Deploying a Sonus Cloud Link CCE

I recently was working on a Sonus v2 Cloud Connector Edition (CCE) working with the new hardware, testing the install, etc. when I ran into a deployment snag. In general, I find the there are a lot of post and blogs about when to use CCE and when you cannot, but few on how to properly deploy CCE let alone the Sonus version.

I decided to show a walk through on the process I used to deploy, why I used the names/options that I did, and the errors and gotchas I ran into.

To start, I am working with a Sonus SBC 1k Cloud Link with the CCE package installed. From a Sonus part number, that would be SBC-1K-SIP-E-CL. The Cloud Link version includes an imbedded Windows 2012 R2 Server with 32 GB of RAM, dual Xeon quad-core 1.7GHz (that’s 8 physical cores. 16 logical), and a 512GB SSD drive. All-in-all, not a bad server and very capable of running the “small” CCE build. That, along with the nicely integrated SBC makes this solution simple…as long as you know the answers to the questions.

Starting off the build of the ASM is not any different from other ASM buildouts – the only difference being the Task option on the Cloud Link version shows Office 365™ Cloud Connector Edition vs. Skype ™for Business Survivable Branch.

Blog Image 1.png
Blog Image 2.png

Selecting the Office 365™ Cloud Connector Edition brings you to the beginning process. The very first thing that needs to be done is getting the ASM an IP. This IP is the IP of the Hyper-V host. It is not meant to be domain joined, and the option is not present. If you really wanted to change the name of the server you could, but even that is not required as again – it is simply the host computer for the VMs.

It is critical that the Remote Desktop enable option is changed to Yes as there are tasks that must be completed from the host server. The server should also be able to be reached from within your network – whatever that means to you. DHCP is an option – I am old school and believe all servers should have a static IP but again, whatever works for you. For me this was my internal server VLAN, internal DNS, internal everything as I wanted to be able to easily manage the server.

Blog Image 3.png

After you have configured the IP and RDP, the next step is to create the certificate for the Skype Edge server. This is where you must be careful to enter the correct names. There are references to the deployment requirements on TechNet here Plan for Skype for Business Cloud Connector Edition although to me, Sonus solution hid the configuration too well making things unclear. Specifically, step four is where you configure the settings on the CCE including the site name for the CCE. This site name is also your edge pool name – a name which must be a CN or SAN.

In my case, I thought I would be witty and use BCLCCE.bricomplabs.com as the common name. The CSR request simply stated the edge server public FQDN and left it up to me to complete. The wizard also complained if SIP was not in the name so that had to be there too which was a bit confusing since the DNS name would never point there. In the end, the fields looked like the following:

Blog Image 4.png

CN=BCLCCE.bricomplabs.com
SAN=DATA-CENTER.bricomplabs.com,SIP.bricomplabs.com, BCLCCE.bricomplabs.com

In the SAN list make sure you have your SITE name (exiting or the name you plan to use), SIP, and optionally another name to which you would be tied to the service (although 100% unnecessary). Remember to configure all of the DNS records publicly to make sure things route.

Once the CSR has been created, have it issued by your favorite PUBLIC CA, and make sure your favorite public CA is a mainstream one – one whose roots are part of the base Windows 2012 R2 OS. In my case, I used DigiCert (http://www.digicert.com) – an awesome go-to CA who works flawlessly.

Step 3 is to import (paste) the resultant certificate. The cert should be in DER format and in the case of DigiCert simply select the option on their page to download copy/paste under Download Certificate. That will expose three text blocks, the one you want will be the top block for your certificate where you can simply copy and paste the result.

Blog Image 5.png
Blog Image 6.png

You are now ready to begin the configuration of your deployment and a critical junction. Incorrect information going forward means clicking Reinitialize on the ASM and starting over. 😊 Below is a summary of the deployment and the options selected.

Blog Image 7.png

In this list, there are some key components that we need to complete. It is also important to note that the defaults are there just because but more than likely mean nothing to your deployment. The first thing you need to identify is the CCE Site Name. Again, this will be the pool name of your edge and will need to be in your certificate.

The external network gateway is in relation to the second NIC of the Edge server – no different from the second NIC of a traditional Edge server. This NIC cannot be on the same VLAN as your internal networking but like a traditional Edge, NAT is supported. In my example the external is a 172.x.x.x/24 address, I am using public Level3 DNS, and because it is a private IP I am listing the Edge server External IP.

The internal network is where the internal NICs on the servers will live. There are three switched networks on the servers – Internet, Corpnet, and Management. The Internet switch and NIC live on the Edge server while the Corpnet and Management live on all the other servers. The Management virtual switch is internal only – for server to server communication and the IP scheme is 192.168.213.0/24 with no default route. The Corpnet is the internal network where the Hyper-V host lives as well as all other internal servers (again, in my network the server VLAN).

Blog Image 8.png

The information you are entering for the Internal Network is used partially for the configuration – and partially still a mystery. The Gateway is obvious and is the gateway used for the Corpnet NICs however the Internal DNS is not used (the four servers all use the AD server as they should). The four IPs of the VMs themselves are also Corpnet IPs and in my case, were 10.x.x.10, 10.x.x.20., 10.x.x.30, and 10.x.x.40 – but as long as they are unique and valid, they can be whatever you want.

One you have configured and saved the CCE configuration move on to Step 5 – Prepare CCE. In this process the data that was previously entered is saved locally to the Hyper-V host (C:\UX\CCE\CcAppliance) and will be used by the next PowerShell commands.

Assuming no errors and all is ready, RDP to the Hyper-V host. If you have not already, set the Administrator password of the ASM via the web GUI of the Sonus at Settings | Application Solution Module | Change Admin Password. Drop the option down to User Configured, enter and confirm a unique strong password, and click OK. Using \Administrator and the Password you just created, RDP to the ASM address set in step 1 above.

One on the server, start a PowerShell command with elevated admin rights. From within the prompt, start the process by entering Register-CcAppliance. You will need to set admin passwords, recovery passwords, and enter your admin login for your O365 tenant. Assuming you have the correct rights the process will complete creating an appliance in the cloud which you can see using the Skype for Business Online PowerShell command Get-CsHybridPSTNAppliance.

The final stage of the process is the installation and configuration of the VMs. This entire process is completed with the simple command Install-CcAppliance. Using previous configuration entries saved off to the INI and the certificate (also saved off), the nest steps are hands free, it just takes time. This is where I ran into my errors due to the lack of pool name in the edge certificate. During the creation process the Edge sever is started and an error is thrown which appears to be a Cyphers issue:

Event ID 14397 – A configured certificate could not be loaded from the store.

Extended Error Code 0xC3FC7D95 (LC_E_VALIDATION_CERT_NO_KEYEXCHANGE)

Should you run Get-CsCertificate you will see your public certificate associated with AccessEdgeExternal, DataEdgeExternal, and AudioVideoAuthentication. An internal certificate will also be seen and associated with Internal. All of this appears to be valid and yet the service will not start. The key to finding that it was a pool name issue was manually assigning the certificate to the three external services again using

Set-CsCertificate -Type AccessEdgeExternal,DataEdgeExternal,AudioVideoAuthentication -Thumbprint xxxxxxxxxxxxxxxx -Force

Doing so revealed the error that data-center.bricomplabs.com was not a name on the certificate and that’s when the lightbulb appeared. The fix is to undo everything and start over (unfortunately) which includes Unregister-CsHybridPSTNAppliance, OPTIONALLY Remove-CsHybridPSTNSite, and Reinitialize the ASM in the Sonus GUI.

Once the CCE appliance is configured, make sure to run through the SBC configuration - otherwise there will not be anything to link the calls to. The CCE does not use TLS so an SBC certificate is not required, only basic integration configuration as described on the Sonus site (and identical to any other SBC config). https://support.sonus.net/display/UXDOC61/Configuring+the+SBC+Edge+for+a+Single+CCE

 

Update 2/24/2017

Internal DNS on the Internal NIC settings

As mentioned in the comments (thank you Jason) the DNS entry/mystery is solved as the internal DNS added during the CCE Setup page is added as a forwarder. Why not just use root hints - none from what I can see in v1 but future version may rely on knowing the DNS of internal servers.

Blog Image 9.png

SIP Domain Name on the Certificate

The addition of the SIP.DOMAIN.COM to the certificate - that mystery was resolved as well (thanks Carolyn). When a CCE user makes a call to the on-premises edge, a check is made against the edge for SIP.domain for the sip domain of the user making the call. This is how the CCE authenticates/permits this call from the CCE online user to the on-premises edge. If you don’t have SIP in the SAN name then the outbound call for the user will fail with the following error:

504  Server time-out

ms-diagnostics:  1017;reason="Cannot route From and To domains in this combination";cause="Possible server configuration issue";summary="The domain of the message that corresponds to remote peer (external) is not shared between local and remote deployments";external-domain="bricomplabs.com";external-type="domain-type-local";internal-domain="bricomplabs.com";internal-type="domain-type-local";source="sipfed2a.online.lync.com";OriginalPresenceState="0";CurrentPresenceState="0";MeInsideUser="No";ConversationInitiatedBy="0";SourceNetwork="0";RemotePartyCanDoIM="No"

Final Certificate Requirements

In the end I updated my certificate to only include the required DNS names and to lessen the confusion. The certificate in the end has the CN of the site as well as the site and sip as a SAN.

CN=DATA-CENTER.bricomplabs.com
SAN=DATA-CENTER.bricomplabs.com,SIP.bricomplabs.com

Jason Sloan on February 23, 2016 commented "Hey Brian,
Good write up. I have yet to play with the Sonus CCE deployment but have tons of CCE standalone and AudioCodes CCE device experience.
One thing to note...the internal DNS is indeed used.  It is configured as a forwarder on the DNS server located on the DC VM.  That's the only thing it is used for.  Crack that open and take a peak. "

Brian replied "Thanks Jason - I do see the IP added as a forwarder although its value is still in question as the box is "contained" within its own domain in v1 but glad to know where it is going."

Trevor replied "It all depends on whether you are defining gateways in your CCE INI file by IP addresses or by FQDNs.  If you are using FQDNs and those gateways are defined as an A Record in your production domain (not the internal CCE domain) then the CCE mediation server needs a way to resolve the internal DNS records for your internal production domain - the DNS forwarders allow that capability to happen.  Using the default DNS Root Hints is not an option in that scenario because then the DNS resolution would go to external DNS servers and either A) not complete because the record isn't in the external zone, or B) return an invalid external IP address that would almost certainly result in call failures.

Again, it all depends on your setup, but there absolutely is value in the forwarder being there for certain scenarios."

Brian replied "Thanks for your feedback Trevor. I would still contend that in a CCE deployment, "talking" to anything internal adds no value and is not by design (short of your voice next hop). In the case of the Sonus CCE, its value is zero regardless of how you named your SBC as 1) the name of the SBC is added to the CCE DNS as SBCNAME.sfb-ccedomain.local and 2) TLS is not used. Could you need it if you were standing up a custom CCE with your own voice gateway, sure, but you could also simply add the name to the CCE AD DNS. You could also argue that the design of CCE is to provide a voice solution to companies where no infrastructure exists in which case there would not be an on premises AD/DNS solution. Regardless, assuming there are no issues / security discussions with regards to the CCE box which is managed by Microsoft accessing an internal DNS, leaving the pointer to your internal DNS adds no risk. Otherwise, enter Level3/Google/something else in the DNS entry."

User "Nice Writeup and helpful to understand the complete taskflow.. thanks" commented "Nice Writeup and helpful to understand the complete taskflow.. thanks Brian 

Unable to patch Skype on Sonus SBA

I recently was working on a Sonus SBA, patching away, when I found the patch process failing me. The copying, installation, and what appeared to be overall process was generally working but when the last patch (server.msi) was being applied, the process would fail.

Looking at the ASM/server directly I found the Skype server service was not starting – in fact it was unable to fully start as the DynDB database and log files were missing. Odd – must have been dropped during the last patch process, more than likely when the databases were being upgraded. Simple fix (or so I thought) – run Install-CsDatabase -LocalDatabases -Verbose and the missing database and log would be created…or should have been. However, the process failed with an error stating network name not found:

RtcDyn db state is: DbState_DoesNotExist

Dyn Data Path = C:\CsData\RtcDatabaseStore\rtclocal\DynDbPath, Dyn Log Path = C:\CsData\RtcDatabaseStore\rtclocal\DynLogPath.

Creating database rtcdyn from scratch. Data File Path = C:\CsData\RtcDatabaseStore\rtclocal\DynDbPath, Log File Path= C:\CsData\RtcDatabaseStore\rtclocal\DynLogPath.

Clean installing database rtcdyn.

System.IO.IOException: The network name cannot be found.

Now that is just silly – C:\ not found? I could navigate to the path, the permissions matched the FE servers I have in production, so something else was off. Turns out, when the database install process happens local (SBA/SE) or remotely (FE) the installation still uses the \\servername\c$ method to connect and create the databases. In the SBA case, it was hardened by Sonus security template and the C$ was removed.

Blog Image 10.png

It is also interesting to note this impacts tools like SCCM and its ability to push the client – no C$ = no ability to connect. So, in our case, the fix was simple. Add the C$ share to C:\ and re-start the upgrade. To add the share simply right-click in the Shares window, select New Share, and start the share wizard.

Blog Image 11.png

Enter C:\ as the folder path you wish to share.

Blog Image 12.png

Windows will warn you this is a bad idea – acknowledge that you know more than the system by clicking Yes.

Blog Image 13.png

Enter the hidden share name of C$ (and optionally enter a description (the standard being Default Share)).

Blog Image 14.png

Select the second radio button, granting administrators full access and others read. The permissions will be reset after a reboot and selecting the second option allows you to validate/test the process.

Blog Image 15.png

The final result should show the admin share in your list.

As mentioned, this is only a temporary fix – the share is removed when rebooted and the system policies are reapplied. So make sure you perform this workaround just before the patch is installed and all should work as expected.

Blog Image 16.png

RtcDyn db state is: DbState_DoesNotExist

Dyn Data Path = C:\CsData\RtcDatabaseStore\rtclocal\DynDbPath, Dyn Log Path = C:\CsData\RtcDatabaseStore\rtclocal\DynLogPath.

Creating database rtcdyn from scratch. Data File Path = C:\CsData\RtcDatabaseStore\rtclocal\DynDbPath, Log File Path= C:\CsData\RtcDatabaseStore\rtclocal\DynLogPath.

Clean installing database rtcdyn.

Creating database rtcdyn. Attempt: 1

Setting the database rtcdyn to restricted mode.

Database rtcdyn set to mode Restricted.

Setting database options.

Begin transaction.

Creating objects from dbcommon.sql.

Creating database objects.

Executing Types.sql...

Soder on November 28, 2016 asked "Was Sonus notifed, or they simply dontcare at all?" 

Brian then replied "They were not but the issue is with the cmdlet Install-CsDatabase which is part of Skype and not something Sonus created."

Soder replied "Ok, seems I can reply now.So. You wrote
"In the SBA case, it was hardened by Sonus security template and the C$ was removed."
Its Sonus fault. Doing these "hardening" things without doing their homework (plan careefully, do impact analysis, etc. etc.). And as you say the C$ gets removed if the hardening is activated, it means all Sonus equipment owners are affected all over the world. I wouldnt consider this a minor small tiny issue, right?"

Brian replied "Still not in the 'Sonus is at fault' court - the security templates are provided by Microsoft but I will ask for clarity from both Sonus and the Microsoft PG and post a reply. It should be noted that the application of the Security Template - while permanent - is optional."

Soder replied "Well, if the template comes REALLY from Microsoft, thats a different beast (is that like a Security Policy template called Hardened Workstation or something similar?). But still, Sonus allows the enablement / disablement of this template on their GUI, so assume they have tested this before rolling out to customers. I really want to believe they dont just accept everything unconditionally from MSFT and implement without checking its effects first. I know this is a completely optional feature, so it may not affect literally everybody. But as the option is offered to customers without any warning that it may break the whole Sfb update procedure, I am still confident the ball is on Sonus side."

Brian replied "So yes - the security templates are offered from the Microsoft security team and you can apply the XML files to any computer/server - the process stems back to the Windows 2000 days. The key point to remember is the SBA image/process is a managed MS process much like the LPE phones. Sonus and the SBA image are up to the mercy of the MS team and their direction. So, the only question is where did the direction come from for the template - MS or did Sonus do this on their own. That question I have asked and am awaiting the answer."

Mark H on December 1, 2016 stated "I am running Lync 2013 SBA from Sonus and I see the share is disabled as well  but CU are installing properly.
Maybe Microsoft changed something on their installer."

Kevin I replied "Kevin I from Sonus here. The CU Installer has changed with Skype for Business June CU. In previous CU's the updater did not use the SBA C$ share to update. The security template was changed based on customer feedback to remove access to the c$ share. It was changed a couple of years ago with no issues until this CU.

We have implemented a change to our CU installer to restore the share before the CU installs and then remove it afterwards. 

We are also working with Microsoft to understand if there is a way to change the way the CU's are applied to the SBA. Until then the change I mentioned above in the installer will stay to ensure the CU will install moving forward."

Soder replied "Kevin I:
maybe this is not the best platform to discuss this topic, but why there is not a single(!) word about this whole "Security Hardening Template" topic in the 1700+ pages Complete Sonus Documentation PDF ? Regardless of v4.x v5.x or v6.x."

Brian replied "@Soder - have you seen this link? support.sonus.net/.../Applying+an+SBA+Security+Template"

Soder replied "You are right! I didnt find the topic because I was looking for the "hardening" keyword as seen on the button, not searched for generic expression like "template" or "security", as those spit out 1000+ hits on the 1700+ pages document. Yes, I was blind, but organization of content in the Sonus documentation is yet another (saddening) topic.

Skype for Business Cloud Connector Edition Released

Microsoft has released the Skype for Business Cloud Connector Edition (CCE), now generally available for download. The download is quite small and for good reason - it is simply a process that kicks off the download of all the ISO files required to create the virtual environment.

To use the CCE, a dedicated Windows Serer 2012 R2 server is required (and yes, you must license the VMs so more than likely Data Center will be what you use or multiple Standard edition licenses). The installer will check to make sure you have the minimum required resources which. To plan for the hardware look to the planning guide found on TechNet here.

So while the CCE is free, there are a couple of paid requirements. One, you must have a SIP trunk on premise which you can connect to - a qualified SIP trunk or SBC - as control over the digits coming to and from the SIP trunk is limited (read E.164 expected/required). Two, one or more dedicated Hyper-V hosts (multiple if HA is required). Three, O365 licensed Skype users with Cloud PBX. The last point is a big one in that CCE will work ONLY in environments where there is no on premise Skype/Lync/OCS installed. This solution is designed for those that want to have Enterprise Voice in their O365 deployment but for whatever reason wish to use their on premise voice solution / plan / gateway.

The release of the Skype for Business Cloud Connector Edition opens up doors for those that cannot or will not license PSTN via O365 and remember, this is Gen1 so expect development and growth of the product solution as time moves on. Happy downloading.

Skype for Business Edge Services Fail to Start

You may have noticed on your newly installed Skype for Business Edge Servers that not all services are listed as running when a Get-CsWindowsService command is run. This in general is a little concerning and should cause an alarm for most…

 

However, as it turns out, FabricHostSvc showing up as Stopped in the service list is not only expected, but has been this way since Lync 2013. The difference – the cmdlet Get-CsWindowService filtered out the FabricHostSvc on non-Front End servers on 2013 and it does not on Skype for Business. So why is the service even installed? Sometimes there are no answers to why questions and in this case we can safely ignore the service and move on.

 

PS C:\> Get-CsWindowsService

 

Status       Name                         ActivityLevel
------           ----                               -------------
Running  REPLICA
Running  RTCCLSAGT
Stopped  FabricHostSvc
Running  RTCSRV                   Incoming Requests per Second=0,Messages in Server=0,Incoming Messages Held=0
Running  RTCDATAPROXY   Server Connections Currently Active=84
Running  RTCMRAUTH          Current Requests=0
Running  RTCMEDIARELAY Active Sessions=16
Running  RTCXMPPTGWPX

 

 

 

Additional Notes: 
Lync Server 2013 build number is 5.0.8308.887

Lync 2013 Client build number is 15.0.4727.1001

Skype for Business Server 2015 build number is 6.0.9319.55
 

Lync Group Chat build number is 4.0.7577. 4409

Lync Group Chat Server build number 4.0.7577.4409

Lync Group Chat Admin build number 4.0.7577.4409
 

Lync Attendee build number is 4.0.7577.4461

Lync Attendant build number is 4.0.7577.4098

Lync Phone Editions build number is 4.0.7577.4463
Lync Phone Edition (Tanjay) build number is 4.0.7577.4463
Lync for Mac 2011 build number is 14.0.11
 

Lync 2013 for Windows Phone build number 5.9.1371.0

Lync 2013 for iPad build number 5.7.563

Lync 2013 for iPhone build number 5.7.563

Lync 2013 for Android build number 5.6.3.1
Lync 2013 for Android tablet build number 5.5.3.8919
Lync Windows Store App build number is March 2014
 

Lync Basic 2013 build number is 15.0.4420.1017
Lync VDI 2013 build number is 15.0.4420.1017

Skype for Business Mobile Client Coming Soon

You may have recently seen an update to the Lync 2013 Windows Phone Mobile client where upon starting the app it informed you a new version was coming soon. A recent blog post explains the same – teasing us Windows Phone users but no date has been offered. Unfortunately at this time we only get to see the screenshots in the blog post and the notice in the app. However, it is nice to see that the Windows Phone is getting the application upgrade first with the others following.

Lync 2013 for Windows Phone

5.9.1371.0

MS Download

Additional Notes: 
Lync Server 2013 build number is 5.0.8308.887

Lync 2013 Client build number is 15.0.4727.1001

Skype for Business Server 2015 build number is 6.0.9319.55
 

Lync Group Chat build number is 4.0.7577. 4409

Lync Group Chat Server build number 4.0.7577.4409

Lync Group Chat Admin build number 4.0.7577.4409
 

Lync Attendee build number is 4.0.7577.4461

Lync Attendant build number is 4.0.7577.4098

Lync Phone Editions build number is 4.0.7577.4463
Lync Phone Edition (Tanjay) build number is 4.0.7577.4463
Lync for Mac 2011 build number is 14.0.11
 

Lync 2013 for Windows Phone build number 5.9.1371.0

Lync 2013 for iPad build number 5.7.563

Lync 2013 for iPhone build number 5.7.563

Lync 2013 for Android build number 5.6.3.1
Lync 2013 for Android tablet build number 5.5.3.8919
Lync Windows Store App build number is March 2014
 

Lync Basic 2013 build number is 15.0.4420.1017
Lync VDI 2013 build number is 15.0.4420.1017

The first Skype for Business Patch has Arrived

It didn't take long for the first patch for Skype to come along and it is a highly important patch for many. A bug discovered after RTM of Skype was discovered with Exchange UM Interaction and normalization. The actual bug is KB3069206 and stalled many Skype for Business upgrades as Exchange UM Auto Attendants are kind of important.

In addition to the UM fix there are smaller yet just as important fixes listed such as dropping parked calls, SfBWA (aka LWA) crashes, RGS agent transfer issues, and so on. In short - if you have Skype for Business deployed this patch is a must and for those waiting because of the aforementioned bugs, migrations can now move on.

Upgrades are a bit different in Skype for Business only because of the new patching methods. If you were comfortable with patching in Lync & clearly understood upgrade domains, then there is no change. There are also no updates required to the Skype databases in this release so while we can run the good-old Install-CsDatabase command you will simply get a result of:

 

 

 

VERBOSE: All databases at the specified installation location are already up to date.

 

 

 

Make sure all servers are updated in the FE pool, the Edge servers, P-Chat, Mediation and any app servers you may have. The core components at a minimum will be updated while servers like the Edge role have an actual update.

For those that have a highly non-recommended two-node Enterprise Pool, there is an additional Fabric step required. Once you have patched the pool and rebooted, run the following command from PowerShell.

 

 

 

Reset-CsPoolRegistrarState -ResetType FullReset

 

 

 

Additional patching information can be found on the KB Update page 3061064.

Product

Version

KBs

Download

Skype Server 2015

6.0.9319.55

3061064

MS Download

 

Additional Notes: 
Lync Server 2013 build number is 5.0.8308.887

Lync 2013 Client build number is 15.0.4727.1001

Skype for Business Server 2015 build number is 6.0.9319.55
 

Lync Group Chat build number is 4.0.7577. 4409

Lync Group Chat Server build number 4.0.7577.4409

Lync Group Chat Admin build number 4.0.7577.4409
 

Lync Attendee build number is 4.0.7577.4461

Lync Attendant build number is 4.0.7577.4098

Lync Phone Editions build number is 4.0.7577.4463
Lync Phone Edition (Tanjay) build number is 4.0.7577.4463
Lync for Mac 2011 build number is 14.0.11
 

Lync 2013 for Windows Phone build number 5.9.1371.0

Lync 2013 for iPad build number 5.7.563

Lync 2013 for iPhone build number 5.7.563

Lync 2013 for Android build number 5.6.3.1
Lync 2013 for Android tablet build number 5.5.3.8919
Lync Windows Store App build number is March 2014
 

Lync Basic 2013 build number is 15.0.4420.1017
Lync VDI 2013 build number is 15.0.4420.1017

 

Jeremy said on July 29: "I've had mixed results with the S4B upgrade from Lync 2013.  In the test environment - smooth sailing and everything worked.  In production, even after installing the S4B update, Response Groups still failed 100% of the time.  Since Response Groups are critical in my environment, we reinstalled Lync 2013 on all the servers and restored our Lync databases from backup.  What started as a short upgrade turned into a lengthy recovery.  Needless to say, I'll be waiting to try another S4B upgrade for a while."

Brian responded : "@Jeremy - Interesting regarding RGS. Of the 10 upgrades/new installs we have not had any issue with RGS. Sounds like there was a larger issue at play."

Lync 2013 to Skype for Business in-place Upgrade...the experience

I was sitting at my desk today, waiting for (ironically enough) a client's new Skype for Business install to complete in a far far away country when I decided - hey, I am not expecting calls today, why not do a quick in-place upgrade to S4B?

Quick was not the operative word here. For reference, I have two pools - once user pool and one Persistent Chat pool (need it for demos :)), and edge pool, and a few trusted apps. Once I began the process - installing the admin tools on an admin server (not Lync), I upgraded the topology for the two pools, published, and so far so good.

The required KB2982006 was not installed on my FE servers so that was where we started, which required a reboot. Had I been wise, I would have disabled the Lync services so I would not have to wait for them to start post reboot of the server only to shut them down again so I could begin the upgrade process. I started the process on both pools, all servers, all at the same time. This was not an issue since all the services are shut down anyway, so there was no apparent communication occurring anyway.

The process started at 2:30pm my local time and the PChat pool finished approximately 30 mins later (less to uninstall and reinstall). However, the user services pool ran for two hours. It appeared that the servers were doing little to nothing during every step so I can only assume there is some fail-safe code slowing the process of uninstall and reinstall down. As a reference, the installation of the new Skype pool was completed (along with the Edge) in under one hour (granted basic install, no config, no uninstall).

I am happy to say that after the long wait, everything came up as expected and worked as expected. The edge pool was the last thing that needed an upgrade but I was waiting to get the inside pools completed prior to starting that process. I suspect it will not take long but will complete tonight and post my timings.

In short - make sure you have the requirements met for in place upgrading and the time set aside. Since the entire pool is down during the process you will have some sort of outage unless users are rehomed.

UPDATE 5/12

The upgrade of the Edge pool went as expected. The total time for upgrade was 30 mins and like the inside pools above, both servers were upgraded at the same time. I did notice that when I upgraded the Edge pool in the topology, the Skype-Skype Federation Search was automatically enabled. While this is a feature I do want, if you do not, or perhaps do not have the port open on the edge servers (outbound 443), then this is something you would want to disable before publishing.

Greg on May 12 commented : "Brian, is there anything new with PChat?"

Brian responded : "@Greg Unfortunately no, the PChat management and usability is the same. That means the architecture is no different as well."

Shawn Harry commented on May 20:  "Yammer duplicates a lot of pChat functionality. I doubt MSFT will develop it any further in further iterations of SfB as Yammer is now their strategic offering for Enterprise internal communications/collaboration. It'll likely be de-emphasized with support remaining in place for the Large Enterprises who've invested in it until its finally deprecated."

Brian responded : "@Shawn This is true for the general masses but PChat was originally developed for the Financial Services industry and I doubt it will be going anywhere any time soon. Yammer provides little to no ethical boundaries and or security in the way PChat does and to me, provides the corporate Facebook experience in a generic/noisy way.

The truth about Call via Work in Skype for Business 2015

This year at Ignite I had the privilege of being asked to speak - this time the topic was "Planning and Deploying Call via Work for Enterprise PBX Users". As always, I had a great time preparing and presenting the topic however there are some that did not receive the message as well as I had hoped. For the record, we speakers are not paid to create and deliver our presentations. I present because I love to speak, especially when it is about a product I am passionate about and LCS/OCS/Lync/Skype4B definitely falls into that category!

It is true that Call via Work (CvW) is not a new "feature" of Lync/Skype4; but, it is also true that it is now being implemented in a new way. The key to the "little different" is where the feature is being exposed. The best example of what the feature is and where it was previously can be seen in the Lync 2010 Mobile app. For all intents and purposes, the 2010 Mobile feature is the Skype via Work feature, simply now in the desktop client.

So with all that said - why was I viewed as a hater of the feature? To clarify - I do not hate the feature, I simply do not agree with the concept of using it for Enterprise PBX users (my topic). :) My warnings of blind implementation were taken a little too direct. I was hoping to present the message that CvW was now an option but to plan and prepare prior to any implementation. Just because the feature is there doesn't mean we should/need to use it.

Without rehashing what I said regarding the feature and its limitations as a PBX feature, simply stated I believe attempting to use this feature as a replacement to RCC is a mistake - and 9 out of 10 Microsoft engineers agree (no, that is not a real statistic but everyone loves math). The feature parity is not there so that should be a given.

In addition, the users must understand the process. This understanding is something more than just making a call (as we often say, dial-tone should just simply work and users expect that). IMHO, in order for the feature to be used correctly, the user must understand the call flow concepts so intelligent decisions may be made (by the user).

Last point was administration of the feature is a nightmare for those environments that wish to control the call-back-phone. Yes, PowerShell is our friend and yes, PowerShell can help automate the need to create a CvW profile for every user - but there is still the potential for a single profile per end-user - yuck! Since this is a PowerShell-only task that means typical Level1 and perhaps even Level2 support will not be involved making the provisioning process tedious, cumbersome, and prone to errors.

Could Microsoft make the process better? Sure - a simple option in the policy that states the call-back-phone number is automatically set to the users' LineURI would be an awesome feature/option. One global policy, one setting, and we are done. We could then make user policies for those that we want to be different if that was our need. Or vice-versa - we could set the global to no set call-back-number, a user policy to use the LineURI, and then the occasional odd-ball users where they do not match we could create yet another user policy. Today the options are limited but who know what the future of Microsoft holds. One thing is for certain, options are the key to Skype for Business and that is what we need.

So, stepping back a bit, let use start with what is CvW (I know, a little late in the game but better late than never)?

CvW is a feature that allows the end user (assuming allowed by policy) to set their ring-back-number that will be used when making outbound calls from Skype4B. The user would initiate the call, their specified number would ring, and when the Skype4B user answered the incoming call, the system would bridge their two calls together presenting the user's Skype4B caller-ID to the outside callee.

Awesome right? That means I can be at home, make a call back to a customer/vendor/whomever and it would appear to be coming from my office. Perhaps that is an awesome strategy for staying at home when the boss is away and any calls to the boss would look like they were coming from the office. :) Or perhaps your Internet connection at wherever you are is simply unreliable or experiencing poor bandwidth so that a VoIP call would not be practical. Or maybe you simply forgot your headset and would rather not talk into the microphone of the laptop, so using a land line makes more sense (or cell - whatever number you wish).

The point is - there are all kinds of reasons you may want to use this feature; in fact, there are a bunch of good ones. My favorite use happens to be when I am travelling. Inevitably the hotel Wi-Fi is congested and poor quality at the end of the day; if I need to make a call to anyone (family, friends, clients), I use the hotel phone as my call back number and I have a great calling experience. However I am not using it - as my presentation title suggested - as my PBX phone in hopes of retaining life out of my PBX system. Instead, I am adding to the feature-rich experience of Skype for Business, something we all can appreciate as a good idea.

One of the general use concepts from Microsoft's perspective deals with "what do I do with my PBX and desk phones if I implement Skype4B? Am I duplicating systems?". In some aspects the answer is yes - in fact you are. However, there is a potential use case where instead of purchasing a new desk phone and ripping out the PBX we simply tie Skype4B into the existing system using CvW, and create the hybrid-type solution. As mentioned in the presentation, this is not the correct solution for all phone systems, companies or even users. This rolls back to making intelligent deployment decisions and testing, testing, testing. Ideally once the ROI on the old phone system is reached, it would be removed, Skype4B would replace the system as a complete solution, and everyone is happy.

In my experience and with my customers this would not fit well but the important thing to remember is that you have options.

Hopefully this clears up the confusion on my like/dislike of the feature and feel free to leave your comments/questions below, I'd love to hear your thoughts on the matter.

February 2015 Lync Client/Server Update

Microsoft quietly released the Lync Client and Server CU for February 2015 and perhaps with good reason; little to nothing appears to have been added to Lync other than a not quite functioning correctly  CsClientPolicy setting EnableSkypeUI. The policy is designed to allow a Lync 2013 server admin to preserve the look and feel of the Lync client after the 'Skype' CU has been delivered either automatically via O365, via Windows Update, or via the system administrator. By default this value is $NULL which SHOULD equate to ‘Use the Lync UI’ but instead it defaults to ‘Use the Skype UI’. Setting the value to $FALSE will force the Lync UI and in future client releases (read that as RTM) the feature will work as expected.

Missing/odd features is definitely not a reason to apply a patch and since it has been 30 days since the release with no known/major issues I would say all is good. The patch does update Core, Server, RGS, Management, and Web Components as well as databases.

There are a few database upgrades required for the backend databases (QoE), and for the CMS (assuming you are up-to-date (i.e. since December 2014)). It is interesting that Microsoft is calling out the sequence with more vigor and I cannot stress enough how important it is to make sure your databases match your CU level or ‘bad things happen.’  We discuss over and over how to check upgrade readiness as well the database upgrade methods so if you are unclear, review previous posts here.

Lync Server 2013

5.0.8308.872

2809243

MS Download

 

Lync 2013 Client 32-bit

15.0.4693.1001

2920744

 

 

 

Lync 2013 Client 64-bit

15.0.4693.1001

2920744

MS Download

Additional Notes: 
Lync Server 2010 build number is 4.0.7577.709

Lync 2010 Client build number is 4.0.7577.4446

Lync Server 2013 build number is 5.0.8308.872

Lync 2013 Client build number is 15.0.4693.1001
 

Lync Group Chat build number is 4.0.7577. 4409

Lync Group Chat Server build number 4.0.7577.4409

Lync Group Chat Admin build number 4.0.7577.4409
 

Lync Attendee build number is 4.0.7577.4382

Lync Attendant build number is 4.0.7577.4098

Lync Phone Editions build number is 4.0.7577.4455
Lync Phone Edition (Tanjay) build number is 4.0.7577.4451
Lync for Mac 2011 build number is 14.0.10

Lync 2010 for Windows Phone build number 4.3.8120.0

Lync 2010 for iPhone build number 4.7

Lync 2010 for iPad build number 4.7
Lync 2010 for Android build number 4.0.6509.3001
 

Lync 2013 for Windows Phone build number 5.8.1327.0

Lync 2013 for iPad build number 5.6

Lync 2013 for iPhone build number 5.6

Lync 2013 for Android build number 5.5.3.8935
Lync 2013 for Android tablet build number 5.5.3.8919
 

Lync Basic 2013 build number is 15.0.4420.1017
Lync VDI 2013 build number is 15.0.4420.1017

Office 2016 / Skype for Business 2015 Client Preview

Much has been posted recently regarding the preview of Skype for Business client and what it has to bring to the table. The basic office team announcement was made on their blog (found here) this morning but others attending the various release functions commented as well. Those comments are the ones I have issue with and want to make a few basic comments of my own here.

First and foremost the new Skype for Business client is NOT a new client but rather an update to the existing Lync client. That's right - a CU/KB is applied and voila - you have the new Skype4B client. That brings a lot of ramifications with it, not the least that this client does communicate and work with Lync Server 2013 just fine. In its basic client upgrade and work as you are state, the features are the same, but you get a new look.

Skype4B client does NOT add the additional functionality of initiating calls, communication, etc. directly from Office apps (such as Outlook) as Lync already did that - and has done that - forever. This is nothing new and the contact cards are still shared. This also means it is not pulling on Lync features, they are Lync features as again, this is Lync under the covers.

Another important feature - and one that has been available in Lync for some time - is the ability to communicate with the public Skype counterpart. The idea of public federation was introduced in 2006 with Live Communication Server 2005 SP1 (that's LCS, the predecessor to OCS which was the predecessor to Lync). Public federation is a feature that has been in Lync's history and today (and yes even yesterday) you had the option to configure this federation link using the Microsoft provisioning website of https://pic.lync.com. Will the process and the features improve with time - yes, but not a new feature as of today.

Skype for Business Client and Office 2016 are coming and are exciting improvements. But it is important to understand what the changes are, how they impact current infrastructure, and what  (if any) impact that means on your end users. The last big piece of that equation is rolled into the original comment above - that this release is simply a cumulative update. What if you don't want the update? Well for those on-premise that are delivering Office Pro Plus 2013 using the "fat" method, easy - don't install it. For those using the Click-2-Run Office 365 distribution method - not such an easy decision. The good news is regardless, administrative control will be available to decide how Lync/Skype looks on the desktop using Lync/Skype client policies. This means the updates can occur and the switch to the new interface (and potentially new features) can be at the control of IT.