Advancing from a previous post this article addresses setting up a few test users and configuring various client and server features. The overall functionality and health of the newly installed Skype for Business Server 2015 environment will be validated prior to moving forward with the deployment of any additional roles or configuring any partner applications.
Configure Users
Throughout this section a mixture of approaches will be used to create and configure a pair of test accounts. Examples of both GUI (Graphical User Interface) and CLI (Command Line Interface) approaches will be leveraged in an attempt to educate the reader on both options as well as serve as a quick reference for some simple, yet customized PowerShell cmdlets to perform routine tasks. For the sake of simplicity the personally preferred option can obviously be used for all steps.
Create User Accounts
- Using Active Directory Users & Computers create a new Active Directory user account (e.g. jeff@jdskype.net). This first account can be used for the majority of validation steps through this series of articles.
- Utilizing Windows PowerShell create a second user account (e.g. steve@jdskype.net) for the purposes of testing various two-way communication tasks. Enter the desired name, account, location, and password fields in the following example cmdlet.
New-ADUser -Name "First Last" -GivenName "First" -Surname "Last" -DisplayName "First Last" -Path "OU=Users,OU=Lab,DC=jdskype,DC=net" -SamAccountName "first" -UserPrincipalName "first@jdskype.net" -AccountPassword (ConvertTo-SecureString -AsPlainText "p@ssword1" -Force) -Enabled $true -ChangePasswordAtLogon $false -PasswordNeverExpires $true
Now that two new user accounts have been created in Active Directory some additional steps can be performed on each to configure them for Exchange and Skype for Business.
Enable Users for Exchange
This is an optional step and can be skipped if the environment does not include any Exchange servers. As integrating with Exchange Server 2013 provides a number of features for Skype for Business (Voice Mail, Unified Contacts Store, Archiving, etc.) then it is recommended to deploy Exchange .
- Connect to the Exchange Admin Center and then from the default Recipients > Mailboxes page select the “+” icon to create a new User Mailbox.
- Select Existing User and then click Browse. Highlight and select one of the two new users accounts and then click OK and Save.
By contrast the other account can be enabled with the same mailbox configuration using a simple Exchange Server cmdlet instead of the web management user interface.
- Using the Exchange Server Management Shell enter the following cmdlet with the appropriate username.
Enable-Mailbox -Identity "DOMAIN\username"
Enable Users for Skype for Business
As in the previous steps the first account will be enabled using the GUI process.
- Using the Skype for Business Server 2015 Control Panel navigate to the Users section and click Enable Users.
- Click the Add button and then either type in the name of the first user account or simply click Find to list all AD user accounts which have not yet been enabled for Skype for Business.
- Highlight the desired user account and click OK to return to the previous screen.
- Select the Skype for Business Front End server from the ‘Assign users to a pool menu. If Exchange mailboxes were created for these accounts then the default SIP URI option of Use user’s email address is sufficient. If there is no associated mailbox for the user accounts then instead select Use the user principal Name (UPN) option. (Either option in this environment will work as both the SMTP address and UPNs are identical.)
- Click Enable to complete the process and enable the account for Skype for Business.
Additional options will be enabled and configured later on as those associated components are configured on the servers (e.g. Enterprise Voice). The next step is to enable the other account using a command line.
- Using the Skype for Business Server 2015 Management Shell enter the following cmdlet with the desired user account name.
Enable-CsUser -Identity "DOMAIN\username" -SipAddressType EmailAddress
-RegistrarPool "fe.jdskype.net"
This completes the prerequisite setup for the two test accounts. If additional accounts are desired simply repeats these steps, using either method for each new account to be created.
Update Address Book
As these two accounts where just created then manually updating the Skype for Business Address Book data will make it possible to search for them in the client without waiting for the preprogrammed server interval of 24 hours. This process has remained relatively unchanged since Lync Server 2010.
- In the Skype for Business Server 2015 Management Shell execute the following Update-CsAddressBook cmdlet.
Update-CsAddressBook –v
Using the verbose (-v) switch is optional but displays additional details explaining that this action is not immediate.
- To check on the status of the process open the Windows Event Viewer and then navigate to Applications and Services Logs > Lync Server. Refresh the log periodically until the following grouping of LS Address Book Server messages are recorded.
Test Client Connectivity
Starting with a single domain-connected workstation attempt to sign-in to a Skype for Business 2015 client with either user account that was created.
Configuration
Notice that the client’s experience is very basic at the moment. There is no user photo, no Phone tab, and no Location data for example. The user’s photo could be provided by either Active Directory (low resolution) or in Exchange Server 2013 which will be addressed in a later article.
- To check the configuration information passed down to the client during registration hold the CRTL key while right-clicking the Skype for Business notification icon in the System Tray. This will reveal a hidden menu option called Configuration Information which will display details like the following:
DG URL Internal;https://fe.jdskype.net:443/groupexpansion/service.svc;–;
DG URL External;https://fe.jdskype.net:443/groupexpansion/service.svc;–;
Quality Metrics URI;;–;
ABS Server Internal URL;https://fe.jdskype.net:443/abs/handler;–;
ABS Server External URL;https://fe.jdskype.net:443/abs/handler;–;
Voice mail URI;sip:jeff@jdskype.net;opaque=app:voicemail;–;
Exum URL;;–;
MRAS Server;;;
GAL Status;https://fe.jdskype.net:443/abs/handler;–;
Focus Factory;sip:jeff@jdskype.net;gruu;opaque=app:conf:focusfactory;–;
Line;;–;
Location Profile;DefaultProfile;–;
Call Park Server URI;sip:fe.jdskype.net@jdskype.net;gruu;opaque=srvr:Microsoft.Rtc.Application…
Server Address Internal;;–;
Server Address External;;–;
Server SIP URI;jeff@jdskype.net;–;
Exum Enabled;FALSE;–;
Controlled Phones;TRUE;–;
GAL or Server Based Search;GAL search;–;
PC to PC AV Encryption;AV Encryption Enforced;–;
Telephony Mode;Telephony Mode Disabled;–;
Line Configured From;Auto Line Configuration;–;
Configuration Mode;Auto Configuration;–;
EWS Internal URL;;–;
EWS External URL;;–;
SharePoint Search Center URL;;–;
Skill Search URL;;–;
Skype for Business Server;fe.jdskype.net;–;
Local Log Folder;C:\Users\jeff.JDSKYPE\AppData\Local\Microsoft\Office\15.0\Lync\Tracing;–;
Inside User Status;TRUE;–;
Contact List Provider;Skype for Business Server;–;
Pairing State;Skype for Business cannot connect to your desk phone because the USB cable is not plugged in. Make sure that you connect the cable.;Enabled;
UCS Connectivity State;Exchange connection Down;–;
MAPI Information;Your Outlook profile is not configured correctly. Contact your support team with this information.;MAPI unavailable;
EWS Information;;EWS not deployed;
License State;Lync ProPlus;–;
Hanging Notification Status;;Disconnected;
pChat Room Mgmt Int URL;https://fe.jdskype.net:443/PersistentChat/RM;–;
pChat Room Mgmt Ext URL;https://fe.jdskype.net:443/PersistentChat/RM;–;
Container list Preferred Endpoint;TRUE;–;
pChat URIs;;–;
pChat Default URI;;–;
pChat Enabled?;FALSE;–;
Note the null values above for the various roles which have not yet been deployed or configured. As additional roles are deployed like an Edge Server, Outlook Web App Server, and Exchange Server these parameters will no longer be blank .
Conferencing Services
To validate that the different Multipoint Control Unit (MCU) services are functional on the Front End server an ad-hoc conference can be started to test the various modalities.
- On the Skype for Business client menu select Meet Now.
If this is the first time a meeting was started, and depending on the available resources and processing power on the Front End server the initial startup could take a few seconds. A beeping tone may be heard during this time as the server allocates resources to host this conference.
- When the meeting begins enable video by selecting Start My Video from the camera button.
- If a second workstation is available then sign in to a Skype for Business client using the other the other account (e.g. steve@jdskyp.net) .
- Invite the other user account to the meeting to test audio and video in both directions. This validates the operation of the Audio/Video Conferencing service (RTCAVMCU).
- Click the IM button to show the conversation panel and type in a message. Verify that the messages was received on the other workstation and type in a response. This capability leverages the IM Conferencing service (RTCIMMCU).
- On either workstation click the Present button, select either Present Desktop or Present Programs, and choose from a running application. Click Present to being sharing the screen. This tests the Application Sharing service (RTCASMCU).
If the earlier deployment was successful and each of these features are working as expected this indicates a healthy Skype for Business Front End server. This seems like a good point to start (temporarily) breaking things for the purposes of education.
- Leave the conference running as shown above and then connect to the Skype for Business Front End server.
- Open the Services administrative tool on the server and scroll down to the multiple Skype for Business Server entries.
- Select the Skype for Business Server Application Sharing service and then choose the Stop action.
Almost immediately the following messages should appear on screens of both meeting participants, and the shared desktop or application will have disappeared.
Note that the remainder of the meeting capabilities (e.g. video, IM) are still functioning. Yet if the Present button is selected the menu options for presenting the desktop or an application are now gone. Only the Present PowerPoint Files option should still remain, although this feature is not yet functional as the required Office Web Apps server has not yet been deployed in this environment.
- Stop the Skype for Business IM Conferencing service and then attempt to send another message in the meeting.
Another error will appear indicating that the service providing this capability is not currently available.
- Stop the Skype for Business Audio/Video Conferencing service.
Immediately both of the far-end participant and local video displays should disappear and within a few seconds a message should appear indicating that the call has been dropped. Technically the client is still connected to the meeting, but nearly all of the available modalities have been crippled.
Attempting to click rejoin at this point would result in an ‘Operation was unsuccessful’ response. Restoring the individual services will also allow the meeting to return to its former state.
- Start the Skype for Business Audio/Video Conferencing service and then select Rejoin from on of the clients. The other participants in the meeting will be prompted to reestablish the audio and video.
- Start the Skype for Business IM Conferencing service to restore instant messaging in the meeting.
- Start the Skype for Business Application Sharing service to return the server back to fully functional. Share the desktop or an application from one of the workstations to verify the functionality..
Performance Monitoring
With the existing conference still running and all modalities restored a number of basic queries can be run on the server to get some insight into what the current load is. Obviously in this example there is only a single meeting running but the same concepts apply when performing these actions on a test or production environments which may return much more data.
- Open the Skype for Business Management Shell and type in the Get-CsWindowsService cmdlet to query the status of each service.
Get-CsWindowsService
Note that the ActivityLevel field reports the concurrency of active conferences, connoted users, and how many are participating in the various modalities. In this environment the single running conference with two participants are reflected in the data shown above.
To get a detailed look at the performance metrics for the running conference the basic Windows Server Performance Monitor tool can be used. As usually is the case with this tool it can be a daunting task to identify what counters to view, so here is an easy way to list all, or a subset, of the sets related to Skype for Business Server.
- In the Skype for Business Management Shell enter the following Get-Counter cmdlet to list any sets which are applicable to the various MCU services. (All of the Skype for Business counters are prefixed with ‘LS:’ which is a carry-over for Lync Server.)
Get-Counter -ListSet "LS:*MCU*" | Select-Object CounterSetName
- Launch Performance Monitor on the Front End server and select a few various counters from the counter sets listed above. In the following example are a handful of different related counters were added across the application sharing, IM, and A/V MCUs.
- For environments with a small number of conferences running change the graph’s Maximum to a value lower than 100 in the Action > Properties > Graph > Vertical Scale settings.
At this point the Skype for Business environment is ready for additional configuration which will be covered in upcoming articles in this series. To find an updated list of the applicable articles simply combine the Deployment and 2015 tags as shown in the following URL to filter for only Skype for Business 2015 Server deployment articles on this site.
I followed your step-by-step guide and am setting up on our production environment. I get all the way to the end and connect test users, but all the test users i query show “unknown presence” and when I im the user I get “the action could not be completed. Please try again later” all services are running, and if I add the user as an external user i can now im them, have you ever ran across this issue.
Hello, when I try to test client connectivity, the SFB send me the following message: There was a problem verifying the certificate from the server.
How can I fix that?
Rgds,
If the client you are testing from is not joined to the Windows AD domain then it won’t automatically trust certificates issued by an internal Enterprise Windows CA. You’ll need to manually import the Root CA’s piblic certificate into the workstation.
Hello .. You´re right. My client was not joined at Windows AD.. I´ll test it later. So, if I am testing an iphone app, do I need the certificate? How can I trust my iphone to work?
Rgds,
Hello Jeff,
Very many thanks of your rich articles, would you please share your knowledge about publishing skype with ARR! I`l be appreciated to do so.
I may write up this process as I get farther into this series. Sticking with an internal only deployment for now but if I decide to address Edge deployment this will be included as well.
Hello,Jeff,How to do “skype for business 2015 integration mx700 mx300 sx20” ?
Thank you !
Hello Jeff,
We are still experiencing issues between Skype and SFB federation particularly with this scenario
Whenever a Skype account (not associated with MS) goes offline then upon coming back, the chat box in Skype client for your SFB contact is grayed out and you won’t be able to type. It will only resolve after removing the SFB contact and readding them back (1-3 times)in Skype.. then that’s the time the chat box goes ungrayed. We don’t encounter this with a Skype account being linked with an MS account with the same SFB contact, Could you please have a look or advise on this? Thanks a lot.
Hi Jeff,
it’s working like a charm! Would you please write an article about configuring the edge Server? I would love to use SFB externally as well.
Big thanks!
Chris
Hi,
Thanks for posting this useful info.
I am now able to do the video and audio conferencing with 2 users but i am not able to that with 3 or 3+ users.
Video and Audio conferencing is not working for 3 or 3+ users. How can i achieve that?
Any help would be highly appreciated as i need the solution urgently. I don’t want to access it externally, just i need it on my intranet.
Hi Chandan,
I am facing the same issue and not getting any clue. Could you guide what was wrong in your case and how did you fixed it,
Hi Jeff,
Followed your guide successfully, thanks for sharing the knowledge! I too look forward to configuring an edge server and using SFB externally.
Thanks again!
Shaun
Hi Jeff,
We have a lync 2013 environment, exchange 2010..
UPN = EmpID@LegacyDomain.net
Email = FirstName.LastName@Org.com
SIP = FirstName.LastName@Org.com
We are looking to go to Office 365. However over 40% of our users don’t have an email address.
Is there a way for Lync Authentication to utilise a differen UPN to the SIP address and give the users an integrated authentication.
Ideally we would like
UPN = EmpID@org.com
Primary SMTP = FirstName.LastName@Org.com
Secondary smtp = EmpID@org.com
SIP = ?? FirstName.LastName@org.com
We want this so that the UPN stays unique when name changes take place.
Is there a way to ensure when AutoDiscover takes place it utilses UPN and not SIP?
It seems strange the UPN isn’t used for all authentication with Microsoft products?
Thanks
Peter, I’m not quite following this. The UPN is used for authentication, the SIP URI is not. If they are identical then this is transparent, but if they are not the same then users will be prompted for their user name separately.
Hi Peter,
What you want to do in the organization is possible. Why?
AD and AAD uses UPN or SamAccountName default for authentication. Independed what kind of service you profide.
So if you use EmpID@org.com for UPN of org\EmpID for SamAccountName. You still can use
Primary SMTP FirstName.LastName@Org.com, Secondary smtp EmpID@org.com
And SIP FirstName.LastName@org.com. These values will be populated in the ProxyAddresses. as an Alias.
Primary SMTP will be “SMTP:FirstName.LastName@Org.com”, Secondary SMTP will be “smtp:EmpID@org.com” and the SIP will be “sip:FirstName.LastName@Org.com”
Only take in account for SMTP you can add alot more aliasses. for sip only one can be used. This one will also be polulated under msRTCSIP-PrimaryUserAddress.
I hope this is clear?
Hi Jeff,
Firstly Great articles -, now maybe you can help me, was up and running with a SFB pilot on server 2012 R2 until I installed March 2016 Cumulative Update across 3 server enterprise edition SFB and also updated the backend standalone Database – and verified all versions are matched. Now I cannot start the Pool, I have tried all the various suggestions re: resetting the quorum, doing a full reset, repairing windows fabric, rebooting the servers, re-installing core components and removing the March Updates all to no avail.
Other than a rebuild have you any other suggestions I could try, was going to remove the front-end component and windows fabric from add/remove programs but get prompted to do this from the delpoyment wizard. How can i remove the front end component and re-install using the wizard, do I have to delete the server from the topology first. Any help appreciated, Thanks
Nothing comes to mind and I assume you’ve just rebuilt it by now.
Dear Jeff,
Thank you so much for putting together this guidelines, they have been quite helpful to us, however, I may need your help and/or advice, not only for you, but perhaps for the entire forum.
We are in the process here at work to upgrade from LYNC 2010 and Clarity 2.0 to Skype for Business 2015 and Clarity 4.0. So far, the preparation for the new infrastructure is going well, but I am facing an issue when trying to publish the new topology for SFB 2015, pretty much, is detecting the current topology from Lync and the setup process is asking me to point to the current CM server (which is Lync) and its current SQL Server.
The message I am getting when changing that path is an “upgrade” of the database, which I am afraid to do because I do not want to break something. Good thing everything is running in a virtual environment so I can take a snapshot of the VM before doing any changes, but I would like to touch base with you guys and see if there is safe for me to do the “upgrade” of the database or if I need to do something else.
Your help will be greatly appreciate it.
Have a good day all.
Hi Jeff,
Sorry for my ignorance firstly, I am attempting a deploying of Skype for Business 2015 Standard server with the ability for users to access and use skype externally (when not on the corp network) I have run through your guide and everything works internally but when we try to connect externally we have not success whether it be on say an iPhone or a Windows laptop that is not on the domain (laptop works fine internally). Would you be able to possibly advise on what I have missed or what I now need to configure as well?
Your help will be greatly appreciate it.
Hi Jeff,
Are you planning to write a pool pairing SfB installation step by step guide? The problem I am having is the lack of credible material on the web describing the process of setting up the DR site.
main issues I have is the internal certificate for the FE – what SANs to include
also the DNS and SRV records needed for each pool ( lyncdiscover, meet, dialin, sip etc)
Daniel, it’s not on my to-do list and given the amount of work needed to setup an environment like that and test I doubt I’ll be able to tackle it myself.
Daniel,
Maby I can provide you with the step by step guide. As im already have an environment with 4 FE pools. And this documentation is almost finisched, Next on the to do list partial migrating to TEAMS 🙂
Hi Tarim,
Can you please send this Guide to me as well.
saaqlain.haider@gmail.com
Hi Jeff,
I have successfully deployed SFB Server 2015, however i am encountering an issue on the client on signing in. It was stuck on contacting servers and signing in. What should i do?. Your response will be greatly appreciated. Thank you.
Mark, that could be any number of potential causes. If the client never returns an error then it could be a connectivity issue to the Internet from the workstation you are on.
Hi Jeff,
How do we extract a list of users with their last logon time in skype for business?
Thank you.