microsoft Message Analyzer\OPNAndConfiguration\OPNs\Public, and

then locate and replace the old RTP.opn file with the newly downloaded version.
3. Delete the C:\Program Files\Microsoft Message Analyzer\ folder and its subfolders.
4. Restart Message Analyzer.
The new configuration file shows all the Skype for Business and Skype codecs.
You can start a Message Analyzer session by clicking New Session on the toolbar at the top of the
Message Analyzer interface. You can then enter a name for the session, specify a data source, and then
specify the starting search type and a parsing level.
Typically, you run a live trace, add a provider, and then save your configuration. While the live trace runs,
all messages appear in the central work area. You can click a message to view its details. After you have
captured sufficient data, you can stop the trace. Then you can perform further filtering and grouping of
the messages.
Demonstration: Using the Skype for Business Troubleshooting Tools

In this demonstration, you will learn how to use some of the Skype for Business troubleshooting tools.
Demonstration Steps
1. On LON-SFB1, confirm that CLSLogging is not running by typing Get-CsCLSConfiguration in the
Skype for Business Server Management Shell.
2. Start the AlwaysOn scenario for pool.adatum.com.
3. Start a Meet Now meeting between Ed on LON-CL1 and Amr on LON-CL2.
4. Flush the logs.
5. Search the logs.
6. Stop the AlwaysOn scenario.
7. Review the collected messages in Snooper.

Test Your Knowledge

Question
Which Microsoft tool should you use to perform protocol tracing?
Centralized Logging Service
Snooper
Message Analyzer
Remote Connectivity Analyzer

Lab B: Using the Skype for Business Troubleshooting Tools

Scenario
A. Datum wants to ensure that all Skype for Business administrators understand the tools that they will
use to troubleshoot their environment. As the administrator at A. Datum, you will examine these tools in
this lab.
Objectives
• Use Skype for Business Server Management Shell cmdlets to create an RBAC structure.
• Run Skype for Business Test cmdlets.
• Capture an IM conversation and review the logs.
• Examine Centralized Logging Service logs and network capture.
Lab Setup
Virtual Machines: 20334B-LON-DC1, 20334B-LON-SFB1, 20334B-LON-SFB2, 20334B-LON-SQL1,
20334B-LON-CL1, 20334B-LON-RTR, 20334B-LON-EX1
User Name: Adatum\Administrator

Password: Pa$$w0rd
For 20334B-LON-CL2:
User Name: Adatum\Amr
Password: Pa$$w0rd
For this lab, you will use the available virtual machine environment. In the event that you shut down the
virtual machines at the end of Lab A, before you begin the lab, you must complete the following steps:
3. In the Actions pane, click Connect. Wait until the virtual machines starts.
o Domain: Adatum

Pa$$w0rd.
8. Start 20334B-LON-CL1 and 20334B-LON-CL2.
9. Sign in to 20334B-LON-CL1 as Ed with the password Pa$$w0rd.

10. Sign in to 20334B-LON-CL2 as Amr with the password Pa$$w0rd.
If you do not start the Front End Servers at the same time, a loss of quorum might mean that the pool fails
to start. You will know this has happened if the Skype for Business Server Front-End Service fails to start. If
the failure occurs, run the following command:
Reset -CsPoolRegistrarState -ResetType QuorumLossRecovery -PoolFQDN pool.adatum.com.
Then restart LON-SFB1 and LON-SFB2 at the same time.
Exercise 1: Using Skype for Business Server Management Shell Cmdlets to

Create an RBAC Structure
Scenario
A. Datum wants the members of the Managers organizational unit to be able to control the user accounts
for the members of their group. A member of the IT department, Ed Meadows, has the task of creating
the administrative assignment. A. Datum has informed the members of the IT group that they should not
use the built-in administrator account to manage Skype for Business. You must now use the Skype for
Business Server Management Shell to create an administrative structure to support A. Datum’s
requirements.
1. Validate user rights.
2. Grant administrative rights to a specific user.

3. Validate that RBAC is applied and create a new role.
4. Add group members to the RBAC role.
 Task 1: Validate user rights

1. On LON-CL1, click the Start button, click All apps, and then click Microsoft Edge.
2. In the browser window type http://lon-sfb1.adatum.com/cscp.
3. Confirm that the access is denied. You should see an Access is denied message.
4. Sign out of LON-CL1.
 Task 2: Grant administrative rights to a specific user

1. On LON-DC1, open Active Directory Users and Computers, and then add Ed Meadows to the
CSAdministrator universal group.
2. Create a new universal security group in the Users container and name the group
CSManagersUserAdmin.
 Task 3: Validate that RBAC is applied and create a new role

2. Sign in to LON-CL1 as Adatum\Administrator with the password Pa$$w0rd.
3. Click the Start button, click All apps, and then click Skype for Business Server Management Shell.
4. At the command prompt, type Get-CsAdminRoleAssignment –Identity “Ed”, and then press Enter.
5. Confirm that Amr has the CSAdministrator role.
6. At the command prompt, type New-CsAdminRole -Identity "CsManagersUserAdmin" -Template

"CsUserAdministrator" -UserScopes "OU:OU=Managers,DC=Adatum,DC=com", and then press
Enter.
 Task 4: Add group members to the RBAC role

1. On LON-DC1, in Active Directory Users and Computers, click Users.
2. In the details pane, double-click CSManagersUserAdmin, and then click Members.
3. Click Add.
4. Type Managers, and then click OK.
5. Click OK to close the properties box.
7. In the Skype for Business Server Management Shell, confirm that Ed Meadows is assigned the
CsManagersUserAdmin role by typing Get-CsAdminRoleAssignment –Identity “Ed” at the
command prompt.
Results: After completing this exercise, you will have assigned Ed Meadows the CSAdministrator role. You
will also have assigned the members of the Managers organizational unit the CSUserAdministrator role
that is scoped to their OU.
Exercise 2: Using the Centralized Logging Service

Scenario
After using the Skype for Business Server Management Shell, you want to see how the Centralized
Logging Service works. To do so, you plan to use two built-in centralized logging scenarios, AlwaysOn
and AudioVideoConferencing. After using the scenarios, you want to use Snooper to examine the logs
that are generated.
1. Start centralized logging scenarios.
2. Simulate Skype for Business transactions between clients.
3. Search the log generated by the Centralized Logging Service.
4. Use Snooper.
 Task 1: Start centralized logging scenarios

1. Sign out of LON-SFB1.
3. Open the Skype for Business Server Management Shell, type the following command, and then press
Enter:
Get-CsClsConfiguration
4. Start a logging scenario with the Centralized Logging Service by typing the following command, and
then pressing Enter:
Start-CsClsLogging -Scenario AlwaysOn –Pools pool.adatum.com
5. Start a second logging scenario (AudioVideoConferencingIssue) with the Centralized Logging

Service by typing the following command, and then pressing Enter:
Start-CsClsLogging -Scenario AudioVideoConferencingIssue –Pools pool.adatum.com
 Task 2: Simulate Skype for Business transactions between clients

1. On LON-CL1, sign in as adatum\ed, and then open Skype for Business.
2. On LON-CL2, sign in as adatum\amr, and then open Skype for Business.
3. On LON-CL1, in the Skype for Business window, click the drop-down arrow next to the settings icon,
and then click Meet Now.
4. If a Join Meeting Audio dialog box appears, select Use Skype for Business and Don’t show this
again, and then click OK.
5. In the new conversation window, click the People icon, and then click Invite More People.
6. In the Send an IM dialog box, type Amr. Select Amr Zaki, and then click OK.
7. Type a message to Amr and then press Enter.
8. On LON-CL2, click the Ed Meadows notification that appears on the screen.
9. Type a message back to Ed Meadows.
10. Click Close to end the session.
 Task 3: Search the log generated by the Centralized Logging Service

1. On LON-SFB1, on the taskbar, click Skype for Business Server Management Shell, flush the data
cache by typing the following command, and then pressing Enter:
Sync-CsClsLogging
2. Execute a search against the currently running logging scenario and output the results to a file by
executing the following command and pressing Enter:
Search-CsClsLogging –OutputFilePath “c:\Labfiles\SearchResult.txt”
3. Stop the AudioVideoConferencingIssue logging scenario by entering the following command and
pressing Enter:
Stop-CsClsLogging -Scenario AudioVideoConferencingIssue –pools pool

 Task 4: Use Snooper

1. Open File Explorer, go to C:\Program Files\Skype for Business Server 2015\Debugging Tools\,
and then double-click Snooper.exe.
2. In Snooper, on the File menu, click Open File.
3. Go to C:\Labfiles and select SearchResult.txt. Click Open.
4. Click the Messages tab, and then observe the collected data.
5. Close Snooper.
Results: After completing this exercise, you will have captured the messages that are transmitted in an ad
hoc meeting by using the Centralized Logging Service.
Exercise 3: Performing a Network Capture by Using Message Analyzer

Scenario
Now you want to use Message Analyzer to perform a network capture and then examine the results.
1. Start a capture on Message Analyzer.
2. Start a conference session.

3. Examine the results.
 Task 1: Start a capture on Message Analyzer

1. On LON-CL1, type Message Analyzer in the search box, right-click Microsoft Message Analyzer,
click Run as administrator, and then click Yes to start Microsoft Message Analyzer.
2. Click Do not update items, click No, I do not want to participate, and then click OK.
3. Click New Session.
4. In the Add Data Source list, select Live Trace.
5. Under Trace Scenario, select Local Network Interfaces.
6. On the Session1 tab, click Start.
7. In the View Filter box, type TLS, and then click Apply.
 Task 2: Start a conference session

1. Start a meeting between Amr and Ed.
2. Use the AlwaysOn scenario for the Centralized Logging Service.

3. Stop the scenario and send the output to a file.
4. View the messages and traces.

 Task 3: Examine the results

1. View and analyze traffic on the Message Analyzer on LON-CL1.
2. On LON-CL1, in the results pane, notice the Transport Layer Security (TLS) traffic that is being
generated.
3. Review several of the TLS packets to see the traffic exchanged between the Skype for Business server
and the client.
4. Stop the network capture and close Microsoft Message Analyzer.

steps:
Results: After completing this exercise, you will have examined a network capture.
Question: A. Datum wants to ensure that message logs are maintained at all times without
generating a substantial amount of data. What CLSLogging scenario should you apply?
Question: When attempting to enable a member of the Domain Admins group by using Skype
for Business Server Control Panel, Amr Zaki received an error message. What is he doing wrong?

Best Practice
Troubleshooting Basics
When troubleshooting, define the issue by using the following guidelines:
• Use open-ended questions to gather information and increase understanding:
o Can you tell me more about your problem?
o Could you help me understand your issue?
o What have you tried?
• Ask questions to clarify the problem, rather than make assumptions:
o What do you mean when you say that the Skype for Business client is slow?
o Can you show me how it is slow?
o What do you mean when you say it does not work?
• Ask core questions to narrow the problem:
o When did the problem start?
o Has this ever worked before?
o Does the problem produce any error message? If so, what is the exact message?
o How often does the problem occur?
o What might have changed before the problem started?
o What was the last change in the environment, and when did it occur?
Next, establish the scope of the problem. Is it related to a single user, multiple users, a single location, or is
it an enterprise-wide issue or outage? The larger the scope, the higher the priority becomes in resolving
the problem.
The most common problems that you will encounter with a Skype for Business Server deployment will
involve the network infrastructure. To investigate network issues, you can perform standard network tests
by using Ping, Telnet, NSLookup, and Internet Explorer.

Unable to stop Centralized Logging

Service logging

When Skype for Business users are unable to access the registration servers, your initial concern must
involve name resolution. The Skype for Business client uses automatic discovery of the Skype for Business
pool by querying its DNS server for the appropriate DNS records.
Running IPCONFIG/DisplayDNS will show the current client DNS resolver cache on the local computer.
You can follow this with queries to the lyncdiscover.domainname record. As a last resort, you should
examine the DNS Service Location records, which the client will use if the Autodiscover records are not
available.
Review Questions
Question: Which Skype for Business Server cmdlets can you use to verify service activation
and group permissions for your installation of Skype for Business Server?
Question: For Centralized Logging Service to work, the controller must be able to contact
each Skype for Business Server Centralized Logging Service agent. Which ports must you
open inbound on every Skype for Business Server 2015 server, including the Skype for
Business Edge Server?
4-1
Module 4
Configuring Users and Clients in Skype for Business 2015
Contents:
Module Overview 4-1
Lesson 1: Configuring Users 4-2
Lesson 2: Deploying the Skype for Business Client 4-6
Lesson 3: Registration, Sign-In, and Authentication 4-9
Lab A: Configuring Users and Clients in Skype for Business 2015 4-15
Lesson 4: Configuring Skype for Business Client Policies 4-19

Lesson 5: Managing the Skype for Business Address Book 4-25
Lab B: Configuring Policies and the Address Book in Skype for Business Server 4-28
Module Overview
Effectively managing a Skype for Business infrastructure requires that you understand how to enable users
and control what they can do when they connect to Skype for Business Server. Additionally, it is important
that you understand how users connect to Skype for Business Server so that you can troubleshoot issues
when they occur.
In this module, you will learn how to manage users and clients in a Skype for Business environment.
Additionally, you will examine the user configuration by using Skype for Business Server Control Panel and
the Skype for Business Server Management Shell. You will also see how to deploy the Skype for Business
client.
Objectives
 Configure users by using Skype for Business Server Control Panel and the Skype for Business Server
Management Shell.
 Deploy Skype for Business clients.
 Explain the registration, sign-in, and authentication process for Skype for Business clients.
 Configure in-band policies, Group Policies, and presence policies.
 Describe how to manage the Skype for Business Address Book.

4-2 Configuring Users and Clients in Skype for Business 2015
Lesson 1
Configuring Users
While configuring users, it is important that you understand how to assign users to an appropriate pool,
to designate how their Session Initiation Protocol (SIP) address will be created, how to control their
audio/video and telephony capabilities, and how to set policies for access to Skype for Business features.
Lesson Objectives
 Describe how to configure users by using Skype for Business Server Control Panel.
 Describe how to configure users by using the Skype for Business Server Management Shell.
Configuring Users by Using Skype for Business Server Control Panel

Skype for Business Server Control Panel provides a
relatively easy method for configuring users.
Skype for Business Control Panel is Microsoft
Silverlight–based. To expose all the enabled
users (up to the display limit) by using Skype for
Business Server Control Panel, click Find, select a
user, click Edit, and then click Show details to
view and edit the users’ attributes. Some of the
attributes that you can configure for a user are:
 Display name
 SIP address
 Registrar pool
 Telephony (PC-to-PC, audio/video disabled, remote call control, Enterprise Voice, or remote call
control only)
 LineURI
Additionally, the client policies that establish Skype for Business user capabilities can be assigned to each
user by selecting policies from its own drop-down menu. A full discussion of client policies will follow later
in this module.
As with all Silverlight-based consoles, you must commit all changes that you make to the attributes or
they will not apply. However, if you navigate away from any page in Skype for Business Control Panel
without committing your modifications, a warning message will display.
You also can select multiple users on the Users tab in Skype for Business Control Panel. To manage
multiple users, click the Action tab, and then select one of the following options:
 Temporarily disable for Skype for Business Server
 Assign policies
 Lock PIN
 Unlock PIN
 Remove from Skype for Business Server

 Remove user certificate
 Move selected users to pool
 Move all users to pool
Note that the settings on the Action tab are also available for an individual user, which includes
additional functions for viewing PIN status and setting a PIN. You can also use Skype for Business Server
Control Panel to enable users for Skype for Business.
The process for enabling a new user for Skype for Business in Skype for Business Server Control Panel
includes:
 Clicking Enable users on the USER SEARCH page.
 Clicking Add.
 Selecting the users that you wish to enable for Skype for Business on the Select from Active
Directory page.
Configuring Users by Using the Skype for Business Server Management

Shell
With all of the built-in flexibility of Skype for
Business Server Control Panel, using the Skype for
Business Server Management Shell might seem
unnecessary. However, you might want
to script some repetitive tasks to run in an
automated manner. For example, if your
organization wants to apply a particular client
policy to all members of an organizational unit
(OU), you can run a script on a weekly basis to
make that policy assignment. This ensures that the
policy applies even to those users who join the OU
after the initial application of the policy.
You can use the following nouns in the Skype for Business Server Management Shell to configure users:
 CsAdUser
o The Get verb of this cmdlet returns all users in Active Directory Domain Services (AD DS).
Running the Get-CsAdUser cmdlet is generally the first step in enabling users for Skype for
Business.
 CsUser
The CsUser noun takes the following verbs:
o Get returns enabled users for reconfiguration.
o Enable enables a user. It requires the SipAddressType and SipDomain parameters.
o Disable only disables the Skype for Business account for the user.
o Set changes parameters for a user.
o Move changes the registrar pool of a user or group of users.

The following is an example of a command to move all users in the Sales OU to the London pool:
Get-CsUser -OU "ou=Sales,dc=adatum,dc=com" | Move-CsUser -Target “lon-pool.adatum.com”
Demonstration: Configuring Users

In this demonstration, you will learn how to modify user configuration by using Skype for Business Server
Control Panel and the Skype for Business Management Shell. You will learn how to enable a user for
Enterprise Voice in Skype for Business Server Control Panel. Additionally, you will understand the
difference between the Set-CsUser –enable $false command and the Disable-CsUser cmdlet.
Demonstration Steps
1. Open Skype for Business Server Control Panel.
2. Enable the Ed Meadows user for Enterprise Voice.

4. At the command prompt, type the following command, and then press Enter:
Get-CsUser –Identity “Ed Meadows”
Set-CsUser –Identity “Ed Meadows” -Enabled $False
Disable-CsUser –Identity “Ed Meadows”
Enable-CsAdUser –Identity “Ed Meadows” -RegistrarPool pool.adatum.com -SipAddressType

EmailAddress

Check Your Knowledge

Question
A user’s Session Initiation Protocol (SIP) address can include which of the following suffixes?
@OrganizationUnit
The user’s email address
SAMAccountName@sipdomain
The user’s principal name

Lesson 2
Deploying the Skype for Business Client
To use all of the features of Skype for Business, users require a Skype for Business client. In this lesson, you
will learn the various methods for deploying Skype for Business clients to users.
Lesson Objectives
 Describe the options for deploying a Skype for Business client.
 Describe how to deploy the Skype for Business client as an update to Microsoft Lync 2013.
 Describe how to deploy the Skype for Business client by using Click-to-Run for Microsoft Office 365
ProPlus.
Deployment Options for the Skype for Business Client

The Skype for Business 2015 client is the default
client for Skype for Business Server 2015 meetings.
You can deploy the Skype for Business client
through an IT-managed deployment, or you can
allow end users to install it themselves. The
method you choose depends on the size and
security requirements of your organization, the
deployment methods that you already have in
place, and the experience of your users, among
other factors.
Office component
In a departure from previous releases, Microsoft
introduced a different approach to client deployment in Lync 2013. Instead of having a separate installer,
Microsoft included the Lync 2013 client with the Microsoft Office 2013 setup program. To deploy the
Skype for Business client, you can use similar deployment methods and customization tools that you use
for Lync 2013.
The Office 2013 installer is a Windows Installer–based installation package that consists of multiple .msi
files. A language-neutral core Windows Installer package combines with one or more language-specific
packages to create a complete product. The setup program assembles the individual packages and
performs customization and maintenance tasks during and after Office 2013 installation on users'
computers. The topics in this lesson describe how to customize the Office 2013 installer to deploy Lync
2013 and update it to Skype for Business 2015.
Note: The Online Meeting add-in for Skype for Business 2015, which supports meeting
management from within the Microsoft Outlook messaging and collaboration client, installs
automatically with the Skype for Business 2015 update.
If you choose to allow users to install the Skype for Business client, you can deploy it by using a file server
on your network as a software distribution point for the Windows Installer package. You can then send an
email message to users that explains the installation process and provides a link to the distribution point.
Until they install the new client, the old client will remain functional against the new Skype for Business
Server 2015 infrastructure.
Managed deployment
If you plan to perform a managed deployment of Skype for Business Server, you have the following
installation options:
 Microsoft System Center 2012 R2 Configuration Manager. You can use this option for more complex
software-installation scenarios that require scheduling, inventory, reporting, status, and support for an
installation across a wide area network (WAN).
 Group Policy. You can create a Group Policy Object (GPO) to deploy Skype for Business clients to
specific users or computers based on group memberships.
 Windows sign-in scripts. You can use a sign-in script to perform an unattended installation of Skype
for Business when a user signs in to their device. You can use GPOs to target sign-in scripts to specific
devices or users.
Office 365 ProPlus

For organizations that have subscriptions for Office 365 that include the Office 365 ProPlus offering,
deployment of Skype for Business clients might be as simple as instructing users to utilize Click-to-Run
from the Office 365 portal. Alternatively, administrators can control an Office 365 ProPlus deployment by
using the Office Deployment Tool.
Deploy Click-to-Run for Office 365 products by using the Office Deployment Tool
http://aka.ms/mt55xj
Microsoft Office 2016

With the release of Office 2016, a new and essentially identical Skype for Business client is available. Skype
for Business 2016 is included in the Office 2016 installation package.
Deploying the Skype for Business Client by Using Office 2013 and then
Upgrading from Lync 2013
The Lync 2013 client installs as part of an Office
2013 deployment. Organizations that deployed
Lync 2013 and Office 2013 can install the Skype
for Business client by upgrading from Lync 2013.
The upgrade performs through an update
(2889923) that includes the Skype for Business
upgrade package.
For organizations that plan to install Microsoft

Office Professional Plus 2016, the process for
obtaining the Skype for Business client is simple.
The Skype for Business 2016 client is included in
the Office 2016 installer package. The Skype for
Business 2016 client is essentially the same as the Skype for Business 2015 client.
Deploying a Skype for Business Client by Using Click-to-Run

Office 2016 Click-to-Run is an installation
program that streams Office setup files to the user
from the Office 365 portal. Administrators can
customize the installation by using the Office
Deployment Tool for Click-to-Run. Because Office
2016 Click-to-Run is primarily used in
the Office 365 environment, this section does
not describe this installation method in detail.
Detailed information about using and customizing
Click-to-Run installation is available in the Office
Resource Kit documentation. You can also
download the Office 2016 Click-to-Run program
and language source files to an on-premises location, which is useful when you want to minimize network
demands or prevent users from installing software from the Internet because of organizational security
requirements.
Question: Contoso, Ltd. has been using Lync Server 2010 and Lync Server 2013 in two of its three
locations:
 Boston has 5,000 Lync 2010 and Microsoft Office 2010 users.
 Atlanta has 2,000 Lync 2013 and Microsoft Office 2013 users.
 Los Angeles has 500 users who will receive Office 365 accounts, including Microsoft Office
Professional Plus.
Contoso wants to ensure that all of its users receive the Skype for Business user experience. What
are the available deployment options?
Lesson 3
Registration, Sign-In, and Authentication
Sometimes a user will be unable to connect by using the Skype for Business client. In this lesson, you will
learn more about the SIP registration process, and you will examine the SIP messages that registration
generates. With this knowledge, you can troubleshoot a failed sign-in.
Lesson Objectives
 Describe the registration and authentication process.
 Explain how to use SIP for sign-in, registration, and authentication.

 Explain how to use logs and Snooper to identify sign-in issues.
 Describe instant messaging (IM) and presence.
 Explain how to create and configure a client version policy.
 Describe the sign-in process.
The Registration and Authentication Process

Like all of the Microsoft communications
servers before it, Skype for Business uses SIP
to authenticate users who want to connect to
the servers. SIP calls its authentication process
registration.
Registration
The first step in the registration process involves
locating the appropriate registrar pool or server,
for Enterprise Edition or Standard Edition
respectively. Prior to Lync 2013, Domain Name
System (DNS) service (SRV) resource records were
the primary method of locating that pool or
server.
The Skype for Business client uses the Autodiscover service records as the primary source of the registrar
pool or server. The following is a list of the DNS resource records that client registration requires, in the
order that the Skype for Business client queries them to the DNS server.
Autodiscover service records

 lyncdiscoverinternal. organization_name.com. A record for the Autodiscover service for internal
connections directed to internal web services (internal DNS).
 lyncdiscover. organization_name.com. A record for the Autodiscover service for external web services
(external DNS).
Service (SRV) resource records

 _sipinternaltls._tcp. organization_name.com. A service (SRV) resource record for internal Transport
Layer Security (TLS) connections (internal DNS).
 _sipinternal._tcp. organization_name.com. A service (SRV) resource record for internal TCP

connections (internal DNS).
 _sip._tls. organization_name.com. A service (SRV) resource record for external TCP connections
(external DNS).
Host (A) resource records

 sipinternal. organization_name.com. This is a host (A) resource record for the Front End pool (internal
DNS).
 sip. organization_name.com. This is a host (A) resource record for the Front End pool when the client
is on the internal network; host (A) resource records also are for Access Edge Server when the client is
external with no virtual private network (VPN) access (external DNS).
 sipexternal. organization_name.com. This is a host (A) resource record for Access Edge Server when
the client is external with no VPN access (external DNS).
In this sign-in process, the client's first DNS resolution request is sent to lyncdiscoverinternal and
lyncdiscover fully qualified domain names (FQDNs). This means that internal Lync clients could potentially
redirect out to the reverse proxy and get treated like external clients. This is why Autodiscover service
DNS records are a big part of the deployment picture and need to realign to their proper locations. The
lyncdiscoverinternal FQDNs should exist only in the internal DNS and point to internal Front End Servers
or Director servers if you have them in place. You should publish a lyncdiscover DNS host (A) resource
record only in an external DNS and point it to a reverse proxy server. In the event that you have an
internal DNS host (A) resource record for lyncdiscover, it should still point to the external IP address that
resolves to the reverse proxy server, and it should act in the same manner as if it directed to the Front End
Server pool.
Authentication
Skype for Business Server 2015 authentication happens in two steps:
1. A security association establishes between the client and the server.
2. The client and the server use the existing security association to sign messages that they send to
each other and to verify the messages that they receive from each other. A server does not accept
unauthenticated messages from a client when authentication is enabled on the server. The server
checks each message for valid user credentials. If the user credentials are valid, the message is
unchallenged not only by the first server that receives it, but by all other servers in the Front End
Server pool.
Using SIP for Sign-In, Registration, and Authentication

The SIP REGISTER message begins the sign-in
process. The Skype for Business Client sends at
least three REGISTER before the registrar server
sends an SIP OK message and authorization
completes. The REGISTER messages direct to the
SIP address of the user who is attempting to sign
in. DNS queries forward those messages to the
appropriate registrar server.
The goal of the sign-in and authentication process

is to elevate the user who is trying to sign in to
the Skype for Business Server into
a trusted user. A trusted user is one whose
credentials have authenticated through a trusted server (AD DS) by using Skype for Business Server. The
server is a Skype for Business Server Standard Edition server, a Skype for Business Server Enterprise Edition
Front End Server, or a Director.
Authentication is providing user credentials to a trusted server. Skype for Business Server uses the
following authentication protocols, depending on the location of the user:
 NTLM. This challenge and response authentication protocol only requires protocol-layer connectivity
with AD DS. It is for remote sign-in by using the domain user name and password.
 Kerberos version 5 authentication protocol. This is a mutual ticket authentication based on AD DS. It
is the preferred authentication protocol for AD DS, and it requires a connection to AD DS. It enables
single sign-on by passing a Kerberos ticket that a domain controller obtains after Windows sign-in,
and it requires time synchronization between the client and the domain controller. The default
tolerance for the time skew is 5 minutes.
 Transport Layer Security-Derived Session Key (TLS-DSK). This certificate-based authentication

mechanism does not require connectivity to AD DS. It generates a certificate whose validity ranges
from 8 hours to 365 days, the default being 180 days, and it uses the previous Skype for Business
client authentication certificate to obtain a new one.
Using Logs and Snooper to Identify Sign-In Issues

When troubleshooting a user sign-in issue, the
local logs that the Skype for Business client
generates are the best place to begin. The logs are
in the currently signed-in user’s profile folder,
regardless of the Skype for Business user who is
attempting to sign in. Depending on the version
of the Skype for Business client, you can find the
log at %localappdata%\Microsoft\Office\15.0
\Lync\Tracing or %localappdata%\Microsoft
\Office\16.0\Lync\Tracing.
Note: Note that the Lync AppData folder is used regardless of version. Skype for Business
2015 uses the %localappdata%\Microsoft\Office\15.0\Lync\Tracing folder, and Skype for Business
2016 uses the %localappdata%\Microsoft\Office\16.0\Lync\Tracing folder.
The log file name is Lync-UccApi-0.UccApiLog.
While you can read the log file by using any text editor, Snooper provides a parsed and organized view.
You can download Snooper with the Skype for Business Server debugging tools.
Skype for Business Server 2015, Debugging Tools

http://aka.ms/c4d8gf
The download package also includes the deprecated CLSLogger, which you should avoid. Instead, use the
centralized logging cmdlets, which provide additional scenarios for evaluation and more options for
configuration. The following is a list of best practices for performing a log capture:
1. It is best to perform a clean capture of the log files before analyzing a sign-in issue. To perform a
clean capture on a client device, ensure that you have exited the Skype for Business client and that no
processes are running for Lync.exe, which is the executable file for the Skype for Business client.
2. Delete all of the logs in the Tracing folder and delete the sip_username@sipdomain folder, which can
be in the same folder as the tracing folder referenced above.
3. Sign in again and perform the log capture.
In the log file, you will see a series of eight messages in the client’s attempt to register and authenticate to
Skype for Business. The initial attempt to sign in will be unsuccessful, followed by two additional failed
attempts to send an SIP REGISTER before the 200 OK message returns. That should be followed by a series
of SUBSCRIBE messages to send and receive presence information.
It is a good practice to enable the collection of event logs by following these instructions:
1. In the Windows 8.1 or Windows 10 operating system, press the Windows logo key, type Event
viewer, and then click View event logs.
2. In the Event Viewer window, in the pane on the left, double-click Windows Logs, and then click
Application.
3. Double-click the listing for the Skype for Business error that you are trying to locate (usually, the most
recent Skype for Business error appears toward the top) to display the error details.
Another good troubleshooting option is to use the Test-CsClientAuthentication cmdlet. This cmdlet
requires that you specify the registrar pool of the evaluated user’s account. The Test-
CsClientAuthentication cmdlet also requires the user’s SIP address and credentials. The test essentially
confirms the existence and validity of the client authentication certificate. When a failure occurs, the best
places to look are usually DNS and certificates. Additionally, you should also check if all users are enabled
IM and Presence
Skype for Business uses SIP for transmitting
IMs. Presence in Skype for Business provides
information about the availability or willingness of
a user to participate in a communication. In the
Skype for Business client, a user can set his or her
presence as Available, Busy, Do Not Disturb, Be
Right Back, or Appear Away. As an administrator,
you can also configure custom presence states by
creating an XML file that contains the presence
information and referencing that file in a new
client policy.
Configuring custom presence states in

Lync Server 2013
http://aka.ms/dnqfvv
Note: While written for Lync Server 2013, this TechNet article still applies to Skype for
Business Server.
To obtain presence information, the Skype for Business client must confirm the existence of a presence
subscription. The process for obtaining the presence information of a contact involves sending an SIP
SUBSCRIBE message to the SIP address of the contact. If the contact is willing to supply presence
information, an SIP/2.0 200 OK message returns with the presence status. Unsuccessful attempts to
confirm a presence subscription usually result in an “SIP/2.0 404 Not Found” reply.
Skype for Business IMs transmit through SIP. Peer-to-peer IMs only use Skype for Business servers for
creation and teardown of a conversation. After additional parties add to an IM session, the IM Multipoint
Control Unit joins the process to manage what is now deemed an IM conference.
Creating and Configuring a Client Version Policy

Organizations usually choose to prevent their
users from connecting to Skype for Business
Server with an outdated version of the client.
This ensures a uniform look and feel, consistent
application of security updates, and consistent
presence policies. The control of the acceptable
Lync or Skype for Business clients occurs through
application of client version policy. Client version
policy can be set at the global, site, pool, or user
level.
Each client version policy contains a listing of the
allowed or blocked client versions to permit. This
topic’s slide shows the default global client version policy. The policy settings use the naming convention
used by the SIP of the user agent. For our purposes, the SIP user agent is the client that makes the
connection to Skype for Business Server. The “OC” designation applies to all versions of Microsoft Office
Communicator, Lync, and Skype for Business.
After an organization fully deploys the Skype for Business client, it might choose to alter the allowed
Office Communicator version to require that all users utilize the Skype for Business client.
In addition to the Client Version Policy tab, you must configure an additional area in Skype for Business
Server Control Panel for a client version policy to be effective. The Client Version Configuration tab is
essentially an on/off switch for client version policy. The default client version configuration is to enable
client version policy globally. You can alter that by disabling it globally or at the site, pool, or user level.
An organization can further control the allowable versions by issuing new version policies. In addition to
modifying the global policy, policies that are more detailed can be set at the site or user levels.
Demonstration: Exploring the Sign-In Process

In this demonstration, you will learn how the sign-in process works.
Demonstration Steps
1. In the Skype for Business client on LON-CL1, confirm that Logging in Skype for Business is set to Full.
2. Browse to C:\Users\Amr\AppData\Local\Microsoft\Office\16.0\Lync\Tracing, and then delete all

the files with the .log extension.
3. Sign in to the Skype for Business 2016 client as Amr.
4. On LON-SFB1, open Snooper at C:\Program Files\Skype for Business Server 2015

\Debugging Tools\.
5. Open \\LON-CL1\C$\Users\Amr\AppData\Local\Microsoft\Office\16.0\Lync\Tracing
\Lync-UccApi-0.UccApilog.
6. Examine the log file.
Lab A: Configuring Users and Clients in Skype for Business

2015
Scenario
A. Datum Corporation wants to begin allowing Marketing department members to use Skype for Business.
The Marketing department members all reside in a Marketing OU.
Objectives
 Enable users for Skype for Business by using the Skype for Business Server Management Shell.
 Troubleshoot user sign-in issues.
Lab Setup
Virtual machines: 20334B-LON-DC1, 20334B-LON-SFB1, 20334B-LON-SFB2, 20334B-LON-SQL1,

20334B-LON-CL1, 20334B-LON-RTR, 20334B-LON-EX1
Password: Pa$$word

3. In the Actions pane, click Connect. Wait until the virtual machines starts.

o Domain: Adatum

Pa$$w0rd.
8. Start 20334B-LON-CL1. Sign in to 20334B-LON-CL1 as Adatum\Administrator with the password

Pa$$w0rd.

Exercise 1: Enabling Users for Skype for Business by Using the

Management Shell
Scenario
A. Datum plans to enable all members of the Marketing OU by using the Skype for Business Server
Management Shell. Additionally, members of the Marketing OU will not have access to headsets during
the initial deployment of Skype for Business. Therefore, A. Datum decided to prevent them from using
audio or video in Skype for Business.
1. Use the Skype for Business Server Management Shell to enable users for Skype for Business and to
disable their use of the audio and video features.
2. Sign in to Skype for Business as a member of the Marketing OU.
 Task 1: Use the Skype for Business Server Management Shell to enable users for
Skype for Business and to disable their use of the audio and video features
1. In LON-SFB1, on the taskbar, open the Skype for Business Server Management Shell.
Get-CsADUser –OU “ou=Marketing,dc=adatum,dc=com”
This shows a list of all users in the Marketing OU.
Get-CsADUser –OU “ou=Marketing,dc=adatum,dc=com” | Enable-CSUser –RegistrarPool

“pool.adatum.com” –SipAddressType SamAccountName –SipDomain Adatum.com -whatif
With the -whatif parameter, this command displays the accounts that will be enabled, without
actually enabling them.
4. At the command prompt, run the previous command without the -whatif parameter.
Get-CsADUser –OU “ou=Marketing,dc=adatum,dc=com” | Set-CSUser -audiovideodisabled

$true
If you do not receive an error message, you can assume that the command ran properly.
 Task 2: Sign in to Skype for Business as a member of the Marketing OU

1. On LON-SFB1, at the command prompt, type the following command, and then press Enter:
Get-CsUser –Identity “Adam Barr”
2. Confirm that Adam Barr is enabled for Skype for Business by confirming that the Enabled parameter
is set to TRUE.
3. Switch to LON-CL1.
4. On LON-CL1, open the Skype for Business client.
5. Sign in to the Skype for Business client as Adam@adatum.com with the password Pa$$w0rd. Clear
the Save my password check box.
6. Confirm that Adam can connect to Skype for Business by successfully signing in.
7. Sign out of Skype for Business.
Results: After completing this exercise, you should have enabled all members of the Marketing OU.
Exercise 2: Troubleshooting User Sign-In Issues

Scenario
Members of A. Datum’s Sales OU want to use Skype for Business, but they do not know if they are
enabled for Skype for Business. Dan Park, a member of the Sales OU, attempted to sign in to the Skype for
Business client, but his sign-in attempt failed. You have been asked to find the issue and fix it.
1. Attempt to sign in as a user who has not been enabled in Skype for Business Server.
2. Examine the local logs by using Snooper.
3. Verify the user's Skype for Business status and enable the user.
4. Verify that the user can sign in.

5. To prepare for the next lab.
 Task 1: Attempt to sign in as a user who has not been enabled in Skype for Business
Server
1. In the Skype for Business client, click the gear icon, click Tools, and then click Options.
2. On the Skype for Business-Options General page, verify that Logging in Skype for Business is set
to Full, and then click Cancel.
3. In the Skype for Business client, click the gear icon, click File, and then click Exit.
4. Open File Explorer, and then browse to C:\Users\Administrator.Adatum\AppData\Local

\Microsoft\Office\16.0\Lync\Tracing.
Note: If you cannot find the AppData folder, on the View tab, click Options, and then
select Change folder and search options. In the Folder Options window, click the View tab, and
then under the Hidden files and folders section, select Show hidden files, folders, and drives.
Do not select the Hide extensions for known file types check box.
5. Select all files with the .log extension, and then delete them.
6. Close File Explorer.
7. On LON-CL1, click Start, click All apps, and then click Skype for Business 2016. If necessary, click
Cancel sign-in to cancel the previous sign-in task.
8. In the Skype for Business client, sign in as Dan@adatum.com with the password Pa$$w0rd.
9. Note that you cannot sign in, and then click OK.
 Task 2: Examine the local logs by using Snooper

2. On LON-SFB1, open File Explorer, browse to C:\Program Files\Skype for Business Server 2015
\Debugging Tools\, and then double-click Snooper.exe.
3. In Snooper, on the File menu, click OpenFile, and then browse to \\LON-CL1\C$\Users
\Administrator.Adatum\AppData\Local\Microsoft\Office\16.0\Lync\Tracing\.
4. Select Lync-UccApi-0.UccApilog, and then click Open. Click the Messages tab, and then note that
no data generated for the dan@adatum.com user sign-in.
5. Close Snooper.
 Task 3: Verify the user's Skype for Business status and enable the user
1. On LON-SFB1, open the Skype for Business Server Management Shell.
2. Type Get-CsUser –Identity “Dan Park”, and then press Enter.
3. Confirm that Dan Park is not enabled for Skype for Business.
4. Type Enable-CsUser –Identity “Dan Park” –RegistrarPool “pool.adatum.com” –SipAddress
sip:dan@adatum.com, and then press Enter.
 Task 4: Verify that the user can sign in

1. On LON-CL1, in the Skype for Business client, sign in as Dan@adatum.com with the password
Pa$$w0rd.
2. Confirm that you can sign in.
3. Repeat the “Examine the local logs by using Snooper” task above to view the uccapilog and event log
data.
4. Sign out of the Skype for Business client.
 Task 5: To prepare for the next lab

You will need the configured state of these virtual machines for the next lab. Do not revert any of the
machines, but leave them running in preparation for the next lab.
Results: After completing this exercise, you should have addressed Dan Park’s sign-in issue.
Question: Besides the local logs, are there any other logs that you can use to diagnose a
problem with a user’s sign-in?
Lesson 4
Configuring Skype for Business Client Policies
You must configure policies to manage the features that will be available to users who are enabled for
Skype for Business. This lesson examines two types of policies. You create and manage in-band policies in
Skype for Business Server Control Panel or the Skype for Business Server Management Shell. Configure
settings that must apply prior to signing in to Skype for Business, known as bootstrapping policies, by
using AD DS Group Policy. In this lesson, you will see how to configure these policies.
Lesson Objectives
 Explain how to create global, site, and client Skype for Business policies.
 Configure in-band policies.
 Explain how to create Group Policy settings for Skype for Business Server.
 Create a bootstrapping policy for Skype for Business.
 Identify the considerations for managing Skype for Business clients.
 Explain how to configure presence policies.
Creating Global, Site, and User Skype for Business Client Policies
Most organizations that deploy Skype for Business
will have users with different capabilities and
access to features. Applying policies at the global,
site, and user levels primarily controls who does
what.
Configuring client policies and settings

In Skype for Business Server, you can control most
client policies through in-band provisioning.
Additionally, it is still possible to configure and
manage client policies by using Group Policy. You
use in-band provisioning settings to manage
policies by using Skype for Business Server Control
Panel, the Skype for Business Management Shell, or both. You can perform most client-configuration tasks
and apply policies with more specificity by assigning them at the global, site, or user (tag) level. Tags are
settings that can apply to a single user or to a group of users.
Global policies apply to all users in the absence of a policy that is set at the site or user level. Many global
policy settings are configured by default at the time of installation. Administrators can reconfigure global
policies to suit an organization’s needs.
Site policies override a global policy in the event of a conflict. Site policies apply to users who are assigned
to a pool in the site to which the policy links. Administrators can create user policies for almost all settings,
and they can tag policies to a particular user or a collection of users. A user policy will always override a
global-or site-based policy.
Creating and assigning client policies

In Skype for Business Server, you can configure client policies—other than Group Policies that
bootstrapping requires—by using Skype for Business Server Control Panel or the Skype for Business Server
Management Shell.
In Skype for Business Server Control Panel, you can apply the following policies at the user (tag) level:
 Client Version
 PIN
 External Access
 Archiving
 Location
 Mobility
 Persistent Chat
 Client
For example, you can create user or tagged policies for external access, allowing for federated user access,
remote user access, or public provider access. Likewise, the same policies can be set at the site or global
level.
Conferencing
Conferencing policies determine the capabilities of users who are participating in a conference. Some
examples of conferencing policy settings include:
 Define conferencing policies and permissions.

 Enable recording.
 Set default meeting options.
 Configure a dial-in access number.
 Configure a dial-in PIN policy.
While Skype for Business Server Control Panel can apply many conferencing policy settings, you can also
use the Skype for Business Management Shell. In this example, a site policy for London is created that
allows audio but not video conferences, and it allows desktop sharing:
New-CsConferencingPolicy –Identity site:London –Description “London Default Conferencing

Policy” –AllowIPAudio $true –AllowIPVideo $false –EnableDesktopSharing Desktop
Clients
Two policies fall under the clients category:
 Configure client version control.
 Configure device update rules, logging, and firmware testing.

The following Skype for Business Server Management Shell examples can control the version of the Lync
or Skype for Business client that is allowed to connect to the servers:
New-CsClientVersionConfiguation –Identity site:London –Enabled $true

New-CsClientVersionPolicy –Identity site:London
$x = [guid]::NewGuid()
New-CsClientVersionPolicyRule -Parent "site:London" -RuleId $x -MajorVersion 4 -
UserAgentInHouse
You cannot set some policies at the user (tag) level. The best examples of these are IM and presence
policies. You can set IM and presence policies at the global, site, or pool levels. Examples of settings in
Skype for Business Server Management Shell that you can apply at the site level are:
 Allow or block IM hyperlink prefixes.
 Allow or block file extensions.
You can use the following two commands to exclude the .ps1 extension and the rtsp and urn prefixes
respectively:
New-CsFileTransferFilterConfiguration –Identity site:London –Extensions @{Add=”.ps1”}

New-CsImFilterConfiguration -Identity site:London -Prefixes @{add="rtsp:", "urn:"}
In Skype for Business Server Control Panel, you can configure the settings for each in-band policy by
clicking the appropriate tabs. Therefore, it follows that conferencing policies are set on the Conferencing
tab, IM policies on the IM and Presence tab, and so forth.
Demonstration: Configuring In-Band Policies

In this demonstration, you will learn how to create an external access policy. Additionally, you will learn
how to change a global policy to allow remote user access; the London site policy will provide all forms of
external access. You also will learn how to create a user (tagged) policy to block some users from any form
of remote access.
Demonstration Steps
1. On LON-SFB1, modify the Global External Access Policy to allow communications with remote users.
2. Create a site policy for Adatum that allows all forms of remote access.
3. Create a user policy named Limited Access that does not allow any external access.
4. Verify the settings by examining the check marks in the External Access Policy notification area.
Creating Group Policy Settings for Skype for Business Server

You can only configure some essential policies
and settings by using Group Policy. These include
client configuration policies that specify, for
example, the default servers and the security
mode that the Skype for Business client should
use until sign-in is complete. Because these
policies take effect before the client signs in and
begins receiving in-band provisioning settings
from the server, they must exist in the client
computer’s registry before initial sign-in.
Therefore, these policies are considered
bootstrapping policies.
You set Group Policies in AD DS through the Group Policy Management Console (GPMC). An
administrative user must have an appropriate level of privileges to create and apply Group Policies. You
apply these policies at Active Directory sites, domains, or OUs that hold either users or computers. The
Lync16.admx administrative template includes Group Policy settings, which you can download as part of
the Office 2013 Administrative Template files (ADMX/ADML) and Office Customization Tool.
Office 2013 Administrative Template files (ADMX/ADML) and Office Customization Tool
http://aka.ms/t3bxli
You can configure the following Group Policy settings by using the Skype for Business administrative
template:
 Specify server
 Configure SIP security mode
 Configure SIP compression mode

 Prevent users from running Microsoft Lync
 Allow storage of user passwords
 Require logon credentials
 Disable HTTP fallback for SIP connection
 Disable server version check
 Additional server versions supported

 Enable using BITS to download Address Book Service files
 Disable automatic upload of sign-in failure logs
 Trusted Domain List

 Global Address Book Download Initial Delay
 Default UI Theme
Demonstration: Configuring Group Policies

In this demonstration, you will learn how to create a bootstrapping policy for Skype for Business.
Demonstration Steps
1. On LON-DC1, open File Manager, and then copy C:\Labfiles\lync15.admx to C:\Windows
\PolicyDefinitions.
2. In File Manager, copy C:\Labfiles\lync15.adml to C:\Windows\PolicyDefinitions\EN-US.
3. In the Server Manager, click Tools, and then click Group Policy Management.
4. In the GPMC, expand Forest, expand Domains, right-click Adatum.com, and then click Create a
GPO in the domain, and Link it here.
5. In the Name text box, type Address Book No Delay GPO, and then click OK.
6. In the console tree, expand Adatum.com, and then click Group Policy Objects. Right-click Address
Book No Delay GPO, and then click Edit.
7. On LON-DC1, in the Group Policy Management Editor, expand User Configuration, expand Policies,
expand Administrative Templates, expand Microsoft Lync 2013, click Microsoft Lync Features
Policies, and then double-click Global Address Book Download Initial Delay.
8. Click Enabled, in maximum possible number of minutes to delay download type 0, and then click OK.
9. Close the Group Policy Management Editor and the GPMC.

Considerations for Managing Skype for Business Clients

You should set most of the policies for Skype for
Business Server by using in-band provisioning.
Even with extensions to the administrative
template in Group Policy, you can manage a
few functional components through AD DS.
You should configure global policies to cover the

majority of an organization’s Skype for Business
users. You can also use site policies to allow for
different application features requirements at
each location. You can utilize user (tagged)
policies when global or site policies do not serve
the organization’s requirements.
You must remember that user policies, when applied to members of an OU, do not affect the new
members of that OU who are added after application of the policy. Additionally, when you apply a policy
to an OU member, the policy is effective even if the member leaves the OU. When provisioning new users
or moving users in an organization, you should consider how in-band policies will apply.
Configuring Presence Policies

Skype for Business users can control the presence
information that they provide to others by
selecting or deselecting items in the Skype for
Business client. The simplest example of this is a
user selecting their availability. Additionally,
administrators can create presence policies that
limit or extend what presence information is
provided by using the New-CsClientPolicy
cmdlet:
New-CsClientPolicy -Identity LimitedPresenceClientPolicy -DisableCalendarPresence $True -

DisablePhonePresence $True
This command prevents presence status from being set by a calendar status or by being on the phone.
The policy could then apply at the user or site levels. You can use the Set-CsClientPolicy cmdlet to
modify the global policy.
Users subscribing to presence information affects network activity. By applying CsPresencePolicy
cmdlets, you can control the maximum number of presence subscribers (the default is 200) and the
maximum number of category subscriptions (the default is 1,000).
Question: Bob is a user in the New York site, and he is tagged with a conferencing policy named
Limited User. The Limited User policy does not allow users to send invitations to anonymous
users or to start multiple video streams. However, the New York site policy allows both
anonymous users and multiple video streams. Don, a user in the London site, organizes a meeting
and invites Bob. Bob wants to invite anonymous users. Will he be able to do so?

Question
Which of the following policies can you set for Skype for Business clients?
Configure client version control
Allow or block IM hyperlinks.
Configure the primary registrar server
Conferencing policies and permissions
Configure the monitoring database

Lesson 5
Managing the Skype for Business Address Book
The Address Book provides contact information to Skype for Business users. It derives from several sources
and downloads to Skype for Business clients daily on a configurable schedule. This lesson examines how
to create and distribute the Address Book.
Lesson Objectives
 Describe the Address Book.
 Explain how to distribute the Address Book.

 Manage the Address Book.
Overview of the Address Book

Information about a user’s contacts resides in the
Address Book. The Address Book is periodically
downloaded from the Front End Server through
Skype for Business Web Services.
To get configuration information about a Skype

for Business client, go to the notification area on
the right side of the taskbar, locate the Skype for
Business icon, press and hold the Ctrl key, right-
click the Skype for Business icon, and then click
Configuration Information. That page provides
the location of the Skype for Business Web
Services URL.
You can configure the Address Book by using the CsAddressBookConfiguration Skype for Business
Server Management Shell noun. This noun takes the New, Get, Set, and Remove verbs. The Address
Book generates daily with the default creation time being 1:30 A.M. You can modify the time by using
the –RunTimeofDay parameter.
Address Book Distribution

Skype for Business Server creates and uses an
Address Book Service to provide the following
features to meeting clients:
 Global Address List, derived from AD DS,
provides contacts and attributes of contacts
 Distribution List Expansion for groups and

contact membership in groups
 Phone Number normalization from a local

format into the RFC 3966/ITU E.164 format
The Address Book Service, along with the Address

Book Web Query, services all client types in Skype for Business Server. The Address Book Service further
enhances query performance by contacting AD DS at scheduled intervals to collect and update
information in Address Book Service databases. Address Book Service databases are part of Microsoft SQL
Server Express databases that deploy on an Enterprise or Standard Edition Front End Server, similar to the
information that is managed and maintained for presence information.
Address Book Service and Address Book Web Query perform similar functions, but they do so in different
ways. Address Book Service queries and downloads user information from AD DS, which is maintained in a
full download of contact information, delta files, or as compact delta files. The information is stored in the
RTC database on the back-end SQL Server or on the Standard Edition server. By maintaining three types
of download extracts, Address Book Web Query ensures that a new client receives the full download and
then receives delta files or compact delta files based on the client’s ongoing needs.
Distribution List Expansion is a feature inherent to the way that contacts are stored in Address Book
Service database files or the Address Book Web Query. With Address Book Service files, a contact is
associated with groups and members of groups. Group information becomes available to the client
through updated Address Book Service files. However, Address Book Web Query directly queries AD DS
when a client requests group membership details, and Address Book Web Query returns the received
information back to the client.
For a fully functional communications system that involves telephony, normalizing phone numbers into a
usable format—regardless of where the client is—is critical. If a user makes a voice call to another person
on a public switched telephone network (PSTN), the phone number of the other person might be in a
format that might not work without reformatting to conventions that the PSTN accepts. For example, a
user calls one of his contacts at his listed number. The listed number for the contact is from AD DS, which
does not perform any phone number normalization. The number is in the form of 555-1010. Phone
number normalization converts this phone number from 555-1010 to +14255551010. Normalization
occurs when the Address Book Service reads the information from AD DS, normalizes it, and then stores it
in the Address Book file and index databases.
By design, the time for downloading the Address Book is randomized between 0 and 60 minutes. Setting
the value of the registry key that controls the download to 0 can eliminate a delay of up to an hour. The
registry key for a Skype for Business client that installs during an upgrade from Lync 2013 to Skype for
Business Server is HKLM\Software\Policies\Microsoft\Office\15.0\Lync\GALDownloadInitialDelay.
However, if the Skype for Business client installs during a new Skype for Business Server deployment, then
the registry key is HKLM\Software\Policies\Microsoft\Office\16.0\Lync\GALDownloadInitialDelay.
To confirm that the Address Book Service can be contacted, perform the following steps:
1. Copy the URL from the GAL Status field in the Skype for Business Configuration Information window
that you can open by pressing the Ctrl key, and then right-clicking the Skype for Business icon in
the Windows notification area.
2. Start Internet Explorer, and then paste the URL in the address bar. A message displays from Internet
Explorer, indicating whether the computer can access the URL:
a. Successful. Internet Explorer cannot display the webpage. The connection is successful, but
because there is no HTML page to display, Internet Explorer cannot display the page.
b. Unsuccessful. The webpage cannot be found. If the URL is inaccessible from the system, Internet
Explorer reports that the location cannot be found or is inaccessible.
Demonstration: Managing the Address Book

Your instructor will demonstrate the cmdlets and parameters that configure an Address Book.
Demonstration Steps
Enter to get the current configuration:
Get-Help Get-CsAddressBookConfiguration -full
2. Examine the description and the list of available parameters and examples, type the following
command, and then press Enter to get the current configuration:
Get-
CsAddressBookConfiguration
3. Notice the -RunTimeofDay parameter.
4. Type the following command, and then press Enter:
New-CsAddressBookConfiguration –Identity site:”adatum headquarters” –RunTimeofDay

02:30:00
Get-CsAddressBookConfiguration –Identity site:”Adatum headquarters”
6. Confirm that the Address Book download time changed to 2:30 A.M.
When you finish the demonstration, revert the virtual machines to their initial state. To do this, perform


Question
From where does the Address Book generate?
Global Address List in AD DS
A SharePoint users database
Microsoft Exchange mailbox databases
Distribution Group Expansion
Skype for Business Address List Service

Lab B: Configuring Policies and the Address Book in Skype

for Business Server
Scenario
A. Datum wants to create a policy that will append IM warnings to each session. The warnings will differ
for each site. Additionally, executives will not receive the warning. A. Datum wants you to configure the
Skype for Business Server deployment so that the global Address Book download occurs as soon as a user
signs in to Skype for Business.
Objectives
 Configure client policies.
 Configure the Address Book.
Lab Setup

20334B-LON-CL1, 20334B-LON-CL2, 20334B-LON-RTR, 20334B-LON-EX1
Password: Pa$$word
For this lab, you will use the available virtual machine environment. Each of the virtual machines that were
started in Lab A should still be running. In addition, you should:
1. Start 20334B-LON-CL2.
2. Sign in to 20334B-LON-CL2 as Adatum\Administrator with the password Pa$$w0rd.
Exercise 1: Configuring Client Policies

Scenario
A. Datum wants to ensure that a warning message displays for all Skype for Business users that all
messages might be logged and viewed at any time. Additionally, a more detailed message should display
for many individuals in London, warning of the consequences of abuse. The users who receive the
additional warning message should also be enabled for music when on hold, full-screen video, and
contact synchronization with Microsoft Exchange. It was decided that a global policy would be set for the
general warning, and that the specific warning would use a user (tagged) policy.
1. Make a script to create the settings that the scenario requires.
2. Verify that the script applied.

 Task 1: Make a script to create the settings that the scenario requires
1. On LON-SFB1, on the taskbar, right-click Windows PowerShell, and then select Windows
PowerShell ISE.
2. In the Windows PowerShell Integrated Scripting Environment (ISE) Script Pane type the following
command, and then press Enter:
Import-Module SkypeforBusiness
3. In the Windows PowerShell ISE Script Box, type the following command, and then press Enter:
Set-CsClientPolicy Global -BlockConversationFromFederatedContacts: $True -DisableEmoticons:

$True -IMWarning “All communications within Adatum may be logged and viewed at any
time and for any reason” –Verbose
4. In Windows PowerShell ISE, type the following commands on separate lines, and then press Enter:
New-CsClientPolicy –Identity LondonClientPolicy

Set-CsClientPolicy –Identity LondonClientPolicy -EnableClientMusicOnHold: $True -
EnableFullScreenVideo: $True -EnableExchangeContactSync: $True -IMWarning “All
communications within ADatum may be logged and viewed at any time and for any reason.
Use of the ADatum Instant Messaging Service is a privilege.” –Verbose
5. On the toolbar at the top of the Windows PowerShell ISE window, click File, click Save As, click Local
Disk (C:), and then click Labfiles. In the File name text box, type ClientPolicies.ps1, and then click
Save.
Note: If you cannot click Save As, click the Script drop-down list, and then you can click
Save As.
Enter:
C:\labfiles\ClientPolicies.ps1
Enter:
Grant-CsClientPolicy -Identity “Amr Zaki” -PolicyName tag:LondonClientPolicy
 Task 2: Verify that the script applied

1. On LON-CL1, in the Skype for Business client, sign in as Amr@adatum.com with the password
Pa$$w0rd.
2. On LON-CL2, click Start, click All apps, and then click Skype for Business 2016.
4. On LON-CL1, in the Skype for Business search box, type Adam@adatum.com, and then double-
click Adam Barr. Type some message text, and then press Enter.
5. On LON-CL2, click the Amr Zaki notification that appears on the screen.
6. Type some message text, and then press Enter.
7. The message should display indicating all communications will be logged in each message window.
8. After verifying that the message displays, sign out of Skype for Business on both LON-CL1 and
LON-CL2.
Results: After completing this exercise, you should have created the global policy that will apply to users
who do not receive the tagged policy.
Exercise 2: Configuring the Address Book

Scenario
A. Datum wants to ensure that there is no delay in providing updates to the Address Book for its Skype for
Business users.
1. Load the Lync15.admx administrative template into the GPMC.
2. Edit a GPO that sets no delay for the Address Book download.
3. Verify the Address Book download.
 Task 1: Load the Lync15.admx administrative template into the GPMC

1. On LON-DC1, open File Manager, and then copy C:\Labfiles\lync15.admx to
C:\Windows\PolicyDefinitions.
3. On LON-DC1, in Server Manager, click Tools, and then click Group Policy Management.
4. In the GPMC, expand Forest, expand Domains, right-click Adatum.com, and then click Create a
GPO in the domain, and Link it here.
6. In the console tree, expand Adatum.com, and then click Group Policy Objects.
7. In the Group Policy Management Console, right-click Address Book No Delay GPO that you just
created, and then click Edit.
 Task 2: Edit a GPO that sets no delay for the Address Book download
2. Click Enabled, below the Option section, type 0, and then click OK.

 Task 3: Verify the Address Book download

1. On LON-CL1, exit the Skype for Business client to remove the existing Address Book.
2. Open File Explorer, and then browse to the C:\Users\Administrator.Adatum\AppData\Local

\Microsoft\Office\16.0\Lync\sip_amr@adatum.com folder.
3. Delete the GalContacts.db and GalContacts.db.idx Address Book files.
4. Restart the Skype for Business client, and then sign in as Amr@adatum.com with the password
Pa$$w0rd.
5. Return to the C:\Users\Administrator.Adatum\AppData\Local\Microsoft\Office

\16.0\Lync\sip_amr@adatum.com folder, and then confirm that the Address Book files have
returned.

steps:
Results: After completing this exercise, you should have created a Group Policy Object (GPO) that will
eliminate the delay in deploying the Address Book.
Question: What do you use to deploy Skype for Business Group Policy settings?
Question: Some users in your organization want to keep using Lync 2013 after upgrading the
clients to Skype for Business 2015. What is the best way to accomplish this?

During sign-in, a warning appears that

contains the following message: “Skype for
Business cannot verify that the server is
trusted for your sign-in address. Connect
anyway?”
System clock out of synchronization with the

server clock

When planning for clients to use automatic discovery to find their registration point for a given SIP
Uniform Resource Identifier (URI), you can run into issues in environments that do not want or use split-
brain DNS. In split-brain DNS, one set of internally managed DNS servers provide resolution for DNS
queries for internal resources, and a set of externally managed DNS servers provide resolution for DNS
queries to external resources that are for access from the Internet. In split-brain DNS environments, the
solution for publishing DNS records that are required for Lync clients is straightforward. Additionally,
putting internal records in external DNS could reveal internal addressing to the outside world.
What do you do? The answer is to create pinpoint DNS zones. This type of DNS zone is a single record
that is represented by the zone itself. For example, if you need to have _sipinternaltls._tcp.adatum.com as
a service (SRV) resource record that points to pool.adatum.com for internal client resolution, you would
create a pinpoint DNS zone record for both zones, "_sipinternaltls._tcp.adatum.com" and
"pool.adatum.com" by using, for example, the Dnscmd command-line tool.
The following is an example:
dnscmd . /zoneadd _sipinternaltls._tcp.adatum.com. /dsprimary
dnscmd . /recordadd _sipinternaltls._tcp.adatum.com. @ SRV 0 0 5061 pool.adatum.com.
dnscmd . /zoneadd pool.adatum.com. /dsprimary

dnscmd . /recordadd pool.adatum.com. @ A 192.168.1.25
5-1
Module 5
Configuring and Implementing Conferencing in
Contents:
Module Overview 5-1
Lesson 1: Introduction to Conferencing in Skype for Business 2015 5-2
Lesson 2: Integrating Skype for Business Server and Office Online Server 5-11
Lab A: Installing and Configuring Office Online Server 5-14
Lesson 3: Bandwidth Planning 5-17
Lesson 4: Configuring Conferencing Settings 5-25

Lab B: Configuring Conferencing in Skype for Business Server 5-31
Module Overview
Conferencing is one of the important business drivers behind many Skype for Business Server 2015
adoptions, either in the cloud, on-premises, or as a hybrid deployment.
Skype for Business Server 2015 includes an intuitive UI, broad device support, web-based meetings,
familiar Skype interface, and easy scheduling by using Microsoft Outlook or web scheduling. With such
features, conferencing in Skype for Business Server 2015 provides a robust and scalable platform for
employees, partners, and external contacts to collaborate and share information.
Objectives
• Describe Skype for Business conferencing features and modalities.
• Integrate Skype for Business Server 2015 with Microsoft Office Online Server.
• Plan for conferencing bandwidth utilization.
• Configure conferencing settings and policies.

5-2 Configuring and Implementing Conferencing in Skype for Business 2015
Lesson 1
Introduction to Conferencing in Skype for Business 2015
Conferencing is a core feature of Skype for Business Server. The use of the conferencing features in Skype
for Business Server requires a good understanding of the components and the dependencies for carrying
out tasks that relate to managing and administering the conferencing platform.
Skype for Business Server includes various conferencing modes, intuitive conferencing features, and
conferencing architecture and infrastructure components. To implement conferencing, you should be
familiar with all of these components. You should also be familiar with call flows among conferencing
components, and you should be able to describe the considerations for deploying and migrating Skype
for Business Server.
Lesson Objectives
• Describe the conferencing modes in Skype for Business Server.
• List the Skype for Business Server conferencing features.
• Compare the Skype for Business desktop client with the Skype for Business Web App.
• Describe how Skype for Business integrates with Outlook.
Conferencing Modes in Skype for Business Server

Skype for Business Server communications software
offers a wide range of conferencing modes that
includes Audio/Video (A/V) conferencing, web
conferencing including application sharing, dial-in
conferencing, and broadcast meetings with up to
10,000 participants. You can choose to deploy all or
some of the supported conferencing modes.
A/V conferencing
A/V conferencing enables users to have real-time
audio and video conferences without the need for
external services such as the Microsoft Office Live
Meeting service or a non-Microsoft audio bridge.
A/V conferencing requires appropriate client devices such as headsets for audio conferences and
webcams for video conferences.
With a single click, users can schedule a meeting from Outlook. Details such as meeting time, location,
and attendees are based on the familiar Outlook meeting-scheduling experience. Additionally, conference
call–specific information such as dial-in numbers, meeting IDs, and PIN reminders are automatically
populated.
To help ensure that only authorized people participate in a conference, Skype for Business Server provides
multiple levels of authentication for participants. Users who join by using Skype for Business desktop
client (Skype for Business Client) automatically authenticate through Active Directory Domain Services
(AD DS) and do not need to enter a PIN, pass code, or meeting ID.
Skype for Business helps simplify the video conferencing experience for users by incorporating video
into the unified client so that joining a conference with video or spontaneously escalating to video is
seamless—users simply start their webcams. Skype for Business Server helps makes it easy to add video
to a standard call with just one click. When multiple participants are in a video call or a conference, each
user can see video from up to five other users simultaneously, or a presenter can choose for all attendees
to see just one video source.
High-definition video (resolution 1920 × 1080 or 1270 × 720, aspect ratio 16:9) and VGA video (resolution
640 × 480, aspect ratio 4:3) are supported for peer-to-peer calls between users who are running
Skype for Business on computers with the required configuration. The resolution at which each participant
in a conversation views video might differ depending on the video capabilities of each user’s hardware.
Skype for Business client video requirements

http://aka.ms/ldhq8z
Web conferencing
Web conferencing allows users to share and collaborate on documents, such as Microsoft PowerPoint
presentations, during online conferences. Additionally, users can share all or part of their desktop
with each other in real time. Web conferencing is integrated with the overall enterprise messaging
infrastructure of Skype for Business Server. When combined with A/V conferencing, web conferencing
delivers real-time collaboration that is simple to manage by using conferencing policies, which is where
you can control all aspects of conferencing features.
Dial-in conferencing
Dial-in conferencing enables users to join the audio portion of a Skype for Business Server conference
by using a public switched telephone network (PSTN) phone without requiring a non-Microsoft audio
conferencing provider.
Note: Module 6, “Skype for Business Server Additional Conferencing Options,” will cover
dial-in conferencing.
Broadcast meetings
Skype for Business Server supports broadcast meetings with up to 10,000 participants. This is possible
through the use of the Microsoft Office 365 infrastructure in a cloud-based deployment or in a hybrid
deployment.
Note: Module 6, “Skype for Business Server Additional Conferencing Options,” covers
broadcast meetings.
Conferencing Features in Skype for Business Server

Skype for Business Server includes the web and A/V
conferencing features described below.
Skype for Business client features

Skype for Business Server includes the following
client features:
• Meeting invitation customization:
o Administrators can customize email

invitations for online meetings by using
or the Skype for Business Server
Management Shell. Customizations can
include footer text and URLs for logos, help text, and legal disclaimer. Once customized, all
subsequent invitations include the customizations.
• Join Launcher:
o Skype for Business Server automatically detects a connecting client’s capabilities and starts the
locally installed, supported client, or it redirects to the Skype for Business Web App.
• Video enhancements:
o Gallery View and HD video conferencing. In video conferences, users can see videos of up to five
conference participants at the same time.
o HD video. Users can experience resolutions up to HD 1080p in two-party presenter only video
mode. Presenters can configure a conference so that only the presenter’s video displays. This
mode prevents distractions in large conferences when multiple video streams are available and
locking to different sources. This mode also applies to video that conferencing devices capture
and provide.
o Video Spotlight. Presenters can configure a conference so that everyone in the conference sees
only the video from a selected participant who is a video source. This mode also applies to video
that conferencing devices capture and provide for panoramic video.
• VDI plug-in:
o The Skype for Business client supports audio and video in a Virtual Desktop Infrastructure (VDI)
environment. A user can connect an audio or video device (for example, a headset or a camera)
to the local computer (for example, a thin client or a repurposed computer) from where the
connection to the VDI environment is made. The user can connect to the virtual machine, sign in
to the Skype for Business client that is running on the virtual machine, and participate in real-
time audio and video communication as though the client is running locally. The client
connection is split between two IP addresses: the IP address of the virtual environment, and the
IP address of the local client on which the VDI plug-in is running. All audio and video is sent
directly to the local client IP thus bypassing the virtual environment.
Note: The use of VDI plug-In requires the client policy to allow for media redirection.
Beware of bitness requirements that differ between Microsoft and non-Microsoft VDI solutions.
VDI plug-in clients receive only active speaker video; Gallery View is not supported.
Administrative features
The Skype Meeting Add-in, an Outlook scheduling add-in, includes the following administrative features:
• Meeting invitation customization:

o Administrators can customize an organization’s meeting invitations by adding a custom logo,
a support URL, a legal disclaimer URL, or custom footer text.
• Attendee mute controls:
o New attendee mute controls allow meeting organizers to schedule conferences that have
attendee audio and video muted by default.
• Dial-out conferencing for participants who are not Enterprise Voice client users:
o Skype for Business Server now allows participants who are not enabled for Enterprise Voice
to initiate dial-out calls from a meeting conference. The administrator can enable this feature in
the conferencing policy.
• Integration with Microsoft Office setup:
o The Skype for Business client and the new Skype Meeting add-in for Skype for Business—
which supports meeting management from within the Outlook messaging and collaboration
client—are now included with the Office 2016 setup program.
• In previous versions of Microsoft Lync and Microsoft Office Communicator, you could use Windows
Installer properties to customize and control an Office installation. Because Skype for Business is
integrated with Office setup, you can use the following to customize Skype for Business setup:
o The Office 2016 Deployment Tool
o Config.xml to perform installation tasks

o Setup command-line options
Participant features
Skype for Business Server includes the following participant features:
• Merge This Call Into:
o While in a meeting, users can merge another open conversation into a meeting by using the
Merge This Call Into feature from the More Options menu.
If a user who is already in a call answers an incoming call or initiates a new call, the first call is
automatically placed on hold. On the More Options (…) menu, the user can merge the second call
(or any other call that is currently on hold) into the first call.
• View and show participants:
o To see participants’ names, users can click the View Participants button, or they can click Show
Participant List to dock the panel in the meeting window.
Presenter features
Skype for Business Server includes the following presenter features:
• Manage presentable content:
o Users can use the Manage Presentable Content menu to choose the content they want to
share.
• Share content and lead meeting activities:
o Users can switch between content types by using the Present button.
• Presence while sharing:
o When Skype for Business detects that a user is sharing, Skype for Business automatically assigns
the user a Presenting status. This status equals Do Not Disturb and blocks all incoming
communications unless the sender is assigned the Workgroup privacy relationship. If the user is
using the sharing feature entirely on a secondary monitor, Skype for Business does not assign a
Presenting status.
• Presentation mode:
o In an A/V conference, a presenter can set the conference state so that all other participants,
including anybody who subsequently joins the meeting, are muted. While the conference is in
this state, individual participants cannot unmute themselves. The presenter can later change the
conference state—for example, to open the conference for questions. At that time, users receive
a notification that they can now unmute themselves.
Conferencing Clients
Using the Skype for Business full client provides the
optimal user experience with access to features like
recording and changing the conferencing layout—
for instance, moving a video feed to a different
monitor. If the client is installed locally, the Join
Launcher will automatically start it when a Skype
meeting invitation is selected.
Skype for Business Server supports the use of

Microsoft Lync 2010, Lync 2013, and Skype for
Business clients. The use of the legacy clients is
controlled through client version policies that Skype
administrators enforce.
The Skype for Business client builds on the success of the Lync 2013 client. When a user upgrades from
Lync 2013 to the Skype for Business, the user will find all base functionality to be equal between the
versions. One major difference in terms of functionality is the shift from using mouse hovering to actual
clicks when selecting menus and actions.
There are no user interface differences between the Skype for Business 2015 and the Skype for Business
2016 client.
Besides the full-featured clients that are available for Mac and Windows, Skype for Business Server
supports a wide range of conferencing clients that run on mobile devices. Free clients are available in
the respective app stores for the iOS, Windows Phone, and Android platforms.
If connecting from a PC or Mac that does not have a locally installed Skype for Business client or another
supported client, a user will be taken to the Skype for Business Web App for a nearly full-featured
conferencing experience that runs directly in most common browsers.
Refer to the following link for a full list of supported features:
Client comparison tables for Skype for Business Server 2015

http://aka.ms/sviuyl
Skype for Business Web App

Skype for Business Server updates the Join Launcher
to validate each meeting before starting a client,
and to provide support for opening a meeting in
the following clients:
• Windows Phone 7 or later

• Android devices
• iOS devices
• Windows 8 or later
• Internet Explorer 10
• Microsoft Edge browser (Windows 10)
Join Launcher is a small application that runs on each Front End Server. It helps you start the right client
(such as a computer or mobile, even without a Skype for Business or Lync client endpoint installed). If no
installed client endpoint is found, the Skype for Business Web App starts. If it starts from a supported
mobile device that does not have a client, the user is redirected to the appropriate app store to download
the free Skype for Business mobile client.
If the necessary plug-in to start the Skype for Business Web App is not already installed, the user will be
offered the option to install it. This does not require local administrator permissions, but runs as a user-
level install.
Participating from the Skype for Business Web App offers a meeting experience very close to that of the
full-featured Skype for Business client, with a few limitations. For instance, recording is not supported
from the Skype for Business Web App, nor is access to granular device controls.
Note: Although an end user can install the Skype for Business meeting plug-in without
administrative rights, the user cannot reconfigure Windows Firewall if it is active and controlled
by Group Policy.
In a multiple-pool environment, the pool that is conducting the conference will service Skype for Business
Web App requests, as all front-ends and directors across the Skype for Business and Lync server
infrastructure can act as proxies for the home pool of the meeting organizer. If internal, clients will receive
a redirect to connect to the appropriate pool.
In a hybrid deployment, the meeting URL will point to the on-premises installation of Skype for Business
Server 2015. Here the Deployment Locator will determine whether the meeting is on-premises or in the
cloud, and it will update the client connection URL to point to the actual meeting location.
Note: To bypass Join Launcher and go straight to the Skype for Business Web App, you can
append ?SL=1 to the end of the meeting join URL.
Demonstration: Exploring Skype for Business 2015 Clients

The instructor will now compare and demonstrate how to use the Skype for Business 2015 full client and
the Skype for Business Web App conferencing experience.
Demonstration Steps
1. Sign in to LON-CL1 as Adatum\Ed with the password Pa$$w0rd and then switch to the Skype for
Business client.
2. Start the meeting.
3. Get the meeting URL.
4. Paste the meeting URL into Internet Explorer, and then append ?SL=1 to the URL to skip client
detection and to go straight to the web app.
5. Join the meeting as a guest—type your name as display name.
Outlook Integration
When installing Skype for Business, a new plug-in
named New Skype Meeting is installed if Outlook
2010, Outlook 2013, or Outlook 2016 is already
installed on the computer.
Scheduling a Skype meeting by using

Outlook
Use the procedure below to schedule a Skype
meeting by using Outlook:
1. When using Outlook to schedule meetings, you

can choose whether a meeting should be a
Skype for Business meeting by clicking the
New Skype Meeting button.
2. When you click New Skype Meeting on the Home tab in Calendar view, Outlook calls the locally
running Skype for Business client, which in turn checks your conferencing policy and meeting
configuration and then requests a meeting ID.
3. The Skype for Business client hands the required meeting link, including the meeting ID, back to
Outlook, which displays the received information as Join Skype Meeting content in the meeting
invitation.
4. From here, you can schedule the meeting by using the Outlook Scheduling Assistant as usual.
After you have set up a Skype meeting, you can access Skype meeting options from the Skype Meeting
group on the Meeting tab of the meeting invitation.
From the Skype Meeting Options window, an organizer can access the following settings:
• Meeting space:
o New dedicated space
o My dedicated space
• Lobby settings:
o Locked or unlocked meeting

o Announce when people enter or leave
• Who can present:
o Organizer only
o People I choose
o All from same organization
o Anyone (no restrictions)
• Limit participation:
o Disable IM
o Mute all attendees
o Block attendees’ videos
If the conferencing policy assigned to the organizer allows dial-in conferencing, the Phone menu
provides access to:
• From where will most people call:
o A drop-down menu shows conferencing regions.
o Invitations will contain numbers from the selected region. You can configure regions in the dial-
in plan. The Dial-In page groups the numbers according to the defined regions.
o All numbers that are found on the Dial-In page can be used.
• Link to the Dial-In page to set one’s own conference PIN.
When a user changes options in the Skype Meeting Options window, the user can choose to remember
the settings for future Skype meetings.
Question: How do you install the New Skype Meeting plug-in in Microsoft Outlook?
Statement Answer
Installing the Skype for Business Web App plug-in requires

administrative privileges.
Test Your Knowledge

Question
Question
What happens to a presenter’s presence when he or she chooses to share his or her desktop?
Presence stays in the current state—probably Busy in a meeting.
Presence changes to Presenting—the same as Busy.
Presence changes to Presenting—the same as Do Not Disturb.
Presence changes to Presenting—simply to keep others informed, which has no effect.

Lesson 2
Integrating Skype for Business Server and Office Online
Server
For using PowerPoint presentations in Skype for Business meetings, Office Online Server is the preferred
method over sharing the actual PowerPoint app.
Sharing an app such as PowerPoint uses Remote Desktop Protocol (RDP). This potentially uses
unnecessary bandwidth and hinders the use of media files such as embedded video clips in presentations
that require higher bandwidth. RDP bandwidth requirements might give users on low-bandwidth
connections an inferior experience to that of showing a PowerPoint presentation by using Office Online
Server via the Present PowerPoint Files option in Skype for Business. Further, local playback and local
annotations require Office Online Server.
Lesson Objectives
• Describe the dependency on Office Online Server.

• Describe how to use Office Online.
• Install and configure Office Online Server for Skype for Business Server.
Overview of Office Online Server

When using the Present PowerPoint Files option
in Skype for Business Server, you utilize Office
Online Server as an intermediary for serving
PowerPoint presentations to meeting participants.
Office Online Server also enables the use of
animations and embedded video in PowerPoint
presentations.
Depending on the settings, participants can skip

back and forth through presentation slides, save
a local copy, and add annotations. Both the
organizer and the presenter who upload a file
control all access rights and permissions.
You use Office Online Server in read-only mode with Skype for Business Server; however, you can share
Office Online Server with other products, such as Microsoft SharePoint and Microsoft Exchange.
From a topology viewpoint, you might want to consider the physical placement of Office Online Servers.
When a participant uses a PowerPoint file, it is presented to the participants from the Office Online
Servers by using HTTPS, with a Proxy as an intermediary when the participant is external. In most
deployments, you will find that each configured Skype for Business pool has its own Office Online
Server farm.
Office Online Server Integration

The process of integrating Skype for Business Server
and Office Online Server works as follows:
1. A presenter uploads a PowerPoint (.ppt or

.pptx) presentation to the Office Online Server
before or during a meeting—uploads can occur
at any time.
2. Office Online Server encrypts and saves the file
to a configured file share.
3. During the meeting, the presenter decides to

present the file.
4. Skype for Business Server generates a

connection URL that contains information such as file ID, meeting ID, and details about the Office
Online Server that is hosting the PowerPoint presentations for the meeting. Skype for Business Server
then sends this information to the client.
5. The client connects to the connection URL.

6. Office Online Server uses a Web Application Companion, which is a component in Office Online
Server, to retrieve information about where to locate the PowerPoint presentation.
7. Office Online Server retrieves file information from Skype for Business Server.
8. Office Online Server retrieves the file.
9. The presenter presents the PowerPoint presentation from Office Online Server to the client.
Demonstration: Installing and Configuring Office Online Server for Skype

for Business 2015
• Install Office Online Server
• Configure certificates
• Configure an Office Online Server farm
• Update and publish a topology
Demonstration Steps
1. On LON-SVR1, start Office Online Server setup by running D:\Setup.exe as an administrator, and
then complete the installation by accepting all defaults.
2. Open the Certificates snap-in to the Microsoft Management Console (MMC):
a. Open the MMC.
b. Add the Certificates snap-in for the computer account.
3. Obtain a Transport Layer Security (TLS) certificate from the internal certification authority (CA).
4. Request a new personal certificate.
5. Use the Adatum Web Server template with the following details:
o Subject name: LON-SVR1.adatum.com
o Alternative name: LON-SVR1.adatum.com, wac.adatum.com
o Private key exportable
o Name: WACCert
6. Close the Microsoft Office Online Server 2016 Installation Wizard.
7. Configure an Office Online Server farm by using the Windows PowerShell command-line interface
running as Administrator.
8. Use the following command to set up the Office Online Server farm:
New-OfficeWebAppsFarm –InternalURL https://LON-SVR1.adatum.com –ExternalURL

https://wac.adatum.com –CertificateName WACcert
9. Check that the Office Online Server responds with configuration settings:
o In Internet Explorer, go to https://LON-SVR1.adatum.com/hosting/discovery.
o Confirm that you get an XML document that contains the configuration settings.
10. Switch to LON-SFB1, add a new Office Online Server to the Skype for Business Server topology, and
then publish it.
Sequencing Activity
The following are the steps for installing and configuring Office Online for Skype for Business. Arrange
them in the correct order by numbering each step.
Steps
Add an association to the Skype for Business Topology Builder.
Obtain a certificate.
Install server prerequisites.
Configure an Office Online Server farm by using Windows PowerShell.
Install Office Online Server.

Lab A: Installing and Configuring Office Online Server

Scenario
Internal conferences at A. Datum Corporation often use PowerPoint presentations. Office Online Server
will be installed to support these presentations.
Objectives
• Install and configure Office Online Server.
• Obtain and configure the certificate that Office Online Server uses.
• Integrate Office Online and Skype for Business Server.
Lab Setup

20334B-LON-RTR, 20334B-LON-EX1, 20334B-LON-SVR1
Password: Pa$$w0rd
For this lab, you will use the available virtual machine environment.
Before you begin the lab, complete the following steps:
1. You need access to the Office Online installation CD on your host machine at C:\Program Files
\Microsoft Learning\20334\Drives\OfficeOnlineServerTechPreview.iso. You can add the ISO image
as DVD media in Hyper-V Manager to 20334B-LON-SVR1. Your instructor will show you how.
2. Complete the following steps:
a. On the host computer, click Start, point to Administrative Tools, and then click Hyper-V
Manager.
b. In Microsoft Hyper-V Manager, click 20334B-LON-DC1, and then in the Actions pane, click
Start.
c. In the Actions pane, click Connect. Wait until the virtual machine starts.
d. Sign in by using the following credentials:

 User name: Administrator
 Password: Pa$$w0rd
 Domain: Adatum
3. Repeat steps b through d for 20334B-LON-SQL1, 20334B-LON-SFB1, 20334B-LON-SFB2,
20334B-LON-RTR, 20334B-LON-EX1, and 20334B-LON-SVR1. You do not need to sign in to
20334B-LON-RTR and 20334B-LON-EX1.
Note: At the end of this lab, do not shut down or revert the virtual machines; they are
needed in the next lab.
Exercise 1: Installing Office Online Server

Scenario
A. Datum wants to support the use of PowerPoint files with embedded video in Skype for Business Server
meetings. Your task is to install Office Online Server for use with Skype for Business Server and add it to
the Skype for Business topology.
1. Install Office Online Server and obtain certificates.
2. Configure an Office Online Server farm for Skype for Business.
3. Add Office Online Server to the Skype for Business topology.
 Task 1: Install Office Online Server and obtain certificates

1. On LON-SVR1, start Office Online Server setup by running D:\Setup.exe as an administrator, and
then complete the installation by accepting all defaults.
2. Open the Certificates snap-in to the MMC:
o Open the MMC.

o Add the Certificates snap-in for the computer account.
3. Obtain a TLS certificate from the internal CA. Request a new personal certificate.
4. Use the Adatum Web Server template with the following details:
o Subject name: LON-SVR1.adatum.com
o Alternative name: LON-SVR1.adatum.com, wac.adatum.com
o Private key exportable

o Friendly Name: WACCert
5. Close the Microsoft Office Online Server 2016 Installation Wizard.
6. Attach the C:\Program Files\Microsoft Learning\20334\Drives\wacserver_SP1.iso to the

20334-LON-SVR1 virtual machine.
7. Complete the installation of Service Pack 1.
 Task 2: Configure an Office Online Server farm for Skype for Business
1. On LON-SVR1, configure an Office Online Server farm by using Windows PowerShell running as
Administrator.
2. Use the following command to set up the Office Online Server farm:

https://wac.adatum.com –CertificateName WACcert.
3. Check that the Office Online Server responds with configuration settings:
o Open Internet Explorer and go to https://LON-SVR1.adatum.com/hosting/discovery.
o Validate that you get an XML document that contains the configuration settings.
 Task 3: Add Office Online Server to the Skype for Business topology
• Switch to LON-SFB1, open Skype for Business Server 2015 Topology Builder, add a new Office Online
Server named LON-SVR1.adatum.com to the Skype topology, and then publish it.
Note: This completes this lab. Please do not shut down the virtual machines—you will need
them in the next lab.
Results: After completing this exercise, you should have installed and configured Microsoft Office Online
Server on LON-SVR1, and added Office Online Server to the Skype for Business topology.
Question: Why did you add the name LON-SVR1.adatum.com twice on the request
certificate?
Question: Can you use the same name as both an internal and external URL when
configuring Office Online Server?
Lesson 3
Bandwidth Planning
Using conferencing features such as audio, video, desktop sharing, and application sharing has a big
impact on the overall load on a network. This is particularly true if your organization has a large number
of concurrent users who attend conferences, or if your organization has bandwidth restrictions between
organizational locations or the Internet. Understanding the bandwidth requirements for each
conferencing option will help you plan for your network requirements.
Note: Skype for Business Server supports using Group Policy–based Quality of Service
(QoS), but configuring these policies is out of the scope of this course.
Lesson Objectives
• Describe the codecs that audio and video conferences use.
• Identify bandwidth requirements of different codecs.
• Describe the basic configuration and function of call admission control (CAC).
• Explain how user behavior and conferencing settings affect network usage.
Skype for Business Network Impact Considerations

How Skype for Business Server affects a network
varies greatly depending on a variety of factors,
including usage patterns, number of conferences
and the modalities that are used, conference
settings, and sharing usage.
When planning for Skype for Business Server

conferencing, factors such as the network
infrastructure, the available bandwidth, QoS
settings, and routing capabilities can affect the final
design and chosen topology. Therefore, when
designing the topology, you must answer several
questions regarding:
• User profiling:
o Who are the users, and what are their needs? Different job functions have different needs. For
example, an IT professional’s needs are different from someone working on a manufacturing line.
• Network assessment:
o How much bandwidth will be available for Skype for Business Server?
o Are there any known bottlenecks?
o Is internal routing between all locations required?

• QoS:
o Is the network provisioned for QoS?
o Should you implement QoS in Skype for Business Server?
o Should you revise current Group Policy design to accommodate for QoS configuration of client
machines?
Structure of a Unified Communication Session

An audio session includes the three major
components listed below.
SIP
Session Initiation Protocol (SIP) is an Internet
Engineering Task Force–defined signaling protocol
that is widely used for controlling communication
sessions such as voice and video calls over IP. The
protocol can be used for creating, modifying, and
terminating two-party (unicast) or multiparty
(multicast) sessions. Sessions might consist of one or
several media streams.
SRTP
The Real-Time Transport Protocol (RTP) defines a standardized packet format for delivering audio and
video over IP networks. RTP is used extensively in communication and entertainment systems that involve
streaming media, such as telephony, video teleconferencing apps, television services, and web-based
push-to-talk features. RTP is used with the Real-Time Control Protocol (RTCP). While RTP carries media
streams (for example, audio and video), RTCP is used to monitor transmission statistics and QoS, and it
aids synchronization of multiple streams. RTP is originated and received on even port numbers, and the
associated RTCP communication uses the next higher odd port number. RTP is one of the technical
foundations of Voice over Internet Protocol (VoIP), and in this context, it is often used with a signaling
protocol to assist in setting up connections across a network.
Secure Real-Time Transport Protocol, or Secure RTP (SRTP), is an extension of RTP that incorporates
enhanced security features. Like RTP, it is intended particularly for VoIP communications.
RTCP
RTCP is the corresponding protocol to RTP. The RTP specification (RFC 3550) defines its basic functionality
and packet structure, superseding its original standardization in 1996 (RFC 1889). RTCP provides out-of-
band statistics and control information for an RTP flow. It partners RTP in the delivery and packaging of
multimedia data, but it does not transport any media streams itself. Typically, RTP will be sent on an even-
numbered User Datagram Protocol (UDP) port, with RTCP messages sent over the next higher odd-
numbered port. The primary function of RTCP is to provide feedback on QoS in media distribution by
periodically sending statistics information to participants in a streaming multimedia session. RTCP gathers
statistics for a media connection and information such as transmitted octet and packet counts, lost packet
counts, jitter, and round-trip delay time. An application might use this information to control QoS
parameters, perhaps by limiting flow, or by using a different codec.
Process of the UC session

The slide represents an example of the structure of a unified communications (UC) audio session. An
analog signal from a microphone must transmit over a digital line that is not capable of interpreting
against an indefinite number of signal levels. At regular intervals, signal levels are sampled into a digital
representative, which the yellow boxes (numbered 1–5) represent on the slides. When transmitted and
reconstructed by the receiver, ideally, the audio stream is identical to what was transmitted. In this case,
all packets are received in the same order as they were transmitted, and no packets are lost.
What happens when a network suffers from high packet loss? In this case, the forward error correction
(FEC) process occurs. Because both clients continuously report on network conditions by using RTCP, they
observe the need for mitigation of poor network conditions. FEC essentially adds redundant information
to each packet. In the example on the slides, the packets that the yellow boxes numbered 2, 3, and 4
represent are transmitted twice in separate packets.
This results in missing packets at the receiver site. During a normal transmission, about 50 percent of the
packets would be lost, meaning that boxes 2, 3, and 4 are permanently lost. Because of FEC, only 3 is now
lost. However, because of error correction, the impact is not as severe as it would have been without FEC.
Finally, to reconstruct lost packet number 3, the slide shows that the audio healer tries to reconstruct the
original information based on prediction. The audio quality will not be optimal for that portion of the call,
but it will be better than it otherwise might have been.
Defining Network Performance Goals

Because network performance and audio quality
are so closely connected, it is important that you
follow best practices when planning a Skype for
Business Server conferencing infrastructure:
• Consult with your networking team or business

unit and discuss your requirements.
• Consider using UC-certified devices and

gateways, and run the server roles on
recommended hardware. Having
recommended hardware, either virtual or
physical, helps prevent errors because of time-
outs and slow processing, prevents users from
interpreting slow server response as errors, and gives an overall optimal end-user experience.
Note: Official server hardware recommendations are based on a 12-server pool with 80,000
configured users. Some real-life deployments call for downscaling.
The table on the slide provides some general metrics to show how different network conditions affect
audio and video quality, and it can help you establish some network performance goals. The more
performance deviates from these goals, the more likely that users will experience poor voice quality. The
table also lists some of the attributes of the network conditions that contribute to overall voice quality.
Network latency—one way

Latency causes delays and walkie-talkie effects, and leads to echoes. You can think of network latency as
the delay that the entire network adds to the transmission of packets from mouth to ear.
Components such as routers and switches cause latency, as do the laws of physics. The length of the cable
(Ethernet or fiber) will also introduce delays.
Jitter (average)
Jitter leads to latency or packet loss. Jitter is the undesired deviation from true periodicity of an assumed
periodic signal in electronics and telecommunications. Although packets are sent at regular intervals, the
arrival (reception) might not be as predictable because of network conditions, competing data streams,
and other factors.
Packet loss rate (average)

Packet loss is the missed parts of the conversation. Packet transmissions are not guaranteed over a
network. By default, Skype for Business prefers UDP, which does not trigger a resend of lost packets.
Technologies embedded in the Skype for Business communications software—codecs, codec switching,
FEC, and healing—will mitigate packet loss, but there is a limit to packet loss before it becomes noticeable
to a receiver.
Audio Codecs Used in Conferencing

Skype for Business Server uses two codecs for
conferencing audio:
• Siren
• G.722
Siren is a legacy codec that is still in use for

Skype for Business Mobile and legacy clients such as
Lync 2010 and Microsoft Office Communicator
2007 R2. The preferred codec in Skype for Business
Server is G.722, which gives a better audio quality
than Siren, but at the same time, uses more
bandwidth.
For conferencing, Skype for Business Server does not use the SILK codec that Skype Public uses. Skype
Public is only supported in P2P sessions.
Also, note that P2P communications between Skype for Business clients use the RTAudio codec. Only
PSTN calls use G.711, either directly from a Skype for Business client to audio gateway (media bypass) or,
more commonly, from mediation server to audio gateway.
G.722 stereo is only used in conjunction with Lync Room Systems (LRS).
Audio codec and bandwidth

The table below lists the bandwidth requirements for various codecs in certain communication scenarios:
Bandwidth
Bandwidth
audio Bandwidth audio
Audio audio
payload, IP payload, IP
payload payload
Audio codec Scenario header, header, UDP,
bit rate and IP
UDP, RTP, RTP, SRTP, and
(Kbps) header
and SRTP FEC (Kbps)
only (Kbps)
(Kbps)
RTAudio wideband Peer-to-peer 29.0 45.0 57.0 86.0
RTAudio narrowband Peer-to-peer 11.8 27.8 39.8 51.6

PSTN
G.722 Conferencing 64.0 80.0 95.6 159.6
G.722 stereo Peer-to-peer 128.0 144.0 159.6 223.6

conferencing
G.711 PSTN 64.0 80.0 92.0 156.0
Siren Conferencing 16.0 32.0 47.6 63.6
SILK wideband Peer-to-peer 36.0 52.0 64.0 100.0
SILK Peer-to-peer 13.0 29.0 41.0 54.0

wideband/narrowband
Video Codecs Used in Conferencing

When using video in Skype for Business, the codecs
that are used vary depending on the clients
involved. The default codec for Skype for Business is
H.264, but RTVideo is still used when using video
with legacy clients.
RTVideo
RTVideo is the Microsoft default video codec for
Office Communications Server 2007 and the
Communicator 2007 client. It is a proprietary
Microsoft implementation of the VC-1 codec for
real-time transmission purposes. Microsoft
extensions to VC-1 are based on cached frame and
Super P-frame (SP-frame). Additionally, it includes system-level enhancements for recovery of packet loss
on IP networks—FEC and error concealment.
H.264
Skype for Business builds on the hardware acceleration for video encoding and decoding of the
H.264/MPEG-4 Part 10 Advanced Video Coding standard, which Lync 2013 introduced. This feature allows
computers with lower central processing unit (CPU) clock speeds to encode and decode higher resolution
video. Video hardware requirements vary depending on the computer configuration and the desired
video resolution.
Video resolution and bandwidth

The table below lists the bandwidth requirements for codecs at various screen resolutions:
Resolution and Maximum video payload Minimum video payload

Video codec
aspect ratio bit rate (Kbps) bit rate (Kbps)
H.264 320×180 (16:9) 250 15

212×160 (4:3)
H.264/RTVideo 424×240 (16:9) 350 100

320×240 (4:3)
H.264 480×270 (16:9) 450 200

424×320 (4:3)
H.264/RTVideo 640×360 (16:9) 800 300

640×480 (4:3)
H.264 848×480 (16:9) 1500 400
H.264 960×540 (16:9) 2000 500
H.264/RTVideo 1280×720 (16:9) 2500 700
H.264 1920×1080 (16:9) 4000 1500
H.264/RTVideo 960×144 (20:3) 500 15
H.264 1280×192 (20:3) 1000 250
H.264 1920×288 (20:3) 2000 500
Note that video always contains FEC data, so no separate data is available.
Audio and Video Capacity Planning for Conferences

Estimating exact bandwidth usage is impossible;
however, making a rough estimate can help you
plan for conferences. The following table shows the
typical default values for doing capacity planning.
Audio/video capacity planning for

conferences
This table shows the average values typically used
when doing capacity planning
Typical stream Maximum stream

Typical Maximum stream
Media bandwidth bandwidth without
codec bandwidth with FEC
(Kbps) FEC
Audio G.722 46.1 100.6 164.6
Audio Siren 25.5 52.6 68.6
Main video H.264 and 260 8015 Not applicable

receive RTVideo
Main video H.264 and 270 8015 Not applicable

send RTVideo
Panoramic H.264 and 190 2010 (for a maximum Not applicable

video receive RTVideo resolution of
1920x288)
Panoramic H.264 and 190 2515 Not applicable

video send RTVideo
Overview of CAC
Skype for Business Server includes the optional use
of CAC. By using bandwidth policies that apply to
defined network sites and network region link,
Skype for Business Server can prevent over-
subscription of bandwidth by limiting the number
of concurrent audio and video sessions and by
dictating the maximum allowed bandwidth per
session, thus controlling the available codec options
like FEC.
When an administrator enables CAC, the IP address

of the connecting Skype for Business client
determines whether a user is located in a site that
has active bandwidth policies.
When CAC and bandwidth policies apply, the client that receives an incoming call requests permission
from the CAC system to accept the call. If there are available connections, the CAC system informs the
client of the bandwidth allowance and displays the incoming call toast. If no available connections exist,
the CAC system can redirect the incoming call if the receiving client’s voice policy allows it.
If the caller and the receiver are on different sites, each with its own A/V Edge Server (also known as Edge
server for Media in Topology Builder), the two Edge servers can redirect the call via the Internet. If
redirection via the Internet is not available, PSTN redirects the call when a direct inward dialing number
exists for the call’s receiver and when the receiver’s voice policy has the Enable PSTN reroute option
enabled.
Administrators can exempt individuals or groups of users from CAC by assigning a voice policy with the
Enable bandwidth policy override option enabled. Emergency dialing (911 and 112) is never blocked
because of CAC.
Demonstration: Configuring CAC

• Enable CAC for A.Datum Headquarters
• Configure subnets
• Configure sites
Configure and apply a bandwidth policy
Demonstration Steps
1. On LON-SFB1, open Skype for Business Server Control Panel, and then go to Network Configuration.
2. Create a new region named Europe.
3. Create a new site named London.
4. Add the subnet 172.16.0.0/24, and then link it to the London site.
5. Create a bandwidth policy named London Limit with the following values:
o Audio limit: 1200
o Audio session limit: 60
o Video limit: 2500
o Video session limit: 250
6. Associate the London Limit policy with the London site.
Question: What can you control by using CAC?
Question: What happens if the CAC limit is reached?

Lesson 4
Configuring Conferencing Settings
Skype for Business Server offers a full-featured conference solution. Knowing how to configure and
control access to the different functionalities is crucial for a successful deployment of Skype for Business
Server conferencing.
This lesson will show you how to configure the conferencing settings and policies, and it will introduce the
concept of limiting IP ports that are used for different modalities such as audio, video, sharing, and file
transfers.
Lesson Objectives
• Describe conferencing policies.
• Explain how to use the Skype for Business Server Management Shell to configure conferencing
policies.
• Manage conferencing policies by using the Skype for Business Server Management Shell.
Overview of Conferencing Policies

When restricting or granting access to conference
functionality, you primarily use a conferencing
policy.
Ground rules
Any given conference has only one applied
conferencing policy—namely, that of the meeting
organizer. A conferencing policy sets the level of
access and the features that are available; all
presenters in a meeting share the conferencing
policy that belongs to the organizer.
The default policy is set at the global level, and it

grants Skype for Business Server allowance requiring Enterprise client access license (CAL).. A conferencing
policy can be either global, site, or user—any user will always be under just one conferencing policy. If a
user’s conferencing policy is set to Automatic, the user will receive the global conferencing policy unless a
site policy has been assigned to the site to which the user’s registrar pool belongs.
You must grant user-level conferencing policies by using Skype for Business Server Control Panel or the
Skype for Business CAL

If your deployment has users under a Standard CAL, you will need to create a more restrictive
conferencing policy and assign it to the Standard CAL users. Standard CAL users, for instance, can only
initiate instant messaging conferencing without audio, video, sharing, or web conferencing functionality.
Standard CAL users who are promoted to presenter during a meeting will have the same feature set as an
organizer.
Most conferencing policy settings are available by using Skype for Business Server Control Panel, but
certain settings, like maximum bandwidth allowance for audio, video, application and screen sharing, and
file transfers, are only available by using the Skype for Business Server Management Shell.
Conferencing policy settings overview

Following are the settings available:
• Maximum meeting size:
o Number of allowed participants; overflow users will be turned away with a notice that the
meeting is full
• Anonymous users:
o Controls whether nonfederated, nonauthenticated guest users are permitted in conferences
• Recording:
o Enable or disable the recording of meetings
o Either users from same deployment only or all users can record
• Audio/video:
o Disable or enable audio only or enable audio and video
o Control access to dial-in conferencing
o Control access to dial-out from meeting
o Control multiple video streams—that is, gallery view or only the active speaker
• Data collaboration:
o Disable all collaboration or enable some or all collaboration features

o Content download settings
o File transfer settings
o Enable or disable annotations on PowerPoint

o Enable or disable polls
o Enable or disable Q&A sessions
• Application sharing:
o Enable or disable the use of application sharing
o Allow for sharing control
o Allow for sharing control with federated and anonymous users
o Disabled for Standard CAL users

• Participant policy:
o Disable participant option for sharing
o Enable application sharing
o Enable both application and full desktop and screen sharing
o Enable peer-to-peer file transfer
o Enable peer-to-peer recording
o Enable participants to join multiple video streams
Using the Skype for Business Server Management Shell to Configure a

Conferencing Policy
Like all other Skype for Business Server Control
Panel settings, you can fully manage a conferencing
policy from the Skype for Business Server
Management Shell. In the Skype for Business Server
Management Shell, you can run Get-
CsConferencingPolicy to list all currently
configured policies and their settings.
These are the settings that you can configure by

using the Skype for Business Server Management
Shell:
AllowAnonymousUsersToDialOut
AllowAnonymousParticipantsInMeetings
AllowFederatedParticipantJoinAsSameEnterprise
AllowExternalUsersToSaveContent
AllowExternalUserControl
AllowExternalUsersToRecordMeeting
AllowPolls
AllowSharedNotes
AllowQandA
AllowOfficeContent
EnableDialInConferencing
EnableAppDesktopSharing
AllowConferenceRecording
EnableP2PRecording
EnableFileTransfer
EnableP2PFileTransfer
EnableP2PVideo
AllowLargeMeetings
EnableOnlineMeetingPromptForLyncResources
EnableDataCollaboration
MaxVideoConferenceResolution
MaxMeetingSize
AudioBitRateKb
VideoBitRateKb
AppSharingBitRateKb
FileTransferBitRateKb
TotalReceiveVideoBitRateKb
EnableMultiViewJoin
Note: You can control settings that relate to resolution and transfer bit rates only from the
When creating a new conferencing policy by using the Skype for Business Server Management Shell, use
the following format:
New-CsConferencingPolicy –Identity NameofNewPolicy
For example:
New-CsConferencingPolicy –Identity TESTPOL
To change the settings in a policy, use the following format:
Set-CsConferencingPolicy –Identity NameofPolicy –ValuetoChange WantedValue
For example:
Set-CsConferencingPolicy –Identity TESTPOL –AllowQandA 0 –AllowPolls 1
The above example disables Q&A sessions while allowing polls.

To grant a conferencing policy to a user by using Windows PowerShell, use the following format:
Grant-CsConferencingPolicy –Identity UsertoGrantPolicyto –PolicyName NameofPolicytoGrant
For example:
Grant-CsConferencingPolicy –Identity ed@adatum.com –PolicyName TESTPOL
To delete a conferencing policy from Skype for Business Server, use the following format:
Remove-CsConferencingPolicy –Identity NameofPolicytoDelete
For example:
Remove-CsConferencingPolicy –Identity TESTPOL
Note: Skype for Business Server will issue a warning if a policy is currently assigned to any
users.
With the Skype for Business Server Management Shell, you can perform batch operations on multiple
users by using filters in your queries.
Configuring Meeting Settings

When users connect to a meeting by using the link
in a meeting invitation, the mechanism for joining
the meeting detects whether they have Skype for
Business or a previous version of the meeting client
installed on their devices. If they do not, the Skype
for Business Web App starts, through which the
users join the meeting.
Additionally, configuration settings for a meeting

can apply at the global, site, or pool level, including
URLs for a logo, help, legal text, and custom footers.
You can also configure dial-in conferencing settings
can on the Dial-in Access Number page.
Demonstration: Managing Conferencing Policies by Using the Skype for

Business Server Management Shell
• Open the Skype for Business Server 2015 Management Shell as an administrator
• Create a new policy called Testpol
• Disable QandA sessions
• Assign Testpol to ed@adatum.com

• Remove Testpol
Demonstration Steps
1. On LON-SFB1, open the Skype for Business Server Management Shell as Administrator.
2. Create a new conferencing policy named Testpol by using New-CsConferencingPolicy.
3. Disallow the use of Q&A sessions in the Testpol conferencing policy by using Set-
CsConferencingPolicy.
4. Validate the new setting in the Testpol conferencing policy by using Get-CsConferencingPolicy.
5. Assign the Testpol conferencing policy to ed@adatum.com by using Grant-CsConferencingPolicy.
6. Validate that Ed Meadows is now assigned the Testpol conferencing policy.
7. Configure Ed Meadows to use the global conferencing policy by using Grant-

CsConferencingPolicy.
8. Delete the Testpol conferencing policy by using Remove-CsConferencingPolicy.
9. Validate the deletion by using Get-CsConferencingPolicy.
Statement Answer
You have access to the same conferencing policy settings whether

you use Skype for Business Control Panel or the Skype for Business
Statement Answer
Server Management Shell.
Question: Which conferencing policy is applied in a meeting: that of the organizer or the
current presenter?
Lab B: Configuring Conferencing in Skype for Business

Server
Scenario
A. Datum is currently using a vendor for its audio and video conferencing. Now that administrators have
enabled Skype for Business for the entire company, A. Datum plans to use it for all conferencing. Different
functional groups of users at A. Datum have different conferencing needs.
Your task is to configure the required conferencing policies and assign them to users based on their
location in the adatum.com Active Directory domain.
Objectives
• Configure Skype for Business conferencing.
• Assign different conferencing policies to different subsets of users.

• Validate Skype for Business conferencing policies.
• Validate Office Online Server integration.
Lab Setup

20334B-LON-RTR, 20334B-LON-EX1, 20334B-LON-SVR1, 20334B-LON-CL1, 20334B-LON-CL2
Password: Pa$$w0rd
For this lab, you will use the available virtual machine environment. This lab requires the following virtual
machines, which should still be running from the previous lab:
• 20334B-LON-DC1
• 20334B-LON-SFB1
• 20334B-LON-SFB2
• 20334B-LON-SQL1
• 20334B-LON-RTR
• 20334B-LON-EX1
• 20334B-LON-SVR1
For this lab, you also need to start 20334B-LON-CL1 and 20334B-LON-CL2.
Before you begin the lab, complete the following steps:
2. In Hyper-V Manager, click 20334B-LON-CL1, and then in the Actions pane, click Start.
3. Browse to C:\Program Files\Microsoft Learning\20334\Drives and double-click LON-CL1.RDP.

Click Connect and accept all other notifications.
o User name: Ed
o Domain: Adatum
5. In Hyper-V Manager, click 20334B-LON-CL2, and then in the Actions pane, click Start.
6. Browse to C:\Program Files\Microsoft Learning\20334\Drives and double-click LON-CL2.RDP.

Click Connect and accept all other notifications.
o User name: Amr
o Domain: Adatum
Exercise 1: Configuring, Assigning, and Validating Conferencing Policies

Scenario
A. Datum wants to allow IT department users to conduct meetings that internal participants, external
participants, and anonymous participants can all record. Additionally, when A. Datum managers conduct
meetings, they should not be able to share their desktop or other applications, and external participants
should not be able to download the content that other participants share in these meetings.
1. Configure conferencing policies.

2. Assign conferencing policies.
3. Validate conferencing policies.
4. Validate Office Online Server integration.
 Task 1: Configure conferencing policies

1. On LON-SFB1, use the Skype for Business Server Management Shell to create a new conferencing
policy named IT, and then allow external participants to record meetings.
2. Use Skype for Business Server 2015 Control Panel to configure a new conferencing policy named
Management, and then disallow external participants from downloading content. Sign in to
Skype for Business Server 2015 Control Panel as Adatum\Administrator with the password
Pa$$w0rd.
 Task 2: Assign conferencing policies

1. Grant the IT policy to all users in the IT organizational unit (OU) by typing the following command in
the Skype for Business Server Management Shell:
Get-CsUser -OU "ou=IT,dc=adatum,dc=com" | Grant-CsConferencingPolicy -PolicyName IT
2. Grant the Management policy to all users in the Managers OU by using Skype for Business Server
2015 Control Panel.
 Task 3: Validate conferencing policies

1. On LON-CL1, start an ad hoc meeting.
2. Invite Amr Zaki to the meeting.
3. Switch to LON-CL2, and then accept the meeting invitation.
4. In the Conversation (2 Participants) window, in the lower-right corner, click More Options. Note that
there is no option to share the desktop or applications.
5. On both client machines, hang up and close the conference windows.
6. On LON-CL2, start the meeting as Amr, who is a part of the IT OU.
7. Invite Ed to the meeting.
8. Switch to LON-CL1, and then accept the invitation from Amr Zaki.
9. On LON-CL2, share the desktop.
10. Switch to LON-CL1, and then check how remote desktop sharing works.
11. Switch to LON-CL1, and then stop presenting.
 Task 4: Validate Office Online Server integration

1. On LON-CL1, open PowerPoint 2016 and create a test PowerPoint presentation named Office Online
Test. Save the file to the desktop.
2. Present the Office Online Test PowerPoint presentation.
3. Validate that Amr is able to see the PowerPoint presentation on LON-CL2.
4. End the meeting.
5. Close the Remote desktop sessions on LON-CL1 and LON-CL2.

steps:
Results: After completing this exercise, you should have configured two new conferencing policies named
IT and Management, and you will have configured them according to A. Datum specifications.
Question: When would you use the Skype for Business Server Management Shell be over
Skype for Business Control Panel?
Question: How do you validate Office Online Server functionality?


Best Practice
Users will need some introduction to Skype for Business conferencing features. Neglecting an introduction
to Skype for Business will limit your return on investment.

Unable to join a meeting from the meeting

link in Outlook
Bad audio
Review Question
Question: What is the default meeting size?

• Beware of PCs with multiple network connections—that is, wired and wireless. Always use only one
connection.
• High-definition video is not enabled by default; you can enable it by using Set-
CsMediaConfiguration.
6-1
Module 6
Implementing Additional Conferencing Options in
Skype for Business Server 2015
Contents:
Module Overview 6-1
Lesson 1: Overview of the Conferencing Life Cycle 6-3
Lesson 2: Designing and Configuring Audio/Video and Web Conferencing

Policies 6-7
Lab A: Implementing and Troubleshooting Conferencing Policies 6-11
Lesson 3: Deploying Dial-In Conferencing 6-15

Lesson 4: Configuring an LRS 6-24
Lesson 5: Configuring Large Meetings and Skype Meeting Broadcasts 6-28
Lab B: Configuring Additional Conferencing Modalities 6-32

Module Overview
Skype for Business Server 2015 enables an administrator to exert a high degree of control on the
conferencing life cycle and the policies that control the conferencing experience. Understanding the
conferencing life cycle and policies will help you design and implement additional conferencing options,
such as content retention and the lifetime of abandoned meetings. Additionally, this knowledge will assist
you with troubleshooting.
Skype for Business Server includes support for dial-in conferencing, which allows external participants to
join the audio portion of a meeting via a public switched telephone network (PSTN). This module will
teach you the basics of Session Initiation Protocol (SIP) trunking and the required minimum setup for
dial-in conferencing.
Skype for Business Server includes support for LRS, the Microsoft-endorsed meeting room solution. This
module will teach you how to perform basic LRS setup, including required configuration in the Microsoft
Exchange environment.
The recommended default meeting size in Skype for Business Server is up to 250 participants. However,
designing an on-premises Skype for Business Server deployment that supports up to 1,000 simultaneous
participants is possible. Obviously, hosting a meeting with 1,000 simultaneous audio and/or video streams
would require substantial available bandwidth. With Skype for Business Server configured in the cloud or
as a hybrid deployment, Skype Meeting Broadcast can now support up to 10,000 participants. This
module discusses Skype Meeting Broadcast later.
6-2 Implementing Additional Conferencing Options in Skype for Business Server 2015
Objectives
• Administer the conferencing life cycle.
• Design and configure conferencing and meeting policies.
• Deploy dial-in conferencing.
• Configure the infrastructure for the Microsoft Lync Room System (LRS).
• Configure large meetings and Skype Meeting Broadcast.

Lesson 1
Overview of the Conferencing Life Cycle
The conferencing life cycle refers to the entire process of setting up and hosting conferences in
Skype for Business. The conferencing life cycle includes conference creation, content upload, and
using shared content until a meeting expires and all content deletes.
To support and operate a conferencing system, you need to know Skype for Business Server’s default
behavior, and you need to know how to change the required policies to control the environment—for
example, when to delete uploaded content from a meeting space.
Lesson Objectives
• Describe the conferencing life cycle.
• Describe conference creation, activation, deactivation, and expiration.

• Configure policies that relate to the conferencing life cycle.
What Is the Conferencing Life Cycle?

The conferencing life cycle is the time from when a
meeting is scheduled or created until the time that
Skype for Business Server determines that the
conference has expired, and hence, deletes the
content and all references to the meeting in Skype
for Business Server. The conferencing life cycle can
be divided into four stages:
1. Conference creation:
o Conferences create when a user clicks

Meet Now or schedules a meeting.
2. Conference activation:
o Immediate activation occurs when a user clicks Meet Now.
o For scheduled meetings, activation occurs when the first authenticated user joins the meeting.
3. Conference deactivation:
o Conferences deactivate when the presenter clicks End Meeting in the More Options menu.
o Conferences deactivate 10 minutes after the last authenticated user leaves the conference.
4. Conference expiration:
o Conference expiration is the time from conference deactivation until the information about the
conference is removed from Skype for Business Server Back End databases and the content that
was in the meeting space deletes.
o When using Meet Now, a conference expires after eight hours.

o For scheduled meetings, expiration occurs after 15 days.
Conference Creation and Activation

Conference creation and activation occurs at the
same time for ad hoc and Meet Now meetings.
Scheduled meetings activate after the first

authenticated user joins a meeting.
Conference creation
When a user schedules a conference or uses the
Meet Now feature, the meeting client—the Skype
meeting plug-in for Microsoft Outlook or the Lync
2010, Lync 2013, or Skype for Business 2013
client—contacts the Focus Factory in
Focus Factory is a component that checks the conferencing policy of a meeting organizer and responds
to the meeting client with the conferencing capabilities and connection information. In a Meet Now
meeting, the Skype for Business client consumes the returned information to connect immediately. If the
Skype meeting plug-in for Outlook is used, the returned information passes as connection information
that displays in the meeting invitation.
When Focus Factory determines that a user might schedule a meeting, it generates a meeting ID and
writes the references regarding the meeting to the back-end database.
Note: Meet Now meetings are scheduled meetings that activate immediately. Focus
Factory has the same responsibilities regardless of a meeting being Meet Now or scheduled.
Conference activation
Conference activation occurs when an authenticated user joins a meeting, which in turn starts the
conferencing deactivation timer. A Meet Now meeting activates when the meeting starts.
Authenticated users validate by using user names and passwords against Active Directory Domain Services
(AD DS) or by using phone numbers and PINs. When connecting from a Skype for Business 2015 client,
authentication occurs at sign-in.
Conference Deactivation
Conference deactivation occurs when a meeting is
idle, no authenticated users are in the meeting
space, or a presenter clicks End Meeting on the
More Options menu.
Note: Authenticated users are users from an organization’s Skype for Business 2015
deployment who have accounts in the AD DS domain. Users validate through the
Skype for Business client or another supported client. If a user joins a meeting as an
authenticated user via dial-in conferencing, then the user authenticates by using their PIN
and phone number.
When a meeting is in a deactivated state, an authenticated user can reactivate it by joining the meeting
before it expires. A reactivated conference has the same properties as a newly activated conference.
If users leave a Skype for Business meeting without ending it, the deactivation timer works as follows:
• 20 minutes if no authenticated users are left in the conference
• 90 minutes if no authenticated user joins the conference
• 24 hours if no new users join the conference
After reaching the deactivation state, the meeting expiration timer starts.
Conference Expiration
Conference expiration is the point in time where
references in back-end databases and any meeting
content in the Skype for Business file share deletes.
After expired and deleted, a URL to join a meeting
is invalidated and returns an error if activated.
The default timers vary among an ad hoc meeting,

a Meet Now meeting, and a scheduled meeting.
Meet Now meetings expire after eight hours, and
scheduled meetings expire after 15 days by default.
The ContentGracePeriod parameter in the
conferencing configuration settings controls a
scheduled meeting’s expiration timer.
You can apply conferencing configuration settings at the global, site, or service level. The service level is
actually the web conferencing service, which in turn would be the same as the pool level.
Demonstration: Configuring Conferences

This demonstration shows conferencing configuration controls, including the content grace period, the
maximum storage space that is available for a meeting, and the bandwidth allowance for application and
desktop sharing.
Demonstration Steps
1. On LON-SFB1, open the Skype for Business Server Management Shell as an administrator.
2. Verify the current configuration by using the Get-CsConferencingConfiguration command.
3. Create new conferencing configuration settings for the A. Datum Corporation’s headquarters site by
using the New-CsConferencingConfiguration command, and then set the content grace period to
24 hours.
4. Validate the new settings by using the Get-CsConferencingConfiguration command.
5. Delete the conferencing configuration for A. Datum headquarters by using the Remove-
CsConferencingConfiguration command.
Question: What are the three different scopes in which you can apply a conferencing
configuration?
Question: When does content delete from the meeting file share?
Lesson 2
Designing and Configuring Audio/Video and Web
Conferencing Policies
Skype for Business Server administrators control most aspects of the conferencing experience by
configuring and using policies. While some settings are available in Skype for Business Server Control
Panel, some are available only through the Skype for Business Server Management Shell.
A fresh Skype for Business Server installation has all the required policies in place for enabled users to start
using the Skype for Business Server conferencing system. By default, conferencing policies that apply on
the global scope grant permissions to the conferencing system for users who have an Enterprise client
access license (CAL).
In a production environment, it is common for different users with different needs to have different Skype
CAL allowances. As a Skype for Business Server administrator, you must know what different policies
control.
Lesson Objectives
After completing this lesson, you will able to:
• Explain how to configure Skype meeting invitation content.
• Customize Skype meeting invitations.
• Describe the default conferencing policy.
• Describe organizer and participant policies.
• Identify the differences between Skype for Business Server Control Panel versus the
Meeting Invitation Customization

Skype for Business Server administrators can
customize the content of a new Skype meeting
invitation that Outlook generates by using meeting
configuration settings.
You can apply meeting configuration settings on a

global, site, and pool scope. Meeting configuration
settings govern any additional content that Skype
meeting invitations must include, including logo,
help and legal URLs, and footer text.
Besides meeting invitation customization, another

setting in a meeting configuration policy is
Assigned conference type by default, which is
enabled by default. In versions before Lync 2013, when a user scheduled a new meeting, this setting
would make every meeting share the same meeting ID unless the organizer changed any of the meeting
options. This allowed users to join meetings ahead of time because they are all in the same meeting room.
Since Lync 2013, the default setting in the Skype meeting plug-in is to use a new meeting ID for all new
meetings.
Note: If you change the Assigned conference type by default setting, a pop-up message
in Outlook will inform users with previously scheduled Skype for Business meetings that the
security settings have changed, and that existing meetings might need to be updated and sent
again. This relates to all meetings that use the organizer’s default meeting URL—these all need to
be assigned new, unique meeting IDs, and hence, new meeting URLs.
When users click New Skype Meeting, Outlook contacts the Skype for Business client that is running
locally, which in turn pulls the customization settings from the assigned meeting configuration settings.
Customization includes:
• Logo URL, which inserts an organizational logo into Skype meeting invitations:
o There is no actual size restriction, but for best results, the recommended maximum size should be
30 pixels high × 188 pixels wide.
o Either JPEG or GIF.

o On an externally accessible URL.
• Help URL, which enables a custom link to an organization’s own help pages. If not set, it will point to
Microsoft help pages:
o Change the help link from official Microsoft support pages to your own webpage.
o Maximum URL size is 1 kilobyte (KB).

• Legal text URL, which enables an optional link to a legal disclaimer page to include in meeting
invitations:
o URL for legal text or disclaimers.
o Maximum URL size is 1 KB.
• Custom footer text, which inserts any text as footer text in meeting invitations:
o Text rendered as a footer in an invitation.
o Maximum content size is 2 KB.
Demonstration: Customizing Meeting Invitations

The instructor will now demonstrate how to add custom text to Skype meeting invitations.
Demonstration Steps
1. On LON-SFB1, sign in to Skype for Business Server 2015 Control Panel, and then configure the global
meeting configuration with custom footer text.
2. On LON-CL1, open Outlook, schedule a new Skype meeting, and then verify that the custom footer is
visible in the invitation.
Default Conferencing Policy

When a new Skype for Business Server 2015 server
deploys, the default conferencing policy applies to
all conferences. The default conferencing policy
governs what sharing features are available, such as
desktop, file transfer, and annotations on Microsoft
PowerPoint presentations, and it sets some default
settings, such as a maximum meeting size of up to
250 participants.
The default conferencing policy applies at the

global level and gives all users access to
conferencing features that require Enterprise CALs;
for example, users might use application sharing
and conferences with up to 250 users. While some organizations prefer to grant all users access to all
Skype for Business features, others might differ because of license restrictions.
Standard CAL users are not permitted to initiate audio/video conferencing and web conferencing.
Additionally, they are not permitted to share applications or the desktop. Standard CAL users can only use
these features if a presenter with an Enterprise CAL organizes the meeting.
If Standard CAL users are supported, you should reconfigure the default conferencing policy to match the
access permissions of a Standard CAL user to avoid unintentionally granting Enterprise CAL access. You
should grant Enterprise CAL access—that is, access to all conferencing modalities—by using user-level
conferencing policies.
Organizer and Participant Policy

Only one conferencing policy applies when a
Skype for Business 2015 meeting starts—that of the
organizer. This design implies that in any given
Skype for Business meeting, all participants must
share the same base set of rules.
The conferencing policy contains two parts: the

organizer policy and the participant policy. The
organizer policy governs most meeting settings,
such as the maximum number of participants,
authentication requirements, recording, and
modalities. The participant policy governs if
participants can share applications or desktops,
perform peer-to-peer file transfers, perform peer-to-peer recordings, and join multiple video streams,
such as in Gallery View.
Note: Most settings in the conferencing policy of any user also apply for peer-to-peer
communications; for instance, one user can use video while the other cannot.
Control Panel vs. Management Shell

When working with conferencing policies, you can
use Skype for Business Server Control Panel or the
All user-related settings are exposed in

Skype for Business Server Control Panel. The
Skype for Business Server Management Shell adds
settings regarding maximum bit rate for audio,
video, file transfer, and app sharing, and it dictates
the maximum resolution for conference video as
either CIF or VGA. CIF resolution equals 352 × 240,
whereas the default VGA setting offers 640 × 480.
Conferencing policies also govern peer-to-peer

sessions’ maximum bit rate for audio, video, file, and app sharing.
Question: To which scope can a participant policy apply: global, site, pool, user, or all?
Lab A: Implementing and Troubleshooting Conferencing

Policies
Scenario
A. Datum wants to use conferencing policies at three levels, and the requirements are as follows:
• You will configure a policy for the managers that will give them the right to hand over control to
federated and anonymous users when sharing and allow recording.
• You will allow A. Datum headquarters to record meetings.
• The global policy will limit meeting size to 20 participants.
You have been tasked with configuring the policies to achieve the desired result. Additionally, you will
troubleshoot issues with recording at the A. Datum headquarters site.
Objectives
• Create and configure conferencing policies.
• Troubleshoot conferencing policies.
Lab Setup

20334B-LON-EX1, 20334B-LON-RTR, 20334B-LON-CL1, 20334B-LON-CL2
User Name: Adatum\Administrator, Adatum\Ed for LON-CL1, Adatum\Amr for LON-CL2
Password: Pa$$w0rd
o Domain: Adatum
5. Repeat steps 2 and 3 for 20334B-LON-SFB1, 20334B-LON-SFB2, 20334B-LON-SQL1,

20334B-LON-EX1, 20334B-LON-RTR, 20334B-LON-CL1, and 20334B-LON-CL2.
6. Browse to C:\Program Files\Microsoft Learning\20334\, double-click LON-CL1.RDP, click

Connect, and then accept all other notifications.
7. Sign in to LON-CL1 by using the following credentials:
o User name: Ed
o Domain: Adatum
8. Browse to C:\Program Files\Microsoft Learning\20334\, double-click LON-CL2.RDP, click

Connect, and then accept all other notifications.
o User name: Amr
o Domain: Adatum
At the end of this lab, leave all the virtual machines running because the next lab needs them.
Exercise 1: Creating and Editing Conferencing Policies

Scenario
You have been tasked with configuring the conferencing policies at A. Datum to meet the following
requirements:
• You will configure a policy for managers that will give them the right to hand over control to
federated and anonymous users when sharing and recording.
• You will allow A. Datum headquarters to record.
• The global policy will limit meeting size to 20 participants.
You will solve this task by using Skype for Business Server Control Panel and the Skype for Business Server
Management Shell.
1. Edit the global conferencing policy.

2. Create a site conferencing policy named Adatum Headquarters.
3. Create a user conferencing policy named Managers Conferencing Policy.
4. Grant the Managers Conferencing Policy to all members of the AD DS global group named
Managers.
 Task 1: Edit the global conferencing policy

1. On LON-SFB1, sign in as Adatum\Administrator with the password Pa$$word, and then open
Skype for Business Server Control Panel.
2. Enable all the users in the Managers organizational unit to be Skype users.
3. In the global conferencing policy, change the Maximum meeting size setting to 20, and then click
Commit.
 Task 2: Create a site conferencing policy named Adatum Headquarters

1. In Skype for Business Server Control Panel, create a new site-level conferencing policy for the Adatum
headquarters site.
2. Enable organizer recording and participant peer-to-peer recording, and then click Commit.
3. Minimize Skype for Business Server Control Panel.

 Task 3: Create a user conferencing policy named Managers Conferencing Policy

1. Open the Skype for Business Server Management Shell as an administrator.
2. Create new conferencing policy named Managers Conferencing Policy, and then set
AllowExternalUserControl, AllowConferenceRecording, and EnableP2PRecording to True.
 Task 4: Grant the Managers Conferencing Policy to all members of the AD DS global
group named Managers
• Use variables in the Windows PowerShell command-line interface to grant the Managers
Conferencing Policy to all members of the global group named Managers:
foreach ($user in $users){Grant-CsConferencingPolicy -PolicyName "Managers

Conferencing Policy" -Identity $user}
Results: After completing this exercise, you should have configured the default global conferencing policy
by using Skype for Business Control Panel, created and assigned a site-level conferencing policy to A.
Datum headquarters, and created and assigned a user-level conferencing policy to all managers.
Exercise 2: Troubleshooting Conferencing Policies

Scenario
One user at A. Datum headquarters, Amr Zaki, has contacted first-level support and reported that he
seems to be the only user at A. Datum headquarters without the option to record both peer-to-peer and
meeting sessions.
Your task is to investigate the conferencing policies, to figure out why Amr is unable to record, and to
resolve the issue.
1. Introduce an error into the configuration.
2. Verify an error in recording.

3. Troubleshoot conferencing.
 Task 1: Introduce an error into the configuration

• On LON-SBF1, in the Skype for Business Server Management Shell, run
C:\LabFiles\Lab6ABreakIt.ps1.
 Task 2: Verify an error in recording

1. On LON-CL2, in the Skype for Business client, under Presence, click Sign Out.
2. When signed out, click Sign In to sign back in.
3. Repeat steps 1 and 2 on LON-CL1 as Adatum\Ed.
4. Initiate a Skype call between Ed and Amr, and then verify that Amr is unable to record.
5. On LON-CL1, verify that Ed does have the option to record.
 Task 3: Troubleshoot conferencing

1. Use your knowledge about conferencing policies and scopes to fix Amr’s problem.
2. Be ready to share your findings with the class.
3. Contact the instructor if you are stuck.

4. When you have identified the problem, run the script named Lab6AFixIt.ps1 in C:\LabFiles.
5. Switch to LON-SFB1, and then in the Skype for Business Server Management Shell, type
.\Lab6AFixIt.ps1, and then press Enter.

virtual machines, but leave them running in preparation for the next lab.
Results: After completing this exercise, you should have verified that Amr Zaki is correctly configured for
conferencing.
Question: Why use the Skype for Business Server Management Shell?
Question: Share your findings about Amr’s recording issue.

Lesson 3
Deploying Dial-In Conferencing
Skype for Business Server supports dial-in conferencing so that users who require audio only can connect
by using any phone that has access to the PSTN. The infrastructure for deploying PSTN connectivity is the
same as Enterprise Voice.
This lesson introduces the Enterprise Voice infrastructure, which comprises PSTN gateways, SIP trunks,
Mediation Servers, dial plans, and voice policies. When Enterprise Voice is already configured in
Skype for Business Server, the common steps for enabling dial-in conferencing support are:
1. Add dial-in conferencing regions to dial plans:
a. Dial plans handle number manipulation and consist of normalization rules for interpreting
received numbers. For example, a user in Denmark might just dial eight digits to reach a Danish
subscriber; a dial plan normalization rule would detect the eight digits and add “+45” in front of
the number to format it according to E.164, the recommended format. For example, “xxxxxxxx”
becomes “+45xxxxxxxx” before being sent to the gateway.
b. Only one dial plan applies to a user with Enterprise Voice.
c. The dial-in conferencing region in the user’s dial plan sets the default dial-in numbers, which
Skype meeting invitations include.
2. Assign or reserve a direct inward dialing (DID) number, which is a publicly accessible phone number
that a phone provider supplies.
3. Configure the DID number as a dial-in access number:
a. Configure a SIP address.
b. Associate the DID number with a pool.

c. Configure a primary language and up to four secondary languages.
d. Associate the DID number with one or more conferencing regions.
Knowledge of these components enables you to deploy and configure dial-in conferencing in
Lesson Objectives
• Describe the dial-in conferencing features in Skype for Business Server.
• Describe the requirements for dial-in conferencing in Skype for Business Server.
• Describe the configuration options for dial-in conferencing in Skype for Business Server.
• List the deployment steps for dial-in conferencing in Skype for Business Server.
• Deploy dial-in conferencing in Skype for Business Server.

The Dial-In Conferencing Features in Skype for Business Server

Dial-in conferencing in Skype for Business Server
supports the following types of users:
• Enterprise users who have AD DS credentials

and Skype for Business 2015 accounts in their
organization.
• Anonymous users who do not have enterprise

credentials in an organization.
Note: In dial-in conferencing, federated users

do not authenticate when using PSTN, and they are
considered anonymous users.
Enterprise users who join a dial-in conference

Enterprise users or conference leaders who join a conference that is enabled for dial-in access can dial one
of the conference access numbers, and they are then prompted to enter the conference ID. If a leader has
not yet joined the meeting, users can either enter their unified communications (UC) extension (or full
phone number) and PIN, or they can wait for a leader to admit them. Meeting organizers can join a
meeting as a leader by entering just their PIN from an authenticated device; for example, a user who dials
in from a phone that has a phone number that is associated with the user’s account in AD DS does not
have to enter the phone number.
Authenticating enterprise users

A Front End Server uses a combination of a full phone number or extension and a PIN to map enterprise
users uniquely to their AD DS credentials. As a result, enterprise users authenticate and identify by name
in the conference. Enterprise users can also assume a conference role that the organizer defines.
Note: Enterprise users who dial-in from a device with a known number in the AD DS
domain only have to enter their PIN. If the number exists as a phone number on the user account
in AD DS, that user’s PIN is required as authentication.
Anonymous users who join a dial-in conference

Anonymous users who dial one of the conference access numbers are prompted to enter a conference ID.
Anonymous users cannot enter a conference until at least one leader or authenticated user has joined.
Additionally, they cannot occupy a predefined role unless the meeting policy allows dial-in users to
bypass the lobby. Unauthenticated anonymous users are prompted to record their name; this name
announces to other participants if entry and exit announcements are enabled.
Closing or locking meetings

When scheduling a meeting, the meeting organizer can choose to restrict access to the meeting by
closing or locking the meeting. In this case, dial-in users are asked to authenticate. If they do not have a
valid phone number and PIN or choose not to authenticate, they transfer to the lobby where they wait
until a leader accepts them, rejects them, or they time out and then disconnect.
Dial-in participants
Dial-in participants hear music if they are waiting to be admitted to a conference. After admission to a
conference, dial-in users can participate in the audio portion of the conference and can use dual-tone
multiple-frequency (DTMF) commands by using a phone keypad.
Dial-in participants, whether or not they are dialing in from a PSTN phone, hear personal announcements
during the conference, such as whether:
• They have been muted or unmuted.
• The meeting is being recorded.
• Someone is waiting in the lobby.
All dial-in participants can use DTMF commands to hear help content, to listen to the conference roster,
and to mute themselves.
Dial-in leaders
Dial-in leaders and some client users can use DTMF commands to turn on or off the participants' ability
to unmute, lock or unlock the conference, admit participants from the lobby, and turn entry and exit
announcements on or off. Leaders and some client users can also use a DTMF command to admit
everyone from the lobby, which changes the permissions of the meeting to allow anyone who
subsequently joins.
Requirements for Dial-In Conferencing

Besides the connectivity and dependency on PSTN,
Skype for Business Server has defined requirements
for successful dial-in conferencing deployment.
Hardware and software requirements

In addition to the hardware and software
requirements for Front End Servers, other
requirements include Application service,
Conferencing Attendant service, Conferencing
Announcement service, the dial-in conferencing
settings webpage, and at least one Mediation
Server/PSTN gateway.
The Conferencing Attendant service and the Conferencing Announcement service require that Windows
Media Format Runtime is installed on Front End Servers. This is included in the Desktop Experience in
Windows Server 2008 R2 and in the Microsoft Media Foundation in Windows Server 2012.
Windows Media Format Runtime is required to play Windows Media Audio files for on-hold music,
recorded names, and prompts. Windows Media Format Runtime installs automatically when you install
Port requirements
If you use a load balancer, ensure that you configure the load balancer for the ports that any applications
that will run in the pool use. These ports are default settings that you can change by using the Set-
CsApplicationServer cmdlet.
All instances of the same application in a pool use the same SIP listening port.
The following table lists and describes the ports that dial-in conferencing uses.
Port number Description
5072 Used by the Conferencing Attendant service for SIP listening requests
5073 Used by the Conferencing Announcement service for SIP listening

requests
Other ports might be in use depending on the setup. For example, SIP trunks, PSTN gateways, trusted
apps, and third-party apps might use these ports.
Authenticated user requirements

Dial-in conferencing users must have a unique phone number or extension assigned to their Skype
for Business account to authenticate. The Skype for Business account is actually the user’s AD DS account.
When authenticating via DTMF tones, you can only use numbers. This requirement supports
authentication during dial-in conferencing. Enterprise users—that is, users who have AD DS credentials
and Skype for Business Server accounts within an organization—enter their phone numbers or extensions
and a PIN to dial in to conferences as authenticated users.
Configuration Options for Dial-In Conferencing

Skype for Business Server communications software
contains several components for dial-in
conferencing. These components automatically
install and activate when a Skype for Business
Server Front End pool is configured with dial-in
conferencing within Topology Builder and the
required next steps occur, including running local
setup on all involved Front End pool members.
Application service
Application service provides a platform for
deploying, hosting, and managing UC applications.
Dial-in conferencing uses two UC applications that
require Application services—the Conferencing Attendant service and Conferencing Announcement
service.
Conferencing Attendant service

The Conferencing Attendant service is a UC application that accepts PSTN calls, plays prompts, and joins
the calls to an audio/video conference. When a user is prompted to enter their conference information,
the Conferencing Attendant service uses an interactive voice response. When the call connects to a
conference, the Conferencing Attendant service backs out and the Conferencing Announcement service
takes over.
Conferencing Announcement service

The Conferencing Announcement service is a UC application that plays tones and prompts PSTN
participants for certain actions, such as when participants join or leave a conference, participants are
muted or unmuted, someone enters the conference lobby, or a conference is locked or unlocked. The
Conferencing Announcement service also supports DTMF commands from a phone keypad.
Dial-in conferencing settings webpage

The dial-in conferencing settings webpage displays conference dial-in numbers with available languages,
assigned conference information (for meetings that do not need to be scheduled), and in-conference
DTMF controls. It also supports managing PIN and assigned conferencing information. The dial-in
conferencing settings webpage installs automatically as part of web services.
Skype for Business Server Mediation Server and PSTN gateway

Dial-in conferencing requires a Mediation Server to translate signaling between Skype for Business Server
and the PSTN gateway. For dial-in conferencing, you must deploy at least one Mediation Server and at
least one of the following:
• A PSTN gateway
• An IP Private Branch Exchange (IP-PBX) or audio gateway to connect to existing PBX
• A Session Border Controller for an Internet telephony service provider to which you connect by
configuring an SIP trunk
Note: If your Skype for Business Server design includes Enterprise Voice, Mediation Servers,
and PSTN, connectivity options will already be part of the deployment. If you are not deploying
Enterprise Voice, you will need to deploy at least one Mediation Server and at least one PSTN
connectivity option for dial-in conferencing to function.
File store
A file store is used for Recorded name audio files use a file store. A file store is a standard component in
every Skype for Business Server 2015 Enterprise Edition or Standard Edition deployment.
User store
The Skype for Business user store stores users’ PINs. The user store is a standard component in every
Skype for Business Server 2015 Enterprise Edition or Standard Edition deployment.

You can configure some dial-in settings by using Skype for Business Server Control Panel. For example,
you can use Skype for Business Server Control Panel to configure conferencing policy settings that specify
whether to enable a PSTN conference dial-in or whether users can invite anonymous participants to a
conference.
Skype for Business Server Management Shell

You can configure all dial-in settings by using Skype for Business Server Management Shell cmdlets.
Skype for Business Server Management Shell cmdlets are available for deploying, configuring, running,
monitoring, and troubleshooting the Conferencing Attendant service and the Conferencing
Announcement service.
Dial-In Conferencing Deployment Steps

Before you can configure dial-in conferencing, you
need to deploy Enterprise Voice or a Mediation
Server and a PSTN connectivity option. You must
perform all the steps described in the following
sections before users can dial in from a PSTN phone
to join an audio/video conference.
Step 1: Create a topology

Create a topology that includes the dial-in
conferencing workload, along with a Mediation
Server and PSTN gateway, and then deploy the
Skype for Business Server Front End pool or the
Standard Edition server. You can also update or
modify a topology configuration by running Topology Builder and then clicking the dial-in conferencing
option.
Note: This step is necessary only if you do not deploy Enterprise Voice and do not collocate
the Mediation Server with the Enterprise Edition Front End Server or Standard Edition server. If
you deploy Enterprise Voice, you install and configure Mediation Servers and PSTN gateways as
part of the Enterprise Voice deployment. If you collocate the Mediation Server, you install and
configure the Mediation Server as part of the Front End pool or the Standard Edition server
deployment.
The following permissions are necessary to create a topology:

• Membership in the Domain Admins group, or the equivalent in case of AD DS lockdown
• Membership in one of the following:
o RTCUniversalServerAdmins group
o CsVoiceAdministrator
o CsAdministrator
Step 2: Configure dial plans for dial-in conferencing

If you deploy Enterprise Voice, you set up dial plans as part of that deployment, and you need to ensure
that the dial plans also accommodate dial-in conferencing. If you do not deploy Enterprise Voice, you
need to set up dial plans for dial-in conferencing.
Use Skype for Business Server Control Panel or the Skype for Business Server Management Shell to set up
dial plans as follows:
1. Create one or more dial plans for routing dial-in access phone numbers.
2. Assign a default dial plan for each pool.
3. Set the dial-in conferencing region to the geographic location to which the dial plan applies. The
region associates the dial plan with dial-in access numbers.
Membership in one of the following groups or equivalent is necessary to configure dial plans for dial-in
conferencing:
• CsVoiceAdministrator
• CsAdministrator
Step 3: Ensure that dial plans are assigned to regions

Run the Get-CsDialPlan and Set-CsDialPlan cmdlets to ensure that all dial plans have an assigned
region, or set the region by using Skype for Business Server Control Panel.
Membership in at least one of the following groups or equivalent is necessary to assign regions to dial
plans:
• CsVoiceAdministrator
• CsAdministrator
Step 4: Verify PIN policy settings (optional)

Use Skype for Business Server Control Panel or the Skype for Business Server Management Shell to view or
modify the conferencing PIN policy. You can specify minimum PIN length, maximum number of sign-in
attempts, PIN expiration, and whether common patterns are allowed. CsAdministrator permissions are
necessary to verify policy settings.
Step 5: Configure a conferencing policy for dial-in conferencing

Use Skype for Business Server Control Panel or the Skype for Business Server Management Shell
Set-CsDialInConferencingConfiguration cmdlet to configure conferencing policy settings. Specify
whether:
1. PSTN conference dial-in is enabled.
2. Users can invite anonymous participants.
3. Unauthenticated users can join a conference by using a dial-out phone. With a dial-out phone, the
conference server calls the user, and the user answers the phone to join the conference.
CsAdministrator permissions are necessary to configure a conferencing policy for dial-in conferencing.
Step 6: Configure dial-in conferencing access numbers

Use Skype for Business Server Control Panel or the Skype for Business Server Management Shell to set up
dial-in access numbers that users call to dial in to a conference, and specify the regions that associate the
access number with the appropriate dial plans. The first three access numbers for the region that the
organizer's dial plan specifies are included in the conference invitation. All access numbers are available
on the dial-in conferencing settings webpage.
Note: After you create dial-in access numbers, you can use the Set-
CsDialInConferencingAccessNumber cmdlet to modify the display name of the
Active Directory contact objects so that users can easily identify the correct access number.
CsAdministrator permissions are necessary to configure dial-in conferencing access numbers.
Step 7: Verify dial-in conferencing settings (optional)

Use the Get-CsDialInConferencingAccessNumber cmdlet to search for dial plans that have a dial-in
conferencing region that is not in use by any access number, and for access numbers that have no
assigned region.
Membership in any of the following groups is necessary to verify dial-in conferencing settings:
• CsAdministrator
• CsViewOnlyAdministrator
• CsServerAdministrator
• CsHelpDesk
Step 8: Modify key mapping for DTMF commands (optional)

Use the Set-CsDialInConferencingDtmfConfiguration cmdlet to modify the keys that are used for
DTMF commands, which participants can use to control conference settings such as mute and unmute, or
lock and unlock.
CsAdministrator permissions are necessary to modify mapping for DTMF commands.
Step 9: Modify conference join and leave announcements (optional)

Use the Set-CsDialInConferencingConfiguration cmdlet to change how announcements work when
participants join and leave conferences.
CsAdministrator permissions are necessary to modify conference join and leave announcements.
Step 10: Test dial-in conferencing (optional)

Use the Test-CsDialInConferencing cmdlet to test that the access numbers for the specified pool work
correctly.
CsAdministrator permissions are necessary to test dial-in conferencing.
Step 11: Configure user account settings

Use Skype for Business Server Control Panel or the Skype for Business Server Management Shell to
configure the telephony line Uniform Resource Identifier (URI) as a unique, normalized phone number—
for example, tel:+14255550200; ext=0200.
The following groups might configure user account settings:
• CsAdministrator
• CsUserAdministrator
Step 12: Welcome users to dial-in conferencing and set the initial PIN (optional)
Use the Set-CsPinSendCAWelcomeMail cmdlet to set users' initial PINs and to send a welcome email
message that contains the initial PIN and a link to the dial-in conferencing settings webpage.
For example:
Set-CsPinSendCAWelcomeMail –UserUri user@adatum.com –SmtpServer mail.adatum.com –From

admin@adatum.com.
The following groups can welcome users to dial-in conferencing and set their initial PIN:
• CsAdministrator
• CsUserAdministrator
Demonstration: Deploying Dial-In Conferencing (optional)

The instructor will now demonstrate how to set up dial-in conferencing, including adding a modality to
the topology, publishing and running Bootstrapper.exe, and adding a dial-in conferencing access number.
Demonstration Steps
1. Open Skype for Business Topology Builder, download the topology from the existing deployment,
and then save it as Dialin.
2. Add the following modalities to the Skype for Business Server Front End pool:
o Dial-In conferencing
o Enterprise Voice
o PSTN gateway
o Trunks
4. Validate replication, and then bootstrap Skype for Business Front End Servers.
5. Configure the conferencing region.
6. Configure a dial-in access number.
Question: How many languages can be offered per dial-in access number?
Question: Why did we run Bootstrapper.exe?

Lesson 4
Configuring an LRS
Video teleconferencing from various original equipment manufacturers (OEMs) was around long before
Microsoft UC systems entered the market. However, until the LRS specification, there was no true Lync or
Skype for Business Video Teleconferencing (VTC) solution. Instead, users had to develop their own
solutions, such as bringing their own laptops to meeting rooms, trying to connect to existing equipment
and other infrastructure such as projectors, and gaining network access, and using USB-based
speakerphones and cameras for audio/video—all with varying degrees of success.
The Microsoft RoundTable device, a special 360° view camera with multiple microphones in the base and
the special 360 “ribbon feed,” has been one of the ways users have converted existing meeting rooms into
Skype for Business VTCs.
Existing OEM VTC vendors have made their own solutions to integrate with
Skype for Business Server 2015 and previous versions. Solutions vary from being a simple
Skype for Business/Lync endpoint to being the host of the meeting and letting Skype for Business act
as a client. Most integration solutions required special licenses or hardware, depending on the required
functionality.
Note: Skype for Business Server includes Video Interop Server, which is a license-free role
that facilitates interoperability with third-party VTCs. Video Interop Server is out-of-scope for this
course.
This lesson will teach you the required steps for integrating LRS into your Skype for Business Server
topology.
Lesson Objectives
• Describe LRS.
• Describe the LRS home screen.
• Describe the LRS Administrative Web Portal.
• Describe how to prepare for deploying LRS.
Overview of the Lync Room System

Multiple VTC vendors developed the LRS
specification. The goal of LRS is to give users an
intuitive and familiar method to schedule and
prepare video teleconferencing by using familiar
tools, such as the Skype meeting plug-in for
Outlook, and to allow participants across all devices
that Skype for Business Server supports, or even
participants who use the Skype for Business Web
App.
LRS is a combination of Microsoft software that has

the same layout across vendors and OEM hardware
from Microsoft Partners like Crestron Electronics, Lifesize, Polycom, and SMART Technologies. With LRS,
users can take advantage of the Skype for Business Server infrastructure and bring it to the meeting room
without having to bring any devices or prepare a room in any way.
For a successful meeting experience, users schedule a Skype for Business meeting like usual—the only
difference is that a meeting room that is equipped with LRS has to be booked like a resource room. If a
user books the room for an ordinary physical meeting, LRS can automatically remind the organizer that
the room is indeed an LRS, and by adding Skype for Business meeting information to the meeting, users
can participate from anywhere.
Like traditional VTC systems, LRS consists of one or two large HD displays with touchscreen functionality
and built-in wide-angle cameras. LRS comes with a table stand console for easy handling of meetings by
using the touchscreen interface of the console. It also comes with connectors to allow users to connect
their own PCs directly to LRS—for example, to upload PowerPoint presentations to a meeting. When set
up correctly, all that users have to do when entering the room is to click or tap the meeting entry on the
home screen, and then the meeting starts.
When configuring LRS, you will need to perform steps in Exchange and Skype for Business Server. While
performing the configuration steps, be aware of role-based access control.
LRS is based on Windows Embedded 7, and it can run as a stand-alone appliance or join an AD DS
domain for management reasons, especially the expected Microsoft Exchange Key Management Server
activation of LRS.
When initially configuring a new LRS, the requirements are the same from an administrative point of view,
regardless of the vendor:
• An Exchange resource mailbox account, which facilitates calendar functions and scheduling for the
LRS-equipped meeting room
• A Skype for Business–enabled LRS account on Skype for Business Server 2015 or Lync Server 2013
The permissions that are necessary to configure LRS are the same as for configuring other Skype for
Business users.
LRS Home Screen

The LRS home screen is the default welcome screen
that greets users when they enter an LRS meeting
room or when the system restarts. You can think of
the home screen as a big tile-like calendar that
shows the room bookings. If the meetings are
Skype for Business 2015 meetings, then you can
join them simply by tapping the tile. Depending on
the hardware model, you might see video on one
screen and collaborate by using a whiteboard
session on the other, or you might see shared
content such as a PowerPoint presentation or a
desktop.
You can control a meeting directly by using the UI on the large HD displays or via the desktop controller,
from where you can invite or call others into the meeting without interrupting what happens on the HD
displays. You can also control what content displays on the screen from a specified input by using the
controller.
One of the LRS features is a one-click meeting, which starts a meeting directly from the home screen.
Those who have worked with third-party VTCs are used to meeting initiations that typically involve many
steps and instructions before a meeting actually starts—especially if some participants are remote or are
in other organizations.
The familiar Skype for Business interface helps simplify the learning curve for managing LRS. Those who
have used the desktop Skype for Business 2015 client or even Lync 2010 or Lync 2013 will quickly find the
usual functions to be in the expected places. Because LRS has a specific, configured account, it can be
invited to a Meet Now meeting like any other user or contact.
LRS Administrative Web Portal

Skype for Business Server does not install the LRS
Administrative Web Portal by default.
Administrators have to download the portal from
Microsoft and follow the steps that are necessary to
configure it.
You can download the LRS Administrative Web

Portal for Skype for Business Server 2015 from the
following website.
Microsoft Lync Room System

Administrative Web Portal for Skype for
http://aka.ms/jnbbgz
The steps to configure the LRS Administrative Web Portal include:
• Configuring the LRS port to trust.
• Creating a Skype for Business–enabled account in AD DS for running the portal.
• Manually creating named groups in AD DS according to the LRS Administrative Web Portal
Deployment Guide and assigning permissions.
Microsoft Lync Room System Deployment Guide
http://aka.ms/q7l637
When the LRS Administrative Web Portal has deployed, you can access the portal through the /LRS
subsite on Skype for Business Server Front End Servers; that is, https://webint.adatum.com/LRS.
When accessing the portal, you are prompted for credentials to sign in. After signing in, you see a list of
configured LRS rooms, their presence state, health, next meeting, LRS version, manufacturer, and so on.
Clicking an individual room name on the portal takes you to the details and the room settings. Settings
include volume settings, update settings, and options to collect logs for troubleshooting purposes.
Demonstration: Preparing to Deploy LRS (optional)

The instructor will now demonstrate the preparation steps that are necessary before you can add LRS to
the Skype for Business Server infrastructure.
Demonstration Steps
1. Create a resource mailbox in Exchange.
2. Enable automatic calendar processing.
3. Enable MailTip for organizers.
4. Enable the LRS account in Skype for Business.

5. Optional: Enable LRS for Enterprise Voice for outbound calls.
Lesson 5
Configuring Large Meetings and Skype Meeting
Broadcasts
Skype for Business Server is for meetings with up to 20 participants, but it does allow meetings with as
many as 250 users in the default global conferencing policy. If needed, you can configure an on-premises
deployment of Skype for Business to support up to 1,000 participants. Obviously, having that many
participants join an on-premises meeting will put a significant drain on server and network resources.
A new offering in Microsoft Office 365 is Skype Meeting Broadcast, which enables a live meeting
broadcast for up to 10,000 participants by using an Office 365 infrastructure. To use Skype Meeting
Broadcast, you need to be on Skype for Business Online or have a Skype for Business hybrid deployment.
This lesson will teach you how to configure Skype for Business Server for large meetings and to identify
Skype Meeting Broadcast requirements.
Lesson Objectives
• Set up Skype for Business for large meetings.
• Describe the requirements for using Skype Meeting Broadcast.
• Configure Skype Meeting Broadcast.
Skype for Business for Large Meetings

When a user schedules a meeting or creates a Meet
Now meeting in Skype for Business 2015, the
meeting always hosts on the user’s home pool. You
can use this inherent behavior to reserve a
Skype for Business Server pool exclusively for large
meetings.
Imagine this: In a large enterprise, management

could decide to support large meetings. You can
achieve this by building a separate pool specifically
for large meetings. After the installed pool is ready,
one or two scheduling user accounts are created in
AD DS and are enabled for
Skype for Business Server with the new pool as their home pool. When a large meeting is necessary, the
person responsible for scheduling the large meeting uses the large meeting scheduling account to set up
the meeting. In this way, you can build a Skype for Business Server pool that only services very large
meetings.
A large meeting pool should not contain any unnecessary modalities, and it should not collocate with a
Mediation Server. The scheduling accounts should not have any contacts in Lync, and they should not be
added to other users’ contact lists to avoid presence traffic. When conducting very large meetings, you
will need to set up one-way audio and video, to limit resolution, and to avoid application and desktop
sharing.
You should configure the following conferencing policy settings for users in a large meeting pool:
• MaxMeetingSize: 1,000 (the default is 250)
• AllowLargeMeetings: True
• EnableAppDesktopSharing: None
• AllowUserToScheduleMeetingsWithAppSharing: False
• AllowSharedNotes: False
• AllowAnnotations: False
• DisablePowerPointAnnotations: True
• AllowMultiview: False
• EnableMultiviewJoin: False
The limit of 1,000 participants for large meetings is not a hard limit; it is the limit to which Microsoft has
tested the system.
Overview of Skype Meeting Broadcast

Some customers might need to conduct town hall–
like meetings with a very large audience. In such
cases, the limits of an organization’s network and
available resources might contraindicate an on-
premises installation as the best solution.
Skype Meeting Broadcast is a new offering from

Office 365 and Skype for Business Online that sends
live content to an Office 365 infrastructure, from
where distribution and relay takes place. By using
the Office 365 infrastructure, Skype for Business
meetings can broadcast live, and up to 10,000 users
around the world can view them simultaneously.
The minimum setup that Skype Meeting Broadcast requires is a hybrid deployment with at least an E3
plan. When the hybrid setup is complete, all that is necessary is to add a few Microsoft domains as
allowed domains. Even if running with open federation, adding allowed domains makes
Skype for Business Server allow a higher rate of incoming messages without throttling.
Skype for Business Compare plans

http://aka.ms/k5i412
The following are the steps that are necessary for setting up a hybrid solution to work with Skype Meeting
Broadcast, all of which you can perform in the Skype for Business Server Management Shell.
Configure access to LyncOnlineResources

You can configure access to LyncOnlineResources by running the following command in the Skype for
Business Server Management Shell:
New-CsHostingProvider -Identity LyncOnlineResources -ProxyFqdn sipfed.resources.lync.com

-VerificationLevel AlwaysVerifiable -Enabled $True -EnabledSharedAddressSpace $True -
HostsOCSUsers $True -IsLocal $False
Add allowed domains

You can add allowed domains by running the following commands in the Skype for Business Server
Management Shell:
New-CsAllowedDomain -Identity "noammeetings.lync.com"

New-CsAllowedDomain -Identity "emeameetings.lync.com"
New-CsAllowedDomain -Identity "apacmeetings.lync.com"
New-CsAllowedDomain -Identity "resources.lync.com”
Note: Organizers are not required to be hosted in the cloud. You can run a Skype Meeting
Broadcast as an on-premises user if a hybrid deployment with a shared SIP namespace is in place.
Because an Office 365 infrastructure is the engine for Skype Meeting Broadcast, no support exists for
scheduling these meetings in Outlook; instead, you have to set up Skype Meeting Broadcast by using the
https://sched.services.skype.net broadcast scheduling URL. When signed in, you can schedule a meeting
and exercise limited control over Skype Meeting Broadcast before sending an invitation. Because of
hybrid deployment requirements, you must sign in by using your organizational credentials.
The steps for joining a Skype Meeting Broadcast are the same as joining any other meeting in
Skype for Business, with one exception. Even though users connect by using the familiar method,
participants will not receive any presentation until a presenter turns on audio. In a traditional
Skype for Business meeting, audio is not a requirement.
When running a Skype Meeting Broadcast, you can use a web browser and the Skype for Business Web
App, or you can use the Skype for Business 2015 client. Regardless, the client layout and the options
change slightly when in a broadcast session. For example, you can only show one video feed at a time,
and the only sharing that can occur is by using PowerPoint via Office Online Server.
Demonstration: Configuring Skype Meeting Broadcast

Your instructor will now demonstrate the necessary steps to configure Skype Meeting Broadcast on an on-
premises Skype for Business Server 2015 server that is already configured as a Skype for Business hybrid
deployment.
Demonstration Steps
1. Sign in to Skype for Business Server, and then open the Skype for Business Server Management Shell
as an administrator.
2. Add sipfed.resources.lync.com as a hosting provider for the shared namespace.
3. Add the Skype Meeting Broadcast Office 365 SIP domains as allowed domains.
Question: What is the default maximum meeting size in Skype for Business Server?
Question: You are setting up a large meeting pool—should this be a Standard Edition or
Enterprise Edition of Skype for Business Server 2015?
Lab B: Configuring Additional Conferencing Modalities

Scenario
A. Datum wants to allow its internal and external users to connect to the audio portion of a conference
when they do not have access to Skype for Business. You must install dial-in conferencing to support
these users. A. Datum also wants to use LRS, and you must perform the server-side configuration.
Objectives
• Deploy dial-in conferencing.
• Perform internal setup to prepare for LRS deployment.
Lab Setup

20334B-LON-EX1, 20334B-LON-RTR, 20334B-LON-CL1, 20334B-LON-CL2
User name: Adatum\Administrator, Adatum\Ed for LON-CL1, Adatum\Amr for LON-CL2
Password: Pa$$w0rd
For this lab, you will use the available virtual machine environment, which was started at the beginning of
Lab A.
Exercise 1: Deploying Dial-In Conferencing

Scenario
A. Datum wants to allow its internal and external users to connect to the audio portion of a conference
when they do not have access to Skype for Business. You must install dial-in conferencing to support
these users. A United Kingdom number and a United States number have been procured for the dial-in
project.
You tasks are to:

• Set up the dial-in conferencing system with two regional phone numbers.
• Configure meeting invitations so that the local regional number displays as the first choice.

1. Configure the topology for dial-in conferencing.
2. Add a user-level dial plan for North America and Europe.
3. Associate a dial plan with users.
4. Set up dial-in access numbers.
5. Validate dial-in conferencing.
 Task 1: Configure the topology for dial-in conferencing

2. Open Skype for Business Topology Builder, click Download Topology from existing deployment,
and then save the topology as Lab6B.
3. Add dial-in (PSTN) conferencing support.

5. Run Bootstrapper.exe on LON-SFB1 and LON-SFB2.
6. When the installation is complete, close all open windows on LON-SFB1 and LON-SFB2. It will take
some time for the command to complete.
 Task 2: Add a user-level dial plan for North America and Europe
1. On LON-SFB1, open Skype for Business Server Control Panel. Sign in as Administrator with the
password Pa$$w0rd.
2. In the navigation pane, click Voice Routing. This opens the DIAL PLAN tab, displaying the currently
configured dial plans.
3. On the DIAL PLAN tab, click New, and then click User dial plan.
4. On the New Dial Plan page, in the Name text box, type North America, and then press the Tab key
on your keyboard. This will move the focus to the next box and will prefill the Simple name text box.
5. In the Dial-In conferencing region text box, type North America.
6. On the New Dial Plan page, at the upper left, click OK. This takes you back to the DIAL PLAN page.
7. On the DIAL PLAN tab, you now see the Global and the North America dial plans. Click New, and
then click User dial plan to create a similar user dial plan for Europe.
8. In the Name text box, type Europe, and then press the Tab key on your keyboard to prefill the
Simple Name text box.
9. In the Dial-In conferencing region text box, type Europe.
11. On the DIAL PLAN tab, you now see the three dial plans: two plans that you configured, and the
Global plan.
12. On the menu bar, click Commit, and then click Commit all.
13. In the Uncommitted Voice Configuration Settings window, validate the settings displaying the
changes that you just made, and then click OK.
14. In the Success message box, click Close.
 Task 3: Associate a dial plan with users

1. In the Skype for Business Server Control Panel navigation pane, click Users.
2. In the search box, type Ed, and then click Find.
3. Select Ed Meadows, and then on the Edit menu, click Show details.
4. Under Telephony, select Enterprise Voice.
5. Under Dial plan policy, select North America, and then click Commit.
6. Search for Amr, select Amr Zaki, and then on the Edit menu, click Show details.
8. Under Dial plan policy, select Europe, and then click Commit.
 Task 4: Set up dial-in access numbers

1. In Skype for Business Server Control Panel, click Conferencing, click the Dial-in Access Number tab,
and then click New.
2. Configure the Europe location with the following information:
o +44 (0) 1234 1234
o Adatum Conferencing Europe

o Tel:+4412341234
o pool.adatum.com
o confeu@adatum.com
o English (United Kingdom)
3. Configure the North America location with the following information:
o +1 (555) 123-1234
o Adatum Conferencing North America
o Tel:+15551231234
o pool.adatum.com
o confus@adatum.com
o English (United States)
 Task 5: Validate dial-in conferencing

2. Open Outlook 2016, switch to Calendar, and then create a new Skype meeting. Note that the default
dial-in number for Ed is in the North American format.
4. Open Outlook 2016, switch to Calendar, and then create a new Skype meeting. Note that the default
dial-in number for Amr is in the European format.
5. Close the meeting request without saving changes.
Results: After completing this exercise, you should have deployed two unique dial-in conferencing
numbers, associated the dial-in conferencing region with the correct dial plan, and associated two users
with dial plans to test functionality.
Exercise 2: Preparing for LRS Deployment

Scenario
A. Datum is considering LRSs from different vendors. You have been tasked with preparing the
infrastructure for the arrival of the first LRS named LRS01.
1. Create a resource mailbox in Exchange.
2. Enable automatic calendar processing.

3. Enable MailTip for organizers.
4. Enable an LRS account in Skype for Business 2015.
5. Invite LRS.
 Task 1: Create a resource mailbox in Exchange

1. On LON-EX1, open the Exchange Management Shell as an administrator.
2. Type the following command, and then press Enter to create a resource mailbox for LRS:
New-Mailbox -UserPrincipalName LRS01@adatum.com -Alias LRS01 -Name "LRS-01" -Room -

EnableRoomMailboxAccount $true –RoomMailboxPassword (ConvertTo-SecureString -String
Pa$$w0rd -AsPlainText -Force)
 Task 2: Enable automatic calendar processing

• On LON-EX1, type the following command, and then press Enter to enable automatic calendar
processing for the room:
Set-CalendarProcessing -Identity LRS01 -AutomateProcessing AutoAccept -

AddOrganizerToSubject $false –DeleteSubject $false -RemovePrivateProperty $false
 Task 3: Enable MailTip for organizers

• On LON-EX1, type the following command, and then press Enter to enable a reminder for organizers
that this is an LRS:
Set-Mailbox -Identity LRS01@adatum.com -MailTip "This room is equipped with Lync Room
System (LRS), please make it a Skype Meeting to take advantage of the enhanced
meeting experience from LRS”
 Task 4: Enable an LRS account in Skype for Business 2015

1. Switch to LON-SBF1.
2. On LON-SFB1, open the Skype for Business Server Management Shell, type the following command,
and then press Enter to enable an LRS account in Skype for Business Server:
Enable-CsMeetingRoom -SipAddress "sip:LRS01@adatum.com" -RegistrarPool

pool.adatum.com -Identity LRS01
 Task 5: Invite LRS

2. Open Outlook, go to Calendar, and then click New Skype Meeting.
3. In the meeting invitation, to the right of where it reads “Skype Meeting,” click Rooms.
4. Select LRS-01, click the Rooms button in the lower-left corner, click OK, and then click Yes.

When you finish the lab, revert all the virtual machines to their initial state by performing the following
steps:
2. In the Virtual Machines list, right-click 20334B-LON-CL1, and then click Revert.
4. Repeat steps 2 and 3 for the following virtual machines:
o 20334B-LON-CL2
o 20334B-LON-DC1
o 20334B-LON-SFB1
o 20334B-LON-SFB2
o 20334B-LON-SQL1
o 20334B-LON-EX1
o 20334B-LON-RTR
Results: After completing this exercise, you will have configured a Microsoft Exchange resource mailbox
for LRS, and you will have configured an LRS account for Skype for Business Server.
Question: Besides the setup in the lab, what are other dial-in conferencing requirements?
Question: Do you have any real life experience with LRSs or other Video TeleConferences
(VTCs)?

Best Practices
• Always consider the ContentGracePeriod. Ask yourself if 15 days of retention on all meeting content is
desirable.
• Note that changing the Assigned conference type by default setting might result in existing
scheduled Skype meetings needing to be re-sent.
• Dial-in conferencing has the same requirements as Enterprise Voice regarding trunks and gateways.
• LRS is a stand-alone meeting room client.
• Skype Meeting Broadcast allows town hall–like meetings with up to 10,000 participants by relaying
PowerPoint presentations, audio, and video via a Microsoft Office 365 infrastructure—this requires a
cloud or hybrid setup.

Dial-in conferencing not working
Review Question
Question: What are the benefits of allowing meeting invitation customization?

Organizations that currently use VTCs should consider LRS for future rooms.
If the current VTC solution is based on Cisco Unified Communications Manager, consider using the
Skype for Business Video Interop Server role.
Configuring a trunk for dial-in conferencing is the same as Enterprise Voice.
Tools
The following tool is covered in this module:
Microsoft Lync Room System Administrative Web Portal for Skype for Business Server 2015
http://aka.ms/ft8z29
7-1
Module 7
Designing and Implementing Monitoring and Archiving in
Contents:
Module Overview 7-1
Lesson 1: Components of the Monitoring Service 7-2
Lab A: Implementing Monitoring 7-11
Lesson 2: Overview of Archiving 7-15
Lesson 3: Designing an Archiving Policy 7-19
Lesson 4: Implementing Archiving 7-24

Lab B: Implementing Archiving 7-27
Module Overview
Skype for Business Server 2015 provides detailed insight in to the various modalities and content. To gain
access to this information, it is critical that you understand the configuration requirements, deployment
options, integration options, and how these relate to your organizational demands. This understanding
will help you implement Skype for Business Server in a way that meets the needs of your organization and
users.
Objectives
 Describe monitoring service components in Skype for Business Server.
 Implement monitoring.
 Design an archiving policy.
 Implement archiving.
7-2 Designing and Implementing Monitoring and Archiving in Skype for Business 2015
Lesson 1
Components of the Monitoring Service
In Skype for Business Server, the monitoring service collects performance metrics and then provides you
with reporting capabilities to help ensure the quality of your Skype for Business Server communications
system. You can use Quality of Experience (QoE) and call detail recording (CDR) features and monitoring
service capabilities to monitor and improve the quality of your communication.
Lesson Objectives
 Describe monitoring service components.
 Describe supported Microsoft SQL Server topologies for the monitoring service.
 Describe CDR and QoE monitoring reports.
 Explain how to configure monitoring server settings.

 Describe the Call Quality Dashboard.
 Describe the Call Quality Methodology.
Components of the Monitoring Service

In Skype for Business Server, you can use
monitoring to collect data that describes the
media quality on your network, and endpoints
that are involved in communication sessions
through your Skype for Business Server
deployment. You can collect usage information
about the following:
 Voice over Internet Protocol (VoIP) calls

 Instant messages (IMs)
 Audio/video conversations
 Meetings
 Application sharing
 File transfers
 Errors and troubleshooting
Monitoring Service Components

The monitoring service is collocated on existing Skype for Business Server Front End Servers, and it
includes the following four components:
 Unified data collection agents. The CDR and QoE agents install automatically on every Front End
Server.
 Monitoring databases. To store and collect data, the monitoring service requires databases that use
SQL Server. The databases can be collocated on the Back End Server SQL instance or on a different
computer. Separate databases are required for CDR and QoE information. However, they both always
run on the same SQL Server instance.
 Microsoft Systems Center Operations Manager (SCOM) Management Pack. This is an optional
component. The call reliability and media quality monitoring component of SCOM uses the
monitoring server CDR and QoE data to generate near real-time alerts about call reliability health
and media quality.
 Monitoring server reports. This also is an optional component. It contains built-in reports on usage,
call diagnostic information, and media quality information based on data that is stored in the CDR
and QoE databases. SQL Server Reporting Services generates the reports.
SQL Collocation and Reporting Services

Monitoring data and other types of data can
share the same SQL Server instance. Typically, the
CDR database (LcsCDR) and the QoE database
(QoEMetrics) share the same SQL instance. It is
also common for the two monitoring databases to
be in the same SQL instance as the archiving
database (LcsLog).
The only real requirement with SQL Server

instances is that any one instance of SQL Server is
limited to:
 One instance of a Skype for Business Server

Back End Server database.
Note: Generally, we do not recommend collocating your monitoring database in the

same SQL instance, or even on the same computer, as the Back End Server database. Though
technically possible, you run the risk of the monitoring database using up disk space that the
Back End Server database needs.
 One instance of a CDR database.
 One instance of a QoE database.
 One instance of an archiving database.
Supported topologies
Each monitoring database can capture data from one or more Skype for Business Server Enterprise Edition
pools and Skype for Business Server Standard Edition servers.
Reporting services
Skype for Business Server uses SQL Server Reporting Services to publish monitoring reports. These reports
publish to a web server where you can view them by using a web browser. You also have the ability to
schedule report deliveries via email messages. The monitoring reports contains a standard set of reports
that describe the data and define the reports that SQL Server Reporting Services will create.
Installing SQL Server Reporting Services

To use SQL Server reports, you must install SQL Server on the computer that hosts the monitoring server
database. The database engine component of SQL Server is required to run the database. The Reporting
Services component of SQL Server is required to run the reports. The two components do not have to
reside on the same logical server.
You must install the monitoring reports on a SQL Server instance that is running SQL Server Reporting
Services. Skype for Business Server supports the following 64-bit versions of SQL Server:
 Microsoft SQL Server 2014
Verifying the web service URLs

After deploying SQL Server Reporting Services, you need to verify the Reporting Services web services
URLs. These URLs are used to view and verify that the monitoring reports are working correctly.
To verify that the URLs are working:
1. Open Reporting Services Configuration Manager from SQL Server Configuration Tools.
2. Connect to your instance of SQL Server Reporting Services.

3. On the Web service URL page, click the URL that is listed under Report Server Web service URLs to
verify that the links can be opened.
You deploy monitoring server reports to this URL. You have the option to use HTTP or HTTPS to publish
the reports. If both are available, SQL Server Reporting Services publishes to the HTTPS URL.
QoE and Call Detail Reporting

In Skype for Business Server, QoE records
numerical data that indicates media quality during
calls and sessions. CDR captures usage and
diagnostic information. In Skype for Business
Server, QoE functionality is enabled by default
when you deploy the monitoring service.
QoE
QoE records not only store numerical data about
the quality of calls on your network, but they also
store information about the following parameters
during calls and sessions:
 Participants
 Device names
 Drivers
 IP addresses
 Endpoint types
These quality metrics are collected at the end of every VoIP call and every video call from participant
endpoints, including IP phones, Skype for Business 2015, some legacy clients, Audio/Video Conferencing
Servers, and Mediation Servers.
For Mediation Servers, metrics are gathered from:
 The path between the Mediation Server and unified communications (UC) endpoints.
 The path between the Mediation Server and the media gateway.
You can run the following query against the QoEMetrics database to get jitter and packet loss averages
for all audio streams:
selectavg(cast(JitterInterArrival as bigint)) as JitterAvg, avg(PacketLossRate) as

PacketLossRateAvg from AudioStream
CDR
CDRs capture usage information about:
 VoIP calls
 IMs
 Audio/video conversations
 Meetings
 File transfers
 Application sharing
 Remote assistance
Note: Actual IM content is not captured in CDR data. To preserve IM content for
compliance reasons, use the Archiving Server feature.
CDR data is frequently used for billing purposes and is therefore very important in many deployments. In
Skype for Business Server, CDR data is captured for both peer-to-peer and multiple party conferences.
The CDR database in Skype for Business Server includes new usage and diagnostic data for Skype for
Business Server features, including conferencing, registration, and device diagnostics. It also includes
comprehensive data for usage tracking and voice quality diagnostics.
For example, you can use SQL Server Management Studio to run the following query against the LcsCDR
database to find the total number of public switched telephone networks (PSTNs) that are connected to
UC calls:
Select Count(*) as 'Number of PSTN to UC Calls'

From VoipDetails as voipd
Join SessionDetails as sd on (voipd.SessionIdTime = sd.SessionIdTime and
voipd.SessionIdSeq = sd.SessionIdSeq and sd.User1Id is null)
and FromNumberId in (SELECT PhoneId from Phones)
and FromGatewayId is not null
Monitoring Policy
You can configure monitoring settings for CDR
and QoE by using Skype for Business Server
Control Panel or Skype for Business Server
Management Shell cmdlets. The configuration
options include:
 Enabling or disabling monitoring.

 Applying monitoring at the global or site
level; you cannot set monitoring policy at the
user level.
 Configuring the length of data retention.
Configuring monitoring service by using Skype for Business Server Control Panel
To configure the monitoring service:
1. Open Skype for Business Server Control Panel.
2. Click Monitoring and Archiving, and then complete the following steps:
o Click the Call Detail Recording tab. Enable or disable CDR, and then configure the CDR purging
settings.
o Click the QoE Data tab. Enable or disable QoE, and then configure the QoE purging settings
(as shown on the slide).
Configuring monitoring service by using the Skype for Business Server Management
Shell
Using the Skype for Business Server Management Shell or Control Panel is purely a matter of preference. If
you prefer to use the Management Shell, you can use the following cmdlets to configure a monitoring
service.
To configure CDR settings, use the following cmdlets:
New-, Set-, Get- and Remove-CsCdrConfiguration
To configure QoE settings, use the following cmdlets:
New-, Set-, Get- and Remove-CsQoEConfiguration

Call Quality Dashboard

The Skype for Business Server Call Quality
Dashboard (CQD) in the Skype for Business Server
monitoring service is a new reporting layer on top
of the QoE database. CQD uses SQL Server
Analysis Services to provide aggregate usage and
call quality information, and for filtering and
pivoting on the dataset. CQD features include:
 Archival storage of QoE data via the QoE

Archive component of CQD. The QoE Archive
component can store QoE data for much
longer than the monitoring server can. This
allows trending and reporting for up to seven
months of data at a time, with the ability to slide the reporting as far back as there is data.
 Reporting and analysis by using the speed of SQL Server Analysis Services. CQD uses SQL Server
Analysis Services to provide fast summary, filter, and pivoting capabilities to power the dashboard via
an Analysis Services cube. Reporting execution speed and the ability to drill down into data can
reduce analysis time dramatically.
 New data schema that is optimized for call quality reporting. The cube has a schema that is designed
for voice quality reporting and investigations. CQD web portal users can focus on the reporting tasks
instead of figuring out how the QoE metrics database schema maps to the views that they need.
Combining the QoE Archive and the Cube provides an abstraction that reduces reporting and analysis
complexity via CQD. The QoE Archive database schema also contains tables that can be populated
with deployment-specific data to enhance the overall value of the data.
 Built-in report designer and in-place report editing. The Portal component comes with several built-in
reports that are modeled on the Call Quality Methodology. Portal users can modify the reports and
create new reports via the Portal’s editing functionality.
 Web application programming interface (API) access to the report structure and Analysis Cube data.
The dashboard reporting framework is not the only way to display data from the Cube. CQD provides
several examples that use HTML and JavaScript to retrieve data from CQD Web APIs and to render
the data in a custom format. Combining the Query Editor and CQD Web APIs allows rapid
prototyping of reports and custom report layout.
Components and topologies for CQD

The Call Quality Dashboard consists of several databases, SQL Agent jobs, processes, and web
applications. SQL Agent jobs periodically copy data from the QoE metrics database into the QoE Archive
database, and process the Cube with the data in the QoE Archive database. The repository database stores
the report definitions that power the Portal. The Portal provides browser access to Cube data.
CQD components—including the QoE Archive, Cube, and repository databases—can be installed on the
Front End Server with the monitoring service, installed on its own server, or installed across multiple
servers. The particular installation method depends on CQD performance demands and the effect on
other processes on the same servers.
Component name Dependent component
QoE Archive SQL Server
Cube SQL Server Analysis Services
Portal Internet Information Services (IIS)
Repository service (part of the Portal SQL Server

installation)
Question: Does the CQD rely on SQL Server Reporting Services like the monitoring service?
Call Quality Methodology

The Skype for Business Call Quality Methodology
is a new, holistic method to define and assess call
quality. The Call Quality Methodology divides a
Skype for Business Server deployment into ten
discrete areas that affect quality, defining targets,
and a remediation plan for each one. CQM is a
framework to address call quality problems—you
can modify or extend it to target the particular
conditions on your network.
Telemetry across your network

In CQM, each audio stream represents a Real-
Time Transport Protocol (RTP) media bit stream
across a call leg—or from one Skype for Business Server component to another. In the simplest example
of a peer-to-peer Skype for Business call, there are two streams: one from the caller to the receiver, and
another back from the receiver to the caller. In more complex scenarios, a call is composed of multiple
streams that traverse each respective call leg.
Detailed quality information about each call leg is stored in the Skype for Business Server QoE database.
Each Skype for Business Server component that processes media creates and sends a record to the QoE
database, reporting on the quality of the call leg. This rich set of call quality data in the QoE database is
the foundation of CQM. CQM uses a set of Transact-SQL queries to report on call paths and devices. CQM
establishes quality targets that are used for troubleshooting and operational procedures. CQM assumes
that you have visibility into the network and the capability to troubleshoot problematic media streams
across it.
Note: The QoE database does not have information on your edge or perimeter network.
The PreCall Diagnostics tool helps you identify and diagnose network problems in your
perimeter.
Elements of CQM in three dimensions

In CQM, call quality is broken down into three dimensions, each with multiple elements:
 Server Plant. Server Plant incorporates all Skype for Business Server elements that terminate or
originate media:
o Server health. Assures that your Skype for Business Server media servers (audio/video multipoint
control unit and Mediation Servers) are healthy and are not contributing to conditions that will
cause poor media quality, including packet loss and jitter.
o Between audio/video multipoint control unit (AV MCU) and Mediation Server. Analyzes streams
between these two server roles that service dial-in conferencing users.
o Between Mediation Server and gateway. Analyzes streams between Skype for Business Server
Mediation Servers and their gateway peers that service dial-in conferencing users.
o PSTN gateway to PSTN. Analyzes the final leg from the PSTN gateway out to the PSTN.
o In a conference call, other elements handle media including the Conferencing Announcement
Server (CAS) and the Conferencing Auto Attendant (CAA).
Note: QoE has no telemetry data for the sessions between the gateway and PSTN, so you
will need to work with your gateway manufacturer to derive a data-driven approach here.
 Endpoints. A collection of call quality measurements that are generated when an endpoint makes or
receives a Skype for Business call:
o Device. The IP or USB device that places or receives a call. Devices that have not been qualified
for Skype for Business 2015 are often the source of call quality problems.
o System. The device that places or receives a call. Glitch generation is a common system problem
that causes quality degradation.
o Media path. Ideally, peer-to-peer calls go directly between two systems. A common issue is
internal firewalls that cause internal calls to relay across the internal interface of an edge server.
This is not optimal and can cause quality and capacity issues.
o Media transport. User Datagram Protocol (UDP) is the ideal transport for media; however, if UDP
cannot be negotiated, Transmission Control Protocol (TCP) is used, which results in poor media
quality.
 Last Mile. Last Mile includes call quality measurements based on how each Skype for Business
endpoint is connected to the network:
o Wired. Both server and client have wired connections.
o Wireless. Clients have wireless connections.
Note: Wired is the first priority for client connections because it should always provide high
quality. When resolving last mile issues, wired is expected to deliver the highest quality and
correspondingly must be your initial focus. After you optimize the call quality of your wired
connections, improving wireless call quality becomes easier because the wireless infrastructure
sits atop the wired core at each location. Depending on the maturity of your wireless
deployment, you might not want to include wireless connections in your call quality scope.
CQM can measure and control each of these elements. In most cases, CQM pulls from the rich set of data
in the QoE database to determine a baseline for each element, and then CQM tracks it with the goal of
reaching and maintaining a stated quality target.
Each element in CQM is independent; however, there is a natural priority for addressing each. For
example, in Server Plant, you first need to examine your Skype for Business Server servers’ health to
ensure that they are not the source of poor quality. It does not make sense to examine the underlying
network for problematic call legs until you have assessed the health of your servers.
A key concept of media quality is your managed network versus your unmanaged network. For example,
for call legs that traverse the Internet, it is not possible to assess and maintain a quality service level
agreement (SLA). In the same way, as you assess other areas of your network, such as wireless, your users
might not experience achievable, quality SLA because of factors outside of your control; you would
consider these call legs to be unmanaged. As you customize CQM for your uses, focus on the areas that
you consider managed—the ones that you control.
CQM Scorecard and Rate My Call

The Call Quality Methodology Scorecard is a Microsoft Excel 2013 workbook with macros enabled, and it
includes features that enable you to:
 Load the comma-separated value (CSV) files that the CQM.ps1 script generates into individual Excel
spreadsheets.
 Remove results from off-work days.
 Generate stream distribution charts for individual trend query results.

 Generate trending charts for individual trend query results.
 Generate the top Issues for various categories.
 Generate trending charts for reliability.

 Generate trending charts for Rate My Call.
 Update the Call Quality Methodology Scorecard.
Skype for Business introduces the Rate My Call feature, where users can give a star rating to a call, with
the maximum being five stars. The rating is retrieved by the media path element, and it is presented with
the corresponding trend chart.
Lab A: Implementing Monitoring

Scenario
A. Datum Corporation has installed a Skype for Business Server Front End Server and a Back End Server at
the London site. You need to enable the monitoring server components with the Back End Server located
on LON-SQL1. Then you must deploy monitoring reports.
Objectives
After completing this lab, you should be able to enable report monitoring.
Lab Setup

20334B-LON-SFB2, 20334B-LON-EX1, 20334B-LON-CL1, 20334B-LON-CL2
Password: Pa$$w0rd
1. On the host computer, start Microsoft Hyper-V Manager.


o Domain: Adatum

20334B-LON-SFB2, and 20334B-LON-EX1.
6. Start 20334B-LON-CL1, and 20334B-LON-CL2.

7. Do not sign in to these virtual machines until you are instructed.
Complete the following steps for the client virtual machines:
1. Browse to C:\Program Files\Microsoft Learning\20334\Drives\ and double-click LON-CL1.RDP.
2. Click Connect, and accept all other notifications.
o User name: Ed
o Domain: Adatum

5. Click Connect, and accept all other notifications.
o User name: Amr
o Domain: Adatum
Exercise 1: Enabling Monitoring Reports

Scenario
In this exercise, you will walk through the steps to enable monitoring reports in Skype for Business Server.
You will add the monitoring Server SQL store to the topology and deploy monitoring reports to view the
CDR and QoE monitoring reports.
To accomplish this, you will need to:
1. Add the monitoring Server SQL store to the Skype for Business Server Topology Builder.
2. Deploy monitoring reports from the Skype for Business Server Deployment Wizard.
3. Generate data from simulated activities.
1. Install Monitoring Reports.

2. Review the CDR and QoE monitoring reports.
 Task 1: Install Monitoring Reports

1. On LON-SFB1, on the taskbar, click Skype for Business Server Topology Builder.
2. In the Skype for Business Server Topology Builder, click Download Topology from existing
deployment, and then click OK.
3. In the Save Topology As dialog box, in the File Name text box, type
AdatumTopologyMonLab7.tbxml, and then click Save.
4. In the Skype for Business Server Topology Builder, expand Skype for Business Server, expand
Adatum Headquarters, expand Skype for Business Server 2015, expand Enterprise Edition Front
End Pools, right-click pool.adatum.com, and then click Edit Properties.
5. In the Edit Properties window, click General.
6. In the General pane, select Monitoring (CDR and QoE metrics).
7. In the Monitoring SQL Server store drop-down list box, select LON-SQL1.adatum.com/Default,
and then click OK.
8. In the Action drop-down list box, select Topology, and then click Publish to publish the changes in
the topology.
9. In the Publish Topology window, click Next to validate the changes that were made in the topology.
10. On the Select databases page, ensure that LON-SQL1.adatum.com\Default is selected, and then
click Next.
Wait while the topology publishes.

11. On the Publishing wizard complete page, verify that all steps show as Success or Warning.
12. On the Publishing wizard complete page, click the Click here to open the to-do list link.
13. When the file opens in Notepad, read the steps listed, and then close Notepad.
14. On the Publishing wizard complete page, click Finish.
15. Close the Skype for Business Server Topology Builder.
16. On LON-SFB1, on the task bar, click Skype for Business Server Management Shell.
Enter to start the stopped Skype for Business Server services.
Start-CsWindowsService
18. On LON-SFB1, on the task bar, click Skype for Business Server Deployment Wizard.
19. In the Skype for Business Server Deployment Wizard, click the Deploy Monitoring Reports link.
20. On the Specify Monitoring Database page, verify that LON-SQL1.adatum.com is listed for both
the Monitoring Database and the SQL Server Reporting Services instance, and then click Next.
21. On the Specify Credentials page, in the User name text box, type Adatum\Administrator, in the
Password text box, type Pa$$w0rd, and then click Next.
Note: The account that is specified here will be granted read access to the reporting
databases. This is the account that is used when accessing reports. For lab purposes, we will use
the Administrator account. The user who deploys monitoring reports must be a SQL Server
system administrator.
22. On the Specify Read-Only Group page, type RTCUniversalReadOnlyAdmins, and then click Next.
23. On the Executing Commands page, verify that the last line reads Monitoring Reports have been
successfully deployed, and then click Finish.
24. Close the Skype for Business Server Deployment Wizard.
 Task 2: Review the CDR and QoE monitoring reports

2. On LON-CL1, establish a Skype call from Ed to Amr Zaki. In the Skype for Business client, in the Find
someone field, type Amr, right-click Amr Zaki, point to Call, and then click Skype Call.
3. On LON-CL2, accept the call. Leave the call up for about two minutes, and then hang up.
4. On LON-SFB1, click Skype for Business Server Control Panel on the taskbar.
5. In the Windows Security dialog box, in the User Name text box, type Administrator. In the
Password text box, type Pa$$w0rd, and then click OK.
6. On the Home screen, under Top Actions, expand View Monitoring Reports, and then click
LON-SQL1.adatum.com. Wait for Microsoft Internet Explorer to open the Monitoring Reports
page.
7. On the Monitoring Reports page, in the upper-right corner, click Dashboard.

8. View the collected data on the dashboard:
o System usage data
o Per-user call diagnostics data
o Call diagnostics data
o Media quality diagnostics data
9. In the Monitoring Server Dashboard, in the upper-right corner, click Monthly View.
10. In the Monitoring Server Dashboard, in the upper-right corner, click Reports.
11. On the Monitoring Reports page, view each report that is listed under System Usage Reports, and
then review the collected data.
12. On the Monitoring Reports page, view each report that is listed under Call Diagnostic Reports
(Per User), and then review the collected data.
13. On the Monitoring Reports page, review each report that is listed under Call Diagnostic Reports,
and then review the collected data.
14. On the Monitoring Reports page, view each report that is listed under Media Quality Diagnostic
Reports, and then review the collected data.
15. In one of the reports, at the uppermost part of the page, click Save, and then from the drop-down list
box, click Excel.
16. In the File Download dialog box, click Save.
17. Close all open windows on LON-SFB1.
 Task 3: Prepare for the next lab

virtual machines; leave them running in preparation for the next lab.
Results: After completing this exercise, you should have deployed monitoring reports on the Skype for
Business Server Back End Server and verified access to the CDR and QoE monitoring reports.
Lesson 2
Overview of Archiving
Corporations and other organizations are subject to an increasing number of industry and government
regulations that require retaining specific types of communications. With the Archiving Server feature,
Skype for Business Server provides a way for you to archive IM content, web conferencing (meeting)
content, or both. The Archiving service provides various components that you can use to archive IM and
meeting content. To do this, you should be aware of the process for configuring the Archiving service and
the capabilities that the Archiving Server role offers.
Lesson Objectives
 Identify archiving components in Skype for Business Server.
 Explain how to archive in IM.

 Describe archiving for conferences and conferencing compliance.
 Describe archiving deployment options.
What Is Archiving?
Skype for Business Server communications
software provides several features and
components that enhance your ability to
archive, retain, and record IM and meeting
content for compliance purposes.
Archived content
Content that is archived includes:
 Peer-to-peer IM content.
 Multiparty IM content.
 Web conference content, including uploaded

content such as handouts and events such as joining, leaving, uploading, sharing, and changing
visibility.
 Whiteboards and polls shared during conferences.
Content that is not archived

Content that is not archived includes:
 Peer-to-peer file transfers.
 Audio/video for peer-to-peer and conferences.

 Desktop-sharing session content.
 Application sharing session content.
Note: You can record audio/video, application sharing, or both in the Skype for
Business 2015 client.
Note: Skype for Business Server does not archive Persistent Chat conversations. To archive
Persistent Chat conversations, you must enable and configure the Compliance service, which is a
component that you can deploy with Persistent Chat Server.
Features
Archiving features in Skype for Business Server include:
 Collocation on Front End Servers. The Archiving service is collocated on the Front End Server role in
Skype for Business Server in the form of unified data collection agents. In some of the previous
versions of Microsoft Lync Server, the Archiving role deployed as a separate Archiving Server role. In
Skype for Business Server, Archiving is an optional feature that is available on all Front End Servers.
 An Exchange Server integration option. Archiving data storage can integrate with Microsoft Exchange
Server 2013 for all users who have mailboxes in Exchange Server 2013 and have their mailboxes put
on In-Place Hold. This removes the need to deploy separate SQL databases for archiving.
 A searchable transcript of archived information. Data that archives to Exchange 2013 is searchable
and discoverable. If Exchange 2013 integration is not used, Skype for Business Server provides a
session export option that you can use by running the Skype for Business Server Export-
CsArchivingData cmdlet.
 Archiving SQL Server store. If Exchange 2013 integration is not used, Skype for Business Server
Archiving uses SQL databases to store archive data. In support of high availability for the archiving
SQL Server databases, you might deploy SQL Server database mirroring or AlwaysOn Availability
Groups.
Archiving in IM
If you deploy Archiving, you can set it to archive
IMs and conferences, and you can specify the
users who have archiving enabled. When you
deploy Archiving, a global policy is created by
default. You can use the global policy to archive
internal communications (communications among
internal users) and external communications
(communications that include at least one external
user). You also can specify the users who have
archiving enabled by creating policies for specific
users or sites. If archiving is enabled for at least
one user, you can archive IMs from multiparty
conferences even if all users in the conference have not been configured for archiving.
If Exchange Server 2013 integration is configured, you can control archiving for a user by configuring an
In-Place Hold on the user’s mailbox in Exchange. Additional control is available by using the
ExchangeArchivingPolicy parameter of the Set-CsUser cmdlet.
Archiving for Conferences and Conferencing Compliance

Skype for Business Server consolidates
conferencing compliance storage and
management to make it easier for you to
administer. In Skype for Business Server:
 Archiving policy settings for both IM and

meetings are unified for easier administration.
 The core archiving store consolidates IM
content and web conferencing attendee
entries and exits. Meeting handout content is
still stored on the file share that the Front End
Servers or Standard Edition servers use.
Note: Internal or external communication archiving is not enabled by default.
When you enable archiving for a particular user, all IMs and meeting content in both IM conferences and
web conferences that the user participates in are archived.
Group conferences are archived if one of the following policies is configured to enable archiving:
 At least one of the participants has a user policy that is configured to require archiving.
 The global policy or site policy is configured to enable archiving of all group conferencing.
Archiving Deployment Options

Before you can configure and use archiving, you
must first select the data storage platform
(Exchange or SQL Server) and then define
Archiving in the topology.
Archiving service components

The Archiving service in Skype for Business Server
includes the following components:
 Unified data collection agents. These agents

are responsible for capturing the messages to
be archived. The agents install and activate
automatically on every Skype for Business
Server Front End Server and Standard Edition server. However, no messages are captured unless
archiving is enabled and is appropriately configured. Archiving can be enabled at the global level, site
level, or for specific users.
 Archiving data storage. Archived data can be stored in the following locations:
o Exchange Server 2013 storage. Skype for Business Server users who have mailboxes in Exchange
Server 2013 will store archived data on the Exchange Server, but only if the mailboxes have been
put on In-Place Hold in Exchange.
o SQL Server storage. Archiving data is stored in an SQL Server database when Exchange
integration is not enabled, when Skype for Business Server users do not have mailboxes in
Exchange Server 2013, or when Skype for Business Server users with mailboxes have not been put
on In-Place Hold in Exchange.
Exchange storage
If you choose to integrate with Exchange, you will use Exchange 2013 policies and configurations to
control Skype for Business Server archiving. You can configure archiving configuration options at the
global level, site level, and pool level. If your deployment includes multiple forests, you must synchronize
the settings between Skype for Business Server and Exchange Server 2013.
Skype for Business Server storage

If you choose Skype for Business Server storage, you will use Skype for Business Server archiving policies
and configurations to control how archiving is enabled and implemented. Skype for Business Server
storage uses SQL Server databases, so you will need to add the appropriate SQL Server databases to your
topology and then configure your archiving policies.
When adding SQL Server storage databases to your topology, you can choose to collocate the Archiving
databases with any of the following:
 Monitoring database
 Back End Server database of an SQL Server Enterprise Edition Front End pool
Database collocation
If you collocate the Archiving database with the monitoring database, Back End Server database, or both
of these databases, you can either:
 Use a separate SQL Server instance for each database.

 Use a single SQL instance for any or all of the databases, with the following limitation: Each SQL
instance can contain only a single Back End Server database, a single monitoring database, and a
single Archiving database.
Note: We do not recommended collocating the Archiving database with the Back End
Server database. Although the server that hosts the Archiving database can host other databases,
be aware that if you are archiving more than a few users’ messages, the disk space that the
Archiving database needs can grow very large.
Question: In what scenarios might you decide not to use Exchange Server 2013 as your archiving
storage even if you have deployed Exchange Server 2013 integration?
Lesson 3
Designing an Archiving Policy
Before you deploy an archiving policy, it is important to understand the design of an archiving policy. This
is important when other Microsoft products are deployed within an enterprise, such as Exchange Server
2013. You might also need to plan for retention of your archive content in accordance with your
organization’s legal requirements.
Lesson Objectives
 Explain how to design an archiving policy with different scopes.
 Explain how to design an archiving policy for Exchange integration.
 Explain how to design an archiving policy with mission-critical requirements.
 Explain how to archive content for long and short terms.

 Describe purge mode.
Global, Site, and User Policies

If you choose to use SQL Server databases in
Skype for Business Server to store archival data,
you can configure Skype for Business Server
archiving policies to control how archiving
implements in your organization. In each Skype
for Business Server archiving policy, you can
enable or disable Archiving for either or both of
the following:
 Internal communications
 External communications
Scope
You can specify policies to control the archiving of specific content. Your scope should include which
policies are required, whether archiving is enabled for internal communications, external communications,
or both, and which workloads are to be archived.
You can control the scope of archiving for your organization by configuring policies at three levels:
 Global
 Site
 User
For each archiving policy, you can specify whether to archive only IM sessions or to archive both IM and
conferencing sessions.
Global archiving policy

A default global archiving policy is created automatically when you deploy Archiving. The global policy
applies to all users and sites in your deployment. The global policy specifies whether to enable archiving
of internal communications, external communications, or both. The global policy can specify to archive
IMs from all multiple party conferences even if you have set archiving policies for specific users and sites.
Note: By default, archiving is not enabled for internal or external communications.

Additionally, you cannot delete the global policy.
Site archiving policy

You can enable archiving support for specific sites. For example, to enable archiving support for a
small number of sites, you can set the global archiving policy not to archive internal or external
communications, and then create a policy for each site in which you want to enable archiving. As
with a global policy, you decide whether to enable archiving of internal communications, external
communications, or both.
User archiving policy

You can choose to enable or disable archiving support for specific users. As with global and site policies,
you can specify whether to enable archiving of internal communications, external communications, or
both.
For example, to disable archiving support for specific users at a site, you can:
 Set the global archiving policy to not archive internal and external communications.
 Create a site policy to enable archiving for a site.
 Create a user policy that disables archiving support for users.
If you create both site and user policies, user policies override site policies.
Exchange Archiving
If your Skype for Business Server users have
mailboxes in Exchange Server 2013 and their
mailboxes have been enabled for an In-Place
Hold, you can archive content from Skype for
Business Server to the Exchange Server. To
manage archiving for Skype for Business Server
users, you will use Exchange In-Place Hold policies
and settings, and Skype for Business Server
configuration options, to control:
 Whether to archive IM, conferencing, or both.
 Whether to implement critical mode for your

Skype for Business Server deployment.
 Whether to select the Exchange integration option to use Exchange 2013 for storage of archived
data.
 Whether to set up purging and exporting of data.

Scope
You can control archiving configuration for your organization by configuring policies at three levels:
 Global
 Site
 Pool (service)
For each archiving configuration, you can specify whether archiving is enabled, whether to archive IM or
IM and web conferencing, whether to enable Exchange integration, and whether to configure purging.
Global archiving configuration

A global configuration for Archiving is created automatically when Skype for Business Server is deployed
and applied to your entire Skype for Business Server deployment. However, no archiving options are
enabled in the global configuration by default. This is the most common level in which to configure
archiving in Skype for Business Server.
Note: You can modify the global configuration, but you should not delete it. If you choose
to delete the global configuration, it will reset to the default settings.
Site archiving configuration

Optionally, archiving options can be applied to one or more specific Skype for Business Server central sites
by creating and configuring options in an Archiving configuration for each respective site. A site
configuration overrides the global configuration, but only for the specified site.
For example, if you enable Archiving for only IM in the global configuration and you enable Archiving for
IM and conferencing in a new site level configuration, then conferencing would be archived only for the
site and not for the entire organization.
Pool archiving configuration

Optionally, you can apply archiving options to one or more specific Skype for Business Server pools
by creating and configuring options in an Archiving configuration for each respective pool. A pool
configuration overrides the global and site (if configured) configuration, but only for the specified pool.
For example, if you enable archiving for only IM in the global configuration, Archiving for IM and
conferencing in the site level configuration, and Archiving for only IM in a new pool configuration,
then the content for IM only would be archived for the users in the pool. The content for both IM and
conferencing would be archived for all users in the site except the users in the specified pool. The content
for IM only would be archived for all other users in your organization.
Exchange archiving policy

When Exchange 2013 integration is configured and a Skype for Business Server user has a mailbox on
an Exchange 2013 Mailbox server, you can choose to enable or disable archiving support for specific
users by using the Set-CsUser cmdlet in the Skype for Business Server Management Shell. The
ExchangeArchivingPolicy parameter with this cmdlet determines how Skype for Business Server
manages archiving.
The available options for the ExchangeArchivingPolicy parameter are:
 Uninitialized. Indicates that archiving will be based on the In-Place Hold settings that are configured
for the user's Exchange mailbox. If an Exchange In-Place Hold has not been enabled on the user's
mailbox, the user will have his or her messaging and web conferencing transcripts archived in Skype
 UseLyncArchivingPolicy. Indicates that the user's IM and web conferencing transcripts should be
archived in Skype for Business Server rather than in Exchange Server.
 NoArchiving. Indicates that the user's IM and web conferencing transcripts should not archive at all.
Note that this setting overrides any Skype for Business Server archiving policies that are assigned to
the user.
 ArchivingToExchange. Indicates that the user's IM and web conferencing transcripts should be
archived in Exchange Server, regardless of the In-Place Hold settings that have or have not been
assigned to the user's mailbox.
Question: Is it possible to archive to Skype for Business Server storage and to Exchange Server
storage at the same time?
Overview of Critical Mode

If archiving is critical in your organization, you can
specify that the Archiving configuration should
run in critical mode. In this mode, if IMs and
conferencing content cannot be archived, Skype
for Business Server blocks specific functionality.
For example:
 If the Archiving service is temporarily unable
to send a message to the Skype for Business
Server Storage service, IM functionality is
blocked until archiving support is restored.
 If a web conferencing user uploads a file, but

the file cannot copy to the Archiving file
store, all active conferences that are hosted in the pool are switched to restricted mode, and new
conferences cannot be activated.
Blocking IM and conferencing does not affect any other Skype for Business Server feature and
functionality because it is primarily intended to ensure that compliance requirements are met.
Long-Term Archiving
The archiving SQL Server database is not intended
for long-term retention. Therefore, you need to
move data to other storage locations periodically.
Skype for Business Server provides a session

export tool that you can use to export archived
data and to create searchable transcripts of the
archived data. You use the session export tool to:
 Create transcripts from archived data as

Multipurpose Internet Mail Extensions
(MIME)–formatted Microsoft Outlook Express
Electronic Mail format (.eml) file. The content
consists of the IM or conference transcript,
the conference activity file (as an attachment), and uploaded conference files, including handouts (as
attachments). Transcripts can be created for all users or specific users.
 Mark records that have been exported as safe to delete.

The session export tool creates a single transcript for each completed communications session that
occurred within the specified date range.
To run the session export tool, use the following Skype for Business Server Management Shell cmdlet:
Export-CsArchivingData –DBInstance <Database\Instance> -StartDate "9/1/2015 12:00:00" -

EndDate "10/1/2015 12:00:00"-OutputFolder d:\archive_export
Overview of Purge Mode

You can specify if archive data should be purged.
By default, purging is not enabled. If you enable
purging of archiving data, you must specify one of
the following options:
 Purge archive data after a specific number of

days, regardless of whether it has been
exported. The minimum number of days is 1,
and the maximum number of days is 2,562.
 Purge archive data only after it exports, which

also includes data that has uploaded to
Exchange. This option purges records that the
session export tool has exported and marked
as safe to delete.
You configure purge settings by using the Archiving Configuration tab in Skype for Business Server
Control Panel.
Lesson 4
Implementing Archiving
After planning your archiving policy, you will need to implement archiving across various systems,
including Exchange Server 2013 and Microsoft SharePoint Server 2013. Archived content is only beneficial
if it can be reproduced later. To do this, you should be aware of the available steps to retrieve archive
data.
Lesson Objectives
 Describe how to configure an archiving policy.
 Describe how to implement an archiving policy with Exchange integration.
 Describe how to access archive content.
 Describe how to enable integration with the eDiscovery feature in SharePoint Server 2015.
Demonstration: Configuring Archiving Policies

Demonstration Steps
1. On LON-SFB1, open Active Directory Users and Computers and then add the Administrator account
to CSArchivingAdministrator.
2. Open the Skype for Business Server Topology Builder, and then add the Archiving SQL Server store.
3. Configure Skype for Business Server for archiving.
4. Generate IM traffic to archive.
5. Export archived data by using the Skype for Business Server Management Shell cmdlet Export-
CSArchiving.
6. View the archived data with Microsoft Outlook.
Implementing Archiving by Using Exchange Server

When deploying archiving in Skype for Business
Server, data can be stored in SQL databases or in
Exchange 2013 mailboxes. If you have not
enabled integration with Exchange Server 2013,
then you must define the SQL Server stores that
will be used for archiving, in the Skype for
Business Server Topology Builder. The
administrator must also associate the stores with
the corresponding Standard or Enterprise edition
pools.
If you plan to integrate with Exchange Server 2013, you must configure server-to-server authentication.
To configure integration of Skype for Business Server with Exchange Server 2013, you must:
 Assign the appropriate certificates to each server.
 Configure Skype for Business Server to be a partner application for Exchange Server 2013.
 Configure Exchange Server 2013 to be a partner application for Skype for Business Server.
More information on how to configure integration of Skype for Business Server with Exchange Server
2013 is available in the module, Integration Skype for Business Server with Exchange Server and
SharePoint Server.
Configuring archiving policies

You configure archiving policies by using the Archiving Policy tab of Skype for Business Server Control
Panel. You can use the default global policy, or you can configure specific policies to control whether
archiving is enabled for sites and users.
For each Skype for Business Server site that you deploy, you can create an archiving policy to control
whether archiving is enabled or disabled for internal communications, external communications, or both.
The configuration in the site policy overrides the global policy, but only for the specific site that the site
policy covers. For example, if you enable internal and external communications archiving in the global
policy, you might specify a site policy that disables archiving for internal communications, external
communications, or both for that one site.
Note: You cannot delete the global policy. If you attempt to delete it, the configuration
resets to the default value.
Creating a user policy for archiving

Configuring per-user archiving policies is optional. However, if you deploy per-user policies, you must
assign them explicitly to users, groups, or contact objects. Archiving requirements automatically revert to
default settings that are defined in the global conferencing policy when no specific site level or per-user
policy is assigned.
You can create an archiving policy to control whether archiving for specific users is enabled or disabled
for internal communications, external communications, or both.
The configuration in the user policy overrides the global policy and site policies, but only for the
specific users that the user policy covers. For example, if you enable archiving of internal and external
communications in the global policy, you might specify a site policy that disables it for internal
communications, external communications, or both for that one site. You might then specify a user
policy that enables archiving for a specific group of users at that site.
When Exchange archiving integration is enabled, you can configure the ExchangeArchivingPolicy
parameter through the Skype for Business Server Management Shell only; you cannot access this setting
in the Skype for Business Server Control Panel.
For example, to configure a user account so that IM and web conferencing transcripts are always archived
to Exchange, you can use a command that is similar to the following code example:
Set-CsUser -Identity "Ken Myer" -ExchangeArchivingPolicy ArchivingToExchange
Question: Can you enable archiving in Skype for Business Server to use a SQL Server store and
Exchange Server 2013 simultaneously?
Accessing the Archive

Access to archived data in Skype for Business
Server is dependent on where data is stored.
Exchange Server 2013 storage

When Exchange integration is enabled, Skype for
Business Server users with mailboxes in Exchange
Server 2013 can use Exchange for storing archived
data, but only if the mailboxes have been put on
In-Place Hold in Exchange.
All archived data is stored in the users’ mailbox

Recoverable items folder, which is searchable and
discoverable but invisible to users. This archived
data can only be searched by users with an Exchange Discovery Management role. Exchange Server
enables federated search and discovery natively, along with SharePoint Server, if it is deployed.
Skype for Business Server Archiving storage

Archiving data is stored in an SQL database when Exchange integration is not enabled, when Skype for
Business Server users do not have mailboxes in Exchange Server 2013, or when Skype for Business Server
users with mailboxes have not been put on In-Place Hold in Exchange.
Data in Archiving databases is not searchable or in a readable format, but you can use the Export-
CsArchivingData cmdlet in the Skype for Business Server Management Shell to extract records from the
database and to save them as an Outlook .eml file.
The following command exports all archiving data that has been written to the archiving database
LON-SQL2.adatum.com since July 1, 2015. The resulting output file will be stored in the
C:\ArchiveExport folder:
Export-CsArchivingData -Identity "ArchivingDatabase:lon-sql2.adatum.com" -StartDate

6/1/2015 -OutputFolder "C:\ArchiveExport”
Lab B: Implementing Archiving

Scenario
A. Datum has decided to deploy Archiving for compliance reasons. A. Datum is using Exchange Server
2013, and would like to archive messages to the Exchange store.
Objectives
After completing this lab, you should be able to implement Skype for Business archiving by using
Exchange Server archiving.
Lab Setup

20334B-LON-SFB2, 20334B-LON-EX1, 20334B-LON-CL1, 20334B-LON-CL2
Password: Pa$$w0rd


o Domain: Adatum

20334B-LON-SFB2, and 20334B-LON-EX1.
6. Start 20334B-LON-CL1, and 20334B-LON-CL2.

7. Do not sign in to these virtual machines until you are instructed.
Complete the following steps for the client virtual machines:
2. Click Connect and accept all other notifications.
o User name: Ed
o Domain: Adatum

5. Click Connect and accept all other notifications.
o User name: Amr
o Domain: Adatum
Exercise 1: Enabling Skype for Business Server Archiving to

Microsoft Exchange Server 2013
Scenario
In this exercise, you will configure Exchange Server 2013 as the Archiving Server for Skype for Business
Server, and you will generate some archiving data. Additionally, you will view that same archiving data via
Exchange Control Panel. Follow the steps mentioned in the tasks below to complete this exercise.
1. Configure partner applications on Skype for Business Server and Exchange Server.
2. Generate IM traffic.
3. View the archived messages in Exchange.
4. Troubleshoot failed archiving.
 Task 1: Configure partner applications on Skype for Business Server and

Exchange Server
1. On LON-SFB1, click Start, click Administrative Tools, and then double-click Active Directory Users
and Computers.
2. In the left navigation pane, expand Adatum.com, and then click Users.
3. In the right navigation pane, right-click Administrator, and then click Properties.
4. Click the Member Of tab, and then click Add.
5. In the Select Groups dialog box, type RTCUniversalServerAdmins, and then click Check Names.
Ensure that the typed name is underlined, and then click OK.
6. In the Administrator Properties dialog box, click OK to close the dialog box.
7. Sign out from LON-SFB1, and then sign back in to LON-SFB1 as Adatum\Administrator with the
password Pa$$w0rd.
8. Switch to LON-EX1.
9. On LON-EX1, on the task bar, click Exchange Management Shell.
10. Type the following command, and then press Enter to locate the value of IsExcludedFromProvisioning
for the Mailbox Database:
Get-MailboxDatabase | Select Name,*Provisioning*

11. If the value is True, type the following command, and then press Enter to update the Mailbox
Database so that it is enabled for provisioning:
Get-MailboxDatabase | Set-MailboxDatabase –IsExcludedFromProvisioning:$False
12. Type the following command, and then press Enter to navigate to the Exchange Scripts folder:
cd ‘C:\Program Files\Microsoft\Exchange Server\V15\scripts’
13. At the [PS] C:\Program Files\Microsoft\Exchange Server\V15\scripts> command prompt, type the
following command, and then press Enter:
.\Configure-EnterprisePartnerApplication.ps1 -AuthMetaDataUrl
“https://pool.adatum.com/metadata/json/1” -ApplicationType Lync
14. If you receive the error, “Load balancing failed to find a valid mailbox database,” repeat step 11 of this
task.
15. Type the following command, and then press Enter to stop and restart Internet Information Services
(IIS):
Iisreset
16. On LON-EX1, type the following command, and then press Enter to locate the value for
AutodiscoverServiceInternalURI:
Get-ClientAccessServer | Select Name,AutoDiscover*
17. Record the value from the last script below so that you can recall it later.
https://
19. Type the following command, and then press Enter to configure Skype for Business Server with the
Autodiscover information:
Set-CsOAuthConfiguration –Identity global –ExchangeAutodiscoverUrl https://lon-

ex1.adatum.com/autodiscover/autodiscover.svc
20. Type the following command in the Skype for Business Server Management Shell, and then press
Enter to create a new partner application for Exchange:
New-CsPartnerApplication -Identity Exchange -ApplicationTrustLevel Full -MetadataUrl

https://lon-ex1.adatum.com/autodiscover/metadata/json/1
21. Type the following command, and then press Enter to test the connectivity between Skype for
Business Server and Exchange Server:
Test-CsExStorageConnectivity –SipURI sip:Ed@adatum.com
22. You should receive the result, Test Passed. If not, contact your instructor.
23. On LON-SFB1, type the following command, and then press Enter to enable Exchange Archiving
globally:
Set-CsArchivingConfiguration –Identity Global –EnableArchiving ImAndWebConf –

EnableExchangeArchiving $True
Leave the Skype for Business Server Management Shell open.

24. On LON-SFB1, on the task bar, click Skype for Business Server Control Panel.
25. In the Windows Security dialog box, type Administrator in the User Name text box, type
Pa$$w0rd in the Password text box, and then click OK.
26. In the left navigation pane, click Monitoring and Archiving, click the Archiving Policy tab, click
New, and then from the drop-down list box, click User policy.
27. In the Name text box, type LondonArchivingPolicy. Select Archive internal communications and
Archive external communications, and then click Commit.
28. In the left navigation pane, click Users, in the search box, type Ed, click Find, and then double-click
the Ed Meadows user. Scroll down to the Archiving Policy, click the drop-down arrow, select
LondonArchivingPolicy, and then click Commit.
Enter to enable Exchange Archiving for all users in the London pool:
Get-CsUser -Filter {RegistrarPool -eq "pool.adatum.com"} | Set-CsUser -

ExchangeArchivingPolicy ArchivingToExchange
Enter to display a list of users that have been enabled for Exchange Archiving:
Get-CsUser | Where-Object {$_.ExchangeArchivingPolicy -eq "ArchivingToExchange"} |

Select-Object DisplayName
 Task 2: Generate IM traffic

2. Generate data for the archive by having Ed initiate an IM to Amr, and then have Amr respond to
that IM.
3. Close the Chat window.
 Task 3: View the archived messages in Exchange

1. On LON-SFB1, click Start, click Administrative Tools, double-click Active Directory Users and
Computers, expand Adatum.com, and then click the Microsoft Exchange Security Groups
organizational unit.
2. In the right navigation pane, double-click the Discovery Management group.
3. On the Members tab, click Add.
4. In the Select Users, Contacts, Computers, Services Accounts, or Groups dialog box, type
Administrator, click Check Names, and then click OK.
5. Click OK to close the Discovery Management Properties dialog box.
6. On LON-EX1, click Start, and then click Internet Explorer.
7. In the address bar, type https://lon-ex1.adatum.com/ecp, and then press Enter.
8. On the Exchange Admin Center page, in the User name text box, type Adatum\Administrator, in
the Password text box, type Pa$$w0rd, and then click Sign In.
9. In the right navigation pane, click compliance management.
10. Under In-Place eDiscovery & Hold, click the plus sign (+).
11. In the new in-place eDiscovery & hold window, in the Name and description text box, type
SfBItems, and then click Next.
12. In the Mailboxes window, click Search all mailboxes, and then click Next.
13. In the Search query window, click Filter based on criteria, and then click select message types.
14. In the message types to search window, click select the messages types to search, select Skype for
Business items, and then click OK.
15. In the Search query window, click Next.

16. In the In-Place Hold setting window, click Finish.
17. In the Saving completed successfully window, click Close.
18. In the Exchange Admin Center, in the right navigation pane, click SfBItems. On the toolbar above,
click Refresh. In the right pane, notice the status of Estimate in progress. Do not continue until the
status shows Estimate Succeeded.
19. In the right navigation pane, click SfBItems. In the right pane, scroll down, and then select preview
search results.
Note: A new window opens. Notice the results of the archived message content.
 Task 4: Troubleshoot failed archiving

2. Type the following command, and then press Enter to disable Archiving for the site:
New-CsArchivingConfiguration –Identity site:”Adatum Headquarters” –EnableArchiving

None
4. Click Monitoring and Archiving, and then click the Archiving Configuration tab.
5. Verify that the new archiving configuration settings exist for the Adatum Headquarters site. The site
configuration settings override the global configuration settings. Leave Skype for Business Server
Control Panel open.
6. In Skype for Business Server Control Panel, click New, and then from the drop-down list box, click
Pool configuration.
7. In the Select a Service window, click the Registrar:pool.adatum.com service, and then click OK.
8. In the New Archiving Setting window, verify that the Name box is already populated with
Registrar:pool.adatum.com.
9. In the Archiving setting drop-down list box, select Archive IM and web conferencing sessions,
select Exchange Server integration, and then click Commit.
Verify that the new archiving configuration settings exist.
Note: The pool configuration settings override the global and site configuration settings.
 Task 5: Prepare for the next module

steps:

4. Repeat steps 2 and 3 for following virtual machines:
 20334B-LON-CL2
 20334B-LON-DC1
 20334B-LON-SFB1
 20334B-LON-SFB2
 20334B-LON-SQL1
 20334B-LON-EX1
 20334B-LON-RTR
Results: After completing this exercise, you should have configured archiving settings, including policies,
configurations, and Exchange integration for Adatum. You also should have generated some IM and web
conferencing traffic to archive. Finally, you should have viewed the archived data by using Exchange
Control Panel.

Review Question
Question: Can multiple central sites share archiving or monitoring that has deployed in only one
central site?

In most organizations, IT administrators typically try to deploy cost-effective solutions. Unfortunately, the
same applies to their Skype for Business and overall UC deployments. In previous versions, such as Lync
Server 2013 and earlier, this oversight had serious consequences and resulted in poor call quality and less-
than-optimal availability of UC services. However, many of the new Skype for Business Server features
provide IT administrators with the ability to diagnose almost any issue, starting organizationally at the top
and down to individual users.
8-1
Module 8
Deploying Skype for Business 2015 External Access
Contents:
Module Overview 8-1
Lesson 1: Overview of External Access 8-2
Lesson 2: Configuring External Access Policies and Security 8-5
Lesson 3: Configuring External Access Network and Certificates 8-8
Lab A: Designing and Implementing External User Access 8-15
Lesson 4: Configuring Reverse Proxy 8-21
Lesson 5: Designing Mobility in Skype for Business Server 8-25

Lesson 6: Designing Federation in Skype for Business Server 8-29
Lab B: Installing the Components for External Users 8-32
Module Overview
In Skype for Business Server, external access extends the functionality to users outside the organizational
network, facilitates federation, and makes meetings with external participants possible. This module will
teach you how to install and configure the required components, configure policies and users, and publish
Skype for Business web services to the Internet by using Windows Server 2012 R2 Web Application Proxy.
Objectives
 Identify the components for external access.
 Configure external access policies and security.
 Configure external access and certificates.
 Configure reverse proxy.
 Configure Skype for Business Server 2015 for mobile clients.
 Design and configure federation in Skype for Business Server.

8-2 Deploying Skype for Business 2015 External Access
Lesson 1
Overview of External Access
To provide external access to Skype for Business, you need to know which components you require.
This lesson will introduce the Skype for Business Edge Server role and the requirement for reverse proxy
services. You will also learn how to define different remote user types.
Lesson Objectives
 Describe the components for external access.
 Define remote, federated, Public IM Connectivity (PIC), and anonymous user types.
Edge Server and Reverse Proxy

The Skype for Business Server Edge Server role
and the reverse proxy service are the two
components needed for Skype for Business Server
to handle external access to on-premises Skype
for Business.
Skype for Business allows detailed control over

external access through external access policies
that apply at the global, site, or user level. When
adding external access to on-premises Skype for
Business Server or deploying a hybrid solution,
you must complete the following steps to
configure the infrastructure:
 Add the Skype for Business Server Edge Server role to the topology. The Skype for Business Server
Edge Server role:
o Handles all non-web service traffic for external access; for example, Session Initiation Protocol
(SIP), Persistent Shared Object Model (PSOM), and Real-Time Transport Protocol (RTP).
o Is placed in the DMZ, also called perimeter network.
o Is not a domain member.
 Optionally, add Directors to the topology, which:
o Act as next hop for Edge servers.
o Handle validation of remote users.
o Redirect internal SIP traffic.
o Provide web service for external clients via reverse proxy.

 Implement reverse proxy, which:
o Handles all web service traffic for external access; for example, lyncdiscover, meet, and dial-in.
o Must support port redirection. You can use Web Application Proxy in Windows Server 2012 R2.
 Configure policies:
o External access policies. You can configure these at the global, site, or user level.
o Access Edge configuration. You can configure these at the global level only.
Defining Remote Users

External access to Skype for Business Server
depends on the implemented policies and the
type of user who tries to establish a connection.
Users are only considered external when
traversing an Edge server to reach Front End
Servers. Users on a virtual private network (VPN)
are internal.
Note: Split tunnel VPN can cause problems

with audio/video and sharing with external users.
With split tunnel VPN, only traffic that is destined
for the internal network uses the VPN. When
trying to perform point-to-point A/V conferencing and sharing, the Skype for Business client is
able to connect to the Front End Servers directly, in addition to the external interface on the Edge
server. However, this configuration is not valid, and the connection aborts with a trace error
stating that the call failed to establish because one endpoint was internal and the other was
external. As an alternative, you can use Meet Now, which directs all traffic via the Front End
Servers. This option works regardless of the VPN.
The same applies to DirectAccess. If you use DirectAccess, the Name Resolution Partition Table, which is a
part of the DirectAccess Group Policies, must exempt all internal Skype for Business Domain Name System
(DNS) names. This forces the Skype for Business 2015 client to use the external Edge interface rather than
DirectAccess because internal server names cannot resolve. Users are classified as follows:
 Remote users. All users from a Skype for Business deployment who validate in Active Directory
Domain Services (AD DS) have the same Skype for Business experience inside or outside the
organizational network.
 Federated users. These users are also referred to as authenticated users because they validate in their
respective Active Directory infrastructure. Administrators of the federated organization control the
displayed information, such as display name.
 PIC. Access from Skype for Business to Skype public. PIC is free, but it requires PIC provisioning via
https://pic.lync.com. When enabled, users can search the public Skype Directory without the need for
the Skype public users to merge their accounts with a Microsoft account. Communication with Skype
public is limited to one-to-one instant messaging (IM), audio, and video.
 Extensible Messaging and Presence Protocol (XMPP). Many third-party organizations use this alternate
signaling protocol, which is for both public and internal use. Skype for Business supports federation
with XMPP-based systems for IM and presence, without the need for additional components.
 Anonymous/guest. Users who join a Skype meeting without validating are considered anonymous,
and they choose their own display name.
Question: Which Skype for Business Server role is necessary to enable external access?
Question: Is a VPN a Skype for Business external access solution?

Lesson 2
Configuring External Access Policies and Security
External access policies grant or deny users’ access to external communications. Like all other policies
within Skype for Business, only one policy applies to any user, either through inheritance (global or site) or
granted directly to the user as a user level policy.
The Edge Server role is not a member of the internal domain, but functions in workgroup mode, as it is
located in the perimeter network. The Edge server can be a domain member, i.e., member of a perimeter
network domain for update services.
Because an Edge server is not a member of the internal domain, it cannot use domain controllers to
validate received credentials from a connecting user. Instead, Edge servers are configured with a next hop
server, which is usually internal Front End Servers or Directors, if deployed.
You can configure an Edge server’s next hop server or pool by using the Skype for Business Server
Topology Builder. Allowing external traffic to internal Front End Servers for validation could potentially
place unwanted load on the servers.
By design, the Director role functions as the next hop server for incoming traffic from Edge servers. The
Director functions as a SIP proxy, relaying SIP to the appropriate internal Front End Serve, and it handles
all validation before relaying.
Lesson Objectives
 Explain how to design external access policies.
 Explain how to configure external access policy settings.
 Explain how to use the Director server role.
Designing External Access Policies

You control external communication in Skype for
Business by using an external access policy that
applies either as a global policy, or more
specifically as a site or user policy. The external
access policy governs which users can
communicate externally via the Edge server, both
outbound and inbound. The external access policy
has the following options:
 Enable communications with federated

users. Allows communication with users in
other Microsoft Office Communications
Server, Microsoft Lync Server, or Skype for
Business Server deployments. Users can only communicate with allowed domains, either through
Open Enhanced Federation or as configured directly by the administrator.
 Enable communications with XMPP federated users. Skype for Business supports federation with
XMPP-based systems such as Google Talk and Cisco Jabber.
 Enable communications with remote users. Allows user to communicate with colleagues through
an Edge server and allows a user to connect through the Edge server as a remote user.
 Enable communications with public users. Allows access to the public Skype user base.
Note: For a user to connect from the Internet to Skype for Business via a Skype for Business
Server Edge server, the user’s external access policy needs to allow communication with remote
users.
Besides the external access policy, you must allow the Edge server to transport traffic. You can do so by
using the global Access Edge configuration.
On the Access Edge Configuration tab, you can allow your Edge server to do federation and PIC, and if
enabled, allow for partner domain discovery. Further, if you enabled archiving for external
communications, you can select to send an archiving disclaimer to federated partners—you might be
obliged to do so by local laws.
Also on the Access Edge Configuration tab, you can control whether Edge servers allow remote users,
and optionally, whether to allow anonymous user access to conferences.
Configuring User External Access Policy

Configuring users for external access involves
granting internal users permissions to
communicate with different external user types, in
addition to configuring conferencing policies.
Note: For more information on

conferencing policies, see Module 6,
“Implementing Additional Conferencing Options
in Skype for Business Server 2015.”
When designing external access policies at the

user level, you need to grant the policy to users via Skype for Business Server Control Panel or the Skype
for Business Server Management Shell.
When using Skype for Business Server Control Panel, you can select the user-level external access policy
from a drop-down menu. By using the Skype for Business Management Shell, you can grant an external
access policy directly to an individual user. Alternatively, you can use queries to bulk assign, depending on
criteria such as placement in AD DS or membership of specific AD DS groups.
The following will grant the external access policy named ExternalAccessLondon to the user with the SIP
address adam@adatum.com.
Grant external access policy
Grant-CsExternalAccessPolicy –Identity adam@adatum.com –PolicyName ExternalAccessLondon

Using the Director

The role of the Director in the Skype for Business
Server topology has not changed since Lync
Server 2013. It is still an optional server role. It
hosts web services, pre-authenticates incoming
user requests, and directs external users to their
home pool.
Changing the Director from a recommended role

in Lync Server 2010 to an optional role in Lync
Server 2013 did not diminish the value of the
Director. Instead, this change prioritized reducing
server count and other hardware requirements,
such as hardware load balancers for the Director,
without compromising features and functionality.
You can safely exclude the Director from your topology design with confidence that the Front End Servers
will provide the same services. When you do deploy Directors, internal DNS for web services points to the
Director instead of the Front End Server pool.
When you use the Director role, it is configured as the Next Hop server for the Edge servers, and therefore
authenticates external users. If you do not deploy the Director role, the Front End Server handles
authentication.
Directors host the web service, such as Lyncdiscover, Meet, and Dialin, and they forward traffic to the
appropriate home pool for external users.
Internally, the Autodiscover URL lyncdiscoverinternal.sipdomain.name, would point to the Directors.

Internal clients receive a SIP redirect to their respective home pool after successful authentication.
Question: On which levels can you configure external access policies?

Question: What is the purpose of the Director server role?
Lesson 3
Configuring External Access Network and Certificates
Understanding the functionality of the Edge server and knowing the traffic types and port numbers used
is key to successful deployment of external connectivity.
All Skype for Business traffic is encrypted by default. Most traffic is encrypted by using Transport Layer
Security (TLS), which relies on certificates. When deploying Edge servers, you use two certificates: one
public certificate on the Internet-facing network interface and an internal certificate on the internal-facing
network interface for encrypting internal traffic.
Lesson Objectives
 Describe Edge server services.
 Describe how to install and configure an Edge server.

 Explain how to configure an Edge server for network address translation (NAT).
 Describe internal and external DNS.
 Explain how to configure DNS load balancing.
 Explain how to configure Edge server certificates.
 Describe how to install certificates on the Edge server.
Edge Server Services

The Skype for Business Server Edge Server role
requires two network adapters: one configured as
the external, Internet-facing network adapter and
the other configured as the internal, local area
network (LAN)–facing network adapter. On the
internal network adapter, all traffic types use only
one IP address. The traffic needs to travel to and
from the LAN and all client networks. NAT is not
supported between the Skype for Business Server
Edge server’s internal-facing interface and the
LAN.
On the external network adapter, you can use one
IP address for all traffic types or three different IP addresses—one for each traffic type. The second option
is more firewall-friendly than the first because most traffic can use TCP/443, which is commonly allowed
outbound from most networks.
The IP addresses that you configure on the external network adapter must match the IP addresses in
Skype for Business Server Topology Builder for the services to start successfully. In Skype for Business
Server Topology Builder, you determine whether to deploy NAT. If you use NAT, you define the public IP
address that is used for A/V conferencing in the Skype for Business Server Topology Builder. This instructs
the Edge server to use the public IP address from the Skype for Business Server Topology Builder instead
of the address that is configured on the Skype for Business Server Edge server A/V interface when
negotiating A/V and sharing connections.
If you can use three public IP addresses per Edge server, most of the traffic can communicate on port 443.
Port 443 is typically available for outbound connections from most networks, so it is more likely to
traverse the firewall without being blocked. If you set aside only one public IP address per Edge server,
traffic differentiates based on port rather than IP address. This is less firewall-friendly because the ports
that are used might not be available for outbound connections on all networks.
Configuration with three public IP addresses per Edge server (default setup):
 Access Edge Server handles all inbound SIP traffic through port TCP/443 for remote users, and
inbound and outbound traffic through port TCP/5061 for federated users.
 Web Conferencing Edge Server handles inbound PSOM traffic through port TCP/443.
 A/V Edge server handles RTP traffic for audio, video, and sharing. Sharing uses port TCP/443 for
inbound traffic, and audio and video use port UDP/3478 for inbound traffic, but it can fall back to
TCP/443 if User Datagram Protocol (UDP) fails.
Configuration with one shared public IP address per Edge server (default setup):
 Access Edge Server uses port TCP/5061 for remote users and federation.
 Web Conferencing Edge Server uses port TCP/444.
 A/V Edge server uses port TCP/443 and UDP/3478.
Note: Application-layer firewalls might consider TCP/443 to be HTTPS and block packets
that do not appear to be HTTPS during inspection. Even though you use TCP/443, the traffic is
not HTTPS, and the firewall might block the traffic. You can often solve the problem by defining
your own TCP/443 traffic type in the firewall.
Before the release of Office Communications Server 2007 R2, the Edge server role was divided into the
A/V Conferencing Edge Server and the Access Edge Server. The A/V Conferencing Edge Server role did
not support NAT and had specific requirements for the external firewall. The external firewall needed to
allow ports 50,000–59,999 for both TCP and UDP. Since Office Communications Server 2007 R2, the Edge
Server role functions as a consolidated Edge server, meaning that only the Edge Server role is now
necessary. Skype for Business Server still supports opening the inbound port range of 50,000–59,999 for
both TCP and UDP in the external firewall toward the A/V interface on Skype for Business Server Edge
servers. Skype for Business clients will still attempt to use the high ports. If access to the high ports is
blocked, the Skype for Business client will use UDP/3478 or TCP/443, depending on whether the traffic is
A/V or sharing.
Opening the ports inbound towards the Skype for Business Server A/V Edge Server interface is still
supported and might help circumvent firewall equipment found between the clients that are blocking
UDP/3478 or TCP/443. This could help reduce issues regarding external A/V and sharing connections.
The Skype for Business client or other supported client that is connecting to the A/V Edge Server on either
port TCP/443 or UDP/3478 always uses the 50,000–59,999 range as the source port. The external firewall
needs to allow outbound traffic from the A/V Edge Server interface in the 50,000–59,999 UDP/TCP port
range.
When negotiating media paths, Skype uses the Internet Connectivity Establishment (ICE) protocol, which
in turn uses two different mechanisms for the media stream: Session Traversal Utilities for NAT (STUN)
and/or Traversal Using Relays around NAT (TURN). ICE, STUN, and TURN are necessary for Edge traversal
to function correctly.
Demonstration: Installing the Edge Server Role

Ensure that the Windows PowerShell 3.0 command-line interface, Microsoft .NET Framework 4.5 including
HTTP activation, and Windows Identity Foundation are already installed. Additionally, ensure that the
network adapters on LON-EDG are already configured with IP addresses.
This demonstration will show how to set up an Edge server with one routed public IP address.
Demonstration Steps
1. On LON-SFB1, open Skype for Business Server Topology Builder, and then configure the Edge pool.
Use the following details:
o Single server
o Lon-edg.adatum.com
o Sip.adatum.com
o Internal IP: 172.16.0.5
o External IP: 192.168.1.5
o Next hop: pool.adatum.com
3. Export the topology to C:\Export.zip.

4. Add the primary DNS suffix adatum.com to LON-EDG, and then restart.
5. Install the Skype for Business Edge Server role on LON-EDG.
Note: The .iso image is in C:\Program Files\Microsoft Learning\20334\Drives

\SfB-E-9319.0-enUS.ISO.
Network Address Translation

NAT commonly deploys in the perimeter network.
When using NAT between the external network

adapter on the Edge server and the Internet,
certain rules apply:
 You must use one-to-one NAT, also called

source and destination NAT. The external
firewall/NAT device needs to swap the
addresses both inbound and outbound.
 No hardware load balancing is available when

using NAT.
 Skype for Business Server Topology Builder

configures the Edge server with a public IP address to use when setting up A/V conferencing and
sharing channels.
The Edge server negotiates the setup of A/V conferencing and sharing channels via Session Description
Protocol (SDP), which is a part of the SIP specification. For this to succeed, the Edge server needs to know
the actual public IP address. If using the locally configured IP address from the private IP range, no
connections are possible.
You should ensure that the IP addresses that you configure in Skype for Business Server Topology Builder
are the same IP addresses configured on the Edge server network adapters. If they differ, services will not
start.
If NAT is not in use, the public IP addresses will be on the external-facing network adapter on the Edge
server, and those public IP addresses will assign to the external Edge services by using Skype for Business
Server Topology Builder. This setup requires routing from the Internet to the perimeter network and vice
versa.
Internal and External DNS

All server, pool, and SimpleURL names that Skype
for Business Server Topology Builder references
need to be resolvable by using DNS. Skype for
Business Server uses the same DNS name
internally and externally for certain features. This
is sometimes is referred to as split-brain DNS. For
example, meet.adatum.com will internally resolve
to the IP address of the internal web services URL,
which in turn would be the IP address of the
Skype for Business Server Standard Edition server
or the virtual IP address of the load balancer. A
load balancer is a requirement for web services
when you deploy Skype for Business Server Enterprise Edition with multiple servers in the Front End Server
pool. Externally, meet.adatum.com should resolve by using public DNS to the external IP address of the
reverse proxy.
When on an organizational LAN, internal clients must not be able to make IP connections to any of the
external IP addresses on the Edge server. If an internal client discovers that it can connect to the external
IP addresses, the connection fails with an error in the SIP stack. The actual error message can vary
depending on which external port is connected, but it will likely mention that the connection failed
because both endpoints are internal.
Internally, you must manually add the Edge internal fully qualified domain name (FQDN) and the IP
address to the internal DNS servers. This applies to host names and to pool names. The following are the
most common external DNS records that you must ensure are in place. For the SIP domain adatum.com,
the records would be:
DNS resolving to reverse proxy external public IP:
 Lyncdiscover.adatum.com. Automatic server discovery for external clients.
 Meet.adatum.com. Meeting join page.
 Dialin.adatum.com. Dial-in conferencing numbers and access to personal PIN and conference ID
reset.
 ExternalWebService.adatum.com. For external access to web services, including Skype for Business for
mobile clients.
DNS resolving to respective public IP on edge server:
 Sip.adatum.com. SIP channel used for all modalities, both remote users and federation.
 Conf.adatum.com. Used for whiteboard / PSOM.
 Av.adatum.com. Used for A/V and sharing of desktop and applications.

 _sip._tls.adatum.com SRV 0 0 443 sip.adatum.com. Legacy automatic server discovery.
 _sipfederationtls._tcp.adatum.com SRV 0 0 5061 sip.adatum.com. Required for open and enhanced

federation.
 _xmpp-server._tcp.adatum.com SRV 0 0 5269 sip.adatum.com. Required for XMPP federation.
Note: If you are using closed federation where traffic can only flow to allowed domains,
_sipfederationtls._tcp.adatum.com might not be necessary.
DNS Load Balancing

DNS load balancing uses DNS round robin to
distribute incoming requests somewhat equally
among pool members. One Skype for Business
Server Edge server can handle 12,000 concurrent
connections. If you create an Edge server pool
with an additional Edge server, you can support
up to 24,000 concurrent connections as long as
both servers are operational. Edge server pool
members need to be in close proximity;
geographically dispersed pools are not supported.
Besides the scaling benefits, you also achieve high

availability because connections will automatically
fail over to a running Edge server in case of an outage. When implementing a Skype for Business Server
scaled, consolidated Edge pool, you add the individual host (A) resource records for the pool members, in
addition to the chosen Edge server pool name that is referenced with multiple IP addresses, one for each
pool member.
In organizations with multiple sites, each with its own Edge server pool for media and high availability,
each site can continue without administrator intervention if a complete Edge server pool failure occurs.
This is possible by using the priority part of the DNS service (SRV) resource records.
DNS load balancing requires supported clients and servers. Only clients and servers that run Lync 2010 or
later supports DNS load balancing.
Configuring Edge Server Certificates

Every Skype for Business Server Edge server
consumes two distinct certificates: one for external
communications via the external-facing network
adapter and the other for internal
communications via the internal-facing network
adapter.
The Internet-facing certificate must be from a
public certification authority (CA) so that other
organizations and users can easily federate and
conference with external parties, without
problems related to TLS and certificates.
On the internal-facing network adapter, it is a best practice to use internal certificates from your own,
internal certificate server or CA. The internal-facing network adapter only connects with clients and
servers that are internal.
The Certificate Wizard in the Skype for Business Server Deployment Wizard marks the private key as
exportable on the public certificate in order to reuse the same certificate on all external network adapters
that are in the same Edge server pool. You need to do the same on the internal network adapters, but be
aware that the Certificate Wizard will not warn you about the internal requirement.
When you run the Certificate Wizard to request and assign the certificates, it automatically adds the
required names to the subject name and subject alternative name (SAN). When requesting the internal
certificate as an Edge server pool member, the wizard only adds the Edge server pool name to the internal
certificate. We recommend that you manually add the individual FQDNs of the Edge pool members to the
SAN. Then, if you ever need to move from an Edge server pool to a single Edge server, you will not need
new certificates.
Remember that the Edge server should not be a member of the internal AD DS. Because the Edge server
is typically in workgroup mode or is a member of a perimeter network domain, it does not automatically
trust the internal CA. You will need to add the necessary root certificate, and if necessary, intermediate
certificates to the certificate store on the Edge servers.
Commonly, when you request certificates for Edge servers, you will use the offline request feature, which
generates a certificate request file that contains the public key of the certificate. This file is used when
requesting certificates from both a public CA and the internal, private CA.
Note: You can successfully request and install internal certificates on the Edge server
without having root trust in place. No services will start until the certificate is from a trusted CA.
Depending on the firewall settings that are governing the traffic between the LAN and the perimeter
network, you might be able to access the web services URL of the certificate infrastructure. From here, you
can request both the root and intermediate certificates, in addition to requesting new certificates.
If the web services interface has deployed on your AD DS CA, you can access it by using the URL in the
format http(s)://certificate.server.name/certsrv.
Demonstration: Installing Certificates on the Edge Server

The instructor will now complete the LON-EDG installation.
Demonstration Steps
1. Switch back to LON-EDG.
2. In Internet Explorer, go to http://lon-dc1.adatum.com/certsrv.
3. Download, and then install the root certificate.
4. Request, and then assign the internal certificate online.

5. Request the external certificate offline. Use lon-dc1.adatum.com/certsrv to request and issue the
external certificate. Add the following SANs:
o Lyncdiscover.adatum.com
o Dialin.adatum.com
o Meet.adatum.com
o Pool.adatum.com
o Wac.adatum.com
6. Download the issued certificate, and then assign it to External Edge.
7. Start LON-EDG Skype services by using the Start-CsWindowsService command.
8. Verify the services by using the Get-CsWindowsService command.
Note: FabricHostSvc should be stopped.
Question: Can you combine hardware load balancing with NAT?

Lab A: Designing and Implementing External User Access

Scenario
A. Datum Corporation has decided to extend Skype for Business functionality beyond its organization.
Your task is to add a single consolidated Edge server by using routing in the London office. A server
named LON-EDG is prepared with the prerequisites.
Objectives
 Add an Edge server to Skype for Business Server Topology Builder.
 Install and configure an Edge server.
Lab Setup
Virtual machines: 20334B-LON-DC1, 20334B-LON-RTR, 20334B-LON-SFB1, 20334B-LON-SFB2,

20334B-LON-SQL1, 20334B-LON-EDG
User name: adatum\administrator, LON-EDG\administrator
Password: Pa$$w0rd
o User name: administrator

o Domain: Adatum

20334B-LON-SFB2, and 20334B-LON-EDG (on LON-EDG, sign in as administrator with the
password Pa$$w0rd).
6. After completing this lab, leave the virtual machines running. You will need them in the next lab.
Exercise 1: Defining the Edge Server in the Topology

Scenario
To provide external access to Skype for Business, you will add a single consolidated Skype for Business
Edge server to the topology and publish it.
1. Add an Edge Server to the topology and publish it.
2. Export the topology.

 Task 1: Add an Edge Server to the topology and publish it

1. On LON-DC1, add the host (A or AAAA) resource record for lon-edg.adatum.com, pointing
172.16.0.5 to the Adatum.com DNS zone.
2. Switch to LON-SFB1, and if not already signed in, sign in as adatum\administrator with the
password Pa$$w0rd.
3. Open Topology Builder, and then save the current topology as C:\Lab08A.tbxml.
4. Add lon-edg.adatum.com as a single Edge server, without NAT, and with all the following functions
enabled:
o Internal FQDN: lon-edg.adatum.com

o External FQDN: sip.adatum.com:443
o Internal IP: 172.16.0.5
o External IP: 192.168.1.5
o Next hop server: pool.adatum.com
5. Associate lon-edge with pool.adatum.com.
6. Set as the default federation route for Adatum Headquarters for both SIP and XMPP.
 Task 2: Export the topology

 On LON-SFB1, open the Skype for Business Server Management Shell, and then export the topology
by typing the following command and pressing Enter:
Export-CsConfiguration –FileName c:\Lab08Export.zip
Results: After completing this exercise, you should have added an Edge server to the topology and
publish it, and then exported the topology.
Exercise 2: Installing and Configuring an Edge Server

Scenario
You added the LON-EDG server to the topology without any problems. Now you must install and
configure the Edge server.
1. Install the Edge server on LON-EDG.
2. Install certificates and start services.
3. Enable external access by using policies.
4. To prepare for next lab.
 Task 1: Install the Edge server on LON-EDG

1. On the host machine, insert C:\Program Files\Microsoft Learning\20334\Drives\SfB-E-9319.0 as
a CD/DVD drive on LON-EDG.
2. Add 192.168.1.1 as the default gateway on the perimeter network connection.

3. Use Server Manager to add the DNS suffix adatum.com to LON-EDG.
4. Restart LON-EDG.
5. Sign in to LON-EDG as administrator with the password Pa$$w0rd.
6. Start Skype for Business setup from the DVD.
7. Install the local configuration store from the \\LON-SFB1\c$\Lab08Export.zip file.
8. Install the Skype for Business Server components.
 Task 2: Install certificates and start services

1. Switch to LON-EDG. If necessary, sign in as administrator with the password Pa$$w0rd.
2. Open Internet Explorer, and then go to http://lon-dc1.adatum.com/certsrv.
3. In the Windows Security window, authenticate by using the user name adatum\administrator with
the password Pa$$w0rd.
4. On the Microsoft Active Directory Certificate Services – AdatumCA page, click Download a CA
certificate, certificate chain, or CRL.
5. In the Download a CA Certificate, Certificate Chain, or CRL window, click Download CA certificate.
6. In the Do you want to open or save certnew.cer (863 bytes) from lon-dc1.adatum.com? window, click
Open.
7. In the certnew.cer download has completed window, click Open.
8. In the Certificate window, click Install Certificate.
9. In the Certificate Import Wizard, select Local Machine, and then click Next.
10. On the Certificate Store page, select Place all certificates in the following store, and then click
Browse.
11. In the Select Certificate Store window, select Trusted Root Certification Authorities, and then click
OK.
12. Back on the Certificate Store page, click Next.
13. In the Completing the Certificate Import Wizard window, click Finish.
14. Close the Import was successful window by clicking Ok.
15. Select OK in the Certificate window to close it.
16. Switch back to the Skype for Business Server Deployment Wizard. If the previous steps completed
without error, you can continue even if Step 2 is not marked as complete.
17. Go to Step 3: Request, Install or Assign Certificates, and then click Run. This opens the Certificate
Wizard.
18. In the Certificate Wizard, select Edge Internal, and then click Request.
19. In the Certificate Request window, accept the default selection Send the request immediately to an
online certification authority, and then click Next.
20. On the Choose a Certification Authority (CA) page, in the Specify another certification authority
text box, type lon-dc1.adatum.com\AdatumCA, and then click Next.
21. On the Certification Authority Account page, leave the default selection, type
adatum\administrator in the User name text box, Pa$$w0rd in the Password text box, and then
click Next.
22. On the Specify Alternate Certificate Template page, click Next.
23. On the Name and Security Settings page, select Mark the certificate’s private key as exportable,
and then click Next.
24. In the Organization Information window, in the Organization text box, type A Datum.
25. In the Organizational unit text box, type IT, and then click Next.
26. On the Geographical Information page, from the Country/Region drop-down list, select United
Kingdom.
27. In the State/Province text box, type UK.
28. In the City/Locality text box, type London, and then click Next.
29. On the Subject Name / Subject Alternate Names page, click Next.
30. On the Configure Additional Subject Alternative Names page, click Next.
31. On the Certificate Request Summary page, click Next.
32. An “Executing Commands” message displays. Wait for the Task status to display Completed, and
then click Next.
33. On the Online Certificate Request Status page, accept the default selection for Assign this
certificate to Skype for Business Server certificate usages, and then click Finish.
34. In the Certificate Assignment window, click Next.
35. On the Certificate Assignment Summary page, click Next.
36. Wait for the assignment to complete. When complete, click Finish. This closes the Certificate
Assignment Wizard and takes you back to the Certificate Wizard.
37. In the Certificate Wizard, select External Edge certificate (public Internet), and then click Request.
38. On the Delayed or Immediate Requests page, select Prepare the request now, but send it later
(offline certificate request), and then click Next.
39. On the Certificate Request File page, in the File name text box, type C:\CertReq.req, and then click
Next.
41. On the Name and Security Settings page, click Next.
42. On the Organization Information page, click Next.
43. On the Geographical Information page, click Next.
44. On the Subject Name / Subject Alternative Names page, click Next.
45. On the SIP Domain setting on Subject Alternative Names page, click Next.
46. On Configure Additional Subject Alternative Names page, add the following names (because you
are going to use the same certificate for reverse proxy), and then click Next:
o Dialin.adatum.com
o Meet.adatum.com
o Pool.adatum.com
o Wac.adatum.com
48. An “Executing Commands” message displays. When command execution is complete, click Next.
49. On the Certificate Request File page, click View. This opens the CertReq.req file in Notepad.
50. Select all the content by pressing Ctrl+A, and then copy the content by pressing Ctrl+C. You now
have the request data on the Clipboard.
51. Click Finish to close the Certificate Request window.
52. Switch back to Internet Explorer.
53. On the AdatumCA page, in the top-right corner, click Home.
54. On the Microsoft Active Directory Certificate Services -- AdatumCA home page, click Request a
certificate.
55. On the Request a Certificate page, click Advanced certificate request.
56. On the Advanced Certificate Request page, click Submit a certificate request by using a base-
64-encoded CMC or PKCS#10 file, or submit a renewal request by using a base-64-encoded
PKCS #7 file.
57. In the Saved Request text box, paste the content of the Clipboard by pressing Ctrl+V.
58. In the Certificate Template drop-down list, select Web Server, and then click Submit.
59. On the Certificate Issued page, click Download certificate.

60. Click Open when asked whether to open or save.
61. In the The certnew.cer download has completed window, click Open.
62. In the Certificate Information window, click Install Certificate. This opens the Certificate Import
Wizard.
63. In the Welcome to the Certificate Import Wizard, under Store Location, select Local Machine, and
then click Next.
64. In the Certificate Store window, select Place all certificates in the following store, and then click
Browse.
65. In the Select Certificate Store window, select the Personal store, and then click OK.
66. On the Certificate Store page, click Next.
67. In the Completing the Certificate Import Wizard, click Finish.
68. On the Certificate page, click OK.
70. Switch back to the Certificate Wizard.
71. Select External Edge certificate (public Internet), and then click Assign.
73. On the Certificate Store page, select Skype for Business Server 2015 External Edge certificate,
75. Wait for the Certificate Assignment task to complete, and then click Finish.
76. In the Certificate Wizard, note the green check marks, and then click Close.
Enter:
Enter to validate that the services are running:
Get-CsWindowsService
 Task 3: Enable external access by using policies

1. Switch to LON-SFB1, and if not signed in, sign in as adatum\administrator with the password
Pa$$w0rd.
2. Open Skype for Business Server 2015 Control Panel from the taskbar. Sign in as
Adatum\Administrator with the password Pa$$w0rd.
3. In the left navigation pane, click Federation and External Access.
4. Under External Access Policy, double-click the Global policy to edit its settings.
5. In the External Access Policy - Global window, select all check boxes, and then click Commit.
6. Still in the Federation and External Access window, select Access Edge Configuration.
7. Double-click the Global policy, configure the following options, and then click Commit:
o Enable federation and public IM connectivity
o Enable partner domain discovery
o Enable remote user access

o Enable anonymous user access to conferences
 Task 4: To prepare for next lab

virtual machines, but leave them running in preparation for Lab B.
Results: After completing this exercise, you should have installed an Edge server, installed certificates and
started services, and then enabled external access by using policies.
Question: Why did you do an offline certificate request for the external interface on LON-EDG?
Question: Why did you add the DNS suffix to LON-EDG?
Lesson 4
Configuring Reverse Proxy
When deploying external access in Skype for Business Server, you must configure access to the web
services via a reverse proxy. A reverse proxy handles all HTTPS traffic to and from external clients. By using
a reverse proxy, the actual packets that the Front End Server or the Director (if deployed) receives will not
be the original data that the reverse proxy received—the reverse proxy generated those packets.
The key requirement for the reverse proxy is port redirection. On the Skype for Business Server Front End
Server and Director, you will find two different websites: one for internal users on port 443 (80), and
another for external users on port 4443 (8080).
When an external user attempts to contact lyncdiscover.adatum.com, the connection will be toward the
external interface on the reverse proxy on port TLS/443. The reverse proxy then contacts the external
website on port TLS/4443 (8080) that is running on the Skype for Business Front End Server or Director.
Lesson Objectives
 Describe the functionality of the reverse proxy.

 Explain how to configure a reverse proxy.
 Explain how to configure reverse proxy certificates.
 Explain how to use the Windows Server Web Application Proxy.

 Describe how to configure the Windows Server Web Application Proxy.
Using Reverse Proxy in Skype for Business

A reverse proxy handles all access to external web
services. You use a reverse proxy to publish the
external website that runs on the Front End Server
or on the Director. You can use the same reverse
proxy to publish the web services that run on the
Microsoft Office Online server.
You implement reverse proxy to ensure that

HTTPS traffic from the Internet that is destined for
internal domain member computers is, in fact,
HTTPS traffic. Reverse proxy does not forward
received packets to internal machines, but rather,
generates new packets before sending them to
the Front End Server or the Director. Because it bridges the port from 443 to 4443 (and 80 to 8080), the
reverse proxy has to decrypt and re-encrypt traffic, and hence, the new packets.
This process is also known as publishing. The reverse proxy publishes external web services for Skype for
Business Server, including meeting content, address book, and group expansion.
Configuring Reverse Proxy

The steps to configure a reverse proxy vary
depending on the proxy type and the brand that
is used. Reverse proxy requires an HTTPS listener
on the Internet that you configure with a public
certificate, which contains all host headers that
publish via the reverse proxy.
Traffic that is destined for Skype for Business

Server is port-redirected to the Front End Servers
on port TLS/4443.
On the internal path from the reverse proxy to the
internal Skype for Business Server Front End
Servers or Directors, internal certificates from the
internal CA are most commonly used. Be aware that a reverse proxy needs to trust the root certificate
from the internal CA.
Depending on the type and brand of reverse proxy, you can implement varying levels of inspection, such
as malware or antivirus. After the discontinuation of Microsoft Forefront Threat Management Gateway,
the supported offerings from Microsoft include:
 Web Application Proxy, which is new in Windows Server 2012 R2. This component of the Remote
Access group allows publication of apps and services. It requires Active Directory Federation Services
(AD FS) deployment.
 Microsoft Internet Information Services Application Request Routing (IIS ARR). This downloadable
add-in allows IIS to work like a reverse proxy.
Configuring Reverse Proxy Certificates

All traffic in Skype for Business Server is encrypted
by default, including web services that TLS
(HTTPS) protects. When using HTTPS, the
endpoint that receives a request for web service
needs to have a trusted, public certificate installed
and assigned to the web listener.
No internal components actively contact a reverse

proxy. Only external clients and participants use a
reverse proxy. A reverse proxy connects to the
Skype for Business Server Front End Server or
Director by using HTTPS on port TCP/4443. For
the TLS channel to establish a connection, a
reverse proxy must trust the internal CA if internal certificates are in use.
A true wildcard certificate with *.adatum.com is not supported in the Subject Name portion of a
certificate. Skype for Business only supports wildcard certificates on the SAN.
Using the Windows Server Web Application Proxy

Windows Server 2012 R2 includes Web
Application Proxy, which is a reverse proxy
component that supports publishing Skype for
Business Server web services, in addition to the
Office Online server. Web Application Proxy is a
part of the Remote Access features. You can install
it by using Add Roles and Features in Server
Manager, or you can use any other supported
solution, such as Windows PowerShell.
When installing Web Application Proxy, an AD FS

deployment is necessary. Publishing Skype for
Business Server and Office Online Server through
Web Application Proxy does not use AD FS. Skype for Business Server requires Web Application Proxy to
use direct authentication rather than AD FS.
If you have already deployed AD FS, it makes sense to use Web Application Proxy. However, deploying
AD FS solely just to use Web Application Proxy might seem like a waste of time and resources. In this case,
IIS ARR is the better choice.
Note: Many of the most commonly used firewalls have reverse proxy functionality built in,
so you can also consider using that as an alternative.
Demonstration: Configuring Windows Server Web Application Proxy

The instructor will now demonstrate how to deploy Web Application Proxy.
Demonstration Steps
1. Sign in to LON-PXY as adatum\administrator with the password Pa$$w0rd.
2. Open Remote Access Management, click Web Application Proxy, and then run the Web Application
Proxy Configuration Wizard.
3. Use the following information to configure the Federation Service:
o Federation service name: adfs1.adatum.com
o User name: adatum\administrator
o AD FS Proxy Certificate: adfs1.adatum.com
4. Switch to LON-EDG, and then sign in as adatum\administrator with the password Pa$$w0rd.
5. Open the Microsoft Management Console (MMC).
6. Add the Certificates snap-in to the local machine store.
7. Export the sip.adatum.com certificate, including the private key, and then save it to
C:\EdgeExport.pfx.
8. Switch to LON-PXY, and then import the certificate, including the private key, from
\\lon-edg\c$\EdgeExport.pfx.
9. In the Remote Access Management console, under Tasks, click Publish.

10. Use pass-through validation:
o Name: lyncdiscover
o External URL: https://lyncdiscover.adatum.com
o Certificate: sip.adatum.com
o Internal URL: https://lyncdiscover.adatum.com:4443
Ignore the warning about names being similar.
11. Click Publish, and then click Close.
12. Repeat steps 9 through 11 for:

o Meet.adatum.com
o Dialin.adatum.com
o Pool.adatum.com
13. Repeat steps 9 through 11 for wac.adatum.com. Publish without appending :4443 because Office
Online Server does not require port redirection.
Lesson 5
Designing Mobility in Skype for Business Server
Skype for Business Server supports mobile clients, such as the Skype for Business Mobile app running on
iOS, Android, and Windows Phone. This lesson will teach you how to configure Skype for Business Server
for mobile clients.
Lesson Objectives
 Describe mobile device capabilities.
 Describe the Autodiscover service.

 Explain how to enable the Microsoft Push Notification Service (MPNS).
 Describe how to configure settings for external access to the Skype for Business Mobility Service.
Mobile Device Capabilities

By using the Skype for Business mobile client or
the Lync 2013 mobile client, users can
communicate from their mobile devices by using
audio, video, and IM. In the mobile client, users
can configure whether to require Wi-Fi for Voice
over Internet Protocol (VoIP) or for video. If not
enabled, users can still use VoIP and video by
using the mobile device’s data channel.
Note: Using the data channel can be costly,

especially when roaming. Please consult your
mobile provider for pricing details.
If they do not want to use the data channel for VoIP, users can use Call Via Work – a callback from the
server to the mobile devise. If the user configures the mobile client to require Wi-Fi for VoIP and Wi-Fi is
unavailable, users receive an ordinary call on their mobile phone using the carrier’s technology, such as
Wideband Code Division Multiple Access, Global System for Mobile Communications, or Universal Mobile
Telecommunications System. This also applies to outbound calls from the mobile client.
If making an outbound Skype for Business or Lync call when VoIP is restricted, the user receives a call from
Skype for Business Server. When the user answers the incoming call, the Skype for Business Server
establishes a connection to the other party before joining them on the server.
Note: Call via Work can result in cost savings when users roam abroad. It is typically
cheaper to receive a call than make an outbound call when roaming.
Besides giving users access to presence, IM, VoIP, and video, the mobile client also gives access to the
calendar from Microsoft Exchange with today’s and tomorrow’s meetings.
If Exchange 2013 or later is in use, Skype for Business Server can offer a server-side conversation history.
With server-side conversation history enabled, the call history, including IMs, synchronizes across desktop
and mobile clients. With server-side conversation history, you can leave an IM session on your PC and pick
up where you left off from your mobile device.
Mobile clients support click-to-join Skype meetings. When you click the link in an invitation, the built-in
browser on the mobile device hands over control to the Skype for Business mobile client and joins the
audio part of the meeting. This is also true when VoIP is unavailable; the user simply receives a public
switched telephone network (PSTN) callback.
You can control the mobile settings by using a mobility policy. From the Skype for Business Server
Management Shell, you can use the Set-CsMobilityPolicy cmdlet to control the mobile settings. Policies
are available at the global, site, and user level.
Run the Get-CsMobilityPolicy cmdlet to list the current mobility policies.
Autodiscover Service
When you include the Skype for Business Mobile
app or Lync 2013 mobile in your deployment, you
will want to use automatic discovery of the Skype
for Business Server deployment. When configured
for automatic discovery, users only need to enter
their SIP address and password to sign in.
Note: Using SIP as a user name requires the

user principal name (UPN) to be the same as the
SIP address.
If a user’s UPN does not match the SIP address, users can enter their user name, either as domain\user or
as the UPN user@domain.xyz. Mobile clients use lyncdiscover and lyncdiscoverinternal to discover the
Skype for Business Mobility Service, which runs as part of the web service.
Lync 2010 for mobile clients introduced lyncdiscover and lyncdiscoverinternal. This is the preferred
automatic discovery method for Lync 2013 and newer desktop clients.
Note that when mobile clients connect to Skype for Business Server via a reverse proxy, they redirect to
the external web service address by default. If the mobile client is on internal Wi-Fi, this configuration
requires hairpinning through the external firewall. Hairpinning happens when an internal client makes an
outbound connection that loops back through the same firewall.
Having users connect to the external interface when using mobile devices makes reconnections faster.
This is because the endpoint information remains the same even when the client shifts from Wi-Fi to
mobile data and vice versa.
You can keep mobile devices on the inside of a network by using the Set-CsMcxConfiguration Windows
PowerShell command.
Microsoft Push Notification Service

When Skype for Business or Lync 2013 mobile
clients are running on a Windows Phone, MPNS
assists in keeping the mobile client connected to
the Skype for Business deployment. When
Windows Phone puts the Skype for Business
mobile client in a dormant state, the phone
contacts the MPNS and requests that service to
send a wake-up signal when incoming traffic is
detected. Traffic detection occurs on the user’s
Skype for Business Front End pool, which you
must configure for push notification.
The Apple Push Notification Service is no longer

required, but it is still available for backward compatibility with Lync 2010 mobile for iOS. You can enable
push notification by using the Clients tab in Skype for Business Server 2015 Control Panel or by using the
Set-CsPushNotificationConfiguration cmdlet.
Demonstration: Configuring Settings for External Access to the Skype for

Business Mobility Service
The instructor will demonstrate how to configure access to the external web service.
Demonstration Steps
1. Sign in to LON-SFB1 as adatum\administrator with the password Pa$$w0rd.
2. In Skype for Business Server Management Shell, type the following commands, and then review the
settings:
o Get exposed web url:
Get-CsMcxConfiguration
o Get mobile configuration:
Get-CsMobilityPolicy
Note: This completes the last demonstration in this module—please revert all virtual
machines.
Revert all virtual machines

o 20334B-LON-CL2
o 20334B-LON-DC1
o 20334B-LON-SFB1
o 20334B-LON-SFB2
o 20334B-LON-SQL1
o 20334B-LON-EDG
o 20334B-LON-PXY
o 20334B-LON-RTR
Lesson 6
Designing Federation in Skype for Business Server
Federation enables communication and collaboration with users in other organizations who are running
Skype for Business Server or one of its predecessors. Skype for Business Server also supports federation
with XMPP-based systems.
Federation with a Skype public network is commonly known as PIC. It requires completion of the
provisioning process.
Lesson Objectives
 Explain how to configuring a SIP federated domain.
 Describe PIC provisioning.
 Describe how to design and configure federation.
Configuring a SIP Federated Domain

Federation allows users to communicate and
collaborate with users in other Lync or Skype for
Business deployments. When enabling federation,
you can control the level of administrative
governance with the domain discovery settings in
the Access Edge configuration policy. If partner
domain discovery is enabled in both
organizations, for instance, federation can happen
automatically when users add each other by using
their SIP addresses. If partner domain discovery is
not enabled, administrators will have to add
allowed, federated domains to the SIP federated
domains list. Regardless of the domain discovery setting, you can always block SIP domains.
When enabling external access, you have the option to allow federation access. You can configure
federation as Allowed Partner Server, Allowed Partner Domain, and/or Discovered Partner Domain.
 Allowed Partner Server. This enables communication with allowed domains with configured Skype
for Business Edge server addresses only.
 Allowed Partner Domain. This enables communication with allowed domains and automatic
discovery of Edge server addresses and ports.
 Discovered Partner Domain. Skype for Business Server automatically identifies the federation
partners. This federation option works in combination with a block list, where you can block
communications for certain domains. It is the most user-friendly federation option. However, you
must initiate a process to monitor the Event Viewer and Skype for Business Server logs to add
partners to the list of enhanced federation partners or SIP domains that you want to block. The open
federation option has the following limitations:
o Requests only 1,000 SIP Uniform Resource Identifiers (URIs); add to the allowed list to remove this
limitation.
o Allows only 20 messages per second; add to the allowed list to remove this limitation.
PIC Provisioning
You need both licensing and provisioning for
public IM in Skype for Business Server. You do not
require any additional licenses beyond your Skype
for Business client access license to federate.
However, you do need Skype for Business PIC to
federate with Skype public. The Skype for Business
PIC provisioning guide describes the provisioning
process for public IM in detail.
Provisioning guide for Lync-Skype connectivity in Lync Server 2013

http://aka.ms/j4xh7p
You can start the provisioning process when you set up external access to Skype for Business Server for
federation. As part of the provisioning process, you need to provide Microsoft the following information:
 Microsoft agreement number
 Access Edge service FQDN

 SIP domains
 Any additional Access Edge service FQDNs
 Contact information
When Microsoft receives the required information via https://pic.lync.com, the information is tested and
your credibility is established. After testing, you receive a notification, and the provisioning process for
each PIC domain begins.
XMPP Federation
A Skype for Business Server Edge server can
function as an XMPP proxy, forwarding XMPP
traffic to the XMPP translation gateway that is
included on the Front End Servers. The translation
gateway performs the necessary translation
between SIP and XMPP.
When enabled, users can take advantage of

presence and one-to-one IM sessions with XMPP
users in the same way they can with SIP-based
federated partners. XMPP provides IM and
presence only.
When enabling XMPP federation, the public

certificate on the Internet-facing network adapter needs to contain the supported, internal domain names
on the SAN list. If XMPP is not enabled when requesting the public certificate, it will only contain the
chosen FQDN names for access and web conferencing, not the domain name.
Below are some best practices for configuring XMPP federation:
 Like SIP federation, XMPP federation requires DNS records for automatic discovery.
 The service (SRV) resource record should be in the format _xmpp-server._tcp.adatum.com 0 0 5269
sip.adatum.com.
 XMPP operates on TCP 5269, so you must allow this port through the external firewall.
 From the Edge server to the Front End Servers, use port TCP 23456.
 You can configure XMPP federated partners by using the Skype for Business Server 2015 Control
Panel or the Skype for Business Management Shell.
Lab B: Installing the Components for External Users

Scenario
A. Datum wants to support federation and meetings with external participants. Your task is to install and
configure the Windows Server 2012 R2 Web Application Proxy to publish the web services.
Objectives
 Install and configure the Web Application Proxy.
 Validate external messaging.
Lab Setup

20334B-LON-EDG, 2033A-LON-PXY, 20334B-LON-RTR, 20334B-LON-CL1, and 20334B-LON-CL2
User names for servers: adatum\administrator, LON-EDG\administrator, LON-PXY\administrator

User names for clients: adatum\ed for LON-CL1, adatum\amr for LON-CL2
Password: Pa$$w0rd
Virtual machines are running from the previous lab. Start 20334B-LON-PXY, 20334B-LON-CL1, and
20334B-LON-CL2. Sign into LON-CL1 as Adatum\Ed with the password Pa$$w0rd.
Exercise 1: Installing and Configuring Reverse Proxy

Scenario
To provide external access to Skype for Business web services and to support Skype for Business mobile
clients, you will install Web Application Proxy and you will publish the URLs.
1. Configure Web Application Proxy.
2. Import a certificate from LON-EDG1.
3. Create publishing rules for Skype for Business Server and Office Online servers.
 Task 1: Configure Web Application Proxy

2. Add 192.168.1.1 as the default gateway on the perimeter network connection.

3. In Server Manager, open Remote Access Management, click Web Application Proxy, and then run
the Web Application Proxy Configuration Wizard. Use the following configuration settings:
o Federation service name: adfs1.adatum.com
o Use the user name adatum\administrator and the password Pa$$w0rd
o AD FS proxy certificate: adfs1.adatum.com
 Task 2: Import a certificate from LON-EDG1

1. Switch to LON-EDG, and then sign in as LON-EDG\administrator with the password Pa$$w0rd.
2. Right-click Start, and then on the shortcut menu, click Run.

3. In the Run dialog box, type MMC, and then click OK. This opens an empty MMC.
4. On the File menu, click Add/Remove Snap-in.
5. In the Add or Remove Snap-ins window, select Certificates, and then click Add.
6. In the Certificates snap-in, select Computer account, and then click Next.
7. In the Select Computer window, click Finish.
8. In the Add or Remove Snap-ins window, click OK.
9. In the left navigation pane, expand Certificates (Local Computer), expand Personal, and then click
Certificates. This lists the installed certificates.
10. Select and then right-click the sip.adatum.com certificate.
11. On the shortcut menu, point to All Tasks, and then click Export.
12. In the Welcome to the Certificate Export Wizard, click Next.

13. On the Export Private Key page, click Yes, export the private key, and then click Next.
14. On the Export File Format page, click Next.
15. Click Password. Type the password Pa$$w0rd twice to confirm, and then click Next.
16. On the File to Export page, click Browse.
17. Save the exported certificate to C:\EdgeExport.pfx.
18. On the File to Export page, click Next.
19. On the Completing the Certificate Export Wizard page, click Finish, then click OK.
20. Switch back to LON-PXY.
21. Open File Explorer, browse to \\lon-edg\c$\, and then double-click edgeexport.pfx.
22. On the Welcome to the Certificate Import Wizard page, select Local Machine, and then click
Next.
23. On the File to Import page, type the following, and then click Next:
\\lon-edg\c$\EdgeExport.pfx
24. On the Private key protection page, in the Password text box, type Pa$$word.
25. Select Mark this key as exportable, and then click Next.
26. On the Certificate Store page, click Next, click Finish, and then click OK.
 Task 3: Create publishing rules for Skype for Business Server and Office Online
servers
1. On LON-PXY, in the Remote Access Management Console, under Tasks, click Publish.
2. Use pass-through validation:
o Name: lyncdiscover
o External URL: https://lyncdiscover.adatum.com
o Certificate: sip.adatum.com
o Internal URL: https://lyncdiscover.adatum.com:4443
Ignore the warning about names being similar.

3. In the Confirmation box, click Publish, and then click Close.
4. Repeat the above steps three times by replacing lyncdiscover.adatum.com with:
o Meet.adatum.com
o Dialin.adatum.com
o Pool.adatum.com
5. Repeat the above steps for wac.adatum.com. Publish without appending :4443 because Office
Online Server does not require port redirection.
6. Open Network Connections, and then enable the Perimeter network adapter.
Results: After completing this exercise, you should have configured Web Application Proxy, exported and
imported a certificate, including a private key, and then created publishing rules for Skype for Business
Server and Office Online servers.
Exercise 2: Validating External Messaging

Scenario
For this exercise, we will move one of the clients to the external network and then verify that external
connectivity is working.

1. Add public DNS to LON-CL2 by using the Hosts file.
2. Move LON-CL2 to the outside and validate the connection.
 Task 1: Add public DNS to LON-CL2 by using the Hosts file

1. Switch to LON-CL2, and then sign in as adatum\amr with the password Pa$$w0rd.
2. In the search box, type Notepad, right-click Notepad from the results, on the shortcut menu, click
Run as administrator, and then click Yes.
3. In Notepad, on the File menu, click Open, go to c:\windows\system32\drivers\etc\hosts, and then
open the Hosts file.
Note: Select All Files (*.*) in the drop-down list.
4. Add the following records to the Hosts file:
o 192.168.1.5 sip.adatum.com
o 192.168.1.6 lyncdiscover.adatum.com
o 192.168.1.6 meet.adatum.com
o 192.168.1.6 dialin.adatum.com
o 192.168.1.6 pool.adatum.com
o 192.168.1.6 wac.adatum.com
5. Save the Hosts file. Overwrite the existing Hosts file.

 Task 2: Move LON-CL2 to the outside and validate the connection

1. On LON-CL2, open Network Connections, and then disable the LON_Network network adapter.
2. Enable the Internet network adapter.
3. Validate the IPv4 configuration on the Internet connection. The settings should be:
o IP: 131.107.0.51
o Subnet: 255.255.255.0
o Default Gateway: 131.107.0.100
o DNS: Blank
4. Restart LON-CL2. Sign back in as adatum\amr with the password Pa$$w0rd.

5. Wait for Skype for Business to sign in.
6. Send an IM to Ed Meadows to validate the connection to LON-CL1.

steps:
o 20334B-LON-CL2
o 20334B-LON-DC1
o 20334B-LON-SFB1
o 20334B-LON-SFB2
o 20334B-LON-SQL1
o 20334B-LON-EDG
o 20334B-LON-PXY
o 20334B-LON-RTR
Results: After completing this exercise, you should have added public Domain Name System (DNS) to
LON-CL2 via the Hosts file, and moved LON-CL2 to the outside of the network and validate the
connection.
Question: Why did you add :4443 to the published Skype for Business Server URLs?
Question: Why did you install the AdatumCA root certificate on LON-EDG and LON-PXY?

Best Practices
 Use public certificates on public interfaces.
 Do not place NAT between the internal network adapter on the Edge server and the local area
network (LAN).
 Skype public requires the Public IM Connectivity provisioning process to complete before you can
enable it.
 Extensible Messaging and Presence Protocol (XMPP) federation only allows presence and one-to-one
instant messaging (IM).
 Federation can be either open, direct, or enhanced.

 TLS/443 towards the Edge server is not HTTPS. Be aware of the application-layer firewall.

Federation not working
Some users have issues with external A/V and

sharing
Some users experience delays in internal one-

to-one calls
Review Question
Question: What type of federation might your organization deploy?

 When you deploy multiple, geographically dispersed pools, you will also have to deploy multiple
Edge servers and reverse proxies.
 An organization can have only one active federation route per SIP domain, so manual action might
be necessary in case of an outage.
 Use the service (SRV) resource record priority in DNS to add backup routes for federation and remote
user access.
9-1
Module 9
Implementing Persistent Chat in Skype for Business 2015
Contents:
Module Overview 9-1
Lesson 1: Designing a Persistent Chat Server Topology 9-2
Lesson 2: Deploying Persistent Chat Server 9-10
Lab A: Designing and Deploying Persistent Chat Server 9-17
Lesson 3: Configuring and Managing Persistent Chat 9-23
Lab B: Configuring and Using Persistent Chat 9-31
Module Overview
An organization’s employees need to interact with each other in the course of their work. Skype for
Business 2015 provides peer-to-peer and multiparty conferencing modes to support this need.
Additionally, if employees require conversations to persist beyond real-time communications, then
it is necessary to plan, design, and deploy Persistent Chat Server in Skype for Business Server 2015.
Objectives
 Design a Skype for Business topology that includes Persistent Chat.

 Deploy Persistent Chat in Skype for Business.
 Configure and manage Persistent Chat in Skype for Business.

9-2 Implementing Persistent Chat in Skype for Business 2015
Lesson 1
Designing a Persistent Chat Server Topology
Designing a Persistent Chat Server deployment properly for your organization is as important as any
other Skype for Business component. You need to ensure that organizational productivity is not adversely
affected. Additionally, you must ensure compliance with legal requirements and standards. To design a
Persistent Chat deployment, you should be familiar with the elements in the Persistent Chat infrastructure.
This lesson provides an overview of Persistent Chat in Skype for Business, and it provides details and
considerations for designing a Persistent Chat deployment.
Lesson Objectives
 Describe the role of Persistent Chat in a Skype for Business organization.
 Describe the components of Persistent Chat Server.

 Describe single-server topology options.
 Explain multiple-server topologies.
 Identify a Persistent Chat Server infrastructure’s hardware and software requirements.
 Identify the organizational requirements for implementing Persistent Chat Server.
Overview of Persistent Chat Server

The Persistent Chat Server role in Skype for
Business provides a form of communication
whose origins go back two decades. From the
Bulletin Board Systems (BBSs) that existed in the
world of dial-up networking during the early
1990s to the Internet Relay Chat (IRC) servers that
dominated in the early 2000s, there has been a
need for communications that can persist over
time. Persistent Chat Servers not only allow users
to participate in multiparty conversations in real
time, but they also solve communication
challenges that many organizations face, such as:
 Geographically dispersed teams.
 Information overload.
 Disjointed communications.
 Knowledge management.
By using Persistent Chat, teams can efficiently share information, ideas, and decisions with one another.
Messages that post to chat rooms (discussion forums) can persist—that is, they can be available over
time—so that people from different locations and departments can participate even when they are not
simultaneously online. When a user connects to a chat room, backchat, which is a configurable number of
chat history messages, automatically loads in the chat room to give the user context for the conversation.
Client-side filters allow users to define conditions, such as keywords in message content or the value of
the From field in a message. When those conditions are met, users receive notifications in Persistent Chat
instant messages or chat room messages. Because of this, users can stay up to date with the content that
interests them most. Users also can add chat rooms that they want to follow to their contact list.
By making it easy to collaborate in long-running topics with others in an organization, and by providing a
persistent place to share information, Persistent Chat helps improve communication.

Question
Identify the scenarios where you can use Persistent Chat Server.
Employees in the United States need to have running conversations with peers in the
United Kingdom on international sales activity.
Executives are inundated with communications from various business units and want to
be notified if a priority conversation takes place.
Management needs to disseminate policy changes in the organization.
Project teams need to search for conversations that occurred several months back.
Conversations need to archive to Microsoft Exchange Server 2013.
Persistent Chat Server Components

The following are the components of Persistent
Chat Server:
 One or more computers that are running

Front End Server
 One or more computers that are running

Persistent Chat Server and are providing the
following services:
o The Persistent Chat service
o The Compliance service, which is turned

on if compliance is enabled
 One or more computers that host a Microsoft SQL Server back-end database for hosting Persistent
Chat content
 One or more computers that host a SQL Server back-end database for hosting the Persistent Chat
compliance database, if compliance is enabled
Each computer that hosts Persistent Chat Server must have access to an existing Skype for Business
topology, which includes a Skype for Business Front End Server. The Front End Server is the foundation for
Session Initiation Protocol (SIP) routing, which makes the communication between computers that are
running Persistent Chat Server and Persistent Chat functionality possible. When Persistent Chat deploys,
the Front End Server that is designated as the next hop in the topology will be configured to host
Persistent Chat web services for the File Upload and Download service and Persistent Chat web services
for chat room management.
Before you begin to deploy the Persistent Chat Server role, use the Skype for Business Topology Builder to
verify the current deployment of Skype for Business Server Standard Edition, the Skype for Business Server
Front End pool, and any other internal computers that are running Skype for Business. Your existing
infrastructure will affect how you deploy Persistent Chat Server.
Persistent Chat Server uses the Persistent Chat database to store chat history, configuration, and user
provisioning data. Optionally, it uses the Persistent Chat compliance database to store compliance data.
The Persistent Chat Compliance service manages the Persistent Chat compliance database. The role of the
Compliance service is to record and archive information in the compliance database. When members of a
Persistent Chat Server that has the Compliance service enabled have conversations in a chat room, some
information will be collected and archived. This information includes actions and data such as:
 Joining a Persistent Chat room.
 Leaving a chat room.
 Posting a message.
 Viewing chat history.
 Uploading a file.
 Downloading a file.
Best Practice: If you deploy Persistent Chat Server on Skype for Business Server Enterprise
Edition, we recommend that you configure a dedicated Persistent Chat file store in addition to
the file store that is created for the front end.
Single-Server Topology Options

Skype for Business Server supports two Persistent
Chat Server topologies:
 Single-server
 Multiple-server
You can implement a single-server topology in

the following ways:
 A single Standard Edition of Skype for

Business Server with collocated Persistent
Chat Server
 A Standard Edition of Skype for Business

Server Front End Server with a dedicated Standard Edition Persistent Chat Server
 An Enterprise Edition Skype for Business Server pool with a single dedicated Persistent Chat Server
Although deploying a single-server topology might reduce the cost and complexity of a Skype for
Business infrastructure, it will not scale as well as a multiple-server topology. One of the easiest
configurations for cost-savings is collocated Persistent Chat Server and Front End Servers on the
Skype for Business Server Standard Edition. However, you should avoid collocating Persistent Chat Server
and Front End Server on the Standard Edition of Skype for Business Server, especially if your organization
requires performance and scalability. Collocation is an excellent option for proof-of-concept and pilot
projects.
Best Practice: Standard Edition supports installing Persistent Chat Server as a collocated or
stand-alone instance. We recommend the stand-alone option over collocation.
Stand-alone, single Persistent Chat Server topologies provide greater flexibility for organizations that want
to start small and scale out as needed. As long as the Persistent Chat Server is not collocated with the
Front End Server on Skype for Business Server Standard Edition, you can add additional Persistent Chat
Servers to scale to a multiple-server topology at a later time.
Note: The Enterprise Edition of Skype for Business Server does not support collocation. You
must deploy Persistent Chat Server as a stand-alone instance on the Enterprise Edition of
Skype for Business Server. You can use an Enterprise Edition Back End Server for the Persistent
Chat store and optionally for a Persistent Chat compliance store.
The Persistent Chat Back End Server and the optional Compliance service can collocate with Persistent
Chat Server and the Front End Server on the Standard Edition of Skype for Business Server. Additionally, a
single-server topology supports the following Persistent Chat Back End Server and Compliance service
options for the Persistent Chat and Persistent Chat compliance stores:
 Collocated on a Standard Edition server
 Collocated on a single SQL Server
 Installed on two separate database servers
Multiple-Server Topology
To provide greater capacity and reliability, you
can deploy a multiple-server topology. A multiple-
server topology can include as many as four active
computers that are running Persistent Chat Server.
High availability and disaster recovery
configurations will allow up to eight, but only four
can be active; the remaining four are standby.
Each active server can support as many as 20,000
concurrent users, totaling 80,000 concurrent users
that connect to a Persistent Chat Server pool with
four servers.
The multiple-server topology is the same as the

single-server topology except that in the multiple-server topology, multiple servers host Persistent Chat
Server, and you can scale out as needed. Multiple computers that run Persistent Chat Server should reside
in the same Active Directory Domain Services (AD DS) domain as Skype for Business Server and the
Compliance service.
Servers in a Persistent Chat pool communicate with one another over TCP port 8011. Client connections
distribute across the active servers in the pool. Chat history and uploaded data on one server in a pool can
be accessed by other servers in the pool. Users on different servers in a pool can communicate with other
users in the same pool. In the event of a server failure, users are automatically transferred to other servers
in the pool.
Persistent Chat Server Infrastructure

The number of Persistent Chat Servers in your
infrastructure will differ based on your choices
between single-server and multiple-server
topologies and the Standard and Enterprise
Editions of Skype for Business Server. At minimum,
each topology requires a server with
Skype for Business Server installed and a server
with SQL Server database software installed.
Persistent Chat web services for file upload and
download and the web services for chat room
management are web components that deploy on
the Skype for Business Front End Servers with
which the Persistent Chat Servers are associated. All Skype for Business Server workloads, including
Persistent Chat Server, can run on virtual servers.
Note: The “Planning a Lync Server 2013 Deployment on Virtual Servers” document at the
URL below has not been updated to include Skype for Business at the time of writing this
module. However, the recommendations in the document will provide a solid basis for deploying
Skype for Business Server on virtual machines.
Planning a Lync Server 2013 Deployment on Virtual Servers

http://aka.ms/ixub8w
The base hardware and software requirements for a stand-alone Persistent Chat Server instance are the
same as the Front End Server, the Back End Server, and the Standard Edition Server. The following table
lists the hardware requirements.
Central processing unit 64-bit dual processor, hex-core, 2.26 gigahertz (GHz) or faster
(CPU)
Memory 32 gigabytes (GB)
Disk 72 GB of free disk space
Network Dual-port 1 gigabits per second (Gbps)

network adapter or 2 teamed 1 Gbps
network adapters
The following table lists the software requirements.
Operating system  Windows Server 2012 R2 Enterprise

 Windows Server 2012 R2 Standard
 Windows Server 2012 Datacenter
 Windows Server 2012 Standard
 Windows Server 2008 R2 (in-place upgrade only)
Back-end databases  Microsoft SQL Server 2014 Enterprise (x64) with Cumulative Update 6
(CU6)
 Microsoft SQL Server 2014 Standard (x64) with CU6
 Microsoft SQL Server 2012 Enterprise (x64) with the latest service pack
 Microsoft SQL Server 2012 Standard (x64) with the latest service pack
 Microsoft SQL Server 2008 R2 Enterprise (x64) with the latest service pack
 Microsoft SQL Server 2008 R2 Standard (x64) with the latest service pack
Additional software  Windows PowerShell 3.0

 Microsoft .NET Framework 4.5
 Windows Identity Foundation
 Remote Server Administration Tools (RSAT)
 Microsoft Message Queuing (MSMQ)
Note: It is possible to upgrade to Skype for Business Server on a Windows Server 2008 R2
computer. However, we do not recommend new deployments because mainstream support for
Windows Server 2008 R2 expired on January 13, 2015. For more information, refer to the
following website.
Microsoft Support Lifecycle

http://aka.ms/Doayt8
Persistent Chat Server also requires MSMQ, which is used in communications from the Persistent Chat
Server to the Persistent Chat Compliance service.
Each Persistent Chat Server can support up to 20,000 active users. Each Persistent Chat Server pool will
support up to four active servers for a total of 80,000 concurrent users and 150,000 provisioned users
(enabled by policy). The total concurrent users can have no more than 120,000 combined endpoint
connections.
Note: Although you can create multiple Persistent Chat Server pools in a single
Skype for Business Server organization, for compliance reasons, multiple pools will not allow you
to support more than 80,000 concurrent users in the same organization.
Organizational Requirements for Implementing Persistent Chat Server

Before you deploy Persistent Chat Server for your
organization, you must consider the following key
questions to optimize your deployment:
 Which user roles would benefit most from

Persistent Chat? Persistent Chat Server is
enabled by a policy that can be set at a
global, site, pool, or user level.
 What is the total number of provisioned users

versus connected users or endpoints? More
than 20,000 users will require a multiple-
server topology.
 Are you migrating from a previous version of Persistent Chat Server, formerly known as Group Chat
Server, or are you deploying Persistent Chat Server for the first time? Existing Group Chat data might
need to be migrated. Refer to the following link for more details.
Migration from Lync Server 2010, Group Chat or Office Communications Server 2007 R2
Group Chat to Lync Server 2013, Persistent Chat Server
http://aka.ms/hi72cj
 Are there compliance requirements? Persistent Chat Server supports compliance. The Compliance
service runs collocated on the Persistent Chat Server, as opposed to the requirement for a separate
computer in Group Chat Server deployments. Compliance is optional, and if chosen, requires a
compliance database that you must configure to store compliance data and events. You might also
want to configure an adapter to take the data from the compliance database and convert it to
another format, such as XML files or Microsoft Exchange–hosted archives.
 How do you want to control scopes, ethical boundaries, and access? You can define categories in
Skype for Business Server Control Panel or the Skype for Business Server Management Shell to
segregate these boundaries and to choose who can be in chat rooms in each of these categories.
 How do you want to control who can create chat rooms? You can configure creators, appropriate to
your categories, who can create rooms. Creators can assign other members as chat room managers
for ongoing management of the rooms, such as adding or removing additional members. The
AllowedMembers and DeniedMembers lists that you configure in the corresponding category
define who can and cannot be added to a chat room.
 How do you want to create chat rooms? Persistent Chat Server provides a web-based feature for
creating and managing rooms from the Skype for Business client. You can choose to define a custom
chat room creation solution by using the Persistent Chat Server software development kit (SDK).
Custom solutions can support more complex business requirements and workflows. Persistent Chat
Server can also direct users to your custom solution.
 What kind of add-ins do you want to provision? Add-ins enhance the in-room experience by taking
advantage of the extensibility pane in the Skype for Business client to provide context that is relevant
to the room. You can choose what general add-ins might be most useful—for example, your
organization’s website and internal collaboration documents. Chat room managers can choose one of
the registered add-ins and associate it with their rooms, if required.
 What kind of high availability and disaster recovery requirements do you have? Persistent Chat Server
supports SQL Server mirroring and AlwaysOn Availability Groups for high availability. It also supports
up to eight servers—four active and four standby—in a stretched pool with SQL Server log shipping
for disaster recovery.
Question: You are the administrator for an organization that has 25,000 users. Fifty percent
of the users will be enabled for Persistent Chat. Your Chief Financial Officer (CFO) said that
you must implement a communications solution that minimizes cost. Your Chief Technology
Officer (CTO) said that you must implement a solution that can scale to 100 percent of the
users over the next 12 months. What design recommendations would you make to
leadership?
Question: You are the administrator for an organization that has 3,000 users. Ten percent
of the users will be enabled for Persistent Chat. Your CFO said that you must implement a
communications solution that minimizes cost. Your CTO said that none of the content
is critically important. Your Chief Security Officer (CSO) stated that all electronic
communications must be discoverable by legal counsel. What design recommendations
would you make to leadership?
Lesson 2
Deploying Persistent Chat Server
After you design and plan Persistent Chat Server for your Skype for Business Server organization, you will
need to deploy it. This includes publishing the topology and installing the Persistent Chat Server role on
the server or servers that will host your chat rooms. To do this, you should be familiar with the
deployment process and the tools to deploy Persistent Chat Server.
Lesson Objectives
 Describe Persistent Chat scoping options and compliance features.
 Describe best practices for designing a Persistent Chat room.
 Explain how to provision add-ins for Persistent Chat rooms.
 Describe the Persistent Chat Server deployment process.

 Explain how to deploy Persistent Chat Servers.
 Explain how to deploy Persistent Chat Compliance service.
Scoping Membership and Ethical Walls

You can use categories to organize chat rooms.
You must create at least one category or a logical
container in Persistent Chat. For this logical
container, you define the default permissions for
users and groups. You can also turn on and turn
off features such as chat history, invitations, and
file uploads. Using categories to apply settings
reduces administrative overhead. You can use the
AllowedMembers list for a category to scope the
members for an entire category. You can define
this setting to be as broad as an entire domain,
such as Adatum.com, or as narrow as a particular
distribution list, such as DL_Human_Resources. You can also define a list of allowed creators for an entire
category.
By creating two or more categories, organizations can create ethical walls between different groups of
individuals. Ethical walls are defined as: “A process for avoiding conflicts of interest by limiting disclosure
of information to certain attorneys or individuals within a firm or corporation, thereby building a
metaphorical wall between the holders of information and colleagues who represent interests or hold
opinions which conflict” (Susan Ellis Wild, Webster's New World Law Dictionary, [Hoboken, New Jersey:
Wiley Publishing, Inc., 2006], 135).
Categories are particularly helpful if you want to prevent users from seeing certain rooms when they
browse the list of available rooms. It is worth noting, however, that within the scope of a category, secret
rooms are only visible to the members of that room. All other chat rooms are visible to anyone within a
category whether they are a member of a chat room or not.
Within a category, it is possible to define specific user roles. User roles allow organizations to control user
access to individual chat rooms. For example, users can be allowed or denied access to a category. Users
cannot be added to chat rooms in a category they are not configured as allowed or they are explicitly
denied. The following table describes each of the user roles.
User role Permissions
Creator  Create chat rooms

 Assign members within a category
 Assign managers to a chat room
 Manage the rooms they create
Manager  Manage all the properties of a room except the category

 Modify the members list (add/remove)
 Modify the managers list (add/remove)
 Disable, but not delete, chat rooms
Member  Participate in a chat room

 View chat rooms, including secret rooms, in the directory
 Post messages, view content, and search chat history
Presenter  Post to an auditorium room
Some tasks cannot be performed by any of the user roles. Administrator roles perform such tasks. These
roles allow an organization to control who can deploy Persistent Chat, create ethical walls, and perform
advanced administrative tasks on chat rooms.
The following table describes each of the administrator roles.
Administrator role Permissions
Persistent Chat administrator  Manage Persistent Chat configuration (pool, global settings,
(CsPersistentChatAdministrator) and compliance configuration)
 Manage all chat rooms
 Create and manage categories
 Disable and delete chat rooms
 Migrate from Group Chat
 Mange Persistent Chat from the Windows PowerShell
command-line interface
Skype for Business Server  Configure and publish the topology

administrator (CsAdministrator)
 Deploy Persistent Chat Servers
 Configure and manage the Persistent Chat Server
infrastructure
Third-party developers and  Extend Persistent Chat Server services

partners (custom role)
 Provide an ethical wall solution
 Bot (auto responder) development
Best Practices for Chat Room Design

Members go to chat rooms to communicate and
collaborate on a Persist Chat Server. You can
configure chat rooms as:
 Normal. All members can post and read

messages.
 Auditorium. Only presenters can post, but

everyone can read.
The following best practices will allow you to

design chat rooms that will not degrade in
performance as your Persistent Chat Server usage
grows:
 Identify the size of chat rooms so that you can determine the number of chat rooms your server or
pool can support. Keep in mind that there is a maximum of 20,000 active users per server and 80,000
per pool. Here is an example of how you can identify the size based on the number of users:
o Small = 30 active users

o Medium = 150 active users
o Large = 16,000 active users
 Limit the number of access control lists (ACLs) that are created for each chat room. You can create a
maximum of 2 million ACL entries before server performance starts to degrade. We recommend that
you use AD DS security groups instead of individual users to grant access to rooms if possible.
 Minimize the use of invitations sent from and stored by Persistent Chat Servers. Although invitations
sent from a chat room are an excellent tool to illicit participation in a chat room, they come with a
potentially steep price. If the number of generated invitations exceeds 1 million, performance can
severely degrade. Use the Set-CsPersistentChatCategory cmdlet to change the settings for
invitations for an entire category. You can use the Set-CsPersistentChatRoom cmdlet to change
the settings for a specific chat room.
 Monitor chat room performance metrics to determine if changes in the design are necessary over
time.
Capacity planning for Persistent Chat Server in Skype for Business Server 2015
http://aka.ms/lzqeei
As you create your categories and Persistent Chat rooms, design your scoping and membership. The
following guidelines can help you in your planning:
 If your organization does not require an ethical wall, do not narrow the scope in your category tree.
Put all of your users in the scope of one category, and create all chat rooms in that category.
Subsequently, use membership lists only to grant or restrict access to each chat room.
 In most cases, you should enable users to create new chat rooms so that they can start discussions
about new topics at any time. Enable this by making the Creators list the same as the
AllowedMembers list. However, if you only want to allow a central support team or designated users
to create rooms, then make the Creators list the appropriate subset.
 Give each chat room a complete name and description summary that describes where it fits in your
organization. Because users cannot see the category name when they use a chat room, you cannot
rely on the category name to help users determine the intended discussion forum for the chat room.
 You might want to have a custom room-creation workflow if you have certain naming conventions or
other access controls or validations to implement. The Set-CsPersistentChatConfiguration cmdlet
enables you to customize the RoomManagementUrl setting to a workflow that you have built. For
example, when users click Create a room in their Skype for Business client, they bypass the built-in
workflow and connect to your custom solution.
Question: If your organization decides to deploy Persistent Chat Server, which of the following
capacity planning methods do you feel would be appropriate for your organization?
 Plan capacity for number of users

 Plan capacity for chat room access
 Plan capacity for chat room access by invitation
 Plan capacity for performance
Add-Ins for Persistent Chat

Add-ins extend the in-room experience. A typical
add-in might include a URL that points to a
Microsoft Silverlight application that intercepts
when a stock ticker is posted to a chat room,
showing the stock history in the extensibility pane.
Other examples include embedding a Microsoft
OneNote 2013 URL in a chat room as an add-in to
include some shared context, such as “Top of
mind” or “Topic of the day.”
You can create a variety of add-ins that help

enhance chat room experiences by bringing in
other business data into chat rooms. Chat room
managers and creators can search a list of allowed add-ins for the ones that are most relevant to their
respective rooms.
You can create a new add-in by using Skype for Business Server Control Panel. The Persistent Chat page
in Skype for Business Server Control Panel contains an Add-in section. When you specify a URL for an
add-in, the layout of the chat room modifies to include a conversation extensibility pane. The add-in’s
active content displays in this pane. To make an add-in available for chat rooms, chat room administrators
must register the add-in. After a chat room manager associates a registered add-in with a room, the
members will be able to see the upgraded content. Registered add-ins are reusable by more than one
chat room.
Create an add-in for the Persistent Chat window

http://aka.ms/t7ss4j
You can configure add-ins in Skype for Business Server Control Panel and Windows PowerShell. The
following are the high-level tasks that you must perform to use an add-in with Persistent Chat:
1. Identify an add-in or optionally develop one by using the Microsoft Lync Server 2013 Persistent
Chat SDK.
2. Create a new add-in object by using the New-CsPersistentChatAddin cmdlet.

3. Associate the add-in with a Persistent Chat room by using the Set-CsPersistentChatRoom cmdlet.
4. Test functionality from the Skype for Business client.
The Persistent Chat Server Deployment Process

You use the Topology Builder tool to add and
publish a new Persistent Chat Server pool.
However, before you start this task, you must have
the following information:
 A decision on a single-server pool versus a

multiple-server pool.
 The Persistent Chat Server pool fully qualified

domain name (FQDN). If collocating on a
Standard Edition server, this will be the same
as the FQDN of the server.
 The FQDN of each server in a multiple-server
pool.
 The display name for the pool.

 The Persistent Chat port. The default is 5041.
 Select or clear the Compliance check box for on or off.
 The name of a backup SQL Server for disaster recovery (optional).
 If this pool will be the default for the site in which it is created.
 The SQL Server name and instance name for the Persistent Chat store.
 A decision to use mirroring, always-on, or clustering on the SQL Server.
 If you plan to use a dedicated file store or an existing file store.
 The next hop pool (Front End Server).
Note: You can enable the Compliance service by using the Topology Builder tool. After
it is enabled, it can be configured only by using Windows PowerShell. You must run the
Set-CsPersistentChatComplianceConfiguration cmdlet to configure an adapter type.
The internal XML adapter is:
Microsoft.Rtc.Internal.Chat.Server.Compliance.XmlAdapter,compliance
You can also specify third-party adapters.
Note: Troubleshooting tip: If you receive an error when you publish the topology, make
sure that the Administrator account that you are using is not only a local administrator, but also a
member of the RTCUniversalServerAdmins security group. The account also needs Full Control
permissions on the file store that is defined for the Persistent Chat Server pool.
On the server or servers to which you want to deploy Persistent Chat Server, verify that:
 The machine is a domain member.
 In Domain Name System (DNS), a record exists for server and pool FQDNs.
 The operating system meets the minimum requirements (a 64-bit version of

Windows Server 2012 R2).
 The server has the prerequisite software installed. Get-WindowsFeature will display the installed
features.
 SQL Server is at least SQL Server 2008 R2.

 Compliance is or is not a requirement for the organization.
The Skype for Business Server Deployment Wizard is the tool that you use to deploy Persistent Chat
Server. The deployment wizard will walk you through the process of setting up a new server. When the
wizard completes, the following deployment tasks will be completed:
 A local management store installs (SQL Server Express).
 Persistent Chat installs.
 Certificates are obtained and assigned.
 Persistent Chat services start running.
You can use Active Directory Users and Computers (Dsa.msc) to create a Persistent Chat administrator.
After you select or create an administrative account, add the account to the
CsPersistentChatAdministrator security group. Make sure that you sign in and sign out by using the
administrator account to update the administrator’s permissions before you perform administrative tasks
for Persistent Chat Server.
You can use Skype for Business Server Control Panel to verify a Persistent Chat Server installation. To do
this, open Skype for Business Server Control Panel, and then browse to the Topology tab.
Demonstration: Deploying a Single-Server Topology

The most time-consuming part of a Persistent Chat deployment will probably be planning. The tools that
you use for deploying Persistent Chat are the same as the ones that you used for your Front End Server
deployments. In this demonstration, you will see how to extend the current topology to support Persistent
Chat Server. You will also see the process for installing the first Persistent Chat Server by using the
deployment wizard.
Demonstration Steps
1. Open Topology Builder on the Front End Server.
2. Select Download Topology from existing deployment, and then click OK.
3. In the dialog box, type Persistent Chat for the file name, and then click Save.
4. Expand the Skype for Business Server and Skype for Business Server 2015 containers.
5. Right-click the Persistent Chat pools container, and then select New Persistent Chat Pool.
6. In the Pool FQDN text box, type pchatpool.adatum.com, verify that This pool has multiple
servers is selected, and then click Next.
7. Enter the computer FQDN of the first server in the pool, click Add, and then click Next.
8. Enter the display name of the Persistent Chat pool, select Enable compliance, and then click Next.
9. Select an existing SQL Server FQDN.
10. Verify that LON-SQL1.adatum.com\default is selected.
11. Verify that new SQL Server is selected as the SQL Server store, and then click Next.
12. On the Define the compliance SQL Server store page, select new SQL Server as the Compliance
SQL Server store, and then click Next.
13. On the Define the file store page, select Define a new file store, and then enter the FQDN of the
file server.
14. In the File share text box, type PChatShare, and then click Next.
15. On the Front End Server, verify that Topology Builder is still open from the previous task. Click the
Actions menu, select Topology, click Publish, and then click Next.
16. On the Select databases page, verify that the new SQL Server is selected in the Choose the
databases you would like to create when you publish your topology list, and then click Next.
17. On the Publishing wizard complete page, click Click here to open to-do list in the Next Steps
section.
18. Confirm that all the steps are successful.
19. After reviewing the NextSteps.txt file, close Notepad, and then click Finish.
20. Close the Topology Builder window.

Question
At what point are the Persistent Chat stores created on the Back End Server?
They are created when you add a new SQL Server for the Persistent Chat Server pool in
Topology Builder, but before you publish the topology.
They are created when you add a new SQL Server for the Persistent Chat Server pool in
Topology Builder while you are publishing the topology.
They are created after publishing a new SQL Server for the Persistent Chat Server pool in
Topology Builder by using the Windows PowerShell command-line interface.
Question: Scenario: You work for a small business that has decided to deploy Skype for Business.
You identified an organizational requirement for Sales department executives to keep a running
conversation about sales. You want to enhance the executives’ experience by adding the portal
for the customer relationship management (CRM) app to their chat room. What steps must you
perform?
Lab A: Designing and Deploying Persistent Chat Server

Scenario
A. Datum Corporation has a large and highly distributed sales force. Although Skype for Business provides
them with excellent real-time communications, a number of Sales team representatives have missed
critical communications from management. After some analysis, it was determined that Persistent Chat
rooms will allow all Sales team members to keep up to date with critical communications and respond to
communications that they did not receive in real time.
The Persistent Chat Server solution must adhere to the organization’s policy on preserving electronic
communication. The information must be discoverable by the Human Resources department and legal
counsel. As the Skype for Business Server administrator, your task is to define a topology for Persistent
Chat and to deploy a new Persistent Chat Server to meet all of the organizational requirements.
Additionally, your IT department director also requested that you create a monitoring add-in for
Persistent Chat so that the IT team can support the Skype for Business solution at A. Datum.
Objectives
 Configure the topology for Persistent Chat Server.

 Install and configure Persistent Chat Server.
 Register a new add-in.
Lab Setup

20334B-LON-SVR1, 20334B-LON-SQL1, 20334B-LON-CL1, 20334B-LON-CL2
Password: Pa$$word
o Domain: Adatum
5. Repeat steps 2 through 4 for the following machines. Please start them in the specified order to
prevent service time-out errors:
a. 20334B-LON-SQL1
b. 20334B-LON-SFB1
c. 20334B-LON-SFB2
d. 20334B-LON-SVR1
e. 20334B-LON-RTR
6. Start 20334B-LON-CL1 and 20334B-LON-CL2. Do not sign in until directed to do so.
7. In Hyper-V Manager, right-click 20334B-LON-SVR1, and then click Settings.
8. In the Hardware list, click DVD Drive, click Image File, click Browse, and then browse to
C:\Program Files\Microsoft Learning\20334\Drives\.
9. Select SfB-E-9319.0-enUS.ISO, click Open, and then click OK.
Exercise 1: Configuring the Topology for Persistent Chat Server

Scenario
The Persistent Chat Server will initially be deployed as the first server in a multiple-server topology on a
dedicated server. The majority of users that are enabled for Persistent Chat will be physically located in
London. To minimize wide area network connections, Persistent Chat Servers should be deployed at the
A. Datum headquarters in London. The Persistent Chat store and Persistent Chat compliance store will be
collocated on the same SQL Server back end. You must configure the topology to support this.
1. Create a Persistent Chat share.
2. Configure the topology.
 Task 1: Create a Persistent Chat share

1. On LON-SQL1, create a new share called PChatShare on drive C.
2. Share PChatShare with the Everyone group with Read permissions.
3. Verify that Administrator has Read/Write permissions and that Everyone has Read permissions.
4. On LON-DC1, open Active Directory Users and Computers.
5. Add Administrator to the RTCUniversalServerAdmins security group.
 Task 2: Configure the topology

1. On LON-SFB1, open Skype for Business Server Topology Builder.
2. Download the topology from the existing deployment, and then save the configuration file as
Persistent Chat.tbxml.
3. Expand the Skype for Business Server container, expand the Adatum Headquarters container,
expand the Skype for Business Server 2015 container, right-click the Persistent Chat pools
container, and then select New Persistent Chat Pool.
4. Use the following information to configure the pool:
o Pool FQDN: pchatpool.adatum.com
o This pool has multiple servers: Verify that the option is selected
o Computer FQDN: lon-svr1.adatum.com
o Display name of the Persistent Chat pool: Adatum Headquarters Persistent Chat Pool
o Persistent Chat port: 5041
o Enable compliance: Select this option
o Use this pool as default for site Adatum Headquarters: Select this option
5. On the Define the SQL Server store page, select LON-SQL1.adatum.com\Default, and click Next.
6. On the Define the compliance SQL Server store page, select lon-sql1.adatum.com\Default as the
Compliance SQL Server store, and then click Next.
7. On the Define the file store page, select Define a new file store, and then type
LON-SQL1.adatum.com.
8. In the File share text box, type PChatShare, click Next, and then click Finish.

1. On LON-SFB1, verify that Topology Builder is still open from the previous task, on the Action menu,
click Topology, click Publish, and then click Next.
2. On the Select databases page, verify that lon-sql1.adatum.com\Default is selected in the Choose
the databases you would like to create when you publish your topology list, and then click Next.
section, and then click Finish.
Results: After completing this exercise, A. Datum should have the Persistent Chat Server and Persistent
Chat Compliance service topology published in the Central Management store, which will support the
organizational requirements. The IT department should also have a registered add-in that IT members
can use when they create their own chat rooms.
Exercise 2: Installing Persistent Chat Server

Scenario
The Persistent Chat Server topology for A. Datum is now published. The A. Datum server build team has
prepared a new server for Persistent Chat Server; however, Persistent Chat is not installed yet. As the
Skype for Business Server administrator, your task is to install the first Persistent Chat Server.
1. Verify the prerequisites.
2. Run the deployment wizard on LON-SVR1.
3. Obtain the certificates.

4. Verify Persistent Chat installation.
 Task 1: Verify the prerequisites

1. On LON-SFB1, use Nslookup to test the following records, and then document the results:
o lon-svr1.adatum.com
o pchatpool.adatum.com
2. On LON-DC1, add a New Host (A or AAAA) record for Pchatpool.adatum.com at 172.16.0.22.
3. On LON-SFB1, verify that pchatpool.adatum now resolves to 172.16.0.22.
4. On LON-SVR1, click the Windows PowerShell icon on the taskbar, and then run the following
cmdlet:
Get-WindowsFeature | Where-Object InstallState –eq Installed
5. Confirm that the following software is installed:
o Windows PowerShell
o .NET Framework 4.5
o Windows Identity Foundation 3.5

o RSAT
o Web Server (IIS)
o Media Foundation
o .NET Framework 3.5 (includes .NET 2.0 and 3.0)
6. Confirm that Silverlight is installed.
7. Close Windows PowerShell.
 Task 2: Run the deployment wizard on LON-SVR1

1. On LON-SVR1, right-click the DVD drive, and then click Install or run program from your media.
2. In the Skype for Business Server installation window that appears, select Don’t check for updates
right now, and then click Install.
4. In the Skype for Business Server 2015 Deployment Wizard, click Install or Update
Skype for Business Server System.
5. On the Install or update member system page, perform Step 1: Install Local Configuration Store.
6. On the Install or update member system page, perform Step 2: Setup or Remove
Skype for Business Server Components.
 Task 3: Obtain the certificates

1. On LON-SVR1, perform Step 3: Request, Install or Assign Certificates on the Install or update
member system page.
2. On the Certificate Wizard page, select Default certificate Server default, and then click Request.
3. Verify that LON-DC1.Adatum.com\AdatumCA is selected as the certification authority (CA).
4. Leave the automatically generated friendly name.
5. In the Organization text box, type A. Datum.

6. In the Organizational unit text box, type IT.
7. Select United Kingdom as the Country/Region.
8. In the State/Province text box, type England.
10. Review the Certificate Request Summary page, and then click Next.
11. On the Online Certificate Request page, verify that the Task Status is Completed, and then click
Next. If the task fails, click View Log, and then notify your instructor.
12. On the Online Certificate Request Status page, verify that Assign the certificate to
Skype for Business Server certificate usages is selected, and then click Finish.
13. In the Certificate Assignment Wizard that appears, click Next.
14. Confirm that the Subject Name (SN) is pchatpool.adatum.com, and then click Next.
15. Verify that the Task Status is Completed, click Finish, and then click Close.
16. Click Exit in the Skype for Business Server 2015 Deployment Wizard.
 Task 4: Verify Persistent Chat installation

1. On LON-SVR1, use the Start-CsWindowsService cmdlet to make sure all services are running after
the installation.
2. On LON-SFB1, open Skype for Business Server Control Panel.
3. Click Topology, and then select Status. When prompted for credentials, type Administrator in the
Username text box and Pa$$w0rd in the Password text box.
4. Confirm that lon-svr1.adatum.com has successfully replicated and that the service status is healthy,
as indicated by the green play symbol.
Results: After completing this exercise, you should have deployed Persistent Chat Server and the
Persistent Chat Compliance service on LON-SVR1.
Exercise 3: Registering a New Add-In

Scenario
The IT director at A. Datum sees the Persistent Chat deployment as a positive step for the entire
organization. Beyond solving the challenges of the Sales department, the IT director would like to
encourage the company to start using add-ins. Your task is to implement an add-in for the IT department
that will not only benefit the Skype for Business support team, but will also serve as a showcase for other
departments.
1. Confirm the add-in URL.
2. Register the monitoring add-in.
3. Prepare for the next lab.

 Task 1: Confirm the add-in URL

1. On LON-SVR1, click Start on the taskbar, and then click Internet Explorer.
2. Type http://lon-svr1.adatum.com/add-in.png in the address bar, and then press Enter.
3. Verify that the add-in URL is working. You should see an A. Datum Skype for Business Reports
webpage.
4. Close Internet Explorer.
 Task 2: Register the monitoring add-in

1. On LON-SFB1, open Skype for Business Server Control Panel if it is not already open, click Persistent
Chat, click Add-in, click New, select PersistentChatServer:pchatpool.adatum.com, and then click
OK.
2. In the Name text box, type IT Reports.
3. For the URL, type http://lon-svr1.adatum.com/add-in.png, and then click Commit.

When you finish this lab, do not revert all the virtual machines. This lab is a prerequisite for the next lab in
this module.
Results: After completing this exercise, you should have created an add-in that will be available as a
resource for Persistent Chat room creators and managers in the IT department at A. Datum.
Question: Verify the correctness of the statement by placing a mark in the column to the right.
Statement Answer
Persistent Chat Server can collocate on a stand-alone

Enterprise Edition Skype for Business Server.
Question: A. Datum acquires another company that has 30,000 users. You need to extend the
Persistent Chat infrastructure to support all of the new users. What is the fastest way to
accomplish this based on the current infrastructure?
Lesson 3
Configuring and Managing Persistent Chat
Persistent Chat facilitates an organization’s ability to manage its chat rooms with minimal effort. This
lesson will explain the administrative features and tools that you can use to manage Persistent Chat.
Specifically, you will learn how to create a Persistent Chat policy, configure categories, and create and
manage chat rooms.
Lesson Objectives
 Explain how to create and apply Persistent Chat policies.
 Explain how to configure Persistent Chat categories.
 Explain how to configure Persistent Chat configuration policies.
 Explain how to create chat rooms.

 Explain how to manage chat rooms.
 Explain how to configure the Compliance service for Persistent Chat Server.
Managing Persistent Chat Policies

For users to start using Persistent Chat, after you
deploy the Persistent Chat Servers, you need to
grant some or all users permissions to use
Persistent Chat. By default, Persistent Chat is
disabled for all users in the Global Persistent Chat
policy. However, you might want to enable
Persistent Chat for some or all users. To enable
Persistent Chat for specific users, you can use
scopes. You can use four different scopes to apply
a Persistent Chat policy based on your needs:
 Global. All users in an organization can access

Persistent Chat.
 Site. All users in a site can access Persistent Chat.
 Pool. All users in a pool can access Persistent Chat.
 User. One or more individual users can access Persistent Chat.
You can use Skype for Business Server Control Panel or Windows PowerShell to create new Persistent Chat
policies. The following are some examples for each of the four scopes:
Global
To configure a global policy, run the following command in Windows PowerShell:
Set-CsPersistentChatPolicy -Identity "global" -EnablePersistentChat $True

Site
To create a site policy, run the following command in Windows PowerShell:
New-CsPersistentChatPolicy -Identity "site:HQ" -EnablePersistentChat $True
Pool
To create a pool policy, perform the following steps in Skype for Business Server Control Panel:
1. Click Persistent Chat.
2. Click Persistent Chat Policy.
3. Click New, and then click Pool Policy.
4. Select a front-end pool from the Service list, and then click OK.
5. Enter a description (optional).
6. Select Enable Persistent Chat.
7. Click Commit.
User
To create a user policy, run the following command in Windows PowerShell:
New-CsPersistentChatPolicy -Identity ITPolicy -EnablePersistentChat $True
Granting a policy is automatic for all the scopes except the user policy. The following is an example of
how you can grant a user policy:
Grant-CsPersistentChatPolicy -Identity "Amr Zaki" -PolicyName "ITPolicy"
After a policy successfully applies to users, the Persistent Chat icon appears as a new tab in their
Skype for Business client. Users might have to sign out of the client and sign back in so that the in-band
policy takes effect.
Configuring Persistent Chat Categories

After you deploy Persistent Chat, you can create
the first category. You must create at least one
category before you can create chat rooms.
Before you start creating a category, you should
have:
 The name and description of the category.
 Your requirements for enabling invitations.
 Your requirements for enabling file uploads.
 Your requirements for enabling chat history.

Note that chat history is enabled by default
because this is what allows a chat room’s
persistent nature.
 A list of allowed members. Supported member options are:
o Organizational units (OUs)
o Distribution groups
o Domains
o Individuals
 A list of denied members. Member options are the same as the Allowed members list.
 A list of creators. We recommend making the creators list the same as the Allowed members list,
unless centralizing (limiting) room creation is an organizational requirement.
You can create and manage categories from Skype for Business Server Control Panel and Windows
PowerShell. The following example will create a new category for HR department users with all features
enabled:
New-CsPersistentChatCategory -Name "HR Department" -PersistentChatPoolFqdn

"pchpool.adatum.com" -EnableFileUpload -EnableInvitations
Configuring Persistent Chat Configuration Policies

You can use a Persistent Chat configuration policy
to limit the amount of time to retain a chat history
in the back-end database—the default value is 30
days. You can also configure a maximum file size
that can be uploaded—the default value is 20
megabytes (MB). Further, you can limit roster list
updates for each active participant in a room—the
default value is 75; if this number is exceeded,
some users will not receive roster updates.
You can optionally add a room management URL
that will point users to a custom workflow for
creating a new chat room. The three scopes for
these configurations are global, site, and pool. You can manage Persistent Chat configurations from
Skype for Business Server Control Panel and Windows PowerShell. You can use the following cmdlets to
manage a Persistent Chat configuration:
 New-CsPersistentChatConfiguration
 Set-CsPersistentChatConfiguration
Creating Chat Rooms

Microsoft created a web service on the Front End
Server that allows creators to add new chat rooms.
From the Skype for Business client, you can access
the website for creating and managing Persistent
Chat rooms. Before you can perform this task, you
must confirm if you have creator rights. After you
confirm, you can perform the following steps to
create a new chat room:
1. In the Skype for Business client, click the Chat

Rooms icon, click the Add a room button
(the plus sign), and then select Create a Chat
Room.
2. If prompted, specify your domain\user name and password.
3. In the My Rooms window, click Create A New Room.
4. Complete the form by providing the following information, and then click Create:
a. A meaningful room name.
b. A meaningful description.
c. A privacy option: Open, Closed (default), or Secret.
d. Select an add-in (optional).
e. Define one or more managers. The creator will be the default manager.
f. Define one or more members. The creator will be the default member.
g. Select an invitation option: Inherit invitation setting from category (True) or No invitation
sent to members.
5. Repeat steps 1 through 4 to create additional rooms.

6. When done, click Sign out, and then close the web browser.
You can also create Persistent Chat rooms from Windows PowerShell by using the following cmdlet:
 New-CsPersistentChatRoom
If you want to create an auditorium chat room, you must use Windows PowerShell. This is because the
auditorium type is not available as an option on the Create a room page. The following is an example
to create an auditorium. Note that the –Managers and –Presenters parameters are not part of the New-
CsPersistentChatRoom cmdlet, so they have to be added by using the Set cmdlet:
New-CsPersistentChatRoom -Name “Virtual Podium” -Description “Room used for organizational

communications from management” –Category “All Adatum Category” -Invitations False -
PersistentChatPoolFqdn pchatpool.adatum.com -Privacy Open -Type Auditorium
Set-CsPersistentChatRoom –Identity “pchatpool.adatum.com\Virtual Podium” –Managers
@{Add=”sip:amr@adatum.com”} -Presenters @{Add= “OU=Managers,DC=Adatum,DC=com”
Managing Chat Rooms

Periodically, you might have to modify chat rooms
after their creation. If you are not a chat room’s
creator, you need to be a chat room member or
manager to participate in or manage the room.
This topic provides details on how you can
manage chat rooms by using Windows
PowerShell. The following table shows the
difference in permissions between managers
and administrators.
Permissions Managers Administrators
Create chat rooms X X
Name/rename rooms X X
Edit descriptions X X
Change privacy settings X X
Change members of chat rooms X X
Configure invitations X X
Change managers of a chat room X X
Configure add-ins for a chat room X X
Assign a category to a chat room X X
Disable a chat room X X
Enable a disabled chat room X
Delete a chat room X
Restore deleted chat rooms X
Delete a message from a chat room X
Clear history from a chat room X

As mentioned earlier, you can create new rooms from Windows PowerShell by using the New-
CsPersistentChatRoom cmdlet. However, it is not possible to add a manager, members, or presenters by
using this cmdlet. To perform these tasks, you must use the Set-CsPersistentChatRoom cmdlet as shown
in this example:
Set-CsPersistentChatRoom -Identity “SalesRoom” -Members @{Add="sip:aaren@adatum.com"}
You can also add OUs, distribution groups, and entire domains.
Note: The account that is used to manage Persistent Chat from Windows PowerShell must
also be a member of RtcUniversalServerGroup.
You can also use the Set-CsPersistentChatRoom cmdlet to disable or enable a chat room and to modify
the following additional settings:
 Add-ins
 Invitations
 Privacy
 Type (normal or auditorium)

To disable a chat room, you must add the –Disabled parameter as shown in the following example:
Set-CsPersistentChatRoom -Identity "pchpool.adatum.com\SalesRoom" -Disabled $True
If you want to display information on one or more chat rooms, you can use the Get-
CsPersistentChatRoom cmdlet.
In addition to chat room managers, Persistent Chat administrators can also manage rooms. These
administrators are the only ones who can perform advanced administrative tasks, such as clearing the
content from a chat room. Persistent Chat administrators can clear content in two ways. They can clear all
the content from a room, or they can clear individual messages from a room.
To clear all content from a chat room, administrators can use the Clear-CsPersistentChatRoom cmdlet
as shown in the following example:
Clear-CsPersistentChatRoom -Identity "pchpool.adatum.com\SalesRoom"
To clear messages from a particular user in a chat room, administrators can use the Remove-
CsPersistentChatMessage cmdlet as shown in the following example:
Remove-CsPersistentChatMessage -Identity "pchpool.adatum.com\SalesRoom" -UserUri

"sip:eric@adatum.com"
You can add the –ReplaceMessage parameter to remove messages with specific text, such as offensive
words or confidential information.
Administrators can also remove rooms from Persistent Chat Server by using the command as shown in the
following example:
Remove-CsPersistentChatRoom -Identity "pchpool.adatum.com\SalesRoom"

Configuring the Compliance Service

The process of enabling Persistent Chat
compliance for an organization does not involve
many steps. However, to send compliance
information to the Persistent Chat store, it is
necessary to define an XML adapter by using the
Set-CsPersistentChatComplianceConfiguration
cmdlet as shown in the following example:
Set-CsPersistentChatComplianceConfiguration
–Identity “global” -AdapterName
"XmlCompliance" -AdapterOutputDirectory
“C:\ComplianceOutput\” -AdapterType
“Microsoft.Rtc.Internal.Chat.Server.Complia
nce.XmlAdapter,compliance” -
AddChatRoomDetails $true -AddUserDetails $true –Confirm -CreateFileAttachmentsManifest
$true -OneChatRoomPerOutputFile $false
Best Practice: If you have multiple configured categories, it is a best practice to use a site
scope (for example, site:London) rather than a global scope to re-enforce compliance settings.
After you define the XML adapter, you can use the default output from the XML adapter, or you
can customize the output. If you already created custom XML adapters, you also can use those.
Microsoft includes some sample XML input and output and Extensible Stylesheet Language
Transformation (XSLT) files on the drive on which Persistent Chat is installed (System:
\Program Files\Skype for Business Server 2015\Persistent Chat Server\Support). For more
information on customizing files, refer to the following website.
Configure the Compliance service for Persistent Chat Server in Skype for Business Server
2015
http://aka.ms/v0tzoz
Question: Troubleshooting scenario: You have deployed Persistent Chat, but your users are
having problems when they try to view previous conversations in a room. All of the real-time
communications are working fine. What could be causing the problem?

Question
You need to create a new chat room called Research Project X for the Research department. The
room must not be visible to anyone but the members of the chat room. Which command will
you use to accomplish this?
New-CsPersistentChatRoom -Name "Research Project X" -PersistentChatPoolFqdn

"pchatpool.adatum.com"-Category "Research"

"pchatpool.adatum.com"-Category "All Users" -Privacy Closed

"pchatpool.adatum.com"-Category "Research" -Privacy Closed

"pchatpool.adatum.com"-Category "All Users" -Privacy Secret
Lab B: Configuring and Using Persistent Chat

Scenario
A. Datum wants to create an ethical wall between the Sales team and the rest of the organization. A.
Datum also requires that information and activities that occur in the chat rooms are tracked and stored in
a separate database. A. Datum has deployed Persistent Chat Server to meet its corporate and legal
requirements. You will need to implement the appropriate categories, assign user roles, create chat rooms
for the Sales team, and test this solution to make sure that organizational requirements are met.
Objectives
 Configure chat rooms and policies.
 Verify that the Persistent Chat infrastructure is functioning properly.
 Troubleshoot Persistent Chat rooms.
Lab Setup

20334B-LON-SVR1, 20334B-LON-SQL1, 20334B-LON-CL1, 20334B-LON-CL2
Password: Pa$$word
You must have completed Lab A prior to performing this lab.
Exercise 1: Configuring Chat Rooms and Policies

Scenario
A. Datum wants to allow the Sales department to start using Persistent Chat. As the Persistent Chat
administrator, your task is to implement the ethical wall that will separate Sales department
communications from the rest of the organization. You also need to ensure that all other users can use
Persistent Chat in a way that is compliant with the organization’s policies.
1. Enable Persistent Chat for users.
2. Create Persistent Chat categories.
3. Create and configure chat rooms.
4. Manage roles for Persistent Chat.
5. Configure the Compliance service.
 Task 1: Enable Persistent Chat for users

1. On LON-SFB1, open Skype for Business Server Control Panel if it is not already open, and then click
Users.
2. On the USER SEARCH page, change the Maximum users to display value to 400, leave the search
box blank, and then click Find. Confirm how many users are currently enabled for Skype for Business.
Note: Only Amr Zaki and Ed Meadows should be currently enabled.
3. On the USER SEARCH page, click Enable users.
4. On the New Skype for Business Server User page, click Add.
5. On the Select from Active Directory page, change the Maximum users to display value to 400.
Leave the search box blank, and then click Find.
6. In the search results, click Aaren Ekelund, and then press Ctrl+A to select all the users in the list, and
then click OK.
7. In the Assign users to a pool section, select pool.adatum.com from the drop-down list.
8. In the Generate user’s SIP URI section, select Use the user principal name (UPN). Leave the
default values for all other settings, and then click Enable.
Note: The Administrator, Discovery Search Mailbox, Guest, and krbtgt user accounts and
system mailboxes for Exchange Server are expected to fail. You can disregard these errors and
continue with lab.
9. On the New Skype for Business Server User page, click Cancel to return to the USER SEARCH
page.
10. On the USER SEARCH page, leave the search box blank, and then click Find.
11. Confirm that all users in the organization are now enabled for Skype for Business (385 users in the
search results).
12. On the left navigation bar, click Persistent Chat.
13. On the top navigation bar, click Persistent Chat Policy, click New, and then select User policy.
14. On the New Persistent Chat Policy page, in the Name text box, type Adatum Persistent Chat User
Policy.
15. In the Description text box, type Enables Persistent Chat for Individual Users in Adatum, select
Enable Persistent Chat, and then click Commit.
16. On the taskbar, click Skype for Business Server Management Shell.
17. In the Skype for Business Server Management Shell, grant the Adatum Persistent Chat user policy to
the Sales, IT, and Research departments by using the following cmdlets:
Get-CsUser –OU “ou=sales,dc=adatum,dc=com” | Grant-CsPersistentChatPolicy –PolicyName

“Adatum Persistent Chat User Policy”
Get-CsUser –OU “ou=it,dc=adatum,dc=com” | Grant-CsPersistentChatPolicy –PolicyName
Get-CsUser –OU “ou=research,dc=adatum,dc=com” | Grant-CsPersistentChatPolicy –
PolicyName “Adatum Persistent Chat User Policy”
 Task 2: Create Persistent Chat categories

1. On LON-SFB1, open Skype for Business Server Control Panel if it is not already open.
2. In the left navigation pane, click Persistent Chat, click Category, click New, select
PersistentChatServer:pchatpool.adatum.com from the list, and then click OK.
3. On the New Category page, in the Name text box, type Adatum Sales Category.
4. In the Description text box, type Dedicated Category for the Adatum Sales team, and then enable
the following features:
o Enable invitations
o Enable file upload
o Enable chat history

5. On the New Category page, configure the Allowed Members option to include Sales:
Organizational Unit.
6. On the New Category page, configure the Creators option to include Sales: Organizational Unit,
and then click OK.
Note: It is not necessary to populate the Denied members section in this scenario.
However, if you need to deny access to a user in the Sales OU, you could add the user’s name to
the Denied members list.
7. On the New Category page, click Commit, click New, select

PersistentChatServer:pchatpool.adatum.com from the list, and then click OK.
8. On the New Category page, in the Name text box, type All Adatum Category.
9. In the Description text box, type Category for all Adatum departments except Sales.
10. On the New Category page, leave the Enable invitations option cleared. Select Enable file upload,
and then verify that Enable chat history is selected.
11. On the Select Allowed Members page, configure the Allowed Members option to include
Adatum: Domain DNS.
12. On the Select Denied Members page, configure the Denied members option to include Sales:
Organizational Unit.
13. On the Select Creators page, configure the Creators option to include Adatum: Domain DNS.
14. On the New Category page, click Commit.
 Task 3: Create and configure chat rooms

1. On the host machine, browse to C:\Program Files\Microsoft Learning\20334\Drives\, and then
double-click LON-CL1.RDP. Click Connect, and then accept all other notifications.
o User name: Adatum\Vivian
o Domain: Adatum
Note: If the Remote Desktop Connection Wizard appears, click Yes.
3. Click Start, click All apps, and then select Skype for Business 2016.
4. In the First things first dialog box, select Ask me later, and then click Accept. If the Microsoft Office
Activation Wizard appears, click Close.
5. Confirm that Vivian Atlas from the Sales department automatically signs in.
Note: Pin Skype for Business to your taskbar for easy access.
6. In the Skype for Business client, click the Chat Rooms icon, click Add a room (the plus sign), and
then select Create a Chat Room.
7. On the Manage Persistent Chat Rooms page, type vivian@adatum.com as the user name and
Pa$$w0rd as the password, and then click Sign In.
8. On the My Rooms page, click Create A New Room.
9. Complete the Create a room page by using the information in the following table, and then click
Create.
Room Name Sales Team Chat Room
Description Chat room for all Sales team members
Privacy Open
Add-in Not applicable
Category Adatum Sales
Managers Vivian Atlas; Eric Swift
Members Not applicable
Invitations Inherit invitation settings from category (true)
10. On the My Rooms page, click Create A New Room. Use the following information to create the
room, and then click Create.
Room Name Sales Management Communications
Description Sales executives use this chat room to communicate

critical information to Sales managers
Privacy Secret
Managers Vivian Atlas
Members Vivian Atlas
Invitations No invitation sent to members
11. On the My Rooms page, confirm that there are two new rooms, click Sign Out, and then close the
web browser.
Note: Now that you have created some chat rooms for the Sales team, you need to create
some rooms for the other departments so that you can verify that the organization’s
requirements are met.
12. On the host machine, browse to C:\Program Files\Microsoft Learning\20334\, and then double-
click LON-CL2.RDP. Click Connect, and then accept all other notifications.
o User name: Adatum\Amr
o Domain: Adatum
14. Confirm that Amr Zaki from the IT department automatically signs in. If the Microsoft Office
15. In the Skype for Business client, select the Chat Rooms icon, click the Add a room button (the plus
sign), and then select Create a Chat Room.
16. On the Manage Persistent Chat Rooms page, type amr@adatum.com as the user name and

Create.
Room Name Skype for Business Administration Chat Room
Description Chat room for Skype for Business administrators

in the IT department
Privacy Closed
Add-in IT Reports
Managers Amr Zaki
Members Amr Zaki
Invitations Inherit invitation settings from category (True)
19. On the My Rooms page, click Sign Out.
20. Next to the Your session has expired. Please sign in again message, click Sign-in.
21. Sign in to the Manage Persistent Chat Rooms page as Maxim Goldin from the Research
department by typing maxim@adatum.com as the user name, Pa$$w0rd as the password,
and then click Sign In.
22. On the Create a room page, create an additional room by using the information in the following
table, and then click Create.
Room Name Research Department Chat Room
Description Chat room for all users in the Research

department
Privacy Secret
Managers Maxim Goldin
Members Maxim Goldin
23. On the My Rooms page, click Sign Out, and then close the web browser.
24. Sign out of LON-CL1 and LON-CL2.
 Task 4: Manage roles for Persistent Chat
Note: Although it is possible to add individual users to the members list for each of the
chat rooms, you might be able to take advantage of an existing scope that is already managed
elsewhere, such as an OU or a distribution group.
1. On LON-DC1, create new distribution groups:
o AllITDG, Universal Distribution in the IT OU
o AllSalesDG, Universal Distribution in the Sales OU
o SalesExecutivesDG, Universal Distribution in the Sales OU
o SalesManagersDG, Universal Distribution in the Sales OU
3. In the Skype for Business Server Management Shell, run the following cmdlets to populate the
members of the distribution groups:
$SalesUsers = Get-AdUser –Filter * -SearchBase “ou=sales,dc=adatum,dc=com”

Add-ADGroupMember –Identity “AllSalesDG” –Members $SalesUsers
$ITUsers = Get-AdUser –Filter * -SearchBase “ou=it,dc=adatum,dc=com”
Add-ADGroupMember –Identity “AllITDG” –Members $ITUsers
4. In the Skype for Business Server Management Shell, run the following cmdlets to manage the chat
room user roles:
a. To get a list of current chat rooms, run the following command:
Get-CsPersistentChatRoom | Format-List name,identity
b. To change the Sales Team Chat Room privacy setting to Closed from Open and to configure
members of the AllSalesDG group to be the only members of the Sales Team Chat Room, run the
following command:
Set-CsPersistentChatRoom –Identity “pchatpool.adatum.com\Sales Team Chat Room” –

Privacy Closed –Members @{Add=”CN=AllSalesDG,OU=Sales,DC=Adatum,DC=com”}
c. To configure members of the AllITDG group to be members of the Skype for Business
Administration Chat Room, run the following command:
Set-CsPersistentChatRoom –Identity “pchatpool.adatum.com\Skype for Business

Administration Chat Room” –Members @{Add=”CN=AllITDG,OU=IT,DC=Adatum,DC=com”}
d. To convert the Sales Management Communications chat room to an auditorium, and to

configure Sales executives to be presenters and regional Sales managers to be members, run the
following commands:
Set-CsPersistentChatRoom –Identity “pchatpool.adatum.com\Sales Management

Communications” –Type Auditorium
Communications”–Presenters @{Add=”sip:aaren@adatum.com”, ”sip:bonnie@adatum.com”}
–Members @{Add=”sip:aaren@adatum.com”, “sip:bonnie@adatum.com”,
”sip:neven@adatum.com”, ”sip:sethu@adatum.com”, ”sip:edmund@adatum.com”,
”sip:willem@adatum.com”}
Note: You must add presenters as members, or you will receive an error.
e. Run a report to verify if the changes have been made successfully:
Get-CsPersistentChatRoom | Format-List name,identity, managers, members,

presenters, type, privacy
 Task 5: Configure the Compliance service
Note: In the previous lab, you installed the Persistent Chat Compliance service and
compliance store. In this task, you will configure the adapter to send compliance information
output from the compliance store on LON-SQL1 to a local directory on LON-SVR1 for eDiscovery
purposes.
1. On LON-SFB1, in the Skype for Business Management Shell, verify the current configuration by
running the following command:
Get-CsPersistentChatComplianceConfiguration
2. Create a new site-level Persistent Chat compliance configuration by running the following command:
New-CsPersistentChatComplianceConfiguration –Identity “site:Adatum Headquarters” -

AdapterName "XmlCompliance" -AdapterOutputDirectory “C:\ComplianceOutput\” -
AdapterType “Microsoft.Rtc.Internal.Chat.Server.Compliance.XmlAdapter,compliance” -
AddChatRoomDetails $true -AddUserDetails $true –Confirm -
CreateFileAttachmentsManifest $true -OneChatRoomPerOutputFile $false
3. Verify that the configuration is successful by running the following command:
Results: After completing this exercise, Sales team members should have access to their chat rooms only.
All users in the organization who are enabled with Persistent Chat should be able to create and use chat
rooms, but they should not be able to use the Sales chat rooms. Persistent Chat compliance also should
be fully functional.
Exercise 2: Validating a Persistent Chat Deployment

Scenario
You have now deployed the Persistent Chat room design. At this stage in the deployment, it is a best
practice to verify with a small test group if the design meets all organizational requirements. If not, you
can revise the design before all users fully adopted it.
1. Confirm that specific users can perform appropriate activities.
2. Confirm that the compliance XML adapter is working.
 Task 1: Confirm that specific users can perform appropriate activities

1. In Hyper-V Manager, right-click 20334B-LON-CL1, and then click Connect.
2. Sign in as eric@adatum.com with the password Pa$$w0rd.
3. Open Skype for Business 2016, and then click the Chat rooms icon. You should have a new invitation
on the New tab.
4. In the Chat rooms view, click the Member Of tab. Notice that you are already defined as a member.
What it does not show is that you are also a manager of this room.
5. On the Member Of tab, right-click Sales Team Chat Room, and then click Follow this room.
6. Click the Followed tab. Notice that there are now two new objects, Ego Feed and Sales Team
Chat Room.
7. On the Followed tab, right-click Sales Team Chat Room, and then click Open.
8. In the Sales Team Chat Room window, type Hello Sales Team!, and then press Enter.
9. Confirm that the message posted, and then close the chat room.

11. On LON-CL2, sign in as jed@adatum.com with the password Pa$$w0rd.
12. Open Skype for Business, and then click the Chat room view icon. You should have a new invitation
on the New tab.
13. Right-click Sales Team Chat Room, and then click Follow this room.
14. Right-click Sales Team Chat Room, and then click Open.
15. Notice that Eric is still listed as a participant even though you closed the chat room on his client.
16. Type Hello Eric, thank you for the invite!, and then press Enter.
17. On LON-CL1, click the Followed tab in the Persistent Chat view of Eric’s client. Notice that there is
one new Ego Feed and two new posts in the Sales Team Chat Room.
18. Right-click Ego Feed, and then click View Topic Feed Results. Notice that Eric is highlighted. This is
because the default Ego Feed will track any time a post mentions your name in any of the chat rooms
that you are following.
19. Close the Ego Feed window.
20. Open the Sales Team Chat Room.
21. Notice that Jed Brown has a green check mark next to his name. This indicates that he is online. If you
point to Jed Brown’s name, you will see the list of all Skype for Business communication modes.
22. Close the Sales Team Chat Room window.
23. In the search box, type Administration. There should be no matches. Type Management. There
should not be any matches because that is a secret chat room.
24. On LON-CL1, sign in as aaren@adatum.com with the password Pa$$w0rd.
25. Open Skype for Business 2016, and then click the Chat room view icon. Notice that all Sales users
received an invitation to the Sales Team Chat Room.
26. In the Find someone or a room search box, type Administration. There should not be any match.
Type Management. As a presenter and a member, you should be able to find the Sales Management
Communications chat room.
27. Right-click the Sales Management Communications chat room, and then click Follow this Room.
28. Click the Followed tab, right-click the Sales Management Communications chat room, and then
click Open.
29. Type Hello Sales Managers! Please follow this chat room so that you will be able to get critical
sale communications for your region.
30. Leave the conversation open, and then switch to LON-CL2.
31. On LON-CL2, sign in as neven@adatum.com with the password Pa$$w0rd.
32. Open Skype for Business 2016, and then click the Chat Rooms icon.
33. In the Find someone or a room search box, type management, right-click Sales Management
Communications, and then click Open.
34. Type Thank you Aaren!, and then press Enter. What happens?
35. Is this what you expected?
36. Switch back to LON-CL1.

37. On LON-CL1, look at the conversation that is still open on Aaren’s client. Notice that even though
Neven was able to type a message, it is only visible on his computer. Only the information that is
posted by presenters is visible to every member of the auditorium chat room.
Note: Now that you have confirmed that Sales team functionality is working, you need to
test that the ethical wall is also working from outside the Sales department.
38. On LON-CL1, sign in as amr@adatum.com with the password Pa$$w0rd.
39. Open Skype for Business 2016, and then click the Chat Rooms icon.
40. In the Find someone or a room search box, type Administration, right-click Skype for Business
Administration Chat Room, and then click Follow this Room.
41. Right-click Skype for Business Administration Chat Room, and then click Open. Notice that the
chat room opens with the add-in.
42. Close the chat room.
43. In the search box, type Management. There should not be any results. Type Sales. There should not
be any results.
 Task 2: Confirm that the compliance XML adapter is working

1. On LON-SVR1, click the File Explorer icon on the taskbar.
2. Expand Local Disk (C:), and then click the ComplianceOutput folder.
3. In the ComplianceOutput folder, verify that a number of XML files and an Attachments folder are in
the ComplianceOutput folder.
4. In the ComplianceOutput folder, look at the Date modified column, and then find the first file that
was created. Right-click the file, point to Open With, and then click Internet Explorer.
5. In Internet Explorer, examine the file content. This file should contain a logged message from
eric@adatum.com in the Sales Team Chat Room.
7. In the ComplianceOutput folder, open some of the other files, and then review the captured
information.
8. Close the Internet Explorer windows when you are done.
Results: After completing this exercise, you should know if the ethical wall for the Sales team is working
or if additional changes are necessary. You will also have experienced Persistent Chat as a manager and as
a member.
Exercise 3: Troubleshooting Persistent Chat

Scenario
A new Sales manager, Carlos Carvallo, was recently hired in New York City for the Northeast sales region.
Carlos cannot even see the Persistent Chat icon in his Skype for Business client, let alone access any of
the chat rooms to which he should be a member. You need to troubleshoot and resolve this Persistent
Chat issue.
1. Confirm what Carlos reports.
2. Analyze the causes of the issue.

3. Correct the problem.
4. Prepare for the next module.
 Task 1: Confirm what Carlos reports

1. On LON-CL1, sign out as the current user (Amr), and then sign in as carlos@adatum.com with the
password Pa$$w0rd.
2. Try to connect to Persistent Chat.
3. Document the results of your test.
 Task 2: Analyze the causes of the issue

 Check each of the following dependencies that a Persistent Chat user has in the A. Datum
environment:
o Is Carlos enabled for Skype for Business?
o Does Carlos have a Persistent Chat policy?
o Is Carlos a member of the Sales distribution group?
o Is Carlos in the Sales OU or a different OU?
 Task 3: Correct the problem

1. Based on your findings, create a remediation plan that will correct any issues that you discovered.
2. Perform the changes in a methodical fashion.
Note: Hint: Think about the process that you went through to enable all the other
A. Datum users.
3. Test the solution.


1. When you finish the lab, revert all the virtual machines to their initial state by performing the
following steps:

o 20334B-LON-CL2
o 20334B-LON-DC1
o 20334B-LON-RTR
o 20334B-LON-SVR1
o 20334B-LON-SFB1
o 20334B-LON-SFB2
o 20334B-LON-SQL1
Results: After completing this exercise, you should have identified the root cause of Carlos’ Persistent
Chat issue and resolved it.
Question: What is the purpose of a category in Skype for Business Server Persistent Chat?

Question
When you create a new chat room, which of the following tools can you use?
The Skype for Business Server Management Shell
The Skype for Business client
Custom workflows

Best Practices
 Even if you only need one Persistent Chat Server in your organization, you should avoid collocating
Persistent Chat with the Standard Edition of Skype for Business Server.
 Use categories to configure as many of the settings as you can for your chat rooms so that you do
not have as much administrate work to do when managing a large number of chat rooms.
 Decide who will be a manager of a chat room before you create the chat room.

Persistent Chat Server setup fails with domain

or DNS errors
Review Question
Question: Invitations are a great way to let people know that they are a member of a chat group.
Why would you want to avoid using invitations?

Organizations that are heavily regulated and geopolitically dispersed are most likely to benefit from
Persistent Chat. Persistent Chat is available only for on-premises deployments of
Skype for Business Server. Skype for Business Online does not offer it.
Tools
The following tools are covered in this module:
The Lync Server 2013 Persistent Chat Resource Kit, which still works with Skype for Business Persistent
Chat, can be found at the following website:
Microsoft Lync Server 2013 Persistent Chat Resource Kit
http://aka.ms/t6al82
This resource kit includes:
 AffCheck, which checks database affiliations with Active Directory Domain Services (AD DS).
 ChatMonitoringSummary, which summarizes data from the monitoring database.
 The ChatStress Tool, which simulates Persistent Chat traffic.
 ChatUpgrade Verifier, which compares Group Chat databases with Persistent Chat databases to verify
post-migration health.
 ChatUsageReport, which provides HTML usage report of users and chat rooms.
 ScheduleADSyncForPrincipal, which forces synchronization between SQL and AD DS.
10-1
Module 10
Implementing High Availability in Skype for Business 2015
Contents:
Lab A: Pre-Lab Configuration 10-2
Lesson 1: Planning for Front End Pool High Availability 10-4
Lesson 2: Planning for Back End Server High Availability 10-17
Lesson 3: High Availability for Other Component Servers 10-23
Lab B: Implementing High Availability 10-31
Module Overview
After your organization deems one or more communication modes of Skype for Business Server 2015 to
be mission-critical, you must deploy a high-availability solution with disaster recovery. As part of that
solution, you must implement procedures to minimize the downtime and recovery time, and achieve the
appropriate level of application availability in the event of a failure. To do this, you should be aware of the
requirements for high availability with Skype for Business Server. You should also be able to plan and
design for load balancing with Skype for Business Server.
Objectives
 Design and implement a high-availability solution for Front End Servers in a Skype for Business Server
environment.
 Design and implement a high-availability solution for Back End Servers in a Skype for Business Server
environment.
 Design and implement a high-availability solution for file stores, Edge Servers, Mediation Servers,
Office Online Server farms, and reverse proxy servers in a Skype for Business Server environment.
10-2 Implementing High Availability in Skype for Business 2015
Lab A: Pre-Lab Configuration

Scenario
The current set of virtual machines does not include the NYC site. To include the NYC site, you must
update the Skype for Business topology. You must then run a script that automates the deployment of
the NYC-SFB3 Front End Server. The script will run in the background unattended during the lecture.
Lab Setup
Estimated Time: 85 minutes (15 minutes for the lab steps and 70 minutes for the script to complete)
Virtual machines: 20334B-LON-CL1, 20334B-LON-DC1, 20334B-LON-RTR, 20334B-LON-SFB1,

20334B-LON-SFB2, 20334B-LON-SQL1, 20334B-NYC-SFB3, and 20334B-NYC-SQL3
Password: Pa$$w0rd
4. Repeat steps 1 and 2 for the following machines. Start them in the specified order to prevent service
timeout errors:
a. 20334B-LON-RTR
b. 20334B-LON-SQL1
c. 20334B-NYC-SQL3
d. 20334B-LON-SFB1
e. 20334B-LON-SFB2
f. 20334B-NYC-SFB3
g. 20334B-LON-CL1
5. Sign in to the server virtual machines by using the following credentials:
o Domain: Adatum
6. Verify that all services that have a Startup Type of Automatic or Automatic (Delayed Start) are
running on LON-SFB1 and LON-SFB2.
7. On LON-CL1, click Start, click Administrator, and then click Sign out. Do not sign back in until
directed to do so.
8. In Hyper-V Manager, right-click 20334B-LON-SFB3, and then click Settings.
9. On the Settings page, select IDE Controller 1: DVD Drive from the Hardware list.
10. In the DVD Drive pane, select Image File, and then click Browse.
11. Navigate to C:\Program Files\Microsoft Learning\20334\Drives, select SfB-E-9319.0-enUS.ISO,

and then click Open.
12. Click OK to close the Settings page.

Exercise 1: Preparing for the Lab

Scenario
1. Update topology and install back-end databases.
2. Run the pre-lab configuration script.
 Task 1: Update topology and install back-end databases

1. On LON-SFB1, sign in as Administrator@adatum.com with the password Pa$$w0rd.
2. On the taskbar, click the Skype for Business Server Management Shell icon.
3. In the Skype for Business Server Management Shell, type the following cmdlet, and then press Enter:
Import-CsConfiguration –FileName C:\Labfiles\NYCSite.zip
Get-CsManagementStoreReplicationStatus
5. Repeat step 4 until the UpToDate status on LON-SFB1 and LON-SFB2 changes to True.
Install-CsDatabase -ConfiguredDatabases -SqlServerFqdn nyc-sql3.adatum.com
7. Verify that the installation completes without errors (you may see a few warnings which you can
ignore). Close the Skype for Business Server Management Shell window.
 Task 2: Run the pre-lab configuration script

1. On NYC-SFB3, sign in as Administrator@adatum.com with the password Pa$$w0rd.
2. On the taskbar, click the File Explorer icon.
3. Navigate to C:\Labfiles, right-click 20334B_NYCPoolSetup.ps1, and then click Edit.
4. In the Windows PowerShell ISE window, verify that the 20334B_NYCPoolSetup.ps1 file is open.
5. At the Windows PowerShell command prompt, type the following cmdlet, and then press Enter:
Set-ExecutionPolicy Unrestricted -Force
6. In the Windows PowerShell ISE window, on the toolbar, click Run Script (the play icon).
Results: After completing this exercise, you will have prepared the lab environment for this module.
Lesson 1
Planning for Front End Pool High Availability
High availability in Skype for Business Server uses a distributed systems architecture, Back End Server
availability options including AlwaysOn, file sharing with Distributed File System (DFS), and Persistent Chat
availability. You can select from various infrastructure options that provide additional resiliency. At the
core of Skype for Business Server’s high availability is the Enterprise Edition Front End pool.
Lesson Objectives
 Explain the difference between high availability and disaster recovery.
 Identify the benefits of the Windows Fabric’s distributed systems architecture.
 Explain the brick model approach to deploying Skype for Business Server.
 Explain how to plan pool quorum to prevent user outages.

 Explain how to plan for Domain Name System (DNS) load balancing and hardware load balancing.
High Availability vs. Disaster Recovery

The terms high availability and disaster recovery
are often used interchangeably because they
complement each other. In the context of
planning your Skype for Business Server
deployment, it is important to distinguish
between the two.
High availability describes a situation in which
Skype for Business Server services remain available
even if one or more servers fail.
Skype for Business Server utilizes Windows Fabric’s
distributed system architecture as one of its
features to provide high availability. High
availability is only achievable with the Enterprise Edition of Skype for Business Server 2015. High
availability is the focus of this module.
Disaster recovery describes a situation in which Skype for Business Server services continue to be available
after a force majeure or manmade disaster occurs. Disaster recovery is a key component of business
continuity. With a disaster recovery plan, an organization can strive to mitigate data loss by using the
organization’s Recovery Time Objectives (RTOs) and Recovery Point Objectives (RPOs). Skype for
Business Server uses pool pairing as one of its features for disaster recovery. Both the Enterprise Edition
and Standard Edition of Skype for Business Server 2015 support disaster recovery. This module does not
cover disaster recovery, but Module 11 does.
Benefits of Windows Fabric

In Skype for Business Server 2015, the architecture for Enterprise Edition Front End pools uses the
distributed systems architecture that was first introduced in Microsoft Lync Server 2013 with the Windows
Fabric 1.0 support.
Prior to Lync Server 2013, the back-end SQL database was the real-time data store. Although this
provided a central location for pool members to utilize, it became a performance bottleneck. In Lync
Server 2013, information about a particular user is kept on local SQL Server instances on the Front End
Servers. Three servers in a Front End pool store user data; one is the primary for the routing group and the
other two are secondary replicas. The Front End pool promotes another available Front End Server in the
pool to a secondary idle server if either the primary or the secondary active server is offline. The Fabric
Manager automatically distributes the load across the Front End Servers in the pool, thereby improving
performance and scalability in the pool and eliminating a single Back End Server as a single point of
failure. Skype for Business Server 2015 also takes advantage of Windows Fabric and now supports
Windows Fabric 3.0 on the following operating systems:
 Windows Server 2012 R2
 Windows Server 2012
 Windows Server 2008 R2, which supports Windows Fabric 2.0 and can coexist with
Windows Fabric 3.0
Best Practice: It is a best practice not to use Windows Server 2008 R2 in high-availability
scenarios because of limited support for Windows Fabric 3.0. Consider a side-by-side migration
as opposed to an in-place upgrade if the operating system is Windows Server 2008 R2.
The Brick Model Approach

In Lync Server 2010 and earlier versions, the back-
end database was always a bottleneck that limited
the scalability of the Front End pool. Since
Lync Server 2013, the dependency between the
pool and the Back End Server is less restrictive.
The Front End Servers manage the user states
among themselves. There are primarily lazy writes
to the Back End Server, which are required to
rehydrate a pool after it shuts down completely
and for disaster recovery. This new relationship
between the Front End and Back End Servers
allows for a new scalability model called the brick
model approach.
In Lync Server 2013 and Skype for Business Server 2015, the brick model approach takes user states and
copies directly between the Front End Servers in a pool. Each user belongs to a specific routing group, and
a three-server peer pool holds a copy of the data of each user group. If one of the servers is not online,
the secondary active or secondary idle server will automatically take over for this routing group.
Additionally, in Skype for Business Server 2015 with Windows Fabric 3.0, conferencing data is now
synchronously written to the Back End Server to improve recovery time in the event of a failure.
When you need to scale a Front End pool to meet the needs of the organization, you can add servers
(figurative bricks) to the pool (figurative building). Windows Fabric will dynamically reallocate resources to
maximize the user/pool ratio and the overall performance.
It is important to note that in this model, there must be a minimum number of servers to guarantee that
all users in a pool will function. To have at least one server per user group available, you must maintain
the quorum. You will learn about quorum later in this lesson.
In Skype for Business Server 2015, it is a best practice to deploy a minimum of three Front End Servers in
an Enterprise Edition pool. With three replicas of data, the pool will continue to support all users even if
the back-end database servers fail. If you deploy only two servers in a Front End pool, there is a heavier
dependency on the back-end database. If the back-end database fails on a two-node Front End pool,
users will be forced into a resiliency mode. When users are in Resiliency mode, they will not be able to
perform any tasks that will require a change to persistent data on a Skype for Business Server 2015 server.
Although deploying three Front End Servers in an Enterprise Edition Front End pool is the minimum
recommendation, you can deploy up to 12 servers in a pool to scale out to meet your organization’s
needs.
Two-server pool guidelines

If you deploy two Front End Servers in a pool, you must use the following specialized guidelines when you
perform maintenance:
 If one Front End Server fails, you should try to recover the failed server as soon as you can. Similarly, if
you upgrade one of the two servers, bring it back online as soon as the upgrade is complete.
 If you need to stop both servers at the same time, do one of the following when bringing them back
online:
o The best practice is to restart both Front End Servers at the same time.
o If you cannot restart the two servers at the same time, you should restart them in the reverse
order of the order in which they were stopped.
o If you cannot restart them in that order, run the following cmdlet before starting the pool:
Reset -CsPoolRegistrarState -ResetType QuorumLossRecovery -PoolFqdn PoolFQDN
Best Practice: If you prefer to have only two servers deployed, you should install them as
Standard Edition servers and then pair them together. This will eliminate the need to have a
specialized pool management process as previously described.
Pool Quorum
When you deploy a Front End pool, it is critical
that a minimum number of Front End Servers are
running to ensure that the pool is functional. The
following table shows the details of the pool size
and the minimum number of servers required.
Number of servers in a Front End pool Number of servers that must be running
2 1
3–4 Any 2
5–6 Any 3
7 Any 4
8–9 Any of the first 7 servers that are started
10–12 Any 5 of the first 8 servers that are started
You must take preventative measures to ensure that the total number of functional servers in a pool does
not fall below 50 percent. The table above shows the thresholds for each supported pool size. If the
threshold is crossed, the servers that are running will go into survivability mode. You should actively
monitor the event logs or create alerts. Your monitoring solution should look for Local Pool Manager
has been disconnected from Pool Fabric Manager (Event ID: 32163).
You will have five minutes from the time this event is generated until the remaining servers stop all
Skype for Business Server services. As the remaining servers’ services stop, the following events will be
generated:
 Event ID: 32170. Pool Manager failed to connect to Fabric Pool Manager.
 Event ID: 32173. Server is being shut down because Fabric Pool Manager could not be
initialized.
If you add or remove servers from the pool configuration in Topology Builder, and then publish the new
Front End Server successfully, you must restart the existing Front End Servers. The order in which you
restart the servers is very significant in pools with eight or more servers.
We recommend restarting the servers one at a time. In the unlikely event that the entire pool was offline
when the configuration change occurred, you must run the following cmdlet:
Reset-CsPoolRegistrarState -PoolFqdn PoolFQDN -ResetType ServiceReset

Note: Note that in this scenario, you can use the ServiceReset reset type. It is not
necessary to use the QuorumLossRecovery reset type, as described earlier, when quorum is lost.
For more information on the available reset types including FullReset, refer to the following
website:
Reset-CsPoolRegistrarState
http://aka.ms/en8ekn
Routing groups
While Windows Fabric makes it is possible to have up to 12 servers in an Enterprise Front End pool, the
construct of the routing group defines how user state data is managed on the Front End Servers in a pool.
Routing groups set the replication boundaries and define the three servers within the pool to which
individual users’ state is replicated.
You assign users to a Front End pool (registrar) when you enable them for Skype for Business Server. Front
End pools have one or more routing groups, created automatically when the servers start. The number of
routing groups grows based on the number of servers and users added to the pool. Each routing group
will be assigned to three servers within the pool: the primary server, the secondary active server, and the
secondary idle server.
Different routing groups can have overlapping servers. When the servers start, a primary server is assigned
to each routing group. The primary server rehydrates the pool by querying the Back End Server. The
primary server performs lazy writes to the Back End Server and secondary servers.
Front End pool routing groups:
Best Practice: Avoid virtualization in a pool because a single host outage has the potential
to take down numerous virtual servers in the pool, thereby increasing the risk for loss of both
pool level quorum and routing group quorum.
Routing group quorum

The number of the servers in a pool that must be up and running the first time you the start the pool
varies based on the total number of servers in the pool. If the minimum number of servers listed in the
table below are not running to establish the routing group quorum, the pool will not start. This is also true
for subsequent restarts of servers. Because of this, you should only restart the servers in a pool one at a
time to maintain quorum when performing updates and other maintenance tasks.
Number of servers that must be running

Number of servers in a pool
to start the pool the first time
2 1
3 3
4 3
5 4
6 5
7 5
8 6
9 7
10 8
11 9
12 10
If the routing group quorum has failed, but the pool level quorum has not, you can run the following
cmdlet to recover:
Reset-CsPoolRegistrarState -ResetType QuorumLossRecovery
Note: A pool with an even number of servers uses the primary SQL Back End Server as a
tiebreaker vote.
DNS Load Balancing

Deploying high availability will require the use of
a load-balancing solution for Skype for
Business Server 2015. You can use two methods
to load balance the network traffic: hardware
load balancers (HLBs) and DNS load balancing.
Technically, DNS load balancing also requires
HLBs. DNS load balancing distributes Session
Initiation Protocol (SIP) communications but
requires HLBs for Skype for Business Server web
service communications.
DNS load balancing

DNS load balancing requires two DNS A records that are registered for each member of a server
pool. One DNS A record is registered for the server's own fully qualified domain name (FQDN)
and the other record is registered for the Front End pool FQDN. When a client queries Autodiscover
(LyncDiscoverInternal.sipdomain) to connect to a Front End pool, the DNS server responds with
all IP addresses that are registered with the Front End Server pool FQDN. The following pools in
Skype for Business Server support DNS load balancing:
 Front End pools

 Edge Server pools
 Director pools
 Mediation Server pools
 Persistent Chat pools
The following table provides a list of DNS configurations for DNS load balancing for a
Skype for Business Server 2015 Front End pool. In the example, pool.adatum.com running on
Skype for Business Server 2015 has three Front End Servers—lon-sfb1, lon-sfb2, and lon-sfb3.
Component DNS FQDN DNS A record IP address
Pool pool.adatum.com 10.10.0.20
Front End Server Front End Server 10.10.0.20

lon-sfb1.adatum.com

lon-sfb2.adatum.com

lon-sfb3.adatum.com
Internal Web Services webint.adatum.com 10.0.0.99

DNS Override
Overriding the internal web service FQDN

Because DNS load balancing does not support web communications on TCP ports 80 and 443, you must
configure the pool with a separate FQDN that will override the pool FQDN for web communications. You
can use the following procedure to configure the override FQDN:
1. Open the Skype for Business Server Topology Builder.
2. In the console tree, expand Skype for Business Server 2015.
3. Expand the Enterprise Edition Front End pools node.

4. Right-click the pool, click Edit Properties, and then click Web Services.
5. Under Internal web services, select Override FQDN.
6. Enter an FQDN that resolves to the hardware load-balanced virtual IP address of the servers in the
pool, for example, webint.adatum.com. Make sure you create an A record for this FQDN that
resolves to the virtual IP (VIP) address of the HLB.
7. Under External web services, type an FQDN that resolves to the reverse proxy, and then click OK.
This should be a different name from the FQDN of the Front End pool and the override FQDN, for
example, webext.adatum.com.
8. In the console tree, select Skype for Business Server 2015, and then in the Actions pane, click
Publish Topology.
9. Start the Deployment Wizard on each Skype for Business Server 2015 server that is impacted, and
then run the setup again.
Best Practice: It is a best practice to use DNS load balancing, except in the following
scenarios:
 Federation with Microsoft Office Communications Server 2007 or
Microsoft Office Communications Server 2007 R2
 Microsoft Exchange Server 2007 Unified Messaging or Microsoft Exchange Server 2010 Unified
Messaging
 Legacy clients (previous to Lync 2010)
 If you use HLB for the external interface of the Edge Server role, you cannot use DNS load balancing
on the internal interface. If you use HLB for the internal interface of the Edge Server role, you cannot
use DNS load balancing on the external interface
If one of these scenarios applies to you, then you should utilize hardware load balancing.
Planning for coexistence

While you are planning for coexistence, in organizations that already have a high-availability solution
deployed and that do not plan to upgrade clients and servers that are not DNS load balancing–aware,
you must retain the existing HLBs in the Skype for Business Server 2015 deployment. These HLBs can
simultaneously handle load balancing for several server pools. Therefore, if service level agreements (SLAs)
allow, administrators can use the existing HLBs in a migration or coexistence scenario, where an existing
HLB might handle load balancing for both Lync Server 2010 or Lync Server 2013 servers and Skype
for Business Server 2015 servers. In a migration scenario, clients running an earlier version of
Skype for Business will often be upgraded relatively soon. If you do have Lync 2013 clients, you do
not have to upgrade them right away, because Lync 2010 and newer clients support DNS load balancing.
Note: The support boundary for Skype for Business Server 2015 is N-2. This means that,
although Lync Server 2013 and Lync Server 2010 are supported for coexistence,
Office Communications Server 2007 R2 is not.
While planning for coexistence, you need to be aware that you can perform server draining (draining all
active connections from a server) by using Skype for Business Server Control Panel only if you configure
DNS load balancing. If this is a required feature, you might want to verify with your HLB manufacturer if it
can perform server draining. Whether you decide to use an existing load-balancing solution or deploy a
new hardware load-balancing solution, ensure that the selected solution aligns with the long-term goals
of the Skype for Business Server 2015 deployment and the long-term needs of the organization.
DNS load-balancing clients

DNS load balancing provides additional resilience to clients that are connecting to highly available pools
of servers. DNS round robin, which is enabled by default on DNS servers running the Windows Server
operating system, is beneficial to DNS load balancing. It facilitates the distribution of the client
connections by changing the order of the records provided to each client after the DNS server receives
each query.
A DNS load balancing–aware client stores the results in a local cache. The client will try to connect to the
first server in the list. Because DNS load balancing is implemented at the application level, the client will
automatically try the next server in the list without a new DNS query if the first server is not available.
The client will continue this process until it runs out of servers in the cache. After the client connects
successfully to a server in the pool, it will identify the primary registrar of its routing group and negotiate
a secure Transport Layer Security (TLS) connection over port 443. If the last server from the cache fails to
respond, the client notifies the user that Skype for Business Server is unavailable.
Demonstration: Managing a Front End Pool

In this demonstration, you will see how the loss of routing group quorum can affect pool functionality.
You will also see how you can recover quorum for a Front End pool.
Demonstration Steps
2. Click Start, click Power Options (the power icon at the top-right corner), and then click Shutdown.
Click Continue to confirm that you want to shut down. Wait for it to shut down completely.
3. On LON-SFB2, open Event Viewer.
4. In Event Viewer, expand Applications and Services Logs, and then click the Lync Server log.
5. In the Lync Server log, look for the most recent Event ID 32108 from the LS User Services. Confirm
the warning Pool Manager changed state of Registrar with FQDN: LON-SFB1.Adatum.com to
Inactive. Minimize the Event Viewer window.
6. On LON-SFB2, open Internet Explorer, navigate to https://lon-sfb2.adatum.com/cscp to connect to
the Skype for Business Server Control Panel, and then sign in as Adatum\Administrator with the
password Pa$$w0rd.
7. In the left navigation pane, click Users.
8. On the User Search page, click Enable users.
11. In the search results, click Adam Barr, press Ctrl+A to select all the users in the list, and then click OK.
12. In the Users list, locate Administrator and Guest, and any HealthMailbox*, Krbtgt, and Microsoft
Exchange* users. Select each account, and then click Remove.
14. In the Generate user’s SIP URI section, confirm that Use the user principal name (UPN) is selected.
15. On the New Skype for Business Server User page, leave the default values for all other settings, and
then click Enable.
16. On the New Skype for Business Server User page, click Cancel to return to User Search. Leave the
search box blank, change Maximum users to display 400, and then click Find.
17. Confirm that all users in the organization are now enabled for Skype for Business.
18. On LON-CL1, sign in as Adam@adatum.com with the password Pa$$w0rd, and then open
Skype for Business 2015.
19. On LON-SFB2, click the Windows PowerShell icon on the taskbar and run the following cmdlet to
see the information about the routing group that Adam’s account is in:
Get-CsUserPoolInfo –Identity sip:adam@adatum.com
20. From the results of the cmdlet in the Windows PowerShell window, document the following
information for Adam.
PrimaryPoolFQDN
UserServicesPoolFQDN
PrimaryPoolMachinesInPreferredOrder
PrimaryPoolPrimaryRegistrars
PrimaryPoolPrimaryUserService
21. In Windows PowerShell, run the following command to get the current state of Windows Fabric:
Get-CsPoolFabricState –PoolFqdn “pool.adatum.com”
22. Review the results. Locate the Pool All Server and Services Summary section. What is the suggested
resolution to the problem?
23. On LON-SFB2, shut down the server. Wait for it to shut down completely.
24. On LON-CL1, confirm that Adam is disconnected from the server.
25. In Hyper-V Manager, in the Virtual Machines section, start 20334B-LON-SFB1 and
20334B-LON-SFB2. Right-click each virtual machine, click Connect, and then wait for them to start.
26. On LON-SFB1, sign in as Adatum\Administrator with the password Pa$$w0rd.

29. In Event Viewer, expand Applications and Services logs, and then select the Lync Server log.
30. In the Actions pane, click Filter Current log.

31. In the Filter Current Log window, expand the Event sources drop-down list, and then select LS User
Services, LS Storage Service, and LS AppDomain Host Process. After selecting the sources, click
OK.
32. Review the Lync Server log for errors or warnings. Are there any errors or warning?
33. In the Actions pane, click Find. Use the Find dialog box to look for and review the following
Event IDs:
o 32176 from the LS User Service
o 50012 from the LS AppDomain Host Process

o 32027 from LS Storage Service
34. On LON-CL1, confirm that Adam is now connected.
Hardware Load Balancing

An HLB is required for the HTTP/HTTPS client-
server traffic within the Skype for Business
Server 2015 deployment. If you choose to deploy
only hardware load balancing without DNS load
balancing, the process for DNS configuration and
the client connection is similar to the process in
the previous versions of Skype for Business Server.
When designing a hardware load balancing–only

deployment for Skype for Business Server 2015,
you need to register records that resolve the pool
name to the VIP on the HLBs, and not to an
individual server in the pool. Consider a scenario
with the same sample topology that you used earlier for designing DNS load balancing, but where you
use hardware load balancing to manage all the traffic, not DNS load balancing. In this scenario, you
register the following DNS entries.
Component DNS A record IP
Pool VIP pool.adatum.com 10.10.0.99
Front end lon-sfb1.adatum.com 10.10.0.10
In most organizations, one team manages the Skype for Business Server deployment, while a different
team provides the setup and maintenance of HLBs. When you implement Skype for Business Server with
an HLB, you must ensure that the environment meets all the prerequisites and infrastructure
requirements. You must also ensure that you have properly deployed the HLB before deploying your
Edge Servers.
Prerequisites for HLBs

An HLB for a Skype for Business Server pool must meet the following prerequisites:
 Must expose a VIP through Address Resolution Protocol (ARP).
 Must allow multiple ports to be opened to the same VIP (TCP/UDP).
 Must provide TCP-level affinity.
 Must provide a configurable TCP idle-timeout interval with a maximum value greater than or equal to
the minimum of the REGISTER refresh or SIP Keep-Alive interval of 30 minutes.
 Can support a rich set of metrics, such as round robin, least connections, and weighted. We
recommend least connections–based load balancing for the HLB.
 Must detect service availability by port (often called a heartbeat or monitor). The polling interval must
be a configurable value with a minimum value of at least five seconds.
 Must allow for adding and removing Front End pool member servers from the HLB without restarting
the HLB.
Note: TCP handshakes and half-open TCP connections are commonly used to perform
health checks on load balancers. The half-open TCP connection sends a SYN. If it receives a SYN-
ACK from the server, it marks it up. However, if you have configured TCP-Half-Open monitoring
and one or more ports is generating errors in the event log on the HLB, try modifying the port-
monitoring rules to allow a full TCP handshake (SYN/SYN-ACK/ACK).
Infrastructure requirements for an HLB

The infrastructure for HLBs for a Skype for Business Server 2015 pool must meet the following
requirements:
 The VIP must be resolvable from a single DNS A record.
 The VIP must be a static IP address.
 The Skype for Business Server 2015 server behind the HLB must have a registered FQDN. The IP
address registered for this FQDN must be publicly accessible from within the enterprise.
 The network adapter must have exactly one static IP address. This IP address will be used for the
incoming load-balanced traffic.
Question: A. Datum Corporation plans to deploy Skype for Business Server 2015. They would
also like to deploy Enterprise Voice soon afterwards. A. Datum’s current messaging system is
Microsoft Exchange Server 2007, but they will be upgrading to Microsoft Exchange Server 2013
in six months. How will this affect the current Skype for Business Server 2015 deployment from a
high-availability perspective?

Question
Which of the following are benefits of Windows Fabric?
Back End Servers are no longer a performance bottleneck for client requests.
You can have a total of 12 Front End Servers in each Front End pool.
Windows Fabric supports in-place upgrades from Lync Server 2013.
Windows Fabric allows the Back End Server to create AlwaysOn Availability Groups.
Windows Fabric eliminates the need for an HLB in an organization.

Lesson 2
Planning for Back End Server High Availability
Back End Servers do not use the Windows Fabric distributed architecture for high availability. They take
advantage of SQL Server technologies to provide high availability. In this lesson, you will learn about the
specific high-availability features of SQL Server that Skype for Business Server 2015 supports. You will also
learn how to plan the high availability for Back End Servers.
Lesson Objectives
 Identify the high-availability options for Back End Servers.
 Explain how to plan for database mirroring.
 Explain how to plan for and implement AlwaysOn Availability Groups.
 Explain how to plan for AlwaysOn failover cluster instances.
Back End Server High-Availability Options

To enhance high availability for Back End Servers,
there are four options:
 Database mirroring
 AlwaysOn Availability Groups

 AlwaysOn failover cluster instances
 SQL Server failover clustering
Using a high-availability solution is optional, but is

recommended to maintain your organization's
business continuity. If you do not have a high-
availability solution, if even a single database
server goes down, you might lose significant Skype for Business Server data.
You can set up database mirroring by using Topology Builder. However, to implement AlwaysOn
Availability Groups, AlwaysOn failover cluster instances, or SQL Server failover clustering, you must first
use SQL Server to create the high-availability solution, and then use Topology Builder to associate it with
a Front End pool. If you have paired a Front End pool with another Front End pool for disaster recovery,
you should use the same Back End high-availability solution in both the pools.
Database Mirroring
Lync Server 2013 was the first version to support
database mirroring, and Skype for Business Server
2015 continues this support. Database mirroring
provides both high availability and disaster
recovery for Back End Servers. The process of
creating a database mirror is integrated with the
Skype for Business Server Topology Builder. Prior
to support for database mirroring, it was
necessary to deploy SQL clusters to provide high
availability to Back End Servers. Administrators
required a specialized skill set to deploy Back End
Server SQL clusters. Database mirroring made the
processes much simpler. This simplicity allows Skype for Business Server administrators who are not as
familiar with SQL Server clusters to be less dependent on a separate team for deploying and managing
high availability for Back End Servers.
Note: The disadvantage of database mirroring is that the SQL Server team has deprecated
this feature as of SQL Server 2012. This means that at some point in the future, SQL Server will
not include database mirroring. For additional information on deprecated database engine
features in SQL Server 2012, refer to the following website:
Deprecated Database Engine Features in SQL Server 2012

http://aka.ms/hh3t9o
Skype for Business Server supports database mirroring with the following database software:
 SQL Server 2014, both Enterprise Edition and Standard Edition
 SQL Server 2012 Service Pack 2 (SP2) and Cumulative Update 2, both Enterprise Edition and Standard
Edition
 SQL Server 2008 R2 SP2, both Enterprise Edition and Standard Edition
Skype for Business Server does not support asynchronous database mirroring for Back End Server high
availability. In the context of this course, database mirroring means synchronous database mirroring,
unless explicitly stated otherwise. Database mirroring can have only two replicas; Principal and Mirror.
The active replica will be the Principal replica by default.
When you deploy database mirroring in a Front End pool, all Skype for Business Server databases in the
pool are mirrored. This includes the Central Management store, if it is located in this pool, and the
Response Group application database and the Call Park application database, if those applications are
running in the pool.
With database mirroring, you do not have to use shared storage for the servers. Each server keeps its copy
of the databases in local storage.
Best Practice: You might choose to deploy database mirroring with or without a witness.
As a best practice, use a witness, because it enables automatic failover of the Back End Server.
If you plan to use a witness, you can use a single witness for multiple pairs of Back End Servers. There is no
strict 1:1 correspondence between witnesses and pairs of Back End Servers. Deployments that use a single
witness for multiple pairs of Back End Servers are not as resilient as topologies with a separate witness for
each Back End Server pair.
AlwaysOn Availability Groups Overview (1 of 2)
AlwaysOn Availability Groups

AlwaysOn Availability Groups provide high
availability by maximizing the availability of
databases for an enterprise. An availability group
is a set of databases that fail over together at the
same time. AlwaysOn Availability Groups support
one primary replica and up to two secondary
replicas in the synchronous-commit mode. The
availability group listener responds or redirects
incoming client requests to replicas. Each
availability group replica has a local SQL instance
and a local copy of the databases.
You can deploy AlwaysOn Availability Groups in the following Skype for Business Server scenarios:
 On a new Front End pool
 On an existing pool that uses database mirroring
 On an existing pool that does not use database mirroring
AlwaysOn failover cluster instances

AlwaysOn Availability Groups and AlwaysOn failover cluster instances use Windows Server Failover
Clustering (WSFC). AlwaysOn failover cluster instances provide redundancy at the server-instance level.
You can deploy failover cluster instances as a single instance of SQL Server onto multiple SQL Server
nodes. Skype for Business Server 2015 does not support stretch deployments of failover cluster instances
across multiple subnets. Failover cluster instances will function as a single instance of SQL Server. If a node
fails, the Front End Servers will be able to communicate with another node in the cluster. The failover
process is automated and does not require reconfiguration of Skype for Business Server.
AlwaysOn has some capabilities that Skype for Business Server does not support. When you work with SQL
administrators, you must make sure that only the following configurations are in use:
 All replicas (SQL Server instances) must be on the same subnet
 The Availability mode must be set to Synchronous commit
 The Failover mode must be set to Automatic
 Readable Secondary must be set to No
 Microsoft Azure replicas are not configured

To update an existing SQL Server instance to an AlwaysOn solution, you must upgrade your Front End
pool to Skype for Business Server 2015 first.
SQL Server failover clustering

If your organization has an existing investment in SQL failover clustering, Skype for Business Server
supports SQL Server failover clustering with the following database software:
 SQL Server 2014, both Enterprise Edition and Standard Edition
 SQL Server 2012 SP2 and CU2, both Enterprise Edition and Standard Edition
 SQL Server 2008 R2 SP2, both Enterprise Edition and Standard Edition
Although there is support for SQL Server failover clustering, it is not a best practice for
Skype for Business Server 2015. For more information on setting up a SQL Server failover cluster, see the
following articles:
How to: Create a New SQL Server Failover Cluster (Setup)
http://aka.ms/qhslme
Configure SQL Server Clustering

http://aka.ms/cvwa6v
AlwaysOn Requirements
AlwaysOn support
Only SQL Server 2014 Enterprise Edition and SQL
Server 2012 Enterprise Edition support AlwaysOn
Availability Groups and AlwaysOn failover cluster
instances. Neither Lync Server 2013 nor Lync
Server 2010 support AlwaysOn.
Prerequisites for AlwaysOn

Availability Groups
It is a best practice to use AlwaysOn Availability
Groups. However, before you can deploy an
AlwaysOn Availability Group, you must ensure the following prerequisites are met:
 You must install failover clustering on all AlwaysOn nodes.
 The hardware must pass validation in the Windows Server Failover Cluster’s Create Cluster Wizard.
 You must specify a cluster name and VIP address for the failover cluster.
 No shared storage between nodes should be in use. Only local storage should be in use. However,
each node will need the same drive letter and folder path for its local storage to be able to replicate
to other nodes. You can use Xcopy with the /t /e parameters to copy the directory structure.
 You must specify file share witness for failover clusters with an even number of servers. This cannot be
a node in the cluster.
 You must install stand-alone Enterprise Edition of SQL Server on each node.
 You must enable the AlwaysOn Availability Groups feature on each node after installing failover
clustering.
 You must change the recovery mode from Simple to Full for all databases by using SQL Server
Management Studio.
 You must perform backup on each database to flush out transaction logs.
 Databases must exist on at least one node in the cluster before you can build an AlwaysOn
Availability Group. Use Topology Builder to create databases if they do not exist.
Configuring AlwaysOn Availability Group

Deploying and configuring an AlwaysOn
Availability Group requires knowledge of SQL
Server high-availability features. In most
organizations, the SQL Server administrators are
likely to deploy AlwaysOn Availability Groups.
Skype for Business Server administrators then
configure the Front End pool to use the AlwaysOn
Availability Group as the SQL Store (Back End).
The deployment process varies based the type of

pool you have. The following steps outline the
high-level process for deploying an AlwaysOn
Availability Group for a new Front End pool:
1. Install the Failover Clustering role on each server that will be a part of the AlwaysOn Availability
Group.
2. Validate the configuration by using Failover Cluster Manager and remediate any errors.
3. Create a cluster and configure its name and IP address.

4. Configure a file share witness (optional).
5. Enable AlwaysOn for each server in the cluster.
6. Create the availability group with the New Availability Group Wizard.
7. When you add the new Front End pool in Topology Builder, specify the AlwaysOn Availability Group
as the SQL Store.
8. Update the Skype for Business Server topology initially to use the availability group listener, and then
update the databases on each replica.
For more information on the options for deploying an AlwaysOn Availability Group, see the article at the
following link:
Deploy an availability group on a Back End Server in Skype for Business Server 2015
http://aka.ms/dz3u8w\
Note: If the deployment of the availability group is for an existing Front End pool that is
currently designated as the Central Management store, you must deploy an additional pool or a
Standard Edition server so that you can move the Central Management store. You must do this
before the Skype for Business Topology Builder will allow you to change the association to the
SQL instance.
Question: You are a Skype for Business Server 2015 consultant. Your client has determined that
Skype for Business Server communications are mission-critical. They have asked you, their trusted
advisor, to recommend a high-availability solution for their Back End Servers. They currently have
a single-server Enterprise Edition Front End pool deployed for 800 of their 8000 users. They have
a single SQL Server 2014 server deployed as their Back End Server. What should you recommend?
Lesson 3
High Availability for Other Component Servers
Although the Front End and Back End Servers are critical for high availability, they are not the only
components that you can configure to be highly available. In this lesson, you will learn about the
Skype for Business Server roles and supporting services that you can configure for high availability.
Lesson Objectives
 Describe the high-availability solutions for the Skype for Business Server file store.
 Describe the high-availability solutions for Edge Servers.

 Describe the high-availability solutions for the Mediation Server.
 Describe the deployment process for multi-server Office Online Server farms.
 Describe the high-availability solutions for reverse proxy servers.
High-Availability Solutions for the Skype for Business Server File Store
The file store associated with each Front End pool
in Skype for Business Server 2015 contains system
data and conferencing content. Each Front End
pool that you deploy must have a file store
associated with it. Multiple pools can share a
single file store.
To ensure high availability of a file store, you can

use the Distributed File System (DFS). DFS
supports the ability to fail over from one file
server to another. When you deploy DFS servers,
ensure that the DFS server pairs are located in the
same datacenter. Additionally, consider having at
least one pair of dedicated DFS servers for each Skype for Business Server central site. For each Front End
pool that resides in a datacenter, consider deploying a pair of DFS servers. For detailed information on
deployment of DFS, refer to the following website:
DFS Namespaces and DFS Replication Overview

http://aka.ms/l1ny7m
When you use DFS, you must remember that Distributed File System Replication (DFS Replication) is a
best-effort file replication mechanism. However, for business continuity, DFS does not provide published
RTO and RPO numbers. Generally, failover between DFS servers happens quickly; however, data
replication delays might prevent users from being able to work when a failover occurs.
If the data that a file store contains is critical, you should back it up frequently. DFS Replication does not
protect against accidental data deletion or corruption, so backing up the data is advisable.
High-Availability Solutions for Skype for Business Edge Servers

Skype for Business Server Edge Server supports
three high-availability topologies:
 Scaled consolidated edge, DNS load

balancing with private IP addresses using
network address translation (NAT)
 Scaled consolidated edge, DNS load

balancing with public IP addresses
 Scaled consolidated edge with HLBs
Scaled consolidated edge, DNS load balancing with private IP addresses using NAT
In this topology, you deploy two or more Edge Servers with private IP addresses on the internal and
external interfaces. The firewall will perform NAT for the external private IP addresses to the Internet. DNS
load balancing of the private IP addresses, on both the internal and external interfaces, is used to
distribute the communication across the pool.
Scaled consolidated edge, DNS load balancing with public IP addresses

In this topology, you deploy two or more Edge Servers with public IP addresses on the external interfaces.
DNS load balancing distributes the communication across the pool. Network routing, not NAT, will
provide access to the Edge Servers for external users on the Internet.
Scaled consolidated edge with HLBs

In this topology, you deploy two or more Edge Servers by using an HLB. You configure Edge Servers with
public IP addresses assigned to external interfaces. HLBs distribute the communication across the pool.
Routing, not NAT, will provide access to the Edge Servers for external users on the Internet.
Example: DNS load balancing for Edge Server pools

To deploy DNS load balancing on the external and internal interfaces of your Edge Server pool, you need
relevant DNS entries. The following table provides an example of the required DNS records for an
organization that is using DNS load balancing for its Edge pool.
Location FQDN IP address Edge service
External sip.adatum.com 10.10.0.10 Access Edge external

DNS 10.10.0.11 interfaces
External webcon.adatum.com 10.10.0.20 Web Conferencing Edge

DNS 10.10.0.21 external interfaces
External av.adatum.com 10.10.0.30 A/V Edge external interfaces

DNS 10.10.0.31
External _sip._tls.adatum.com sip.adatum.com Access Edge external

DNS interfaces, Auto
(SRV/443) configuration
External _sipfederation._tcp.adatum.com sip.adatum.com Access Edge external

DNS interfaces, Federation
(SRV/5061)
Internal edgepool.adatum.com 172.16.0.5 Consolidated Edge internal

DNS 172.16.0.6 interface
Example: Hardware load balancing for Edge Server pools

To deploy hardware load balancing on the external and internal interfaces of your Edge Server pool, you
need relevant DNS records. The following table shows the required DNS records for an Edge Server pool
that is using an HLB.
Location FQDN IP address Edge service
External sip.adatum.com 131.107.155.110 HLB VIP for Access Edge

DNS external interfaces
External webcon.adatum.com 131.107.155.120 HLB VIP for Web

DNS Conferencing Edge external
interfaces
External av.adatum.com 131.107.155.130 HLB VIP for A/V Edge

DNS external interfaces
External _sip._tls.adatum.com sip.adatum.com HLB VIP for Access Edge

DNS external interfaces, Auto
(SRV/443) configuration
External _sipfederation._tcp.adatum.com sip.adatum.com HLB VIP for Access Edge

DNS external interfaces,
(SRV/5061) Federation
Internal edgepool.adatum.com 172.16.0.105 HLB VIP for internal

DNS interface
Required IP addresses for Edge Server pools

Each Skype for Business Edge Server has three consolidated roles: Access Edge, Web Conferencing Edge,
and A/V Edge. Each role will need an IP address. To conserve available IP addresses, it is possible to use a
single IP for all three services. However, we do not recommend this. This requires using three separate
port numbers. Having multiple port numbers increases the likelihood that remote users might not have
access to the service, due to port blocking issues. For planning purposes, the tables below provide the IP
requirements for Edge Server pools.
The following table lists the total number of required IP addresses when you use a dedicated IP address
for each Edge role.
Total Edge Server Required IP addresses

Required IP addresses (HLB)
nodes (DNS load balancing)
2 6 3 VIPs +6
3 9 3 VIPs +9
4 12 3 VIPs +12
5 15 3 VIPs +15
The following table lists the number of required IP addresses when you use one IP address for all Edge
roles.
Total Edge Server Required IP addresses

Required IP addresses (HLB)
nodes (DNS load balancing)
2 2 1 VIP +2
3 3 1 VIP +3
4 4 1 VIP +4
5 5 1 VIP +5
Note: The maximum number of servers that you can add to an Edge Server pool in
Topology Builder is 20. However, the maximum number of servers that a Skype for Business Edge
Server pool supports is 12.
Note: In addition to the IP addresses for an organization’s Edge servers, you must consider
IP addresses for reverse proxy servers. High availability for reverse proxy solutions is covered later
in this lesson.
High-Availability Solutions for Skype for Business Mediation Servers

The default option for the Mediation Server is to
collocate with the Standard Edition server, Front
End pool, or Survivable Branch Appliance. There is
a direct benefit to collocation. The Mediation
Server automatically becomes highly available if
the Front End pool where it is collocated is highly
available.
In some cases, it might be desirable to deploy one

or more Mediation Servers in a stand-alone pool.
For example, if the Mediation Servers are
configured to connect to an Internet Telephony
Service Provider (ITSP) with a SIP trunk, a stand-
alone pool is the best practice. There is also a performance benefit to deploying a stand-alone pool. It will
support additional connections and scale farther than a collocated Mediation Server. The collocated
Mediation Server can handle up to 110 connections. The stand-alone Mediation Server can handle up to
1100 connections. Both stand-alone and collocated configurations can be highly available.
Design guidelines for DNS load balancing on Mediation Server pools

You can use DNS load balancing on stand-alone Mediation Server pools without using an HLB. DNS load
balancing balances all SIP and media traffic. To deploy DNS load balancing on a Mediation Server pool,
you must provision DNS to resolve the pool FQDN, such as mediationpool1.contoso.com, to the IP
addresses of all the servers in the pool, such as 192.168.1.1 or 192.168.1.2.
Some qualified media gateways and IP Private Branch Exchanges (PBXs), which the Mediation Server uses
to connect to the public switched telephone network (PSTN), support DNS load balancing. If these devices
are integrated with the Skype for Business Mediation Server deployment, stand-alone Mediation Server
pools are not required.
Note: The Mediation Server is a key role for Skype for Business Enterprise Voice. This course
does not cover Enterprise Voice in detail. However, the Mediation Server is required for the Dial-
in Conferencing feature. You will learn more about dial-in conferencing in Module 6,
“Skype for Business Server 2015 Additional Conferencing Options”.
Deploying Office Online Server Farms

If your Skype for Business Server environment is
configured for high availability, you should
configure the Office Online Server farm to be
highly available as well. The multi-server Office
Online Server farm topology is the appropriate
topology for high availability. This topology will
require an HLB. Additionally, we recommend that
you configure a secure web (HTTPS) connection
for both the internal and external client
connections.
A multi-server Office Online Server farm deployed
for Skype for Business Server 2015 also has the
ability to integrate with Microsoft SharePoint 2013 and Microsoft Exchange Server 2013.
Deploying a multiserver Office Online Server farm

To deploy a multiserver Office Online Server farm, perform the following steps:
1. Create the Office Online Server farm on the first server by running the following command:
New-OfficeWebAppsFarm -InternalUrl "https://lon-oos1.adatum.com" -ExternalUrl

"https://oosweb01.adatum.com" -SSLOffloaded -EditingEnabled
2. Add more servers to the farm by running the following command:
New-OfficeWebAppsMachine -MachineToJoin "lon-oos2.adatum.com"
3. Verify that you have successfully created the Office Online Server farm by navigating to
https://lon-wac1.adatum.com/hosting/discovery.
4. Configure Skype for Business Server.
Note: Office Online Server is the new version of Office Web Apps Server. Although the
server name has changed, the Windows PowerShell cmdlet names have not changed.
Load balancing Office Online Server

When two or more Office Online Servers exist in a farm, we recommend that the connections to the farm
are load-balanced. For the best performance, consider a hardware load-balancing solution that can
provide the following:
 Layer 7 routing
 Client affinity
 Secure Sockets Layer (SSL) offloading
It is not necessary to have a hardware load-balancing solution. Virtually any load-balancing solution will
work for Office Online Server. It is also possible to utilize Application Request Routing (ARR) as a load-
balancing solution for Office Online Server farms. You must install the certificate for the Office Online
Server on the load-balancing solution if you want to offload SSL.
Additional Reading: For more information about configuring Skype for Business Server
2015 with Office Online Server, refer to Module 6, “Implementing Additional Conferencing
Options in Skype for Business Server 2015”.
Configure integration with Office Web Apps Server in Skype for Business Server 2015
http://aka.ms/fn4znc
High-Availability Solutions for Reverse Proxy Servers
Reverse proxy options for

Skype for Business
A reverse proxy plays an important role in the
Skype for Business Server infrastructures,
especially when they require remote connectivity
scenarios. Even if you have not deployed Edge
Servers, you still need a reverse proxy to support
internal Skype for Business web access and
internal mobile clients. Mobility Service URL
directs the mobile clients connected to the
internal network to connect to the external web
FQDN. An Edge Server pool cannot provide access to the external web services. All connections to the
external web services depend on the reverse proxy. For additional information on configuring mobility,
refer to the following website:
Technical requirements for mobility in Lync Server 2013
http://aka.ms/mue973
You can use many reverse proxy solutions. You can choose between Microsoft and non-Microsoft
solutions. The high-availability options depend on the solution that you choose to use. Microsoft provides
two reverse proxy solutions:
 ARR
o Does not support preauthentication

o Requires Microsoft Internet Information Services (IIS) 7.0 and IIS 8.0
 Web Application Proxy
o Supports preauthentication
o Requires Windows Server 2012 R2
o Requires Active Directory Federation Services (AD FS) and AD FS Proxy
For a full list of qualified reverse proxies, including non-Microsoft products, see the following website:
Infrastructure qualified for Microsoft Lync (Reverse Proxy)

http://aka.ms/fh954w
For more information on using IIS ARR as a proxy server for your Skype for Business Server 2015 servers,
refer to the following website:
Using IIS ARR as a Reverse Proxy for Lync Server 2013

http://aka.ms/stopv2
For more information on configuring the Windows Server 2012 Web Application Proxy as a reverse proxy
for Lync Server, refer to the following website:
Configuring the Windows Server 2012 Web Application Proxy as a

Reverse Proxy for Lync Server
http://aka.ms/b29p5h
Note: As of November 2012, Microsoft Forefront Threat Management Gateway 2010 (TMG)
licenses are no longer available for purchase. However, it is still supported through 2020 for
organizations that purchased TMG prior to this date.
Load-balancing ARR or Web Application Proxy

If you plan to deploy multiple ARR or Web Application Proxy servers, you will need to deploy a load-
balancing solution to distribute connections between the servers. You can use either an HLB or Network
Load Balancing (NLB).
Achieving High Availability and Scalability - ARR and NLB

http://aka.ms/h75jd8
Question: Your organization needs to implement a high-availability solution for all remote user
connections. Your company had supportability problems with the designs of some other
information technology (IT) projects. For this reason, your organization now requires that all
solutions follow the best practice guidelines from Microsoft. You currently have five public IP
addresses available. What should you recommend?
Sequencing Activity
The following are the steps for deploying an Office Web Apps Server farm. Put them in the correct order.
Steps
Install prerequisite software for Office Web Apps Server.
Install Office Web Apps Server with SP1.
Install language packs.
Run the New-OfficeWebAppsFarm cmdlet.
Run the New-OfficeWebAppsMachine cmdlet.
Connect to https://servername.adatum.com/discovery.
Configure Skype for Business Server for Office Web App integration.
Lab B: Implementing High Availability

Scenario
In the design process, A. Datum has identified that it requires a local high-availability solution for its Front
End and Back End Servers at the Adatum headquarters site in London. In the initial deployment of
Skype for Business Server, the Front End pool was deployed as a two-server pool. However, there have
been some issues regarding the availability of the servers. Your task is to verify the health of the Front End
pool in London.
Additionally, the network team has implemented a hardware load-balancing solution and has asked you
to configure the HLB for the London Front End pool and determine if it is working properly.
Objectives
 Manage the Front End pool quorum.
 Configure DNS and Skype for Business Server to use a hardware load-balancing solution.
 Troubleshoot hardware load-balancing configuration.
Lab Setup
Virtual machines: 20334B-LON-CL1, 20334B-LON-DC1, 20334B-LON-RTR, 20334B-LON-SFB1,
20334B-LON-SFB2, 20334B-LON-SQL1, 20334B-NYC-SFB3, 20334B-NYC-SQL3, 20334B-LON-LB

Password: Pa$$w0rd
Do not log on to LON-LB.
This lab depends on the completion of the “Pre-Lab Configuration” lab. Be sure to perform the “Pre-Lab
Configuration” lab at least 85 minutes before starting this lab.
Exercise 1: Managing Front End Pools

Scenario
After maintenance, there are some availability issues with the Front End Servers in London. The outages
can take up to 30 minutes to clear up. The help desk manager asked you to look at the Front End pool to
determine what is happening.
1. Troubleshoot Front End pool availability.
2. Verify DNS load balancing.
 Task 1: Troubleshoot Front End pool availability

the warning Pool Manager changed state of Registrar with FQDN: LON-SFB1.Adatum.com to
Inactive. Minimize the Event Viewer window.
6. On LON-SFB2, open Internet Explorer, navigate to https://lon-sfb2.adatum.com/cscp to connect to

the Skype for Business Server Control Panel, and then sign in as Adatum\Administrator with the
password Pa$$w0rd.
11. In the search results, select all the users in the list, and then click OK.
12. In the Users list, locate Administrator and Guest, and any HealthMailbox*, Krbtgt, and Microsoft
Exchange* users. Select each account, and then click Remove.
14. In the Generate user’s SIP URI section, confirm that Use user’s email address is selected.
then click Enable.
18. On LON-CL1, sign in as Adam@adatum.com with the password Pa$$w0rd, and then open
Skype for Business 2015.
19. On LON-SFB2, click the Windows PowerShell icon on the taskbar, and then run the following cmdlet
to see the information about the routing group that Adam’s account is in:
PrimaryPoolFQDN
UserServicesPoolFQDN

23. On LON-SFB2, shut down the server. Wait for it to shut down completely.
25. In Hyper-V Manager, in the Virtual Machines section, start 20334B-LON-SFB1 and

OK.
32. Review the Lync Server log for errors or warnings. Are there any errors or warning?
33. In the Actions pane, click Find. Use the Find dialog box to look for and review the following Event
IDs:
34. On LON-CL1, confirm that Adam is now connected.
 Task 2: Verify DNS load balancing

1. On LON-CL1, right-click Start, and then click Command Prompt (Admin).
2. When the User Account Control dialog box appears, click Yes.
3. In the Command Prompt window, type ping pool.adatum.com. Confirm that the FQDN resolves to
one of the following two IP addresses: 172.16.0.20 or 172.16.0.21.
4. At the command prompt, type ipconfig /flushdns, and then press Enter.
5. Repeat steps 3 and 4 until the IP address being pinged changes to the other IP address (for example,
from 172.16.0.21 to 172.16.0.20).
Note: DNS round robin is configured on the DNS server and is the feature that changes the
sequence of the round robin records provided to the client. After the IP addresses have been
resolved, the client caches them and uses them for the DNS load-balancing process.
6. Type ipconfig /displaydns, and press Enter. Verify that the cache contains both IP addresses.
7. If the first IP address in the local cache is not 172.16.0.20, repeat steps 3 and 4 again until the first IP
address is 172.16.0.20, and then proceed to the next step.
8. On LON-SFB1, open Services and stop the Skype for Business Server Front-End Service. Leave this
window open.
9. On LON-CL1, sign out of Skype for Business.
10. Click Sign in to sign back in.
If you can sign in successfully, then you can confirm that DNS load balancing is working.
12. On LON-SFB1, start the Skype for Business Server Front-End service.
Results: After completing this exercise, you will have simulated the maintenance process and determined
the root cause of outages. You will also have determined the current health of DNS load balancing and
the Windows Fabric.
Exercise 2: Configuring Hardware Load Balancing

Scenario
The current Front End pool solution is missing a key component for high availability. There is no HLB for
the internal web services. The network team has implemented a hardware load-balancing solution
(LON-LB.adatum.com). They have asked you to configure the HLB and the Front End pool in London to
load balance the Skype for Business server internal web services. You will also need to verify that it is
working properly.
1. Identify the qualified HLBs.

2. Configure hardware load balancing for web services.
3. Configure hardware load balancing for all services.
4. Troubleshoot the HLB.

 Task 1: Identify the qualified HLBs

1. On the host machine or the classroom computer with Internet connectivity, navigate to the following
URL:
Infrastructure qualified for Microsoft Lync – Load Balancers

http://aka.ms/xlftxt
2. Click the Load Balancers tile.
3. Explore the list of vendors and the vendors page.
 Task 2: Configure hardware load balancing for web services
Configure DNS and the HLB

1. On LON-DC1, in Server Manager, open the DNS Manager tool, expand Forward Lookup Zones, and
then select the Adatum.com zone.
2. Double-click the webint record, change the IP address to 172.16.0.120, and then click OK.
3. Repeat step 2 for the following records:
o admin
o dialin
o lyncdiscoverinternal
o meet
o scheduler
4. Open Internet Explorer and navigate to https://172.16.0.2:444.
5. In the ZEN Load Balancer GUI window, click the Settings menu, and then select Interfaces.
6. On the Settings::Interfaces page, in the Table interfaces table, locate the eth0 interface, and then
click the add virtual network interface icon in the Actions column.
7. In the new row in the Table interfaces table, type 1 in the Name text box, type 172.16.0.120 in the
Addr text box, and then in the Actions column, click save virtual interface.
8. On the Settings::Interfaces page, in the Default gateway table, click edit default GW in the
Actions column. Type 172.16.0.1 in the Addr text box, and then click save default GW in the
Actions column.
9. In the ZEN Load Balancer GUI window, on the Manage menu, click Farms.
10. Create four farms by using the information in this table.
Name: SfBport80
Virtual IP: eth0:1->172.16.0.120
Virtual Port: 80
Profile: TCP
Real Server 0: 172.16.0.20
Real Server 0 Port: 80
Real Server 1: 172.16.0.21
Name: SfBport8080
Virtual IP: eth0:1->172.16.0.120
Virtual Port: 8080
Profile: TCP
Real Server 0: 172.16.0.20
Real Server 1: 172.16.0.21
Name: SfBport443
Virtual IP: eth0:1->172.16.0.120
Virtual Port: 443
Profile: TCP
Real Server 0: 172.16.0.20
Real Server 1: 172.16.0.21
Name: SfBport4443
Virtual IP: eth0:1->172.16.0.120
Virtual Port: 4443
Profile: TCP
Real Server 0: 172.16.0.20
Real Server 1: 172.16.0.21
Test connections with port query UI

1. On LON-CL1, sign in as Administrator@adatum.com with the password Pa$$w0rd.
2. Open File Explorer. Navigate to the C:\PortQryUI\ folder, and then double-click portqueryui.exe.
3. In the Port Query window, in the Enter destination IP or FQDN to query text box, type
webint.adatum.com. On the File menu, click Open Config.
4. In the Open dialog box, navigate to C:\PortQryUI\, select SfBconfig.xml, and then click Open.
5. In the Port Query window, verify that Query predefined service is selected. Select
Skype for Business Server 2015 HLB with DNS from the Service to Query list, and then click
Query. This process can take several minutes. The Query button will be enabled when the process
completes.
6. What are the results?
7. Sign Administrator out of LON-CL1.
Test the connection with the Skype for Business clients

1. On LON-CL1, sign in as adam@adatum.com with the password Pa$$w0rd.
2. Is Adam able to sign in?
3. In the Skype for Business 2016 client, open Dial-in Conferencing Settings.
4. Did the Dial-in Conferencing Settings and PIN Management window appear?
5. Open Microsoft Edge, and then navigate to https://admin.adatum.com.
6. What does the sign-in dialog box say that you are connecting to?
7. Close Microsoft Edge.
Note: If you were able to connect to the Dial-in and Admin web services, then the
hardware load balancer is working properly.
 Task 3: Configure hardware load balancing for all services

1. On LON-DC1, in the DNS Manager tool, create a new host record called pool in the Adatum.com
zone with the IP address 172.16.0.120.
2. In DNS Manager, delete the pool record for 172.16.0.20 and the pool record for 172.16.0.21.
3. Open the Skype for Business Server Topology Builder.
4. Download the topology from the existing deployment, and save the topology as HLBConfig.tbxml.
5. Expand the Skype for Business Server node, expand the Adatum Headquarters node, expand the
Skype for Business Server 2015 container, expand the Enterprise Edition Front End pools
container, right-click pool.adatum.com, and then click Edit Properties.
6. Click Web Services.
7. Clear Override FQDN, and then click OK.
9. On LON-SFB1, on the taskbar, click Skype for Business Server Management Shell, and then run the
following cmdlet:
cd ‘c:\Program Files\Skype for Business Server 2015\Deployment’
.\Bootstrapper.exe
12. On LON-SFB2, open the Skype for Business Management Shell.

.\Bootstrapper.exe
 Task 4: Troubleshoot the HLB

1. On LON-CL1, sign in as adam@adatum.com with the password Pa$$w0rd, and then document the
results. Sign out of LON-CL1.
2. On LON-CL1, sign in as anil@adatum.com with the password Pa$$w0rd, and then document the
results.
4. Is Anil able to sign in?
5. What do you think is the reason for what you just observed?
Test the connections with port query UI, and then document the results
1. On LON-CL1, open File Explorer, navigate to the C:\PortQryUI\ folder, and then double-click
portqueryui.exe.
2. In the Port Query window, query pool.adatum.com by using the predefined query in the
SfBconfig.xml file. Select Skype for Business Server 2015 HLB ONLY from the Service to Query
list, and then click Query.

Remediate the problem

1. On LON-DC1, click Start, and then select Internet Explorer.
2. In the address bar of Internet Explorer, type https://172.16.0.2:444, and then press Enter.
3. In the Windows Security dialog box, sign in as admin with the password Pa$$w0rd.
4. In the ZEN Load Balancer GUI window, click the Settings menu, and then select Backup.
5. On the Settings::Backup page in the Backup Files section, click the upload backup icon in the
Action column.
6. In the Upload File – Internet Explorer window, click the Browse button.
7. In the Choose File to Upload window, navigate to C:\Labfiles, select backup-HLBOnly.tar.gz, and
then click Open.
8. In the Upload File – Internet Explorer window, click Upload Backup, and then close the Upload File
window.
9. On the Settings::Backup page in the Backup Files section, click the Apply backup-HLBOnly.tar.gz
backup and restart Zen Load Balancer service icon (green checkmark) in the Action column.
10. In the ZEN Load Balancer GUI window, click the Settings menu, select Manage, and then select
Farms. Confirm that additional ports for Skype for Business Server have been added.
Test client connection

1. On LON-CL1, confirm that you are still signed in as adam@adatum.com with the password
Pa$$w0rd.
2. Sign in to Skype for Business as adam@adatum.com.


Do not revert this lab
You must complete this lab before you can start the lab in Module 11, “Implementing Disaster Recovery in
Skype for Business 2015”.
Results: After completing this exercise, you will have identified the HLBs that are qualified to work with
Skype for Business Front End pools. You will also have configured DNS to support an HLB and fixed HLB
connectivity issues.
Question: Carol Troup recently started as the new chief financial officer (CFO) for A. Datum. You
enabled her account for Skype for Business Server 2015. Unfortunately, she cannot sign in with
the new account. Other users in the accounting department are able to sign in. Your desktop
support team has confirmed that the CFO’s machine is configured properly and her account
appears to be configured properly. What can you do to check if it is a Front End pool issue?
Question: During a recent maintenance period, the hardware load-balancing solution for
A. Datum went offline. This caused a large number of after-hours users to lose connectivity to
Skype for Business. Because this was during a planned maintenance period, there were no
repercussions for the outage. However, A. Datum management expects the implemented high-
availability solution to allow Skype for Business Server services to be available for after-hours
users even in the event that a single server goes offline. To prevent this type of outage in the
future, what should you recommend to A. Datum management?

Best Practice
When you deploy a high-availability solution for Skype for Business Server, you will require an HLB even if
you use DNS load balancing. As a best practice, select an HLB from the qualified list of devices at the
Unified Communications Open Interoperability website. This will prevent potential compatibility issues
and provide prescriptive guidance specifically on how to configure the device(s) for
Skype for Business Server 2015.
Infrastructure qualified for Microsoft Lync

http://aka.ms/srppfi

When moving from a stand-alone SQL Server

back-end solution to an AlwaysOn Availability
Group, you are prohibited from changing the
SQL store for a Front End pool in Topology
Builder.
When performing maintenance on a Front End

pool, users might lose connectivity to Skype
for Business Server even though there are
servers in the pool that are still running.
Review Question
Question: Based on what you learned in this module, do you plan to change anything in your
production deployments or in your Skype for Business Server designs for upcoming
deployments?

Virtualization of Skype for Business Server 2015 servers is fully supported. Many organizations will deploy
their servers on a hypervisor. If you do not carefully plan virtualization of a highly available solution, the
hosts of the virtualization solution can actually counteract the benefits of deploying Front End pools and
other high-availability solutions. This is because a single host can potentially shut down a large number of
virtual machines simultaneously. From a Front End pool perspective, that could cause the quorum to fail.
If you are using Hyper-V to virtualize your Skype for Business Server roles, consider using availability sets
to overcome this issue. For more information on configuring availability sets, refer to the following
website:
How to Configure Availability Sets in VMM for Virtual Machines on a Host Cluster
http://aka.ms/y2t7i2
Tools
 PortQryUI. Allows you to create custom configuration files for scanning the TCP and User Datagram
Protocol (UDP) ports’ availability on your high-availability solutions.
PortQryUI - User Interface for the PortQry Command Line Port Scanner
http://aka.ms/os9l3l
 Database Mirror Manager. If you deploy mirrored databases without the AlwaysOn Availability
Groups, this tool can help you manage the databases on the mirror.
My Skype Lab
http://aka.ms/hytott
11-1
Module 11
Implementing Disaster Recovery in
Contents:
Lesson 1: Disaster Recovery Options in Skype for Business Server 11-2
Lesson 2: Implementing Disaster Recovery in Skype for Business Server 11-10
Lesson 3: Additional Disaster Recovery Options in Skype for Business Server 11-18
Lab: Implementing and Performing Disaster Recovery 11-24
Module Overview
Even with an excellent high-availability design in a Skype for Business 2015 deployment, service outages
or data loss are always risks. Only a disaster-recovery solution can provide you with the ability to recover
when a disaster occurs and wipes out an entire site in your organization. In this module, you will learn
about various options for disaster recovery in Skype for Business.
Objectives
 Describe disaster recovery options in Skype for Business Server 2015.

 Implement disaster recovery in Skype for Business Server.
 Describe the disaster recovery options for Persistent Chat, the Central Management store, the
Location Information Service (LIS) database, and user data.
11-2 Implementing Disaster Recovery in Skype for Business 2015
Lesson 1
Disaster Recovery Options in Skype for Business Server
Skype for Business Server provides a number of configurable disaster recovery options such as Front End
pool pairing, which installs the Backup Service, and Persistent Chat Server stretched pools. In this lesson,
you will learn about various disaster recovery options and tools that you can use to manage disaster
recovery in Skype for Business Server.
Lesson Objectives
 Describe disaster recovery scenarios in Skype for Business Server.
 Explain Front End pool pairing.
 Explain how to configure the Backup Service.
 Describe how Front End pool failover affects the user experience.
 Explain the Persistent Chat Server stretched pool topologies.
Disaster Recovery Scenarios

Skype for Business Server will potentially face a
number of disaster recovery scenarios in a
production environment. Skype for Business
Server provides number of features and tools to
mitigate potential service outages and expedite
recovery in the event of a disaster.
The following table lists the various scenarios, the
associated tasks, and the Skype for Business Server
tool or tools that you can use in each scenario to
manage the disaster recovery lifecycle.
Scenario Administrator task Mode Skype for Business Server tools
Design Server and capacity Manual Microsoft Lync Server 2013 Planning
planning with disaster Tool
recovery
Back End Setting up SQL Manual Microsoft SQL Server Configuration

disaster AlwaysOn Availability Manager, SQL Server Management
recovery Groups Studio, Skype for Business Server
configuration Topology Builder
Front End Pairing two Skype for Manual Skype for Business Server Topology
pool disaster Business Server pools Builder, Skype for Business Server
recovery Deployment Wizard
configuration
Back End AlwaysOn Availability Automatic Not applicable

failure Groups failover (primary
to secondary)
Scenario Administrator task Mode Skype for Business Server tools
Back End AlwaysOn Availability Manual SQL Server Management Studio can
maintenance Groups failover (primary be used for manual failover during
to secondary) maintenance
Recoverable Failover/failback Manual Skype for Business Server

pool failure between two Front End Management Shell command-line
pools with or without interface cmdlets
the Central
Management store
Minor version Upgrade Skype for Manual Windows PowerShell cmdlets,

upgrade Business Server Cumulative Server Update Installer
Public Route calls to backup Automatic The Voice Routing tab in Skype for
switched trunk Business Server Control Panel
telephone
network
(PSTN) trunk
failure with
voice
resiliency
configured
PSTN trunk Route calls to backup Manual Skype for Business Server Topology
failure trunk Builder, Skype for Business Server
without voice Control Panel, Windows PowerShell
resiliency cmdlets
configured
Unrecoverable Failover A to B; restore A Manual Windows PowerShell cmdlets

pool failure from B; failback B to A
(AB)
Unrecoverable Failover A to B; restore A Manual Skype for Business Server Topology

pool failure from B in C; failback B to Builder, Windows PowerShell cmdlets
(ABC) C
Director/Edge Repoint next hop Manual Skype for Business Server Topology
Server/ Builder
Reverse Proxy
failures
Site failure Front End pools: Manual Windows PowerShell cmdlets

failover/failback paired
pools
Domain Name System Manual or DNS Manager, non-Microsoft DNS

(DNS): change DNS Automatic management tools
records for internal and GeoDNS load balancing for automatic
external web services failover
(simple URLs)
After you experience a disaster in your Skype for Business Server environment, it is important to
document the lessons you learn during the recovery process. Based on those findings, you can improve
the design for high availability and disaster recovery.
Overview of Front End Pool Pairing (1 of 2)

In pool pairing, each site contains a Front End pool
that is paired with a corresponding Front End pool
that is usually in another site or in the same site.
Both pools can have active users. Having pool
pairing in the same site for disaster recovery does
not help to prevent loss of Skype for Business
functionality in the case of an actual disaster. The
Backup Service provides real-time data replication
to keep the pools synchronized. Lync Server 2013
introduced the Backup Service. In Skype for
Business Server 2015, the Backup Service installs
when you configure pool pairing. The Backup
Service supports a pool pairing disaster-recovery solution. It installs in a Front End pool after you publish
the topology and run bootstrapper on each Front End Server in each of the paired pools.
Planning for pool pairing

You must consider the following items when pairing pools:
 Pairing is one to one and reciprocal:
o Pools that use the same editions should pair with each other—Enterprise Edition pool with
Enterprise Edition pool and Standard Edition server with Standard Edition server.
o Pools that run on the same type of platform should pair with each other—physical with physical
and virtual with virtual.
 There is no restriction on the distance between the pools that pair with each other. However, we
recommend that you keep paired pools within the same geographical region.
 Each pool in a pair should have the capacity to handle both pools if one of them fails.
 Even though backup relationships between two Front End pools must be one to one and symmetrical,
each Front End pool can still also be the backup Registrar for any number of Survivable Branch
Appliances (SBAs) or Survivable Branch Servers (SBSs). However, disaster recovery support does not
extend to these appliances. Consider a scenario where Pool1 and Pool2 are paired and SBA1 is using
Pool1 for its backup Registrar. In this case, when Pool1 fails and the administrator invokes failover to
Pool2, SBA1 will not be able to use Pool2 for user services. The administrator must redefine the
relationship in Topology Builder for SBA1.
 The Recovery Time Objective (RTO) in Skype for Business Server paired pools is 15–20 minutes. RTO
defines the time that is required for a failover to happen after a disaster has occurred and the process
to initiate the failover starts. This does not include the amount of time that is required to identify the
problem, to make a decision on what to do, and to reconnect clients after the service is available.
 The Recovery Point Objective (RPO) in Skype for Business Server is five minutes. RPO defines the
amount of data that might be lost during a disaster because of replication latency of the Backup
Service. For example, if a pool goes down at 9:00 AM and the RPO is five minutes, data that writes to
the pool between 8:55 AM and 9:00 AM might not replicate to the backup pool and might be lost.
 All RTO and RPO numbers assume two datacenters within the same world region with high-speed,
low-latency transport between them.
 Pool pairing will protect the Central Management store, assuming the pool that is paired is the
Central Management store master.
Overview of the Backup Service

The Backup Service provides real-time data
replication to keep paired pools synchronized. The
following are some key features of the Backup
Service:
 Only one Front End Server in each pool

actively runs the Backup Service. A random
algorithm determines which Front End Server
this is.
 The default interval for synchronization

between paired pools is two minutes;
you can change this by using the Set-
CsBackupServiceConfiguration cmdlet.
 Although synchronization is bidirectional, you can configure the synchronization intervals differently
for each direction. For example, the synchronization interval from London to New York can be three
minutes and the synchronization interval from New York to London can be two minutes.
 The Backup Service contains multiple backup modules—one for the Central Management store, one
for the file store, and one for the user store. Each module interacts with the Backup Service to send
data to the peer in a secondary site.
Configuring and monitoring the Backup Service

You can use the following Skype for Business Server Management Shell commands to configure and
monitor the Backup Service. To see the Backup Service configuration, type the following command:
Get–CsBackupServiceConfiguration
To set the Backup Service synchronization interval, type the following command:
Set-CsBackupServiceConfiguration –SyncInterval interval
For example, the following command sets the interval to one minute:
Set-CsBackupServiceConfiguration –SyncInterval 00:01:00
Note: Although you can use this cmdlet to change the default synchronization interval for
the Backup Service, you should not do so unless it is absolutely necessary. This is because the
synchronization interval greatly affects Backup Service performance and the RPO.
To get the Backup Service status for a particular pool, type the following command:
Get-CsBackupServiceStatus -PoolFqdn PoolFQDN

Note: The Backup Service synchronization status is defined as unidirectional from a pool
(P1) to its backup pool (P2). The synchronization status from P1 to P2 can be different from P2 to
P1. For P1 to P2, the Backup Service is in a steady state if all the changes made in P1 completely
replicate to P2 within the synchronization interval. It is in the final state if there are no more
changes to synchronize from P1 to P2. It is important to note that this information is point-in-
time and is only valid at the moment the cmdlet is run. This does not imply that the state
returned will stay as it is. The only way P1 will remain in its current state is if no changes are
made after you run the cmdlet. This is true in the case of failing P1 over to P2 after P1 is
placed in read-only mode as part of the Invoke-CsPoolfailover execution logic.
To get information about the backup relationship for a particular pool, type the following command:
Get-CsPoolBackupRelationship -PoolFQDN PoolFQDN
To force Backup Service synchronization, type the following command:
Invoke-CsBackupServiceSync -PoolFqdn PoolFQDN [-BackupModule

{All|PresenceFocus|DataConf|CMSMaster}]
CMS failover
One Front End pool or Standard Edition server will be designated as the Central Management store for
your organization. The Back End Server that is associated with this Front End pool or Standard Edition
server houses the Central Management store. The Central Management store stores critical configuration
data for Skype for Business Server.
Pairing a server or pool that has the Central Management store will provide additional resiliency. The
Backup Service will replicate the Central Management store database to the secondary pool, creating a
standby Central Management store database.
If you decide to fail over a pool that contains the Central Management store, you must first fail over the
Central Management store before you fail over the Front End pool.
Note: Both RTO and RPO for the Central Management store are five minutes.
User Experience
While planning for Skype for Business Server
disaster recovery, you should be aware of the
impact that a failover and subsequent failback has
on users.
When a Front End pool fails, all users who are

registered on that pool are signed out. After a
period of time that the Registrar resiliency timer
manages, the client will sign in to the backup
Registrar. Until you manually invoke a failover,
users who are signed in to the backup Registrar
will be in a limited Resiliency mode. Resiliency
mode indicates a loss of access to user services,
including contact lists. The Skype for Business client displays a warning to the user about the
limited functionality.
After you invoke a failover, users will be able to re-establish calls, meetings that they organized, and
conversations that they were a part of prior to the pool failure. Meetings that users organized on any
Front End pool that did not fail will be active during the failover.
The failover process does not migrate a user from one pool to another pool. The backup pool simply
provides a temporary service for users on the failed pool. You need to initiate a failback manually after
the failed pool comes back online for the users to be able to sign in to their home pool.
The failback process can take significantly longer than the failover process. A failed pool with 20,000 users
will probably take up to an hour to process a failback request. Affected users who are signed in to a
backup pool can still interact with users on functional pools. However, because it takes time to fail back,
user experiences will vary during the failback process.
For additional information on the user experience during failover and failback operations, refer to the
following website:
User experience during pool failure in Skype for Business Server 2015
http://aka.ms/lwdkjc
Stretched Persistent Chat Server Pools
Stretched pool topologies

You can stretch Persistent Chat Server pools across
two geographically separated datacenters for
disaster recovery. Persistent Chat Servers also
support database mirroring and AlwaysOn
Availability Groups for associated Back End
Servers. A Persistent Chat Server pool supports
up to eight servers, where four are active and
four are idle.
Persistent Chat Server supports two pool

topologies:
 Two active servers and two passive servers in the first datacenter, and two active and two passive
servers in the second datacenter. This strategy requires high bandwidth and low latency on the wide
area network (WAN) connection between the two datacenters.
 Four active servers in the first datacenter and four passive servers in the second datacenter. You can
use this strategy when there is low bandwidth and high latency on the WAN between the two
datacenters.
Database requirements
A stretched Persistent Chat Server pool has additional requirements for Persistent Chat Back End Servers.
This is because of the additional complexity that you introduce when you stretch a Persistent Chat pool
between two sites. The following is a list of Persistent Chat store requirements for disaster recovery:
 A dedicated database instance in the same physical datacenter in which the Front End pool, which is
associated with the Persistent Chat Server pool, is located. This database will serve as the SQL Server
mirror for the primary Persistent Chat database. Optionally, designate an additional SQL Server to
serve as the mirroring witness if you want an automated failover to the mirror database.
 A dedicated database instance located in the backup physical datacenter. This database will serve as
the secondary SQL Server log-shipping database for the database in the primary datacenter.
 An additional dedicated database instance in the backup physical datacenter. This database serves as
the SQL Server mirror for the secondary database. Optionally, designate an additional SQL Server to
serve as the mirroring witness. Both of these must be in the same physical datacenter as the
secondary database.
 If Persistent Chat Server compliance is enabled, three additional dedicated database instances are
required. For these instances, use the same distribution requirement as previously outlined for the
Persistent Chat store.
Note: Although it is possible for the compliance database to share the same SQL Server
instance as the Persistent Chat database, we recommend having stand-alone instances for high
availability and disaster recovery.
Data replication
SQL log shipping replicates Persistent Chat data across a WAN between two geographically separated SQL
Server instances. You must create an additional file share for SQL Server log-shipping transaction logs.
You must grant read/write access on the share for SQL Servers in both datacenters. This share is not
defined as part of the Persistent Chat Server's file store in Skype for Business Server Topology Builder. For
more information about SQL log shipping, refer to the following website:
About Log Shipping (SQL Server)

http://aka.ms/h3999p
Note: You will not be able to use your Distributed File System (DFS) shares with a Persistent
Chat Server stretched pool. This is because SQL log shipping does not support them.
Deployment of Persistent Chat Server in a stretched pool

To deploy Persistent Chat Server in a stretched pool, you must perform the following actions:
 Create a Persistent Chat Server pool in Skype for Business Server Topology Builder, and designate
specific Persistent Chat Servers as active or passive.
 Configure SQL log shipping between the primary SQL Server instance and the secondary SQL Server
instance—or primary mirror and secondary database if you use SQL Server mirroring.
For more information about setting up log shipping for the primary SQL Server database and setting up
log shipping between the primary mirror and the log shipping secondary database, refer to the following
website:
Configure high availability and disaster recovery for Persistent Chat Server in Skype for
http://aka.ms/xsf79f

Question
Which of the following statements are true about Front End pool pairing?
Enterprise pools can pair with Enterprise pools.
Enterprise pools cannot pair with Standard Edition servers.
Pool pairing is always a 1:1 relationship.
Standard Edition servers cannot be paired.
Branch site users will register on the backup pool if the central site pool fails.
Question: You have deployed a Persistent Chat Server pool for A. Datum Corporation. Your task
is to configure disaster recovery for Persistent Chat by using a new disaster recovery site. You
have already enabled compliance and deployed database mirroring at the current site. How
many additional dedicated database instances are required?
Lesson 2
Implementing Disaster Recovery in
Disaster recovery is often part of an organization’s far-reaching business continuity plan (BCP). A BCP sets
the requirements for the disaster-recovery solution for Skype for Business Server 2015 servers. In this
lesson, you will learn how to implement a disaster-recovery solution and manage the disaster recovery
process.
Lesson Objectives
 Explain how a BCP can affect a Skype for Business Server implementation.
 Explain how to implement Front End pool pairing.

 Explain how to implement GeoDNS for Skype for Business Server web traffic.
 Explain how to manage a paired pool failover with or without a Central Management store failover.
Business Continuity Planning

Deploying a high-availability solution for Skype
for Business Server with a disaster-recovery
solution is a great way to protect your Skype for
Business deployment. The high-availability
solution will help protect against server failures.
The disaster-recovery solution will help protect
against an entire site outage and data loss. From a
big-picture perspective, an organization might
want to consider the interdependencies of the
information technology infrastructure as a whole.
When you look at communications as a whole in
terms of business continuity, the questions shift
from “Will Skype for Business Server continue to run if a server fails or if a site goes down?” to “Will the
organization still be able to conduct business if Skype for Business Server is not available?”
To address an organization’s business continuity requirements, Skype for Business Server needs to deploy
a disaster-recovery solution such as the ones covered in Lesson 1, “Disaster Recovery Options in Skype for
Business Server.” Carefully consider the solution that you choose to implement. It must meet your
organization’s RTO and RPO requirements. An organization’s BCP typically defines these. In the
government agencies of the United States, it might also be referred to as a Continuity of Operations
(COOP) plan.
As mentioned earlier in this module, Skype for Business Server can support a 15–20 minute RTO and a
five-minute RPO. However, these numbers will vary based on an organization’s size and scope, and how it
has deployed Skype for Business Server.
It is also important to identify what type of disasters you need to protect Skype for Business Server
against. The answer to this question will affect how far apart you need the paired pools to be from one
another. There is no technical limit on how close they can be to each other. However, if you are trying to
protect against an earthquake or a hurricane, they would need to be far enough so that one of the sites
can avoid a natural disaster.
There are limitations on how far paired pools should be from one another. For real-time communications
such as Voice over Internet Protocol (VoIP), the International Telecommunication Union recommends 150
milliseconds (ms) or fewer for latency. Available bandwidth and network reliability are additional factors
that you need to consider.
If you are upgrading from a previous version of Skype for Business Server, such as Microsoft Lync Server
2010, you might have deployed a disaster-recovery solution that is no longer supported; for example,
Lync Server 2010 supported a metropolitan stretched Front End pool. Because of the changes in Lync
Server 2013 and Skype for Business Server 2015, this is no longer supported. Therefore, in Skype for
Business Server 2015, you have to implement paired pools between two separate sites with GeoDNS load
balancing for your Skype for Business deployment.
The United States government has some resources to help businesses document a BCP. You can access
those resources from the following website:
FEMA: Business Continuity Plan

http://aka.ms/n78gnv
Implement Front End Pool Pairing

To implement Front End pool pairing, you must
first change the pool settings in Topology Builder.
You must make this change on only one of the
two pools that you are pairing. However, it does
not matter which pool that is. After you make the
change, you publish the topology.
Update and publish the topology

To update and publish a disaster recovery
topology, perform the following steps:
1. In Skype for Business Server 2015 Topology

Builder, right-click one of the two pools, and
then click Edit Properties.
2. Click Resiliency in the navigation pane, and then select Associated Backup Pool in the Resiliency
pane.
3. In the box below Associated Backup Pool, select the other pool.
4. Select Automatic failover and failback for Voice if you have Enterprise Voice deployed. Otherwise,
you can leave this cleared, and then click OK.
5. Right-click one of the two pools, click Topology, click Publish, and then click Next.
After you publish the changes and replicate the Central Management store, you have to install the Backup
Service on each of the Front End pool member servers. Although you can do this by using the Skype for
Business Server Deployment Wizard, it is easier to run bootstrapper. After the Backup Service installs on all
the appropriate Front End Servers, you can use the Skype for Business Server Management Shell to start
the synchronization and verify the state of the Backup Service.
Install and verify the Backup Service

1. On every Front End Server in both pools, run the following to install and configure the Backup
Service:
SystemDrive\Program Files\Microsoft Skype for Business Server

2015\Deployment\Bootstrapper.exe
2. At the Skype for Business Server Management Shell command prompt, run the following command:
Start-CsWindowsService -Name LYNCBACKUP
3. Synchronize the data between the two pools by running the following command against each pool:
Invoke-CsBackupServiceSync -PoolFqdn PoolFQDN
4. Confirm if synchronization is occurring in both directions and that the Backup Service states are
healthy by running the following command against each pool:
Get-CsBackupServiceStatus -PoolFqdn PoolFQDN
Implement GeoDNS for Web Traffic

GeoDNS provides Skype for Business Server with a
way to redirect web traffic to an appropriate pool
based on one of the following two factors:
 Where on the network the client is

connecting from; for example, London versus
New York. GeoDNS will allow clients to use a
single URL for web services, such as
meet.adatum.com, throughout the enterprise
and still resolve to a specific home pool.
 The availability of a user’s home Front End

pool. If a user’s home pool fails, GeoDNS can
automatically provide name resolution to web
services on the backup pool without any administrative intervention.
The first step to implement GeoDNS is to document the Autodiscover and simple URL settings for your
organization. The next step is to create GeoDNS host (A) resource records that will resolve to the IP
address of the GeoDNS service. You can also configure GeoDNS service settings to perform a round robin
or a primary then secondary distribution method. The final step is to configure alias canonical name
(CNAME) resource records that resolve to corresponding GeoDNS records.
The following table provides a sample GeoDNS configuration based on the lab environment for this class.
GeoDNS
Alias (CNAME) settings
GeoDNS record Pool records
resource records
(pick one)
meet- lon- meet.adatum.com  Round robin

int.geolb.adatum.com webint.adatum.com Meet-int.geolb.adatum.com Primary 
secondary
ny-
webint.adatum.com
GeoDNS
Alias (CNAME) settings
GeoDNS record Pool records
resource records
(pick one)
meet- lon- meet.adatum.com  Round robin

ext.geolb.adatum.com pool.adatum.com Meet-ext.geolb.adatum.com Primary 
secondary
ny-
pool.adatum.com
dialin- lon- dialin.adatum.com  Round robin

int.geolb.adatum.com webint.adatum.com dialin-int.geolb.adatum.com Primary 
secondary
ny-
webint.adatum.com
dialin- lon- dialin.adatum.com  Round robin

ext.geolb.adatum.com pool.adatum.com dialin-ext.geolb.adatum.com Primary 
secondary
ny-
pool.adatum.com
lyncdiscover- lon- lyncdiscoverinternal.adatum.com Round robin

int.geolb.adatum.com webint.adatum.com  Lyncdiscover- Primary 
int.geolb.adatum.com secondary
ny-
webint.adatum.com
lyncdiscover- lon- lyncdiscover.adatum.com Round robin

ext.geolb.adatum.com pool.adatum.com  Lyncdiscover- Primary 
ext.geolb.adatum.com secondary
ny-
pool.adatum.com
scheduler- lon- scheduler.adatum.com Round robin

int.geolb.adatum.com webint.adatum.com  scheduler-
int.geolb.adatum.com
ny- Primary 
webint.adatum.com secondary
scheduler- lon- scheduler.adatum.com Round robin

ext.geolb.adatum.com pool.adatum.com  scheduler- Primary 
ext.geolb.adatum.com secondary
ny-
pool.adatum.com
Microsoft Azure has a GeoDNS feature called Traffic Manager that you can use for an on-premises Skype
for Business Server deployment. For more information about Traffic Manager, refer to the following
website:
Traffic Manager
http://aka.ms/j5h413
Demonstration: Implementing Pool Pairing

In this demonstration, you will learn how to establish pool pairing between two Front End pools.
Demonstration Steps
Move Sales users to NYC Front End pool

1. On LON-SFB1, click the Skype for Business Server Management Shell icon on the taskbar.
2. To move the Sales users, type the following command, and then press Enter:
Get-CsUser -OU "ou=Sales,dc=Adatum,dc=com" | Move-CsUser -Target "ny-pool.adatum.com"
3. Type A and press Enter.
4. Close the Skype for Business Server Management Shell window.
Define the paired pool in Topology Builder and publish the topology
2. In Skype for Business Server 2015 Topology Builder, download and save the topology as PoolPairing.
3. In Skype for Business Server 2015 Topology Builder, enable pool pairing between pool.adatum.com
and ny-pool.adatum.com.
4. In the pool.adatum.com Edit Properties dialog box, click Resiliency in the navigation pane, and
then select Associated Backup Pool.
5. Under the Resiliency section, in the box below Associated Backup Pool, select
ny-pool.adatum.com. Select Automatic failover and failback for Voice, and then
click OK.
6. In Skype for Business Server 2015 Topology Builder, right-click pool.adatum.com, click Topology,
and then click Publish.
7. On the Publish Topology page, click Next.
8. On the Select databases page, verify that NYC-SQL3.adatum.com\Default is selected, and then
click Next.
10. Close Skype for Business Server 2015 Topology Builder.
Update the Front End Servers in both pools

2. At the Windows PowerShell command prompt, run the following commands to install and configure
the Backup Service:
CD “C:\Program Files\Skype for Business Server 2015\Deployment”

.\Bootstrapper.exe
3. On LON-SFB2, open the Skype for Business Server Management Shell and repeat step 2.
4. On NYC-SFB3, open the Skype for Business Server Management Shell and repeat step 2.
5. Close the Skype for Business Server Management Shell.
Verify Backup Service synchronization

1. On NYC-SFB3, open the Skype for Business Server Management Shell. In the Skype for Business Server
Management Shell, force data synchronization of both pools by using the following commands:
Invoke-CsBackupServiceSync -PoolFqdn pool.adatum.com
When prompted, type Y, and then press Enter:
Invoke-CsBackupServiceSync -PoolFqdn ny-pool.adatum.com
When prompted, type Y, and then press Enter.
2. In the Skype for Business Server Management Shell, verify that synchronization is occurring in both
directions by running the following commands:
Get-CsBackupServiceStatus -PoolFqdn pool.adatum.com

Get-CsBackupServiceStatus -PoolFqdn ny-pool.adatum.com
Question: What is the OverallExportStatus on each pool?

_________
Question: What is the OverallImportStatus on each pool?
__________
Managing Disaster Recovery Scenarios
Managing disaster recovery

Disaster recovery procedures, both failover and
failback, are manual. If a disaster occurs, you must
manually invoke the failover procedures. The
same applies to failback after the pool is repaired.
Disaster recovery scenarios require you to perform
specific procedures.
Front End pool failover

The high-level steps to invoke a pool failover
process manually are as follows:
1. Ensure that you have a backup of the Central Management store by running the following commands
in the Skype for Business Server Management Shell:
Export-CsConfiguration –FileName c:\CsConfigurationFile.zip -Verbose

Export-CsLisConfiguration –FileName c:\CsLisConfigurationFile.zip –Verbose
2. If the Central Management store is not available, use the –LocalStore option as shown in the
examples below:
Export-CsConfiguration –FileName c:\CsConfigurationFile.zip –LocalStore -Verbose

Export-CsLisConfiguration –FileName c:\CsLisConfigurationFile.zip –LocalStore –
Verbose
3. Locate the Central Management Server. If the pool that failed is the Central Management Server, it
must fail over first. To identify the Central Management Server, and then, if necessary, fail over the
server, run the following command:
Get-CsConfigurationStoreLocation
Invoke-CsManagementServerFailover -WhatIf
Invoke-CsManagementServerFailover
4. When you fail over the Central Management Server, first determine if the pool that hosted the
Central Management Server was using database mirroring, and determine which Back End Server
is the principal. You can do this by running the following command:
Get-CsDatabaseMirrorState -DatabaseType CMS -PoolFqdn Backup_Pool Fqdn
5. Initiate failover of the Central Management store by running the following command:
Invoke-CsManagementServerFailover
6. Install the Central Management store on the backup pool.
7. Fail over the users from the failed pool to its backup pool by running the following command:
Invoke-CsPoolFailOver -PoolFqdn PoolFQDN -DisasterMode
8. If applicable, change the Edge Server association to use the new next hop pool:
o If the Edge Server pool is in the same site as the failed pool, use Topology Builder to make the
Edge Server association change.
o If the Edge Server pool is in a different site than the failed pool, use the following cmdlet:
Set-CsEdgeServer -Identity EdgeServer:EdgeServerFQDN -Registrar

Registrar:NextHopPoolFQDN
Front End pool failback

After the pool that experienced the disaster is online, you can perform a failback by running the following
command:
Invoke-CsPoolFailback
Edge pool failover and failback

When the pool that services federation fails, you must change the federation route. For Skype for Business
federation, you must perform this in Topology Builder. For Extensible Messaging and Presence Protocol
(XMPP) federation, you must perform this by using the following cmdlet:
Set-CsSite Site2 -XmppExternalFederationRoute EdgeServer2.contoso.com

Restoring conference content

You can use the data synchronized between paired pools to recover lost data without having to fail over
an entire pool. For example, if a Front End pool, which is a member of a pool pair, loses conferencing
data, you can recover the missing conferencing data from the backup pool. You can perform the
following steps to recover lost data:
1. You can initiate a Backup Service synchronization by running the following command:
Invoke-CsBackupServiceSync -PoolFqdn Pool2FQDN -BackupModule ConfServices.DataConf
2. You can check the status of the restoration process by running the following command:
Get-CsBackupServiceStatus -PoolFqdn Pool2 FQDN -BackupModule ConfServices.DataConf

Question
Which of the following statements are true about the BCP of an organization that implements Skype
for Business?
Requires a disaster-recovery solution
Identifies what type of disasters Skype for Business Server needs protection against
Requires a GeoDNS load-balancing service
Defines Skype for Business Server’s RTOs
Defines the organization’s RPOs
Sequencing Activity
The following are the steps for implementing GeoDNS. Arrange them in the correct order by numbering
each step.
Steps
Document the Autodiscover and Simple URL setting.
Create the GeoDNS host (A) resource records that will resolve to the IP address of the
GeoDNS service.
Configure the distribution method on the GeoDNS service.
Configure alias (CNAME) resource records that resolve to the corresponding GeoDNS
records.
Lesson 3
Additional Disaster Recovery Options in
The pool pairing feature does not comprehensively cover all the disaster recovery scenarios that you
might face with your Skype for Business Server 2015 servers. In addition to pool pairing, you might have
to back up databases and export key configurations. In this lesson, you will learn how to perform disaster
recovery backup and export procedures. You will also learn about additional recovery procedures.
Lesson Objectives
 Explain how to back up and restore databases.
 Explain how to export and import a Central Management store configuration.

 Explain how to export and import an LIS configuration.
 Explain how to export and import user data.
Backing Up and Restoring Databases

Microsoft provides the ability to back up or
restore SQL Server databases by using SQL Server
Management Studio. You can also use non-
Microsoft backup solutions. Skype for Business
(Server) Standard Edition servers do not come
with SQL Server Management Studio. However, if
you have the tool deployed on your network, you
can use it to back up Standard Edition Skype for
Business Server databases.
You should back up the following Skype for

Business Server Back End SQL Server databases for
disaster recovery purposes:
 Xds. This file maintains the configuration of the current Skype for Business Server topology as defined
and published by Topology Builder.
 Lis. This file contains LIS data.
 Rtcab. This file contains address book service data.
 Rtcxds. This file contains persistent user data such as access control lists (ACLs), contacts, and
scheduled conferences.
 Rgsconfig. This file contains Skype for Business Server Response Group service data.
 Rgsdyn. This file maintains Presence runtime data for the Response Group service.
 Cpsdyn. This file contains dynamic data for the Call Park service application.
 Lcslog. This file contains archived instant messaging and conference data.
 LcsCdr. This file contains data that is related to the call detail recording (CDR) process of the
monitoring service.
 QoEMetrics. This file contains Quality of Experience (QoE) data from the Monitoring service.
 Mgc. This file contains Persistent Chat data, which is the actual chat content that is posted in chat
rooms.
Backing up Rgsconfig
Response Group is an Enterprise Voice call management feature. Pairing pools do not protect the
Rgsconfig database. You should back up the Rgsconfig database as part of your operational procedures
and your change management processes. In this way, you can incrementally restore configurations. This is
especially helpful if a recent change to the Response Group configuration creates an outage. Skype for
Business Server includes a number of Response Group–specific Windows PowerShell commands.
To back up Response Group configurations for a pool, run the following command:
Export-CsRgsConfiguration –Source "service:ApplicationServer:pool FQDN" -FileName

Path\FileName
For example, you type the following command to back up Response Group configurations to an
RgsConfig.zip file:
Export-CsRgsConfiguration –Source ApplicationServer:pool.adatum.com –FileName

C:\RgsConfig.zip
Restoring Rgsconfig
To restore Response Group configurations for a pool, run the following command:
Import-CsRgsConfiguration -Destination "service:ApplicationServer:pool FQDN" –

OverwriteOwner -FileName Path\FileName
For example, you type the following command to restore Response Group configurations from the
RgsConfig.zip file:
Import-CsRgsConfiguration -Destination "service:ApplicationServer:pool.adatum.com" –

OverwriteOwner -FileName "C:\RgsConfig.zip"
Backing up Call Park service music files

Customized music on hold (MOH) for Call Park service files are stored at the file system–level of a Skype
for Business Front End Server or Front End pool that is configured in the topology as an application server.
Because administrators can define different storage locations, you can run the following command in the
Skype for Business Server Management Shell to locate these files:
Get-CsService –ApplicationServer
This command will return all application servers in the topology. You can select the appropriate
AppServerserviceID (for example, NewYork-ApplicationServer-1) and then use it in the following
command to retrieve the Universal Naming Convention (UNC) path of the application server:
(Get-CsService ((Get-CsService –ApplicationServer| ?{$_.ServiceId –eq “NewYork-

ApplicationServer-1”}).FileStore)).UncPath
This command returns the UNC path, \\nyc-sql3\mcs, of the application server, NewYork-
ApplicationServer-1. This is where the MOH file, \\nyc-sql3\mcs\NewYork-ApplicationServer-1
\AppServerFiles\CPS\CpsMoH.wma, is stored. Because this is a simple file, you can back up the file by
using any backup method.
Restoring Call Park service music files

The most important information that is required to restore MOH Call Park service files is the original
location. The recovery process is simple. You copy the files from the backup location and paste them into
the original location.
Backing up additional SQL Server files

In addition to Skype for Business Server database files, Skype for Business depends on a number of critical
SQL Server databases. Therefore, you must back up these databases regularly to avoid any data loss.
The following are SQL Server system databases that you must back up:
 Master
 Model
 msdb
If you have enabled the Monitoring service, then you must also back up the SQL Server Reporting Services
files. These files include:
 ReportServer
 ReportServerTempDB
Exporting and Importing the Central Management Store

Exporting a Skype for Business Server
configuration is a best practice for a number of
reasons. The most important reason to export a
configuration manually is disaster recovery.
However, any time a change to an organization’s
configuration is required, you must back up the
Skype for Business Server configuration by
exporting the configuration.
Another reason to export the configuration is to

back up the settings for the call admission control
feature. Although you can recover the Xds
database from a backup, it might be from further
back than you wish to go. If you export the configuration before you make any change, you can always
import the configuration without having to restore a database from a backup.
To export the configuration to a file, use the following Skype for Business Server Management Shell
command:
Export-CsConfiguration –FileName CMSBackupFileName
Importing the Skype for Business Server configuration

You can restore the Central Management store data to a new RTCLocal database by using the Skype for
Business Server Management Shell or the Skype for Business Server Deployment Wizard.
Using the Skype for Business Server Management Shell

To import a Skype for Business Server configuration, type the following command in the Skype for
Business Server Management Shell, and then press Enter:
Import-CsConfiguration –FileName CMSBackupFileName -LocalStore

Using the Skype for Business Server Deployment Wizard

To import a Skype for Business Server configuration by using the Skype for Business Server Deployment
Wizard, perform the following steps:
1. Install or update the Skype for Business Server system.
2. Install the local configuration store.
3. Select the local file, and then select the exported .zip file.
Exporting and Importing an LIS Configuration
Exporting the LIS configuration

The Skype for Business Server LIS responds to
client queries for civic addresses that map to their
current network location. The Lis database stores
this information. LIS is essential to the Enhanced
9-1-1 (E9-1-1) feature that is available for Skype
for Business Server organizations with Enterprise
Voice deployments. Information that LIS provides
helps route emergency service providers to the
physical location from where an emergency call
originates. Therefore, making sure that LIS and its
associated database are recoverable in a disaster scenario is essential.
While SQL backups take care of preserving data, you must use the following Skype for Business Server
Management Shell command to export an LIS configuration:
Export-CsLisConfiguration –FileName LisBackupFileName
Importing the LIS configuration

You can restore an LIS configuration by using the Skype for Business Server Management Shell. If a
configuration change adversely affects LIS, you can restore the configuration to a working state by using
the following command:
Import-CsLisConfiguration –FileName LisBackupFileName
In addition to recovering a configuration, you must republish or import the settings to ensure that the
restoration takes effect. To republish, run the following command in the Skype for Business Server
Management Shell:
Publish-CsLisConfiguration
Exporting and Importing User Data

When a Skype for Business user accidentally
deletes a contact. It is not very practical to
perform a restore of a SQL database to recover
the missing contact. This kind of scenario is
common in a Skype for Business organization. It is
possible to use the export cmdlet for Skype for
Business Server 2015 to proactively backup user
data. Then the data can be imported granularly
without having to perform a full recovery of a
database.
Exporting user data

User data includes user contacts, groups, and
access levels that users set. Previous versions of Skype for Business Server, such as Microsoft Office
Communications Server and Lync Server 2010, used the DbImpExp.exe command to back up and restore
user data. This executable file was removed from Lync Server 2013 and is still not available in Skype for
Business Server 2015.
In Skype for Business Server 2015, you can use the following Windows PowerShell cmdlet to export user
data:
Export-CsUserData -PoolFqdn PoolFQDN -FileName Path\FileName
In the following example, all user data on a pool exports to a .zip file:
Export-CsUserData -PoolFqdn "NewYork-cs-003.adatum.com" –FileName

“C:\Logs\NYCUserData.zip"
Importing user data

If you remove a user from your Skype for Business Server 2015 servers, you will lose the user’s individual
contacts, groups, and access settings. You can recover such user data by using the following command,
assuming that you performed an export prior to the data loss:
Import-CsUserData -PoolFqdn PoolFQDN -FileName Path\FileName -UserFilter

"UserName@SipDomain"
In the following example, all users in a pool have the data restored:
Import-CsUserData -PoolFqdn "NewYork-cs-001.adatum.com" –FileName

"C:\Logs\NYCUserData.zip"

Question
Which of the following Skype for Business Server databases stores persistent user data?
Xds
Lis
Rtcxds
Lcslog
UserDyn
Question: A. Datum user Amr Zaki was accidentally deleted from Active Directory Domain
Services (AD DS). AD DS administrators have created a new user account for Amr. You have
enabled the new user account as a Skype for Business user. However, when Amr signed in to
Skype for Business, he could not see any of his contacts. How should you resolve this issue?
Lab: Implementing and Performing Disaster Recovery

Scenario
Now that it has implemented Skype for Business throughout the organization, A. Datum has determined
that it cannot afford significant downtime if servers in one site become unavailable. Therefore, A. Datum
has decided to implement pool pairing between the London and New York sites to support its disaster
recovery goals.
Objectives
 Configure pool pairing between the London and New York pools.
 Perform pool failover during a disaster and failback after recovery.
Lab Setup
Virtual machines: 20334B-LON-DC1, 20334B-LON-RTR, 20334B-LON-CL1, 20334B-LON-CL2,

20334B-LON-SQL1, 20334B-LON-SFB1, 20334B-LON-SFB2, 20334B-NYC-SQL3, 20334B-NYC-SFB3
Password: Pa$$w0rd
This lab depends on the completion of the “Implementing High Availability” lab in Module 10.
To prepare for this lab, perform the following steps:
1. If the virtual machines are not running already, please start them in the specified order to prevent
service time-out errors:
o 20444A-LON-DC1
o 20334B-LON-RTR
o 20334B-LON-SQL1
o 20334B-NYC-SQL3
o 20334B-LON-SFB1
o 20334B-LON-SFB2
o 20334B-NYC-SFB3
o 20334B-LON-CL1
o 20334B-LON-CL2
2. Sign in to the server virtual machines by using the following credentials:
o Domain: Adatum
3. For LON-CL1 and LON-CL2, do not sign in until directed to do so.
Exercise 1: Configuring Pool Pairing

Scenario
A. Datum management decided to implement the proposed disaster-recovery solution for the Skype for
Business Server Front End pools. Your task is to configure pool pairing between the New York and London
Front End pools.
1. Define paired pools in Topology Builder and publish the topology.
2. Update Front End Servers in both pools.

3. Verify Backup Service synchronization.
 Task 1: Define paired pools in Topology Builder and publish the topology
2. In Skype for Business Server 2015 Topology Builder, download and save the topology as PoolPairing.
3. In Skype for Business Server 2015 Topology Builder, enable pool pairing between pool.adatum.com
and ny-pool.adatum.com.
4. In the pool.adatum.com Edit Properties dialog box, click Resiliency in the navigation pane, and
then select Associated Backup Pool.
click OK.
7. On the Publish the Topology page, click Next.
click Next.

 Task 2: Update Front End Servers in both pools

the Backup Service:

.\Bootstrapper.exe
3. On LON-SFB2, open the Skype for Business Server Management Shell and repeat step 2.
4. On NYC-SFB3, open the Skype for Business Server Management Shell and repeat step 2.
5. Close Skype for Business Server Management Shell.
 Task 3: Verify Backup Service synchronization

2. To move the Sales users, at the Windows PowerShell command prompt, type the following command,
and then press Enter:
Synchronize data between paired pools

1. On NYC-SFB3, click Start, type Skype, and then select Skype for Business Server Management
Shell. In the Skype for Business Server Management Shell, force data synchronization of both pools
by using the following commands:

Question: What is the OverallExportStatus on each pool?
__________
Question: What is the OverallImportStatus on each pool?
__________
Results: After completing this exercise, you will have enabled pool pairing and installed the Backup
Service on pool.adatum.com and ny-pool.adatum.com. Finally, you will have confirmed the Backup
Service synchronization.
Exercise 2: Perform Pool Failover and Failback

Scenario
It has been a few days since A. Datum deployed pool pairing. A. Datum’s BCP requires evaluation of
disaster recovery procedures at the end of every quarter. Because this is the last week of the first quarter,
you must validate the disaster recovery procedures. To do this, you will simulate a pool failure.
1. Sign in to London and New York clients.
2. Simulate NYC-SFB3 server failure.
3. Initiate the pool failover.
4. Confirm capabilities.
5. Recover the failed pool and initiate failback.
6. Prepare for the next lab.
 Task 1: Sign in to London and New York clients

1. On LON-CL1, sign in as ed@adatum.com with the password Pa$$w0rd.
2. Open Skype for Business 2016. Add the aaren@adatum.com contact to Ed’s favorites.
4. Open the Network and Sharing Center, and then click Change adapter settings.
5. In Network Connections, right-click LON_Network, and then click Disable.
6. In Network Connections, right-click NYC_Network, and then click Enable.
7. Close the Network and Sharing Center.
8. Open Skype for Business. Confirm that Aaren Ekelund automatically signs in to the Skype for Business
client.
9. In the Skype for Business client, add the ed@adatum.com contact to Aaren’s favorites.
10. Leave the Skype for Business client open.
 Task 2: Simulate NYC-SFB3 server failure

1. Shut down NYC-SFB3.
2. On LON-CL2, verify the state of the Skype for Business client, and then answer the following question:
Is Aaren still signed in?
Is Ed still signed in?
4. On LON-CL2, wait for five minutes, and then confirm that Aaren is able to sign in to the backup
Registrar automatically.
5. Confirm that Aaren’s client is now in Resiliency mode by observing the limited functionality error in
the client, and then answer the following question:
Is the Ed Meadows contact still available?

 Task 3: Initiate the pool failover

1. On LON-SFB1, open the Skype for Business Server Management Shell. At the Windows PowerShell
command prompt, run the following command to ensure that you have a Central Management store
backup:
2. At the Windows PowerShell command prompt, run the following command to locate the Central
Management Server:
3. At the Windows PowerShell command prompt, run the following command to identity if the failed
pool was using database mirroring, and which Back End Server is the principal:
Get-CsDatabaseMirrorState -DatabaseType CentralMgmt -PoolFqdn ny-pool.adatum.com
4. At the Windows PowerShell command prompt, run the following command to fail over the users
from ny-pool.adatum.com (New York) to pool.adatum.com (London):
Invoke-CsPoolFailover –PoolFqdn “ny-pool.adatum.com” –DisasterMode
5. In the Windows PowerShell window, when prompted, type Y, and then press Enter.
 Task 4: Confirm capabilities

 On LON-CL2, verify the state of the Skype for Business client, and then answer the following
questions:
o Is Aaren still in Resiliency mode?
o Is the Ed Meadows contact available?
 Task 5: Recover the failed pool and initiate failback

1. On the host machine, open Microsoft Hyper-V Manager.
2. In Hyper-V Manager, right-click 20334B-NYC-SFB3, and then click Start. Right-click

20334B-NYC-SFB3, and then click Connect. Wait for the virtual machine to start. Sign
in as Adatum\Administrator with the password Pa$$w0rd.
Note: Verify that all Skype for Business Server services set to Automatic (Delayed start) on
NYC-SFB3 are running before continuing.
4. At the Windows PowerShell command prompt, run the following command to get the Backup Service
status for ny-pool.adatum.com:
Get-CsBackupServiceStatus –PoolFqdn “ny-pool.adatum.com”
5. Confirm that OverallExportStatus is in a SteadyState or FinalState and that OverallImportStatus

is in a NormalState.
6. At the Windows PowerShell command prompt, run the following command to start the failback
process:
Invoke-CsPoolFailBack –PoolFqdn “ny-pool.adatum.com”
7. When prompted, type Y, and then press Enter.
8. On LON-CL2, view the configuration information for the Skype for Business 2016 client. In the Skype
for Business Configuration Information window, confirm that NY-Pool.adatum.com is the server
running Skype for Business Server
Is Ed still signed in?

When you finish the lab, revert all the virtual machines to the starting image state by performing the
following steps:
2. In Hyper-V Manager, click 20334B-LON-DC1, and then in the Checkpoints pane, click the
StartingImage checkpoint.
3. In the Actions pane, click Apply. When the Apply Checkpoint dialog box appears, click Apply.
o 20334B-LON-RTR
o 20334B-LON-CL1
o 20334B-LON-CL2
o 20334B-LON-SQL1
o 20334B-LON-SFB1
o 20334B-LON-SFB2
o 20334B-NYC-SQL3
o 20334B-NYC-SFB3
Results: After completing this exercise, you will have simulated the New York pool outage and initiated
pool failover from ny-pool.adatum.com to pool.adatum.com. You will also have validated the user
experience during the failover and failback process.
Question: Based on your experience in the lab, what recommendation would you make to
A. Datum to improve the failover and failback process in the future?
Question: The Invoke-CsPoolFailover cmdlet has a –DisasterMode parameter. Identify a

scenario where you would not want to use this parameter.

Best Practices
 Use the organization’s BCP as the fundamental guide for your Skype for Business disaster-recovery
solution.
 Although there is no limit on the distance between paired pools, we recommend that you keep them
in the same geographical area.
 When there is a low-bandwidth and high-latency WAN connection between Persistent Chat Server
stretched pools, place all the active servers in the same site.
 Use a GeoDNS solution to reduce the administrative effort involved with failing over web traffic
during a pool failure.
Review Question
Question: Describe a few scenarios where it would be inappropriate to pair two Standard Edition
servers for disaster recovery.

With the popularity of virtualization technology, it is likely that your organization will have some or even
all your Skype for Business infrastructure on virtual machines. Microsoft fully supports virtualizing all the
Skype for Business Server roles. From a disaster recovery perspective, you can pair virtualized pools only
with other virtualized pools. Skype for Business Server Topology Builder will not warn you about
combining platforms (physical with virtual), which is not supported, yet it is likely that you might
combine platforms in your production environment.
Tools
 Traffic Manager. You can use Traffic Manager for GeoDNS load balancing.
Traffic Manager
http://aka.ms/dji7a9
 Lync Server 2013 Planning Tool. You can use the Lync Server 2013 Planning Tool to plan a disaster-
recovery solution for Skype for Business Server 2015.
Microsoft Lync Server 2013, Planning Tool
http://aka.ms/ikzdqb
12-1
Module 12
Integrating with Skype for Business Online
Contents:
Lesson 1: Overview of Skype for Business Online 12-2
Lesson 2: Preparing for a Hybrid Skype for Business Deployment 12-11
Lesson 3: Configuring a Hybrid Skype for Business Environment 12-20
Lab: Designing a Hybrid Skype for Business Deployment 12-27
Module Overview
Skype for Business Online is available as part of Microsoft Office 365. Skype for Business Online provides
much of the same functionality as on-premises Skype for Business 2015, with the benefit that you do not
need to manage the actual Skype for Business Servers. If your organization currently has an on-premises
Skype for Business deployment, you can migrate all of your users to Skype for Business Online, or you can
configure a hybrid deployment where some users are hosted on-premises and some are hosted online.
This module provides an overview of Skype for Business Online, and it then provides details on how to
design and implement a hybrid deployment.
Objectives
 Describe Skype for Business Online features.
 Prepare an on-premises environment for a hybrid Skype for Business deployment.
 Configure a hybrid Skype for Business deployment.

12-2 Integrating with Skype for Business Online
Lesson 1
Overview of Skype for Business Online
Skype for Business Online is one of several online services that are included with the Office 365
platform. Office 365 is a subscription-based service that provides messaging and collaboration tools
for organizations of any size. Office 365 provides several options for purchasing Skype for Business
Online services, including subscriptions that include many other services and stand-alone
Skype for Business Online options. You also have a couple of options to integrate Skype for Business
services with an on-premises environment. This lesson provides an overview of Office 365 and
Skype for Business Online, and it describes options for integrating an on-premises environment with
an online environment.
Lesson Objectives
 Describe Office 365.
 Describe Office 365 and Skype for Business Online subscriptions.
 Describe the options for deploying Skype for Business Online.

 Explain how to configure Skype for Business Online.
 Explain how to manage Skype for Business Online by using the Skype for Business Server
Management Shell.
Overview of Office 365

Office 365 is a subscription-based service that
provides access to several Microsoft applications
and services.
Microsoft Azure Active Directory

Azure Active Directory (Azure AD) is a cloud-
based directory service from Microsoft. Azure AD
provides authentication and authorization for
Office 365 and for other Microsoft cloud
offerings, including Azure and Microsoft Intune.
Authentication through Azure AD can be on
a cloud-only basis through directory
synchronization, with optional password
synchronization, or you can enable user authentication with on-premises user accounts through Active
Directory Federation Services (AD FS) or other single sign-on (SSO) providers.
Microsoft Exchange Online

Exchange Online provides Microsoft Exchange Server email, calendar, and contacts. Additionally, it
provides messaging hygiene and security. Exchange Online and Skype for Business Online together also
provide Unified Messaging and voice mail. You can deploy a mailbox on Exchange Online or connect an
existing Exchange Server organization to Exchange Online with a hybrid deployment.
Skype for Business Online

Skype for Business Online provides users with instant messaging, presence availability, an online meeting
infrastructure, audio and video calling, and screen sharing. Some Office 365 subscriptions also offer
Unified Messaging and Enterprise Voice functionality. You can connect an organization’s existing servers
that are running Microsoft Lync Server 2013, Lync Server 2010, or Skype for Business 2015 to
Skype for Business Online.
Microsoft SharePoint Online

You can use SharePoint Online to create and manage Microsoft SharePoint sites directly from the cloud.
Because you can share documents or keep teams updated by using a common SharePoint team site, you
do not have to set up SharePoint in the organization’s datacenter. You can also provide Microsoft
OneDrive for Business in SharePoint Online. With Office 365 Video, you can provide a portal where
users can upload and view videos from a SharePoint Online website.
Microsoft Office 365 ProPlus

Some Office 365 plans include Office 365 ProPlus, which is a downloadable version of the Microsoft
productivity suite of applications that includes Microsoft Word 2016, Excel 2016, PowerPoint 2016,
Outlook 2016, Access 2016, Publisher 2016, OneNote 2016, InfoPath 2016, and the
Skype for Business 2016 client.
Note: All Office 365 subscriptions provide access to Microsoft Office Online, which provides
online versions of Word, Excel, PowerPoint, and OneNote.
Office 365 ProPlus supports streaming deployment, which enables users to click an application installation
icon and start using the application while the program installs in the background. This deployment
method also enables users to run Office 365 ProPlus alongside earlier versions of Microsoft Office.
Yammer
The Microsoft enterprise social networking tool now integrates more with Office 365, with the option for
SharePoint Online users to replace their activity stream in SharePoint Online with Yammer. To make this
change, users click a Yammer link and then sign in to this service by using a separate browser window.
Sway
With Sway, you can create and share interactive web-based reports, presentations, or other types of online
content by using mobile devices or desktops.
Microsoft Project Online

Project Online is the cloud version of Microsoft Project Server. It enables organizations to implement an
online project management system that is easily accessible by users who are working on an internal
organizational network or at any other location.
Microsoft Project Pro for Office 365

Project Pro for Office 365 provides desktop project management capabilities for small teams and
organizations. You can combine this service with Project Online for organizations that need full project
management capabilities on the desktop and the ability to participate online from virtually anywhere on
almost any device.
Microsoft Visio Pro for Office 365

Visio Pro for Office 365 is a subscription version of the diagramming and flow-charting application. Users
can install it on up to five devices.
Microsoft Dynamics CRM Online

Dynamics CRM Online is the cloud-based version of Microsoft Dynamics CRM customer relationship
management (CRM) software. It enables sales teams to engage more effectively with customers and to
use familiar Office tools for achieving sales targets, marketing, customer care, and social media
interaction.
For detailed information about all of the Office 365 services, refer to the following website.
Office 365 Service Descriptions

http://aka.ms/pznj35
Office 365 and Skype for Business Online Subscriptions

Microsoft provides different Office 365 and
Skype for Business subscriptions for organizations,
depending on their requirements. You also can
purchase Skype for Business Online subscriptions
only.
Office 365 subscriptions

The following table shows Office 365 subscriptions and compares some of the features that are available
with each subscription.
Business Business Enterprise Enterprise Enterprise

Plan options Business ProPlus
Essentials Premium E1 E3 E5
User maximum 300 300 300 Unlimited Unlimited Unlimited Unlimited
Desktop version N Y Y N Y Y Y
of Office
Tablet and mobile N Y Y N Y Y Y

version of Office
Online version of Y Y Y Y Y Y Y
Office
1 terabyte (TB) of Y Y Y Y Y Y Y
file storage per
user (OneDrive for
Business)
Organizational Y N Y Y N Y Y
email, calendar,
and contacts
(Exchange Online)
Unlimited online Y N Y Y N Y Y
meetings
(Skype for Business)
Intranet team site Y N Y Y N Y Y

(SharePoint Online)
Organizational Y N Y Y N Y Y
social network
(Yammer)
Personalized search Y N Y Y N Y Y
and discovery
across Office 365
Voicemail N N N N N Y Y
integration (Unified
Messaging)
Cloud PBX N N N N N N Y
Compliance, N N N N N Y Y
information
protection, and
eDiscovery
Organizational Office 365 subscription options change frequently. You can check the following website to
see the current subscriptions and additional components that each subscription includes:
Compare Office 365 business plans

http://aka.ms/ijir6o
You can purchase additional features that are not part of your base subscription. For example, if you have
an E1 subscription and you would like to add dial-in conferencing or Cloud PBX, you can purchase these
options as add-ins to your subscription.
Skype for Business Online subscriptions

In addition to ordering Skype for Business Online as part of an Office 365 subscription, you also can order
Skype for Business Online as a stand-alone subscription. The following table shows some of the options
that are available with each subscription.
Option Online plan 1 Online plan 2 Skype for Business Server 2015
Presence and Y Y Y
instant messaging
Audio and HD N N N
video calling to
Skype for Business
users
Group HD video N Y Y
calling
Schedule N Y Y
meetings in
Microsoft Outlook
Join meetings N Y Y
from desktops
and web
browsers,
including
anonymously
Desktop and N Y Y
application
sharing and
remote control
Persistent Chat N N Y
Dial-in audio N N Y
conferencing
Enterprise Voice N N Y
For more details on the Skype for Business Online stand-alone plans, refer to the following website.
Skype for Business Compare plans
http://aka.ms/vqcfmt
Implementing Skype for Business Online

Skype for Business Online provides almost all the
features as on-premises Skype for Business, with
the additional benefit of not having to manage
Skype for Business Servers and other
infrastructure. You can implement Skype
for Business Online in the following
modes:
 In online-only mode, you can purchase

Office 365 or Skype for Business Online
subscriptions for all users who need
Skype for Business functionality, and you can
enable Skype for Business Online for all users.
With this option, users will need to sign in to Office 365. This means that they might need different
credentials to sign in to Office 365 and to sign in to the local Active Directory Domain Services
(AD DS) domain.
 In online-only with SSO mode, you configure all users as Skype for Business Online users. You also can
implement directory synchronization and SSO by using a product such as AD FS. When you configure
SSO, users will always authenticate in on-premises AD DS and then use those credentials to access
 In hybrid mode, you can configure some users to use an on-premises Skype for Business deployment
and some to use Skype for Business Online. With Skype for Business, you can use the same Session
Initiation Protocol (SIP) domain or domains for an on-premises Skype for Business deployment and
Note: The last two lessons in this module provide details on how to design and implement
a hybrid Skype for Business deployment.
Configuring Skype for Business Online

If you do not have an on-premises deployment of
Skype for Business but you do have an Office 365
subscription that includes Skype for Business
Online, you can enable Office 365 users as
Skype for Business Online users. To ensure that
users can connect to the Skype for Business
Online environment, you need to configure the
following infrastructure settings.
DNS requirements
To enable client connectivity to Skype for Business Online, you need to configure the following Domain
Name System (DNS) records for your SIP domain:
 Lyncdiscover.domainname, which is an alias (CNAME) resource record that must reference

webdir.online.lync.com.
 Sip.domainname, which is an alias (CNAME) resource record that must reference

sipdir.online.lync.com.
 _sip._tls.domainname, which is a service (SRV) resource record that must reference

sipdir.online.lync.com.
 _sipfederationtls._tcp.domainname, which is a service (SRV) resource record that must reference

sipfed.online.lync.com.
If you have deployed split-brain DNS and you want users who are both inside and outside your network
to access Skype for Business Online, you need to enter these resource records for your internal DNS
servers and the Internet-accessible DNS servers.
Configuring Skype for Business Online

You can configure the following settings for your Skype for Business Online organization:
 Configure whether presence information will display to all users or just to a user’s contacts.
 Configure mobile phone notifications by using Microsoft Push Notification Service, Apple Push
Notification Service, or both.
 Configure whether your users can communicate with other Skype for Business or Microsoft Lync
organizations. You can configure access to all domains except for a block list, or you can disable
access to all domains except for an allow list. You can also allow users to communicate with Skype
users outside of your organization.
 Enable or disable dial-in conferencing. Depending on your subscription type, you might need to set
up an account with an approved audio conferencing provider.
 Configure custom URLs and footer text for meeting invitations.
Configuring Skype for Business Online users

Before users can access Skype for Business Online, you need to assign a license to each user. The license
must be part of a subscription that includes Skype for Business Online. When you enable a user for
Skype for Business Online, configure the following settings:
 Audio and video settings. You can configure whether users can use audio, video, or both, and
whether they can use HD video.
 Enable or disable recording of conversations and meetings.
 Enable or disable dial-out meeting connections for anonymous users.
 Disable non-archived features for compliance.

 Enable users to communicate with external Skype for Business users, external Skype users, or both.
 Assign a dial-in conferencing provider.

Skype for Business Online client support

In a hybrid Skype for Business deployment, Skype for Business Online supports the following clients:
 Skype for Business 2016
 Skype for Business 2015
 Microsoft Lync 2013
 Microsoft Lync 2010
 Windows Store apps
 Skype for Business Web App
 iOS and Android Skype for Business apps
 Microsoft Lync for Mac 2011
 Lync Room System

 Microsoft Lync Basic 2013
Using the Skype for Business Server Management Shell to Manage

You can use the Skype for Business Server
Management Shell to manage a Skype
for Business Online environment. You can
use many of the same commands with
Skype for Business Online as you can
with on-premises Skype for Business, especially
commands that manage user accounts.
To connect to Skype for Business Online by using

the Skype for Business Server Management Shell,
1. Download and install the Skype for Business

Online connector module for the Windows
PowerShell command-line interface. You can download the module from the following website.
Skype for Business Online, Windows PowerShell Module

http://aka.ms/y3sw2z
2. Open the Skype for Business Server Management Shell, and then type the following commands:
a. Import-Module SkypeOnlineConnector. This command adds the Skype for Business Online
connector module to your Windows PowerShell session.
b. $cred = Get-Credential. This command will present an authentication dialog box where you can
enter administrator credentials for Skype for Business Online.
c. $CSSession = New-CsOnlineSession – Credential $cred. This command adds the

New-CsOnlineSession command and the credentials to the $CSSession variable.
d. Import-PSSession $CSSession –AllowClobber. This command imports the remote session to

Skype for Business Online into your local session. The AllowClobber parameter overwrites any
commands with duplicate names with the commands from the online connector.
After running these commands, you can use the Skype for Business Server Management Shell to manage

Question
You configured an Office 365 tenant and created a user account in your tenant. What must you do
next to ensure that the user can sign in to Skype for Business Online?
Configure the DNS resource records for your domain to reference Skype for Business Online.
Configure directory synchronization.
Configure the Skype for Business Online settings for the user account.
Assign a license that includes Skype for Business Online to the user account.
Lesson 2
Preparing for a Hybrid Skype for Business Deployment
One deployment option for Skype for Business Online is to deploy a hybrid solution. In a hybrid solution,
you have users who utilize on-premises Skype for Business and Skype for Business Online. This lesson
describes the prerequisite components that are necessary before you can enable a hybrid
Skype for Business deployment.
Lesson Objectives
 Describe how a hybrid Skype for Business deployment works.
 List and verify the prerequisites for a hybrid Skype for Business deployment.
 Explain how to configure directory synchronization.
 Configure directory synchronization.

 Describe how SSO works.
 Explain how to configure SSO for Office 365.
 Configure SSO.
Overview of a Hybrid Skype for Business Deployment

When you configure a Skype for Business hybrid,
you enable coexistence between your on-
premises deployment of Skype for Business and
Skype for Business Online. The coexistence
includes the following features:
 Directory synchronization. For the two

Skype for Business environments to share the
same SIP domains, both environments need
to be aware of all users and the home Front
End pool for all users. To enable this, you
must configure directory synchronization so
that user information synchronizes from on-
premises AD DS to Azure AD.
 User authentication. Depending on where users are located, they need to authenticate in the on-
premises Skype for Business environment or in the Skype for Business Online environment. To simplify
the user experience, you also can configure SSO to utilize users’ domain credentials when connecting
to the Skype for Business Online environment. Deploying SSO requires you to deploy some type of
federation server in the on-premises environment.
 Skype for Business Edge Server deployment. You must configure a Skype for Business Edge Server
deployment before you enable hybrid mode. All communication that relates to Skype for Business
traverses an Edge Server deployment.
 Federation. A hybrid deployment uses federation to enable communication between the two
Skype for Business environments. You must enable an on-premises Skype for Business environment
to allow federation.
 Client connectivity. In a hybrid deployment, client computers and mobile devices will always
connect first to the on-premises Skype for Business environment, and then they will redirect to
Skype for Business Online if the users are in Skype for Business Online. To enable client connectivity,
all DNS resource records that clients use must point to the on-premises deployment.
Prerequisites for a Hybrid Skype for Business Deployment

To implement a hybrid Skype for Business
deployment, you must complete the following
prerequisite steps:
1. Create a tenant account for Office 365 and

enable Skype for Business Online. The first
step in enabling a hybrid Skype for Business
deployment is to create a tenant account in
Office 365. Ensure that your subscription
provides the Skype for Business features that
you require.
2. Add your on-premises domain to the Office

365 tenant and verify ownership. When you
set up Office 365, the default Skype for Business Online SIP address and Azure AD user principal
name (UPN) suffix will be in this format: mydomain.onmicrosoft.com. You can use this domain name
when you enable users for Skype for Business. However, this might be confusing for users and
external contacts because this is not the normal domain name that internal users utilize. To avoid this,
you can add your on-premises domain to the Office 365 subscription so that you can use the same
domain name when you enable online users and on-premises users. When you add the domain
name, you need to verify that you own the domain by proving that you can modify the DNS resource
records that are associated with the domain. When you add the domain to Office 365, you are
provided with a unique string. You need to add this string as a text (TXT) resource record to your DNS
zone on the Internet DNS servers. Office 365 verifies that you have added the text (TXT) resource
record, which indicates that you own the domain.
Note: If GoDaddy hosts your domain, you can allow the domain setup wizard to create the
text (TXT) resource record for you automatically. To do this, you will need to authenticate at
GoDaddy with an account that has permission to modify the DNS zone. Be aware that if you use
this option, the wizard will configure other settings in addition to the text (TXT) resource record.
The wizard will also configure mail exchanger (MX) resource records for email, and it will
configure the alias (CNAME) and service (SRV) resource records that are required for client
connectivity. All of these records will point to the Office 365 servers, so you need to verify that
you want to use Office 365 for all of these services. In particular, if you are enabling a hybrid
Skype for Business deployment, you will need to modify the Skype for Business alias (CNAME)
and service (SRV) resource records to point to the on-premises environment rather than the
cloud environment.
Note: If you are using a private internal DNS name, such as adatum.local, you will not be
able to use it as your public SIP domain. You will also not be able to register this name in Office
365. If you are using this type of domain, you need to configure all users with a UPN that uses a
public DNS name, such as adatum.com, and configure all users to use this domain name as their
SIP address. You can then add the public DNS name to Office 365.
3. Configure DNS resource records. All Skype for Business clients must connect to the on-premises
Skype for Business Server environment to determine whether a user is in an on-premises pool or in
the cloud. This means that you must configure the following DNS resource records to reference your
on-premises deployment:
o Lyncdiscover.domainname
o _sip._tls.domainname
o _sipfederationtls._tcp.domainname
Note: If you deployed Skype for Business Edge Servers for external connectivity, these DNS
resource records should already be in place.
4. Deploy an Edge Server and enable federation. You must implement external access to your on-
premises Skype for Business deployment and configure federation with external Skype for Business
organizations. You must also enable federation with external Skype for Business organizations on
your Skype for Business Online tenant.
5. Verify that the blocked and allowed domains for federation are identical in both the on-premises
environment and the online environment.
Demonstration: Verifying Prerequisites

 Verify the custom domain configuration in Office 365.
 Verify the DNS records for the Office 365 custom domain.
 Verify the Active Directory synchronization setting.
Demonstration Steps
1. Connect to the Office 365 admin center.
2. Review the domain settings. Verify that the custom domain is added to Office 365.
3. Verify the DNS records that are assigned to the custom domain.
4. Verify that the domain is configured for AD DS synchronization.

Directory Synchronization Configuration

Directory synchronization enables user, group,
and contact synchronization between on-premises
AD DS and Azure AD. You can enable Azure AD
accounts for any of the Office 365 services, such as
Exchange Online or Skype for Business Online. To
enable directory synchronization, you install a
directory synchronization component on a server
in your on-premises domain. You then provide an
account with Domain Admins and Enterprise
Admins access to AD DS and another account with
administrator access to Office 365, and then you
configure synchronization. All of your user
accounts, groups, and contacts from AD DS will then replicate to Azure AD.
Note: Although all Office 365 users and groups are stored in Azure AD, you do not have to
use Azure management tools to manage these accounts if you are implementing only Office 365
and you are not implementing other Azure services. To manage user accounts in Office 365, you
can use the Office 365 admin center.
Azure AD Connect
Azure AD Connect is the current directory synchronization tool that you can use to synchronize on-
premises AD DS with Azure AD. Azure AD Connect provides the following improvements over previous
directory synchronization options:
 It uses the new Microsoft Identity Manager (MIM) synchronization, which is built on a Microsoft
SQL Server Express 2012 R2 database.
 It supports simple multiple-forest scenarios.
 It supports filtering the migration by organizational units or by AD DS groups.
 It enables filtering on individual attributes and synchronization of just those filtered accounts by using
a specific Microsoft online service, such as Exchange Online or SharePoint Online.
 It supports password hash synchronization from multiple on-premises AD DS environments to

Azure AD.
Azure AD Connect is a wizard-based tool that enables connectivity between an on-premises identity
infrastructure and Azure. By using the wizard, you choose your topology and requirements, such as
single or multiple directories, password synchronization, or federation. The wizard will then deploy and
configure all the required components. Depending on the requirements that you select, the wizard can
include Azure AD Sync, a hybrid Microsoft Exchange deployment, password change write-back, AD FS
and proxy servers, and the Azure AD module for Windows PowerShell.
Note: Microsoft released two other directory synchronization tools that are still supported
but are not recommended. These tools are DirSync and Azure AD Sync, which is a stand-alone
directory synchronization component that now integrates with Azure AD Connect.
For more information on Azure AD Connect and to download the tool, refer to the following website.
Integrating your on-premises identities with Azure Active Directory

http://aka.ms/ww793d
Preparing on-premises AD DS
Before you implement Azure AD Connect, you should ensure that your on-premises AD DS and related
technologies are checked for potential issues, and you should remediate any discovered issues. These
checks should include:
 Analyzing the on-premises environment for invalid characters in AD DS object attributes and for
incorrect UPNs.
 Identifying domain functional levels and schema extensions, and identifying custom attributes that
are in use.
 Recording network port use and DNS resource records that relate to Office 365.
You can use the IdFix tool to identify and remediate the majority of object synchronization errors in
AD DS, including common issues such as duplicate or malformed proxyAddresses and userPrincipalName
attributes. You can select the organizational units (OUs) for IdFix to check. You also can fix common errors
within the tool.
You can download the IdFix tool from the following website.
IdFix DirSync Error Remediation Tool

http://aka.ms/wkogqx
Demonstration: Configuring Directory Synchronization

In this demonstration, you will learn how to configure and run the Azure AD Connect tool.
Demonstration Steps
1. Run the Azure AD Connect tool.
2. Start a custom configuration of Azure AD Connect.
3. Authenticate in Azure AD.
4. Configure the on-premises directory.

5. Identify the organizational unit that you want to synchronize.
6. Initiate the synchronization.
7. Connect to the Office 365 admin center, and then verify that the user accounts synchronized.
8. Sign in as a synchronized user.

Overview of SSO
When you configure directory synchronization by
using Azure AD Connect, you can configure
password synchronization. This means that when
you first synchronize a user account with Office
365, the password also synchronizes. If a user
changes his or her password in the on-premises
AD DS domain, the password synchronizes with
Office 365.
Password synchronization means that a user only

needs to remember one password to access on-
premises apps and services and cloud-based
services. However, because two different user
account objects are created in the on-premises AD DS domain and in Azure AD, the user still needs to
authenticate in both directories.
SSO components
If you configure SSO, users will always authenticate in the on-premises AD DS domain, and they will then
use those credentials to access Office 365 services. You can implement SSO by configuring federated
trusts and claims-based authentication. To configure SSO, you need the following components:
 Federated trust, which establishes a relationship between two partner organizations, where one
partner provides access to an application and the other partner manages the user accounts that
access the application. In a hybrid deployment, Office 365 with Azure AD provides that application,
and you manage the user accounts in your on-premises AD DS domain.
 Identity provider, which is a directory service that authoritatively authenticates a user. In a hybrid
deployment, the identity provider is your on-premises AD DS environment.
 Application provider, also known as a relying party, provides access to applications. Office 365
applications and Azure AD act as the relying party in a hybrid deployment.
 Claims, which is a statement about a user, such as the user’s email address, domain, group
membership, first name and last name, or UPN. The claim enables the relying party to establish the
identity of the user who is requesting access to resources.
 Claims provider, also known as the security token service (STS), is a service that generates claims for
users on request. For example, in a hybrid deployment, an AD FS server can provide a claim for a user
who is trying to access an Office 365 application.
 Token, which is a file that contains claims about an authenticated user, along with an assertion that
the user has correctly authenticated. Claims typically are signed to prevent alteration in transit, and
they are encrypted.
SSO process
The following steps describe what happens when an Office 365 user signs in to Skype for Business:
1. The user starts the Skype for Business client. When the client starts, it connects to Azure AD to check
whether the user’s domain name is a federated domain. If the domain is not a federated domain, the
client continues with a normal domain sign-in.
2. If the user domain is an Office 365 federated domain, the client sends a request for a Security
Assertion Markup Language (SAML) token to the on-premises AD FS server. If the user signs in on a
domain member computer, the federation server accepts the domain credentials. If the user does not
sign in on a domain member computer, the user is prompted for credentials. The AD FS server uses
the credentials to send a request to the on-premises AD DS domain controller to obtain the user’s
claims.
3. The AD FS server then issues a security token to the client that includes the user claims.
4. The client then requests an authentication token from Azure AD to connect to Skype for Business
Online. The client provides the security token that it receives from the on-premises AD FS server.
5. Azure AD validates the security token and issues an authentication token to the client.
6. The client connects to Skype for Business Online, which requests an authentication token. The client
provides the authentication token it received from Azure AD. Skype for Business Online evaluates the
token and provides access to the services based on the token.
SSO Configuration for Office 365

To enable SSO for Skype for Business clients in
Office 365, you must first enable directory
synchronization. Then, you must deploy AD FS to
provide the STS for your on-premises
environment. To do this, you need to complete
1. Before you configure AD FS, verify the
following prerequisites:
o UPN namespaces. You need to ensure

that you are using UPN suffixes that map
to a registered domain name in Office
365. Therefore, if an organization uses a
UPN suffix of adatum.com, then adatum.com needs to be a valid domain in Office 365 for that
organization’s account.
o DNS resource records. Client requests to AD FS need to resolve to the correct access point for the
AD FS service, regardless of whether the client is on the internal network or on the Internet.
Typically, internal clients connect to the AD FS server, and external clients connect to a proxy
server. However, both clients need to use the same name, such as adfs.adatum.com. This means
that you will need to configure two different DNS resource records for this name: one for internal
clients by using the internal DNS server, and one for external clients by using the Internet-
accessible DNS server.
o Certificates. AD FS uses certificates for signing tokens before sending the token to a client and for
Secure Sockets Layer (SSL) encryption. For token exchange, AD FS uses self-signed certificates.
These certificates only validate that the content has been unaltered in transit, so there is typically
no requirement to use third-party issued certificates or to validate to a trusted certification
authority (CA).
For SSL encryption, certificates must come from a CA that federation servers in both partner
organizations trust. With Azure federation servers, this certificate must come from a publicly
trusted CA. With third-party SSL encryption certificates, either the common name (CN) or the
subject alternative name (SAN) on the SSL certificate must match the fully qualified domain name
(FQDN) of the endpoint to which the client request is terminating. Therefore, if the DNS name of
the STS is adfs.adatum.com, the SSL certificate for connecting to the proxy array must include
either a CN or SAN for adfs.adatum.com.
o Firewall configuration. Firewall configuration is relatively simple in that external clients only need
the SSL TCP port 443 to connect to an AD FS proxy server. The proxy server then communicates
with AD FS by using port 443 only.
2. Install and configure AD FS servers. To install and configure AD FS, perform the following steps:
a. Add a publicly trusted certificate to the personal certificate store on a computer that is running
Windows Server 2012 or Windows Server 2012 R2.
b. Add the AD FS role to the computer by using the Add Roles and Features Wizard.
c. Run the AD FS Federation Server Configuration Wizard.

d. Configure the server as the first server in the AD FS server farm.
e. Select the publicly trusted certificate as the SSL certificate, and ensure that the Federation Service
name matches the CN in the certificate or is included in the SAN on the certificate.
f. If AD FS is considered a critical service in your organization, you should install additional servers
in the federation farm and configure load balancing between the servers.
Note: You can use Azure AD Connect to configure AD FS servers and web application
servers. To do this, install the AD FS and Web Application Proxy components on Windows Server
2012 R2 servers with remote management enabled, and then complete a custom installation and
configuration of the Azure AD Connect tool. The installation process will connect to the specified
servers and configure the AD FS and Web Application Proxy components.
3. Install and configure AD FS proxy servers or Web Application Proxy servers. You can deploy AD FS
proxy servers or a computer that is running Windows Server 2012 or Windows Server 2012 R2 with
the Web Application Proxy server role installed. In either case, the server is deployed in a perimeter
network and it is not a domain member. When users are outside the network, the AD FS proxy server
or Web Application Proxy server proxies client requests from the Internet to internal AD FS servers. If
you are running Windows Server 2012 R2, we recommend using Web Application Proxy. To install
and configure Web Application Proxy, perform the following steps:
a. Add a publicly trusted certificate to the personal certificate store on a computer that is running
Windows Server 2012 R2. Mostly, this is the same certificate that was used on the internal AD FS
server.
b. Add the Web Application Proxy role service to the computer by using the Add Roles and Features
Wizard. The Web Application Proxy role service is a component of the Remote Access server role.
c. Run the Web Application Proxy Configuration Wizard and configure the internal AD FS server
name, the certificate and URLs, and the pre-authentication method.
d. Like the internal AD FS server, you might want to deploy multiple Web Application Proxy servers
and configure load balancing.
Note: Before users can connect to Office 365 by using SSO, you must configure the
Office 365 domain as a federated domain. The next lesson covers this step.
Demonstration: Configuring SSO

 Configure an AD FS server and Web Application Proxy by using Azure AD Connect.
 Verify SSO.
Demonstration Steps
1. Run Azure AD Connect, and then configure the AD FS server.
2. Select the Azure AD domain that will be configured for federation.
3. Verify that users are required to use SSO and that SSO works.
4. Use Microsoft Remote Connectivity Analyzer to verify SSO.

Question
As part of a hybrid Skype for Business deployment at A. Datum Corporation, you need to configure
appropriate DNS resource records to ensure that clients can automatically connect to both the on-
premises and cloud deployments of Skype for Business. Which of the following DNS resource
records do you need to configure?
Lyncdiscover.Adatum.com that is pointing to your on-premises Edge Servers.
Lyncdiscover.Adatum.com that is pointing to the Skype for Business Online URL.
_sip._tls.Adatum.com that is pointing to your on-premises Edge Servers.
_sip._tls.Adatum.com that is pointing to the Skype for Business Online URL.
_sipfederationtls._tcp.Adatum.com that is pointing to your on-premises Edge Servers.

Lesson 3
Configuring a Hybrid Skype for Business Environment
After configuring the prerequisites, you are ready to start configuring the Skype for Business hybrid mode
and moving users from on-premises Skype for Business pools to Office 365. This process is actually quite
easy after all the prerequisites are complete. In some cases, you might also want to configure a hybrid
Skype for Business deployment by enabling online users first and then configuring an on-premises
environment. This configuration is possible, but it requires a few extra steps. This lesson describes how
to configure a hybrid Skype for Business environment.
Lesson Objectives
 Explain how to configure a hybrid Skype for Business environment by using Windows PowerShell
commands.
 Explain how to configure a hybrid Skype for Business environment by using Skype for Business Server
Control Panel.
 Explain how to move users to Skype for Business Online.

 Explain how to move users from Skype for Business Online to on-premises Skype for Business.
Configuring a Hybrid Skype for Business Environment by Using

Windows PowerShell
To complete the configuration of a hybrid
Skype for Business environment, you need to
configure federation between the on-premises
Skype for Business environment and
Skype for Business Online, and you need to
configure a shared address space between the
two environments.
Configure your on-premises edge

service for federation with
Federation allows users in an on-premises
Skype for Business deployment to interact with
Skype for Business Online users in your tenant. To configure federation, run the following commands by
using the Skype for Business Server Management Shell:
Set-CsAccessEdgeConfiguration -AllowOutsideUsers $true -AllowFederatedUsers $true –

UseDNSSRVRouting
This command configures the edge service for your on-premises organization. The command enables
users to access Skype for Business from outside the organization, and it allows on-premises users to
communicate with users in federated domains. The command also instructs the Edge Servers to use
DNS service (SRV) resource records when locating Skype for Business Server Edge Servers for federated
partners. You might have already configured these options if you enabled federation with other
organizations:
New-CsHostingProvider -Identity AdatumOnline -ProxyFQDN "sipfed.online.lync.com" -Enabled

$True -EnabledSharedAddressSpace $True -HostOCSUsers $True -VerificationLevel
UseSourceVerification -IsLocal $False -AutoDiscoverURL
https://webdir.online.lync.com/autodiscover.autodiscoverservice.svc/root
This command configures a new hosting provider, which is any external organization that provides SIP-
based services. The command provides the following information:
 Identity, which provides a unique name for the hosting provider.
 ProxyFQDN, which identifies the proxy server that the hosting provider uses.
 Enabled, which sets the hosting provider as enabled when it is created.
 EnabledSharedAddressSpace, which indicates that the hosting provider will host users with the same
SIP address space as the on-premises Skype for Business organization.
 HostOCSUsers, which indicates that the hosting provider will host Skype for Business users. If you
were setting up a hosting provider just to provide other services, such as hosted Exchange Server
services, you would set this to False.
 Verficationlevel, which configures the required verification for messages that are sent to and from the
hosted provider. Setting this value to UseSourceVerfication means that all messages are checked for
verification.
 IsLocal, which indicates that the proxy server that the hosting provider uses is outside the on-premises
environment.
 AutodiscoverURL, which identifies the URL for the Autodiscover service that clients use to locate the
user’s home pool.
Configure your Skype for Business Online tenant for a shared SIP address space
In addition to configuring your on-premises Skype for Business environment, you must also configure
your Skype for Business Online tenant to use a shared SIP address space. You can use the
Skype for Business Server Management Shell to configure this setting.
Note: Before running the following command, you need to establish a remote Windows
PowerShell connection to Skype for Business Online. See Lesson 1, “Overview of
Skype for Business Online,” for details on how to do this.
To configure a shared SIP address space, open the Skype for Business Server Management Shell, connect
to Skype for Business Online, and then run the following command:
Set-CsTenantFederationConfiguration -SharedSIPAddressSpace $True

Configuring a Hybrid Skype for Business Environment by Using

Skype for Business Server Control Panel has been
significantly enhanced to simplify the process of
configuring and managing a hybrid
Skype for Business deployment:
 You can sign in to Skype for Business Online

from Skype for Business Server Control Panel,
and you can manage some settings for both
Skype for Business Server environments by
using a single Skype for Business Server
Control Panel.
 After signing in to Skype for Business Online,

you can use Skype for Business Server Control
Panel to complete the hybrid environment configuration. When you start the Set Up
Hybrid with Skype for Business Online Wizard, the wizard evaluates your current on-premises
Skype for Business environment, and then it completes any remaining steps to finish the
configuration. If you use the Set Up Hybrid with Skype for Business Online Wizard, you do
not have to run the Skype for Business Server Management Shell commands that the previous
topic described.
 You can use Skype for Business Server Control Panel to move on-premises users to Skype for Business
Online or to move Skype for Business Online users back to an on-premises Skype for Business
environment.
 You can identify which users are in Skype for Business Online. Online users are identified as being in
Skype for Business Online rather than the local Front End pool.
 You can configure some settings for online users by using Skype for Business Server Control Panel.
Demonstration: Configuring a Hybrid Skype for Business Environment by

Using Skype for Business Server Control Panel
In this demonstration, you will learn how to configure a hybrid Skype for Business environment by using
Demonstration Steps
1. In Skype for Business Server Control Panel, connect to Skype for Business Online.
2. Run the Set up hybrid with Skype for Business Online Wizard.
3. Verify that hybrid mode has been set up successfully.

Moving Users to Skype for Business Online

After completing hybrid configuration, you can
start moving users to Skype for Business Online.
To move users who are hosted on-premises to
Skype for Business Online, run the following
commands in the Skype for Business Server
Management Shell:
$CREDS=Get-Credential
Move-CsUser -Identity USERNAME@domainname -
Target SIPFED.ONLINE.PARTNER.LYNC.COM -
Credential $CREDS -
HostedMigrationOverrideURL URL
The first command will prompt you for

credentials. You must provide credentials for a Skype for Business Online administrator. The
HostedMigrationOverrideUrl URL must reference the Skype for Business Online pool for your Office 365
tenant. This URL must be in the following format:
Https://Pool FQDN/HostedMigration/hostedmigrationService.svc
You can determine the URL for the hosted migration service by viewing the Skype for Business Online
Control Panel URL for your Skype for Business Online tenant. To identify the hosted migration service URL
for your Skype for Business Online tenant, perform the following steps:
1. Sign in to your Office 365 tenant as an administrator.
2. Open the Skype for Business admin center.
3. Select and copy the URL in the address bar up to lync.com. The URL looks like the following:
https://webdir1a.online.lync.com/lscp/?language=en-US&tenantID=
4. Replace webdir in the URL with admin, as shown below:
https://admin1a.online.lync.com
5. Append /HostedMigration/hostedmigrationservice.svc to the URL. The final URL looks like the
following:
https://admin1a.online.lync.com/HostedMigration/hostedmigrationservice.svc
You can move multiple users at the same time by using the Get-CsUser cmdlet. You can use the –Filter
parameter to identify a collection of users. For example, you can use the RegistrarPool parameter to list all
users who are hosted on a particular pool, and then you can pipe the list of users to the Move-CsUser
cmdlet:
Get-CsUser -Filter {RegistrarPool -EQ "LONPOOL"} | Move-CsUser -Target

sipfed.online.partner.lync.com -Credential $CREDS -HostedMigrationOverrideURL URL
You can also use the –OU parameter to move all users in the specified OU to Skype for Business Online:
Get-CsUser -OU "OU=Management,CN=Adatum,CN=com" | Move-CsUser -Target

sipfed.online.partner.lync.com -Credential $CREDS -HostedMigrationOverrideURL URL
You can also use Skype for Business Server Control Panel to move users to and from Skype for Business
Online. When you move a user from on-premises Skype for Business to Skype for Business Online, the
HostingProvider attribute on the user account in the local AD DS domain is modified to indicate that the
user is now hosted online. The value of the HostingProvider attribute for an on-premises user is SRV:.
When the user moves to Skype for Business Online, the attribute changes to sipfed.online.lync.com.
Note: The HostingProvider attribute in the Skype for Business Server Management Shell is
stored in the msRTCSIP-DeploymentLocator attribute in an AD DS user account.
A Skype for Business client uses the HostingProvider attribute to locate the correct Skype for Business
pool when connecting to Skype for Business. Because the Autodiscover DNS resource records point to the
on-premises environment, the client will always connect to the on-premises environment when the client
starts. After the user authenticates, the client checks the HostingProvider attribute. If the user is hosted
in the cloud, the client redirects to connect to Skype for Business Online.
Demonstration: Moving Users to Skype for Business Online

In this demonstration, you will learn how to move users to Skype for Business Online by using Skype for
Business Control Panel.
Demonstration Steps
1. In Skype for Business Server Control Panel, connect to Skype for Business Online.
2. Move a mailbox to Skype for Business Online.
Moving Users from Skype for Business Online to On-Premises

Skype for Business
Some organizations might have started
Skype for Business deployments by
implementing Skype for Business Online
before they implemented on-premises
Skype for Business. After evaluating
Skype for Business Online, these organizations
might also decide to deploy on-premises
Skype for Business and configure a hybrid
deployment so that both environments can
host users. To complete this type of hybrid
deployment, you must perform the
following steps:
1. Deploy the Skype for Business Server on-premises environment. You must deploy and configure edge
services.
2. Configure directory synchronization between the on-premises environment and Office 365. You must
have user accounts for all users in Skype for Business Online in your local AD DS domain. You can also
deploy AD FS if you want to enable SSO.
3. In your on-premises deployment, create the hosting provider for Skype for Business Online by typing
the following commands in the Skype for Business Server Management Shell:
Set-CsAccessEdgeConfiguration -AllowOutsideUsers 1 -AllowFederatedUsers 1 -

UseDNSSRVRouting -EnablePartnerDiscovery $True
New-CsHostingProvider -Identity AdatumOnline -ProxyFQDN "sipfed.online.lync.com" -
Enabled $True -EnabledSharedAddressSpace $True -HostOCSUsers $True -VerificationLevel
UseSourceVerification -IsLocal $False -AutoDiscoverURL
https://webdir.online.lync.com/autodiscover.autodiscoverservice.svc/root
4. Enable the user accounts that are associated with Skype for Business Online users as on-premises
Skype for Business users. You can do this by using the following command. This command enables a
user for Skype for Business, but it identifies the user as an online user:
Enable-CsUser -Identity "USERNAME" -SIPAddress "SIP:USERNAME@Adatum.com" -

HostingProviderProxyFQDN "SIPFED.ONLINE.LYNC.COM"
5. Run directory synchronization to synchronize the updated information from the AD DS domain to
Azure AD.
6. Modify the following Internet-accessible DNS resource records to direct all SIP traffic to on-premises
Skype for Business:
o Update the lyncdiscover.adatum.com host (A) resource record to reference the on-premises
reverse proxy server.
o Update the _sip._tls.adatum.com service (SRV) resource record to reference the Access Edge
service of the on-premises Skype for Business deployment.
o Update the _sipfederationtls._tcp.adatum.com service (SRV) resource record to reference the

Access Edge service of the on-premises Skype for Business deployment.
7. You can then start moving Skype for Business Online users to the on-premises Skype for Business
environment. To move a user by using the Skype for Business Server Management Shell, run the
following command:
$CRED = Get-Credential
Move-CSUser -Identity USERNAME@Adatum.com -Target "FE-POOL.Adatum.com" -Credential
$CRED -HostedMigrationOverrideURL URL
This command uses the same hosted migration override URL that is used for moving users from an on-
premises environment to an online environment. You can also use Skype for Business Server Control Panel
to move users.
Statement Answer
Your manager tells you that after deploying a hybrid

Skype for Business Server environment, you can
create all user accounts in Office 365. Is this
statement true or false?
Statement Answer
You have deployed a hybrid Skype for Business

environment. A user in Skype for Business Online
has a HostingProvider attribute value of
sipfed.online.lync.com. This means that the
user’s client will always connect directly to
Skype for Business Online when the user opens
the client.
Lab: Designing a Hybrid Skype for Business Deployment

Scenario
A. Datum is planning to implement a hybrid Skype for Business deployment. As a first step, you are
responsible for designing a pilot deployment of 40 users on Skype for Business Online. The pilot users
must have full interoperability with on-premises Skype for Business users.
Objectives
After completing this lab, you will be able to design a hybrid Skype for Business deployment.
Lab Setup
No virtual machines are required for this lab.
Exercise 1: Designing the Hybrid Skype for Business Environment

Scenario
A. Datum deployed Skype for Business Server 2015 for all 2,500 users at the London main office.
Skype for Business is used extensively for instant messaging and internal conferencing. A. Datum
currently has the following Skype for Business 2015 servers deployed at the London site:
 LON-SFB1 (Front End Server)
 LON-SFB2 (Front End Server)
 LON-SQL1 (Back End Server)

 LON- WAC (Microsoft Office Online server)
All servers are members of the Adatam.local domain. Users sign in to the local domain by using the
format Adatum\username or username@adatum.local. The only SIP domain that Skype for Business Server
uses is username@adatum.local.
The London site is connected to the Internet. The network team in London deployed a perimeter network
that includes a two reverse proxy servers that are behind a hardware load balancer.
The only DNS resource records for Adatum.com that are configured on the Internet are for
www.adatum.com, a mail exchanger (MX) resource record, and a host (A) resource record for
mail.adatum.com. All other servers use the Adatum.local domain name.
Your task is to complete the pilot implementation of Skype for Business on Office 365. In preparation for
this project, you have configured a pilot Office 365 tenant and have purchased 50 Office 365 Enterprise E3
licenses. The only domain that is assigned to the Office 365 tenant is adatum.onmicrosoft.com.
You have the following requirements:
 You need to move 40 users from the on-premises Skype for Business environment to
 Users who move to Skype for Business Online must be able to use the same domain name as users
who are hosted in the local Skype for Business environment.
 Users must be able to sign in to Skype for Business Online by using the same user name and
password that they use on the internal network.
 Users must be able to connect to Skype for Business Server from the internal network and from
external locations regardless of where the user accounts are located.
 Skype for Business is a critical network service at A. Datum. This means that the
Skype for Business Server deployment must be highly available, and it must continue to function in
the event of a single-server failure.
You must design a solution that enables A. Datum to move some users to Skype for Business Online while
meeting business requirements.
1. Prepare for the hybrid Skype for Business deployment.

2. Discuss your solution with the class.
 Task 1: Prepare for the hybrid Skype for Business deployment

1. Review the lab scenario.
2. What changes to the current environment should A. Datum make before it can start the hybrid
Skype for Business deployment?
3. What infrastructure components will A. Datum need to deploy before it can start the hybrid
4. What steps will A. Datum need to take to complete the hybrid Skype for Business deployment?
 Task 2: Discuss your solution with the class

 Present your proposed solution to the class. Discuss alternative solutions with other students and with
the instructor.
Results: After completing this exercise, you should have designed a hybrid Skype for Business
environment for A. Datum.
Question: Why do you need to configure on-premises Skype for Business and Skype for Business
Online to share an address space when configuring a hybrid Skype for Business deployment?
Question: Why will you decide to include AD FS in your design if you are planning a hybrid

Best Practice
If you just want to try out Skype for Business Online, you can subscribe to a tenant and configure users
with onmicrosoft.com domain names. If you decide to expand the deployment and include an on-
premises deployment of Skype for Business, you can add your domain name and configure a hybrid
environment later by using the same tenant.

Users cannot authenticate to Skype for Business

Online
Review Question
Question: How can you mitigate any security concerns with either directory synchronization with
password synchronization or SSO?

With the popularity of virtualization technology, your organization will likely have some or even all of
your Skype for Business infrastructure on virtual machines. Microsoft fully supports virtualizing all the
Skype for Business Server roles. From a disaster recovery perspective, you can pair virtualized pools
only with other virtualized pools. Skype for Business Server Topology Builder will not warn you about
combining platforms (physical with virtual), which is not supported, yet it is likely that you might
combine platforms in your production environment.
Tools
 Azure AD Connect. Use this tool to synchronize users, groups, and contacts between on-premises
AD DS and Azure AD. The Azure AD Connect configuration wizard can also configure AD FS and Web
Application Proxy.
 AD FS. Use this security token service (STS) to enable federation between on-premises AD DS and
Azure AD.
 Skype for Business Server Control Panel. Use this tool to configure the hybrid mode and to move
users between on-premises Skype for Business and Skype for Business Online.
 Skype for Business Server Management Shell. Use this tool to configure the hybrid mode and to
configure other Skype for Business Online settings.
 The Skype for Business Online connector module for Windows PowerShell. This provides the Windows
PowerShell commands that are necessary to configure Skype for Business Online when you use the
13-1
Module 13
Planning and Implementing an Upgrade to
Contents:
Lesson 1: Overview of Upgrade and Migration Paths 13-2
Lesson 2: Migrating to Skype for Business 2015 13-7
Lesson 3: In-Place Upgrade to Skype for Business 13-12
Lab: Performing an In-Place Upgrade of Microsoft Lync 2013 to

Skype for Business Server 2015 13-15
Module Overview
How you upgrade to Skype for Business Server depends on whether your organization currently uses
Microsoft Lync Server 2010 or Lync Server 2013. If your organization uses Lync Server 2010, a side-by-side
migration might be the right choice. However, if Lync Server 2013 is your current version you should
consider an in-place upgrade.
Note: There is no coexistence support for Lync versions prior to Lync 2010. If your
organization is currently running Microsoft Office Communications Server 2007 or Office
Communications Server 2007 R2, you must migrate to either Lync 2010 or Lync 2013 before
upgrading to Skype for Business.
Migrating to Skype for Business from either Lync 2010 or Lync 2013 involves the same steps as a
migration from Lync 2010 to Lync 2013. The client experience will also be the same as in a migration
from Lync 2010 to Lync 2013.
Objectives
 Describe the supported migration and upgrade paths for Skype for Business Server.
 Perform an in-place upgrade of Lync Server 2013 to Skype for Business Server.
 Describe how to manage the user experience during an upgrade.

13-2 Planning and Implementing an Upgrade to Skype for Business Server 2015
Lesson 1
Overview of Upgrade and Migration Paths
Upgrading to Skype for Business from either Lync Server 2010 or Lync Server 2013 requires knowledge
of the supported path. If your organization is currently on Lync Server 2013, an in-place upgrade is
supported. You must decide if you should perform an offline, in-place upgrade or a move user upgrade.
Organizations currently on Lync Server 2010 will use a side-by-side migration path. With this option, you
add new Skype for Business infrastructure to the current Lync Server 2010 topology. You move users,
services, and endpoints to the Skype for Business infrastructure prior to decommissioning Lync Server
2010.
Lesson Objectives
 Describe the supported upgrade path for Skype for Business Server.
 Describe the in-place upgrade of Lync Server 2013 to Skype for Business Server.
 Identify the difference between an Offline upgrade and a Move User upgrade.
 Describe how to manage the user experience during an upgrade.

 Describe the steps for migrating from either Lync Server 2010 or Lync Server 2013 to Skype for
Business Server.
Supported Upgrade Paths for Skype for Business Server

Like its predecessors, Skype for Business supports
the coexistence of two prior versions. This means
that only Lync Server 2010 or Lync Server 2013
can be in the same Skype for Business topology
concurrently.
Note: There is no support for Office

Communications Server 2007 or Office
Communications Server 2007 R2 coexisting with
Skype for Business Server. If your organization is
currently on either version, you must perform a
complete migration to either Lync Server 2010
or Lync Server 2013 before upgrading to Skype for Business Server.
If your organization is currently on Lync Server 2010, then you can utilize the side-by-side migration path,
in which you add new servers running Skype for Business Server to the topology and move users without
service interruptions. However, there will be a few seconds of interruption when you disconnect from the
old server and reconnect to the new server.
Skype for Business Server supports an in-place upgrade from Lync Server 2013. When using the in-place
upgrade option, the current servers that are running Lync Server 2013 will automatically have the Lync
Server 2013 software uninstalled and replaced by Skype for Business Server. No services will be available
in the Front End Server pool during the in-place upgrade, and all Front End Server pool members must be
upgraded to Skype for Business Server before pool services can resume.
If you can plan a service window during which you can interrupt access to Lync Server 2013 services, you
can perform the in-place upgrade without adding the administrative load of moving users, services, and
endpoints. Skype for Business Server will simply replace all services and configurations in the Lync Server
2013 environment.
Sometimes taking the Lync 2013 infrastructure offline is not a viable option. In this case, you can use the
Move Users upgrade option. This involves installing a temporary Lync Server 2013 deployment to host
users, services, endpoints, and conferences for the duration of the upgrade. This approach is very similar
to a migration from either version of Lync Server. However, this approach can reuse current servers and
the load-balancer setup used by the Lync Server 2013 installation, without requiring reconfiguration after
upgrading to Skype for Business Server.
Note: Lync Room System (LRS) Administrative Web Portal for Lync Server 2013 cannot
coexist with Skype for Business Server. Therefore, you must uninstall the LRS Admin tool from
Lync Server 2013 before upgrading the servers to Skype for Business. After the upgrade,
download and install the Microsoft Lync Room System Administrative Web Portal for Skype
Microsoft Lync Room System Administrative Web Portal for Skype for Business Server 2015
http://aka.ms/hxn4ct
In-Place Upgrade of Lync Server 2013

Skype for Business Server supports in-place
upgrades from Lync Server 2013. To perform an
in-place upgrade by using the Skype for Business
Server 2015 Topology Builder, right-click the Lync
Server 2013 pool or server, and then on the
context menu, click Upgrade to Skype for
Business Server 2015.
You cannot install Skype for Business
administrative tools—which include the required
version of the Skype for Business Server Topology
Builder—on a server with Lync Server 2010 or
Lync Server 2013 administrative tools installed. (If
you have Lync Server 2013 installed, then you have the Lync Server 2013 administrative tools installed.)
Therefore, you need an Active Directory Domain Services–joined (AD DS–joined) server or workstation on
which you install the Skype for Business administrative tools. To meet this requirement, consider using the
Office Web Apps Server used by the Lync Server 2013 installation. This role is most commonly domain-
joined and does not have the Lync Server 2013 components installed.
During the upgrade of servers running Lync Server 2013 to Skype for Business Server, the Front End Server
pool cannot offer any services until you have upgraded all the pool members to Skype for Business Server.
If you can schedule a maintenance window in which you can take the Lync Server 2013 servers offline,
then we recommend the Offline upgrade approach.
After you have selected the server that is running Lync Server 2013 in the Skype for Business Server
Topology Builder for upgrade to Skype for Business Server and have published the topology, you can
perform an Offline upgrade in five steps:
1. Announce a maintenance window, and inform users that services will be unavailable during this
period.
2. Take the Front End pool offline by using the cmdlet Disable-CsComputer –Scorch. This prevents
services from starting, in case a server reboot is required.
3. Run Skype for Business Server setup to begin an in-place upgrade. Always check for updates before
you upgrade.
4. Bring the Skype for Business Front End pool online by using the Windows PowerShell cmdlet
Start-CsPool.
5. Validate that users can connect and all services work as expected.
If users require continued access to services during the upgrade, use the Move Users upgrade option. In
this scenario, you install and configure a temporary server running Lync Server 2013 or Skype for Business
Server before upgrading the Lync Server 2013 production pool to Skype for Business. You move all users
and required services, such as Response Groups, dial-in conferencing, and conferencing directories, to the
temporary pool to assure continued access during the upgrade. The Move Users upgrade path is very
similar to a migration. If Move Users is the selected solution, consider performing a fresh Skype for
Business Server production pool installation and then migrate to that pool, rather than upgrading the
existing Lync Server 2013 pool.
Offline vs. Move Users In-Place Upgrade

If users require continued access to services
during an in-place upgrade, you must configure
another server running Lync Server 2013 or Skype
for Business Server to temporarily host the users
and services from the Front End Server pool that
you are upgrading. This is known as the Move
Users upgrade path.
If multiple Front End Server pools are available in

your deployment, one of the pools might be
suitable for hosting the users and services
temporarily. If the installation consists of a single
Front End Server pool, you will need to install a
temporary server or pool running Lync Server 2013 or Skype for Business Server. Deploying a temporary
pool makes this approach similar to the traditional migration path. The same considerations for Response
Groups, dial-in conferencing, and other services apply.
Once you have configured a temporary Front End Server pool, external pointers from the reverse proxy
and the Edge server are updated to reflect the temporary server. This involves updating publishing rules
on the reverse proxy, and changing the next hop Edge server assignment in Skype for Business Server
Topology Builder.
In an Offline in-place upgrade, you do not use a temporary placement on another Front End Server pool.
As a result, all users that are hosted on the Lync Server 2013 Front End Server pool do not have access to
the services for the duration of the upgrade.
When performing an in-place upgrade from Lync Server 2013 to Skype for Business Server, all current
server names, certificates, settings, policies, users, and conferences are preserved. When you have
upgraded all Front End Server pool members with the Skype for Business software components, you
must start the pool by using the Windows PowerShell Start-CsPool cmdlet that Skype for Business Server
introduced. The Start-CsPool cmdlet starts all required services in the right order, including Windows
Fabric.
Note: The Start-CsPool cmdlet does not start local Microsoft SQL Server services. If the
local SQL Server services are not running, Start-CsPool will fail. You must ensure that the SQL
Server services have started and are running before attempting a new pool start.
User Experience During Upgrade

During an Offline in-place upgrade, all existing
users are without access to the Skype for Business
services. When the upgrade is complete and
you have used the Windows PowerShell cmdlet
Start-CsPool to start the Front End Server pool
services, users will again be able to connect to the
Front End Server pool, which now will be running
Skype for Business.
During a Move Users upgrade, the pool that

currently hosts the users offers the same user
experience, just like a migration. For example, a
user that is hosted on Lync Server 2010, will use
the Lync 2010 web meeting pages, whereas a user that is hosted on Lync Server 2013 will have access to
the Lync Web App. When an external user accesses the simple URL for a meeting, the reverse proxy will
forward the requests to the configured server. All Lync Servers and Skype for Business servers that are
running either Front End Server pool or Director services can function as proxies. Therefore, external
participants will see the interface supported by the Front End Server pool that is hosting the meeting.
Only users with the Skype for Business client will be able to notice a difference when the full upgrade is
complete, as the Skype for Business client supports the new Skype Directory search feature. When the
Front End Server, Edge servers, and clients are all running Skype for Business, you can enable access to
the Skype Directory search.
If you use the Skype for Business client, Skype Directory search allows for the discovery of users who use
Skype (the consumer version of Skype) just as it does when using a Skype client. This includes connecting
to Skype public users that have not connected their private Skype account with a Windows Live account.
You also can search for Skype public users by using their Skype name, or search by other parameters such
as name, location, date of birth, and email. Users connecting from Lync clients do not benefit from the
enhanced Skype Directory search features.
Question: What is the difference between the Offline and Move Users upgrade paths?
Question: Verify the correctness of the statement by placing a mark in the column to the
right.
Statement Answer
You can use in-place upgrade to upgrade Lync

Server 2010 to Skype for Business Server.
Lesson 2
Migrating to Skype for Business 2015
Organizations that still are on Microsoft Office Communications Server 2007 or Office Communications
Server 2007 R2 must complete a migration to either Lync Server 2010 or Lync Server 2013 before
upgrading to Skype for Business.
Lesson Objectives
 Describe the process for migrating to Skype for Business 2015
The Process for Migrating to Skype for Business 2015

Migrating to Skype for Business Server from either
Lync Server 2010 or Lync Server 2013 involves the
same steps as in a migration from Lync Server
2010 to Lync Server 2013:
1. Prepare the infrastructure by updating servers

and addressing SQL Server prerequisites.
2. Add a new Skype for Business pool to Skype

for Business Server Topology Builder and
publish the topology.
3. Install and configure Skype for Business Server

Front End Server servers and required
databases.
4. Move pilot users to the new Skype for Business Server pool and test all Skype for Business
functionality.
5. Move remaining users, services, Response Groups, and dial-in access numbers.
6. Retarget external pointers, including reverse proxy, Edge Server next hop in Skype for Business Server
Topology Builder, external Domain Name System (DNS), and trunks, to the new Skype for Business
Server installation.
7. Move the Central Management store database to the new Skype for Business Server pool.
8. Move the remaining endpoints and services from the old pool, including conferencing directories,
Unified Messaging contacts, and dial-In conferencing numbers.
9. Decommission the old pool by removing it from Skype for Business Server Topology Builder and then
run a local setup to deactivate services in AD DS.
These steps will help ensure minimal service interruption, which should be limited to the time it takes
for the user to disconnect from the old pool and reconnect to the new pool. You can eliminate other
interruptions, such as phone access being limited while Session Initiation Protocol (SIP) trunks are
moved from old pool to new, in cooperation with the trunk provider.
Process of Migrating to Skype for Business 2015 – Stage 1

For a successful migration, you must have a plan
in place with respect to:
 Migrating users
 Migrating Archiving and Monitoring Servers
 Migrating Group Chat servers
 Administering servers after migration

 Migrating multiple sites and pools
 Migrating XMPP federation
 Starting phase 2—migration configuration

A generally accepted best practice for migrations is to create several test users and use them to conduct
systems tests. After you have successfully moved and tested those accounts, you should identify a group
of pilot production users, move their accounts, and then conduct validation tests on them. When you get
satisfactory results, you can move the rest of the users to the new deployment.
If you deployed Archiving Server and Monitoring Server in your Lync Server 2010 environment, you can
collocate these servers on your Skype for Business 2015 environment after you migrate your front-end
pools. If archiving and monitoring functionalities are critical to your organization, you should add
archiving and monitoring to your Skype for Business 2015 pilot pool before you migrate users, so that
the functionality is available during the migration process.
If you deployed Group Chat Server in your Lync Server 2010 environment, you must deploy Skype for
Business 2015 Persistent Chat Server. Group Chat Server and Persistent Chat Server can coexist, but
content (for example, chat rooms) is not shared across these servers. To access the legacy Group Chat
Server content from Persistent Chat Server, you must migrate the Group Chat Server to Persistent Chat
Server.
In general, you must use the administrative tool that corresponds to the server version that you want to
manage. You cannot install the Lync Server 2010 or Lync Server 2013, and the Skype for Business Server
2015 administrative tools on the same computer. Skype for Business Server 2015 supports multisite and
multi-pool deployments.

Before you begin the actual migration, you
need to:
1. Deploy the most recent updates for your

legacy environment.
2. Back up the legacy environment.
3. Complete the Active Directory forest and

domain preparations that are necessary for
migrating to Skype for Business Server 2015.
Note: You should run Best Practice Analyzer

and ensure a healthy deployment.

The first step in your migration is to bring up your
first pool. This can be an Enterprise Pool or
Standard Edition server that you are going to set
up within your pilot environment. For a pilot, you
need not have a high degree of service, but you
can set up components that are functional as you
test and plan for your migration. You can use this
first pool to run your Windows PowerShell
cmdlets on to perform the actual migration.
After you complete the preparation steps, you can

deploy the production pilot pool. You deploy this
pool side-by-side with the existing Lync Server
2010 or Lync Server 2013 pool (or pools). During installation, references for the Skype for Business Server
2015 components will be written into AD DS for legacy interoperability.

You can move a single user or groups of users to
your new Skype for Business 2015 deployment by
using either the Skype for Business 2015 Control
Panel, or the Skype for Business 2015
Management Shell.
In this stage, tasks that are outlined must be
complete during your pilot deployment, and
prior to moving your Skype for Business 2015
deployment to a production-level deployment.
The goal for this phase of migration is to test

functionality for users who are located in the new
Skype for Business 2015 pool with both the new
client and with the legacy clients.
You should carry out functional tests on the newly deployed pool to ensure that the pool has been
properly deployed. Additionally, you should perform interoperability tests to ensure that users in the
legacy pools can interact successfully with users in the new Skype for Business 2015 pool.

In this stage, you need to add a Skype for Business
2015 Edge Server to the pilot pool deployment.
You deploy the Edge Server and Director
components together. In Skype for Business 2015,
the Director role is now considered an optional
role. The role itself has not changed, compared to
Lync Server 2010; It still hosts web services, pre-
authenticates incoming user requests, and directs
external users to their home pool. Changing the
Director from a recommended role to an optional
role does not diminish the value of the Director.
Instead, it emphasizes reducing server count and
other hardware requirements (for example, hardware load balancers for the Director) without
compromising features and functionality. Because the Front End Servers can do the same job as the
Director with no impact to services provided, you can optionally deploy Directors, if you want to. You also
can safely exclude the Director because the Front End Servers will provide the same services in their place.
Remote Access
To ensure that the users in Skype for Business 201 pools use the Skype for Business 2015 Edge Server
for signaling, you will need to configure the clients to connect manually. Automatic configuration is
controlled through the service (SRV) resource record in Domain Name System (DNS), and you cannot
use DNS to direct clients to specific Edge servers based on the client version. From a Media Relay
Authentication Service (MRAS) perspective, the Skype for Business 2015 pool can utilize the legacy
Edge deployment, or the pool can be configured to use the new Skype for Business 2015 Edge Server.
Federation
Federation continues to use the legacy federation route.

The next step in migration is to bring up your
latest pool to support migrating the rest of your
users from your legacy environment.

Once your latest pool is up, at this stage you will
want to begin migrating the rest of your users.

At this stage, you can now begin routing remote
users and the federated calls to the Skype for
Business 2015 Edge server. You also can begin
recovering the hardware by uninstalling the
legacy edge software.
Question: When migrating from Lync 2010 or 2013 to Skype for Business, which application
endpoints do you usually need to migrate?
Statement Answer
You can complete an In-Place upgrade of a

Skype for Business Enterprise pool one server at a
time while maintaining full Skype for Business
services?
Lesson 3
In-Place Upgrade to Skype for Business
Performing the in-place upgrade from Lync Server 2013 to Skype for Business Server is the same whether
you use the Offline upgrade or Move Users upgrade option. You must fulfill certain requirements before
you can perform an upgrade task. In addition, the upgrade sequence must follow a few rules.
Lesson Objectives
 List the prerequisites for an in-place upgrade from Lync Server 2013 to Skype for Business Server.
 Describe how to prepare a Lync Server 2013 Front End Server pool for in-place upgrade by using
the Skype for Business Server 2015 Topology Builder.
 Describe how to perform an in-place upgrade of a Lync Server 2013 server to Skype for Business
Server.
Prerequisites for an In-Place Upgrade

When running the Skype for Business Server setup
on a server that has Lync Server 2013 installed, the
installer checks for certain prerequisites before
performing the in-place upgrade.
Before starting an in-place upgrade, ensure that
you have installed all available security updates
from Microsoft Update. Windows Update alone is
not sufficient. In addition, you must have at a
minimum, a local SQL Server Express 2012 Service
Pack 1 (SP1) installed. After ensuring that all
updates are installed, go to the Skype for Business
downloads and updates page and download the
latest LyncServerUpdateInstaller.exe for Lync Server 2013. You use the LyncServerUpdateInstaller.exe to
download and apply any updates for Lync Server 2013 not yet released to Microsoft Update. After
applying the updates, verify that all Lync Server databases are current and up-to-date by using the
Windows PowerShell Test-CsDatabase cmdlet; should any of the databases require updating, use the
Windows PowerShell Install-CsDatabase cmdlet.
Skype for Business downloads and updates

http://aka.ms/xh8fex
Steps for performing an in-place upgrade:
1. Fully update Lync Server 2013 servers prior to upgrading.
2. Install Skype for Business Server Topology Builder, which is part of the Skype for Business
administrative tools.
3. In Skype for Business Server Topology Builder, select the Lync Server 2013 pool for in-place upgrade,
and then publish the topology.
4. Take the Lync Server 2013 pool offline by using the Windows PowerShell Disable-CsComputer
–Scorch cmdlet.
5. Run Skype for Business Server setup on the Lync Server 2013 server that you want to upgrade.
6. Start the Skype for Business Server pool by using the Windows PowerShell Start-CsPool cmdlet.
Installing Skype for Business Administrative Tools

To prepare a server running Lync Server 2013 for
an in-place upgrade, you need access to the
Skype for Business Server Topology Builder. You
can install the Skype for Business Server Topology
Builder, which is a part of the Skype for Business
administrative tools, from the Skype for Business
installation media.
You cannot install the updated and required

Skype for Business administrative tools on one of
the existing Lync Server 2013 servers. Instead, you
can install the Skype for Business Server
administrative tools on an existing management
server or workstation that does not have the Lync Server 2013 administrative tools installed.
The Office Web Apps server that the existing Lync Server 2013 topology uses is usually a part of the
internal AD DS. It does not have Lync Server 2013 Core Components installed on it. Consider using this
server for the initial deployment of the Skype for Business administrative tools. Once you complete the
upgrade, consider uninstalling the administrative tools if they are not needed.
Preparing for an In-Place Upgrade by Using the Skype for Business Server
Topology Builder
After you have installed the Skype for Business
Server Topology Builder, you can upgrade the
Lync Server 2013 Front End Server pool. To do
this, open the Skype for Business Server Topology
Builder, and select the topology. Download the
topology from the existing deployment, and then
save the downloaded topology to a file such as,
PreUpgradeTopology.tbxml.
In the Skype for Business Server Topology Builder,

right-click the Lync Server 2013 pool that you are
upgrading to Skype for Business, and then on the
context menu, click Upgrade to Skype for
Business Server 2015. The Lync Server 2013 server or pool object will now move from the Lync Server
2013 container to the Skype for Business Server container in the Skype for Business Server Topology
Builder.
Publish the topology and resolve any issues that arise. When you have published the topology
successfully, wait for the topology replication to complete. You verify the replication by using the
Windows PowerShell cmdlet Get-CsManagementStoreReplicationStatus.
Before you run the in-place upgrade, stop the Lync Server 2013 services and remove the services by using
the Windows PowerShell cmdlet Disable-CsComputer – Scorch. This prevents the services from starting
in case of a server reboot.
Running the Skype for Business In-Place Upgrade

After services are stopped on Lync Server 2013,
run the Skype for Business Server 2015 installer
from the installation media. Once the installer
validates that all prerequisites are met, it begins
the in-place upgrade process.
Before installing the actual Skype for Business

Server components, the installer first deactivates
and uninstalls all Lync Server 2013 services and
components except for databases that contain all
the policies, settings, and user settings. When the
installation is complete, you need to perform a
manual start of the pool by using the Windows
PowerShell cmdlet Start-CsPool; You must not run Start-CsPool until you have upgraded all pool
members to Skype for Business Server.
When all services have started successfully, manually check for updates by downloading and running the
latest SkypeServerUpdateInstaller.exe from the Skype for Business downloads and updates site. Do not
forget to update the databases if needed. Database updates are necessary when you deploy updates to
Skype for Business Core Components. Use the Windows PowerShell cmdlet Test-CsDatabase to verify
installed and expected database version numbers.
After the services have started successfully, verify that Skype for Business clients, and end-points such as
phone devices, are able to sign in, and confirm that all the services work as expected.
Sequencing Activity
The following are the steps for performing an in-place upgrade. Arrange them in the correct order by
numbering each step.
Steps
Install Skype for Business Server Topology Builder.
In Skype for Business Server Topology Builder, select the Lync Server 2013 server that you
want to upgrade.
Take the Lync Server 2013 pool down.
Perform an in-place upgrade.
Start Skype for Business services by using the Windows PowerShell cmdlet Start-CsPool.
Lab: Performing an In-Place Upgrade of Microsoft Lync

2013 to Skype for Business Server 2015
Scenario
A. Datum Corporation has acquired a new enterprise entitled Trey Research. Trey Research has an existing
Lync Server 2013 Standard Edition server that it uses for instant messaging, presence, and conferencing.
In the near future, A. Datum will maintain a separate Active Directory forest and communications
infrastructure, but wants the Trey Research servers to use the same versions as the parent company.
Management has decided to perform an in-place upgrade of the Lync Server 2013 server.
Objectives
After completing this lab, you should be able to:
 Install Skype for Business administrative tools.
 Prepare and perform an in-place upgrade from Lync Server 2013 to Skype for Business Server.
Lab Setup
Virtual machines: 20334B-TREY-DC1, 20334B-TREY-SVR1, 20334B-TREY-LYNC

Password: Pa$$w0rd
1. On the host computer, start Microsoft Hyper-V Manager.
2. In Hyper-V Manager, click 20334B-TREY-DC1, and then in the Actions pane, click Start.
o Domain: TreyResearch
5. Repeat steps 2 and 3 for 20334B-TREY-SVR1 and 20334B-TREY-LYNC.
6. On the host computer, switch back to Hyper-V Manager.
7. In Hyper-V Manager, right-click 20334B-TREY-SVR1, and then from the context menu, select
Settings.
8. In the Settings window, expand IDE Controller 1, and then select DVD Drive.
9. Under Specify the media to use with your virtual CD/DVD drive, select Image file:, and then type
C:\Program Files\Microsoft Learning\20334\Drives\SfB-E-9319.0-enUS.ISO.
10. Click Apply, and then click OK to close the Settings window.
11. Repeat steps 7 through 10 for 20334B-TREY-LYNC.

Exercise 1: Installing Skype for Business Administrative Tools

Scenario
In order to upgrade the Trey Research Lync Server 2013 server to Skype for Business Server 2015, you will
use TREY-SVR1 as the management server on which you will install Skype for Business administrative tools.
1. Install Skype for Business administrative tools on TREY-SVR1.
2. Upgrade the Lync Server 2013 pool to Skype for Business Server, and publish the topology.
 Task 1: Install Skype for Business administrative tools on TREY-SVR1

1. Sign in to TREY-SVR1 as TREYRESEARCH\Administrator with the password Pa$$w0rd.
2. Run D:\Setup\amd64\Setup.exe.
3. Select Don’t check for updates right now.

4. Accept the License Agreement.
5. Install Administrative Tools and accept all default settings.
6. When installer completes, close all windows.
 Task 2: Upgrade the Lync Server 2013 pool to Skype for Business Server, and publish
the topology
1. On TREY-SVR1, from the Start menu, click to the Apps page and open Skype for Business Server
Topology Builder.
2. Download the topology from the existing deployment, and then save the topology as
PreUpgrade.tbxml.
3. Select TREY-LYNC.TreyResearch.net, and select the option to upgrade Skype for Business Server
2015.
4. Publish the Topology.
5. Review the to-do list when the Publish Topology wizard completes.
6. Close all windows and sign out of TREY-SVR1.
Results: After completing this exercise, you should have installed the Skype for Business administrative
tools on TREY-SVR1, and opened the Skype for Business Server Topology Builder. In addition, you
should have downloaded topology from the existing deployment, selected the Lync Server 2013
TREY-LYNC.TreyResearch.net for in-place upgrade, and published the topology.
Exercise 2: Performing In-Place Upgrade from Lync Server 2013 to

Scenario
After successfully publishing the new topology containing the commands to upgrade
TREY-LYNC.TreyResearch.net, you now need to perform the in-place upgrade.
The main task for this exercise is as follows:
1. Run Skype for Business Server 2015 Setup.exe installer.
 Task 1: Run Skype for Business Server 2015 Setup.exe installer

1. Switch to TREY-LYNC.
2. Sign in as TREYRESEARCH\Administrator with the password Pa$$w0rd.
3. Open Lync Server Management Shell.
4. Validate replication by using Get-CsManagementStoreReplicationStatus.
5. Stop Lync services by running Disable-CsComputer –Scorch.

6. Close Lync Server Management Shell.
7. Run Skype for Business 2015 setup D:\Setup\amd64\Setup.exe.
8. Do not check for updates right now.

9. Accept all the default settings.
10. When the setup is complete, start the pool by running the following command in Skype for Business
Server 2015 Management Shell:
Start-CsPool –PoolFQDN TREY-LYNC.TreyResearch.net –Verbose
11. Validate the Skype for Business services by running the following command in Skype for Business
Server 2015 Management Shell:
You have completed an in-place upgrade from Lync Server 2013 to Skype for Business Server.
12. Shut down all virtual machines (VMs) as they are no longer needed.
Results: After completing this exercise, you should have validated the replication of the Central
Management Store (CMS) and performed an in-place upgrade of TREY-LYNC.TreyResearch.net from
Lync Server 2013 to Skype for Business Server.
Question: Why did you not install the Skype for Business administrative tools on TREY-LYNC?
Question: Why did you run Disable-CsComputer –Scorch instead of Stop-CsWindowsService
to stop services?

Best Practices
 In this module, you have learned about the supported migration and upgrade paths for Skype for
Business Server 2015. You have learned that only Lync Server 2010 and Lync Server 2013 are
candidates for upgrading to Skype for Business Server 2015 and that you only can use an in-place
upgrade with Lync Server 2013 However, remember that both Lync Server 2010 and Lync Server 2013
can use the migration path to upgrade to Skype for Business 2015.
 Never troubleshoot under-patched systems. Should unforeseen issues occur during the migration or
upgrade to Skype for Business Server 2015, always check and double-check that the systems are fully
updated and patched.
 Upgrading to a new version is not a troubleshooting step. Do not expect an upgrade to a newer
product version to solve existing problems. Always make sure that the source system is in good
condition and fully patched before attempting an upgrade.
 Smart Setup does not work. At the time of writing this material, the Smart Setup, which checks for
updates during the installation of Skype for Business Server, is not functioning. Always check for
updates immediately after an upgrade or fresh deployment of Skype for Business Server.
Review Question
Question: Are there any reasons not to use the in-place upgrade feature?
Course Evaluation
Your evaluation of this course will help Microsoft understand the quality of your learning experience.
Please work with your training provider to access the course evaluation form.
Microsoft will keep your answers to this survey private and confidential and will use your responses to
improve your future learning experience. Your open and honest feedback is valuable and appreciated.
L1-1
Module 1: Design and Architecture of Skype for Business

Server 2015
Lab: Designing and Publishing a Skype for
Business Server Topology
Exercise 1: Designing and Creating the Topology
 Task 1: Plan for the New York Skype for Business Server deployment
 Review the information in the exercise scenario, and then answer the following questions:
a. What type of Skype for Business Server will you deploy in New York?
Answer: You should deploy Enterprise Edition to meet the future high availability requirement.
b. Question: What server roles in Skype for Business Server will you deploy in New York?
Answer: The only server roles that you should deploy at this point are a Front End Server and a
Back End Server.
c. Question: What would you need to change in your plan to enable high availability?
Answer: If you deploy an Enterprise Edition Front End Server, you can easily enable high
availability by deploying a second Front End Server.
 Task 2: Discuss your plan with the class

 Be prepared to discuss your answers to the questions in the previous task.
 Task 3: Design a topology

1. On LON-SFB1, from the Start screen, click the Down arrow button, and then click Skype for Business
Server 2015, Planning Tool.
3. In the Audio/Video Conferencing window, select Yes, and then click Next.
4. In the Dial-in Conferencing window, select No, and then click Next.
5. In the Web Conferencing window, select Yes, and then click Next.
6. In the Enterprise Voice window, select No, and then click Next.
7. In the Call Admission Control window, select No, and then click Next.
8. In the Monitoring window, select No, and then click Next.
9. In the Archiving window, select No, and then click Next.
10. In the Persistent Chat window, select No, and then click Next.
11. In the Video Interop window, select No, and then click Next.
12. In the Mobility window, select No, and then click Next.
13. In the Federation window, clear the following options, and then click Next:
o Yes, I want to enable federation via XMPP

14. In the High Availability window, select Yes, and then click Next.
15. In the IP Support window, select Both IPv4 and IPv6, and then click Next.
L1-2 Design and Architecture of Skype for Business Server 2015
16. In the Disaster Recovery window, select No, and then click Next.
17. In the Features Overview Completed window, click Design Sites.
18. In the Central Sites window, in the Site Name text box, type New York, in the Site Homed Users
text box, type 1000, and then click Next.
19. In the SIP Domain window, in the What are your company’s internal SIP Domains text box, type
adatum.com, click Add, and then click Next.
20. In the Conference Settings window, clear Data collaboration is enabled, and then click Next.
21. In the External User Access window, select No for Do you want to enable external user access, and
then click Next.
22. In the High Availability Options window, select Database Mirroring, and then click Next.
23. In the Add Another Central Site window, click Next.
24. In the Skype for Business Server 2015, Planning Tool Finished Successfully window, click Draw to
review the proposed topology.
Results: After completing this exercise, you should have identified the necessary servers and configuration
for the workloads that A. Datum plans to deploy in New York.
Exercise 2: Updating the Topology for the New York Site

2. In Topology Builder, click Download Topology from existing deployment, and then click OK.
Note: If the Download Current Topology window appears, wait a few seconds before
continuing.
3. In the Save Topology As window, select the desktop, and then save the topology as Lab1.tbxml.
 Task 2: Update the topology to reflect the New York site

1. Switch to NYC-SQL3.
2. On NYC-SQL3, open File Explorer, and then go to drive C.
3. Create a new folder named SkypeShare.
4. Right-click the SkypeShare folder, and then click Share with specific People.
5. Ensure that Administrator is listed as Read/Write and that the Administrators group is listed as the
owner.
6. On the File Sharing window, click Share, and then click Done.
8. In Topology Builder, on LON-SFB1, right-click Skype for Business Server, and then click New
Central Site.
9. In the Define New Central Site window, in the Name text box, type New York, and then click Next.
Core Solutions of Skype for Business 2015 L1-3
10. In the Specify site details window, in the City text box, type New York, and then click Next.
11. In the Central site was successfully defined window, verify that Open the New Front End Wizard
when this wizard closes is selected, and then click Finish.
12. In the Define the New Front End pool window, click Next.
13. In the Pool FQDN text box, type NY-pool.adatum.com, and then click Next.
14. In the Define the computers in this pool window, in the Computer FQDN text box, type
NYC-SFB3.Adatum.com, click Add, and then click Next.
15. In the Select features window, select Conferencing (includes audio, video, and application
sharing), and then click Next.
16. In the Select collocated server roles window, select Collocate Mediation Server, and then click Next.
17. In the Associate server roles with this Front End pool window, verify that Enable an Edge pool to be
used by the media component of this Front End pool is cleared, and then click Next.
18. In the Define the SQL Server store window, click New to open a new Microsoft SQL Server store.
19. In the Define New SQL Server Store window, in the SQL Server FQDN text box, type
NYC-SQL3.adatum.com, click the option for Default instance, and then click OK.
20. Verify that the SQL Server store is populated with NYC-SQL3.adatum.com\Default, and then click
Next.
21. In the Define the file store window, select Define a new file store:
a. In the File server FQDN text box, type NYC-SQL3.adatum.com.
b. In the File Share text box, type SkypeShare, and then click Next.
22. In the Specify the Web Services URL window, leave the default options, and then click Next.
23. In the Select an Office Web Apps Server window, verify that Associate pool with an Office Web
Apps Server is cleared, and then click Finish.

1. In Topology Builder, on LON-SFB1, right-click the newly created New York site, point to Topology,
2. In the Publish Topology window, click Next.

3. In the Select databases window, verify that NYC-SQL3.adatum.com\Default is selected, and then
click Next.
4. After publishing completes, in the Publishing wizard complete window, select a step, and then click
View Logs for review. This might be necessary for reviewing errors or warnings.
5. Click Close to exit Internet Explorer.
6. Click Finish to close the Publish Topology Wizard.
7. Close Topology Builder.

L1-4 Design and Architecture of Skype for Business Server 2015

You will need the configured state of these virtual machines for the next module. Do not revert any of the
virtual machines.
Results: After completing this exercise, you should have added the required servers and configuration to
the topology based on your design of the Skype for Business deployment in the New York site.
L2-5
Module 2: Installing and Implementing

Lab A: Configuring DNS and Simple URLs
for Skype for Business Server
Exercise 1: Configuring the Required DNS Records and Simple URLs for
 Task 1: Create the required DNS records for Skype for Business Server
1. On LON-DC1, in Server Manager, click Tools, and then click DNS.
2. In DNS Manager, expand LON-DC1, expand Forward Lookup Zones, and then click Adatum.com.
3. Right-click Adatum.com, and then click New Host (A or AAAA).
4. In the New Host window, in the Name box, type NY-pool.
5. In the IP Address box, type 172.16.10.20, and then click Add Host.
6. At the DNS prompt, click OK.
7. In the New Host window, in the Name box, type NY-webint.
10. In the New Host window, in the Name box, type dialin.
13. In the New Host window, in the Name box, type meet.
14. In the IP Address box, type 172.16.10.20, and then click Add Host. Click OK, and then click Done.
15. Right-click Adatum.com, and then click Other New Records.
16. In the Select a resource record type window, click Service Location (SRV), and then click
Create Record.
17. In the Service box, type _sipinternaltls.
18. In the Protocol box, type _tcp.
19. Leave the Priority entry as the default. Enter 10 for Weight.
20. In the Port Number box, type 5061.
21. In the Host offering this service box, type NY-pool.Adatum.com, and then click OK.
22. Click Done, and then close DNS Manager.

L2-6 Installing and Implementing Skype for Business Server 2015

2. In Topology Builder, click Download Topology from existing deployment, and then click OK.
Note: If the Download Current Topology window appears, wait a few seconds before
continuing.
3. In the Save Topology As window, select Desktop, and then save the topology as Lab2.tbxml.
 Task 3: Update the topology with the simple URLs

1. In Topology Builder, on LON-SFB1, right-click Skype for Business Server, and then click Edit
Properties.
2. In the Edit Properties window, in the left navigation pane, click Simple URLs.
3. In the right navigation pane, under Phone access URLs, click Add.
4. In the right navigation pane, under Phone access URLs, verify the simple URL of
https://dialin.adatum.com already exists. If not, click Add. In the Add simple URL window, in the
URL text box, type https://dialin.adatum.com, select the Make this the active URL check box, and
then click OK.
5. In the right navigation pane, under Meeting URLs, verify the simple URL of
https://meet.adatum.com with the SIP domain Adatum.com already exists. If not, click Add. In the
Add simple URL window,
in the SIP domain drop-down menu, select Adatum.com, in the URL text box, type
https://meet.adatum.com, select the Make this the active URL for the selected domain
check box, and then click OK.
6. In the Edit Properties window, click OK.

1. In Topology Builder, on LON-SFB1, right-click Skype for Business Server, and click Publish
Topology.
3. After the publishing completes, in the Publishing wizard complete window, select a step, and then
click View Logs for review. This might be necessary for reviewing errors or warnings.
5. Click Finish to close the Publish Topology Wizard.
6. Close the Topology Builder.
Results: After completing this exercise, you will have created the required Domain Name System (DNS)
records to support the workloads that A. Datum Corporation plans to deploy in New York and to support
the simple URLs.
Lab B: Deploying Skype for Business Server

Exercise 1: Installing and Configuring Skype for Business Server
 Task 1: Run the deployment wizard
1. On NYC-SFB3, in File Explorer, right-click D:\, and then click Install or run program from your
media. The Microsoft Visual C++ install will take place before the actual wizard begins.
2. On the Skype for Business Server message box, click Don’t check for updates right now, and then
click Install.
3. On the End User License Agreement page, select I accept the terms in the license agreement,
and then click OK.
4. On NYC-SFB3, on the Skype for Business Server 2015 - Deployment Wizard page, click Install or
Update Skype for Business Server System.
5. On the Skype for Business Server 2015 - Deployment Wizard page, next to Step 1: Install Local
Configuration Store, click Run.
6. On the Configure Local Replica of Central Management Store page, verify that Retrieve directly
from the Central Management Store is selected, and then click Next. This step will take about 15
minutes to execute.
7. On the Executing Commands page, when the Task Status shows Completed, click Finish.
Setup or Remove Skype for Business Server Components, click Run.
9. On the Setup Skype for Business Server Components page, click Next. This step will take
approximately 15 minutes to run.
 Task 2: Examine the log files

1. On the Executing Commands page, click View logs to view the log files in Internet Explorer.
Note: Expand BootstrapFull and view the logs.
3. On the Executing Commands page, click Finish.
Results: After completing this exercise, you will have installed the local configuration store and the core
components on the Skype for Business Server Front End Server in the New York site.
L2-8 Installing and Implementing Skype for Business Server 2015
Exercise 2: Installing Skype for Business Server Certificates

 Task 1: Request and assign certificates from an online enterprise CA
Request, Install or Assign Certificates, click Run.
2. In the Certificate Wizard window, select Default Certificate, and then click Request.
3. On the Certificate Request page, select the following options:
o In the Select a CA from the list detected in your environment drop-down list, verify that
LON-DC1.Adatum.com\AdatumCA is present.
o In the Friendly Name box, type NYC-SFB3 Skype for Business Server Default Certificate.
o In the Organization box, type A Datum.
o In the Organizational Unit box, type IT.
o In the Country/Region drop-down list, select United States.
o In the State/Province box, type New York.
o In the City/Locality box, type New York City.

o In the Select one or more SIP Domains … to be added to the subject alternative names list,
select Adatum.com, and then click Next.

5. On the Executing Commands page, when the Task Status shows Completed, click Next.
Note: If the certificate request fails, check if the Active Directory Certificate Services service
is running on LON-DC1. If not, start the service, and then retry the certificate request.
6. On the Online Certificate Request Status page, verify that Assign this certificate to Skype for
Business Server certificate usages is selected, and then click Finish.
7. On the Certificate Assignment page, click Next.
9. On the Executing Commands page, when the Task Status shows Completed, click Finish.
10. On the Certificate Wizard, click the down arrow next to Default Certificate to expand the Certificate
Type.
11. Verify that Server Default, Web Services Internal, and Web Services External show as Assigned.
12. On the Certificate Wizard, click the down arrow next to OAuthTokenIssuer to expand the Certificate
Type.
13. Verify that the OAuthTokenIssuer shows Assigned.
14. Click Close to close the Certificate Wizard.

 Task 2: Start the Skype for Business Server services

1. On NYC-SFB3, on the Start screen, type Skype for Business Server Management Shell, and then
click Skype for Business Server Management Shell.
2. At the prompt, type the following command. and then press Enter:
Start-CsPool NY-pool.adatum.com
3. At the prompt, type Y, and then press Enter.
4. When the command has finished, close the management shell.
5. On the Skype for Business Server 2015 – Deployment Wizard page, click Exit.
 Task 3: Verify the Skype for Business client connectivity to New York
3. Select https://ny-pool.adatum.com/Cscp, click OK, and then sign in as adatum\administrator
with the password Pa$$w0rd.
4. Select users on the left menu, and then click enable users.
5. In the new Skype for Business Server user panel, click add, and then click add filter.
6. In the first drop-down list box, select Department. In the second drop-down list box, select equal to.
In the text box, type Sales, and then click Find.
7. Click the first user, and then press Ctrl+A to select all the users from the search results. Click OK.
8. In the assign users to a pool drop-down list box, select NY-pool.adatum.com, change the
Telephony drop-down list box to Enterprise Voice, and then at the upper-left corner, click Enable.

steps:

Results: After completing this exercise, you will have requested and assigned the certificates and started
the services for the Skype for Business Server Front End Server in the New York site.
L3-11
Module 3: Administering Skype for Business Server 2015

Lab A: Using the Administrative Tools to
Manage Skype for Business Server
Exercise 1: Installing the Skype for Business Administrative Tools on a
Windows 10 Client
 Task 1: Install the Skype for Business administrative tools on a workstation
1. On the host machine, in Microsoft Hyper-V Manager, right-click 20334B-LON-CL1, and then
click Settings.
2. Click DVD Drive.
3. Click Image File.
4. Click Browse, and then navigate to C:\Program Files\Microsoft Learning\20334\Drives\.
5. Click SfB-E-9319.0-enUS.ISO, click Open, and then click OK.

6. On LON-CL1, open File Explorer, right-click the DVD drive, and then click Install or run program from
your media.
7. In the Skype for Business Server install window, select Don’t check for updates right now, and then click
Install.
9. In the Welcome to Skype for Business Server 2015 deployment window, select Install Administrative
Tools.
10. In the Install Administrative tools window, click Next.
11. In the Executing Commands window, verify that the task status is Completed, and then click Finish.
12. Click Exit to close the Deployment Wizard window.
Results: After completing this exercise, you will have installed the administrative tools for Skype for
Business on LON-CL1.
Exercise 2: Using Skype for Business Server Control Panel

 Task 1: Enable a user for Skype for Business
1. On LON-CL1, click the Start button, click All Apps, click Skype for Business Server 2015, and then click
2. In the Windows Security dialog box, type Administrator as the user name and Pa$$w0rd as the
password. Click OK.
3. Click the Users tab.
4. On the User Search page, click Enable Users.

5. Click Add.
6. Type Carol Troup in the search box, click Find, and then click OK.
L3-12 Administering Skype for Business Server 2015
7. On the User Search page, in the Assign users to a pool section, select pool.adatum.com.
8. Examine the additional options on the page, and then click Enable.
9. Confirm that Carol Troup is enabled.
10. Leave the User Search page open for the next task.
 Task 2: Enable all the members of an OU for Skype for Business

2. Click Add.
3. Click Add filter.
4. In the first box, select Department.
5. Confirm that Equal to is displayed in the next box.
6. In the last box, type IT, and then click Find.
7. Select all of the displayed users, and then click OK.
8. On the User Search page, in the Assign users to a pool section, click pool.adatum.com.
9. Examine the additional options on the page, and then click Enable.
10. In the User Search box, type Don Funk, and then click Find.
11. Verify that there is a check mark in the Enabled column.
12. Clear the name in the search field and then click Find to view all the enabled users.
Results: After completing this exercise, you will have enabled Carol Troup and all the members of the
information technology (IT) organizational unit (OU) to use Skype for Business.
Exercise 3: Using the Skype for Business Server Management Shell

 Task 1: Validate group members
1. On LON-DC1, in Server Manager, click Tools, and then click Active Directory Users and Computers.
2. Expand Adatum.com, and then click Managers.
3. Review the Managers group membership.
4. Note that Aidan Delaney and Bill Malone are the members of the Managers security group.
5. Close Active Directory Users and Computers.
 Task 2: Enable users for Skype for Business

1. On LON-CL1, click the Start button, click All Apps, click Skype for Business Server 2015, and then click
2. In the Skype for Business Server Management Shell, type the following command, and then press Enter:
$sipDomain = “adatum.com”
$csPool = 'pool.adatum.com'
foreach ($user in $users){Enable-CsUser -Identity $user -RegistrarPool $csPool -

SipAddressType SAMAccountName -SipDomain $sipDomain;}
 Task 3: Validate the configuration

1. In Skype for Business Server 2015 Control Panel, click Users.
2. Leave the search box empty, and then click Find.

3. Notice that the list of enabled users now includes the members of the Managers group in AD DS,
including Aidan Delaney and Bill Malone.
4. Close the Skype for Business Server 2015 Control Panel. If a dialog box appears, click Yes.
Results: After completing this exercise, you will have enabled all the users in the Managers security group
Lab B: Using the Skype for Business

Troubleshooting Tools
Exercise 1: Using Skype for Business Server Management Shell Cmdlets to
Create an RBAC Structure
 Task 1: Validate user rights
1. On LON-CL1, click the Start button, click All apps, and then click Microsoft Edge.
2. In the browser window type http://lon-sfb1.adatum.com/cscp.
3. Confirm that the access is denied. You should see an Access is denied message.
 Task 2: Grant administrative rights to a specific user

1. On LON-DC1, in Server Manager, click Tools, and then click Active Directory Users and Computers.
2. In Active Directory Users and Computers, in the navigation pane, expand Adatum.com, and then click the
Users container.
3. In the Results pane, right-click the CSAdministrator group, and then click Properties.
4. On the CSAdministrator Properties page, click the Members tab, and then click Add.
5. On the Select Users, Contacts, Computers, Service Accounts, or Groups page, in the Enter the object
names to select box, type Ed, select Ed Meadows, and then click OK.
6. Return to the CSAdministrator Properties page. Click OK.
7. In Active Directory Users and Computers, right-click the Users container, click New, and then click Group.
Type CSManagersUserAdmin, and then in the Group scope section, click Universal. Click OK.
 Task 3: Validate that RBAC is applied and create a new role

2. Sign in to LON-CL1 as Adatum\Administrator with the password Pa$$w0rd.
3. Click the Start button, click All apps, and then click Skype for Business Server Management Shell.
4. At the command prompt, type Get-CsAdminRoleAssignment –Identity “Ed”, and then press Enter.
5. Confirm that Ed has the CSAdministrator role.

6. At the command prompt, type New-CsAdminRole -Identity "CsManagersUserAdmin" -Template
"CsUserAdministrator" -UserScopes "OU:OU=Managers,DC=Adatum,DC=com", and then press
Enter.
 Task 4: Add group members to the RBAC role

1. On LON-DC1, in Active Directory Users and Computers, click Users.
2. In the details pane, double-click CSManagersUserAdmin, and then click Members.
3. Click Add.
4. Type Managers, and then click OK.
5. Click OK to close the properties box.
7. In the Skype for Business Server Management Shell, confirm that Ed Meadows is assigned the
CsManagersUserAdmin role by typing Get-CsAdminRoleAssignment –Identity “Ed” at the command
prompt.
Results: After completing this exercise, you will have assigned Ed Meadows the CSAdministrator role. You
will also have assigned the members of the Managers organizational unit the CSUserAdministrator role
that is scoped to their OU.
Exercise 2: Using the Centralized Logging Service

 Task 1: Start centralized logging scenarios
1. Sign out of LON-SFB1.

Get-CsClsConfiguration
5. Start a logging scenario with the Centralized Logging Service by typing the following command, and then
pressing Enter:
6. Start a second logging scenario (AudioVideoConferencingIssue) with the Centralized Logging Service by
typing the following command, and then pressing Enter:
Start-CsClsLogging -Scenario AudioVideoConferencingIssue –Pools pool.adatum.com
 Task 2: Simulate Skype for Business transactions between clients

1. On LON-CL1, sign in as adatum\ed, and then open Skype for Business.
2. On LON-CL2, sign in as adatum\amr, and then open Skype for Business.
3. On LON-CL1, in the Skype for Business window, click the drop-down arrow next to the settings icon, and
then click Meet Now.
4. If a Join Meeting Audio dialog box appears, select Use Skype for Business and Don’t show this again,
and then click OK.
5. In the new conversation window, click the People icon, and then click Invite More People.
6. In the Send an IM dialog box, type Amr, select Amr Zaki, and then click OK.
7. Type a message to Amr and then press Enter.
8. On LON-CL2, click the Ed Meadows notification that appears on the screen.
9. Type a message back to Ed Meadows.
10. Click Close to end the session.

 Task 3: Search the log generated by the Centralized Logging Service

1. On LON-SFB1, on the taskbar, click Skype for Business Server Management Shell, flush the data cache
by typing the following command, and then pressing Enter:
Sync-CsClsLogging
2. Execute a search against the currently running logging scenario and output the results to a file by
executing the following command and pressing Enter:
3. Stop the AudioVideoConferencingIssue logging scenario by entering the following command and
pressing Enter:
Stop-CsClsLogging -Scenario AudioVideoConferencingIssue –pools pool.adatum.com
 Task 4: Use Snooper

1. Open File Explorer, go to C:\Program Files\Skype for Business Server 2015\Debugging Tools\, and
then double-click Snooper.exe.
2. In Snooper, on the File menu, click Open File.
3. Go to C:\Labfiles and select SearchResult.txt. Click Open.
4. Click the Messages tab, and then observe the collected data.
5. Close Snooper.
Results: After completing this exercise, you will have captured the messages that are transmitted in an ad
hoc meeting by using the Centralized Logging Service.
Exercise 3: Performing a Network Capture by Using Message Analyzer

 Task 1: Start a capture on Message Analyzer
1. On LON-CL1, type Message Analyzer in the search box, right-click Microsoft Message Analyzer, click
Run as administrator, and then click Yes to start Microsoft Message Analyzer.
2. Click Do not update items, click No, I do not want to participate, and then click OK.
3. Click New Session.
4. In the Add Data Source list, select Live Trace.
5. Under Trace Scenario, select Local Network Interfaces.
6. On the Session1 tab, click Start.
7. In the View Filter box, type TLS, and then click Apply.
 Task 2: Start a conference session

1. Start a conference between Ed and Amr by performing the following steps:
a. On LON-SFB1, open the Skype for Business Server Management Shell and start a logging
scenario with the Centralized Logging Service by typing the following command, and then
pressing Enter:
b. On LON-CL1, in the Skype for Business window, click the drop-down arrow next to the settings
icon, and then click Meet Now.
c. In the new conversation window, click the People icon, and then click Invite More People.
d. In the Send an IM dialog box, type Amr, select Amr Zaki, and then click OK. Type some
message text.
e. On LON-CL2, click the Ed Meadows notification that appears on the screen.
f. Type some message text.

2. On LON-SFB1, in the Skype for Business Server Management Shell, flush the data cache by typing the
following command and pressing Enter:
Sync-CsClsLogging
3. Execute a search against the currently running logging scenario and output the results to a file by running
the following command and pressing Enter:
4. Stop the AlwaysOn logging scenario by entering the following command and pressing Enter:
Stop-CsClsLogging -Scenario AlwaysOn –Pools pool.adatum.com
5. In File Explorer, go to C:\Program Files\Skype for Business Server 2015\Debugging Tools\, and then
double-click Snooper.exe.
6. In Snooper, on the File menu, click OpenFile.
7. Go to C:\Labfiles, and then select SearchResult.txt. Click Open.
8. View the messages and traces.
 Task 3: Examine the results

1. View and analyze traffic on the Message Analyzer on LON-CL1.
2. On LON-CL1, in the results pane, notice the Transport Layer Security (TLS) traffic that is being generated.
3. Click the first packet with a Source or Destination address of 172.16.0.20, and then observe the Details 1
pane.
4. Review several of the TLS packets to see the traffic exchanged between the Skype for Business server and
the client.
5. Stop the network capture by clicking the square Stop button in the toolbar at the top of the window, and
then close Microsoft Message Analyzer.

steps:

Results: After completing this exercise, you will have examined a network capture.
L4-19
Module 4: Configuring Users and Clients in

Lab A: Configuring Users and Clients in
Exercise 1: Enabling Users for Skype for Business by Using the
Management Shell
 Task 1: Use the Skype for Business Server Management Shell to enable users for
Skype for Business and to disable their use of the audio and video features
1. In LON-SFB1, on the taskbar, click Skype for Business Server Management Shell.
Get-CsADUser –OU “ou=Marketing,dc=adatum,dc=com”
This shows a list of all users in the Marketing organizational unit (OU).
Get-CsADUser –OU “ou=Marketing,dc=adatum,dc=com” | Enable-CSUser –RegistrarPool

“pool.adatum.com” –SipAddressType SamAccountName –SipDomain Adatum.com -whatif
With the -whatif parameter, this command displays the accounts that will be enabled, without
actually enabling them. You can use the –whatif parameter when you want to see the consequences
of running a command prior to running it.
4. At the command prompt, run the previous command without the -whatif parameter.
Get-CsADUser –OU “ou=Marketing,dc=adatum,dc=com” | Set-CSUser -audiovideodisabled

$true
If you do not receive an error message, you can assume that the command ran properly.
 Task 2: Sign in to Skype for Business as a member of the Marketing OU

1. On LON-SFB1, at the command prompt, type the following command, and then press Enter:
Get-CsUser –Identity “Adam Barr”
2. Confirm that Adam Barr is enabled for Skype for Business by confirming that the Enabled parameter is
set to TRUE.
4. On LON-CL1, click Start, click All apps, expand Microsoft Office 2013, and then click Skype for
Business 2015. Click Ask me later, and then click Accept.
L4-20 Configuring Users and Clients in Skype for Business 2015
6. Confirm that Adam can connect to Skype for Business by successfully signing in.
7. Beneath Adam Barr’s profile picture, click Available, and then click Sign Out.
Results: After completing this exercise, you should have enabled all members of the Marketing OU.
Exercise 2: Troubleshooting User Sign-In Issues

 Task 1: Attempt to sign in as a user who has not been enabled in
1. In the Skype for Business client, click the gear icon, click Tools, and then click Options.
2. On the Skype for Business-Options General page, verify that Logging in Skype for Business is set
to Full, and then click Cancel.
3. In the Skype for Business client, click the gear icon, click File, and then click Exit.
4. Open File Explorer, and then browse to C:\Users\Administrator.Adatum\AppData
\Local\Microsoft\Office\16.0\Lync\Tracing.
Note: If you cannot find the AppData folder, on the View tab, click Options, and then
select Change folder and search options. In the Folder Options window, click the View tab, and
then under the Hidden files and folders section, select Show hidden files, folders, and drives.
Do not select the Hide extensions for known file types check box.
5. Select all files with the .log extension, and then delete them.
7. On LON-CL1, click Start, click All apps, and then click Skype for Business 2016. If necessary, click
Cancel sign-in to cancel the previous sign-in task.
8. In the Skype for Business client, sign in as Dan@adatum.com with the password Pa$$w0rd.
9. Note that you cannot sign in, and then click OK.
 Task 2: Examine the local logs by using Snooper

2. On LON-SFB1, open File Explorer, browse to C:\Program Files\Skype for Business Server 2015
\Debugging Tools\, and then double-click Snooper.exe.
3. In Snooper, on the File menu, click OpenFile, and then browse to \\LON-CL1\C$\Users
\Administrator.Adatum\AppData\Local\Microsoft\Office\16.0\Lync\Tracing\.
4. Select Lync-UccApi-0.UccApilog, and then click Open. Click the Messages tab, and then note that
no data generated for the dan@adatum.com user sign-in.
5. Close Snooper.
 Task 3: Verify the user's Skype for Business status and enable the user
2. Type Get-CsUser –Identity “Dan Park”, and then press Enter.
3. Confirm that Dan Park is not enabled for Skype for Business.
4. Type Enable-CsUser –Identity “Dan Park” –RegistrarPool “pool.adatum.com” –SipAddress

sip:dan@adatum.com, and then press Enter.
 Task 4: Verify that the user can sign in

1. On LON-CL1, in the Skype for Business client, sign in as Dan@adatum.com with the password
Pa$$w0rd.
2. Confirm that you can sign in.
3. Repeat the “Examine the local logs by using Snooper” task above to view the uccapilog and event log
data.
4. Beneath Dan Park’s profile picture, click Available, and then click Sign Out.

machines, but leave them running in preparation for next lab.
Results: After completing this exercise, you should have addressed Dan Park’s sign-in issue.
Lab B: Configuring Policies and the Address

Book in Skype for Business Server
Exercise 1: Configuring Client Policies
 Task 1: Make a script to create the settings that the scenario requires
1. On LON-SFB1, on the taskbar, right-click Windows PowerShell, and then select Windows
PowerShell ISE.
2. In the Windows PowerShell ISE Script pane, type the following command, and then press Enter:
Import-Module SkypeforBusiness
3. In the Windows PowerShell ISE Script box, type the following command, and then press Enter:
Set-CsClientPolicy Global -BlockConversationFromFederatedContacts: $True -

DisableEmoticons: $True -IMWarning “All communications within Adatum may be logged
and viewed at any time and for any reason” –Verbose
4. In Windows PowerShell ISE, type the following commands on separate lines, and then press Enter:
New-CsClientPolicy –Identity LondonClientPolicy

Set-CsClientPolicy –Identity LondonClientPolicy -EnableClientMusicOnHold: $True -
EnableFullScreenVideo: $True -EnableExchangeContactSync: $True -IMWarning
“All communications within ADatum may be logged and viewed at any time and for any
reason.” –Verbose
5. On the toolbar at the top of the Windows PowerShell ISE window, click File, click Save As, click Local
Disk (C:), and then click Labfiles. In the File name text box, type ClientPolicies.ps1, and then click
Save.
Note: If you cannot click Save As, click the Script drop-down list, and then you can click
Save As.
Enter:
C:\labfiles\ClientPolicies.ps1
Enter:
Grant-CsClientPolicy -Identity “Amr Zaki” -PolicyName tag:LondonClientPolicy
 Task 2: Verify that the script applied

1. On LON-CL1, in the Skype for Business client, sign in as Amr@adatum.com with the password
Pa$$w0rd.
2. On LON-CL2, click Start, click All apps, and then click Skype for Business 2016.
3. In the First things first dialog box, click Ask me later and click accept.
5. On LON-CL1, in the Skype for Business search box, type Adam@adatum.com, and then double-click
Adam Barr. Type some message text, and then press Enter.
6. On LON-CL2, click the Amr Zaki notification that appears on the screen.
7. Type some message text, and then press Enter.
8. The message should display indicating all communications will be logged in each message window.
9. After verifying that the message displays, sign out of Skype for Business on both LON-CL1 and
LON-CL2.
Results: After completing this exercise, you should have created the global policy that will apply to users
who do not receive the tagged policy.
Exercise 2: Configuring the Address Book

 Task 1: Load the Lync15.admx administrative template into the GPMC
1. On LON-DC1, open File Manager, and then copy C:\Labfiles\lync15.admx to
C:\Windows\PolicyDefinitions.

3. On LON-DC1, in Server Manager, click Tools, and then click Group Policy Management.
4. In the Group Policy Management Console (GPMC), expand Forest, expand Domains, right-click
Adatum.com, and then click Create a GPO in the domain, and Link it here.
6. In the console tree, expand Adatum.com, and then click Group Policy Objects.
7. In the Group Policy Management Console, right-click Address Book No Delay GPO that you just
created, and then click Edit.
 Task 2: Edit a GPO that sets no delay for the Address Book download
2. Click Enabled, below the Option section, type 0, and then click OK.

 Task 3: Verify the Address Book download

1. On LON-CL1, exit the Skype for Business client to remove the existing Address Book.
2. Open File Explorer, and then browse to the C:\Users\Administrator.Adatum\AppData

\Local\Microsoft\Office\16.0\Lync
\sip_amr@adatum.com folder.
3. Delete the GalContacts.db and GalContacts.db.idx Address Book files.
4. Restart the Skype for Business client, and then sign in as Amr@adatum.com with the password
Pa$$w0rd.
5. Return to the C:\Users\Administrator.Adatum\AppData\Local\Microsoft\Office\16.0\Lync

\sip_amr@adatum.com folder, and then confirm that the Address Book files have returned.

steps:
Results: After completing this exercise, you should have created a Group Policy Object (GPO) that will
eliminate the delay in deploying the Address Book.
L5-25
Module 5: Configuring and Implementing Conferencing in

Lab A: Installing and Configuring Office
Online Server
Exercise 1: Installing Office Online Server
 Task 1: Install Office Online Server and obtain certificates
1. On LON-SVR1, on the taskbar, click File Explorer, open drive D, right-click Setup.exe, and then click
Run as administrator.
2. On the Microsoft Office Online Server 2016 – Read the Microsoft Software License Terms page,
select I accept the terms of this agreement, and then click Continue.
3. Select C:\Program Files\Microsoft Office Online as the installation location, and then click Install
Now. The installation progress bar displays. Go to the next step while Office Online Server is being
installed.
4. On the taskbar, right-click Start, and then click Run.
5. In the Run dialog box, type MMC, and then press Enter.
An empty MMC window named Console1 - [Console Root] opens.

6. On the File menu, click Add/Remove Snap-In.
8. In the Certificates snap-in dialog box, select Computer account, and then click Next.
9. On Select Computer page, accept the default Local computer: (the computer this console is
running on), and then click Finish.

11. In the Console1 - [Console Root] window, expand Certificates (Local Computer). This displays the
different certificate stores on the local computer.
12. Right-click the Personal store, click All Tasks, and then click Request New Certificate. The
Certificate Enrollment Wizard opens.
13. On the Before You Begin page, click Next.
14. On the Select Certificate Enrollment Policy page, accept the default Active Directory Enrollment
Policy, and then click Next. Be patient while the templates load, which can take several seconds.
15. On the Request Certificates page, select Adatum Web Server, and then click the link with the
yellow exclamation point (!) named More information is required to enroll for this certificate.
Click here to configure settings. The Certificate Properties dialog box opens.
16. In the Certificate Properties dialog box, on the Subject tab, in the Subject name list, click Common
Name.
17. In the Value text box, type LON-SVR1.adatum.com, and then click Add. The name moves to the
right pane in the format of CN=LON-SVR1.adatum.com.
18. In the left pane, in the Alternative name list, click DNS.
L5-26 Configuring and Implementing Conferencing in Skype for Business 2015
19. In the Value text box, type LON-SVR1.adatum.com, and then click Add. The name moves to the
right pane in the format of DNS LON-SVR1.adatum.com.
20. In the same Value text box, type wac.adatum.com, and then click Add. The name moves to the right
pane below LON-SVR1.adatum.com.
21. Switch to the General tab, and then in the Friendly name text box, type WACcert.
22. Switch to the Private Key tab.
23. On the Key options menu, click Make private key exportable, click Apply, and then click OK. This
takes you back to the Request Certificates window.
24. In the Request Certificates window, click Enroll. Wait for the “Requesting certificates. Please wait”
message to go away, and then click Finish. This takes you back to the Console1 - [Console Root]
window.
25. Highlight Certificates (Local Computer) – Personal – Certificates, and then validate that the
certificate with the friendly name WACcert is listed.
26. Click Close to exit the MMC window.

27. In the “Save console settings to Console1” message pop-up window, click No.
28. Switch back to the Microsoft Office Online Server 2015 Installation Wizard. The installation process
should be complete by now.
29. Click Close to exit the installer and close File Explorer.
 Task 2: Configure an Office Online Server farm for Skype for Business
1. On LON-SVR1, on the taskbar, right-click Windows PowerShell, and then click Run as
Administrator. An administrative Windows PowerShell command-line interface window opens.

https://wac.adatum.com –CertificateName WACcert
3. Wait for the setup to complete. You will get a list of all the settings on the new Office Online Server
farm.
4. From the Start page, open Internet Explorer, type https://LON-SVR1.adatum.com

/hosting/discovery in the address bar, and then press Enter.
5. Verify that LON-SVR1 returns an XML document that shows the current settings.
 Task 3: Add Office Online Server to the Skype for Business topology
1. Switch to LON-SFB1. If not already signed in, sign in as Adatum\Administrator with the password
Pa$$w0rd.
2. From the taskbar, click Skype for Business Server Topology Builder.
3. In the Topology Builder window, select Download Topology from existing deployment, and then
click OK. The current topology starts downloading. Wait for the task to complete.
4. In the Save Topology As dialog box, in the File name text box, type Lab5A, and then click Save.
5. In the Skype for Business Server 2015, Topology Builder window, expand Skype for Business Server,
expand Adatum Headquarters, expand Skype for Business Server 2015, expand Enterprise
Edition Front End pools, and then select pool.adatum.com.
6. Right-click pool.adatum.com, and then click Edit Properties. The Edit Properties window opens.
7. On the General page, under Associations, select Associate pool with an Office Web Apps Server,
and then click New.
8. In the Define New Office Web Apps Server window, in the Office Web Apps Server FQDN text box,
type LON-SVR1.adatum.com, and then click OK.
9. In the Edit Properties window, click OK to close and return to Topology Builder.
10. In the navigation pane, right-click Skype for Business Server, and then click Publish Topology.
Click Next and then wait for the Publish Topology task to complete.
11. Click Finish.

12. Close the Topology Builder.
Note: This completes this lab. Please do not shut down the virtual machines—you will need
them in the next lab.
Results: After completing this exercise, you should have installed and configured Microsoft Office Online
Server on LON-SVR1, and added Office Online Server to the Skype for Business topology.
Lab B: Configuring Conferencing in Skype

for Business Server
Exercise 1: Configuring, Assigning, and Validating Conferencing Policies
 Task 1: Configure conferencing policies
1. On LON-SFB1, right-click the Skype for Business Server Management Shell from the taskbar, and
then select Run as Administrator from the shortcut menu.
Enter. This creates a new policy named IT:
New-CsConferencingPolicy –Identity IT
Enter. This configures the IT policy to allow external participants to record meetings:
Set-CsConferencingPolicy –Identity IT –AllowConferenceRecording 1 –

AllowExternalUsersToRecordMeeting 1
4. Leave the Skype for Business Server Management Shell running, and then open Skype for Business
Server Control Panel from the taskbar.
5. Sign in to Skype for Business Server 2015 Control Panel as Adatum\Administrator with the password
Pa$$w0rd.
6. In the navigation pane, click Conferencing.
7. In the CONFERENCING POLICY window, click +New, and then click User policy. This takes you to the
New Conferencing Policy page.
8. In the Name text box, type Management.

9. Under Data collaboration, clear the Allow federated and anonymous participants to download
content option.
10. Under Application Sharing, click Disable application sharing, and then click Commit. This saves
the policy and takes you back to the CONFERENCING POLICY tab. Leave Skype for Business Server
2015 Control Panel open.
 Task 2: Assign conferencing policies

1. Switch back to the Skype for Business Server Management Shell.
Enter. This command grants the IT policy to all users in the IT organizational unit (OU):
Get-CsUser -OU "ou=IT,dc=adatum,dc=com" | Grant-CsConferencingPolicy -PolicyName IT
Leave the Skype for Business Server Management Shell running.
3. Switch back to Skype for Business Server 2015 Control Panel.
4. In the navigation pane, click Users. This opens the USER SEARCH page.
5. On the USER SEARCH page, click +Add filter. This extends the AND filter settings.
6. In the Name list, click Organizational unit (OU). Leave Equal to as is.
7. In the Specify the DN of an OU text box, type the following, and then click Find:
OU=Managers,DC=Adatum,DC=com
All users in the Managers OU who are enabled for Skype for Business will be listed.
8. Select Ed Meadows.
9. In the Action list, click Assign policies.
10. In the Assign Policies pop-up window, under Conferencing policy, select Management, and then
click OK. This assigns the Management policy to Ed Meadows.
 Task 3: Validate conferencing policies

1. On LON-CL1, in the Skype for Business window, to the right of the Contacts, Conversations, and
Meetings, click the downward-pointing arrow to the right of the Options menu.
2. Click Meet Now. This starts an ad hoc meeting. At the Join Meeting Audio prompt, click OK.
3. If the Participant list is not shown, to open it, click Open Participant List at the top-left corner of
the Conversation (1 participant) meeting window.
4. At the bottom of the PARTICIPANTS list, click Invite More People.
5. In the Invite by Name or Phone Number window, type Amr Zaki in the search box, select Amr Zaki
from the search results, and then click OK.
6. Switch to LON-CL2, and then click the notification on the lower-right corner to accept the invitation
from Ed to join the conference.
Note: The meeting runs under Ed’s conferencing policy because he is the meeting’s
organizer. Ed is located in the Managers OU and therefore gets the Management conferencing
policy, which does not allow recording or application sharing.
7. Click the Present button, and verify that there is no option to Present Desktop or Present
Programs.
8. On LON-CL1, click Hang Up to leave the meeting. Close the Conversation window.
9. On LON-CL2, click Hang Up to leave the meeting. Close the Conversation window.
10. On LON-CL2, in the Skype for Business window, to the right of Contacts, Conversations, and
Meetings, click the downward-pointing arrow to the right of the Options menu.
11. Click Meet Now. This starts an ad hoc meeting. At the Join Meeting Audio prompt, click OK.
12. If the Participant list is not shown, to open it, click Open Participant List at the top-left corner of
the Conversation (1 participant) meeting window.
13. At the bottom of the PARTICIPANTS list, click Invite More People.
14. In the Invite by Name or Phone Number window, type Ed Meadows in the search box, select Ed
Meadows from the search results, and then click OK.
15. Switch to LON-CL1, and then click the notification in the lower-right corner to accept Amr Zaki’s
invitation.
16. Switch back to LON-CL2.
17. Wait for the meeting to start.

18. On the Present menu, click Present Desktop, and then click Present. Click OK. This shares the
desktop.
20. In the meeting window, click Accept meeting content to see Ed’s shared desktop.

22. Click Stop Presenting.
 Task 4: Validate Office Online Server integration

1. On LON-CL1, open Microsoft PowerPoint 2016 from the Microsoft Office 2016 program group on the
Start menu.
2. Close the Welcome to your new Office dialog box.
3. In the PowerPoint window, select Blank Presentation.
4. In the Click to add title text box, type Office Online Test.
5. In the Click to add subtitle text box, type Did I do well?
6. On the File menu, select Save As. Click Browse.
7. In the Save As dialog box, in the File Name text box, type Office Online Test, browse to the
desktop, and then click Save. This places the file on the desktop.
8. Close PowerPoint.
9. Switch back to the meeting with Amr Zaki.

10. On the Present menu, click Present PowerPoint Files.
11. In the Present PowerPoint dialog box, browse to the desktop, select the Office Online Test file, and
then click Open. This starts uploading the file to Office Online Server. Wait for the file upload to
complete.
12. Switch to LON-CL2, and then click Accept Meeting Content.
13. Validate that the PowerPoint presentation that you uploaded is being presented in the meeting
with Ed.
14. On the More Options menu, click End Meeting.
15. Accept the warning regarding ending the meeting.
16. Close the Remote desktop sessions on LON-CL1 and LON-CL2.

steps:
Results: After completing this exercise, you should have configured two new conferencing policies named
IT and Management, and you will have configured them according to A. Datum specifications.
L6-31
Module 6: Implementing Additional Conferencing Options

in Skype for Business Server 2015
Lab A: Implementing and Troubleshooting
Conferencing Policies
Exercise 1: Creating and Editing Conferencing Policies
 Task 1: Edit the global conferencing policy
2. Sign in as Adatum\Administrator with the password Pa$$w0rd, and then on the taskbar, click
3. When prompted, sign in as Adatum\Administrator with the password Pa$$w0rd.

4. In the Skype for Business Server Control Panel navigation pane, click Users, and then click
Enable users.
6. On the Select from Active Directory page, click Add filter. Enter a filter that states Organizational
unit (OU) is equal to OU=Managers,DC=Adatum,DC=com. Click Find.
7. Select all users, and then click OK.
8. Under Assign users to a pool, select pool.adatum.com, and then click Enable.
9. In the Skype for Business Server Control Panel navigation pane, click Conferencing.
10. On the CONFERENCING POLICY tab, select the Global policy.

11. On the Edit menu, click Show details. This opens the Edit Conferencing Policy – Global page.
12. Locate the Maximum meeting size setting, change the value to 20, and then click Commit to save
the change and return to the CONFERENCING POLICY page.
 Task 2: Create a site conferencing policy named Adatum Headquarters

1. On the CONFERENCING POLICY tab, click New, and then click Site policy.
2. In the Select a Site window, select Adatum Headquarters, and then click OK. This opens the New
Conferencing Policy – Adatum Headquarters window.
3. Under Organizer policy, find the Recording setting, and then select Enable recording from the
drop-down list.
4. Scroll down to the bottom of the page, and then under Participant policy, select Enable peer-to-
peer recording.
5. Leave the remaining default settings, and then click Commit. This takes you back to the
CONFERENCING POLICY page. Note the new Adatum Headquarters policy and the check mark
under Recording.
6. Minimize Skype for Business Server Control Panel.

L6-32 Implementing Additional Conferencing Options in Skype for Business Server 2015
 Task 3: Create a user conferencing policy named Managers Conferencing Policy

1. On the taskbar, right-click Skype for Business Server Management Shell, and then click Run as
Administrator.
2. In the Administrator: Skype for Business Server Management Shell console, type the following
command, and then press Enter:
New-CsConferencingPolicy –Identity “Managers Conferencing Policy” | Set-

CsConferencingPolicy –AllowExternalUserControl 1 –AllowConferenceRecording 1 -
EnableP2PRecording 1
This command first creates the policy and then uses the pipe (|) to set the parameters immediately, all
on one line.
 Task 4: Grant the Managers Conferencing Policy to all members of the AD DS global
group named Managers
 In the Skype for Business Server Management Shell, type each of the following four lines without line
breaks, and then press Enter:
foreach ($user in $users){Grant-CsConferencingPolicy -PolicyName "Managers
Conferencing Policy" -Identity $user}
Results: After completing this exercise, you should have configured the default global conferencing
policy by using Skype for Business Control Panel, created and assigned a site-level conferencing policy
to A. Datum headquarters, and created and assigned a user-level conferencing policy to all managers.
Exercise 2: Troubleshooting Conferencing Policies

 Task 1: Introduce an error into the configuration
 On LON-SFB1, in the Skype for Business Server Management Shell, type the following command, and
then press Enter:
CD C:\LabFiles.\Lab6ABreakIt.ps1
 Task 2: Verify an error in recording

1. On LON-CL2, in the Skype for Business client, under Presence, click Sign Out.
2. When signed out, click Sign In to sign back in.

3. Repeat steps 1 and 2 on LON-CL1 as Adatum\Ed.
4. Place the two Remote Desktop windows to LON-CL1 and LON-CL2 side by side.
5. As Amr on LON-CL2, call Ed@Adatum.com by using a Skype Call.
6. On LON-CL1, answer the incoming call from Amr Zaki.
7. On LON-CL2, verify that there is no recording option available under More Options.
8. On LON-CL1, verify that Ed does have the option to record.

 Task 3: Troubleshoot conferencing

1. Use your knowledge about conferencing policies and scopes to fix Amr’s problem.
2. Be ready to share your findings with the class.
3. Contact the instructor if you are stuck.
4. When you have identified the problem, run the Lab6AFixIt.ps1 script in the C:\LabFiles folder on
LON-SFB1:
a. Switch to LON-SFB1.
b. Open the Skype for Business Server Management Shell from the taskbar.
c. In the Skype for Business Server Management Shell, type the following command, and then press
Enter:
CD C:\LabFiles
d. Type .\Lab6AFixIt.ps1, and then press Enter.

virtual machines, but leave them running in preparation for the next lab.
Results: After completing this exercise, you should have verified that Amr Zaki is correctly configured for
conferencing.
Lab B: Configuring Additional Conferencing

Modalities
Exercise 1: Deploying Dial-In Conferencing
 Task 1: Configure the topology for dial-in conferencing
2. On the taskbar, click Skype for Business Topology Builder.
3. In the Topology Builder dialog box, accept the default to Download Topology from existing
deployment, and click OK.
4. In the Save Topology As dialog box, type Lab6B as the File name, and then click Save.
5. In the navigation pane, expand Skype for Business Server, expand Adatum Headquarters, expand
Skype for Business Server 2015, expand Enterprise Edition Front End Pools, and then highlight
pool.adatum.com. Note that in the detail pane to the right, under Features and functionality,
PSTN conferencing is Disabled.
6. In the navigation pane, right-click pool.adatum.com, and then click Edit Properties.
7. Under Features and functionality, select Dial-in (PSTN) conferencing, and then click OK.
8. In the navigation pane, right-click any item, click Topology – Publish, and then click Next to add the
required features for dial-in conferencing. Wait for replication to complete, and then click Finish.
9. In File Explorer, browse to C:\Program Files\Skype for Business Server 2015\Deployment, and
then run Bootstrapper.exe to reconfigure the server as needed.
10. Repeat step 8 on LON-SFB2.
11. When the installation is complete, close all open windows on LON-SFB1 and LON-SFB2. It will take
some time for the command to complete.
 Task 2: Add a user-level dial plan for North America and Europe
1. On LON-SFB1, open Skype for Business Server Control Panel. Sign in as Administrator with the
password Pa$$w0rd.
2. In the navigation pane, click Voice Routing. This opens the DIAL PLAN tab, displaying the currently
configured dial plans.
3. On the DIAL PLAN tab, click New, and then click User dial plan.
4. On the New Dial Plan page, in the Name text box, type North America, and then press the Tab key
on your keyboard. This will move the focus to the next box and will prefill the Simple name text box.
5. In the Dial-In conferencing region text box, type North America.
7. On the DIAL PLAN tab, you now see the Global and the North America dial plans. Click New, and
then click User dial plan to create a similar user dial plan for Europe.
8. In the Name text box, type Europe, and then press the Tab key on your keyboard to prefill the
Simple Name text box.
9. In the Dial-In conferencing region text box, type Europe.
11. On the DIAL PLAN tab, you now see the three dial plans: two plans that you configured, and the
Global plan.
12. On the menu bar, click Commit, and then click Commit all.
13. In the Uncommitted Voice Configuration Settings window, validate the settings displaying the
changes that you just made, and then click OK.
14. In the Success message box, click Close.
 Task 3: Associate a dial plan with users

1. In the Skype for Business Server Control Panel navigation pane, click Users.
2. In the search box, type Ed, and then click Find.
3. Select Ed Meadows, and then on the Edit menu, click Show details.
5. Under Dial plan policy, select North America, and then click Commit.
6. Search for Amr, select Amr Zaki, and then on the Edit menu, click Show details.
8. Under Dial plan policy, select Europe, and then click Commit.
 Task 4: Set up dial-in access numbers

1. In the Skype for Business Server Control Panel navigation pane, click Conferencing, click the Dial-in
Access Number tab, and then click New. This opens the New Dial-In Access Number page.
2. On the New Dial-In Access Number page, in the Display number text box, type the UK number in
the format: +44 (0) 20 1234 1234.
3. In the Display Name text box, type ADatum Conferencing Europe.
4. In the Line URI text box, type tel:+442012341234.

5. In the SIP URI text box, type sip:confeu to the left of the at sign (@), and then select adatum.com
from the drop-down list to the right.
6. In the Pool text box, type pool.adatum.com.
7. Under Primary Language, select English (United Kingdom). Optionally, under Secondary
languages, add additional languages. You can add up to four additional languages.
8. Under Associated Regions, click Add, select Europe from the Select Regions list, click OK, and then
click Commit.
Note: You have now deployed the United Kingdom dial-in access number. Now perform
the same steps for adding North America.
9. Click New on the menu bar. This opens the New Dial-In Access Number page.
10. On the New Dial-In Access Number page, in the Display number text box, type the US number in
the format: +1 (555) 123-1234.
11. In the Display Name text box, type Adatum Conferencing North America.
12. In the Line URI text box, type tel:+15551231234.

13. In the SIP URI text box, type sip:confus to the left of the at sign (@), and then select adatum.com
from the drop-down list to the right.
14. In the Pool text box, select pool.adatum.com.
15. Under Primary Language, select English (United States). Optionally, under Secondary languages,
add additional languages. You can add up to four additional languages.
16. Under Associated Regions, click Add, select North America from the Select Regions list, click OK,
and then click Commit.
 Task 5: Validate dial-in conferencing

2. Open Microsoft Outlook 2016, go to Calendar, and then click New Skype Meeting.
Note that the default dial-in number for Ed is in the North American format.
4. Open Outlook 2016, go to Calendar, and then click New Skype Meeting.
5. Note that the default dial-in number for Amr is in the European format.
6. Close the meeting request without saving changes.
Results: After completing this exercise, you should have deployed two unique dial-in conferencing
numbers, associated the dial-in conferencing region with the correct dial plan, and associated two users
with dial plans to test functionality.
Exercise 2: Preparing for LRS Deployment

 Task 1: Create a resource mailbox in Exchange
1. Switch to LON-EX1, and then open the Exchange Management Shell as an administrator.
2. Type the following command, and then press Enter to create a resource mailbox for the Microsoft
Lync Room System (LRS):
New-Mailbox -UserPrincipalName LRS01@adatum.com -Alias LRS01 -Name "LRS-01" -Room -

EnableRoomMailboxAccount $true –RoomMailboxPassword (ConvertTo-SecureString -String
Pa$$w0rd -AsPlainText -Force)
 Task 2: Enable automatic calendar processing

 On LON-EX1, type the following command, and then press Enter to enable automatic calendar
processing for the room:
Set-CalendarProcessing -Identity LRS01 -AutomateProcessing AutoAccept -

AddOrganizerToSubject $false –DeleteSubject $false -RemovePrivateProperty $false
 Task 3: Enable MailTip for organizers

 On LON-EX1, type the following command, and then press Enter to enable a reminder for organizers
that this is an LRS:
Set-Mailbox -Identity LRS01@adatum.com -MailTip "This room is equipped with Lync Room
System (LRS), please make it a Skype Meeting to take advantage of the enhanced
meeting experience from LRS”
 Task 4: Enable an LRS account in Skype for Business 2015

2. On LON-SFB1, open the Skype for Business Server Management Shell, type the following command,
and then press Enter to enable an LRS account in Skype for Business Server:
Enable-CsMeetingRoom -SipAddress "sip:LRS01@adatum.com" -RegistrarPool

pool.adatum.com -Identity LRS01
 Task 5: Invite LRS

2. Open Outlook, go to Calendar, and then click New Skype Meeting.
3. In the meeting invitation, to the right of where it reads Skype Meeting, click Rooms.
4. Select LRS-01, click the Rooms button in the lower-left corner, click OK, and then click Yes.

steps:
o 20334B-LON-CL2
o 20334B-LON-DC1
o 20334B-LON-SFB1
o 20334B-LON-SFB2
o 20334B-LON-SQL1
o 20334B-LON-EX1
o 20334B-LON-RTR
Results: After completing this exercise, you will have configured a Microsoft Exchange resource mailbox
for LRS, and you will have configured an LRS account for Skype for Business Server.
L7-39
Module 7: Designing and Implementing Monitoring and

Archiving in Skype for Business 2015
Lab A: Implementing Monitoring
Exercise 1: Enabling Monitoring Reports
 Task 1: Install Monitoring Reports
2. In the Skype for Business Server Topology Builder, click Download Topology from existing
deployment, and then click OK.
3. In the Save Topology As dialog box, in the File Name text box, type
AdatumTopologyMonLab7.tbxml, and then click Save.
4. In the Skype for Business Server Topology Builder, expand Skype for Business Server, expand
End Pools, right-click pool.adatum.com, and then click Edit Properties.
5. In the Edit Properties window, click General.
6. In the General pane, select Monitoring (CDR and QoE metrics).

7. In the Monitoring SQL Server store drop-down list box, select LON-SQL1.adatum.com/Default,
and then click OK.
8. In the Action drop-down list box, select Topology, and then click Publish to publish the changes in
the topology.
9. In the Publish Topology window, click Next to validate the changes that were made in the topology.
10. On the Select databases page, ensure that LON-SQL1.adatum.com\Default is selected, and then
click Next.
Wait while the topology publishes.
11. On the Publishing wizard complete page, verify that all steps show as Success or Warning.
12. On the Publishing wizard complete page, click the Click here to open the to-do list link.
13. When the file opens in Notepad, read the steps listed, and then close Notepad.
15. Close the Skype for Business Server Topology Builder.
Enter to start the stopped Skype for Business Server services.
18. On LON-SFB1, on the tasbar, click Skype for Business Server Deployment Wizard.
19. In the Skype for Business Server Deployment Wizard, click the Deploy Monitoring Reports link.
20. On the Specify Monitoring Database page, verify that LON-SQL1.adatum.com is listed for both
the Monitoring Database and the SQL Server Reporting Services instance, and then click Next.
L7-40 Designing and Implementing Monitoring and Archiving in Skype for Business 2015
21. On the Specify Credentials page, in the User name text box, type Adatum\Administrator, in the
Password text box, type Pa$$w0rd, and then click Next.
Note: The account that is specified here will be granted read access to the reporting
databases. This is the account that is used when accessing reports. For lab purposes, we will use
the Administrator account. The user who deploys monitoring reports must be a SQL Server
system administrator.
22. On the Specify Read-Only Group page, type RTCUniversalReadOnlyAdmins, and then click Next.
23. On the Executing Commands page, verify that the last line reads “Monitoring Reports have been
successfully deployed,” and then click Finish.
24. Close the Skype for Business Server Deployment Wizard.
 Task 2: Review the CDR and QoE monitoring reports

2. On LON-CL1, establish a Skype call from Ed to Amr Zaki. In the Skype for Business client, in the Find
someone field, type Amr, right-click Amr Zaki, point to Call, and then click Skype Call.
3. On LON-CL2, accept the call. Leave the call up for about two minutes, and then hang up.
4. On LON-SFB1, click Skype for Business Server Control Panel on the taskbar.
5. In the Windows Security dialog box, in the User Name text box, type Administrator. In the
Password text box, type Pa$$w0rd, and then click OK.
6. On the Home screen, under Top Actions, expand View Monitoring Reports, and then click
LON-SQL1.adatum.com. Wait for Microsoft Internet Explorer to open the Monitoring Reports
page.
7. On the Monitoring Reports page, in the upper-right corner, click Dashboard.

8. View the collected data on the dashboard:
o System usage data
o Per-user call diagnostics data

o Call diagnostics data
o Media quality diagnostics data
9. In the Monitoring Server Dashboard, in the upper-right corner, click Monthly View.
10. In the Monitoring Server Dashboard, in the upper-right corner, click Reports.
11. On the Monitoring Reports page, view each report that is listed under System Usage Reports, and
then review the collected data.
12. On the Monitoring Reports page, view each report that is listed under Call Diagnostic Reports
(Per User), and then review the collected data.
13. On the Monitoring Reports page, review each report that is listed under Call Diagnostic Reports,
and then review the collected data.
14. On the Monitoring Reports page, view each report that is listed under Media Quality Diagnostic
Reports, and then review the collected data.
15. In one of the reports, at the uppermost part of the page, click Save, and then from the drop-down list
box, click Excel.
16. In the File Download dialog box, click Save.
17. Close all open windows on LON-SFB1.

virtual machines; leave them running in preparation for the next lab.
Results: After completing this exercise, you should have deployed monitoring reports on the Skype for
Business Server Back End Server and verified access to the CDR and QoE monitoring reports.
Lab B: Implementing Archiving

Exercise 1: Enabling Skype for Business Server Archiving to Microsoft
Exchange Server 2013
 Task 1: Configure partner applications on Skype for Business Server and Exchange
Server
1. On LON-SFB1, click Start, click Administrative Tools, and then double-click Active Directory Users
and Computers.
2. In the left navigation pane, expand Adatum.com, and then click Users.
3. In the right navigation pane, right-click Administrator, and then click Properties.
4. Click the Member Of tab, and then click Add.
5. In the Select Groups dialog box, type RTCUniversalServerAdmins, and then click Check Names.
Ensure that the typed name is underlined, and then click OK.
6. In the Administrator Properties dialog box, click OK to close the dialog box.
7. Sign out from LON-SFB1, and then sign back in to LON-SFB1 as Adatum\Administrator with the
password Pa$$w0rd.
8. Switch to LON-EX1.
9. On LON-EX1, on the task bar, click Exchange Management Shell.
10. Type the following command, and then press Enter to locate the value of IsExcludedFromProvisioning
for the Mailbox Database:
Get-MailboxDatabase | Select Name,*Provisioning*
11. If the value is True, type the following command, and then press Enter to update the Mailbox
Database so that it is enabled for provisioning:
Get-MailboxDatabase | Set-MailboxDatabase –IsExcludedFromProvisioning:$False
12. Type the following command, and then press Enter to navigate to the Exchange Scripts folder:
cd ‘C:\Program Files\Microsoft\Exchange Server\V15\scripts’
13. At the [PS] C:\Program Files\Microsoft\Exchange Server\V15\scripts> command prompt, type the
following command, and then press Enter:
.\Configure-EnterprisePartnerApplication.ps1 -AuthMetaDataUrl
“https://pool.adatum.com/metadata/json/1” -ApplicationType Lync
14. If you receive the error, “Load balancing failed to find a valid mailbox database,” repeat step 11 of this
task.
15. Type the following command, and then press Enter to stop and restart Internet Information Services
(IIS):
Iisreset
16. On LON-EX1, type the following command, and then press Enter to locate the value for
AutodiscoverServiceInternalURI:
Get-ClientAccessServer | Select Name,AutoDiscover*
17. Record the value from the last script below so that you can recall it later.
https://
19. Type the following command, and then press Enter to configure Skype for Business Server with the
Autodiscover information:
Set-CsOAuthConfiguration –Identity global –ExchangeAutodiscoverUrl https://lon-

ex1.adatum.com/autodiscover/autodiscover.svc
Enter to create a new partner application for Exchange:
New-CsPartnerApplication -Identity Exchange -ApplicationTrustLevel Full -MetadataUrl

https://lon-ex1.adatum.com/autodiscover/metadata/json/1
21. Type the following command, and then press Enter to test the connectivity between Skype for
Business Server and Exchange Server:
Test-CsExStorageConnectivity –SipURI sip:Ed@adatum.com
22. You should receive the result, Test Passed. If not, contact your instructor.
23. On LON-SFB1, type the following command, and then press Enter to enable Exchange Archiving
globally:
Set-CsArchivingConfiguration –Identity Global –EnableArchiving ImAndWebConf –

EnableExchangeArchiving $True
Leave the Skype for Business Server Management Shell open.
25. In the Windows Security dialog box, type Administrator in the User Name text box, type
Pa$$w0rd in the Password text box, and then click OK.
26. In the left navigation pane, click Monitoring and Archiving, click the Archiving Policy tab, click
New, and then from the drop-down list box, click User policy.
27. In the Name text box, type LondonArchivingPolicy. Select Archive internal communications and
Archive external communications, and then click Commit.
28. In the left navigation pane, click Users, in the search box, type Ed, click Find, and then double-click
the Ed Meadows user. Scroll down to the Archiving Policy, click the drop-down arrow, select
LondonArchivingPolicy, and then click Commit.
Enter to enable Exchange Archiving for all users in the London pool:
Get-CsUser -Filter {RegistrarPool -eq "pool.adatum.com"} | Set-CsUser -

ExchangeArchivingPolicy ArchivingToExchange
Enter to display a list of users that have been enabled for Exchange Archiving:
Get-CsUser | Where-Object {$_.ExchangeArchivingPolicy -eq "ArchivingToExchange"} |

Select-Object DisplayName
 Task 2: Generate IM traffic

2. Generate data for the archive by having Ed initiate an IM to Amr, and then have Amr respond to
that IM.
3. Close the chat window.
 Task 3: View the archived messages in Exchange

1. On LON-SFB1, click Start, click Administrative Tools, double-click Active Directory Users and
Computers, expand Adatum.com, and then click the Microsoft Exchange Security Groups
organizational unit.
2. In the right navigation pane, double-click the Discovery Management group.
3. On the Members tab, click Add.
4. In the Select Users, Contacts, Computers, Services Accounts, or Groups dialog box, type
Administrator, click Check Names, and then click OK.
5. Click OK to close the Discovery Management Properties dialog box.
6. On LON-EX1, click Start, and then click Internet Explorer.
7. In the address bar, type https://lon-ex1.adatum.com/ecp, and then press Enter.

8. On the Exchange Admin Center page, in the User name text box, type Adatum\Administrator, in
the Password text box, type Pa$$w0rd, and then click Sign In.
9. In the right navigation pane, click compliance management.
10. Under In-Place eDiscovery & Hold, click the plus sign (+).
11. In the new in-place eDiscovery & hold window, in the Name and description text box, type
SfBItems, and then click Next.
12. In the Mailboxes window, click Search all mailboxes, and then click Next.
13. In the Search query window, click Filter based on criteria, and then click select message types.
14. In the message types to search window, click select the messages types to search, select Skype for
Business items, and then click OK.
15. In the Search query window, click Next.
16. In the In-Place Hold setting window, click Finish.

17. In the Saving completed successfully window, click Close.
18. In the Exchange Admin Center, in the right navigation pane, click SfBItems. On the toolbar above,
click Refresh. In the right pane, notice the status of Estimate in progress. Do not continue until the
status shows Estimate Succeeded.
19. In the right navigation pane, click SfBItems. In the right pane, scroll down, and then select preview
search results.
Note: A new window opens. Notice the results of the archived message content.
 Task 4: Troubleshoot failed archiving

2. Type the following command, and then press Enter to disable Archiving for the site:
New-CsArchivingConfiguration –Identity site:”Adatum Headquarters” –EnableArchiving

None
4. Click Monitoring and Archiving, and then click the Archiving Configuration tab.
5. Verify that the new archiving configuration settings exist for the Adatum Headquarters site. The site
configuration settings override the global configuration settings. Leave Skype for Business Server
Control Panel open.
6. In Skype for Business Server Control Panel, click New, and then from the drop-down list box, click
Pool configuration.
7. In the Select a Service window, click the Registrar:pool.adatum.com service, and then click OK.
8. In the New Archiving Setting window, verify that the Name box is already populated with
Registrar:pool.adatum.com.
9. In the Archiving setting drop-down list box, select Archive IM and web conferencing sessions,
select Exchange Server integration, and then click Commit.
10. Verify that the new archiving configuration settings exist.
Note: The pool configuration settings override the global and site configuration settings.

steps:

4. Repeat steps 2 and 3 for following virtual machines:
o 20334B-LON-CL2
o 20334B-LON-DC1
o 20334B-LON-SFB1
o 20334B-LON-SFB2
o 20334B-LON-SQL1
o 20334B-LON-EX1
o 20334B-LON-RTR
Results: After completing this exercise, you should have configured archiving settings, including policies,
configurations, and Exchange integration for Adatum. You also should have generated some IM and web
conferencing traffic to archive. Finally, you should have viewed the archived data by using Exchange
Control Panel.
L8-47
Module 8: Deploying Skype for Business 2015

External Access
Lab A: Designing and Implementing
External User Access
Exercise 1: Defining the Edge Server in the Topology
 Task 1: Add an Edge Server to the topology and publish it
1. On LON-DC1, if required, open Server Manager.
2. Click Tools, and then click DNS.
3. In DNS Manager, double-click Adatum.com.
4. Right-click Adatum.com, and then click New Host (A or AAAA).

5. In the New Host dialog box, type lon-edg as the Name, and 172.16.0.5 as the IP address, click Add
Host, click OK, and then click Done.
6. Switch to LON-SFB1, and if not already signed in, sign in as adatum\administrator with the
password Pa$$w0rd.
7. On LON-SFB1, open Skype for Business Server Topology Builder from the taskbar.
8. In the Topology Builder window, select Download Topology from existing deployment, and then
click OK. The current topology starts downloading. Wait for the task to complete, and then save it as
C:\Lab08A.tbxml.
9. In the Topology Builder, expand Skype for Business Server, expand Adatum Headquarters, expand
Skype for Business Server 2015, right-click Edge pools, and then on the shortcut menu, click New
Edge Pool.
10. In the Define the New Edge Pool window, click Next.
11. On the Define the Edge pool FQDN page, in the Pool FQDN text box, type lon-edg.adatum.com,
select This pool has one server, and then click Next.
12. On the Enable federation page, enable all the options, and then click Next.
13. On the Select features page, select Use a single FQDN and IP address, and then click Next.
14. On the Select IP options page, leave all the options at their default settings, and then click Next.
15. On the External FQDNs page, in the Access Edge Service text box, type sip.adatum.com, and then
click Next.
16. On the Define the internal IP address page, in the Internal IPv4 address text box, type 172.16.0.5,
17. On the Define the external IP address page, in the External IPv4 address text box, type
192.168.1.5, and then click Next.
18. On the Define the next hop server page, accept the default setting of pool.adatum.com Adatum
Headquarters, and then click Next.
19. On the Associate Front End or Mediation pool page, select pool.adatum.com, and then click
Finish.
20. In the left navigation pane, right-click Adatum Headquarters, and then click Edit Properties.
L8-48 Deploying Skype for Business 2015 External Access
21. In the Edit Properties window, in the left navigation pane, select Federation route.
22. Under Site federation route assignment, select Enable SIP federation, and then select
lon-edg.adatum.com Adatum Headquarters Edge from the drop-down list.
23. Under Site federation route assignment, select Enable XMPP federation, select
lon-edg.adatum.com Adatum Headquarters Edge from the drop-down list, and then click OK.
24. In the left navigation pane, right-click Adatum Headquarters, from the shortcut menu, expand
Topology, and then click Publish.
25. In Publish the topology window, click Next.

26. Wait for the Publish Topology task to complete. When complete, select Finish.
 Task 2: Export the topology

1. On LON-SFB1, open the Skype for Business Server Management Shell from the taskbar.
Export-CsConfiguration –FileName c:\Lab08Export.zip
Results: After completing this exercise, you should have added an Edge server to the topology and
publish it, and then exported the topology.
Exercise 2: Installing and Configuring an Edge Server

 Task 1: Install the Edge server on LON-EDG
1. On the host machine, in Hyper-V Manager, right-click 20334B-LON-EDG, and then click Settings.
2. From the Hardware list, click DVD Drive, click Image File, click Browse, browse to C:\Program Files
\Microsoft Learning\20334\Drives\, select SfB-E-9319.0-enUS.ISO, click Open, and then click OK.
3. Switch to LON-EDG. If not signed in, sign in as administrator with the password Pa$$w0rd.
4. Right-click Start, and then click Network Connections.
5. In the Network Connections window, right-click Perimeter, and then click Properties.
6. In the Perimeter Properties window, click Internet Protocol Version 4 (TCP/IPv4), and then click
Properties.
7. In the Default gateway text box, type 192.168.1.1, click OK, and then click Close.
8. Close the Network Connections window.
9. Open Server Manager from the taskbar.

10. In the left navigation pane, select Local Server.
11. In the main window, click the computer name LON-EDG.
12. In the System Properties window, click Change.
13. In the Computer Name/Domain Changes window, click More.
14. In the DNS Suffix and NetBIOS Computer Name window, in the Primary DNS suffix of this
computer text box, type adatum.com, and then click OK.
15. In the Computer Name/Domain Changes window, click OK.

16. In the pop-up window with the “You must restart your computer to apply these changes” message,
click OK.
17. In the System Properties window, click Close.
18. In the pop-up window with the “You must restart your computer to apply these changes” message,
click Restart Now.
19. Wait while LON-EDG restarts. Sign back in as administrator with the password Pa$$w0rd.
20. Open File Explorer, browse to D:\Setup\amd64, and then run Setup.exe.
21. Wait while the C++ 2013 Redistributable installs.
22. In the Skype for Business Server Check for Updates window, select Don’t check for updates right
now, accept the default installation location, and then click Install.
23. Accept the license agreement, and then click OK.
24. Wait while the installer installs the core components. When complete, the Skype for Business Server
2015 Deployment Wizard opens automatically.
25. In the Welcome to Skype for Business Server 2015 deployment window, click Install or Update
26. On the Install or update member system page, go to Step 1: Install Local Configuration Store,
and then click Run.
Note: The message that the configuration cannot be collected automatically is expected
because this computer is not a member of the Adatum.com domain.
27. In the Configure Local Replica of Central Management Store window, in the Import from a file
(recommended for Edge Servers) text box, type the following, and then click Next:
\\LON-SFB1\c$\Lab08Export.zip
28. Wait for the Install Local Configuration Store task to complete. When complete, click Finish. This
closes the Install Local Configuration Store Wizard.
29. Back on the Install or update member system page, go to Step 2: Setup or Remove Skype for
Business Server Components, and then click Run.
30. In the Set Up Skype for Business Server Components window, click Next.
31. Wait while LON-EDG installs the server components.
32. Click Finish to close the window.
 Task 2: Install certificates and start services

1. Switch to LON-EDG. If necessary, sign in as administrator with the password Pa$$w0rd.
2. Open Internet Explorer, and then go to http://lon-dc1.adatum.com/certsrv.
3. In the Windows Security window, authenticate by using the user name adatum\administrator with
the password Pa$$w0rd.
4. On the Microsoft Active Directory Certificate Services – AdatumCA page, click Download a CA
certificate, certificate chain, or CRL.
5. In the Download a CA Certificate, Certificate Chain, or CRL window, click Download CA certificate.
6. In the Do you want to open or save certnew.cer (863 bytes) from lon-dc1.adatum.com? window, click
Open.
7. In the certnew.cer download has completed window, click Open.
8. In the Certificate window, click Install Certificate.
9. In the Certificate Import Wizard, select Local Machine, and then click Next.
10. On the Certificate Store page, select Place all certificates in the following store, and then click
Browse.
11. In the Select Certificate Store window, select Trusted Root Certification Authorities, and then click
OK.
12. Back on the Certificate Store page, click Next.
13. In the Completing the Certificate Import Wizard window, click Finish.
14. Close the Import was successful windows by clicking Ok.
15. Select OK in the Certificate window to close it.
16. Switch back to the Skype for Business Server Deployment Wizard. If the previous steps completed
without error, you can continue even if Step 2 is not marked as complete.
17. Go to Step 3: Request, Install or Assign Certificates, and then click Run. This opens the Certificate
Wizard.
18. In the Certificate Wizard, select Edge Internal, and then click Request.
19. In the Certificate Request window, accept the default selection Send the request immediately to an
online certification authority, and then click Next.
20. On the Choose a Certification Authority (CA) page, in the Specify another certification authority
text box, type lon-dc1.adatum.com\AdatumCA, and then click Next.
21. On the Certification Authority Account page, leave the default selection, type
adatum\administrator in the User name text box, Pa$$w0rd in the Password text box, and then
click Next.
23. On the Name and Security Settings page, select Mark the certificate’s private key as exportable,
24. In the Organization Information window, in the Organization text box, type A Datum.
25. In the Organizational unit text box, type IT, and then click Next.
26. On the Geographical Information page, from the Country/Region drop-down list, select United
Kingdom.
27. In the State/Province text box, type UK.
29. On the Subject Name / Subject Alternate Names page, click Next.
30. On the Configure Additional Subject Alternative Names page, click Next.
32. An “Executing Commands” message displays. Wait for the Task status to display Completed, and then
click Next.
33. On the Online Certificate Request Status page, accept the default selection for Assign this
certificate to Skype for Business Server certificate usages, and then click Finish.
36. Wait for the assignment to complete. When complete, click Finish. This closes the Certificate
Assignment Wizard and takes you back to the Certificate Wizard.
37. In the Certificate Wizard, select External Edge certificate (public Internet), and then click Request.
38. On the Delayed or Immediate Requests page, select Prepare the request now, but send it later
(offline certificate request), and then click Next.
39. On the Certificate Request File page, in the File name text box, type C:\CertReq.req, and then click
Next.
41. On the Name and Security Settings page, click Next.
42. On the Organization Information page, click Next.
43. On the Geographical Information page, click Next.
44. On the Subject Name / Subject Alternative Names page, click Next.
45. On the SIP Domain setting on Subject Alternative Names page, click Next.
46. On the Configure Additional Subject Alternative Names page, add the following names (because
you are going to use the same certificate for reverse proxy), and then click Next:
o Dialin.adatum.com
o Meet.adatum.com
o Pool.adatum.com
o Wac.adatum.com
48. An “Executing Commands” message displays. When command execution is complete, click Next.
49. On the Certificate Request File page, click View. This opens the CertReq.req file in Notepad.
50. Select all the content by pressing Ctrl+A, and then copy the content by pressing Ctrl+C. You now
have the request data on the Clipboard.
51. Click Finish to close the Certificate Request window.
52. Switch back to Internet Explorer.
53. On the AdatumCA page, in the top-right corner, click Home.

54. On the Microsoft Active Directory Certificate Services -- AdatumCA home page, click Request a
certificate.
55. On the Request a Certificate page, click Advanced certificate request.
56. On the Advanced Certificate Request page, click Submit a certificate request by using a base-
64-encoded CMC or PKCS#10 file, or submit a renewal request by using a base-64-encoded
PKCS #7 file.
57. In the Saved Request text box, paste the content of the Clipboard by pressing Ctrl+V.
58. In the Certificate Template drop-down list, select Web Server, and then click Submit.
59. On the Certificate Issued page, click Download certificate.
60. Click Open when asked whether to open or save.
61. In the The certnew.cer download has completed window, click Open.
62. In the Certificate Information window, click Install Certificate. This opens the Certificate Import
Wizard.
63. In the Welcome to the Certificate Import Wizard, under Store Location, select Local Machine, and
then click Next.
64. In the Certificate Store window, select Place all certificates in the following store, and then click
Browse.
65. In the Select Certificate Store window, select the Personal store, and then click OK.
66. On the Certificate Store page, click Next.
67. In the Completing the Certificate Import Wizard, click Finish.

69. On the Certificate page, click OK.
70. Switch back to the Certificate Wizard.
71. Select External Edge certificate (public Internet), and then click Assign.
73. On the Certificate Store page, select Skype for Business Server 2015 External Edge certificate,
75. Wait for the Certificate Assignment task to complete, and then click Finish.
76. In the Certificate Wizard, note the green check marks, and then click Close.
Enter:
Enter to validate that the services are running:
 Task 3: Enable external access by using policies

1. Switch to LON-SFB1, and if not signed in, sign in as adatum\administrator with the password
Pa$$w0rd.
2. Open Skype for Business Server 2015 Control Panel from the taskbar. Sign in as
Adatum\Administrator with the password Pa$$w0rd.
3. In the left navigation pane, click Federation and External Access.

4. Under External Access Policy, double-click the Global policy to edit its settings.
5. In the External Access Policy – Global window, select all check boxes, and then click Commit.
6. Still in the Federation and External Access window, select Access Edge Configuration.
7. Double-click the Global policy, configure the following options, and then click Commit:
o Enable federation and public IM connectivity
o Enable partner domain discovery
o Enable remote user access
o Enable anonymous user access to conferences
 Task 4: To prepare for next lab

virtual machines, but leave them running in preparation for Lab B.
Results: After completing this exercise, you should have installed an Edge server, installed certificates and
started services, and then enabled external access by using policies.
Lab B: Installing the Components for

External Users
Exercise 1: Installing and Configuring Reverse Proxy
 Task 1: Configure Web Application Proxy
3. In the Network Connections window, right-click Perimeter, and then click Properties.
4. In the Perimeter Properties window, click Internet Protocol Version 4 (TCP/IPv4), and then click
Properties.
5. In the Default gateway text box, type 192.168.1.1, click OK, and then click Close.
6. Close the Network Connections window.
7. In Server Manager, on the Tools menu, click Remote Access Management.
8. In the Remote Access Management Console, click Web Application Proxy.

9. In the main window, under Configure Web Application Proxy, click Run the Web Application
Proxy Configuration Wizard.
10. On the Welcome screen, click Next.

11. On the Federation Server page, in the Federation service name text box, type adfs1.adatum.com.
12. In the User Name text box, type adatum\administrator, in the Password text box, type Pa$$w0rd,
13. In the AD FS Proxy Certificate window, click the drop-down list, select adfs1.adatum.com, and then
click Next.
14. On the Confirmation page, click Configure.
15. Wait for the configuration task to complete, and then click Close.
 Task 2: Import a certificate from LON-EDG1

1. Switch to LON-EDG, and then sign in as LON-EDG\administrator with the password Pa$$w0rd.
2. Right-click Start, and then on the shortcut menu, click Run.

3. In the Run dialog box, type MMC, and then click OK. This opens an empty Microsoft Management
Console (MMC).
4. On the File menu, click Add/Remove Snap-in.
6. In the Certificates snap-in, select Computer account, and then click Next.
7. In the Select Computer window, click Finish.
9. In the left navigation pane, expand Certificates (Local Computer), expand Personal, and then click
Certificates. This lists the installed certificates.
10. Select and then right-click the sip.adatum.com certificate.
11. On the shortcut menu, point to All Tasks, and then click Export.
12. In the Welcome to the Certificate Export Wizard, click Next.
13. On the Export Private Key page, click Yes, export the private key, and then click Next.
14. On the Export File Format page, click Next.
15. Click Password. Type the password Pa$$w0rd twice to confirm, and then click Next.
16. On the File to Export page, click Browse.
17. Save the exported certificate to C:\EdgeExport.pfx.
18. On the File to Export page, click Next.

19. On the Completing the Certificate Export Wizard page, click Finish, then click OK.
20. Switch back to LON-PXY.
21. Open File Explorer, browse to \\lon-edg\c$\, and then double-click edgeexport.pfx.
22. On the Welcome to the Certificate Import Wizard page, select Local Machine, and then click
Next.
23. On the File to Import page, type the following, and then click Next:
\\lon-edg\c$\EdgeExport.pfx
24. On the Private key protection page, in the Password text box, type Pa$$word.
25. Select Mark this key as exportable, and then click Next.
26. On the Certificate Store page, click Next, click Finish, and then click OK.
 Task 3: Create publishing rules for Skype for Business Server and
Office Online servers
1. On LON-PXY, in the Remote Access Management Console, under Tasks, click Publish.
2. On the Welcome page, click Next.
3. On the Preauthentication page, select Pass-through, and then click Next.
4. On the Publishing Settings page, in the Name text box, type lyncdiscover.
5. In the External URL text box, type https://lyncdiscover.adatum.com.
6. On the External certificate menu, click sip.adatum.com.
7. In the Backend server URL text box, type https://lyncdiscover.adatum.com:4443.
8. Ignore the "The internal and external URLs don't match” warning, and then click Next.
9. In the Confirmation box, click Publish.
10. On the Results page, click Close.

11. Repeat steps 1 through 10 three times by replacing lyncdiscover.adatum.com with:
o Meet.adatum.com
o Dialin.adatum.com
o Pool.adatum.com
Use the following:
o In step 4, use meet/dialin/pool to replace lyncdiscover.

12. Repeat steps 1 through 10 for wac.adatum.com. Publish without appending “:4443” because Office
Online Server do not require port redirection.

14. Right-click the Perimeter network adapter, and then click Enable.
15. Minimize LON-PXY.
Results: After completing this exercise, you should have configured Web Application Proxy, exported and
imported a certificate, including a private key, and then created publishing rules for Skype for Business
Server and Office Online servers.
Exercise 2: Validating External Messaging

 Task 1: Add public DNS to LON-CL2 by using the Hosts file
1. Switch to LON-CL2, and then sign in as adatum\amr with the password Pa$$w0rd.
2. In the search box, type Notepad, right-click Notepad from the results, on the shortcut menu, click
Run as administrator, and then click Yes.
3. In Notepad, on the File menu, click Open, go to c:\windows\system32\drivers\etc\hosts, and then

open the Hosts file.
Note: Select All Files (*.*) in the drop-down list.
4. Add the following records to the Hosts file:
o 192.168.1.5 sip.adatum.com
o 192.168.1.6 lyncdiscover.adatum.com
o 192.168.1.6 meet.adatum.com
o 192.168.1.6 dialin.adatum.com
o 192.168.1.6 pool.adatum.com
o 192.168.1.6 wac.adatum.com
5. Save the Hosts file. Overwrite the existing Hosts file.
 Task 2: Move LON-CL2 to the outside and validate the connection

1. On LON-CL2, right-click Start, and then click Network Connections.
2. Right-click LON_Network, and then click Disable.
3. Right-click Internet, and then click Enable.
4. Validate the IPv4 configuration on the Internet connection. The settings should be:
o IP: 131.107.0.51
o Subnet: 255.255.255.0
o Default Gateway: 131.107.0.100
o DNS: Blank
5. Restart LON-CL2. Sign back in as adatum\amr with the password Pa$$w0rd.
6. Wait for Skype for Business to sign in.
7. Send an instant message (IM) to Ed Meadows to validate the connection to LON-CL1.

steps:

o 20334B-LON-CL2
o 20334B-LON-DC1
o 20334B-LON-SFB1
o 20334B-LON-SFB2
o 20334B-LON-SQL1
o 20334B-LON-EDG
o 20334B-LON-PXY
o 20334B-LON-RTR
Results: After completing this exercise, you should have added public Domain Name System (DNS) to
LON-CL2 via the Hosts file, and moved LON-CL2 to the outside of the network and validate the
connection.
L9-59
Module 9: Implementing Persistent Chat in

Lab A: Designing and Deploying Persistent
Chat Server
Exercise 1: Configuring the Topology for Persistent Chat Server
 Task 1: Create a Persistent Chat share
1. On LON-SQL1, click the File Explorer icon on the taskbar, and then double-click Local Disk (C:).
2. On the Home tab, click New folder, type PChatShare as the new folder name, and then press Enter.
3. Right-click the PChatShare folder, click Share with, click Specific people, type Everyone, and then
click Add.
4. Verify that Administrator has Read/Write permissions and that Everyone has Read permissions, click
Share, and then click Done.
5. On LON-DC1, in Server Manager, click Tools, and then select Active Directory Users and
Computers.
6. Expand the Adatum.com\Users container, and then double-click RTCUniversalServerAdmins.
7. On the properties page, click the Members tab, click Add, type Administrator, click Check Names,
and then click OK to close the Select User dialog box.
8. Click OK to close the RTCUniversalServerAdmins Properties page.
 Task 2: Configure the topology

2. In Topology Builder, select Download Topology from existing deployment, and then click OK.
If the Download Current Topology Wizard appears, wait a few seconds.
3. Type Persistent Chat as the file name, and then click Save.
4. Expand the Skype for Business Server container, expand the Adatum Headquarters container,
expand the Skype for Business Server 2015 container, right-click the Persistent Chat pools
container, and then select New Persistent Chat Pool.
5. In the Pool FQDN text box, type pchatpool.adatum.com, verify that This pool has multiple
servers is selected, and then click Next.
6. In the Computer FQDN text box, type lon-svr1.adatum.com, click Add, and then click Next.
7. In the Define properties of the Persistent Chat pool page, type Adatum Headquarters Persistent
Chat Pool as the display name of the Persistent Chat pool. Complete the page by using the following
settings, and then click Next:
o Persistent Chat port is 5041.
o Select Enable compliance.
o Clear Use backup SQL Server stores to enable disaster recovery.
o Select Use this pool as default for site Adatum Headquarters.
8. On the Define the SQL Server store page, click the drop-down arrow, and then select
LON-SQL1.adatum.com\Default. Click Next.
L9-60 Implementing Persistent Chat in Skype for Business 2015
9. On the Define the compliance SQL Server store page, select lon-sql1.adatum.com\Default as the
Compliance SQL Server store, and then click Next.
10. On the Define the file store page, select Define a new file store.
11. In the File server FQDN text box, type LON-SQL1.adatum.com.
12. In the File share text box, type PChatShare, and then click Next.
13. On the Select the next hop server page, verify that pool.adatum.com Adatum Headquarters is
selected as the Next hop pool, and then click Finish.

1. On LON-SFB1, verify that Topology Builder is still open from the previous task, on the Action menu,
select Topology, click Publish, and then click Next.
2. On the Select databases page, verify that lon-sql1.adatum.com\Default is selected in the Choose
the databases you would like to create when you publish your topology list, and then click Next.
section.
4. After reviewing the NextSteps.txt file, close Notepad, and then click Finish.
Results: After completing this exercise, A. Datum should have the Persistent Chat Server and Persistent
Chat Compliance service topology published in the Central Management store, which will support the
organizational requirements. The IT department should also have a registered add-in that IT members can
use when they create their own chat rooms.
Exercise 2: Installing Persistent Chat Server

 Task 1: Verify the prerequisites
1. On LON-SFB1, click the Windows PowerShell icon on the taskbar, type Nslookup, and then press
Enter.
2. At the Nslookup command prompt, type lon-svr1.adatum.com, and then press Enter. You should
resolve to 172.16.0.22.
3. At the Nslookup command prompt, type pchatpool.adatum.com, and then press Enter. This will
return a nonexistent domain error because the record has not yet been created in Domain Name
System (DNS). Type exit, and then press Enter.
4. Close the Windows PowerShell window.
5. On LON-DC1, open Server Manager.
6. In Server Manager, on the Tools menu, click DNS.
7. In the console tree, expand Forward Lookup Zones, expand Adatum.com, right-click Adatum.com,
and then click New Host (A or AAAA).
8. In the Name text box, type pchatpool, and then in the IP address text box, type 172.16.0.22. Leave
the remaining values as they are, click Add Host, click OK, and then click Done.
9. On LON-SFB1, click the Windows PowerShell icon on the taskbar, type Nslookup, and then press
Enter.
10. At the Nslookup command prompt, type pchatpool.adatum.com, and then press Enter. This should
now resolve to 172.16.0.22.
11. Type exit, and then press Enter, to leave the Nslookup command prompt.
12. On LON-SVR1, click the Windows PowerShell icon on the taskbar, and then run the following
cmdlet:
Get-WindowsFeature | Where-Object InstallState –eq Installed
13. In the output from the cmdlet, confirm that the following software is included in the list of installed
Windows features:
o Windows PowerShell 4.0
o Microsoft .NET Framework 4.5
o Windows Identity Foundation 3.5
o Remote Server Administration Tools

o Web Server (IIS)
o Media Foundation
o .NET Framework 3.5 (includes .NET 2.0 and 3.0)
Note: All software in the lab was preinstalled to save time.
14. Click Start on the taskbar, type Programs, and then select Programs and Features from the search
results list.
15. Confirm that Microsoft Silverlight is installed, and then close the Programs and Features window.
 Task 2: Run the deployment wizard on LON-SVR1

2. If the DVD drive contains Skype for Business media, skip to step 5.
3. Locate the virtual machine menu bar at the top of the virtual machine window, click Media, select
DVD Drive, and then click Insert Disk.
4. Browse to C:\Program Files\Microsoft Learning\20334\Drives\, select SfB-E-9319.0-enUS.ISO,

click Open, and then click OK.
5. In File Explorer, right-click the DVD drive, and then select Install or run program from your media.
6. In the Skype for Business Server installation window that appears, select Don’t check for updates
right now, and then click Install.
Note: In your production installations, it is a best practice to select Connect to the

internet to check for updates. You cannot select this in the lab because there is no Internet
access.
8. In the Skype for Business Server 2015 Deployment Wizard, click Install or Update
9. On the Install or update member system page, click Run for Step 1: Install Local Configuration
Store.
10. On the Configure Local Replica of Central Management Store page, confirm that Retrieve
directly from the Central Management store is selected, and then click Next.
Note: It will take approximately 10 minutes to complete this step. The local SQL Server
Express installation will take the majority of that time.
11. Verify that the Task Status is Completed, and then click Finish. If the task fails, click View Log.
12. On the Install or update member system page, click Run for Step 2: Setup or Remove
Skype for Business Server Components.
13. On the Set Up Skype for Business Server Components page, click Next.
14. Verify that the Task Status is Completed, and then click Finish. If the task fails, click View Log.
 Task 3: Obtain the certificates

1. On LON-SVR1, verify that Step 1 and Step 2 of the Install or update member system page are
complete and have green check marks.
2. On the Install or update member system page, click Run for Step 3: Request, Install or Assign
Certificates.
3. On the Certificate Wizard page, select Default certificate Server default, and then click Request.
4. Verify that LON-DC1.Adatum.com\AdatumCA is selected as the certification authority (CA).

5. Leave the automatically generated friendly name.
6. In the Organization text box, type A. Datum.
7. In the Organizational unit text box, type IT.
8. Select United Kingdom as the Country/Region.
9. In the State/Province text box, type England.
11. Review the Certificate Request Summary page, and then click Next.
12. Verify that the Task Status is Completed, and then click Next.
13. On the Online Certificate Request Status page, verify that Assign the certificate to
Skype for Business Server certificate usages is selected, and then click Finish.
14. In the Certificate Assignment Wizard that appears, click Next.
15. Confirm that the Subject Name (SN) is pchatpool.adatum.com, and then click Next.
16. Verify that the Task Status is Completed, and then click Finish.
Note: Troubleshooting tip: You can use the deployment wizard to request and assign
certificates, but also to troubleshoot certificates. Notice that two green check marks are next to
the default certificate. If there is a problem with a certificate, a red check mark or a yellow
caution icon will appear next to the certificate. You can also view the details of a certificate to
check for misconfigurations.
17. On the Certificate Wizard page, click Close.
18. Click Exit in the Skype for Business Server 2015 Deployment Wizard.
 Task 4: Verify Persistent Chat installation

1. On LON-SVR1, click the Windows PowerShell icon on the taskbar.
2. Type Start-CsWindowsService, and then press Enter.
3. At the command prompt in the Windows PowerShell command-line interface, run the following:
Get-CsWindowsService | Format-List DisplayName, Status
4. Confirm that all listed services have a status of Running.
6. On LON-SFB1, click the Skype for Business Server Control Panel icon on the taskbar.
7. When prompted for credentials, type Administrator in the Username text box and Pa$$w0rd in the
Password text box, and then click OK.
8. In Skype for Business Server 2015 Control Panel, click Topology, and then select Status.
9. Confirm that lon-svr1.adatum.com has successfully replicated with the Central Management store
and that the status is represented by an icon of a server with a green play symbol (healthy). If
required, click Refresh.
Results: After completing this exercise, you should have deployed Persistent Chat Server and the
Persistent Chat Compliance service on LON-SVR1.
Exercise 3: Registering a New Add-In

 Task 1: Confirm the add-in URL
1. On LON-SVR1, click Start on the taskbar, and then click Internet Explorer.
2. Type http://lon-svr1.adatum.com/add-in.png in the address bar, and then press Enter.
3. Verify that the add-in URL is working. You should see an A. Datum Skype for Business Reports
webpage.

 Task 2: Register the monitoring add-in

1. On LON-SFB1, open Skype for Business Server Control Panel if it is not already open, click Persistent
Chat, click Add-in, click New, select PersistentChatServer:pchatpool.adatum.com, and then click
OK.
2. In the Name text box, type IT Reports.
3. For the URL, type http://lon-svr1.adatum.com/add-in.png, and then click Commit.

When you finish this lab, do not revert all virtual machines. This lab is a prerequisite for the next lab in this
module.
Results: After completing this exercise, you should have created an add-in that will be available as a
resource for Persistent Chat room creators and managers in the IT department at A. Datum.
Lab B: Configuring and Using

Persistent Chat
Exercise 1: Configuring Chat Rooms and Policies
 Task 1: Enable Persistent Chat for users
1. On LON-SFB1, open Skype for Business Server Control Panel if it is not already open, and then click
Users.
2. On the USER SEARCH page, change the Maximum users to display value to 400, leave the search
box blank, and then click Find. Confirm how many users are currently enabled for Skype for Business.
Note: Only Amr Zaki and Ed Meadows should be currently enabled.
3. On the USER SEARCH page, click Enable users.
6. In the search results, click Aaren Ekelund, and then press Ctrl+A to select all the users in the list, and
then click OK.
8. In the Generate user’s SIP URI section, select Use the user principal name (UPN). Leave the
default values for all other settings, and then click Enable.
Note: The Administrator, Discovery Search Mailbox, Guest, and krbtgt user accounts and
system mailboxes for Microsoft Exchange Server are expected to fail. You can disregard these
errors and continue with lab.
9. On the New Skype for Business Server User page, click Cancel to return to the USER SEARCH
page.
10. On the USER SEARCH page, leave the search box blank, and then click Find.
11. Confirm that all users in the organization are now enabled for Skype for Business (385 users in the
search results).
12. On the left navigation bar, click Persistent Chat.
13. On the top navigation bar, click Persistent Chat Policy, click New, and then select User policy.
14. On the New Persistent Chat Policy page, in the Name text box, type Adatum Persistent Chat User
Policy.
15. In the Description text box, type Enables Persistent Chat for Individual Users in Adatum, select
Enable Persistent Chat, and then click Commit.
17. In the Skype for Business Server Management Shell, grant the Adatum Persistent Chat user policy to
the Sales, IT, and Research departments by using the following cmdlets:
Get-CsUser –OU “ou=sales,dc=adatum,dc=com” | Grant-CsPersistentChatPolicy –PolicyName

Get-CsUser –OU “ou=it,dc=adatum,dc=com” | Grant-CsPersistentChatPolicy –PolicyName
Get-CsUser –OU “ou=research,dc=adatum,dc=com” | Grant-CsPersistentChatPolicy –
PolicyName “Adatum Persistent Chat User Policy”
 Task 2: Create Persistent Chat categories

1. On LON-SFB1, open Skype for Business Server Control Panel if it is not already open.
2. In the left navigation pane, click Persistent Chat, click Category, and click New.
3. On the Select a Service page, select PersistentChatServer:pchatpool.adatum.com from the list,

and then click OK.
4. On the New Category page, in the Name text box, type Adatum Sales Category.
5. In the Description text box, type Dedicated Category for the Adatum Sales team. Select Enable
invitations, select Enable file upload, and then verify that Enable chat history is selected.
6. On the New Category page, in the Allowed members section, click Add.
7. On the Select Allowed Members page, in the search box, type Sales, and then click Find. In the
search results, select Sales: Organizational Unit, and then click OK.
8. On the New Category page, in the Creators section, click Add.
9. On the Select Creators page, in the search box, type Sales, and then click Find. In the search results,
select Sales: Organizational Unit, and then click OK.
Note: It is not necessary to populate the Denied members section in this scenario.
However, if you need to deny access to a user in the Sales organizational unit (OU), you could
add the user’s name to the Denied members list.
11. On the Category page, click New.

12. On the Select a Service page, select PersistentChatServer:pchatpool.adatum.com from the list,
and then click OK.
13. On the New Category page, in the Name text box, type All Adatum Category.
14. In the Description text box, type Category for all Adatum departments except Sales. Leave the
Enable invitations option cleared. Select Enabled file upload, and then verify that Enable chat
history is selected.
15. On the New Category page, in the Allowed Members section, click Add.
16. On the Select Allowed Members page, in the search box, type Adatum, and then click Find. In the
search results, select Adatum: Domain DNS, and then click OK.
17. On the New Category page, in the Denied members section, click Add.
18. On the Select Denied Members page, in the search box, type Sales, and then click Find. In the
search results, select Sales: Organizational Unit, and then click OK.
19. On the New Category page, in the Creators section, click Add.
20. On the Select Creators page, in the search box, type Adatum, and then click Find. In the search
results, select Adatum: Domain DNS, and then click OK.
 Task 3: Create and configure chat rooms

1. On the host machine, browse to C:\Program Files\Microsoft Learning\20334\Drives\, and then
double-click LON-CL1.RDP. Click Connect, and then accept all other notifications.
o User name: Adatum\Vivian
o Domain: Adatum
Note: If Remote Desktop Connection Wizard appears, click Yes.
3. Click Start, click All apps, and then select Skype for Business 2016.
4. In the First things first dialog box, select Ask me later, and then click Accept. If the Microsoft Office
5. Confirm that Vivian Atlas from the Sales department automatically signs in.
Note: Pin Skype for Business to your taskbar for easy access.
6. In the Skype for Business client, click the Chat Rooms icon, click Add a room (the plus sign), and
then select Create a Chat Room. If the Set up Internet Explorer 11 page appears, select Don’t use
recommended settings, and then click OK.
7. On the Manage Persistent Chat Rooms page, type vivian@adatum.com as the user name and

Create.
Room Name Sales Team Chat Room
Description Chat room for all Sales team members
Privacy Open
Managers Vivian Atlas; Eric Swift
Members Not applicable
Invitations Inherit invitation settings from category (true)
10. On the My Rooms page, click Create A New Room. Use the following information to create the
room, and then click Create.
Room Name Sales Management Communications
Description Sales executives use this chat room to communicate critical

information to Sales managers
Privacy Secret
Managers Vivian Atlas
Members Vivian Atlas
Invitations No invitation sent to members
11. On the My Rooms page, confirm that there are two new rooms, click Sign Out, and then close the
web browser.
Note: Now that you have created some chat rooms for the Sales team, you need to create
some rooms for the other departments so that you can verify that the organization’s
requirements are met.
12. On the host machine, browse to C:\Program Files\Microsoft Learning\20334\, and then double-
click LON-CL2.RDP. Click Connect, and then accept all other notifications.
o User name: Adatum\Amr
o Domain: Adatum
14. Confirm that Amr Zaki from the IT department automatically signs in. If the Microsoft Office
15. In the Skype for Business client, click the Chat Rooms icon, click the Add a room button (the plus
sign), and then select Create a Chat Room.
16. On the Manage Persistent Chat Rooms page, type amr@adatum.com as the user name and
Create.
Room Name Skype for Business Administration Chat Room
Description Chat room for Skype for Business administrators in the IT

department
Privacy Closed
Add-in IT Reports
Managers Amr Zaki
Members Amr Zaki
Note: Notice that there was not a category choice visible on the Create a room page. This
is because Amr is not a member of the Adatum Sales category, so the default category for the
room is the All Adatum category.
19. On the My Rooms page, click Sign Out.
20. Next to the “Your session has expired. Please sign in again” message, click Sign-in.
21. On Manage Persistent Chat Rooms page, sign in as Maxim Goldin from the Research department
by typing maxim@adatum.com as the user name, Pa$$w0rd as the password, and then click Sign
In.
23. On the Create a room page, create an additional room by using the information in the following
table, and then click Create.
Room Name Research Department Chat Room
Description Chat room for all users in the Research department
Privacy Secret
Managers Maxim Goldin
Members Maxim Goldin
24. On the My Rooms page, click Sign Out, and then close the web browser.
25. Sign out of LON-CL1 and LON-CL2.
 Task 4: Manage roles for Persistent Chat
Note: Although it is possible to add individual users to the members list for each of the
chat rooms, you might be able to take advantage of an existing scope that is already managed
elsewhere, such as an OU or a distribution group.
1. On LON-DC1, in Server Manager, click Tools, and then select Active Directory Users and
Computers.
2. In Active Directory Users and Computers, expand the Adatum.com container, right-click the IT OU,
click New, and then click Group.
3. In the New Object – Group window, type AllITDG for the Group name, select Universal for the
Group scope and Distribution for the Group Type, and then click OK.
4. Right-click the Sales OU, click New, and then select Group.
5. In the New Object – Group window, type AllSalesDG for the Group name, select Universal for the
Group scope and Distribution for the Group Type, and then click OK.
6. Right-click the Sales OU, click New, and then click Group.
7. In the New Object – Group window type SalesExecutivesDG for the Group name, select Universal
for the Group scope and Distribution for the Group Type, and then click OK.
8. Right-click the Sales OU, click New, and then click Group.
9. In the New Object – Group window, type SalesManagersDG, select Universal for the Group scope
and Distribution for the Group Type, and then click OK.
10. On LON-SFB1, on the taskbar, click Skype for Business Server Management Shell.
11. In the Skype for Business Server Management Shell, run the following cmdlets to populate the
members of the distribution groups:
$SalesUsers = Get-AdUser –Filter * -SearchBase “ou=sales,dc=adatum,dc=com”

Add-ADGroupMember –Identity “AllSalesDG” –Members $SalesUsers
$ITUsers = Get-AdUser –Filter * -SearchBase “ou=it,dc=adatum,dc=com”
Add-ADGroupMember –Identity “AllITDG” –Members $ITUsers
12. In the Skype for Business Server Management Shell, run the following cmdlets to manage the chat
room user roles:
a. To get a list of current chat rooms, run the following command:
Get-CsPersistentChatRoom | Format-List name,identity
Note: If you receive the “The current user is not part of the RTCUniversalServerAdmins
group” error while running the commands, verify that you have completed Lab A, Exercise 1,
steps 5 through 8. After adding Adatum\Administrator to the RTCUniversalServerAdmins group,
sign out of LON-SFB1, and then sign back in as Adatum\Administrator.
b. To change the Sales Team Chat Room privacy setting to Closed from Open and to configure
members of the AllSalesDG group to be the only members of the Sales Team Chat Room, run the
following command:
Set-CsPersistentChatRoom –Identity “pchatpool.adatum.com\Sales Team Chat Room” –

Privacy Closed –Members @{Add=”CN=AllSalesDG,OU=Sales,DC=Adatum,DC=com”}
c. To configure members of the AllITDG group to be members of the Skype for Business
Administration Chat Room, run the following command:
Set-CsPersistentChatRoom –Identity “pchatpool.adatum.com\Skype for Business

Administration Chat Room” –Members @{Add=”CN=AllITDG,OU=IT,DC=Adatum,DC=com”}
d. To convert the Sales Management Communications chat room to an auditorium, and to

configure Sales executives to be presenters and regional Sales managers to be members, run the
following commands:

Communications” –Type Auditorium
Communications”–Presenters @{Add=”sip:aaren@adatum.com”, ”sip:bonnie@adatum.com”}
–Members @{Add=”sip:aaren@adatum.com”, “sip:bonnie@adatum.com”,
”sip:neven@adatum.com”, ”sip:sethu@adatum.com”, ”sip:edmund@adatum.com”,
”sip:willem@adatum.com”}
Note: You must add presenters as members, or you will receive an error.
e. Run a report to verify if the changes have been made successfully:
Get-CsPersistentChatRoom | Format-List name,identity, managers, members,

presenters, type, privacy
 Task 5: Configure the Compliance service
Note: In the previous lab, you installed the Persistent Chat Compliance service and
compliance store. In this task, you will configure the adapter to send compliance information
output from the compliance store on LON-SQL1 to a local directory on LON-SVR1 for eDiscovery
purposes.
1. On LON-SFB1, in the Skype for Business Management Shell, verify the current configuration by
running the following command:
2. In the Skype for Business Management Shell, create a new site-level Persistent Chat compliance
configuration by running the following command:
New-CsPersistentChatComplianceConfiguration –Identity “site:Adatum Headquarters” -

AdapterName "XmlCompliance" -AdapterOutputDirectory “C:\ComplianceOutput\” -
AdapterType “Microsoft.Rtc.Internal.Chat.Server.Compliance.XmlAdapter,compliance” -
AddChatRoomDetails $true -AddUserDetails $true –Confirm -
CreateFileAttachmentsManifest $true -OneChatRoomPerOutputFile $false
3. In the Skype for Business Management Shell, when asked “Are you sure you want to perform this
action?”, type Y, and then press Enter. Verify that the configuration is successful by running the
following command:
Results: After completing this exercise, Sales team members should have access to their chat rooms only.
All users in the organization who are enabled with Persistent Chat should be able to create and use chat
rooms, but they should not be able to use the Sales chat rooms. Persistent Chat compliance also should
be fully functional.
Exercise 2: Validating a Persistent Chat Deployment

 Task 1: Confirm that specific users can perform appropriate activities
2. Sign in as eric@adatum.com with the password Pa$$w0rd.
3. Click Start on the taskbar, click All apps, and then select Skype for Business 2016.
4. In the First things first dialog box, select Ask me later, and then click Accept.
5. In the Skype for Business client, click the Chat rooms icon. You should have a new invitation on the
New tab.
6. In the Chat rooms view, click the Member Of tab. Notice that you are already defined as a member.
What it does not show is that you are also a manager of this room.
7. On the Member Of tab, right-click Sales Team Chat Room, and then click Follow this room.
8. On the Chat rooms view, click the Followed tab. Notice that there are two objects, Ego Feed and
Sales Team Chat Room.
10. In the Sales Team Chat Room window, type Hello Sales Team!, and then press Enter. Confirm that
the message posted, and then close the Sales Team Chat Room window.
12. Sign in as jed@adatum.com with the password Pa$$w0rd.

14. In the First things first dialog box click Ask me later, and then click Accept.
15. In the Skype for Business client, click the Chat rooms view icon. You should have a new invitation on
the New tab.
16. On the New tab, right-click Sales Team Chat Room, and then select Follow this room.
18. In the Sales Team Chat Room, notice that Eric is still listed as a participant even though you closed the
chat room on his client. Type Hello Eric, thank you for the invite! and then press Enter.
19. On LON-CL1, click the Followed tab in the Persistent Chat view of Eric’s client. Notice that there is
one new Ego Feed and two new posts to the Sales Team Chat Room.
20. On the Followed tab, right-click Ego Feed, and then click View Topic Feed Results.
21. In the Ego Feed window, notice that Eric is highlighted. This is because the default Ego Feed will track
any time a post mentions your name in any of the chat rooms that you are following.
22. Close the Ego Feed window.
23. On the Followed tab, open the Sales Team Chat Room. Notice that Jed Brown has a green check
mark next to his name. This indicates that he is online. If you point to Jed Brown’s name, his contact
information will appear, and you will see the list of all Skype for Business communication modes.
24. Close the Sales Team Chat Room window.

25. In the Chat Rooms view, click in the search box, and then type Administration. There should be no
matches. Type Management. There should not be any matches because that is a secret chat room.
26. On LON-CL1, sign out as the current user (Eric), and then sign in as aaren@adatum.com with the
password Pa$$w0rd.
29. Click the Chat rooms view icon. Notice that all Sales users received an invitation to the Sales Team
Chat Room.
30. In the Chat rooms view, in the Find someone or a room search box, type Administration. There
should not be any match. Type Management. As a presenter and a member, you should be able to
find the Sales Management Communications chat room.
31. On the Chat Rooms tab, right-click the Sales Management Communications chat room, and then
click Follow this Room.
32. In the Chat Rooms view, click the Followed tab, right-click the Sales Management
Communications chat room, and then click Open.
33. In the Sales Management Communications chat room, type Hello Sales Managers! Please follow
this chat room so that you will be able to get critical sales communications for your region.
and then press Enter.
34. Leave the conversation open, and then switch to LON-CL2.
35. On LON-CL2, sign out as the current user (Jed), and then sign in as neven@adatum.com with the
password Pa$$w0rd.
38. In the Skype for Business client, click the Chat Rooms icon.
39. In the Chat Rooms view, in the Find someone or a room text box, type management.
40. On the Chat Rooms tab, right-click Sales Management Communications, and then select Open.
41. Type Thank you Aaren! and then press Enter. What happens?
Neven’s message posts to the Sales Management Communications chat room.
42. Is this what you expected?

No. Because this is an auditorium, it is expected that this message would not post from a regular
member.
43. Switch back to LON-CL1, and then look at the conversation that is still open in Aaren’s client. Notice
that even though Neven was able to type a message, it is only visible on his computer. Only
information that presenters post is visible to every member of the auditorium chat room.
Note: Now that you have confirmed that Sales team functionality is working, you need to
test that the ethical wall is also working from outside the Sales department.
44. On LON-CL1, sign out as the current user (Aaren), and then sign in as amr@adatum.com with the
password Pa$$w0rd.
47. In the Skype for Business client, click the Chat Rooms icon, and then type Administration in the
Find someone or a room search box.
48. On the Chat Rooms tab, right-click Skype for Business Administration Chat Room, and then click
Follow this Room.
49. On the Followed tab, right-click Skype for Business Administration Chat Room, and then click
Open. Notice that the chat room opens with the add-in.
50. Close the Skype for Business Administration Chat Room.

51. In the Chat Rooms view, click in the search box, and then type Management. There should not be
any results. Type Sales. There should not be any results.
 Task 2: Confirm that the compliance XML adapter is working

2. Expand Local Disk (C:), and then click the ComplianceOutput folder.
3. Verify that a number of XML files and an Attachments folder are in the ComplianceOutput folder.
4. In the ComplianceOutput folder, look at the Date modified column, and then find the first file that
was created. Right-click the file, point to Open With, and then click Internet Explorer.
5. In Internet Explorer, examine the file content. This file should contain a logged message from
eric@adatum.com in the Sales Team Chat Room.
7. In the ComplianceOutput folder, open some of the other compliance files, and then review the
captured information.
8. Close the Internet Explorer windows when you are done.
Results: After completing this exercise, you should know if the ethical wall for the Sales team is working
or if additional changes are necessary. You will also have experienced Persistent Chat as a manager and as
a member.
Exercise 3: Troubleshooting Persistent Chat

 Task 1: Confirm what Carlos reports
1. On LON-CL1, sign out as the current user (Amr), and then sign in as carlos@adatum.com with the
password Pa$$w0rd.
4. Verify that the Chat Rooms icon is missing from the Skype for Business client for Carlos.
 Task 2: Analyze the causes of the issue

1. On LON-SFB1, open Skype for Business Server Control Panel if it is not already open, click Users, type
Carlos in the User Search box, and then click Find.
2. In the User Search results, double-click Carlos Carvallo, locate the Persistent Chat policy value,
document your results, and then click Cancel.
o Persistent Chat policy is set to Automatic. When you click View, it shows the Global policy.
3. On LON-DC1, open Active Directory Users and Computers if it is not already open, right-click the
Adatum.com container, and then click Find.
4. In the Find users, Contacts, and Groups dialog box, in the Name text box, type Carlos, and then
click Find Now.
5. In the search results, double-click Carlos’ user account.
6. On the Properties page, click the Member Of tab, and then document the groups of which Carlos is
a member.
o Domain Users, Marketing

7. Use Active Directory Users and Computers to identify in which OU Carlos’ user account is located.
Document the OU that contains his account.
o Marketing OU
 Task 3: Correct the problem

1. On LON-DC1, open Active Directory Users and Computers if it is not already open, expand the
Adatum.com container, and then click Marketing.
2. In the Marketing OU, double-click Carlos Carvallo, click the Member Of tab, click Add, type
AllSalesDG, click Check Names, and then click OK.
3. On the Properties page, click Apply, and then click OK to save and close the Properties page.
4. Right-click the Carlos Carvallo user object, and then click Move.
5. Select the Sales OU, and then click OK.
6. Click the Sales OU, and then confirm that Carlos Carvallo is there.
7. On LON-SFB1, open Skype for Business Server Control Panel if it is not already open, click Users, type
Carlos in the search box, and then click Find.
8. In the search results, double-click Carlos Carvallo.
9. Locate Persistent Chat policy, set it to Adatum Persistent Chat User Policy, and then click
Commit.
10. From the taskbar, open the Skype for Business Management Shell if it is not already open.
11. At the command prompt, type the following cmdlet to add Carlos as member of the Sales
Management Communications chat room, and then press Enter:

Communications” –Members @{Add=”sip:carlos@adatum.com”}
12. On LON-CL1, confirm that you are still signed in as carlos@adatum.com.
13. Completely exit Skype for Business by clicking the Show Menu drop-down arrow, clicking File, and
then selecting Exit.
14. Open Skype for Business again. Wait while the client signs in.
15. Click the Chat Rooms view icon, and then verify that Carlos received an invitation to the Sales Team
Chat Room.
16. In the Chat Rooms view, type Management in the Find someone or a room search box, and then
verify that the Sales Management Communications secret chat room is listed.

steps:

o 20334B-LON-CL2
o 20334B-LON-DC1
o 20334B-LON-RTR
o 20334B-LON-SVR1
o 20334B-LON-SFB1
o 20334B-LON-SFB2
o 20334B-LON-SQL1
Results: After completing this exercise, you should have identified the root cause of Carlos’ Persistent
Chat issue and resolved it.
L10-79
Module 10: Implementing High Availability in

Lab A: Pre-Lab Configuration
Exercise 1: Preparing for the Lab
 Task 1: Update topology and install back-end databases
2. On the taskbar, click the Skype for Business Server Management Shell icon.
Import-CsConfiguration –FileName C:\Labfiles\NYCSite.zip
5. Repeat step 4 until the UpToDate status on LON-SFB1 and LON-SFB2 changes to True.
Install-CsDatabase -ConfiguredDatabases -SqlServerFqdn nyc-sql3.adatum.com
7. Verify that the installation completes without errors (you may see a few warnings which you can
ignore). Close the Skype for Business Server Management Shell window.
 Task 2: Run the pre-lab configuration script

1. On NYC-SFB3, sign in as Administrator@adatum.com with the password Pa$$w0rd.
2. On the taskbar, click the File Explorer icon.

3. Navigate to C:\Labfiles, right-click 20334B_NYCPoolSetup.ps1, and then click Edit.
4. In the Windows PowerShell ISE window, verify that the 20334B_NYCPoolSetup.ps1 file is open.
5. At the Windows PowerShell command prompt, type the following cmdlet, and then press Enter:
Set-ExecutionPolicy Unrestricted -Force
6. In the Windows PowerShell ISE window, on the toolbar, click Run Script (the play icon).
Results: After completing this exercise, you will have prepared the lab environment for this module.
L10-80 Implementing High Availability in Skype for Business 2015
Lab B: Implementing High Availability

Exercise 1: Managing Front End Pools
 Task 1: Troubleshoot Front End pool availability
Note: Before you begin this lab, verify that all Microsoft Skype for Business Server 2015
services set to Automatic (Delayed Start) are running on LON-SFB1 and LON-SFB2.
3. On LON-SFB2, click the Server Manager icon on the taskbar.

4. In Server Manager, on the Tools menu, click Event Viewer.
the warning “Pool Manager changed state of Registrar with FQDN: LON-SFB1.Adatum.com to
Inactive”. Minimize the Event Viewer window.
7. On LON-SFB2, click Start, and then click Internet Explorer.

8. In Internet Explorer, navigate to https://lon-sfb2.adatum.com/cscp to connect to the Skype for
Business Server Control Panel.
Note: Because of the way DNS is currently set up, it resolves the admin.adatum.com simple
URL to lon-sfb1.adatum.com’s IP address, which is currently offline.
9. In the Windows Security dialog box, type Adatum\Administrator for the user name and
Pa$$w0rd for the password, and then click OK.
14. In the search results, click the top name in the list, press Ctrl+A to select all the users in the list, and
then click OK.
15. In the Users list, locate Administrator, Discovery Search, Guest, and SystemMailbox, and any
HealthMailbox*, Krbtgt, and Microsoft Exchange* users. Select each account, and then click
Remove.
17. In the Generate user’s SIP URI section, select Use the user principal name (UPN).
then click Enable.
Note: System/health mailboxes for Microsoft Exchange Server are expected to fail. You can
disregard these errors and continue with the lab.
21. On LON-CL1, sign in as Adam@adatum.com with the password Pa$$w0rd.
22. Click Start, click All Apps, and then select Skype for Business 2016. In the First things first dialog
box, select Ask me later, and then click Accept. If the Microsoft Office Activation Wizard appears,
click Close.
23. Verify that Skype for Business 2016 signs in automatically as adam@adatum.com. It may take up to
five minutes for Adam to sign in if routing groups are still being reassigned to LON-SFB2.
24. On LON-SFB2, click the Windows PowerShell icon on the taskbar.
25. In Windows PowerShell, run the following cmdlet to see the information about the routing group that
Adam’s account is in:
1. PrimaryPoolFQDN Pool.adatum.com
UserServicesPoolFQDN Pool.adatum.com
Note: If it takes more than two minutes to respond, close the Windows PowerShell window
and skip to step 29.
Answer: One or more servers is shut down, unhealthy, or deactivated. Ensure that they are running
and activated. Restart a server if problems persist.
29. On LON-SFB2, click Start, click Power Options (the power icon at the top-right corner), and then
click Shutdown. Click Continue to confirm that you want to shut down. Wait for it to shut down
completely.
31. In Microsoft Hyper-V Manager, in the Virtual Machines section, start 20334B-LON-SFB1 and

34. On LON-SFB1, click the Server Manager icon on the taskbar.
35. In Server Manager, on the Tools menu, click Event Viewer.
OK.
39. Review the Lync Server log for errors or warnings. Are there any errors or warnings?
Answer: There should be a number of warnings and some errors from these Skype for Business Server
Windows Fabric event sources that are generated when shutting down the primary routing group
registrar.
40. In the Actions pane, click Find. Use the Find dialog box to look for and review the following Event
IDs:

41. On LON-CL1, confirm that Adam is now connected. You might have to cancel the current connection
attempt in order to sign in.
 Task 2: Verify DNS load balancing

1. On LON-CL1, right-click Start, and then click Command Prompt (Admin).
2. When the User Account Control dialog box appears, click Yes.
3. In the Command Prompt window, type ping pool.adatum.com, and then press Enter. Confirm that
the fully qualified domain name (FQDN) resolves to one of the following two IP addresses:
172.16.0.20 or 172.16.0.21.
4. At the command prompt, type ipconfig /flushdns, and then press Enter.
5. Press the Up Arrow key twice. This should repeat the entry that you made (ping pool.adatum.com).
Press Enter.
6. Repeat steps 3 through 5 until the IP address being pinged changes to the other IP address (for
example, from 172.16.0.21 to 172.16.0.20).
Note: DNS round robin is configured on the DNS server and is the feature that changes the
sequence of the round robin records provided to the client. After the IP addresses have been
resolved, the client caches them and uses them for the DNS load-balancing process.
7. At the command prompt, type ipconfig /displaydns, and then press Enter. Verify that the cache
contains both the IP addresses.
8. If the first IP address in the local cache is not 172.16.0.20, repeat steps 3 through 5 again until the
first IP address is 172.16.0.20. Close the command prompt, and then proceed to the next step.
9. On LON-SFB1, open Server Manager if it is not already open.
10. In Server Manager, on the Tools menu, click Services.
11. In the Services window, stop the Skype for Business Server Front-End Service. Leave this window open.
12. On LON-CL1, sign out of Skype for Business by clicking the Down Arrow next to the settings icon,
clicking File, and then clicking Sign Out.
13. Click Sign in to sign back in.
If you can sign in successfully, then you can confirm that DNS load balancing is working.
14. Click Start, click Adam Barr, and then select Sign out.
15. On LON-SFB1, in the Services window, start the Skype for Business Server Front-End service.
Results: After completing this exercise, you will have simulated the maintenance process and determined
the root cause of outages. You will also have determined the current health of DNS load balancing and
the Windows Fabric.
Exercise 2: Configuring Hardware Load Balancing

 Task 1: Identify the qualified HLBs
1. On the host machine or the classroom computer with Internet connectivity, navigate to the following
URL:
Infrastructure qualified for Microsoft Lync – Load Balancers

http://aka.ms/xlftxt
2. Click the Load Balancers tile.
3. Explore the list of vendors and the vendors page.
Note: The deployment guides that you can find at this site are an invaluable resource for
properly configuring the hardware load-balancing solution that your organization chooses to
work with Skype for Business Server 2015.
 Task 2: Configure hardware load balancing for web services
Configure DNS and the HLB

1. On LON-DC1, click the Server Manager icon on the taskbar.
2. In Server Manager, on the Tools menu, click DNS.
3. In the DNS Manager tool, expand LON-DC1, expand Forward Lookup Zones, and then select
Adatum.com.
4. In DNS Manager, double-click the webint record, change the IP address to 172.16.0.120, and then
click OK.
5. Repeat step 4 for the following records:

o admin
o dialin
o lyncdiscoverinternal
o meet
o scheduler
6. Click Start, and then click Internet Explorer.

8. When you receive the warning “There is a problem with this website’s security certificate”, click
Continue to this website (not recommended).
10. In the ZEN Load Balancer GUI window, click the Settings menu, and then select Interfaces.
11. On the Settings::Interfaces page, in the Table interfaces table, locate the eth0 interface, and then
in the Actions column, click the add virtual network interface icon.
12. In the new row in the Table interfaces table, type 1 in the Name text box, type 172.16.0.120 in the
Addr text box, and then click save virtual interface in the Actions column.
13. On the Settings::Interfaces page, in the Default gateway table, click the edit default GW icon in
the Actions column. Type 172.16.0.1 in the Addr text box, and then click the save default GW icon
in the Actions column.
14. In the ZEN Load Balancer GUI window, click the Manage menu, and then select Farms.
15. On the Manage::Farms page, in the Configure a new Farm section, type SfBport80 in the Farm
Description Name text box. Select TCP for the Profile. Click Save & continue.
16. On the Manage::Farms page, in the Configure a new Farm section, select eth0:1->172.16.0.120 as
the Virtual IP, type 80 in the Virtual Port(s) text box, and then click Save.
17. On the Manage::Farms::SfBport80 page, in the Farms table section, locate the SfBport80 row, and
then click the Edit the SfBport80 farm icon in the Actions column.
18. On the Manage::Farms::tcp::SfBport80 page, in the Edit real IP servers configuration table, click
the Add Real Server icon in the Actions column. When the Server 0 row appears, type the following
information, and then click the Save Real Server 0 icon in the Actions column:
o Address: 172.16.0.20
o Port: 80
19. On the Manage::Farms::tcp::SfBport80 page, in the Edit real IP servers configuration table, click
the Add Real Server icon in the Actions column. When the Server 1 row appears, type the following
information, and then click the Save Real Server 1 icon in the Actions column:
o Address: 172.16.0.21
o Port: 80
o On the Manage::Farms::tcp::SfBport80 page, click Return to all Farms.

20. Using the process in steps 15–20, add three more farms by using the information in this table.
Name: SfBport8080
Virtual IP: eth0:1->172.16.0.120
Virtual Port: 8080
Profile: TCP
Real Server 0: 172.16.0.20
Real Server 1: 172.16.0.21
Name: SfBport443
Virtual IP: eth0:1->172.16.0.120
Virtual Port: 443
Profile: TCP
Real Server 0: 172.16.0.20
Real Server 1: 172.16.0.21
Name: SfBport4443
Virtual IP: eth0:1->172.16.0.120
Virtual Port: 4443
Profile: TCP
Real Server 0: 172.16.0.20
Real Server 1: 172.16.0.21

1. On LON-CL1, sign in as Administrator@adatum.com with the password Pa$$w0rd.
2. Open File Explorer. Navigate to the C:\PortQryUI\ folder, and then double-click portqueryui.exe.
webint.adatum.com. On the File menu, click Open Config.
Skype for Business Server 2015 HLB with DNS from the Service to Query list, and then click
Query.
This process can take several minutes. The Query button will be enabled when the process completes.
All query responses are returned as LISTENING, Endpoints found, or return code 0x00000000.
7. Close the Port Query window.
8. Click Start, click Administrator, and then select Sign out.

2. If necessary, click Start, click All Apps, then select Skype for Business 2016. If the Microsoft Office
Activation Wizard window appears, click Close.
Skype for Business 2016 will try to sign in automatically as adam@adatum.com.
Yes. Adam is able to sign in.
4. Click the Show Menu arrow next to the Options icon. Click Tools, and then select Dial-in
Conferencing Settings.
5. Did the Dial-in Conferencing Settings and PIN Management window appear?
Yes. The window does appear.
6. Open Microsoft Edge, and navigate to https://admin.adatum.com.

7. What does the sign-in dialog box say that you are connecting to?
Connecting to webint.adatum.com
8. Click Cancel and close Microsoft Edge.
9. Click Start, click Adam Barr, and then select Sign out.
Note: If you were able to connect to the Dial-in and Admin web services, then the HLB is
working properly.
 Task 3: Configure hardware load balancing for all services

1. On LON-DC1, in the DNS Manager tool, expand LON-DC1, expand Forward Lookup Zones, select
Adatum.com, right-click the Adatum.com zone, and then click New Host (A or AAAA).
2. In the New Host window, in the Name text box, type pool, in the IP address text box, type
172.16.0.120, and then click Add Host.
3. Click OK to close the DNS dialog box.
4. Click Done to close the New Host window.
5. In DNS Manager, right-click the pool record for 172.16.0.20, click Delete, and then click Yes to
confirm.
6. In DNS Manager, right-click the pool record for 172.16.0.21, click Delete, and then click Yes to
confirm.
8. On the Topology Builder welcome page, click OK to download the topology from the existing
deployment. If the Download Current Topology window appears, wait for a few seconds.
9. In the Save Topology As dialog box, type HLBConfig.tbxml, and then click Save.
10. In the Topology Builder window, expand the Skype for Business Server node, expand the Adatum
Headquarters node, expand the Skype for Business Server 2015 container, expand the Enterprise
Edition Front End pools container, right-click pool.adatum.com, and then click Edit Properties.
11. On the Edit Properties page, click Web Services.

12. Clear Override FQDN, and then click OK.
13. Right-click pool.adatum.com, click Topology, and then click Publish.
14. On the Publish Topology page, click Next. After the publishing wizard completes, under Next
Steps, select Click here to open to-do list. Review the NextSteps.txt file, and then close Notepad.
15. On the Publishing Topology page, click Finish. Close the Topology Builder window.
16. On LON-SFB1, on the taskbar, click Skype for Business Server Management Shell, run the
following cmdlet, and then confirm that the UpToDate value is True on all replicas:
.\Bootstrapper.exe
19. Wait for the bootstrapper to complete, and then close the Skype for Business Server Management
Shell window.
20. On LON-SFB2, open the Skype for Business Management Shell.

.\Bootstrapper.exe
23. Wait for the bootstrapper to complete, and then close the Skype for Business Server Management
Shell window.
 Task 4: Troubleshoot the HLB

2. If necessary, click Start, click All Apps, and then select Skype for Business 2016. If the Microsoft
Office Activation Wizard window appears, click Close.

Yes. Adam is able to sign in.
4. Click Start, click Adam Barr, and then select Sign Out.
5. On LON-CL1, sign in as anil@adatum.com with the password Pa$$w0rd.
6. Click Start, click All Apps, then select Skype for Business 2016. If you are prompted with the First
things first dialog box, click Ask me later, and then click Accept. If the Microsoft Office Activation
Wizard window appears, click Close.
Skype for Business 2015 will try to sign in automatically as anil@adatum.com.

Anil’s sign-in attempt after topology change.
7. What do you think is the reason for what you just observed?
Adam has cached sign-in information, so he is still connecting directly to the pool and not going
through the HLB. Anil is using the new pool.adatum.com virtual IP address for the HLB, but the HLB is
not configured for this type of connection, and therefore he cannot connect.
8. Click Start, click Anil Elson, and then click Sign Out.
9. On LON-CL1, sign in as adam@adatum.com with the password Pa$$w0rd. Wait for the Skype for
Business 2016 client to start. If the Microsoft Office Activation Wizard window appears, click Close.

10. In the Skype for Business 2016 client, click the Show Menu drop-down arrow next to the Options
icon, click File, and then click Sign Out.
11. Click Delete my sign-in info, and then click Yes to confirm that you want to forget this sign-in
information.
12. Click Sign In. Document the results.
Sign in error when connecting to HLB.

1. On LON-CL1, open File Explorer. Navigate to the C:\PortQryUI\ folder, and then double-click
portqueryui.exe.
pool.adatum.com. On the File menu, click Open Config.
Skype for Business Server 2015 HLB ONLY from the Service to Query list, and then click Query.
This process can take several minutes. When the Query button is no longer disabled, it means that
the process is complete.
Web service queries are succeeding for 80, 443, 8080, and 4443. All other query responses are
returned as FILTERED, Endpoints not found, or return code 0x00000002.
6. Leave the Port Query window open.
7. Check that the destination FQDN is lon-sfb1.adatum.com.
8. Verify that Query predefined services is still selected.
9. Verify that Skype for Business Server 2015 HLB ONLY is still selected in the Service to Query list.
10. Click Query.
More query responses are returned as LISTENING, Endpoints found, or return code 0x00000000.
Ports 5072, 5073, 5075, 5071, and 5080: NOT LISTENING.

For more information on the required ports for Skype for Business Server and HLBs, refer to the
following website:
Ports and protocols for internal servers in Skype for Business Server
http://aka.ms/h0n2v7
Remediate the problem
Note: Changing the IP address of the HLB virtual IP (VIP) address to point to one of the
Front End pool nodes is also a good troubleshooting technique to determine the source of the
problem. The disadvantage is that this is just a temporary fix, because it will prevent load
balancing.
1. On LON-DC1, click Start, and then select Internet Explorer.
3. When you receive the warning “There is a problem with this website’s security certificate”, click
Continue to this website (not recommended).
5. In the ZEN Load Balancer GUI window, click the Settings menu, and then select Backup.
6. On the Settings::Backup page in the Backup Files section, click the upload backup icon in the
Action column.
7. In the Upload File – Internet Explorer window, click Browse.
8. In the Choose File to Upload window, navigate to C:\Labfiles, select backup-HLBOnly.tar.gz, and
then click Open.
9. In the Upload File – Internet Explorer window, click Upload Backup, and then close the Upload File
window.
10. On the Settings::Backup page in the Backup Files section, click the Apply backup-HLBOnly.tar.gz
backup and restart Zen Load Balancer service icon (green checkmark) in the Action column.
11. In the ZEN Load Balancer GUI window, click the Manage menu, and then select Farms. Confirm that
additional ports for Skype for Business Server have been added.
Note: If any of the farms show down (red) status, click the corresponding Start the
Farmname Farm icon in the Actions column. Confirm all farms are up (green) before
continuing. It may be necessary to reset the LON-LB virtual machine to get all farms to show a
green status.
Test client connection

1. On LON-CL1, confirm that you are still signed in as adam@adatum.com with the password
Pa$$w0rd.
2. If the Skype for Business client is still running and the error is still displayed, cancel the sign-in
process.
3. Sign in to Skype for Business as adam@adatum.com.
Yes. Adam can sign in now that additional ports have been added to the HLB configuration.

Do not revert this lab
You must complete this lab before you can start lab in Module 11, “Implementing Disaster Recovery in
Skype for Business 2015”.
Results: After completing this exercise, you will have identified the HLBs that are qualified to work with
Skype for Business Front End pools. You will also have configured DNS to support an HLB and fixed HLB
connectivity issues.
L11-93
Module 11: Implementing Disaster Recovery in

Lab: Implementing and Performing
Disaster Recovery
Exercise 1: Configuring Pool Pairing
 Task 1: Define paired pools in Topology Builder and publish the topology
1. On LON-SFB1, click the Skype for Business Server Topology Builder icon on the taskbar.
2. In Skype for Business Server 2015 Topology Builder, select Download Topology from existing
deployment, and then click OK. If the Download Current Topology window appears, wait a few
seconds.
3. In the Save Topology As dialog box, type PoolPairing as the File name, and then click Save.
4. In Skype for Business Server 2015 Topology Builder, expand Skype for Business Server, expand
End pools, right-click pool.adatum.com, and then click Edit Properties.
5. In the Edit Properties dialog box, click Resiliency in the navigation pane, and then select
Associated Backup Pool.
click OK.
8. On the Publish the Topology page, click Next.

click Next.
 Task 2: Update Front End Servers in both pools

the Backup Service:

.\Bootstrapper.exe
3. At the Windows PowerShell command prompt, run the following command:
5. At the Windows PowerShell command prompt, repeat steps 2 and 3.

L11-94 Implementing Disaster Recovery in Skype for Business 2015
Shell.
7. At the Windows PowerShell command prompt, repeat steps 2 and 3.
8. Close Skype for Business Server Management Shell.
 Task 3: Verify Backup Service synchronization

2. To move the Sales users, at the Windows PowerShell command prompt, type the following command,
and then press Enter:
3. Type A to confirm the command and press Enter.
Synchronize data between paired pools

Shell. In the Skype for Business Server Management Shell, force data synchronization of both pools
by using the following commands:

3. What is the OverallExportStatus on each pool?
SteadyState or FinalState is expected for both pools.
4. What is the OverallImportStatus on each pool?
NormalState is expected for both pools.
Results: After completing this exercise, you will have enabled pool pairing and installed the Backup
Service on pool.adatum.com and ny-pool.adatum.com. Finally, you will have confirmed the Backup
Service synchronization.
Exercise 2: Performing Pool Failover and Failback

 Task 1: Sign in to London and New York clients
1. On LON-CL1, sign in as ed@adatum.com with the password Pa$$w0rd.
2. If necessary, click Start, click All Apps, and then select Skype for Business 2016.
3. Confirm that Ed Meadows automatically signs in to the Skype for Business client. Leave the Skype for
Business client open.
4. In the Skype for Business client, type aaren@adatum.com in the search box. Right-click Aaren
Ekelund in the My Contacts area, and then click Add to Favorites.
6. Right-click Start and select Control Panel. In the Control Panel window, select Network and
Internet, and then click Network and Sharing Center.
7. In the Network and Sharing Center, click Change adapter settings.
8. In Network Connections, right-click LON_Network, and then click Disable.
9. In Network Connections, right-click NYC_Network, and then click Enable.
10. Close Network Connections.
11. Close the Network and Sharing Center.
12. Click Start, click All Apps, and then select Skype for Business 2016.
13. In the First things first dialog box, click Ask me later, and then click Accept. If the Microsoft Office
Activation Wizard window appears, click Close.
14. Confirm that Aaren Ekelund automatically signs in to the Skype for Business client.
15. In the Skype for Business client, type ed@adatum.com in the search box. Right-click Ed Meadows in
the My Contacts area, and then click Add to Favorites.
16. Leave the Skype for Business client open.
 Task 2: Simulate NYC-SFB3 server failure

1. On NYC-SFB3, click Start, select the Power Options icon (top-right corner of the Start window), and
then click Shutdown.
2. In the Choose a reason dialog box, click Continue. Wait for the virtual machine to shut down.
o Is Aaren still signed in?
No. Aaren has been signed out.
o Is Ed still signed in?
Yes. Ed is still signed in.

5. On LON-CL2, wait for five minutes, and then confirm that Aaren is able to sign in to the backup
Registrar automatically.
6. When the Skype for Business dialog box appears, click OK to close it.
7. Confirm that Aaren’s client is now in Resiliency mode by observing the limited functionality error in
the client, and then answer the following question:
o Is the Ed Meadows contact still available?
No. All the contacts are missing.
 Task 3: Initiate the pool failover

2. At the Windows PowerShell command prompt, run the following command to ensure that you have a
Central Management store backup:
3. At the Windows PowerShell command prompt, run the following command to locate the Central
Management Server:
Note: By using the –WhatIf parameter, you can see the current Central Management Server
and the backup server without making any changes. Currently the Central Management Server is
not the failed pool (ny-pool.adatum.com), so it will not be necessary to fail over the Central
Management Store prior to failing over the pool. If it was on the failed pool, you would need to
run the previous cmdlet without the –WhatIf parameter prior to failing over the pool.
4. At the Windows PowerShell command prompt, run the following command to identity if the failed
pool was using database mirroring, and which Back End Server is the principal:
Get-CsDatabaseMirrorState -DatabaseType CentralMgmt -PoolFqdn ny-pool.adatum.com
The message Cannot find a mirror service with role name “CentralMgmtStore” appears if
database mirroring is not used. This is expected in this lab. You can move on to the next step.
5. At the Windows PowerShell command prompt, run the following command to fail over the users
from ny-pool.adatum.com (New York) to pool.adatum.com (London):
Invoke-CsPoolFailover –PoolFqdn “ny-pool.adatum.com” –DisasterMode
6. In the Windows PowerShell window, when prompted, type Y, and then press Enter.
 Task 4: Confirm capabilities

 On LON-CL2, wait for two minutes, verify the state of the Skype for Business client, and then answer
the following questions:
o Is Aaren still in Resiliency mode?
No. Aaren is no longer in Resiliency mode.
o Is the Ed Meadows contact available?

Yes. Presence and contacts are now visible in the client.
 Task 5: Recover the failed pool and initiate failback

1. On the host machine, open Microsoft Hyper-V Manager.
2. In Hyper-V Manager, right-click 20334B-NYC-SFB3, and then click Start. Right-click

20334B-NYC-SFB3, and then click Connect. Wait for the virtual machine to start. Sign
in as Adatum\Administrator with the password Pa$$w0rd.
Note: Verify that all Skype for Business Server services set to Automatic (Delayed start) on
NYC-SFB3 are running before continuing.
3. On LON-SFB1, open the Skype for Business Server Management Shell if it is not already open.
4. At the Windows PowerShell command prompt, run the following command to get the Backup Service
status for ny-pool.adatum.com:
Get-CsBackupServiceStatus –PoolFqdn “ny-pool.adatum.com”
5. In the Skype for Business Server Management Shell, verify that OverallExportStatus is in a
SteadyState or FinalState and that OverallImportStatus is in a NormalState for the Backup
Service.
6. At the Windows PowerShell command prompt, run the following command to start the failback
process:
Invoke-CsPoolFailBack –PoolFqdn “ny-pool.adatum.com”
7. When prompted, type Y, and then press Enter.
8. In the Skype for Business Server Management Shell, verify that the failback process completes. Review
the warnings, and then confirm that the Users of pool ny-pool.adatum.com will have full services
now warning is generated.
Note: It can take about five minutes for the Backup Service to complete synchronization in
this lab environment. In a production environment, the synchronization duration might be more
or less. If Aaren signs out and signs in, the client will be in Resiliency mode until Backup Service
completes synchronization.
9. On LON-CL2, click the Show hidden icons up arrow in the taskbar. While holding down the Ctrl key
on the keyboard, right-click the Skype for Business 2016 icon, and then select Configuration
Information.
10. In the Skype for Business Configuration Information window, confirm that NY-Pool.adatum.com is
the Skype for Business Server.
Note: If the server running Skype for Business Server is pool.adatum.com, then the client is
still connected to the backup Registrar. You can sign out of the Skype for Business client and sign
back in to force the client to connect to its home pool.
o Is Ed still signed in?
Yes. Ed is still signed in.

When you finish the lab, revert all the virtual machines to the starting image state by performing the
following steps:
2. In Hyper-V Manager, click 20334B-LON-DC1, and then in the Checkpoints pane, click the
StartingImage checkpoint.
3. In the Actions pane, click Apply. When the Apply Checkpoint dialog box appears, click Apply.
o 20334B-LON-RTR
o 20334B-LON-CL1
o 20334B-LON-CL2
o 20334B-LON-SQL1
o 20334B-LON-SFB1
o 20334B-LON-SFB2
o 20334B-NYC-SQL3
o 20334B-NYC-SFB3
Results: After completing this exercise, you will have simulated the New York pool outage and initiated
pool failover from ny-pool.adatum.com to pool.adatum.com. You will also have validated the user
experience during the failover and failback process.
L12-99
Module 12: Integrating with Skype for Business Online

Lab: Designing a Hybrid Skype for Business
Deployment
Exercise 1: Designing the Hybrid Skype for Business Environment
 Task 1: Prepare for the hybrid Skype for Business deployment
1. What changes to the current environment should A. Datum Corporation make before it can start the
hybrid Skype for Business deployment?
Answer:
You will need to change the user principal name (UPN) and Session Initiation Protocol (SIP) domain.
All users are utilizing Adatum.local as the SIP domain; this will need to change to a publicly routable
domain such as Adatum.com. To make the change, you will need to add this domain name as a UPN
to the domain and assign it to all users. You will then need to add the domain name as a SIP domain
in Skype for Business and instruct all users to use that domain name when they sign in to
Skype for Business.
You will need to add the Adatum.com domain to the Microsoft Office 365 tenant and verify the
domain name. To do this, you will need to add the text (TXT) resource record that is provided when
you register the domain to the external Domain Name System (DNS) zone for adatum.com.
You will need to add the Lyncdiscover.adatum.com, _sip._tls.adatum.com, and

_sipfederationtls._tcp.adatum.com records to the external adatum.com DNS zone.
2. What infrastructure components will A. Datum need to deploy before it can start the hybrid
Answer:
You will need to complete an Edge Server deployment and configure federation. To meet the high
availability requirements, you will need to deploy at least two Edge Servers and configure DNS load
balancing. When configuring the Edge Server deployment, you need to obtain publicly trusted
certificates for the Edge Servers and the reverse proxy servers.
You will need to deploy a directory synchronization solution to replicate the on-premises domain user
accounts to Office 365. We recommend Microsoft Azure Active Directory (Azure AD) Connect.
Two options are available for ensuring that users can use the same user name and password when
signing in to Skype for Business. You could deploy password synchronization with Azure AD Connect,
or you could deploy Active Directory Federation Services (AD FS). Because AD FS requires several new
servers, we recommend password synchronization.
L12-100 Integrating with Skype for Business Online
3. What steps will A. Datum need to take to complete the hybrid Skype for Business deployment?
Answer:
If you complete all of the prerequisite steps, you will be able to complete the rest of the hybrid
Skype for Business deployment by using Skype for Business Server Control Panel:
a. In Skype for Business Server Control Panel, authenticate to the Office 365 tenant by using
administrator credentials.
b. Run the Set Up Hybrid with Skype for Business Online Wizard. It will evaluate the current state of
the deployment. Then, it completes the following steps to configure the hybrid environment:
 It configures the federated partner settings for your Edge Server deployment.
 It configures a new hosting provider for the Skype for Business Online tenant, and it
configures the on-premises environment to share an address space with the hosting
provider.
 It configures the Skype for Business Online tenant to share an address space with the on-
premises Skype for Business environment.
c. You then can use Skype for Business Server Control Panel to move the pilot users to
 Task 2: Discuss your solution with the class

 Present your proposed solution to the class. Discuss alternative solutions with other students and with
the instructor.
Results: After completing this exercise, you should have designed a hybrid Skype for Business
environment for A. Datum.
L13-101
Module 13: Planning and Implementing an Upgrade to

Lab: Performing an In-Place Upgrade of
Microsoft Lync 2013 to Skype for Business
Server 2015
Exercise 1: Installing Skype for Business Administrative Tools
 Task 1: Install Skype for Business administrative tools on TREY-SVR1
1. Switch to TREY-SVR1.
3. On the desktop, on the taskbar, click the File Explorer icon.
4. In File Explorer, expand drive D, expand Setup, expand amd64, and then click Setup.exe.
5. Wait for Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.21005 to complete.
6. If the Skype for Business Server 2015 window prompts for updates, select Don’t check for updates
right now, and, then click Install.
7. In the License Agreement dialog box, select I accept the terms in the license agreement, and then
click OK.
8. Wait for the installer to install Skype for Business Server Core Components, which consist of the Skype
for Business Deployment Wizard and the Skype for Business Server Management Shell.
9. In the Welcome to Skype for Business Server 2015 deployment window, click Install Administrative
Tools.
10. In the Install Administrative Tools window, click Next.
11. Wait while the administrative tools and components install.
Note: Administrative tools include Skype for Business Server Topology Builder and the
12. When the Executing Commands window displays Task status: Completed, click Finish to close the
Install Administrative Tools window.
13. On the Welcome to Skype for Business Server 2015 deployment page, click Exit.
14. Close File Explorer if it is still open.
Note: You have now installed the Skype for Business Server administrative tools on
TREY-SVR1.
L13-102 Planning and Implementing an Upgrade to Skype for Business Server 2015
 Task 2: Upgrade the Lync Server 2013 pool to Skype for Business Server, and publish
the topology
1. Switch to TREY-SVR1.
2. On TREY-SVR1, from the Start menu, click to the Apps page (down arrow icon), and open Skype for
Business Server Topology Builder.
3. In the Skype for Business Server 2015 Topology Builder window, accept the default of Download
Topology from existing deployment, and then click OK.
4. Wait for the topology download to complete.
5. In the Save Topology As window, in the File name text box, type PreUpgrade, and then click Save.
6. In the Skype for Business Server 2015 Topology Builder window, in the left navigation pane, expand
Skype for Business Server, expand London, expand Lync Server 2013, and then expand Standard
Edition Front End Servers. Right-click TREY-LYNC.TreyResearch.net, and on the context menu,
click Upgrade to Skype for Business Server 2015.
7. In the Upgrade to Skype for Business Server 2015 window, click Yes. This will move
TREY-LYNC.TreyResearch.net to the Skype for Business Server 2015 folder structure in
the navigation pane.
8. In the left navigation pane, at the top, right-click Skype for Business Server, and then click Publish
Topology.

10. Wait for the Publish Topology task to complete.
11. Click Click here to open to-do list.
12. Review the to-do list that opens in Notepad, and then close Notepad.
13. In the Publishing wizard complete page, click Finish.
14. Close the Skype for Business Server 2015 Topology Builder window.
15. Sign out from TREY-SRV1.
Results: After completing this exercise, you should have installed the Skype for Business administrative
tools on TREY-SVR1, and opened the Skype for Business Server Topology Builder. In addition, you
should have downloaded topology from the existing deployment, selected the Lync Server 2013
TREY-LYNC.TreyResearch.net for in-place upgrade, and published the topology.
Exercise 2: Performing In-Place Upgrade from Lync Server 2013 to

 Task 1: Run Skype for Business Server 2015 Setup.exe installer
1. Switch to TREY-LYNC.
3. From the Start menu, click to the Apps page (down arrow icon), and then click Lync Server
Management Shell.
4. In the Lync Server Management Shell, at the command prompt, type the following command, and
then press Enter to verify the replication of the topology:
5. Validate that the replication status UpToDate has a value of True. If it does not, wait a few minutes,
and then rerun the following command:
Contact the instructor if the status remains in status False.
6. In the Lync Server Management Shell window, type the following command, and then press Enter to
stop all Lync Server 2013 services prior to upgrading:
Disable-CsComputer –Scorch
7. In the Disable Computer description, type Y, and then press Enter.

8. After the previous cmdlet has completed running, close the Lync Server Management Shell window.
9. On the desktop, on the taskbar, click the File Explorer icon.
10. In File Explorer, expand drive D, expand Setup, expand amd64, and then double-click Setup.exe.
11. Wait for Microsoft Visual C++ 2013 Redistributable (x64) – 12.0.21005 installation to complete.
12. In the Skype for Business Server 2015 Check for Updates? dialog box, select Don’t check for
updates right now, and then click Next.
13. In the License Agreement window, select the I accept the terms in the license agreement check
box, and then click OK.
14. Wait while the Skype for Business Server 2015 In-Place Upgrade wizard completes the full cycle of
verifying prerequisites, uninstalling Lync Server 2013 components, installing Skype for Business Server
2015, and upgrading and re-attaching the databases.
Note: This can take up to couple of hours to complete.
15. When the upgrade completes, click OK twice to exit the installer.
16. Close all windows.
17. From the Start menu, open the Skype for Business Server Management Shell.
18. In the Skype for Business Server Management Shell, at the command prompt, type the following
command, and then press Enter to start the TREY-LYNC.TreyResearch.net pool:
Start-CsPool –PoolFQDN TREY-LYNC.TreyResearch.net –verbose
19. Press Y, and when the message “Please make sure all servers in the Skype for Business Server pool
have Skype for Business Server 2015 or greater version” displays, press Enter.
L13-104 Planning and Implementing an Upgrade to Skype for Business Server 2015
20. Wait for the Start-CsPool cmdlet to complete executing.
Note: This can take from a few seconds to several minutes depending on
Windows Fabric.
21. When the Start-CsPool cmdlet has completed executing, type the following command, and then
press Enter to validate that services are running:
Note: You have now completed a full in-place upgrade to Skype for Business Server.
22. Shut down all virtual machines.
Results: After completing this exercise, you should have validated the replication of the Central
Management Store (CMS) and performed an in-place upgrade of TREY-LYNC.TreyResearch.net from
Lync Server 2013 to Skype for Business Server.

20334B ENU TrainerHandbook PDF

Hochgeladen von

Dokumentinformationen

Originaltitel

Copyright

Verfügbare Formate

Dieses Dokument teilen

Dokument teilen oder einbetten

Freigabeoptionen

Stufen Sie dieses Dokument als nützlich ein?

Sind diese Inhalte unangemessen?

Copyright:

Verfügbare Formate

20334B ENU TrainerHandbook PDF

Hochgeladen von

Copyright:

Verfügbare Formate

MCT USE ONLY.

STUDENT USE PROHIBITED

Microsoft and the trademarks listed at http://www.microsoft.com/trademarks are trademarks of the

Part Number: X20-83318

a. If you are a Microsoft IT Academy Program Member:

b. If you are a Microsoft Learning Competency Member:

d. If you are an End User:

e. If you are a Trainer.

3. LICENSED CONTENT BASED ON PRE-RELEASE TECHNOLOGY. If the Licensed Content’s subject

11. APPLICABLE LAW.

This limitation applies to

LIMITATION DES DOMMAGES-INTÉRÊTS ET EXCLUSION DE RESPONSABILITÉ POUR LES

Revised July 2013

Stan Reimer – Content Developer

Allan Jacobs – Content Developer

Richard Luckett – Content Developer

Clifton Leonard – Content Developer

Jan Fredborg – Content Developer

Lesson 1: Overview of Skype for Business Components and Features 1-2

Lesson 2: Introduction to the Skype for Business Administrative Tools 1-14

Module Review and Takeaways 1-25

Module 2: Installing and Implementing Skype for Business Server 2015

Lesson 1: Server and Service Dependencies 2-2

Lesson 3: Installing Skype for Business Server 2-20

Lab B: Deploying Skype for Business Server 2-34

Module 3: Administering Skype for Business Server 2015

Lesson 1: Using Skype for Business Server Control Panel 3-2

Lesson 3: Implementing Role-Based Access Control 3-12

Lesson 5: Tools for Troubleshooting Skype for Business 3-20

Lab B: Using the Skype for Business Troubleshooting Tools 3-25

Module Review and Takeaways 3-31

Module 4: Configuring Users and Clients in Skype for Business 2015

Lesson 1: Configuring Users 4-2

Lesson 2: Deploying the Skype for Business Client 4-6

Lesson 3: Registration, Sign-In, and Authentication 4-9

Lesson 4: Configuring Skype for Business Client Policies 4-19

Lesson 5: Managing the Skype for Business Address Book 4-25

Module Review and Takeaways 4-32

Module 5: Configuring and Implementing Conferencing in Skype for Business 2015

Lesson 1: Introduction to Conferencing in Skype for Business 2015 5-2

Lab A: Installing and Configuring Office Online Server 5-14

Lesson 3: Bandwidth Planning 5-17

Lab B: Configuring Conferencing in Skype for Business Server 5-31

Module Review and Takeaways 5-34

Module 6: Implementing Additional Conferencing Options in Skype for

Lesson 1: Overview of the Conferencing Life Cycle 6-3

Lesson 3: Deploying Dial-In Conferencing 6-15

Lesson 4: Configuring an LRS 6-24

Lesson 5: Configuring Large Meetings and Skype Meeting Broadcasts 6-28

Lab B: Configuring Additional Conferencing Modalities 6-32

Module Review and Takeaways 6-37

Module 7: Designing and Implementing Monitoring and Archiving in

Lesson 1: Components of the Monitoring Service 7-2

Lab A: Implementing Monitoring 7-11

Lesson 2: Overview of Archiving 7-15

Lesson 3: Designing an Archiving Policy 7-19

Lesson 4: Implementing Archiving 7-24

Lab B: Implementing Archiving 7-27

Module Review and Takeaways 7-33

Module 8: Deploying Skype for Business 2015 External Access

Lesson 1: Overview of External Access 8-2

Lesson 2: Configuring External Access Policies and Security 8-5

Lab A: Designing and Implementing External User Access 8-15