Winter 2016 SkypeUG Meetings

January 26, 2016 by · 1 Comment 

The next round of quarterly Skype for Business Users Group meetings has been announced and scheduled starting this month.


Latest News

As of last quarter’s events our group has made a few exciting changes.  First and foremost is the rebranding from the Lync Users Group to the Skype for Business Users Group. For discussing and sharing event information on social media keep an eye out for @SkypeUG and #SkypeUG.

This change also includes a brand new web site which will be used for all member registrations, for all locations, going forward.  The events will transition away from the individual pages over the next few quarters.  The new site gives us the ability to roll out new features and content for all event locations uniformly and will allow us to grow as additional cities are added over time.

Event Details

This quarter’s event will be conducted in our familiar two-session format:

The first session, presented by Polycom, will cover an array of available video and audio conferencing products as well as video interoperability solutions for Skype for Business.  A Microsoft Solutions Architect from Polycom will be on-hand to lead the discussion and address any technical questions from the group

The second session will provide an in-depth look at the new features and capabilities of the recently launched Cloud PBX solution in Skype for Business Online.  A local subject matter expert will be leading this presentation.

Industry Experts will be on-site to deliver these presentations and help answer any questions related to Skype for Business.  Food, beverages and additional door prizes will be provided courtesy of the Skype for Business Users Group and its official sponsors.

Western U.S.

Central U.S.

Southern U.S.

Eastern U.S.


For a full schedule of regional events the Skype for Business Users Group Meetups page lists all planned event locations with links to the associated registration page for each regional group.  For anyone who is not yet a member and would like to participate simply visit the site listed above and register for your local group, this will automatically create a new user account for you to use again for all future event registrations..

Chicago Event

As usual I will be hosting the Chicago event downtown.  Food will be ready at 5:30 so come early if you can to spend time socializing with the group before the presentations begin at 6:00.

Date Location Address
Thursday, January 21th
5:30PM – Food and Networking 
6:00 PM – Presentation Kickoff
Chicago Users Group Microsoft Technology Center 
200 East Randolph Drive, Suite 200 
Chicago, IL 60601


Additionally I am attending the following events this quarter to provide the sponsor presentations in-person:

  • Jan 26 – Cincinnati, OH
  • Jan 27 – Milwaukee, WI
  • Jan 28 – Kansas City, MO
  • Feb 04 – Boise, ID
  • Feb 10 – Portland, OR
  • Feb 11 – Seattle,WA
  • Feb 16 – Detroit, MI
  • Feb 18 – Charlotte, NC
  • Mar 02 – Atlanta, GA

The remaining events are being handled by regional experts including Dustin Hannifin, Randy Wintle, Adam Jacobs, Jose Mateo, and Paul Gurman.

Updating Trio 8800 Firmware

December 28, 2015 by · 12 Comments 

On the heels of the recent release of the Polycom RealPresence Trio 8800 comes the first firmware upgrades.  In the same fashion as previous articles on this blog covering various Lync and Skype for Business devices like the VVX desktop phones or the CX5500 RoundTable camera this article outlines the various ways that the Trio 8800 can be upgraded.  This article will also be updated over time to include the latest available release along with a documented history of all firmware releases pertinent to Lync and Skype for Business platforms.


Firmware Versions

The following table lists Lync-qualified UCS releases which support native device updates and will continue to be updated as future releases are posted online, including links to both Release Notes and the software packages.  The .cab format links are the correct firmware packages for using with the Lync and Skype for Business Device Update Service, while the .ld format is for use with a USB drive or a traditional provisioning server deployment.

Additional releases in the same version will often include an letter revision code (e.g. Rev AB) to indicate a newer version, in addition to the last five digits of the full version number being incremented. 

Version Date Details Links
11/20/2015 Initial public firmware release Release Notes
Firmware (.cab)
Firmware (.ld)
5.4.0 Rev AA
12/08/2015 Maintenance release including hotfixes and the following enhancements:
* Audio-only participant indicator in conference calls
* New parameter to hide the Sign Out button when already registered
Release Notes
Firmware (.cab)
Firmware (.ld)
5.4.0 Rev AB
12/22/2015 Maintenance release including hotfixes and the following enhancements:
* Corrected hardware ID of devices shipped from factory as Lync Base Profile enabled
Release Notes
Firmware (.cab)
Firmware (.ld)
5.4.1 Rev AA
1/29/2016 Release including hotfixes and the following enhancements:
* Skype for Business 2015 Server and Online registration and provisioning support
* USB audio device support for Lync 2013 and Skype for Business 2015 clients
* Smart Login which hides PIN Authentication option on non-configured networks
Release Notes
Firmware (.cab)
Firmware (.ld)


Also be aware that currently the firmware releases for Trio are not lock-step with the existing VVX releases, nor with the CX5500 releases.  While each of these platforms are currently using versions in the 5.4.x branch the actual release versions may or may not have the exact same build number between the different platforms.  Note that it is not possible to load the wrong firmware on a device in the event that the software packages are somehow mixed up between these various products.

Update Processes

From a software standpoint the Trio platform is based on the same Unified Communications Software (UCS) platform that the entire line of modern VVX phones use, thus the majority of upgrade options are the same.

Web Management Interface

As covered in various other VVX articles this process is unchanged in the Trio.  The same steps listed at the beginning of this recent article can be used to upgrade the phone firmware if not already familiar with it.  If the Lync Base Profile is currently enabled on the Trio then the web management interface will be disabled by default.  This must first be re-enabled either manual from the phone or via a centralized provisioning configuration before the UI can be accessed remotely on the phone to perform the upgrade process.

Provisioning Server

As previously covered in this article a centralized provisioning server can be deployed, or an existing deployment designed for other Polycom SIP phones can be leveraged by the Trio.  In fact there is nothing else which must be configured is the environment is already setup to support existing VVX phones.  As stated because the Trio uses the same base UCS platform then the Trio will adhere to any existing DHCP, LLDP, or other network configuration parameters specific to the IP phones.

  • To prepare the provisioning server with the the latest firmware release for the Trio simply download the desired .ld package from the table at the top of this page and then extract the 3111-65290-001.ld file into the appropriate directory on the central provisioning server.

Also note that Microsoft partner Event Zero includes a Provisioning: Polycom module for their popular UC Commander solution that uses this same model.

Device Update Service

The Microsoft native firmware update process that was added to Lync Server 2010 to support Lync Phone Edition devices has been supported by Polycom VVX phones for over two years now, as of the initial 5.0 firmware release.  Both Lync Server and Skype for Business Server platforms include this in-band firmware updating service and leveraging this capability is inherently available in the Trio as well.  This previous article outlines exactly how to configure VVX phones to utilize this and the same configuration applies to the Trio.

  • To prepare the Lync/SfB device update service with the latest firmware release for the Trio simply download the desired .cab package from the table at the top of this page and then extract the package as outlined in the article linked above.

USB Flash Drive

While the Trio can be updated in all the same ways that VVX phones already support there is a new capability provided with the Trio: using the local USB port.  In fact this is a very similar process to what the CX5100/5500 also supports for firmware upgrading.  (Note that while the some VVX desktop phone models do include a standard USB port they do not currently support this USB upgrade method.)

While most any USB flash drive should work for this process it is recommended to use a USB 2.0 drive.  And because the firmware is only a few hundred megabytes then pretty much any available USB drive can be used.

  • Format the USB drive as FAT32


  • Download the desired firmware version from the table at the top of this article.  Use the .ld link to download the proper package format needed for the USB process.  (The .cab file format is not valid for this procedure.)

  • Extract the master configuration file (000000000000.cfg) and the Trio firmware file (3111-65290-001.sip.ld) .


  • Save these files to the root of the USB drive.


  • Insert the USB drive into the USB Type A port on the left side of the phone’s front leg, as shown in the photo below.


The Trio will recognize that the inserted drive contains firmware information and will automatically display the USB Provisioning menu on the unit’s screen.

  • Enter the device administrator password. (The default password is 456 which is the same as the VVX phones.)

  • Tap Yes to confirm and immediately begin the USB firmware update process.

image     image

Once confirmed the notification icon of a spinning gear should appear in the upper right corner of the display.  In addition if the USB drive contains an activity LED then it should be flashing to indicate that the phone is currently reading the files from the disk.


After a few minutes the USB drive activity light should stop flashing which means the files are finished copying to the phone.  The gear icon should continue to rotate for a few more minutes though as the Trio is still processing the firmware files.

  • Leave the phone alone for a few more minutes and it will automatically reboot upon completion of the firmware update.

The entire process after confirming the administrator password should take less than 10 minutes, so as long as the gear icon is still spinning do not reboot the phone, just wait for the eventual reboot.

  • After the Trio is back online the new version number can be verified from the following menu: Home > Settings > Status > Platform > Application > Main



On some early models of the Trio the USB process may not work as described above. If after inserting the USB drive the phone does not appear to recognize the firmware package and does not automatically prompt for the administrator password then an additional manual step may be required.

  • Rename the “3111-65290-001.sip.ld” firmware file on the USB drive to simply “Trio8800.sip.ld” and then reinsert the USB drive into the phone.

The affected models should now successfully recognize the firmware file and trigger the update process. Once the 5.4.0 Rev BB release has been applied to the phone then this manual step will no longer be required for future updates as the phone will now recognize the correct firmware file names automatically.

Skype for Business and Exchange UM Integration

October 30, 2015 by · 1 Comment 

This article covers the configuration steps for introducing voice mail support into a Skype for Business (SfB) Server 2015 environment by integrating with Exchange Server 2013 Unified Messaging (UM).  Note that this series of Exchange integration articles leverages Exchange Server 2013 and will continue to do so for continuities’ sake.  Microsoft has recently released to the public the installation package for Exchange Server 2016 for use in on-premises deployments.  These articles also apply when using Exchange Server 2016, with one exception related to Instant Messaging integration which will be the next topic addressed in a future article.

The guidance provided here is a more detailed look at what is partially covered in the official TechNet documentation.  The following configuration covers generally the same approach used to integrate previous version of Lync Server and Exchange Server which was outlined in this older article.  Unfortunately the official documentation is partially incomplete and is also split across the separate product guides for SfB and Exchange Server, making it difficult to understand what is needed for a successful integration.  This article will tie all steps into a single set of instructions which can be completed linearly.

One caveat to be aware of is the recommendation to configure UM integration before enabling Instant Messaging (IM) integration with Outlook Web Access.  Configuring UM first will enable automatic discovery of the Exchange environment in Skype for Business using the configured SIP domain namespace.  Establishing this first will mean that when the IM integration is tackled there will be no need to defined the Exchange Server as a third-party Trusted Application in the SfB topology.  If these are configured in the opposite order, meaning that the Instant Messaging integration is performed first, then the setup of Unified Messaging can break the IM integration due to duplicate, conflicting entries for the Exchange Server in SfB.  Thus is is recommended to start with UM integration and follow these articles in the order they were posted.

The sections in this article are outlined in the following configuration steps.  The steps in red are part of the Exchange Server configuration and the steps in blue are performed on the Skype for Business side.


Confirm Prerequisites

Assumptions made for the environment used with this article are that Exchange Server 2013 has been deployed with a relatively recent service pack or cumulative update applied.  The version used in this guide is Exchange Server 2013 CU8 (15.00.1076.009).

Partner Application

The prerequisites steps included in this previous article must be completed first to insure that the Partner Application relationship has already been established between Skype for Business and Exchange.  Other SfB features provided by Exchange like High Resolution Photos or the Unified Contact Store can be enabled in any order, only after the Partner Application relationship is established.

Exchange Certificate

A long standing best practice surrounding the Exchange Server Certificate has to do with how Lync Server parsed the SSL certificate presented to it by the Exchange Server during establishment of TLS communications.  The Lync Server would ignore the certificate’s Common Name (CN) and look at only the Subject Alternative Name (SAN).  With further changes coming on how third parties issue SSL certificates it is becoming more common to focus on the SAN field as the CN field will start to become optional, and eventually even defunct.  That being said the same best practice to making sure to always duplicate the CN value in the SAN still holds true.  Using the Exchange Server certificate wizard to create requests will allow this type of configuration.  At this point it is unknown if this limitation has been addressed in Skype for Business Server 2015 but using a properly formatted certificate makes this a moot point.

  • Using the Exchange Management Shell validate that the existing certificate will be sufficient for use with Skype for Business with the following Get-ExchangeCertificate cmdlet.

Get-ExchangeCertificate | fl


As highlighted above the Certificate Domains field lists all of the Subject Alternative Names on this certificate which includes the Exchange Server’s FQDN which is critical for UM integration to function.  In this example the Subject field shows that the certificate’s Common Name is set to which is also duplicated in the SAN field.  Regardless of what the CN is set to make sure that value is duplicated in the SAN (as per general best practices) and that the server FQDN is included in the SAN field.

This configuration is the most common and allows a single SSL certificate to be used for all roles on the Exchange Server.  In more complex environments with separate Exchange UM servers or other configuration it is possible, but not necessary, to use a separate dedicated certificate on the UM service.

Also make note of the Thumbprint value for the desired certificate as it will be used during the configuration in the next section.

Configure UM Dial Plan

The steps in this section are all performed on the Exchange Server using either the Exchange Management Shell or Management Console.

Create New UM Dial Plan

  • Using the Exchange Management Shell create a new UM dial plan with the following New-UMDialPlan cmdlet and the desired plan Name (e.g. Chicago).

New-UMDialPlan -Name "Chicago" -VoIPSecurity "Secured" -NumberOfDigitsInExtension 4 -URIType "SipName" -CountryOrRegionCode 1


In this deployment the VoIP Security option Secured is used so that both SIP signaling traffic and RTP media traffic will be transmitted between SfB and Exchange using an encrypted TLS communications.  Alternatively opting to use the SIP Secured setting would only encrypt the signaling traffic while all media traffic would be transmitted unencrypted.

Additionally a value of 4 is selected for the number of digits in extension numbers on the pattern 312-555-xxxx where the last four digits are treated as the user’s extension.

  • Using the Exchange Management Shell run the following cmdlet to set the following recommended parameters.

Set-UMDialPlan "Chicago" -ConfiguredInCountryOrRegionGroups "Anywhere,*,*,*" -AllowedInCountryOrRegionGroups "Anywhere"

    Configure UM Services

  • Assign the the UM server to the new UM dial plan and configure support for both TCP and TLS connections with the following cmdlet.   The Identity parameter is the Fully Qualified Domain Name (FQDN) of the Exchange Server (e.g.

Set-UmService -Identity "" -DialPlans "Chicago" -UMStartupMode "Dual"


Now that TLS is enabled for the UM service the Exchange Server certificate needs to be assigned to the service to support TLS communications for signaling and media.

  • Enter the following cmdlet using the Thumbprint value of the same certificate that was queried in the earlier prerequisites steps to insure that the proper certificate is assigned to the UM service.

Enable-ExchangeCertificate -Server "" -Thumbprint "372EDC073A1C21C91FE2C6045FD70B26AD5E239C" -Services "UM"


  • To commit these changes and enable TLS communications on the UM service it needs to be restarted, which can be performed quickly from PowerShell using the following cmdlet.

Restart-Service MSExchangeUM

  • Next perform the same configuration as above on the UM Call Router service with the following cmdlet.

Set-UMCallRouterSettings -Server "" -UMStartupMode "Dual" -DialPlans "Chicago"


  • The UM Call Router service also need to be assigned to the same certificate as the UM service.

Enable-ExchangeCertificate -Server "" -Thumbprint "372EDC073A1C21C91FE2C6045FD70B26AD5E239C" -Services "UMCallRouter"


  • Just like the UM service the UM Call Router service needs to be restarted to enable the new configuration.

Restart-Service MSExchangeUMCR

Customize UM Dial Plan

When the new UM dial plan was created the Exchange Server will have automatically created a default UM Mailbox Policy.  This object will be named with the label ‘Default Policy” appended to the dial plan’s name (e.g. Chicago Default Policy).

The TechNet documentation seems to omit this fact and instructs the creation of another UM mailbox policy.  A simpler approach is to just modify the default object using the following cmdlet.

  • To configure the recommended AllowedInCountryOrRegionGroups parameter use the following cmdlet.

Get-UMMailboxPolicy | Set-UMMailboxPolicy -AllowedInCountryOrRegionGroups "Anywhere" -MinPINLength "4" -AllowCommonPatterns $true

As only a single policy exists then instead of querying for and entering the name of the default mailbox policy use the Get-UMMailboxPolicy cmdlet to automatically pass the results to the cmdlet as shown above.  Additionally some optional parameters were configured to allow for a four digit PIN to be defined instead of the default 6 digit length.  While not recommended for production environments this can be a welcome time saver in lab or test environments.

Define Attendants

The next step to be performed on the Exchange Server is to define and configure the Auto Attendant and Outlook Voice Access (formerly referred to as ’Subscriber Access’) numbers.

  • Using the Exchange Admin Center navigate to the Unified Messaging > UM Dial Plans section and then open the dial plan that was created earlier (e.g. Chicago).

  • Click the Configure button to edit the dial plan and then select the Outlook Voice Access section.
  • Enter the desired phone number to be assigned to the Outlook Voice Access attendant in the proper +E.164 format (e.g. +13125551001) and then add it to the configuration using the ‘+’ button.


  • Click Save to return to the main dial plan window and then scroll down to the UM Auto Attendants section.

  • Click the ‘+’ button to create a new Auto Attendant and then enter a unique Name (e.g. ExchangeAA), enable the auto attendant, and then enter another unique phone number (e.g. +13125551000).


Traditionally Exchange does not do well with spaces in auto attendant names and thus it is still recommended to follow that guidance.

  • Click Save to and then Close to commit these changes to the server.

Enable Users

To validate that the UM configuration is functional then at least one user account must be enabled for Unified Messaging.  This process can be completed from either the management console or shell.

  • To enable the first account launch the Exchange Admin Center which should default to the Recipients > Mailboxes section.

  • Highlight the desired user account and then select Enable under the Unified Messaging section in the right-hand window pane.

  • In the Enable UM Mailbox window browse for and select the default mailbox policy (e.g. Chicago Default Policy) and then advance to the next window.


  • Define a four digit Extension Number if one is not already populated and then, if desired, enter a custom PIN and unselect the option to force the user to change this PIN after they sign in.


In this example the users extension was pre-populated due to the existence of a defined telephone number in the user’s Active Directory object.  Because the dial plan policy was created to use 4-digit extensions then Exchange will automatically take the last 4 digits of the user’s phone number (e.g. 1100).

  • Complete the wizard to save the changes and enable this account for Unified Messaging.

Alternatively the same steps can be performed using Exchange PowerShell cmdlets, so a second account configuration using this process is also covered as an example.

  • Using the Exchange Management Shell enter the following cmdlet to perform roughly the same exact configuration on another existing Exchange user. 

Enable-UMMailbox -Extensions 1101 -SIPResourceIdentifier "" -Identity "JDSKYPE\steve" -UMMailboxPolicy "Chicago Default Policy"


Make sure to enter a unique extension or to omit that parameter if the account’s phone number is already populated with the desired information.  The PIN was not manually set on this account which means Exchange will have automatically assigned a random PIN and then sent an email to the user’s mailbox with that information.

Configure UM IP Gateway

This step is handled by a script which creates the UM IP Gateway and IP Hunt Group as well as grants permissions to Skype for Business Server to read specific UM-related objects in Active Directory.

Make sure to allow for any outstanding AD replication to complete before running this script so that the newly created UM dial plan and any other changes are read by the script in their updated state.  If run too soon then sometimes the Dial Plans listed in the last line of the script output will display as “not found” even though the configuration is correct up to that point.  If that happens it is safe to simply re-run the script, even multiple times if needed, as it will identify any previously successful configuration and thus report that no new changes were applied in those cases.

  • Using the Exchange Management Shell execute the ExchUCUtil.ps1 script located in the Exchange Server’s Scripts directory, as shown in the path below.

cd "C:\Program Files\Microsoft\Exchange Server\V15\Scripts"

C:\Program Files\Microsoft\Exchange Server\V15\Scripts>.\ExchUCUtil.ps1


Note that in this example the Skype for Business Front End server shown at the bottom of the script output displays “{(not found)}” for the DialPlans field.  The value should be displayed as the UM Dial Plan name (e.g. Chicago).  As mentioned above this can usually be resolved by going back and re-executing the script after a few minutes have passed.

  • If this issue appears then repeat the previous step until the results successfully report the expected dial plan as shown below.


To validate the creation of the UM IP Gateway open the Exchange Management Console and then navigate to the Unified Messaging > UM IP Gateways section.  Refresh the page if the new gateway does not appear at first.


Create Attendant Contacts

With the configuration now complete on the Exchange Server the remainder of the steps in this article are performed on the Skype for Business Front End server.

The OcsUmUtil.exe utility is still used to create the Active Directory contact objects for Skype for Business Server to resolve and locate the Exchange Outlook Voice Access and Auto Attendant services.

In older versions of Exchange Server it was required to create an Enterprise Voice Dial Plan in OCS/Lync that matched the exact FQDN of the Exchange UM Dial Plan.  Since the release of Exchange Server 2010 SP1 this is no longer required as indicated by the informational text at the bottom of the utility.  The UM Dial Plan will be automatically discovered and thus no additional Enterprise Voice configuration is required on the SfB Server to enable UM integration.

  • Launch the OcsUmUtil.exe program located in the Skype for Business Server’s Support directory, as shown in the path below.

C:\Program Files\Common Files\Skype for Business Server 2015\Support

  • Click Load Data and the Active Directory forest name should appear in the Exchange UM Dial Plan Forest field.


  • Click Add to create the first contact for Outlook Voice Access, which is still referred to as the Subscriber Access number in this tool.

  • Select the desired AD Organizational Unit to save the new contact object and then enter a unique Name for the contact (e.g. ChicagoSA).


While the remainder of the fields can be left with the default entries it is a common practice to change the SIP Address to a less confusing SIP URI.  In this examples the default value (e.g. has been changed to a simpler string (e.g.

  • Click OK to save the configuration for the Subscriber Access contact.

  • Click Add to create the second contact for the Auto Attendant.

  • Change the Contact Type to Auto-Attendant and then enter a unique Name for the contact (e.g. ChicagoAA).  The same Organizational Unit value as defined for the previous contact should already be populated.


Just as before either retain the default SIP address or edit it to use a customized address as shown in this example (e.g.

  • Click OK to save the configuration for the Auto Attendant contact.

  • Close the Exchange UM Integration Utility and then open Active Directory Users and Computers to browse to the target OU and validate that the new contacts were successfully created.


Verify Integration

Now that the integration on both server platforms is complete the final step is to test UM connectivity between Exchange and Skype for Business.

  • Sign into a Skype for Business client with one of the UM-enabled user accounts (e.g. then search for the SIP URI of the Auto Attendant and place a Skype Call to the contact.


At this point one of two things will occur: the call will work or it will not.  If the integrated voice response is “Thank you for calling Microsoft Exchange auto attendant” then the integration was successful.  If not then the following common issues could be the root cause.

Call Failure

If the call fails without any response from the Exchange UM Server then one of the most common reasons, other than a simple configuration mistake, could be that the Exchange UM IP Gateway configuration script did not complete as mentioned earlier in this article.

  • Check the Lync Server event log on the Skype for Business server to see if the following error message was reported at the same time as the attempted call.

Log Name:      Lync Server
Source:        LS Exchange Unified Messaging Routing
Event ID:      44008
Task Category: (1040)
Level:         Error
Keywords:      Classic

Dial Plan Unknown

Dialplan [] is not recognized by routing application
Cause: Dial plan does not exist, or Skype for Business Server 2015 does not have permission to read the relevant Active Directory objects.

If the dialplan is valid, then run exchucutil.ps1 in appropriate Exchange forest to give permission to Skype for Business Server 2015. If the dialplan is not valid, then clean up proxyAddresses attribute for the affected users.

If this message exists then this is an indication that the ExchUmUtil.ps1 script that was run earlier did not configure the UM IP Gateway correctly.  As pointed out earlier the script may have failed to associate the UM Dial Plan to the gateway, thus causing this error on the Skype for Business server.  Return to that step to re-run the Exchange script and validate that the dial plan is displayed correctly, which should clear this error and then allow for calls to reach the UM attendant services.

Unexpected Response

If the call successfully connects to the attendant but an unexpected response is heard then this could point to a different issue.  If the interactive voice response was “Please call back later. Goodbye.” then this typically occurs when the UM configuration is brand new and the server has not yet had a chance to generate the grammar speech files.  As documented in this blog article the pending generation process can be expedited by restarting the Exchange Mailbox Assistants service.

  • Using PowerShell enter the following cmdlet to quickly stop and restart the Mailbox Assistant service.

Restart-Service MSExchangeMailboxAssistants

  • View the Application Event Log on the Exchange server to verify that the following entry has been logged after the service has been running for a few minutes.

Log Name:      Application
Source:        MSExchange Unified Messaging
Event ID:      1613
Task Category: UMCore
Level:         Information
Keywords:      Classic

Speech grammar generation started for "Enterprise". Run ID: "7a97b157-b74f-4a21-b667-faf56e85f047", Recipient type: "User"

At this point a call to the Auto Attendant should result in the proper welcome message.

This concludes the setup of Exchange Unified Messaging with Skype for Business Server 2015.  If following along with this entire series of Exchange Server integration articles for Skype for Business 2015 then at this point the Partner Application has been established and leveraged to enable High Resolution Photos and now Unified Messaging.

Future articles will address Instant Messaging integration with Outlook Web Access as well as other features like IM archiving and enabling the Unified Contact Store.

October 2015 Lync Users Group

October 19, 2015 by · 6 Comments 

The next round of quarterly Lync Users Group meetings has been scheduled and announced for this month.


Event Details

This meeting will be conducted in our familiar two-session format:

The first session, presented by Integrated Research, will be a deep dive into Monitoring Applications in Skype for Business.

The second session will start with a review of existing and newly launched Skype for Business Qualified Devices to be followed by an Open Discussion Forum (time permitting). 

Industry Experts will be on-site to deliver these presentations and help answer any questions related to Lync.  Food, beverages and additional door prizes will be provided courtesy of the Lync Users Group and its official sponsors.

Western U.S.

Central U.S.

Southern U.S.

Eastern U.S.


For a full schedule of regional events the Lync Users Group Locations page lists all planned event locations with links to the associated page for each regional group.  For current members if your region’s event is not yet scheduled just make sure that your notification options are configured so that you’ll get an alert when the new event is posted.  For anyone who is not yet a member and would like to participate simply create a new Meetup account (or use an existing one) and join your local group.

Chicago Event

As usual I will be hosting the Chicago event downtown.  Food will be ready at 5:30 so come early if you can to spend time socializing with the group before the presentations begin at 6:00.

Date Location Address
Tuesday, October 20th
5:30PM – Food and Networking 
6:00 PM – Presentation Kickoff
Chicago UC Users Group Microsoft Technology Center 
200 East Randolph Drive, Suite 200 
Chicago, IL 60601

High Resolution Photos in Skype for Business

October 6, 2015 by · 5 Comments 

This basic article covers a few ways for users and administrators to import and manage contact photos in Skype for Business Server, once the required Exchange Server integration has been completed.  Without leverage Exchange Server for storing contact photos then the only options available


In order to use the Skype for Business Server 2015 functionality described in this article an Exchange Server must first be deployed in the environment and configured as a Partner Application.  This prerequisite configuration must be performed successfully prior to attempting the steps shown in this article.

Outlook Web Access

There are multiple ways for a user to go about changing their own photo, given that the capability has not been specifically disabled by an administrator.  The original approach which is still available is to use the menu option available in Outlook Web Access.

  • From any server or workstation connect to the Exchange Server Outlook Web Access URL and sign-in with the desried user’s credentials.

  • Click on the user’s name in the upper-right hand corner and from the drop-down menu click the Change link below the photo placeholder.


  • Click the Folder Icon and select the desired photo file.  For the best image quality make sure to use a file that matches the maximum supported resolution of 648×648 pixels.  Smaller resolutions can be used as Exchange Server will scale them accordingly, but make sure that the photo’s aspect ratio is perfectly square (1:1).

  • Click Save to assign this as the current photo to the Skype for Business user.  The new photo should appear in the menu now.


  • Now sign in with the same user account to a Skype for Business client to see if the new photo appears as expected.


Skype for Business Client

An even easier method first made available in the Lync 2013 client is also still available in the Skype for Business client user interface.  It is basically the same process because OWA is used to import the photo but is accessed from a different page.

  • In the Skype for Business client click on the circle headshot  icon where the user’s own photo would appear.  This is a shortcut that simply opens the client Options window and goes directly to the My Picture section.


  • If not already enabled select the Show my picture option and then click on the Edit or Remove Picture button.


This action will open the photo page on the user’s Account Information page in the Exchange Control Panel (ECP) website.  This is a slightly different page then what was used in the previous section but will work just the same.

  • Sign into Outlook Web Access if prompted and then select the desired photo and click Save.


Administrator Approach

Alternatively to import photos for other Skype for Business users an administrator can use the following set of commands on the server, as outlined in this TechNet article.

  • Using the Exchange Server Management Console run the following two commands to import a file of the same size and format requirements as used above into the desired user account.

$photo = ([Byte[]] $(Get-Content -Path "C:\temp\photo2.jpg" -Encoding Byte -ReadCount 0))

Set-UserPhoto -Identity "JDSKYPE\steve" -PictureData $photo -Confirm:$False


Note that the official documentation shows utilizing three separate cmdlets to store, import, and then save the photo.  But when using on Exchange Server 2013 CU3 or newer it appears that the third command to save the change is no longer applicable.  Attempting to execute it as shown in the documentation will result in the error “No photo with class ‘IPM.UserPhoto.Preview’ exists.”  The photo is already applied and saved with the second command so the third appears to have been made redundant.

  • To validate that the image was successfully imported go to the following URL in a web browser and the photo should appear in the window.  Enter the SMTP address of the desired user account in the URL where indicated in red.

Now that Exchange Server has been successfully integrated with Skype for Business Server then additional features beyond this can be deployed.  More articles covering other Exchange Server integration steps can be found here.


While the small contact photos used throughout Skype for Business clearly do not seem to take advantage of the higher resolution image, there is place where the quality (or lack there of) of a photo can be clearly evident.

  • From a different Skype for Business client place a call to the user with the new photo and then maximize the call window.  The called user’s photo will occupy the majority of the window by default.


The edited image above shows the difference in a low resolution and high resolution photo.  On the right side is a 48×48 pixel photo stored in in the user’s Active Directory object which was been upscaled by the Skype for Business client.  The left portion shows the same call in the same window size but with the 648×648 pixel photo as provided by Exchange Server.

Additional articles in this series focusing on Exchange Server 2013 integration capabilities with Skype for Business 2015 can be found here.

Video Based Screen Sharing in Skype for Business

October 2, 2015 by · 9 Comments 

Video Based Screen Sharing (VBSS) is a new Skype for Business client capability that has for the most part flown in under the radar.  There is currently very little information available about this new functionality, and as with anything not well understood it seems to be creating more confusion than warranted.  Most of the questions have been centered around the topic of video interoperability, thanks in part to some generalized statements.

This article will explain what this new functionality is, as well as what it is not.  With a more complete understanding of VBSS and its potential roadmap then the answers to various interoperability questions should be quite clear.

The Office 365 Roadmap currently lists this feature under the In Development section, but it is now available with the release of the Skype for Business 2016 client that is included in Office 2016.



Up until now there have been only a few places that this new feature has been discussed in the public realm, and most of that was before there was even a name for it.  Generically speaking it was communicated as some level of native support for “H.264 content sharing” coming to the Skype for Business platform.  Obviously companies looking to address interoperability scenarios with SfB and their standards-based video conferencing systems would sit up and take notice to these claims.

Unfortunately the problem with that simple statement is it can be interpreted differently depending on whom is reading it.  For those with a foundational understanding in the traditional video conferencing world that statement can sound odd.  The H.264 standard is simply a video codec which could include anything in the actual image.  The transmitted pixels could be arranged to display a smiling face captured by a camera, or instead show the familiar view of a user’s PowerPoint application captured by a video output device of some sort.  While a standard H.323 or SIP call can support sending a second stream of video displaying this content the actual standard that makes this possible are not H264 itself.

A call established using the H.323 call control platform will actually use the H.239 standard for establishing content sharing, where as a call that instead leverages a standard video SIP platform will use Binary Floor Control Protocol (BFCP) for establishing content.  In the Microsoft world content sharing has leveraged Remote Desktop Protocol (RDP) since this ability was first provided in Office Communications Server 2005.

The most significant difference between these two workflows are the lines of communications that are established, and how they are established, even though the resulting experiences are very similar.  For example:

  • On one side a Skype for Business call will use Microsoft’s SIP platform to setup and negotiate a call or conference, leverage X-H264UC as the codec for the video streams, maybe opt for SILK as the audio codec, and then utilize RDP to share the desktop from one participant.  Each of each lines of communications are separately established connections between the same endpoints, with their own streams and bandwidth utilization.

  • In comparison the same scenario in the video conferencing world might utilize H.323 to establish the call signaling, H.264 AVC as the video codec, G.722 as the audio codec, and then leverage H.239 to send the desktop screen of a computer in a conference room connected to a VGA cable.

The delivery mechanisms for sharing content in these two worlds are very different though.  While the traditional video conferencing systems use H.239 or BFCP to control the transport of the content, the actual content itself is encoded using a video codec and is sent within the same allowed bandwidth defined for the specific call.  The content essentially steals bandwidth away from the main video when needed.  Normally the content is encoded as an H.264 AVC video stream, but could in some cases fall back to a legacy H.263 stream.

Yet on the Lync/SfB side an additional session is created for content outside of any established video or audio sessions (if they even exist) and will transmit RDP as media over TCP, consuming additional bandwidth on top of whatever the audio and video sessions are already using.  A content sharing session can be established all by itself in the Lync/SfB world, but with traditional video conferencing a video call must first be placed and then content can be added to that existing call.

These inherent differences in content encoding and transport are why traditional video content sharing has always been able to provide smoother motion, include audio in the stream, and use less overall bandwidth.  Comparatively content sharing in Lync/SfB has been of much sharper quality and resolution but severely limited in frame rate and typically more costly on the network. 

In an initial step to improve the content streaming quality of RDP the July 2013 cumulative update for Lync Server 2013 introduced a new parameter (EnableHighPerformanceP2PAppSharing) for peer to peer application sharing.  This optional  setting still utilized RDP for the data stream but boosted the frame rate a bit (as well as the bandwidth usage). A side-by-side comparison of the default and high performance RDP options can be seen in this blog article by Skype for Business MVP Michael LaMontagne.  While the frame rate was slightly improved it was still very short of the frame rate needed to display video or other moving animations sufficiently.

Seeing that RDP has been stretched to its limits in terms of providing quality streaming another approach was taken with the Skype for Business client.  The addition of Video Based Screen Sharing helps address some of these limitations while at the same time not negatively impacting the overall image quality that RDP has provided to date.


The primary change here is that Skype For Business clients can now utilize something other than RDP to share content between clients.  Understand that currently this capability is only provided in the Office 2016 version of the Skype for Business 2016 client, starting with the public release of the 16.x client version (e.g. 16.0.4266.1003).  The rebranded Lync 2013/Skype for Business 2015 15.x client installations do not include this capability and will continue to share content using RDP.

VBSS is also only available in peer-to-peer SfB sharing sessions and is only utilized on the Present Desktop sharing option.  Selecting any of the other sharing options like Present Program or Present PowerPoint Files will still behave the same as in previous clients.  The PowerPoint File sharing option leverages the Office Web Apps Server which does not actually stream the content and thus VBSS is not applicable here.  The Present Program option does not currently take advantage of VBSS so RDP at a low frame rate is still used.

The Application Sharing service on the SfB Front End Server does not support this feature so content shared into Skype for Business meetings will also continue to use RDP regardless of the individual client versions.

Additionally in the single use-case where VBSS can be used the content sharing is provided as view-only.  If remote control is requested by or given to the receiver then the content stream will seamlessly fall back to using RDP.  This switch is invisible to the user except that the frame rate of the content will immediately drop as VBSS is replaced with RDP for delivery of the content.  Releasing control will not upscale the content back to using VBSS, it will remain as RDP for the duration of the sharing session.  Stopping and restarting the sharing session will allow VBSS to be used again.


Just as the addition of X-H264UC as the primary video codec in Lync 2013 did not magically remove all video interoperability hurdles with Lync, using this same codec for content streaming is no different.  As stated previously this is not standards-based H.264 content sharing, just like video in Lync/SfB is not the same as H.264 AVC payloads.

In the field most video interoperability solutions available today are focused on conferences, not individual peer to peer calls.  Simply stated, VBSS is no different than the addition of SILK to some of the Lync and SfB clients.  These clients can choose to utilize the newer codec when negotiating peer calls between each other, but when involved in larger multiparty conferences are still limited to the codecs supported by the server.

That is not to say is there are no inherent benefits here.  Clearly any improvements built on top of this workflow could be leveraged by additional development by third parties. For example video conferencing systems which already include native support for RDP content sharing could in theory be updated to support VBSS to further improve quality.


The following video clips were recorded with a camera showing the actual display of a Windows workstation receiving the same shared content in two separate tests.

  • In the first video the typical RDP experience is shown which is clearly evident by the very low frame rate.
  • The second video shows the same YouTube video being streamed from the same SfB user but this time VBSS is used and the frame rate improvement is obvious.


These embedded videos may be muted by default but if the playback audio is heard understand that the camera used to capture these clips has picked up the sound from the source (sharing) PC’s speakers located in the same room.  The content sharing in SfB is still limited to video only and does not deliver any audio from the sharing client to the receiving client.  To perform the same side-by-side tests simply switch between using Present Desktop (which uses VBSS) and Present Program (which uses RDP).

Using some basic math and monitoring tools the following behavior was observed when sharing a full motion video at full screen for an elapsed time of 4 minutes.

  • The RDP session averaged 2.83 Mbps with 85MB of data transmitted
  • The VBSS session averaged 3.5 Mbps with 105MB of data transmitted

Based on these numbers VBSS consumed roughly 25% more bandwidth than when RDP was used, yet increased the frame rate by much more than that percentage.  The RDP session displayed about 3 frames per second at best while VBSS could provide 7.5, 15, or 30fps streams based on X-H264UC specifications.  Note that only a single Temporal Layer is transmitted as this is a P2P session and multiple frame rates would not be applicable.

Under the Hood

When selecting the Present Desktop option in the Skype for Business 2016 client a SIP invitation message will be sent to the other party including the following Session Description Protocol (SDP) messaging.

  • The initial SDP data will look no different than what was seen in the past.  This is because the first portion of the SDP messaging always includes the legacy ICE v6 declaration for communicating with Office Communicator 2007 and older clients, as denoted by the ms-proxy-2007fallback string,  Clearly these old clients cannot support VBSS so there is no need to advertise any new capabilities here.  Only a single media session (m=application) is declared here and the media type advertised is RDP (a=rtpmap:127).

Content-Type: application/sdp
Content-Transfer-Encoding: 7bit
Content-ID: <>
Content-Disposition: session; handling=optional; ms-proxy-2007fallback

o=- 0 0 IN IP4
c=IN IP4
t=0 0
m=applicationsharing 58323 TCP/RTP/AVP 127

<candidate and crypto data snipped>

a=rtpmap:127 x-data/90000

  • The next grouping of SDP data is what will be used if the receiving client is running at least Office Communicator 2007 R2 or newer.  Note that the Content-Disposition parameter no longer includes the fallback string; this section leverages ICE v19.  The differences highlighted below outline how this new capability is advertised.

Content-Type: application/sdp
Content-Transfer-Encoding: 7bit
Content-ID: <>
Content-Disposition: session; handling=optional

o=- 0 1 IN IP4
c=IN IP4
t=0 0
a=x-mediabw:applicationsharing-video send=10000;recv=10000
m=applicationsharing 58323 TCP/RTP/AVP 127

<candidate and crypto data snipped>

a=rtpmap:127 x-data/90000

m=video 58167 RTP/AVP 122 123
c=IN IP4
a=rtcp-fb:* x-message app send:src,x-pli recv:src,x-pli

<candidate and crypto data snipped>

a=rtpmap:122 X-H264UC/90000
a=fmtp:122 packetization-mode=1;mst-mode=NI-TC
a=rtpmap:123 x-ulpfecuc/90000

First, a new session level attribute a=x-mediabw is included under the m=application section.  This is what the SfB 2016 clients can use to identify and use VBSS for the sharing session between them.  If both parties do not support this new capability then it will not be used and RDP will be leveraged instead just as it has been.

Secondly, an additional media session is advertised to negotiate a video stream under the familiar m=video string, including two new attributes: a=label:applicationsharing-video and a=x-mediasettings.  Note that the media payload type here is the same X-H264UC (a=rtpmap:122) that has been used for video since the release of Lync 2013.  For added measure the out-of-band Forward Error Correction (a=rtpmap:123) codec used with SVC video is also included.

While not visible above because the candidate details were clipped for easier reading the RDP session only advertises TCP candidates while the VBSS session will advertise a full set of UDP (preferred) and TCP (fallback) candidates.  The fact that content sharing with VBSS can now utilize the stateless UDP communication protocol is already an advantage in improving streaming.  Also not represented is the communication between clients within the RTCP channel for Video Source Requests (VSR) in which the two clients negotiate resolution, frame rate, and other parameters of the video channel in-session.

As both the RDP and VBSS capabilities are advertised in the messages above then the clients will negotiate both sessions even though the content will actually flow through the VBSS session.  In the event that RDP needs to be used (e.g. for remote control) then the clients can quickly switch to using RDP as a legacy fallback option.

Because all of this new functionality is embedded directly into the clients then the underlying infrastructure does not seem to be relevant to its functionality.  As long as both parties have the Skype for Business 2016 client then it will be leveraged even if one or both of them are homed on a Lync Server, or even on different servers via federation.  In fact the example SIP data shown above was captured from a peer call between a 2016 client registered to Skype for Business Online and a federated contact registered to a separate Lync 2013 on-premises environment.

Polycom UCS 5.4 for VVX Phones

September 28, 2015 by · 34 Comments 

The latest release of the Polycom VVX 5.4 UCS firmware branch is now available for Lync and Skype for Business environments.  While the initial 5.4.0 release ( was published a few months ago that was only intended for Open SIP applications.  The recent 5.4.0A release ( is fully supported for Lync and Skype for Business (SfB) 2015 Server environments.

Additionally this release introduces the capability to register directly to Skype for Business Online and Exchange Online as provided by Microsoft’s Office 365 cloud environment.  This sets the stage for the planned launch of the voice features later this year.  As official support for voice and IP phones with Skype for Business Online is coming later this year then the registration outlined in this article is at this moment unsupported, but is functional.  For any hybrid environments with an on-premises Lync or Skype for Business deployment paired with Exchange Online this version also resolves connectivity issues previously seen in 5.3 with Exchange Online.

Upgrade Firmware

As covered in various other articles this process is unchanged.  The same steps listed at the beginning of this recent article can be used to upgrade the phone firmware if not already familiar with it.

The new firmware is now available directly from the public Polycom Hosted upgrade server, and it identified as “SFB-Lync Only” so that customer using VVX phones on Open SIP platforms do not use this specific release.


As usual the entire release package can also be downloaded from this page and then loaded on to a custom provisioning or distribution server.

  • Before advancing verify that the phone is upgraded to the proper firmware version by pressing the Home button and then then selecting Settings > 4 > 1 > 2 > 1 to quickly navigate to the Status > Platform > Phone > Main menu.


Office 365 Registration

Registering the phone to an existing on-premises or third-party hosted environment is performed the same as in previous releases.  Given that registration to Office 365 is a new feature for leveraging Skype for Business Online and Exchange Online then this article will walk through these steps below.

Note that some of the steps shown here are new, which are a result of improving the first-time sign in process for users.  These improvements are seen when registering to any Lync or Skype for Business environment, on-premises or hosted.

Select Base Profile

The VVX phone in use may already have this step configured by default, depending on the specific SKU that was used to purchase the phone.  Regardless of the part number and what was pre-staged at the factory any VVX phone can be moved between the Generic and Lync Base Profiles.

  • Depress and hold the 1, 4, and 9 keys on the phone’s keypad and keep them held for for at least 3 seconds.

  • When prompted enter the Administrator password (factory default is 456).
  • Select Lync if it is not already the default configuration.  If the phone was previously set to Generic then it will automatically reboot when Lync is selected.



Any of the methods detailed in the recent article Lync Registration on VVX Phones can be used.  The only difference for O365 registration would be the format the user credentials are entered in.  As SfB Online does not utilize legacy Windows NetBIOS formats then only the User Principal Name format can be used.

A touch-enabled VVX 600 model is used for the examples shown in this article, but the steps are identical between all VVX models.  For non touch-screen models entering the user credentials using the keypad could be a slow process and thus utilizing BToE or the Web Management UI are faster, easier methods of registering the phone.

The example below will show the process as performed directly on the phone itself.

  • Select the Sign In soft key displayed on the home screen of the phone.

Another improvement in the sign-in process with this release is that in the event the phone does not discover any Lync/SfB certificate provisioning services URL from either the network (DHCP Option 43) or a dedicated provisioning server (STSURI) then PIN Authentication support will be automatically disabled on the phone.  For Office 365 tenants or users of other hosted Lync/SfB environments where that authentication option is not currently supported this will simplify the sign-in process by defaulting directly to the User Credentials option.

  • Using the on-screen keyboard enter the desired Office 365 user credentials as shown in the following screenshot.  Only the Sign-In Address, User, and Password fields should be populated.  The Domain field should be left blank.


  • Select Sign-In and wait for the phone to complete registration.


  • Once sign-in is reported as successful press the Next key to move on and pick a time zone, or press Done to skip right to the home screen.


If Next was selected in the previous step then the Time Zone menu will have appeared.

  • Select the desired time zone and then either select Next or Done


If Next was selected then additional menus will provide the ability to change the default Time Format from 12-hour to 24-hour, and then configure the desired Date and Time Format.

If Done was previously selected then the wizard will complete and the phone will display the home screen and along with it any currently pinned Favorites in Lync or SfB, just as it always has.


  • To validate a successful connection to Exchange Online press the Home key and then select the Calendar icon.  Any scheduled meetings should be displayed as shown.


When using either of the other documented registration processes the same requirements apply in terms of how to populate the user credentials.

  • If using the Lync SignIn feature available the phone’s web management UI then the credentials are entered in the same as as shown in the steps above, omitting the Domain field.


  • If using Better Together over Ethernet (BToE) pairing the Lync/SfB client prompt for sign-in credentials should be populated as shown below.  (There is no separate Domain field to skip in this format.)



While this new wizard which mimics the behavior of Lync Phone Edition can be beneficial to unmanaged phones meant for hosted Skype for Business tenants current customers may already be handling time zone settings via DHCP or a provisioning server configuration.  In these scenarios it would be ideal to disable this setup wizard to streamline the user sign-in process even further.

  • To disable the user setup wizard simply configure the following three attributes on the phones using a supported provisioning server model.




Exchange and Skype for Business Integration

September 14, 2015 by · 15 Comments 

This edition in a series of deployment articles for Skype for Business Server 2015  addresses the integration of an existing Exchange Server 2013 installation with a recently installed Skype for Business Standard Edition server.  The article outlines establishing the prerequisite partnership between each platform, allowing the Skype for Business server to leverage the Exchange Server database engine for storage of some types of data

Further configuration of additional features provided by this integration will be covered in later articles, as in Unified Contact Store, Exchange Unified Messaging, and Outlook Web App with Skype for Business Server 2015.  For each of these additional integrations the following Partner Application relationship must first be enabled in the environment.  An updated listing of only the articles specific to Exchange Server integration with Skype for Business Server 2015 can be found using this link

The sections in this article are outlined in the following configuration steps:


Configure Autodiscover

In the event that Exchange Autodiscover is not correctly configured this could prevent the Skype for Business server and clients from being able to locate the Exchange server and thus cripple the ability to complete this integration.  The steps in this first section are optional and may not be required in all environments, so long as Autodiscover is correctly deployed.

In event that the existing autodiscover URL will be used then skip to the next section to configure OAuth.

Validate Configuration

  • Using the Exchange Server Management Console run the following Get-ClientAccessServer cmdlet to view the current Autodiscover configuration.  The Identity parameter cab be either the Exchange server’s hostname or the Fully Qualified Domain Name (FQDN).

Get-ClientAccessServer -Identity EXCH | Select-Object AutoD*


In this example environment the default configuration is still applied whereas the server name is utilized in the internal autodiscover URL.  This will be updated to use the well-known autodiscover record format which is generally an Exchange Server deployment best practice.

Most likely when the Exchange Server was originally deployed the Autodiscover option was selected which would have included the proper FQDN in the certificate request.  To validate this the following commands can be used to identify and parse the server certificate currently assigned to Exchange Server roles.

  • Using the Exchange Server Management Console run the following Get-ExchangeCertificate.

Get-ExchangeCertificate | Select-Object Subject,Services,CertificateDomains | fl


As seen in the example above the desired certificate should be the entry with a FQDN in the Subject which is also assigned to at least the IIS service.  This example snows that the Subject Alternative Name (SAN) field of the certificate in use by IIS already includes the desired FQDN of

Create DNS Records

If the following two DNS records do not already exist in the environment then they need to be created before modifying the Exchange configuration.  These are the two well-known DNS records that mostly autodiscover-aware clients will query when attempting to locate an Exchange Server.

  • Create a new Alias (CNAME) record in the proper SMTP/SIP namespace forward lookup zone, pointing to the Exchange Server FQDN.


  • Create a new Service Location (SRV) record using the following parameters, pointing this record to the CNAME record created in the previous step.


To validate the records were created successfully and are functional run the following two test commands from a command shell.

nslookup -q=srv  SRV service location:
          priority       = 0
          weight         = 0
          port           = 443
          svr hostname   =



Update Autodiscover URL

  • Using the Exchange Server Management Console run the following set-ClientAccessServer cmdlet to update the configuration to use the new FQDN.  The Identity parameter should be the Exchange server FQDN, while the new Autodiscover FQDN replaces the server FQDN in the internal URL.

Set-ClientAccessServer -Identity EXCH -AutoDiscoverServiceInternalUri ""

  • When the process completes perform a reset of Internet Information Server to immediately apply the change using the following iisreset shell command.  (If performing this in a production environment with active connections then it is recommended to use the /noforce switch.)


Attempting stop…
Internet services successfully stopped
Attempting start…
Internet services successfully restarted

Configure OAuth

The Partner Application pairing provides the ability for the Skype for Business and Exchange servers to communicate with each other via an authenticated secure connection that does not require any third party system to negotiate or establish the session.

OAuth is the server-to-server authentication mechanism used between the Skype for Business and Exchange servers to establish secure communications.  During the initial SfB server deployment in this article an SSL certificate was created specifically for OAuth.

Before defining Exchange Server as a partner application Skype for Business needs to know about the Exchange Autodiscover configuration.

  • Using the Exchange Server Management Console run the following Get-ClientAccessServer cmdlet to query the existing internal autodiscover URL.  This is either the existing or newly defined value, depending on whether the previous section was skipped or not.

Get-ClientAccessServer -Identity EXCH | Select-Object AutoDiscoverServiceI*


Pay special attention to the fact that the retrieved autodiscover URL points to an .xml file; this will be important in a few steps.

  • On the SfB server open the Skype for Business Server Management Shell and enter the following Get-CsOAuthConfiguration cmdlet.



The ExchangeAutodiscoverUrl parameter should be blank as it has not yet been defined.

  • Enter the following Set-CsOAuthConfiguration cmdlet to define the Exchange autodiscover location as shown below.

Set-CsOAuthConfiguration -Identity global -ExchangeAutodiscoverUrl

In contrast to what was pointed out earlier the path provided above must end with .svc and not .xml.  This is a minor detail not specifically called out in the TechNet documentation but can easily be missed, especially if cutting and pasting these strings between steps.

  • Run the Get-CsOAuthConfiguration cmdlet again to verify the new parameter value is applied as intended.



Configure Exchange Server

Enabling the partner application relationship requires that some configuration is performed on both side.  Starting with the Exchange Server configuration pre-packaged script will be called while passing a few parameters.  Before executing the script

  • Identify the proper path for the Skype for Business server authentication metadata document.  This URL should be identical to the following format, utilizing the SfB Front End server FQDN.

  • Connect to this URL in a web browser from the Exchange Server to validate connectivity which should result in a prompt to open or save a file simply named ‘1’.


  • Open the file using Notepad to view the contents, which should start with a x509 certificate string and end with the OAuth realm.



  • Open the Exchange Server Management Console on the Exchange Server and change to the Scripts directory by  using the following command.

cd c:\’Program Files’\Microsoft\’Exchange Server’\V15\Scripts

  • Then execute the Configure-EnterprisePartnerApplication.ps1 script using the following command.

.\Configure-EnterprisePartnerApplication.ps1 -AuthMetaDataUrl′ -ApplicationType Lync"


  • To complete the changes restart Internet Information Services using the iisreset command.



Configure Skype for Business Server

To complete the pairing a new partner application will also need to be defined on the Skype for Business side.

    • Identify the proper path for the Exchange server authentication metadata document.  This URL should be identical to the following format, utilizing the SfB Front End server FQDN.

    • Connect to this URL in a web browser from the Skype for Business Server to validate connectivity, which should look similar to the results the previous section.


  • Using the Skype for Server Business Management Shell enter the following New-CsPartnerApplication cmdlet to define the other half of the association.

New-CsPartnerApplication -Identity Exchange -ApplicationTrustLevel Full -MetadataUrl ""


Verify Connectivity

To validate that the partner application relationship has been successfully established a simple cmdlet can be run from the SfB Server.

  • Enter the following Test-CsExStorageConnectivity cmdlet, providing the SIP address of a user account which has already been enabled for Skype for Business.  (The -Verbose parameter is optional and is used here to display additional information about the test process.)

Test-CsExStorageConnectivity -SipUri "" -Verbose



If the test cmdlet fails to return a successful result of “Test Passed”  then here are a couple of the most common issues.

  • In the event that the Skype for Business OAuth configuration was previously defined with an incorrect ExchangeAutodiscoverUrl parameter, as could happen by accidentally using .xml instead .svc for example, then the following error may occur.  In fact if this parameter is null or invalid in any way then this error can occur.

Test-CsExStorageConnectivity : ExCreateItem exchange operation failed, code=50043,

To resolve the above error define the proper ExchangeAutodiscoverUrl in Skype for Business server using the Set-CsOAuthConfiguration cmdlet as outlined earlier in this article.

  • If the AD user account which is used to execute the test cmdlet does not have the correct permissions then the process will fail with the following error being reported.

Test-CsExStorageConnectivity : ExCreateItem exchange operation failed, code=5,

To resolve this issue follow the directions outlined in this TechNet article to add the account to the RTCUniversalUserAdmins universal security group.

Now that Exchange Server has been successfully integrated with Skype for Business Server then additional features can now be deployed.  An updated list of articles covering other Exchange Server integration options can be found here.

SQL Management Studio with Skype for Business

September 8, 2015 by · 1 Comment 

One of the major differences in deploying a Standard Edition server in Skype for Business as opposed to an Enterprise Edition server is that the Standard Edition Front End server utilizes SQL Express instead of a full SQL Server installation.  This means that by default there is no simple way to view or manage the SQL Express databases out of the box.  Luckily it is relatively simple to install the missing SQL management tools directly on the Standard Edition Front End server.

This article shows how to install SQL management tools on a Standard Edition Skype for Business Server. Take note that this is unsupported and not typically performed in Skype for Business deployments.  Usage of this tool throughout this and any future article is strictly for educational purposes.

In an Enterprise Edition server deployment a separate backend SQL Server is utilized which already includes these management tools.  Also understand that in many environments the SQL servers are already deployed and managed by separate resources and so the Skype for Business administrators may not even have that level of database access to the SQL servers.

In a Standard Edition model though the SQL databases are all stored locally on the Front End server and thus a time may come when the databases stored on the local SQL Express instances may need to be viewed, queried or even modified directly (recommended only by experts or under the guidance of Microsoft support in specific cases).  But for test environments or when attempting to simply learn more about the Skye for Business platform based on a Standard Edition server deployment there is no way by default to get access to the SQL databases.


The trickiest part is finding the correct software package to download as there are multiple different versions of SQL Server and SQL Server Express for both the servers and management tools.

  • On the Front End server the Programs and Features control panel can be used to confirm the currently installed version of SQL Server (Express), which should be 2014.


  • Go to the Microsoft SQL Server 2014 Express download page t and then select the Download button.

  • Select MgmtStudio 64BIT\SQLManagementStudio_x64_ENU.exe from the list of available packages to choose from.

  • Once the package has completed downloading expand the contents and then run Setup.exe to start the installation wizard.

  • From the main Installation menu select the option for New SQL Server stand-alone or add features to an existing installation.

  • On the Installation Type page select Add features to an existing instance of SQL Server 2014.  The default selection of an existing instance is sufficient as the management studio only needs to be installed for once instance to be made available to connect to any on the server.  The RTC instance was left as the choice in this example.


  • On the Feature Selection page click Management Tools – Complete.


  • Complete the installation wizard and close it when the requested features are finished installing.



The first time this new application is launched it can be configured to connect to multiple database instances.

  • Search Windows for “SQL Server Management Studio” to find the newly installed application.


  • Launch the application and the local SQL Server instances should be displayed in the Server Name drop-down menu. Select Connect to open up the LYNCLOCAL database instance


Once open the Object Explorer tree will show the instance and databases as a child item.  The Connect button can be used to add the other SQL instances to the explorer view, as shown below.  This is the complete list of default databases which are installed on a Standard Edition Skype for Business 2015 Front End server (the other objects have been edited out for easier reading).


As seen above there are three different SQL instances which were created during the initial server deployment.  The first and most important is the RTC instance which stores the primary databases in Skype for Business Server.  The xds database is the most critical as it stores the Topology data defines the entire environment.  Other key database are stored here like the Address Book database (rtcab), conferencing information (rtcshared), or services like location information (lis).  In an Enterprise Edition pool deployment this instance and its databases would be stored only on the backend SQL database servers, not locally on the Front End server.

The RTCLOCAL instance stores local copies of the critical xds, rtc, and rtcdyn databases.  In an Enterprise Edition pool deployment these are the only databases which would be stored locally on the Front End server.  Yet as the Standard Edition pool model does not use separate SQL servers then all databases and instances are hosted locally.

Finally the LYNCLOCAL instance holds only the Lync Storage Service (lyss) database which is a storage engine used for a variety of tasks.

As additional roles and features are deployed their associated databases will be created and synchronized between one or more of these various instances.  During deployment of those features this topic will be revisited to validate where those individual databases are stored.

Office Web Apps and Skype for Business Integration

September 4, 2015 by · 7 Comments 

This article addresses the deployment of a single Office Web Apps 2013 Server and subsequent integration with an existing Skype for Business (SfB) Server 2015 environment.  The environment and example steps outlined here are a continuation of a series of related articles covering the installation and configuration of a Standard Edition topology of Skype for Business Server 2015.

When testing various Skype for Business meeting modalities in the last article a specific feature was briefly mentioned which was not yet available: the ability to use the Present PowerPoint Files option from the Present menu.  This is because the deployed environment does not yet include an Office Web Apps Server which is required to support that functionality.  This server is not a SfB role but is actually part of the Office server family and is leveraged by Skype for Business as well as other Microsoft server products like Exchange and SharePoint.

It is important to be aware that once deployed this feature may still not function on any Skype for Business clients on workstations which are not joined to the same domain as the SfB deployment.  In these scenarios either server certificate revocation checking needs to be disabled on the workstations or the RootCA certificate configuration needs to be modified.  These concepts are addressed in this TechNet article.  (For this environment the later RootCA approach has already been addressed in the prerequisite statements defined in the first deployment article of the series.)

Note that the Office Web Apps (OWA) Server is also sometimes referred to as the “WAC Server” which is a carryover from the product’s pre-release name of Web App Companion Server.  Also be aware that this server role is completely separate from the Exchange Server web application entitled Outlook Web App which provides a browser-embedded client experience for access to Exchange email similar to the Outlook desktop client.

Current State

In the example Skype for Business environment this PowerPoint sharing functionality has not yet been introduced.  The steps in this first section show how to confirm that the feature is not yet available.

View Topology

    • On the Skype for Business Front End server open the Skype for Business Server 2015 Topology Builder and select Download Topology from existing deployment.

    • Expand the default site (e.g. Lab), the Skype for Business Sever 2015 object, then Standard Edition Front End Servers, and finally highlight the pool FQDN (e.g.
    • Scroll the right-hand window down to the Associations section to see that the Office Web Apps Server value should not yet be configured.


Test Missing Feature

  • Sign into a Skype for Business client and start a meeting using the Meet Now menu item.

  • From the Present button select the Present PowerPoint Files menu option.  Select an existing PowerPoint file on the computer or network to share with the meeting.

  • While the client will appear to attempt uploading the selected file the process should actually fail after a few seconds with the following error.


  • On the SfB Front End server open the Event Viewer and browse to Applications and Services Logs > Lync Server.

  • Search for the following log entry recorded with Error ID 41033.

Log Name:      Lync Server
Source:        LS Data MCU
Event ID:      41033
Level:         Error

Office Web Apps Server (WAC) discovery failed, PowerPoint content is disabled.

Attempted Office Web Apps Server discovery Url:
Received error message: Invalid Uri syntax for WAC configuration
The number of retries: 1, since 8/27/2015 4:44:40 PM.
Cause: Office Web Apps Server may be unavailable or network connectivity may have been compromised.

Check HTTPS connectivity from this box to the Office Web Apps Server deployment using the discovery Url.

At this point it is evident that the environment is missing the required server role and configuration in order to support this feature.  The remainder of this article details the installation and integration steps required to add the desired functionality.


The remaining sections in this article are outlined in this diagram to show the general order of steps and visually represent which steps are performed on which platform.  For example orange indicates configuration steps completed on the OWA server where the blue is for steps performed on the SfB server.


As the Office Web Apps Server can not be collocated on any of the existing servers in the environment like a Domain Controller, Exchange Server, or Skype for Business Server then a separate, dedicated server needs to be deployed to host this role.

A new Windows Server 2012 R2 virtual machine was deployed and joined to the existing domain.  Alternatively both Windows Server 2008 R2 and 2012 are also supported server operating systems for this role if desired.  (The following steps are for Server 2012 R2, if a different server version is used then check this TechNet article for a list of different required components.)

Install Prerequisites

  • Run Windows Update on the new server and apply any pending or recommended update packages prior to installing any Office Web Apps Server components.

  • Download the latest Office Web Apps Server installation media.  For MSDN subscribers as of the publishing of this article the most recent version is the Office Web Apps Server 2013 with Service Pack 1 (x64) ISO package.

Windows Server 2012 R2 will require that the .NET Framework version is upgraded to at least 4.5.2.  This can be accomplished  in one of two ways:

  • The simplest method is to launch Windows Update on the server and then review the Optional updates.  If available, select the Microsoft .NET Framework 4.5.2 for Windows…(KB293450) package and then click Install.  Restart the server when the update is complete.


  • Alternatively if this package is not listed in Windows Update then download and install the NDP452-KB2901954-Web.exe hotfix from Microsoft Download Center.  Restart the server when the update is complete.

  • Launch PowerShell as an administrator and enter the following command string to install all required Windows Features and then restart the server when completed.

Add-WindowsFeature Web-Server,Web-Mgmt-Tools,Web-Mgmt-Console,Web-WebServer,Web-Common-Http,Web-Default-Doc,Web-Static-Content,Web-Performance,Web-Stat-Compression,Web-Dyn-Compression,Web-Security,Web-Filtering,Web-Windows-Auth,Web-App-Dev,Web-Net-Ext45,Web-Asp-Net45,Web-ISAPI-Ext,Web-ISAPI-Filter,Web-Includes,InkandHandwritingServices,NET-Framework-Features,NET-Framework-Core,NET-HTTP-Activation,NET-Non-HTTP-Activ,NET-WCF-HTTP-Activation45


Install Server

  • Mount the Office Web Apps Server 2013 installation media and run setup.exe.

  • Either retain the default file location of C:\Program Files\Microsoft Office Web Apps or change the path to the desired application volume, and then select Install Now.

If the installation is successful  then the follow message should appear.


Update Server

As outlined in this TechNet article Office Web Apps Server cannot be upgraded without losing some of its configuration data.  Thus us is recommended to disable any automatic updates on this server and configure them to require manual approval.  If a future Office Web Apps update is automatically installed via Windows Update it will most likely result in a broken server and PowerPoint presentations will no longer function for any SfB clients in the environment.

For this reason it is recommended to apply any newer Office Web Apps Server updates prior to the initial configuration.  When applying future updates to a functional, configured server make sure to follow the guidance in the TechNet article referenced in the previous paragraph which explains how to remove and recreate the server farm each time and update is applied.

The following historical table lists the more recent public updates for Office Web Apps. As these are service packs and cumulative updates then only the most recent update needs to be applied.  (A complete list of updates including minor hotfixes and security patches see this blog article.)

Date Package Version Download Package KB Article
4/18/2014 SP1 15.0.4571.1502 wacserversp2013-kb2880558-fullfile-x64-glb.exe KB2880558
1/20/2015 CU   wacserver2013-kb2920737-fullfile-x64-glb.exe KB2920737
2/2/2015 CU 15.0.4693.1001 wacserver2013-kb2956101-fullfile-x64-glb.exe KB2956101
6/2/2015 CU 15.0.4727.1001 wacserver2013-kb3054863-fullfile-x64-glb.exe KB3054863
7/6/2015 CU 15.0.4737.1001 wacserver2013-kb3054930-fullfile-x64-glb.exe KB3054930


If for some reason the Office Web Apps server was installed with the RTM installation media then the SP1 update must be applied before installing the latest update.  As the SP1 media was used for the server installation then only the most recent July 2015 cumulative update needs to be installed on the server.

  • Download and install the latest Update for Microsoft Office Web Apps Server 2013.  Restart the server when the installation is complete.


Install Language Packs

This step is optional and is only applicable if additional language support has also been configured on the Skype for Business Server.  If so then this package adds support for other languages to shared PowerPoint presentations.



While the previous steps where basically just collecting and installing downloaded software this section will cover the configuration of the Office Web Apps Server.  Once this is completed the next section will address configuration on the Skype for Business side to complete the integration.

Note that this article deals with an internal-only lab environment and thus any External configuration is not covered.  In a potential future article when a Skype for Business Edge Server is introduced and thus a reverse proxy solution is needed then this configuration will be revisited to provide for external access.  As this server handles only HTTPS (TCP 443) requests then it is not a role that is handled by the Edge Server, but must be published through a supported reverse proxy model in the same way that the SfB Front End server web services will be.

Create Certificate

Before creating the new Office Web Apps farm a new server certificate will need to be requested and issued to the server to support HTTPS connections required by the Skype for Business clients and servers.  For environments with an AD-integrated Certificate Authority (CA) this process can easily be performed from the domain-joined OWA server using the steps shown below.  In environments leveraging a third-party CA for certificates then an offline request may need to be issued, which is covered in this older article.

  • On the OWA Server launch Internet Information Services (IIS) Manager (inetmgr.exe) and in the Connections window pane highlight the server object.


  • In the main window under the IIS section open the Server Certificates feature under the IIS section.


  • From the Action pane select Create Domain Certificate which will launch a wizard to request, issue, and import a new server certificate all in one pass.


  • Enter the server’s Fully Qualified Domain Name in the Common Name field (e.g.

  • Populate the remaining fields with any applicable information and then click Next.


  • On the Online Certification Authority window click Select to bring up a list of AD-integrated certificate authorities and then select the desired CA.  In this environment a single Enterprise Root CA is available (e.g. jdskype-RootCA).


  • Enter a Friendly Name for the new certificate (e.g. OWA Server Cert) and click Finish.


This previous step is critical as the next section will utilize the certificate’s Friendly Name name to assign it to a new Office Web Apps farm.  Because Widows Server does not prevent multiple certificates on the same server from having the same friendly name this could cause problems with the OWA server configuration.  Make sure that the Friendly Name entered above is unique from any other server certificates which might already be assigned to the server.  Note that the Friendly Name field on a certificate is not actually part of the signed information and can be changed anytime, so there is no need to request a new certificate if this were to occur.  Simply rename one of the conflicting certificates to resolve this.

Completing the previous step will process the request, immediately issue it to the online CA, and then import the returned, signed certificate into the local server.  The new certificate should be listed under the Server Certificates panel as shown below.


Create New Server Farm

There is no user interface tool for managing the Office Web Apps server and thus all configuration is performed using the PowerShell cmdlets which were automatically added during the earlier server installation.

  • On the OWA server open Windows PowerShell as an administrator and issue the following New-OfficeWebAppsFarm cmdlet.  The InternalUrl parameter should use the server’s FQDN and the CertificateName value must match exactly to the Friendly Name given to the certificate created in the previous section.

New-OfficeWebAppsFarm -InternalUrl "" -CertificateName "OWA Server Cert"


Note that by assigning a certificate during the creation of the server farm that unencrypted HTTP access is not allowed and only encrypted HTTPS access is supported.  This is the correct setup for integration with Skype for Business Server.

  • To validate the configuration and test access to the Office Web Apps Server open Internet Explorer locally on the OWA server and connect to the Internal URL with the suffix of /hosting/discovery as shown below. If successful then some XML code should be displayed in the browser.



  • Repeat the same test from another server or workstation in the environment to validate network access to the same service.

  • Collapse all of the XML tags to easily locate the PowerPoint app name.  While this server includes support for other Office applications this is the section that Skype for Business Server will be leveraging for sharing presentation files.



Now that the Office Web Apps server appears to be functional then the final configuration step is to integrate it with Skype for Business Server 2015.

Update Topology

The configuration in SfB is as simple as telling the server where to find the newly deployed Office Web Apps server; there is no additional configuration required.

  • On the Skype for Business Front End server open Topology Builder and select Download Topology from existing deployment.

  • Expand the default site (e.g. Lab), the Skype for Business Sever 2015 object, then Standard Edition Front End Servers, and finally highlight the pool FQDN.

  • Edit the pool properties and under the General section enable the Associate pool with an Office Web Apps Server parameter.

  • Click New and then enter the Office Web Apps Server FQDN (e.g.  Notice that the Office Web Apps Server discovery URL will automatically be populated with the the same value that was used to test the server previously.


If the OWA server is not deployed in an internally-routable network to the SfB Front End server then click the checkbox in this window.  In this environment the servers are all located in the same LAN so it is left unchecked.

  • Click OK to save the changes and then verify in the main window that the new entry is associated to the pool.


  • From the Action menu select Topology > Publish to complete the changes and publish the new configuration to the Skype for Business environment.


  • When the publishing process completes successfully then click Finish and then close Topology Builder.

Validate Integration

Before testing the integration the SfB server log can be checked to make sure that the OWA server has been discovered and enabled in the environment.

  • On the SfB Front End server open Event Viewer and browse to Applications and Services Logs > Lync Server.

  • Filter the current log for the Event source of LS Data MCU to simplify locating the desired log entries on the server.


Looking at the most recent log entries the following two Information events should be logged shortly after publishing the changes to the SfB topology.

  • First an entry for Event ID 41032 should be recorded indicating that the SfB Front End server has successfully discovered then OWA server.

Log Name:      Lync Server
Source:        LS Data MCU
Event ID:      41032
Level:         Information

Web Conferencing Server Office Web Apps Server (WAC) discovery has succeeded

Office Web Apps Server internal presenter page: _
Office Web Apps Server internal attendee page: _
Office Web Apps Server external presenter page: _
Office Web Apps Server external attendee page: _

  • Immediately following that should be an entry with Event ID 41034 which indicates that PowerPoint content sharing is now enabled.

Log Name:      Lync Server
Source:        LS Data MCU
Event ID:      41034
Level:         Information

Web Conferencing Server has successfully discovered Office Web Apps Server, PowerPoint content is enabled

Test Functionality

With the topology published the final step is to repeat the same test that was performed at the onset of this article.

  • Sign into a Skype for Business client and start a meeting using the Meet Now menu item.

If this client was already signed-in during the deployment then make sure to sign out and back in to receive the latest SfB provisioning settings from the server which reflect the changes.

  • From the Present button select the Present PowerPoint Files menu option.  Select the same PowerPoint file that was tested earlier and failed.

  • This time the shared PowerPoint file should be successfully uploaded and shared with all clients connected to the meeting.


This concludes the deployment of a single Office Web Apps Server into the environment.  More Skype for Business 2015 Server deployment articles like this one can always be found in this updated list, which will include an upcoming article on Exchange Server integration.

Next Page »