Skype Academy presents : Media Bypass in Cloud Connector Edition V2 (CCE) Summary

Next up on my summary list following CCE V2 is Media bypass session by Carolyn Blanding link here to the full video here

If you want to plan and deploy CCE check out the links in this post as well.

For Media Bypass with CCE you need CCE v2 and Supported clients!

With the first release of media bypass, the only supported client is the Skype for Business 2016 Windows Client that is part of Office 365 ProPlus, version 16.0.7870.2020 or greater.

Lets go!



Training disclaimer, this session recorded July 2017 and features described are current as of this date. Office 365 is on going innovation.


About Carolyn, she’s been with Microsoft for 5 years, senior supportability program manager. Member of extended hybrid voice team and working with developers on CCE.

Key Learning’s





Also check this

Without Media Bypass



In order to plan your network for media bypass we need to understand both signalling and media flows

  • Media and Signalling without media bypass
  • All signalling and mediation go via Mediation server

SfB client connected on internal network and making outbound call the signalling flows out the client and out the external network to office 365 and back from Office 365 to corporate Edge server to mediation server to the SBC. Media traffic goes from client though internal corporate firewall to mediation server and then transcoded as G711 to SBC.

With Media Bypass


Signalling continue to flow via Mediation but media will flow from SfB client directly to SBC / Gateway.


Removed connection points (Hops) for Media going through firewalls and server

Benefits of Media Bypass


As we saw before we can improve quality by reducing latency, packet loss and single points of failure by allowing media to flow directly to pstn gateway from the SfB client and also reduce number of CCEs as Mediation server is removed so no transcoding from one codec to another is required so then allow larger number of voice streams on the same hardware. Win Win !

Network Considerations


First important to understand with Media bypass enabled on the client media will ALWAYS bypass this is different to on premises SfB Server / Lync Server deployments. where is is possible to configure when media will bypass per network location. CCE media bypass is always bypass mode.

External clients and unsupported clients will never use bypass so important to know how users will connect, numbers of external and also client versions (I believe from what ive read only click to run SfB client supports CCE Media bypass)

Requires direct connectivity to the PSTN gateway!

Media over VPN is not supported this doesn’t differ from SfB server, if you block media over VPN you need to block all traffic ! recommendation block all SfB from VPN connections.

Client to PSTN gateway traffic typically uses G711 codec, inbound calls mediation server will negotiates G711, outbound gateway negotiates.

Centralised CCE Deployment

More great on the TechNet link for planning media bypass


Need to consider G711 will transverse the WAN twice, CCE in central DC with local SBCs in local offices, centralised SBC with cloud connector routes calls to local gateways.

This type G711 media traffic for media bypass clients will transvers the wan twice

1. client media flow associated with CCE deployment


2. outbound from sbc through same wan in office to sbc / gateway out to the PSTN


Centralised Deployment – External Caller


User from Zurich on the Internet, places outbound, both signalling and media flow to office 365 through external firewall in Amsterdam to CCE through internal network to SBC Gateway in Amsterdam over the corporate WAN to Zurich to SBC and pstn in local branch office.

Configure Media Bypass


Also check this deploy guide on TechNet


Each CCE Mediation server has a web service to provide media bypass information that is configured as part of V2

Summary of steps

  • Detailed in the following slides
  • Administrator defines web service url for web service
  • Admin creates DNS A Record in internal dns for this url resolving to the ip address of each mediation server
  • Administrator enabled media bypass using SfBO PowerShell
  • Media Bypass settings replication to cloud connector mediation servers
  • Internal supported clients sign out and back in to pick up media bypass settings

Web Service URL


Admin defines web service url for media bypass

Pick a name that could be anything hybridvoice,mediabypass as examples, name can be in any domain namespace can be any internal domain name that resolvable in internal dns.

Does not need to be in a namespace that matches CCE deployment

Only one name is defined per deployment. we don’t need separate for separate PSTN sites.

Above they have used and there is an example of the URL, your webservice would be the same after .com

http is used to avoid admin overheard, as only returning information to internal client. DOES NOT RESOLVE TO EXTERNAL CLIENTS



Client are required to resolve internal DNS, so it can resolve the host name to mediation server ips.

One host A record for IP of mediation servers

Each mediation requires a host record

with 3 mediation servers you need three a records resolve to web service url.

recommendation to use Geo DNS to resolve local mediation servers ips based on client location. recommendation not requirement.

Single Web service url resolving to ips of all mediation server.

Windows 2016 Geo DNS


Windows Server 2016 can provide GEO DNS for the web service url

A sample config is above

  • First creates dns client subnet for each locations
  • DNS zone scope for each location
  • DNS records in each zone scope for each mediation server
  • DNS policies that connection client subnets to matching zone scopes, please reference url for further info

Enable Media Bypass in O365 Tenant


admin manual enables on Office 365 tenant by using remote PowerShell with SfB admin creds and sets the internal web service url as defined previously.

Use set-cstenanthybridconfiguration cmdlet as defined above

Second you need to enable mediabypass settings in two steps

  • create bypass settings in memory $mediabypass = New-csNetworkMediaBypassConfiguration –Enabled $true
  • modify network configuration with the new settings. Set-CsNetworkConfiguration – MediaBypassSettings $mediabypass

Confirm Media Bypass


After enabling you should confirm is configured correctly.

Confirm Media Bypass – On SfB Online


First confirm SfB Online Media bypass settings in remote PowerShell

Confirm the web service url is replicated to the local server store using get-cstenanthybridconfiguration –localstore | select hybridconfigserviceinternalurl hybridconfigserviceinternalurl

here you can view the webservice url

Then confirm media bypass settings replicated to local server store

get-csnetworkconfiguration –local | select-expandproperty Mediabypasssettings

Two settings to check

1. Enabled is true

2. Bypass ID – this is the bypass id clients should be received. this is different to online bypass id. All tenants and all users in V2 will use the same ID.

Confirm Media Bypass – On CCE


On admin PowerShell on each CCE Mediation server and run

Get-CsNetworkConfiguration – localstore | select –ExpandProperty MediaBypassSettings

Check three things here

  • Enabled is True
  • AlwaysBypass is True (Always True. this is static setting)
  • BypassID – Same bypass ID as before

Confirm Media Bypass in Calls

Option 1 – Performance Monitor


Configure and use PerfMon on CCE Mediation Servers to monitor the following

  • LS:MediationServer – Inbound Calls – Total inbound media bypass calls
  • LS:MediationServer – Outbound Calls – Total outbound media bypass calls

Sample above has active calls, works well for basic but does not captures transfers, its good to get an idea of how calls are bypassing media.

Option 2 – Network Tracing


You can use a network trace to confirm network activity for calls, apply a filter to view traffic between client ip and PSTN gateway

  • When you traffic between client and PSTN gateway then bypass is enabled
  • If disable client would connect to mediation server and the mediation server connecting to the PSTN Gateway.

Option 3 – Tracing Logs


You can check for bypass if trace logs and search for a=x-bypassid

three items per call

  • invite: SDP
  • 183 session progress: SDP
  • 200: OK

Open traces with snooper.

Media Bypass in Clients


Detailed look into clients

Supported Clients and obtaining media bypass settings


Clients retrieves web server url during in band provisioning

  • client resolves hostname
  • then client connects to web service url
  • if connection successful and client supported version then bypass will be enabled and bypass id set
  • if not successful media bypass will be disabled

note if client connected in external network (Internet) then the client MUST NOT resolve the web service URL. if resolvable there would be issues.

Troubleshooting supported clients


If client are not making media bypass clients

first checked hybrid voice url is being picked up by client – check this is log with snooper

Sample trace log for user


Zoom in on important bit


Here you can see the url from the trace tab in snooper. Here the client has received the web service url.

Next check DNS resolution for the web service name.

Use command prompt and ping the url and the mediation server ip is resolvable and reachable

Perform web traffic trace to make sure the web service url is successful.

Demo web capture using Charles you can also use fiddler to trace


First check build number on client


Greater than supported 7870.2020 so were good

Check IP config of the client and confirm on internal network


Next sign in with web tracing enabled


Check web service url is contacted and also bypass enabled is true


you can also see the bypass id of the mediation server

Next confirm the media is bypassing

Check Client IP again –

Check SBC IP – and is pingable


Lets make a call


From network trace it show media flowing directly from client .123 to SBC .8


Media is going directly between client and SBC.

Client Bypass Log Details


Open log file from tracing file with snooper

Look at bottom of SDP for bypass id

180 ringing we will use gateway SDP of

Service out record for VQ report for local user agent, client agent , mediation bypass flag is true.

What about unsupported clients ?


Windows desktop 2013 and SfB unsupported version will attempt the URL and CCE will check version and disable media bypass.

Also other client 2010, mobile and mac there is no logic and will not attempt to connect to the web service url and media bypass disabled.

Unsupported client walkthrough



Check Client version and this the Lync 2013 client upgraded to SfB using Office Pro Plus 2013 (this is an unsupported client)

Clients signs in


Check and we see successfully connection to web service url BUT bypass is false and OFF


Client Media Connectivity Failures


If you have implemented media bypass and you are having call failures

Call rings but client says connecting, signalling via mediation is working but media is failing to connect to PSTN gateway

Confirm is client and PSTN gateway can connect (ping)

Collect logs on CCE hosts admin PowerShell and reproduce scenario

Invite and SDP logs

Network trace to define network failure

Review gateway logs could be failure on gateway and not on your network







More great material !

TechNet Plan for Media Bypass with CCE v2

Deploy Media Bypass with CCE v2


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.