Skype Academy: What’s New in Cloud Connector Edition V2 Summary

With the recent release of Cloud Connector v2 there’s some great new features and updates to CCE so wanted to summarise the Skype academy video.  There’s tons of useful information in here so hope you find it useful.

CCE v2.0.0 was released and straight after Microsoft provided some great content and learning on what’s new. Thanks Microsoft for very speedy information to the community. Check out the resources at bottom of post as well.

Useful links on great info on CCE v2

CCE manual download here

Skype Academy video link here


Lets start the video, the session is presented by Carolyn Blanding from Microsoft



Usual training disclaimer on Office 365 being subject to change and this ther July 2017 edition.


Also a member of extended hybrid voice team and working with developers on CCE since the first release.

Key Learning’s


CCE v2 bring media bypass ! wohooo

(Great link on Media bypass planning for CCE here

support for 16 CCEs in one pstn site up from 4 ! it now has 4x capacity !

Additional improvement

Session Scope


This session assumes you already know about CCE and have an understanding on deployment and management if not there’s a link on further learning here http://aka/ms/sa-cce

What’s new in CCE V2 ?



Wow what a list !!!

  • Media bypass
  • support for 16 CCEs per one pstn site
  • ability to manipulate sip headers for billing and interop
  • Hybrid voice flag in mediation server agent for CQD
  • Disable SSL 3.0 by default
  • automatic installation of .NET 4.5.2 which is dependency on current SfB
  • New Cmdlets

More details on each further on. Lets breakdown.

Media Bypass


This was top ask from customer

by removing mediation server in path for media we can improve voice quality and reliability by reducing latency, packet loss and points of failure

also reduce number of CCE to support greater number of voice streams

Media bypass requirements


CCE V2 deployed at all sites

tenant admin is required to enable media bypass feature in office 365 tenant this is not enabled by default

media bypass enablement needs to be replicated from office 365 to all CCEs

DNS must be configured to allow client resolution for the media bypass service url

Currently only supported version for CCE media bypass is office 365 pro plus click to run 32 and 64bit version 16.0.7870.2020 or later.

Microsoft Office MSI is not supported ! this again show new features are coming cloud first and the push to move your office installs to office 365 pro plus.

More info on Media bypass with CCE

Plan –

Deploy –

16 Cloud Connectors appliance per site



previously there was support for 4 CCES per PSTN site in a N+1 config where one CCE was was reversed for HA. Each CCE could support 500 simultaneous calls so totalling 1500 simultaneous calls per pstn site.

Now with 16 CCEs per pstn site in N+1 it provides 7,500 simultaneous calls and that’s without media bypass !!

This means can support more sim calls in single pstn site, for example before V2 if a company needs to support 5000 calls in one DC where CCE is deployed previously they would need to setup 4 pstn sites and split users across pstn sites even though all CCEs were physically located on the data centre, by supporting 7500 its reduced the requirement for more pstn sites and users dont have to be split up. Makes its easier to manage.

Modify SIP headers in CCE V2


Prior to v2 the only way to modify sip[ headers was administrators connecting to mediation servers and modifying sip trunk setting but during upgrades the settings while lost. CCE updates then had to set to manual, CCE then updated and then setting configured back again.

This is now persistent and the following settings if changed are kept during CCE upgrades.

Enablefastfailover timer – default is true, when true the 183 progress must return in 10 seconds. Certain network conditions has caused this to not response in 10 second so this can be set to false.

Forward call history – default is fales, history info useful in sim ring and call forward and refereed by useful for call transfer, this is useful for billing purposes and caller id purposes when sbc to replace caller id.

Forward PAI – default false, when true the P asserted identity headers with sip and tel uri from cce mediation to sip trunks. used when call history not available. please see url below for more info.

Hybrid Voice flag in mediation server agent


Set to unique flag so CCE calls can be easily identified from calls placed by other trunks. The user agent was previously reported as “Mediation Server” which is indistinguishable from other SfB Trunks.

Now it shows unique CCE-MediationServer example above show version number as well.


Examples in online reporting.

This is Call analytics preview in sfb admin centre, in this example a user search is done and a call is selected.

Alex is an online user and Alex uses CCE for PSTN calls, under systems you can see the mediation server that part of CCE, and under user agent we see CCE mediation server agent.

Lets look at session details

searched for Alex again and we can see CCE mediation server agent.


if you look before CCE v2 you will see the old Mediation Server


Disable SSL 3.0 by default


CCE does not use SSL and does not require SSL enabled. Please url for security advisory and recommendation on disabling when not needed.

.Net Framework 4.5.2


.NET Framework 4.5.2 will auto install and is a dependency for CCE v2

CCE host must always have internet connectivity and it required this to download 4.5.2 to host machine so its available.

Admins of large deployments can prepare the vhds with .Net 4.5.2 to speed up deployment times. to do this admins can use convert-ccisotovhdx cmdlet and use pause before update switch this allows admin to connect to base vm and install windows updates and .NET 4.5.2 on the base vhd.

New Cmdlets – Online


The new cmdlet are added to SfB Online one for media bypass and two on network. Please refer.

New Cmdlet – CCE Host


On the CCE Host there is also a new Cmdlet

Used to update configuration, if you update CCE config file. cloudconnector.ini after changes you must use import-ccconfiguration. It does auto run but still best practice after any manual change to use the cmdlet.

Example if you you change config file to use WSUS server.



  • Skype for Business administrator role instead of global administrator
  • Reduce number of passwords needed when deploying CCE
  • user corporate network switch instead of management switch for most tasks
  • improvement to auto detection
  • change cmdlets

Let breakdown each one

Skype for Business Administrator Role


CCE requires an O365 tenant admin account to manage CCE services online, prior to V2 this required an account that was a global administrator.

With V2 its supported to use a tenant admin account with Skype for Business administrator role is sufficient for managing CCE services online.

If password expiry is set you need to use set-cccredential to update credentials.


To reduce password for CCE in V2 and reduce complexity.

In V2 the following password will be requested

  • CCEService – used for CCE service account and domain admin, VMAdmin
  • CABackupFile – used to import Root CA when deploying appliances
  • ExternalCert – used to import Edge certificate when deploying appliances
  • TenantAdmin – used to deploy and maange CCE Online

Note CCEService and CABackupfile must be the same for all CCE per site.

Corporate Management Switch


previously we used the cce management switch for all connectivity between host and vms for PowerShell. feedback to customer was that this was great as it caused network disrupts.

CCE v2 now reduces the amount or connections and disconnections, now only used for new deployment or upgrade.

The SfB CCE Corpnet switch will not be used which reduces the number of connections and disconnections. search of clslogging will now be alot faster as network connections are already established.

Since corpnet switch is used now the network adapter bound the cce corpnet network switch must have an ip address assigned in the same subnet as the CCE corporate network. This can be an alternative ip address. before the management switch was matched on the same subnet.


Improvements to Auto Detection


  • There has been some updates to auto detection for CCE recovery to avoid call failures.
  • In HA we want to mark any appliance that is down to avoid issues and call failures
  • Maintenance you have to out CCE in maintenance mode so its doesn’t.
  • All server roles are monitored

Cmdlet Updates – Online


cannot be set from false to true.

with CCE a online dial plan is a hard requirement

Updates to Get-CsHybridPSTNAppliance

Cmdlet Updates – CCE Host


PowerShell verb update from renew-cc to update-cc

You can change domain admin or vmadmin using set-cccredentials as above.

Upgrading to V2



For customer with CCE already deployed to new build

Supported path from version 1.4.2 to version 2 if auto update available then it will autoupdate at scheduled update window.

Manual update process is available if autoupdate disabled.

InPlace upgrades are NOT Supported with version BELOW 1.4.2

In this case you need to unregister appliance, uninstall appliance and deploy new CCE.

To confirm CCE several ways, hyper v console, remote PowerShell and SfB admin centre. more details above.

Update Cloud Configuration File


when upgrading to V2 you need to update cloud connector configuration file with the new sip header setting to cloudconnector.msi.


Open file


Copy three lines from sample file


paste into your file, save and import.



If advanced notice is possible or more likely to have auto upgrade off due to trunk config you can modify trunk config file prior to v2 upgrade.


1.4.2 did not prompt for CABackup pasword the domain admin password was used and its used to encrypt root CApassword. It must be the same for all appliances,

If different domain admin password may be in place if password changed after deployment. You can use the get-cccredential. if you have this the steps are listed above.


from 1.4.2 we don’t prompt for CCEService password the VMAdmin password aka local admin password will be used for cce service password. This password needs to to be same so best to confirm password are the same across all appliances.



Key Learning’s







Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.