Cloud Connector Edition CCE v2.1.0 Released – Adds Operation Management Suite (OMS) support

Over the weekend i noticed thanks to Twitter and Tom Arbuthnot that Friday 17/11/2017 it seems Microsoft have released CCE v2.1 for Skype for Business Online 🙂

Microsoft previously announced before Ignite and SfBO is becoming Teams  we should see co-existence in CCE so it could be deployed alongside Lync Server or Skype for Business Server as currently this is not possible and ive had many requests from customers for this as moving from an existing Lync Server deployment means ripping this out first and then deploying CCE but there was rumors after Ignite that coexistence with CCE will never come even in SfB Server 2019 and it seems this confirmed and not included in V2.1 😦

Microsoft now recommend configuring Hybrid on your existing Lync or SfB Server deployment or looking at deploying a third party appliance which is a bit of a u turn on previous announcement perhaps the shift to Teams has meant this maybe too much work as the focus is on Teams. Microsoft did comment on Tech Community post they will release more information on Hybrid voice so we will have to see. The post is below. This follows a post on the Tech Community saying v2.1 will come mid November check that out here

V2.1 following the Tech Community post focus on Cloud management with Operation Management Suite

Our primary goal for this release focused on improving the ability to cloud manage CCE via the Microsoft Operations Management Suite.

Tenant administrators care about monitoring the state of several indicators when managing CCE:

  • Key services to insure the solution is green and available
  • Hardware utilization for the virtual machines
  • Key statistics such in-bound and out bound calls to allow for fine tuning of resources

Ive been looking for release notes but cant seem to find anything as of yet only the Tech Community posts and community blog posts, highly recommend Tom Arbuthnots Posts below:

Updating to CCE v2.1

Updating option include Automatic and Manual and depends what you are configured for AutoUpdate and your maintenance time window you have configured on your tenant or you may have turned off AutoUpdates or your starting new.

Remember if you have turned off AutoUpdate you need to update to the latest release I think you have 60days before your classed as out of support so you need to schedule this update to stay in support.

I found the support statement

Microsoft supports the previous version of Cloud Connector Edition for 60 days after the release of a new version. Microsoft will support version 2.0.1 for 60 days after the release of 2.1 to allow you time to upgrade. All versions previous to 2.0.1 are no longer supported.


Ive heard of OMS but to be honest i dont know alot so looks a have a quick look.

Whats is OMS ?

Operation Management Suite is a collection of Cloud management service entirely hosted in Azure.

Made up of number of services below but for CCE i think it will leverage Log Analytics.


OMS Pricing Details


I wondered what the pricing would be for OMS as its Azure and most things have a price tag but it seems there is a free plan but has limitations on daily limit of up to 500mb and retention period of 7 Days.

If you go reach the 500mb data analysis will stop and resume at the start of the next day.

So it looks like we can have a free offering for OMS or you can pay for the paid plan for no daily limit and up to 1Mponth retention. If you want to keep longer then you can pay.

OMS Log Analytics

Log Analytics provides monitoring services for OMS by collecting data from managed resources into a central repository. So we deploy an Agent to the virtual machines running on CCE and then configure what to look for, set alerts on the data we collect and view and report on the information. Looks nice and easy. Just set, collect, alert and report and seems we can also not only collect from on premises windows or linux, but Azure services and data collector api’s so you OMS can be useful for much more than just CCE if your not using it.


OMS Configuration and Configuring CCE to use OMS

You will need

  • Confirm Prereqs to use OMS
  • Configure CCE for OMS
  • Configure OMS
  • Create Alerts
  • Microsoft have provided Recommended minimal monitoring set so check it out on the url above.

First you need OMS and have the prereqs you need an Azure Tenant with OMS workspace, CCE v2.1 and Log Analytics new log search configuring.

For configuring on your CCE it depends if your deploying new or upgrading existing both you need to update the CloudConnector.ini file to enable OMS

Then configure OMS and specify alerts and event logs and performance counters

I think its great that you can use Cloud Monitoring and I wonder if SfB Server 2015 will take advantage of OMS as well in a similar way as it was announced with SfB Server 2019 it will take advantage of Cloud services.

Check out the details Config Information here

Further Info and Useful Links

Version Number 2.1.0

Released 17/11/2017

Upgrade Information

Further Information on OMS for CCE v2.1

After upgrades it recommended to Validate the upgrades so check here

Manual Download Link

Planning Information for new deployments of CCE

What is OMS?

OMS Pricing


Skype Academy presents : Media Bypass in Cloud Connector Edition V2 (CCE) Summary

Next up on my summary list following CCE V2 is Media bypass session by Carolyn Blanding link here to the full video here

If you want to plan and deploy CCE check out the links in this post as well.

For Media Bypass with CCE you need CCE v2 and Supported clients!

With the first release of media bypass, the only supported client is the Skype for Business 2016 Windows Client that is part of Office 365 ProPlus, version 16.0.7870.2020 or greater.

Lets go!



Training disclaimer, this session recorded July 2017 and features described are current as of this date. Office 365 is on going innovation.


About Carolyn, she’s been with Microsoft for 5 years, senior supportability program manager. Member of extended hybrid voice team and working with developers on CCE.

Key Learning’s





Also check this

Without Media Bypass



In order to plan your network for media bypass we need to understand both signalling and media flows

  • Media and Signalling without media bypass
  • All signalling and mediation go via Mediation server

SfB client connected on internal network and making outbound call the signalling flows out the client and out the external network to office 365 and back from Office 365 to corporate Edge server to mediation server to the SBC. Media traffic goes from client though internal corporate firewall to mediation server and then transcoded as G711 to SBC.

With Media Bypass


Signalling continue to flow via Mediation but media will flow from SfB client directly to SBC / Gateway.


Removed connection points (Hops) for Media going through firewalls and server

Benefits of Media Bypass


As we saw before we can improve quality by reducing latency, packet loss and single points of failure by allowing media to flow directly to pstn gateway from the SfB client and also reduce number of CCEs as Mediation server is removed so no transcoding from one codec to another is required so then allow larger number of voice streams on the same hardware. Win Win !

Network Considerations


First important to understand with Media bypass enabled on the client media will ALWAYS bypass this is different to on premises SfB Server / Lync Server deployments. where is is possible to configure when media will bypass per network location. CCE media bypass is always bypass mode.

External clients and unsupported clients will never use bypass so important to know how users will connect, numbers of external and also client versions (I believe from what ive read only click to run SfB client supports CCE Media bypass)

Requires direct connectivity to the PSTN gateway!

Media over VPN is not supported this doesn’t differ from SfB server, if you block media over VPN you need to block all traffic ! recommendation block all SfB from VPN connections.

Client to PSTN gateway traffic typically uses G711 codec, inbound calls mediation server will negotiates G711, outbound gateway negotiates.

Centralised CCE Deployment

More great on the TechNet link for planning media bypass


Need to consider G711 will transverse the WAN twice, CCE in central DC with local SBCs in local offices, centralised SBC with cloud connector routes calls to local gateways.

This type G711 media traffic for media bypass clients will transvers the wan twice

1. client media flow associated with CCE deployment


2. outbound from sbc through same wan in office to sbc / gateway out to the PSTN


Centralised Deployment – External Caller


User from Zurich on the Internet, places outbound, both signalling and media flow to office 365 through external firewall in Amsterdam to CCE through internal network to SBC Gateway in Amsterdam over the corporate WAN to Zurich to SBC and pstn in local branch office.

Configure Media Bypass


Also check this deploy guide on TechNet


Each CCE Mediation server has a web service to provide media bypass information that is configured as part of V2

Summary of steps

  • Detailed in the following slides
  • Administrator defines web service url for web service
  • Admin creates DNS A Record in internal dns for this url resolving to the ip address of each mediation server
  • Administrator enabled media bypass using SfBO PowerShell
  • Media Bypass settings replication to cloud connector mediation servers
  • Internal supported clients sign out and back in to pick up media bypass settings

Web Service URL


Admin defines web service url for media bypass

Pick a name that could be anything hybridvoice,mediabypass as examples, name can be in any domain namespace can be any internal domain name that resolvable in internal dns.

Does not need to be in a namespace that matches CCE deployment

Only one name is defined per deployment. we don’t need separate for separate PSTN sites.

Above they have used and there is an example of the URL, your webservice would be the same after .com

http is used to avoid admin overheard, as only returning information to internal client. DOES NOT RESOLVE TO EXTERNAL CLIENTS



Client are required to resolve internal DNS, so it can resolve the host name to mediation server ips.

One host A record for IP of mediation servers

Each mediation requires a host record

with 3 mediation servers you need three a records resolve to web service url.

recommendation to use Geo DNS to resolve local mediation servers ips based on client location. recommendation not requirement.

Single Web service url resolving to ips of all mediation server.

Windows 2016 Geo DNS


Windows Server 2016 can provide GEO DNS for the web service url

A sample config is above

  • First creates dns client subnet for each locations
  • DNS zone scope for each location
  • DNS records in each zone scope for each mediation server
  • DNS policies that connection client subnets to matching zone scopes, please reference url for further info

Enable Media Bypass in O365 Tenant


admin manual enables on Office 365 tenant by using remote PowerShell with SfB admin creds and sets the internal web service url as defined previously.

Use set-cstenanthybridconfiguration cmdlet as defined above

Second you need to enable mediabypass settings in two steps

  • create bypass settings in memory $mediabypass = New-csNetworkMediaBypassConfiguration –Enabled $true
  • modify network configuration with the new settings. Set-CsNetworkConfiguration – MediaBypassSettings $mediabypass

Confirm Media Bypass


After enabling you should confirm is configured correctly.

Confirm Media Bypass – On SfB Online


First confirm SfB Online Media bypass settings in remote PowerShell

Confirm the web service url is replicated to the local server store using get-cstenanthybridconfiguration –localstore | select hybridconfigserviceinternalurl hybridconfigserviceinternalurl

here you can view the webservice url

Then confirm media bypass settings replicated to local server store

get-csnetworkconfiguration –local | select-expandproperty Mediabypasssettings

Two settings to check

1. Enabled is true

2. Bypass ID – this is the bypass id clients should be received. this is different to online bypass id. All tenants and all users in V2 will use the same ID.

Confirm Media Bypass – On CCE


On admin PowerShell on each CCE Mediation server and run

Get-CsNetworkConfiguration – localstore | select –ExpandProperty MediaBypassSettings

Check three things here

  • Enabled is True
  • AlwaysBypass is True (Always True. this is static setting)
  • BypassID – Same bypass ID as before

Confirm Media Bypass in Calls

Option 1 – Performance Monitor


Configure and use PerfMon on CCE Mediation Servers to monitor the following

  • LS:MediationServer – Inbound Calls – Total inbound media bypass calls
  • LS:MediationServer – Outbound Calls – Total outbound media bypass calls

Sample above has active calls, works well for basic but does not captures transfers, its good to get an idea of how calls are bypassing media.

Option 2 – Network Tracing


You can use a network trace to confirm network activity for calls, apply a filter to view traffic between client ip and PSTN gateway

  • When you traffic between client and PSTN gateway then bypass is enabled
  • If disable client would connect to mediation server and the mediation server connecting to the PSTN Gateway.

Option 3 – Tracing Logs


You can check for bypass if trace logs and search for a=x-bypassid

three items per call

  • invite: SDP
  • 183 session progress: SDP
  • 200: OK

Open traces with snooper.

Media Bypass in Clients


Detailed look into clients

Supported Clients and obtaining media bypass settings


Clients retrieves web server url during in band provisioning

  • client resolves hostname
  • then client connects to web service url
  • if connection successful and client supported version then bypass will be enabled and bypass id set
  • if not successful media bypass will be disabled

note if client connected in external network (Internet) then the client MUST NOT resolve the web service URL. if resolvable there would be issues.

Troubleshooting supported clients


If client are not making media bypass clients

first checked hybrid voice url is being picked up by client – check this is log with snooper

Sample trace log for user


Zoom in on important bit


Here you can see the url from the trace tab in snooper. Here the client has received the web service url.

Next check DNS resolution for the web service name.

Use command prompt and ping the url and the mediation server ip is resolvable and reachable

Perform web traffic trace to make sure the web service url is successful.

Demo web capture using Charles you can also use fiddler to trace


First check build number on client


Greater than supported 7870.2020 so were good

Check IP config of the client and confirm on internal network


Next sign in with web tracing enabled


Check web service url is contacted and also bypass enabled is true


you can also see the bypass id of the mediation server

Next confirm the media is bypassing

Check Client IP again –

Check SBC IP – and is pingable


Lets make a call


From network trace it show media flowing directly from client .123 to SBC .8


Media is going directly between client and SBC.

Client Bypass Log Details


Open log file from tracing file with snooper

Look at bottom of SDP for bypass id

180 ringing we will use gateway SDP of

Service out record for VQ report for local user agent, client agent , mediation bypass flag is true.

What about unsupported clients ?


Windows desktop 2013 and SfB unsupported version will attempt the URL and CCE will check version and disable media bypass.

Also other client 2010, mobile and mac there is no logic and will not attempt to connect to the web service url and media bypass disabled.

Unsupported client walkthrough



Check Client version and this the Lync 2013 client upgraded to SfB using Office Pro Plus 2013 (this is an unsupported client)

Clients signs in


Check and we see successfully connection to web service url BUT bypass is false and OFF


Client Media Connectivity Failures


If you have implemented media bypass and you are having call failures

Call rings but client says connecting, signalling via mediation is working but media is failing to connect to PSTN gateway

Confirm is client and PSTN gateway can connect (ping)

Collect logs on CCE hosts admin PowerShell and reproduce scenario

Invite and SDP logs

Network trace to define network failure

Review gateway logs could be failure on gateway and not on your network







More great material !

TechNet Plan for Media Bypass with CCE v2

Deploy Media Bypass with CCE v2

Skype Academy: What’s New in Cloud Connector Edition V2 Summary

With the recent release of Cloud Connector v2 there’s some great new features and updates to CCE so wanted to summarise the Skype academy video.  There’s tons of useful information in here so hope you find it useful.

CCE v2.0.0 was released and straight after Microsoft provided some great content and learning on what’s new. Thanks Microsoft for very speedy information to the community. Check out the resources at bottom of post as well.

Useful links on great info on CCE v2

CCE manual download here

Skype Academy video link here


Lets start the video, the session is presented by Carolyn Blanding from Microsoft



Usual training disclaimer on Office 365 being subject to change and this ther July 2017 edition.


Also a member of extended hybrid voice team and working with developers on CCE since the first release.

Key Learning’s


CCE v2 bring media bypass ! wohooo

(Great link on Media bypass planning for CCE here

support for 16 CCEs in one pstn site up from 4 ! it now has 4x capacity !

Additional improvement

Session Scope


This session assumes you already know about CCE and have an understanding on deployment and management if not there’s a link on further learning here http://aka/ms/sa-cce

What’s new in CCE V2 ?



Wow what a list !!!

  • Media bypass
  • support for 16 CCEs per one pstn site
  • ability to manipulate sip headers for billing and interop
  • Hybrid voice flag in mediation server agent for CQD
  • Disable SSL 3.0 by default
  • automatic installation of .NET 4.5.2 which is dependency on current SfB
  • New Cmdlets

More details on each further on. Lets breakdown.

Media Bypass


This was top ask from customer

by removing mediation server in path for media we can improve voice quality and reliability by reducing latency, packet loss and points of failure

also reduce number of CCE to support greater number of voice streams

Media bypass requirements


CCE V2 deployed at all sites

tenant admin is required to enable media bypass feature in office 365 tenant this is not enabled by default

media bypass enablement needs to be replicated from office 365 to all CCEs

DNS must be configured to allow client resolution for the media bypass service url

Currently only supported version for CCE media bypass is office 365 pro plus click to run 32 and 64bit version 16.0.7870.2020 or later.

Microsoft Office MSI is not supported ! this again show new features are coming cloud first and the push to move your office installs to office 365 pro plus.

More info on Media bypass with CCE

Plan –

Deploy –

16 Cloud Connectors appliance per site



previously there was support for 4 CCES per PSTN site in a N+1 config where one CCE was was reversed for HA. Each CCE could support 500 simultaneous calls so totalling 1500 simultaneous calls per pstn site.

Now with 16 CCEs per pstn site in N+1 it provides 7,500 simultaneous calls and that’s without media bypass !!

This means can support more sim calls in single pstn site, for example before V2 if a company needs to support 5000 calls in one DC where CCE is deployed previously they would need to setup 4 pstn sites and split users across pstn sites even though all CCEs were physically located on the data centre, by supporting 7500 its reduced the requirement for more pstn sites and users dont have to be split up. Makes its easier to manage.

Modify SIP headers in CCE V2


Prior to v2 the only way to modify sip[ headers was administrators connecting to mediation servers and modifying sip trunk setting but during upgrades the settings while lost. CCE updates then had to set to manual, CCE then updated and then setting configured back again.

This is now persistent and the following settings if changed are kept during CCE upgrades.

Enablefastfailover timer – default is true, when true the 183 progress must return in 10 seconds. Certain network conditions has caused this to not response in 10 second so this can be set to false.

Forward call history – default is fales, history info useful in sim ring and call forward and refereed by useful for call transfer, this is useful for billing purposes and caller id purposes when sbc to replace caller id.

Forward PAI – default false, when true the P asserted identity headers with sip and tel uri from cce mediation to sip trunks. used when call history not available. please see url below for more info.

Hybrid Voice flag in mediation server agent


Set to unique flag so CCE calls can be easily identified from calls placed by other trunks. The user agent was previously reported as “Mediation Server” which is indistinguishable from other SfB Trunks.

Now it shows unique CCE-MediationServer example above show version number as well.


Examples in online reporting.

This is Call analytics preview in sfb admin centre, in this example a user search is done and a call is selected.

Alex is an online user and Alex uses CCE for PSTN calls, under systems you can see the mediation server that part of CCE, and under user agent we see CCE mediation server agent.

Lets look at session details

searched for Alex again and we can see CCE mediation server agent.


if you look before CCE v2 you will see the old Mediation Server


Disable SSL 3.0 by default


CCE does not use SSL and does not require SSL enabled. Please url for security advisory and recommendation on disabling when not needed.

.Net Framework 4.5.2


.NET Framework 4.5.2 will auto install and is a dependency for CCE v2

CCE host must always have internet connectivity and it required this to download 4.5.2 to host machine so its available.

Admins of large deployments can prepare the vhds with .Net 4.5.2 to speed up deployment times. to do this admins can use convert-ccisotovhdx cmdlet and use pause before update switch this allows admin to connect to base vm and install windows updates and .NET 4.5.2 on the base vhd.

New Cmdlets – Online


The new cmdlet are added to SfB Online one for media bypass and two on network. Please refer.

New Cmdlet – CCE Host


On the CCE Host there is also a new Cmdlet

Used to update configuration, if you update CCE config file. cloudconnector.ini after changes you must use import-ccconfiguration. It does auto run but still best practice after any manual change to use the cmdlet.

Example if you you change config file to use WSUS server.



  • Skype for Business administrator role instead of global administrator
  • Reduce number of passwords needed when deploying CCE
  • user corporate network switch instead of management switch for most tasks
  • improvement to auto detection
  • change cmdlets

Let breakdown each one

Skype for Business Administrator Role


CCE requires an O365 tenant admin account to manage CCE services online, prior to V2 this required an account that was a global administrator.

With V2 its supported to use a tenant admin account with Skype for Business administrator role is sufficient for managing CCE services online.

If password expiry is set you need to use set-cccredential to update credentials.


To reduce password for CCE in V2 and reduce complexity.

In V2 the following password will be requested

  • CCEService – used for CCE service account and domain admin, VMAdmin
  • CABackupFile – used to import Root CA when deploying appliances
  • ExternalCert – used to import Edge certificate when deploying appliances
  • TenantAdmin – used to deploy and maange CCE Online

Note CCEService and CABackupfile must be the same for all CCE per site.

Corporate Management Switch


previously we used the cce management switch for all connectivity between host and vms for PowerShell. feedback to customer was that this was great as it caused network disrupts.

CCE v2 now reduces the amount or connections and disconnections, now only used for new deployment or upgrade.

The SfB CCE Corpnet switch will not be used which reduces the number of connections and disconnections. search of clslogging will now be alot faster as network connections are already established.

Since corpnet switch is used now the network adapter bound the cce corpnet network switch must have an ip address assigned in the same subnet as the CCE corporate network. This can be an alternative ip address. before the management switch was matched on the same subnet.


Improvements to Auto Detection


  • There has been some updates to auto detection for CCE recovery to avoid call failures.
  • In HA we want to mark any appliance that is down to avoid issues and call failures
  • Maintenance you have to out CCE in maintenance mode so its doesn’t.
  • All server roles are monitored

Cmdlet Updates – Online


cannot be set from false to true.

with CCE a online dial plan is a hard requirement

Updates to Get-CsHybridPSTNAppliance

Cmdlet Updates – CCE Host


PowerShell verb update from renew-cc to update-cc

You can change domain admin or vmadmin using set-cccredentials as above.

Upgrading to V2



For customer with CCE already deployed to new build

Supported path from version 1.4.2 to version 2 if auto update available then it will autoupdate at scheduled update window.

Manual update process is available if autoupdate disabled.

InPlace upgrades are NOT Supported with version BELOW 1.4.2

In this case you need to unregister appliance, uninstall appliance and deploy new CCE.

To confirm CCE several ways, hyper v console, remote PowerShell and SfB admin centre. more details above.

Update Cloud Configuration File


when upgrading to V2 you need to update cloud connector configuration file with the new sip header setting to cloudconnector.msi.


Open file


Copy three lines from sample file


paste into your file, save and import.



If advanced notice is possible or more likely to have auto upgrade off due to trunk config you can modify trunk config file prior to v2 upgrade.


1.4.2 did not prompt for CABackup pasword the domain admin password was used and its used to encrypt root CApassword. It must be the same for all appliances,

If different domain admin password may be in place if password changed after deployment. You can use the get-cccredential. if you have this the steps are listed above.


from 1.4.2 we don’t prompt for CCEService password the VMAdmin password aka local admin password will be used for cce service password. This password needs to to be same so best to confirm password are the same across all appliances.



Key Learning’s






SfB Broadcast: Ep. 43 Skype for Business Cloud Connector Edition for Hybrid PSTN Summary

This is a SfB Broadcast from Microsoft link to the video is here

The three points i found most interesting

  • Media Bypass – Summer 2017
  • Coexistence – Fall 2017
  • Improved diagnostics – Winter 2017

Lets go.

Bill Verthein, Principal Product Manager

Oliver Chiu – Sr Product Marketing Manager

What Hybrid ??


  • Average PSTN contracts are 5 years durations
  • There are countries where Microsoft don’t have PSTN calling
  • Some people don’t trust Microsoft as a Telco
  • Microsoft may not offer PSTN in some countries full stop
  • Some countries you cant get a PSTN licence

Hybrid allows Microsoft to

Deploy Cloud PBX worldwide

Work with PSTN carriers not against them in some countries

Cloud Connector Edition


CCE set of four customised VMs running SfB components

Two options to deliver Hybrid

  1. Via Cloud Connector Edition
  2. Via an on premises Skype for Business Server deployment

CCE run 4 packaged VMs to provide hybrid connectivity  between PSTN on premises and Cloud PBX where users are homed.

CCE only talks SIP so if you have E1 / T1 / BRI then you need a PSTN gateway / SBC

Cloud Connector available in two ways

1. Download CCE and deploy on your own hardware

2. CCE pre deployed on appliances. Two approved vendors AudioCodes and Sonus. Also includes an SBC as well.

Appliances are tested with Microsoft.



CCE is a direct extension of the SfBO service its not a standalone piece of hardware.

CCE uses AutoUpdate to update itself as SfBO requires so auto updates on the CCE is the carried out when Microsoft require. You have 60 days only to run an older version of CCE.

IT admin can set update windows, set by days /hours. When new update is found and windows is open it will download updates for CCE components. The Update will build the newer version of virtual machines side by side whilst calls are in progress. At a maintenance windows the newer version will swap over. This happens automatically ! Tested N –2

AutoUpdate can be disabled but this MUST be manually updated. You will not be in supported if you dont keep up to date.

Allows Microsoft to push updates to CCE first if required and then update the “Cloud”


CCE requires hardware, is there a hosted offering ?

There is a version of hosting in private cloud

It isnt designed to be multi tenanted or hooked into monitoring systems. If hosted modified VMs then with the next update it will wipe them.

Private cloud would be ok but be careful.


Windows Server 2016 ?

You need Windows Server Datacentre edition to licence the virtual machines. NO restrictions on number of VMs. No User cals required.

CCE is stateless it has no concept of users. All users context is in the cloud. They dont log into the cloud then log into the cloud.


Hybrid Voice options and flows


  • CC Domain Controller – Nothing to do with enterprise AD, its only for CCE.
  • Edge
  • Mediation
  • CMS

IM,Presence, Conferencing, app sharing and peer to peer all go to the cloud (Skype for Business Online)

PSTN calls to and from external numbers will go via Cloud Connector

Media bypass not supported currently be noted above (bypass enabled)

Media bypass is being added to Cloud Connector. With media bypass the medition server tells dave that the client can talk direct to the PSTN gateway. this means all media can stay withing internal ntwork and also should allows CCE to make more calls.

Currently in TAP and being tested, expected end of June 30th. 20 people running it, no bugs found at the moment.

If you have an on premises SfB server deployment you can use this deployment for Hybrid connectivity with Cloud PBX.


OPCH – on premises connected hybrid (Diagram above)


To migrate Hybrid SfB Server to CCE ?

CCE cant coexistenece currently with on premises SfB server deployment

Co existence is coming, Microsoft have a build already.

Its engineering testing and in a week or two come to end to end testing.

Coexistence will come Fall

Should be very popular, its a common question i get asked.

Requirements for coexistience

SfB Server 2015 with CU6 on Federation Edge

CU6 will contain CCE existence

Lync Server 2013 you will need SfB 2015 CU6 Federation Edge. SfB 2015 Edge is approved topology.

No coexistence with Lync Server 2010 or earlier!




Notes coexistence August 2017!

Whats Next ?


  • Media Bypass – Summer 2017
  • Coexistence – Fall 2017
  • Improved diagnostics – Winter 2017

Mid Term – two years

  • reviewing requirements to reduce hardware / software costs




Can one CCE support multiple SIP trunks ?


Will AutoUpdate update my host ?

Yes if it has two, it updates, host, guest OS and may require restart of the host.


Next Webcast will be on Polycom.


*** UPDATE *** Questions posted following the event UPDATE 19/06/2017

Below questions are taken from

What is the YouTube channel we can watch this back on please?

When do you expect that we can use local PSTN connectivity and numbers with service numbers?
We expect this before the end of this calendar year.*

Is there any plan to add automatic disaster recovery?
We plan to support full DR in the first half of 2018.*

Any improvements planned to make config file easy to edit? right now the TEXT file is error prone. Any error leads to script issues and needs CCE deployment to rerun.
Our CCE Appliance partners AudioCodes and Sonus have done a good job of making configuration a set of logical questions and preventing the chance of most conflicting answers. 

HA/DR capabilities for CCE? can it hit SLA targets?
Yes, CCE has HA/DR capabilities. We do not yet claim full DR capability (see the answer above) for CCE. However, we believe CCE in tandem with Skype for Business Online and Cloud PBX can satisfy our SLA obligations to our customers.  We measure and track this every day and have weekly reviews of our metrics in addition to assign product engineers to 24×7 on call support for customer issues.  
Hybrid PSTN is inherently harder to track down issues and understand root causes of issues because quality often depends on the quality of the customer’s network as well as change control on their firewalls and network settings. To help improve resolving issues wherever the fault lies, we are currently and will continue to add improved diagnostics to help resolve problems to eliminate failures outside SFBO or CCE.

Will new tenant dial be supported on CCE?
Yes tenant dial plan is fully supported with Hybrid Voice options.

Is there any plan to add CAC capabilities for SfBO?
We do not have plans for CAC over the next 12 months. If this is a priority for you, please let us know.

Is tail end hop-off supported?
We currently do not support tail end hop off (we call that “destination based routing. This is planned in 2018.* Microsoft is uniquely positioned to drive this globally as we have the 2nd largest global cloud in the world and we have more global fiber than any single carrier. Today our Skype Consumer product is the #1 international long distance provider in the world.

Can you route calls via different CCE appliances based on user DDI? E.g. London based DDI will break out via London CCE and Edinburgh DDI will break out via Edinburgh CCE?
We are planning improved routing rules coming to CCE toward the end of 2017.*  In the interim many customers do this call destination routing today with an intervening SBC.

Does CCE have the capability to support HA in two different DC?
Some customers have split an HA pool of CCEs across different data centers.  We recommend that each CCE be cross connected to every telco gateway in their site so the result of splitting a site across two DCs is you may have a lot of WAN traffic between data centers and that can impact cost.  When we improve our DR performance later this year you should see less need to split across DCs.

Do the local PSTN gateways have to be AudioCodes/Sonus or can they be existing Cisco gateways?
We support ANY SBC that interops with SFB mediation servers.  This includes Cisco and Avaya SBCs (as well as Acme).  There are a lot of smaller SBC companies that we don’t test with that MAY also work as well. Usually all SBCs have well understood config profiles to interop with SFB20015 Mediation Servers (this is what CCE uses).

For the coexistence topology referenced will only SFB 2015 Federation Edge be required? Is there a requirement to deploy next hop SFB 2015 or next hop can still be Lync Server 2013?
The Federation Edge needs to be SFB2015 CU6 Edge and the next hop needs to be SFB2015 CU6 as well.

When CCE will support Media Bypass?

We are targeting this for mid-year 2017.* TAP has already begun.

What the requirements from the legacy PBX side? What is tried, tested and supported?
CCE will interoperate with any device that works with SFB2015 Mediation Server’s SIP interface. There is a long list of partners that have submitted their equipment and officially certified interop.  Others have their own Skype for Business template for interop that they certify. Many other popular solutions have public discussions on how to configure those links (eg. Cisco’s SBC has well known profiles that interop with SFB2015 Mediation Server).

Can one CCE box support multiple SIP trunks?
Yes, CCE can be connected to several SIP trunks. When our Media Bypass release is available, it will support up to 16 SIP trunks per CCE.

Does Microsoft have plans to deliver the topology of co-existince between SFBS and CCE within a single tenant? For example, a HQ user with SFBS on-prem PSTN breakout and an oversea branch user with CCE for branch PSTN breakout?
Yes, we will have coexistence capabilities between CCE and onPrem SFB coming by end of calendar year, 2017.*

When an online user at the internet external network dials a PSTN call, what is the voice codec you use between the online user client and CCE’s edge? This is a media relay through mediation server…is it SILK codec (in this case, mediation do transcoding) or PSTN G711 codec ?

To edge, we use G.711. In some cases we might initiate different codec. We will update our TechNet documentation shortly with describing the codec negotiation.

If we are using RCC today with a hybrid SFBOenviroment. can we use CCE to replace RCC?
CCE does not support RCC, but it does support SIP interop with legacy PBXs like Cisco and Avaya.  RCC was deprecated for SFB2015 (Call via Work was the recommended alternative) and RCC is not supported in CCE.

What are the Reverse Proxy requirements for meetings

All user with CCE are homed online and receive meeting services from Skype for Business Online. Therefore, there is no need for a local reverse proxy server

Is there any planned capabilities to selectively route traffic to PSTN to A) CCE and B) MSFT PSTN Calling Plans, for a given user? i.e. route traffic to an existing PBX (for coexistence purposes), but route to ‘outside world’ via PSTN Calling Plan.
There will be cloud based routing and dial plans for SFB Online where you can distinguish where to send certain destination phone numbers.

Once media bypass delivers, can users use SILK voice call from SFBO user until PSTN GW?
We are working on documenting codec negotiation and plan to update TechNet with detailed logic soon.

Any ETA for supporting collocating SFB on-premises or Hybrid + CCE
This is solved through coexistence which is coming later in calendar year 2017.*

Can a PSTN -> SfB conversation be elevated to a conference call?
Yes, but the call will transparently escalate to a cloud AVMCU (there is no audio mixer in the CCE).

Does Microsoft have plans to deliver the topology of co-exist SFBS and CCE within single tenant? for example, HQ user use SFBS on-prem PSTN breakout and oversea branch user use CCE for branch PSTN breakout?
When we release Coexistence, you will be able to do this.

When can we expect CCE to work with on premise Lync or SFB server
CCE Coexistence is coming later this calendar year, 2017.*,

What is the expected RTO (Recovery time objective) for DR failover (Hybrid PSTN site policy change)?
Right now, customers must run recovery scripts to reassign users to a different surviving CCE site. Scripts moves approximately 3 users per second. This is expected to improve by early 2018.*

My customer has several Lync 2013 pools and needs to move to the cloud, but need to add CCE in phases. In the new office, can we have a mix of CCE and Lync in the same organization? The goal is to remove all the onpremises servers

Coexistence will allow you to use CCE in parallel to an existing onpremises deployment. Either Lync 2013 OR SFB2015 can coexist but in either case you will need to deploy a SFB2015 CU6 Edge as the Federation Edge (even for Lync 2013). Earlier versions of Lync (or OCS) such as Lync 2010 are not supported for coexistence with any modification. With earlier versions you will need to upgrade to Lync2013/SFB2015 and then configure the topology for coexistence.

Can we use PSTN Conferencing Number to land on on-premise PSTN and join the meeting hosted by users who are enabled on Office 365?
Our Cloud PBX team is currently testing this capability and we will have more to share later. 

How to migrate from Hybrid SFB on-premise to CCE?
Coexistence will be needed.

Will dynamic E911 capabilities be introduced to SFBO at some point in time? And if yes, will that feature support Hybrid PSTN scenarios either with CCE or Cloud PBX with on-premises PSTN connectivity?
Currently, we only have Basic 911. By 1st half of 2018* we will have enhanced call routing capabilities that will allow us to route on location of the user. The accuracy of E911 is highly dependent on what types of location data can feed our routing engine and ultimately the calls need to route to the appropriate carrier of record who has the legal obligation to provide 911 services. Even if we route to the right carrier for a user’s current location the customer still has to have a proper 911 address set up for a given local phone # that would be used to proxy the userâ’s phone number. We can’t send a Chicago phone# to a Dallas PSAP when that Chicago user is at Dallas office. Expect this in 1st half of 2018 as well.*

Can you confirm the license requirements for CCE – WInServ16 terms unlike 2012 indicate that everyone needs a Cal?
We have no current plans to move to WS2016 for the next few years. Our OS needs are generic and we mainly just require HyperV.  Our current WS2012r2 based CCE does NOT require per user licensing.

Will auto-update update my host? Is there any MP coming for CCE?
Not sure what MP is (Media Processor?), but yes AutoUpdate will update all the Operating Systems that need it, VM Guest OS as well as the Host OS.

CCE requires on-premises hardware. Is a hosted version of CCE planned and what’s the timeline?
Well we are currently working on a significantly smaller footprint for Hybrid PSTN. In the interim we understand that some people just can’t have on-premises hardware. For these cases, we can support private cloud deployments of stand-alone CCEs in a Hoster’s Data Center that will VPN back to the customer’s enterprise network.
First some background on why CCE is difficult to host. CCE has very intricate scripts that configure and update the SFB VMs. Most of our engineering effort for CCE has been in building the new script capabilities and evolving the older versions in the field. Because CCE needs to AutoUpdate, any 3rd party Hoster modified scripts for hosting will either fail when the next AutoUpdate does its magic OR you can miss a required update for cloud interop. So there is NO Microsoft supported multitenant version of CCE.
Next, while running CCE in Azure seems like a no brainer, Azure is not optimized for bidirectional media like voice, so there are quality risks. There are additional limitations in the current way network interfaces are handled in Azure. Until the network virtualization and the bidirectional media performance issues are addressed we cannot endorse an Azure version of CCE at present.
From PBX integrations perspective can calls be routed via CCE to users who use PSTN Calling plan and Service Numbers such as Dial-in conferencing. This is to avoid call charges during coexistence phases.
Today SFB Hybrid PSTN (both CCE and on-premises Config Hybrid, aka Split Domain Hybrid PSTN) can coexist with cloud homed users who have Microsoft’s PSTN plans. Hybrid PSTN and our PSTN calling can be arbitrarily assigned to all the online users in a tenant. All the users can call each other and can move between both methods of PSTN. All calls will be VoIP calls without going to PSTN network

*Disclaimer: Any date estimates may be changed substantially prior to final release of the solution.  This only represents the current view of Microsoft Corporation at the date of the blog. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after we publish this blog. Dates are for informational purposes only. Microsoft makes no warranties, expressed, implied, or statutory as to this information in this blog.

Cloud Connector Edition Update 1.4.2 Key Points and useful info

Been looking around what information is available about the pending 1.4.2 update for Cloud Connector Edition (CCE).

This will be the first automatic update release so if your on version 1.4.1 or below i recommend just looking over and checking your setup. Also the update will follow the update schedule that has been defined on the Hybrid PSTN site. Its worth checking what time is set now before the update is released.

The noted expected release date is 20/3/2017 so not long to go but this date is pending final testing and confirmation it mentions.

Below are some great links from TechNet Blogs i recommend looking over before the 20/03/2017 so you can check over your existing deployment, understand the automatic update process and also automatic recovery process. Its always good to know the process just in case.

Brief Update Summary

Please prepare for the auto update and spend some time checking you have everything in place and your ready.

Auto Update will follow the update time windows that specified for the HybridPSTNsite, if an update is found at this time the update will start. The CCE Appliance will go into Maintenance mode (only one per site can enter maintenance mode at a time) the update tasks will run and following update the appliance will be taken out of maintenance mode and repeated for any other appliances in the site. You can monitor the update process.

For updates Cloud Connector version is downloaded and management service stopped, Cloud Connector updates which removes old version and install new version, new Virtual machines are built side by side from existing VHDX file but note if the VHDX is older than 90 days the intall instance script will log a warning. Once all updates are complete and services runing the switch to the new version will takes places by changing virtual network connections to new vms, shut down n-1 version and remove n-2 version and appliance is take out of maintenance mode. Windows updates is then performed. As the older version is kept you can revert back to it if required.

There are also tasks to look at following the update as well so make sure to check your update version and tasks after update.

Prepare for Cloud Connector Edition Release 1.4.2

Also some key points i found on prepare

  • Expected release date for this is 3/20/2017 pending final testing. Look for release announcement here
  • If you are running version 1.3.8, refer to the manual update instructions Upgrade a single site to a new version in the Cloud Connector Edition (CCE) configuration guide.
  • make sure to export a new sample Cloud Connector configuration file after 1.4.2 is installed for reference, and update your existing configuration file with two new parameters defined in the Common Section: HardwareType and WSUS Server.
  • This update is important, as it is the first to automatically update all existing installed Skype for Business Cloud Connector 1.4.1 appliances, based on the update schedule that administrators have configured for their Cloud Connector Hybrid PSTN Sites.
  • Confirm Group Policy is Configured
  • Use of Forward PAI has been deprecated in 1.4.2 as it’s no longer required to resolve missing caller ID for outbound calls from Skype for Business Mobile clients which has been resolved with changes in outbound routing logic for Cloud Connector.
  • A bug in prior builds caused Cloud Connector account passwords to expire. If the passwords have expired, then the update will fail
  • If your Cloud Connector Office 365 tenant administrator password has been changed, update the cached credential
  • Also, make sure to export a new sample Cloud Connector configuration file after 1.4.2 is installed for reference, and update your existing configuration file with two new parameters defined in the Common Section: HardwareType and WSUS Server.

Understanding Cloud Connector Edition Auto Update

Key Points i found on Auto Update

  • If you do not update the Cloud Connector to the latest release, you might end up in the situation when your Cloud Connector will not work properly
  • Microsoft supports only the latest version of Cloud Connector software. Also, to accommodate Update Window, we support the N-1 version for 60 days after releasing a new version.
  • Auto Update Requirements
    • Outbound internet access to install, manage, and update Cloud Connector on Host Appliance.
    • Outbound internet access on all Cloud Connector VM’s to download Windows updates, or, access to WSUS server as defined in Cloud Connector configuration file.
    • Skype for Business Online PowerShell Module installed on Host Appliance.
    • CCE Management Service is running on Host Appliance.
    • Group Policy to prevent forcefully unloading user registry at log off (required for 1.4.1).
    • Skype for Business Tenant Admin account.
  • Confirm or Modify the Update Schedule for Hybrid PSTN Site(s)
  • When auto updates are enabled, the Cloud Connector management service will check for updates during the update time window configured. If updates are found, then the update process will proceed with the update.
  • Monitor Update Process – The Cloud Connector management service will log events to the Windows Application log with a source of CCEManagementService and detailed information will be written to “C:\Program Files\Skype for Business Cloud Connector Edition\ManagementService\CceManagementService.log”. You can also see the status of the appliance by running Get-CsPSTNHybridAppliance in Remote PowerShell or by viewing in on premises PSTN tab in the Voice section of the Skype for Business Admin Center.
  • Bits Update Process – During this process, the running version remains in service, and an interim switch is used to connect to the new VM’s. Once the new version installation is complete and services are confirmed to be running, the old version is drained stopped and the network connections are switched to the new version.
  • New virtual machines are built from the existing VHDX file. If the VHDX is detected to be older than 90 days, the Install Instance script will log the following warning:
    SFBServer.vhdx was generated more than 90 days before. Use Convert-CcIsoToVhdx to generate it again and apply windows updates.

Note: It is recommended that a new VHDX be built periodically to reduce the amount of time to perform Windows updates for new and updated Cloud Connector machines. It’s not supported to update the VHDX with Windows update and re-run Sysprep as there are a limited number of times that Sysprep can run on a computer.

Understanding Cloud Connector Edition Auto Recovery

Key Points on Auto Recovery

  • Cloud Connector will try to automatically recover an appliance if the Cloud Connector management service detects a service is not running.
  • Detection: Process for detecting an appliance status runs every 60 seconds and status is updated in the online tenant and cached locally in “CCE Site Directory\Site_EdgeFQDN”.

Monitoring: The following services are actively monitored:

  • Mediation Server: RTCSRV and MEDSVC
  • Edge Server: RTCSRV

To manually recover the appliance, first review the Cloud Connector management service log for details on what prevented automatic recovery from being successful.

If the current version of the appliance cannot be recovered, run Switch-CcVersion to switch to the backup version. After the backup version is confirmed running, uninstall the non-working version with: Uninstall-CcAppliance -Version “# of non-working version”.

Note that when the backup version is running, there will be no High Availability support due to inconsistent running and Cloud Connector script versions. Update to the current version as soon as possible, either by modifying the auto update schedule, or manually. For manual update instructions see Upgrade a single site to a new version in the Cloud Connector Edition configuration guide.

Cmdlets to check versions

  • Installed Cloud Connector script version: Get-CcVersion
  • Appliance running version: Get-CcRunningVersion

Useful References

RSS Feed –

Upgrade to a new version of Cloud Connector

Modify the configuration of an existing Cloud Connector deployment