Category Archives: Skype for Business

Skype for Business unplanned DR failover and Fail back

Skype for Business November 15, 2017 Comments: 2

This article outlines the unplanned failover and fail back for Skype for business. However the DR setup must be provisioned in order for the DR activation to happen.

The deployment must have the below setup :

1)Skype for Business HQ Front end, HQ SQL ,HQ OOS will be part of the HQ active directory site.

2) HQ site will have its dedicated Edge server.

3) Skype for Business DR Front end, DR SQL and DR OOS will be part of the DR active directory site.

4) DR site will have its dedicated Edge server.

5) DR front end, edge servers will be in the same Skype for Business Site since the site is a standby site.

6) Synchronous data Replication will be enabled between the HQ FE pool and the DR FE pool .

7) DR sql store information must be published in the topology builder.

8) Associated backup pool must be specified as DR Skype for business FE pool in the topology builder.DR file stores must be published in the topology builder.

9) HQ and DR site edge servers DNS name spaces can be load balanced. DR site must be made unavailable during normal scenario and connections  to DR edge must be allowed only during DR scenario.

10) Required communication from HQ to DR FE,SQL should be present for the Pool replication to happen.

Example of DR setup with main site:

 

SFB112

Procedure to activate unplanned DR failover:

In case of unplanned failover its a total disaster where the main site will be completely unavailable.

So the  CMS (Central Management Store) ,HQ fe pool and HQ edge services will not be accessible during this scenario.

Below steps can be used:

1) Configure in the DNS load balancer and make sure the edge server DNS name spaces are ready to accept connections in the DR site edge server. There are multiple ways to achieve this based on the network setup. As a last resort also we can add simply 2 entries (hq & dr) on the DNS name spaces and stop the DR edge services. We can activate the DR edge services only during the DR scenarios.

2) Activate the CMS

We can try to run the below command to see the CMS status

Invoke-CsManagementServerFailover -Whatif

This command will throw an error because this CMS is not available since it was present in the main site and main site is totally in accessible.

SFBDR7

In a normal state when the main site is available in a planned failover the result of the command will be the below

SFBDR8

It will let us know the current state of the CMS and the proposed state of the CMS after the failover.

SFBDR9

3) In this scenario the CMS needs to be activated forcefully by the below command

Invoke-CsManagementServerFailover -BackupSqlServerFqdn “DRSQLFQDN” –BackupSqlInstaceName “BACKUPDRSQLINSTANCE” –Force:$true

Untitled11

SFBDR1

4) Wait for the replication status to be completed:

We can check the replication status by below command

Get-CsManagementStoreReplicationStatus | ft

5) Reconfigure Edge Federation Route  via DR edge and publish topology and run the setup on all edge servers.

Enable the federation on DR edge and modify the federation route via DR edge.

Untitled21

Untitled12

6) Failover the Pool using disaster mode switch.

Invoke-CsPoolFailOver -PoolFqdn “poolfqdn” -Force -DisasterMode

Untitled14

Failback to HQ site:

Once after the main site is back  make sure the  DNS name spaces are available in the main site

1)  Failover the CMS

Invoke-CsManagementServerFailover

Wait for the CMS replication to complete in the main site.

2) Failback the FE pool to the main site.

Invoke-CsPoolFailBack -PoolFqdn “poolfqdn”

SFBDR2

3) Reconfigure Edge Federation Route and publish topology and run the setup on all edge servers.

Note: The DNS routing and the VOIP component SIP/PSTN integration will vary in each and every deployment .The DR setup and failover needs to be taken into consideration  according to these configuration.

Thanks & Regards
Sathish Veerapandian

Skype for Business Meeting error – Application Sharing Server has reached moderate capacity

Skype for Business April 24, 2017 Leave a comment

This might occur when multiple meetings with high number of participants is initiated the Skype for Business pool is unable to process this request.

We can also see the following logs recorded in the FE servers also:

Log Name: SFB Server
Source: LS ApplicationSharing Conferencing Server
Event ID: 32032
Task Category: (1304)
Level: Warning
Description:
Internal Application Sharing Server health monitoring has detected that Application Sharing Server is running at a moderate capacity.

Application Sharing Server Health State: Loaded
Cause: Application Sharing Server has reach moderate capacity.

This application sharing parameter is controlled by MaxBandwidthPerAppSharingServiceMb

What is MaxBandwidthPerAppSharingServiceMb parameter used for ?

This value Indicates the maximum amount of bandwidth (in megabytes) set aside(allocated) for the Application Sharing Conferencing service.
MaxBandwidthPerAppSharingServiceMb can be set to any integer value between 50 and 100000, inclusive. The default value is 375 megabytes.

This setting is applied and restricted to share the bandwidth within the pool at the org level and not in the server level.
Changing this value cannot be scoped only on specific servers.

Solution for this problem:

Run Get-CsConferencingConfiguration
Look for the value MaxBandwidthPerAppSharingServiceMb.

The default value is 375 MB . Increase them to some extra value and see the results.

The value can be increased by running the below command:

Set-CsConferencingConfiguration -Identity conferencingconfigurationname -MaxBandwidthPerAppSharingServiceMb “MBSizeValue”

But the strange thing is really hard to identify this actual consumed value from the default 375MB which should be sufficient for a conferencing type for the Application sharing like a powerpoint in the presentation using Remote Desktop Protocol (RDP) protocol.

Whenever a meeting is schedule in Skype for Business server will create an entry in the Conferencing database but it will not reserve any memory in prior for the meeting which is going to occur in future. It will use the built in load balancing logic which will dynamically/instantly allocate conferencing resources on the FE servers based on the load on all FE servers and number of meeting that is occurring at the moment.

So here the value is exceeding because the pool is already running at its peak threshold level of its allocated capacity.May be if more meeting is initiated with more than 300 participants the Pool might run out of resource and this issue might occur.

The Conferencing CDR tables has the below records:

Conferences table in Skype for Business Server 2015:
Stores information about all conferences that were archived or whose details were recorded, including ConferenceURI, and start and end time.
ConferenceSessionDetails table in Skype for Business Server 2015:
Stores information about every SIP-based conference session, including start and end time, user ID, response code, and diagnostic ID for each session.
FocusJoinsAndLeaves table in Skype for Business Server 2015:
Stores information about conference joins and leaves, including users’ role and client version.
McuJoinsAndLeaves table in Skype for Business Server 2015:
Stores information about the A/V Conferencing Servers that are involved in a conference and the user join and leave times.

If the  organization requires meetings with greater than 250 participants, we need to plan for a dedicated pool to support the load

We can use the capacity planning conferencing for meeting – https://technet.microsoft.com/EN-US/library/mt297718.aspx

Thanks & Regards
Sathish Veerapandian

Skype for Business Unable to present Desktop – Call failed to establish due to a media connectivity Failure

Skype for Business December 3, 2016 Leave a comment

All Skype for Business Clients from remote locations were unable to present the screen sharing through meet now ,peer to peer and conference.
This a new deployment and users were unable to present desktop.

Below were the test scenarios:

1st test – from remote users n/w to my home n/w – received error (we couldn’t connect to the presentation because of n/w issues. Please try again later)
2nd test – from remote users n/w to my office n/w – received error (we couldn’t connect to the presentation because of n/w issues. Please try again later)

Below troubleshooting were done :

1)Did a telnet to lyncdiscover.domain.com on port 80 and 443 – ( This was done just to make sure the clients when logging in gets all the updated info of the pool,SFB config etc..,)
2)Did a telnet to meet.domain.com on port  443 – successful
3)Did a telnet to join.domain.com on port  443 – successful
4)Did a telnet to av.domain.com on 443 successful

Assume the below scenario deployment:
1)The edges were in DNSLB and were in scaled consolidated topology using NAT.
2)UDP 3478 for AV service external IP.
3)TCP 443 for external IP’s.
4)Port 50k was blocked in my case since no legacy OCS clients.
5)No edge hair pin traffic is allowed for Audio and Video Public Ips.

DMZsc1.png

Did a Snooper trace from the affected remote client and got the following info on the snooper logs

Getting  error as call failed due to media connectivity failure when both the end points are remote.

snoop

Now this is the time for me to dig into the analysis of in which protocol fashion the SFB clients establishes the connection.So started to explore on STUN,TURN & ICE since ever i was having a glossy look on these topics.

So what kind of protocols they use:

SFB/Lync uses all these 3 protocols to establish a media connectivity:

ICE:
The stands for Interactive Connectivity Establishment protocol for communications. All Lync/SFB clients are ICE clients and use ICE to try and establish connectivity between itself and another ICE client.Remember this is the main protocol which functions as the core and wraps the other 2 to establish a path.

STUN:
The new name for this acronym is Session Traversal Utilities for NAT.
This will allow the SFB client to discover the available public IP for the SFB media path inorder to establish the connectivity.

TURN:
Traversal Using Relay around NAT.
This will establish a chain of connection between the external client and the client inside the network.By using this edge servers will create a chain and will offer ports on UDP and TCP for the media path. Once this chain is established it promises the remote client to send its media connection to the internal network client.

So now we can understand clearly that the External Corporate firewall requires a Hairpin traffic to be allowed for the A/V edge Public Ips for the STUN and TURN to work in the required  UDP  TCP path.

Since these are the most commonly used RFC standard protocols SFB clients also uses them. These all are IETF standards protocols and hence Microsoft also uses them.
Now the SFB clients will use the below process to establish a media connectivity with the remote client:

Candidate Discovery:
Where the clients discover their available public IP addresses for media connectivity. These include both STUN and TURN addresses of the Edge server.

Candidate Exchange:
This is the place where both the SFB clients sends each other list of addresses on which they can be communicated for this media path.
Remember this will happen bidirectional.

Connectivity Checks:
This is where both the candidates(clients) try to establish a connection on all these addresses simultaneously (not one by one).
Finally the result would be the SFB client will pick any one of the available route and establish a connection with the client whoever is responding first.

Candidate Promotion:
This is the Final stage of the SFB client and happens after the call is established and its running.
Here the clients if identify any path which is more optimum and quick they decide to change that route which gives the better experience to the user.

These candidate information can be seen in snooper logs

We can see 3 types of candidate information

The first one below is for port 50k and can be ignored if you are not having this option

DMZsc1.png

The second one is for audio and last one will be for video. We will have the same like one for audio with label main mentioned as audio.

DMZsc1.png

Lets say if we have only port 50k opened and not 443 for UDP then we can see only those  50k candidate lists.

TCP-ACT indicates that with this candidate pair the client is able to send RTP and RTCP traffic

DMZsc.png

By having a look at it we can confirm that the candidate is a STUN pair. TCP-ACT and typ srfx raddr is the thing that indicates they are STUN pair.

In this case if the candidate discovery fails in all the cases we can find  BYE sip in the snooper logs and which mentions opaque=epid followed by guid

There are 2 solutions for this problem to work:

Allow Port 50k inbound:

We can  allow the media communications on this edge Audio/Video Ip only on port 50 K. But at real times when users connecting from different network for the media path they need to cross firewalls where they might have only the standard 80 & 443 allowed and these ports might be blocked.

Allow the hair pin edge traffic:

Allow the traffic on the edge server external firewall  to traverse the traffic between the two AV Edge servers public IP addresses. This will give the appropriate candidate lists for the clients connecting via different edge servers on UDP port 3478 through this hair pin traffic.

Note:

1)If we have only one edge server installed we do not need to follow this steps since all the clients will connect only to one edge server node and no issues will be identified. Just make sure the UDP 3478 is opened for this communication.

2)SFB  clients will always try to establish media path  via UDP as preffered if its available. If UDP isn’t available it tries to switch to TCP and establishes the connectivity.

Thanks & Regards
Sathish Veerapandian
MVP- Office Servers & Services.

Skype for Business Persistent Chat Migration to new Pool

Persistent Chat, Skype for Business November 13, 2016 Leave a comment

We might come across a scenario where we need to migrate the SFB servers to new pool.
There are few cases where we need to upgrade the hardware from old servers to New High performance servers on which they are running or there might be case where they need to be virtualized from hardware to VM.
This article focuses only on migrating the persistent chat pool from old server to the new server.

Below are the readiness to be completed before starting the Persistent Chat Migration:

1) The new Persistent Chat Pool should be already published in the Topology.
2) The new Persistent Chat nodes should be already added in the new pool and SFB setup Wizard should be completed.
3) Certificates should be already assigned to the new Persistent Chat Pool.
4) Connectivity from the OLD PC pool to the new SQL DB is already established.
5) Connectivity from the new PC pool to the old SQL DB is already Established.
6) Establish a connectivity from the old PC hosts to the new PC hosts

To Start the Migration:

Check your current persistent category,Addin,Policy and configuration.
This can be verified by checking through control panel persistent chat tab or through Shell.

To Check Persistent Chat Category:

Get-CsPersistentChatCategory -PersistentChatPoolFqdn “Pchat.exchangequery.com”
Make a note of the current number persistent chat rooms

To Check the rooms:

Get-CsPersistentChatRoom | select Name

To Check the Disabled rooms:

Get-CsPersistentChatRoom -Disabled:$True

After confirming that these disabled rooms will not be in use we can remove them before we migrate since there is no use of moving these obsolete ones to the new pool.

Get-Cspersistentchatroom -Disabled:$True | Remove-CsPersistentChatRoom

Export the Old Pool Persistent Chat Configuration by Running the below command:

Export-CsPersistentChatData -DBInstance “SQLCL01.Exchangequery.com\SFBDB” -FileName “c:\temp\PChatBckup.zip”

The exported Configuration data will look in XML as below

untitled2

Import Persistent Chat data that we exported to new Skype for Business Pool:

Import-CsPersistentChatData -DBInstance “SQLCL02.Exchangequery.com\SkypeDB” -FileName “c:\temp\PChatBckup.zip”

We will get a confirmation as below before the import and  the progress bar

untitled3

untitled4

Once the above command is done we can see the old PC config data imported in the MGC DB in the SQL.

After the above command is run we can see the chat rooms are duplicated since it created the new instance in the new pool.

Later we can delete them by running the below command:

Get-CsPersistentChatRoom -PersistentChatPoolFqdn “Pchat.exchangequery.com” |Remove-CsPersistentChatRoom

Then remove the persistent chat category:

Get-CsPersistentChatCategory -PersistentChatPoolFqdn “Pchat.exchangequery.com”| remove-cspersistentchatcategory
After this is done go ahead and try logging into the Persistent Chat Enabled User and see the results.

In my case what happened was the connections were still going to the old Persistent Chat Pool

Guess it was because the Old Persistent Chat Pool was First in the Persistent Chat Pools in the list on Topology Builder.
So Went ahead and removed the old persistent chat pool from the Topology , Publised the Topology , rerun the setup on new PCHAT nodes.

After this the new connections were going to the new Persistent Chat pool.
All my Persistent Chat rooms that i was member of was present AS IS and only thing is that the rooms that i was following disappeared from my list.
That was a small thing only and i was able to search those rooms and follow them again.

Thanks & Regards
Sathish Veerapandian
MVP – Office Servers & Services

Troubleshooting endpoint URL’s for Exchange & Skype for Business

Exchange 2016, Skype for Business October 26, 2016 Leave a comment

This article outlines the client troubleshooting end points that can be used for Exchange and Skype for Business services.

For Exchange

To verify Exchange autodiscover Service endpoints:
https://yourdomain.com/autodiscover/autodiscover.xml

Usage:Main purpose of autodiscover is to establish,discover and make initial connections to their mailboxes.
Also it keeps updated on the outlook on frequent changes of mailboxes and updates the offline address book.

To verify Exchange Exchange Web Service endpoints:
https://yourdomain.com/ews/exchange.asmx

Usage: EWS applications to communicate with the Exchange server mainly for developers to connect their clients and get the email connectivity for their applications via SOAP.

To verify Offinle Address Book Service endpoints:
https://yourdomain.com/oab/oab.xml

Usage: An offline address book provides local copy of address list to Microsoft Outlook which can be accessed when the outlook is in disconnected state.

To verify ActiveSync Service endpoints:
https://yourdomain.com/Microsoft-Server-ActiveSync

Usage:By using Activesync protocol users can configure and sync their emails on their mobile devices.

To verify Webmail Service endpoints:
https://yourdomain.com/owa/owa.xml

Usage:Outlook Web App is a browser based email client used for accessing emails via browser.

To verify exchange control panel Service endpoints:
https://yourdomain.comecp/ecp.xml

Usage:The Exchange Control Panel is a Web application that runs on a Client Access service providing services for the Exchange organization

To verify MAPI service end points:
https://yourdomain.com/mapi/mapi.xml

Usage:New protocol outlook connections introduced from Exchange 2013 SP1 which enhances faster connections only through TCP and eliminating the legacy RPC

To verify the RPC service end points:
https://yourdomain.com/rpc/rpc.xml

Usage:Not used on new versions of exchange and almost retiring type for client connections.

All the above URL’s will be listening on Exchange 2016 Mailbox Server Virtual Directories.

pastedimage

For Skype for Business:

Mostly for the chat services provided through Skype for business the main URL end points are Chat,Meet,Conference,Audio/Video and lyncdiscover.
We usually check these URL’s during any troubleshooting scenarios.

Below are the additional end points which can be seen and kept for additional references.

To test conferencing URL:
https://meet.domain.com/meet/

Usage: Meet is the base URL for all conferences in the organization.

To Verify  Dial in URL :
https://dialin.domain.com/dialin/
Usage:Dial-in enables access to the Dial-in Conferencing Settings webpage

To Verify Lync control panel:
https://sip.internaldomain.com/cscp

Usage:Must be only added and accessed from intranet site and no need to publish on the internet.

To verify the autodiscover web site and retrieve the redirection information for Client:

https://poolexternaluri/autodiscover/autodiscover.svc/root
https://poolexternaluri/reach/sip.svc

Usage: They are the service entry points for the Autodiscover service and they are required.They are the Lync Server Web Service Autodiscover Response which was sent from the clients.They are the URL for the Authentication Broker (Reach) web service

To Verify Mobile Client Connectivity:
https://poolexternaluri/webticket/webticketservice.svc

Usage:Specifies the default authentication method used for mobile client connectivity.
This is a SOAP web service that authenticates a user via NTLM or Kerberos (if configured) and returns a SAML Assertion (Ticket) as part of the SOAP Message response.

To check that the mobility service is working use the following url.
https://poolexternaluri/mcx/mcxservice.svc
This is the URL required for the Skype Mobility Services

https://poolexternaluri/supportconferenceconsole

Usage:Listening port for the Support Conferencing Console. The default value is 6007
Port used by the Office 365 Support Conference Console. This console is used by support personnel to troubleshoot problems with conferences and online meetings.
To verify the persistent chat:

https://PCpoolexternaluri/persistentchat/rm/

Usage:There are actually a Virtual directory for Persistent Chat, both on External and Internal web site So for external testing access the url from the published persistent chat FQDN

Verify hybridconfig service:
https://poolexternaluri/shybridconfig/hybridconfigservice.svc

Usage:Not sure this might be used for hybrid connectivity beween Skype for Business Server and Skype for Business Online

To check the address book issues:
https://poolexternaluri/abs/handler

Usage:GAL files are downloded from the FE server IIS

Check the below URL for distribution group expansion:
https://poolexternaluri/groupexpansion/service.svc

Usage:They are configured for via windows authentication by default.

https://poolexternaluri/certprov/certprovisioningservice.svc

Usage:This parameter can be used instead of the WebServer parameter in order to specify the full URL of the Certificate Provisioning Web service. This can be useful when the calculation used in WebServer will not yield the correct URL.This parameter is optional, and is used only when SipServer is provided.

This is needed when the Lync Server web server is not collocated with either the main Director or within the Front End pool in a site.
This might be due to a load balancer configuration where web traffic is load balanced differently to SIP traffic resulting in different FQDNs for the SIP and web servers.

All the above SFB URL’s will be listening on front end server

sgf

On accessing these URL’s if we are not prompted with username and password then troubleshooting steps needs to be performed accordingly to the message we received  to identify the issue. In most cases the URL’s might not be published correctly to be accessed from the remote end points or there might be the issue with the authentication or the virtual directory/server/services itself.

Thanks & Regards
Sathish Veerapandian
MVP – Office Servers & Services 

Load Balancing Edge services over internet for Skype for Business

Skype for Business October 3, 2016 1 Comment

In-order for the users to connect externally from the organization’s network we need to publish the Skype for business services.In this article we will have a look at best ways to publish the Skype for Business Edge servers over the internet.
By doing this the users can participate from external N\W in IM,AV ,web conferencing sessions.

There is lot of confusion in the architectural part of load balancing the Skype for Business Edge servers and cannot be taken as easy deployment. If the SFB deployment is extended to communicate with federated partners, remote connected users and Public Instant Messaging users then a real proper planning of the edge servers deployment needs to be carried over.

If we have 2 or more edge servers deployed in the DMZ they need to be load balanced to equally distribute the load in all the edge interfaces.
In general Microsoft recommends to use a DNS Load Balancer for Edge High Availability.

Load balancing distributes the traffic among the servers in a pool so that the services are provided without any delay.

Below are 3 types of load balancing solution that we can use based on our requirement:

DNS Load Balancer Using NAT :

This is the best recommended approach.
We are actually load balancing each edge services namespace over the internet with multiple A records NATTING them via firewall and then to Edge servers.
These Ip addresses are bound to each services seperately routed to internal individual Ip’s assigned to the external NIC.
Three private IP addresses are assigned to this network adapter, for example 131.107.155.10 for Access Edge service, 131.107.155.20 for Web Conferencing Edge service, 131.107.155.30 for A/V Edge service. These private Ip’s listen individual public IPs Natted from the f/w.
These Ips are not participated in the load balancer and used only for NATing.
They are basically behind a port forwarding firewall which is good.

Advantages of doing this:

1) We are assigning a separate public IP’s for each service and using standard ports. So the remote users will not have any issues on connecting behind their firewall since all are standard ports.
2) Its very good to troubleshoot in analyzing a particular service traffic statistics, Logging and easy to identify the issues with the logs packet capture etc..,

Disadvantages of doing this:

1) The edge services rely on multiple A records with the same name but different IP addresses. So its not service aware configuration and failure detection rate and routing to the available server is not possible.

But still i would go with this option considering the failure detection rate is very minimal in a well planned deployment and strong n/w considering very helpful and easy during any troubleshooting scenarios.

Below is the example of DNS load balancing using NAT

Lets assume i need to load balance 2 edge servers using DNS Load-balancing NAT as per below environment.

sfb

Below is the DNS configuration

sfb3

sfb2
DNS Load balancer using Public Ip Addresses:

By doing this we are using one public IP for all 3 services on each server and differentiate them by TCP/UDP port value.
We are directly assigning the public IP’s on the edge servers one of the 2 NIC’s which should be external NIC.
Three private IP addresses are assigned to this network adapter, for example 131.107.155.10 for Access Edge service, 131.107.155.20 for Web Conferencing Edge service, 131.107.155.30 for A/V Edge service.
The Access Edge service public IP address is primary in the NIC with default gateway set to the external Firewall.
Web Conferencing Edge service and A/V Edge service private IP addresses are additional IP addresses in the Advanced section of the properties of Internet Protocol Version 4 (TCP/IPv4)

Disadvantages of doing this:
It is not recommended, to use a single public IP address for all three Edge service interfaces.
Though this does save IP addresses, it requires different port numbers for each service.

Access Edge – 5061/TCP
Web Conferencing – 444/TCP
A/V Edge – 443/TCP

These might cause issues for remote users connecting externally from a n/w where their firewall doesn’t allow the traffic over TCP 5061 port.
Having three unique IP addresses will help us in easily doing a packet filtering to identify and resolve the issues.

Hardware load balancing using public Ip Address:

Load balancing is only need for old OCS clients and xmpp, but works fine if both edge server are up. From Lync 2010 Microsoft does not recommends to load balance the Edge services from internet.

We are creating a virtual Ip address for each services that edge serves (Access, WebConferencing, A/V) on the load balancer like F5, KEMP etc..,
Behind this Virtual Ip’s we need to add the edge servers associated for the services.
The main benefit of this is failure detection rate is very quicker since it detects the failure from the server side.

Disadvantages:

1) The A/V services will not see the client’s true IP ( for example in a peer to peer audio call for a user connected from external to internal)
2)Few challenges in configuring the outbound client connections going from the edge to internet (Routing & SNAT)

Thanks & Regards
Sathish Veerapandian
MVP – Office Servers & Services

UC Analytics by Code Software

Skype for Business, Unified Communications May 28, 2016 Leave a comment

UC Analytics – Monitoring and reporting for Skype for Business

Available anywhere and on all devices the powerful analytics enable organisations to get smart about the areas that matter most to their businesses. UC Analytics is a user driven solution which delivers relevant information through its customisable dashboards and the automated reports.

Skype for Business allows users to connect from anywhere using different communication methods such as voice, video, IM and conferencing allowing you to improve your business outcomes in a sustainable way.

It can reduce the operational costs of travel, telecoms and IT and increase response times and productivity but only if you are smartly managing the resources. UC Analytics ensures that users are adopting the new modes of communication and the expected cost savings are being realised. It will highlight potential problems areas showing usage trends assisting you in driving user adoption through education and training.

Monitoring reports provide basic analytical reports with some useful information.

It has the comprehensive user adoption reports and dashboards for Lync but also can collate data from other data sources such as Cisco UCM, Avaya and mobile phones.

Solution overview:

UC Analytics is a monitoring and reporting tool which delivers a 360⁰ view of Skype for Business usage and associated costs. Trends in use of voice, video, IM, conferences, file transfers and app sharing can be compared highlighting user acceptance, performance metrics and cost savings enabling more effective use of resources.

It is easy to use, displaying information either through the customizable dashboard user interface or automated reports in a simple to view format suitable for use by any employee within an organisation without the need for any time consuming manual processes.

DASHBOARD USER INTERFACE

The dashboards deliver a real-time snapshot of Skype for Business usage updating every 60 seconds. Enjoy the flexibility of a user experience the way you want it, you decide what charts go where and what information is displayed. Filters can be applied directly to the charts ensuring only relevant information is displayed and click through reporting produces detailed reports with a single click.

Example of few samples:

We have an option to see which client, IP the user is logging

SFC1

This can be integrated to a dashboard  which displays automated daily reports as below

SFC3.png

We have an option to generate outbound and inbound calls and choose the pie chart options of our choiceSFC4

The report has options to choose top destinations, top usage employees , unused extensions and queue status

SFC5.png

Good thing is that this product supports multi-tenancy as well  and we have option to automate reports based on OU.

SFC6.png

We have option to collect response group utilization and check the cost usage by every users for enterprise voice.

SFC7

REPORTS

All reports can be scheduled to run automatically or generated on a one-off basis. Delivery is typically via email or saved to disk and can be in a variety of formats such as Excel, PDF or CSV. Standard report templates are available for user adoption, capacity planning, conferences, call carrier comparisons, costs and more.

 

The varying reporting requirements of organisations using Skype for Business means the reporting solution must be flexible enough to reflect these diverse needs. The report designer allows users to define the fields displayed in reports ensuring the information is entirely relevant. The report builder allows reports to be sorted and grouped by up to 3 levels such as date, department, employee, cost, duration or call volume. Filters can be applied including date, time, call direction, call type, employee, extension, department, response group and more. There is the option to include or exclude charts which can be bar, pie, line or stacked bar. Details displayed on the Y-Axis can also be selected dependant on report type. It is easy to brand the reports with an organisations logo and relevant colour scheme.

 

ALARMS AND BUDGET

It is possible to set up as many system alarms as required. When a user defined call criteria has been met such as low MOS, specific error ID, calls over a defined cost or duration an alarm is instantly delivered by email and immediate action can be taken.  Using the budget feature you can even set a monthly cost threshold on an extension, when this has been reached outbound calling is barred allowing further investigation to be made which addresses employee abuse and the threat of toll fraud.

Hardware Specification and requirements:

One web application server
Intel Xeon or Equivalent 2 cores CPU with 2.66 Ghz Intel Processor
4 GB RAM Minimum
Windows 2008/2012 OS 64 Bit + IIS + ASPNET +FrameWork 4.5
SQL 2008\2012\2014 express 64 bit
Minimum 40 GB HDD
100/1000 Ethernet Cards

Connection to remote SQL  is required where the Skype for Business LCSCDR , QOEMetrics and LCSLog databases are hosted.
The reporting URL is published on MS SQL port which is usual 1433 but it can be changed based on the requirement.

Their Team  would be happy to organise a demonstration of the solution or a completely free of charge trial  and you can reach them through their website www.codesoftware.net

Thanks & Regards

Sathish Veerapandian

 

Skype for Business leave messages offline

Skype for Business April 5, 2016 Comments: 5

From build 16.0.3331.1000 Skype for Business client 2016 there is an option to send IM to people who are offline. When the users sign in to the Desktop  client all the missed IM conversations will be notified.

We need to follow the below steps to enable this feature for all users.

Basically we require 2 parameters that needs to be enabled on the client policy in order for this feature to work.

EnableIMAutoArchiving

DisableSavingIM

By default this value will be set to null with no values as below.

SFB.png

The default option is set to null which means it will save the conversation history locally on the PC and mobile devices and not on the server side unless the option EnableServerConversationHistory value is set to True.

We have 3 options to set:

1) DisableSavingIM value to Null 

When set end users will have the option either to select or uncheck the option save IM conversations in my email conversation history folder.

2) DisableSavingIM  value to True 

When set end users will not have the option either to select or uncheck the option save IM conversations in my email conversation history folder. The option will be greyed out.

SFB

3) DisableSavingIM value to False 

Setting this value will not

In-order for this feature to work we need to set this value to True  since with the null option and false  it will not work.

post enabling this end users will get this notifications icon on the Skype for business 2016 client.

SFB2.png

 

If the exchange server integration is enabled for archiving then all these archiving data will be stored on the associated user Exchange Mailbox.

The versions of exchange it supports to integrate the oauth setup is from Exchange 2013 and Exchange 2016 or Exchange Online.
If the version of exchange is 2010 then we do not have this option to store this archiving data on the Exchange.
In this scenario the data will be stored in the Archiving SQL server database.

Below sample Dashboard report shows about IM information contained in the archiving database for IM stored on Archiving SQL database.

11

If we have the server side enabled on the Archiving SQL DB its very important we need to look for two values

Test

CachePurging Interval

The system will look for the participants who doesn’t have archive enabled and for them the transcript will be deleted from the database.

Keep Archiving data

By setting this value the system will have only the logs of specified value and purge other records which are older than the specified value.

If in case the data is stored on the Exchange mailbox then we need to make sure a retention policy with the retention tag corresponding to this folder is created which will not increase the Mailbox Quota for end users.

Below are the limitations of this sending Offline IM  feature at this moment:

  1. This feature available only for peer to peer Instant messages at this moment.
  2. This feature is not available for users sending IM to offline persons through mobile devices.
  3. The IM (senders) should be sent from a desktop/laptop thick client. Microsoft might extend this feature to all the clients in future.

Thanks & Regards

Sathish Veerapandian

MVP – Office Servers & Services

Extending Persistent Chat on Mobile Devices

Lync, Persistent Chat, Skype for Business February 23, 2016 Leave a comment

Currently Skype for business persistent Chat is not supported on mobile devices by default. Only the Lync and Skype for Business  desktop client supports Persistent Chat.

To extend this feature on mobile devices we need to bring an additional component software from MindLink. Mind Link Software is a Microsoft Gold Partner who is offering support for Persistent Group Chat on mobile devices (iOS, Android and BlackBerry). Mind-link are the only developer available at the moment who would be able to fill the gap and extending this functionality to the mobile devices.

In this article we will have a look at configuring MindLink software for Persistent chat feature on mobile

You can download the evaluation version from the below Link

http://www.mindlinksoft.com/products

Basically  they have 3 servers in their architecture which are having different roles if we consider as a whole package.

1) Mind Link Anywhere server – Can be used for Having corporate Persistent chat feature on the Web(like Whats-app web) and integrating SharePoint sites with the chat services.

E.g. below for Mind Link Anywhere :

Having persistent chat on the web

Test.png

 

Having this chat feature enabled on the SharePoint sites

3.png

2) MindLink Integration server – Used for integrating social  News Feed and  social twitter feed.

3) MindLink Mobile Server – Used for integrating with our persistent chat pool.

So we require only one server at this point to extend persistent chat functionality to the mobile devices.So now lets look into the steps to extend the persistent chat functionality alone  on the mobile devices since we are focusing only on them in this blog.

Hardware Requirements:

Each host machine should meet the following minimum requirements:

  • Dual or Quad core, 64-bit CPU (Minimum 2.4GHz)
  • 4GB RAM
  • Gigabit Ethernet connection
  • 1Gb disk space (80Mb for installation of binaries and up to 1Gb for Preferences to support over 1000 users)
  • Additional Disk Space may be required for storing log files, minimum of 100MB
  • Windows Server 2008 R2, 2012, or 2012 R2

Readiness for the persistent chat integration:

  • A trusted application pool needs to be created between your Lync/SFB server and the MindLink server FQDN or pool FQDN if its multiple servers based on the environment.
  • An URL must be decided for the MindLink server to publish them externally so that users can access them from mobile devices for persistent chat.
  • An SSL certificate must be purchased for the external URL for secure communication.
  • An internal certificate from Trusted CA must be placed in the MindLink server to trust this application pool.
  • Apple device APN’s certificate must be placed on the MindLink server for Apple devices push notifications and revocation check.

Ports and protocol requirements :

  • Port 7072 for socket server needs to be opened
  • Port 7074 for web service needs to be opened
  • Port 7073 for file service needs to be opened
  • APN port 2195 for gateway.push.apple.com needs to be opened

 

Overall the Architecture of the MindLink provision should look like below

 

MindLink

Installation :

The installation of the software is very simple. All you need to do is download and install the Mindlink mobile on the new server . MindLink uses REST API. It integrates data from existing Lync servers and persistent chat groups through the trusted application pool.
This allows users to access and discuss information within the right context.
MindLink API provides a straight forward web services layer that simplifies the publishing and dependency on .net platform.

Make sure that you have the local trusted CA, Public SSL for the url published and the apple device APN’s placed on that server in the local computer account.

After this is done we just need to enter the url in the location , import the license file from Mind Link support and start the Mind Link service.

After this what happens is that when a user logs in from the mobile client it reaches the MindLink server. It identifies a trusted application created between the MLM and Lync. Post verification of the user account it provides successful authentication.

You might face some challenges in these customized non standard ports on the firewall to the internet and to the server apart from that rest all would be smooth.

An example below of entering the external host name

Note: Only the first hostname URL is mandatory and rest all are optional. Enter the URL name here that will be publishing outside.

image015.png

 

This is an example for apple device connection settings

image017

MindLink Mobile App Experience

After successful configuration we just need to enter the URL that has been published externally for this service

image062

After successful login users will have the below option

They can see live streaming of the persistent chat groups where they are member of

They can send and receive  messages in the persistent chat

They can search for persistent chat groups

They can search and IM individuals

Users can receive IM notifications even if they are not logged in to their Lync/SFB mobile client

Users can search for persistent chat messages, hashtag and mention option is also there.

Visible Persistent Chat Groups

image4.3a.jpg

Able to change the IM and Presence

P1

Live streaming of the persistent chat can be seen

P2.png

Overall Features & Limitations:

  • Its a secure Enterprise Group Chat compatible with Microsoft Lync & Skype for Business.
  • IM Presence can be updated.
  • They cannot participate in audio and video calls from this application.
  • Currently users have the ability to open files which are sent from Lync desktop.
  • File Transfer and sharing from the application is not available at the moment.However an option to insert a weblink option in the chat is available.
  • Custom Ports for the application to be accessed from externally is little bit difficult. Its not possible to change them to the default ports since the application API is configured to bind and listen on these ports 7072,7073 & 7074 only.

Thanks 

Sathish Veerapandian

MVP – Office Server & Services

 

Inplace upgrade from Lync 2013 to Skype for Business

Lync, Skype for Business February 6, 2016 Leave a comment

For the first time in the enterprise platform Microsoft has given the option of an in-place Upgrade for its universal platform .

Since Skype for Business hasn’t changed much with Lync 2013 server architecture,and the hardware prerequisites remains the same. If we have a good hardware configuration or if you have recently migrated to Lync 2013 in your infrastructure this option completely makes sense to perform and inplace upgrade .
This will obviously help in reducing the IT cost for this new deployment and reducing the time required for this new deployment.

Recently our team had an experience in upgrading from Lync 2013 to Skype for business and i this article we will have a look at the best practices and the prerequisites that needs to be followed in the upgrade procedure.

Supported coexistence scenarios for the SFB in-place upgrade:

  1. Lync 2013 Standard standalone .
  2. Lync 2013 Enterprise Pool.
  3. Lync 2013 Multiple pools
  4. No upgrade path available from Lync 2010 to SFB.
  5. No upgrade from Lync 2010\2013 coexistence scenarios

Readiness for the upgrade:

  1. Take a snapshot backup all your servers, This will help you  to revert the changes on each server just in case if the upgrade wasn’t smooth with the downtime provided.
  2. Save the previous Topology and take a backup of them.
  3. Take a backup of file server.
  4. If the Lync 2013 is running on Windows Server 2008 R2 then its not recommended to perform an in-place upgrade.
    Never upgrade the OS of a Lync server. Install a new pool on a fresh OS and move all accounts and objects over . In-place upgrade will not help in this scenario.

 

Prerequisites for the upgrade:

1. net 3.5 on FE, Edge and mediation  servers.

2. Below hotfixes needs to be installed in following order.

https://www.microsoft.com/en-us/download/details.aspx?id=42162

https://support.microsoft.com/en-us/kb/2919355

https://support.microsoft.com/en-us/kb/2982006

3. RTC local instance should be Microsoft SQL server 2012 SP1 or later.

So make sure on the Lync 2013 FE’s and servers that we are going to upgrade should have a local instance of 2012 SP1 or later.

4.  One member server in the same domain where the lync pool resides.

On this we will be installing the SFB administrative tools , upgrade the existing topology and then publishing them.  It should be a non-lync server.

5.  All the lync servers needs to be updated to minimum  8308.815. Better to have the          latest version.

Upgrade can be done in the following order:

1.  Install the SFB Administrative tools on the newly introduced member server.

Upgrade the topology in the below order.

a) First upgrade the Front end pool.

b) Upgrade the persistent chat pool.

c) Upgrade the edge server pool.

d)  Upgrade the Trusted Application pool.

In-order to upgrade the topology perform the below :

Open SFB topology builder from the newly installed admin server – Right click on the front end pool – Select the option Upgrade to Skype for business server 2015 as below

 

01

This process will take few minutes and after it gets completed we need to publish the newly updated topology first.

Failing to do this and proceeding with other pools (persistent, edge, Trusted) will result in the  below error.

02

Once the topology is updated and published now we need to upgrade all of the existing lync 2013 servers to Skype for Business.

In-Order to perform that action  we just need to run the setup from each servers.

Note: If there is only one front end pool in the deployment (this should be the setup in most of the environments) the servers then there will be user interruption till the pools are upgraded. So it requires a downtime when performing this upgrade.

We need to run the below command to make sure that the replicas are up to date

Get-CsManagementStoreReplicationStatus

imp

Before running the setup we need to disable all the services on the existing front end services. Run the below command in the Lync management shell to perform the action

Disable-CsComputer -Scorch 

After running the above command make sure that you close topology builder, Lync Management shell , Deployment wizard . Make sure all consoles are closed for the upgrade to complete smoothly.

Once performing the above action just run the setup from each existing lync 2013 servers.Better to start with FE’s , Mediation , Director , Persistent and then Edge.

You will be prompted with the below screen.

RE.png

upgrade will go through the process as below

33

We will get a screen like below on a successful upgrade

3366556.png

We can continue to point all URLs to the existing pool since its an in-place upgrade and this make this task very easier.

Thanks & Regards

Sathish Veerapandian

%d bloggers like this: