Understanding Media Flows in Microsoft Teams and Skype for Business BRK4004 Summary

Following ignite there’s a ton and awesome content and session recordings to watch so this today i saw Thomas Binders session on “Understanding Media Flows in Microsoft Teams and Skype for Business” and thought this should be a goodie.

Great session by Thomas Binder and there’s a ton of awesome information and tips on media flows and understand media / transports relays and the difference between Skype for Business and Teams. Its amazing just how much happens under the hood that users never see just how SfB and Teams finds the best media path, codecs to set up and have a best quality call possible with client connected everywhere. Towards the end great tips on tools to use to read logs and traffic and troubleshooting.

Hot TIP with teams logs towards the bottom of the highlighted Yellow is how to format Teams logs to noted with line breaks “\r\n this is line break so replace with “ “

Thank you Thomas for this great session! there was a lot of applause at the end and well deserved!

Lets go!

Reference URL – https://www.youtube.com/watch?v=aD5mUg2ZzLQ

image

Done this session a couple of times for SfB before and opens questions the audience

image

image

Key Learning’s!

  • understand traffic peer to peer,
  • great to have local internet breakout and not all traffic to central locations,
  • stress UDP ports 3478, 3479 these are critical

image

image

Not taking about signalling, its all about media

image

Candidate is combination of IP and port and allow other peer to connect

ICE – uses two techniques, STUN and help to transverse a net device, TURN – relay technique. two types of relays., media relay and transport relay.

image

Two endpoints that need to communicate

First they need Signalling to say “Hey I’m here”

image

Here we have signalling via Office365

Call could be audio, video or desktop sharing

If they want a call we want to send as direct as possible, they could be in same site or same office or across floor but the network is directly routable.

image

They have devices that don’t allow direct calls.this is a problem.

image

Then theres Charlie’s,  outside the network as well

image

Firewalls also may not allows direct communication from external clients on internet to internal clients. Charlie to Alice

image

image

Now we need some logic that helps to establish all the different call flows

lets break down

NAT

image

NAT – Network Address translation

Example at home you can have lots of different devices, Xbox’s, PlayStations, pcs with internal ip address all sharing a single public ip address. Your router does the NAT. Great as it provides security as well as unknown traffic to your ip would get dropped is not requested.

image

  • Control traffic that’s coming
  • Additional features, deep packet inspections and proxies
  • Sharing of IP Addresses

HTTP proxy servers

image

Now HTTP proxies

  • Bad for Teams and SfB as doesn’t allow UDP only HTTP will always use TCP
  • UDP preferred for real time
  • may corrupt packets
  • block traffic or slow down
  • real time may not be real time if any latency added

image

The solution is ICE, STUN and TURN!

image

image

First there’s signalling that goes via the Cloud

  • For SfB signalling is done via SIP
  • For Teams is not SIP its REST API via https and web sockets for more persistent comms no more sip

BUT

In terms of ICE very similar

image

  • Now we have STUN and TURN server these are servers and function as a relay if client wants to talk to someone but cant it can use stun and turn server as relays
  • also same time helps us find our public ip address and will allows net to allow incoming traffic
  • client sends packet to relay servers and allocates candidates and sends back packet and knows my public ip is this and then client knows this is my public ip and maybe i can accept traffic there

image

image

and ICE

image

  • Calls to PSTN via Office 365 uses ICE
  • ICE used for all real time modalities
  • Teams we upload files to OneDrive for Business

Relay – very important for ICE negations

image

Two types of Relay

  • Media relays
  • transport relays

Media relay component built for Skype for business server and was the edge server and was moved to the cloud but wasn’t built for the cloud so a cloud solution was born

Transport relay built for scales and more flexibility

image

Media relay static in one DC, if your in Orlando and media relay in Europe traffic travels back to Europe to use the relay.

Transport Relays – much smarter and uses dynamic discovery via anycast

travel to orlando i can use transport relay in the US not Europe.

image

image

Important for local internet connections as you may not be able to take advantages of the transport relay and keep traffic local.

image

View the other two ignite sessions as well

image

  • Media relay same UDP ports
  • Transport relays uses different UDP port per workloads

image

Skype for Business uses Media Relay

Transport Relay in progress with SfB but is in use with Teams

Teams always transport relay!

image

  • One IP for all Anycast servers
  • and closest servers is always used with least hops
  • based on endpoint location and privacy boundaries
  • US government cloud uses only US
  • Tenant in EMEA
  • all traffic encrypted with Key

image

based on ECMP and how can easily distribute load

super easy to manage

image

image

5 phases of ICE

1. request credentials

2. candidate discovery – once i know where i can be reached i send to client

3. candidate exchange and try to establish connection

4 connectivity Checks

5. candidate promotion selects best media path

image

Sign into service, from signalling learn a relay configured for me

image

SfB Online using Media relay or Lync 2010, Lync 2010 always uses media relay

image

Option 2 SfB Online, Lync 2013 or never

image

Teams always uses TRAP!

First Demo!

Snooper

image

Shows different sip dialogs and left SIP header and on the right the details

Look for MRAS

image

First incoming 200 OK – in band provisioning

image

Learn Audio ports range

Interested in MRAS, here we have a relay configured. Office365 should always have this!”"

image

Next Service request and there is a relay configure with credentials

image

Valid for 480 minutes – 8 hours (SfB)

Teams valid 24 hours

Next Credential Response

image

Here’s the credentials and used its own certificate to create this and if relay used it will present this

Media relay list

image

Learn what media relay is, username and password and ports to use

image

Only one relay listed and Office365 will only show external media relay

That’s was for SfB but for Teams its more tricky!

image

For teams there’s is no nice tools to read logs, all traffic is https and sometimes web socket. You need to trust the certificate and it does a man in the middle attack.

Charles web proxy, Charles has a sequence view and structure view

image

image

image

image

address is not a fqdn its an IP Address, different to media relay

Just tell the IP directly so faster

image

image

  • Now i need to discover my ip addresses
  • first candidate is always the local interface address
  • then ask the relay and allocated candidate for me
  • and then relay sends its candidates

image

then the same for TCP

image

Always prefer UDP but can use TCP as its better than no call at all!

image

3478 no matter the workload in TEAMS at the moment! 4478 listed above should be 3478 mistake on slides here

Candidates

Some SfB workloads always use TCP! 1:1 file transfer and desktop sharing via RDP

image

image

image

  • send message to peer i want to talk to
  • then other endpoint will do the same with where they can be reached
  • then person picks up and this is the endpoint were talking to.

Lets look at these logs

back to snooper

image

We can see here Martin calls Thomas by the invite

image

we can see this was an audio call and the candidates

image

scroll down and there’s more information

we can see the codecs Martins supports

image

let look at the candidates again

first one are 1 and 1 candidate come in pairs, one for RTP and one for RTCP

image

then UDP

image

Then priority – the higher the number the more i want to use this candiate

image

Then IP Address

image

This is this IP of this actual candidate

then ports

image

then Type

image

here we have host and we know this is the local ip address of the endpoint!

there are other interesting types

image

there srvflx  raddress this is where i send a packet to the relay and the relay says the address is the following

image

then the ip address matches host address and relays says when you send messages from 192.168.1.110 the address is coming from 91.205.175.103

image

then relay address

image

if i can establish direct connection or srvflx address other may be able to talk to my relay address

also IPv6 candidates

image

TCP passive and active candidates

image

TCP passive will be able to received traffic as well, active and passive will match each other

overall looks

image

now theres session progress 183 session progress – back from called progress and here my information

image

There two here but Why ?

We see one from Skype for Business

image

and the other coming from SfB but an android Phone

image

user has more than one device we establish media session with all of them

now incoming packets there are no more pairs

image

here we have rctp mux (multiplexing) so i send old version and hey i know the new version as well.

image

and another thing that’s interesting is the encryption, so we can see hear cypto and suite and key this is how the two endpoints encrypt the traffic they will via the secure signalling channel and let each other know which cipher and only the two endpoints know how to encrypt the traffic, the relay never sees this and just passes them on.

image

image

MRAS allow endpoints to allocate candidates

No encryption of traffic

image

Connectivity Checks

Now each one know where the other one can be reached and will determine all possible udp and tcp ports pairing

IPv4 and IPv6

For SfB relay can bridge TCP and UDP, is SfB can only talk TCP and the other UDP and TCP the whole call needs to be TCP.

In Teams one can talk UDP and the other TCP and the relay will translate

We found out which candidate pairs work and prioritising and most optimum and that’s the one we use for the call

we can not see this for snooper or Charles

image

After other person picks up and identified best candidate and then we can see which one

IPv4 over IPv6

UDP over TCP

Prefer more direct path

See re invite in logs and there’s only one candidate that will be used for this call

image

TCP very good protocol as it protects against lost packets and lost information, if i send packet i will get acknowledge and if i don’t get it i wait then resend the packet but this times time and in real time comms we want to make sure traffic sent gets there as fast as possible, we don’t like lost packets but packet may contain 20ms of voice you may not hear that and codecs are smart and can recover

TCP adds lost packets , delays and can cause

UDP fire and forget approach ideal for real time communications

image

lets look at final candidates

before that lets look at teams candidates

In Charles search for a=candidate

image

image

select conversation

image

its one super long line !

image

\r\n this is line break

copy and paste into text editor and replace \r\n with line breaks and this gets you the below

image

not super nice to read but

scroll down and we can see info on codecs

image

look similar BUT

based on relay candidates it will use ports based on workloads

image

here we have 3480 not the high ports

image

other interesting thing all relay candidates will come with MTRUN ID this is security and who can access my service, in SfB we use the huge port range and when someone wanted to allocate we randomly picked one and gave some security and was opened for short time, it was additional, but if we use the same port for connections they can go there but they can as they need a MTURN ID to connect to that port.

image

back to snooper for final candidate for SfB

search for a=remote candidate

image

contains 1 candidate

image

and its the prflx candidate mean relexivate and who ever im talking to they are talking to my net device and relexative, IP the same as the reflexactive but port is different.

image

if we look at 200 OK

image

we can see here remote candidate is the relay, this client is talking to the relay.

image

we have talking from the calling person to the relay of the called person and theres one relay in the media path. we can understand how traffic is flowing.

Call Flows

image

image

mentioned before we have 1:1 call we want to send as direct as possible, different if meeting as the cloud needs to mix

We have two SfB clients and there own relays with 443, 3478-81

Both connect to relay allocated candidates port 433 TCP or 3478 UDP, for udp it will then be redirected on workload 3479 for audio

image

next try to establish direct call as best option

image

same time they try to talk via the relay

image

and now the calling client try’s to connect to called clients relay on the 50k port range as that was candidate allocated for me

then we do the same for the other relay

image

If all work then Fantastic and we can pick direct

if direct doesn’t work we pick the relay of the called client or if that doesn’t work we use the calling client relay

and if both don’t work then the relays need to talk to each other! this is why its still useful for SfB if the 50K is still open! if you have 50k port range open then calls can establish for one relay if you close 50K port range as Microsoft recently said its not required anymore then you have two media relays in the media path

image

Looked at the difference for quality if you close 50K and its not that big of difference, calls setup may be quicker, if you don’t have them open its seems not essential BUT if they are already open then no reason to close them.

TEAMS

Similar concept

image

they connect to relay on 443 TCP or 3478 UDP, they connect to their own relay always talk 3478

test direct

image

Then the other one via relay on 3479 – 3481 depending on workloads

image

other relay will be tested

image

and if all of that doesn’t work they could still talk to each other

image

SfB and Teams side by Side for 1:1 (Peer to Peer)

image

SfB – Client to Service

image

Mediation server or conferencing server

Mediation servers on right side as its internal to network

Client talks to its own relay 443 tcp , 3478-81 UDP

image

server does the same

image

now the client will try and talk directly to the server and if not firewalled this may be possible but cant be guaranteed

image

If it doesn’t work then we would use relay of called endpoint which is the servers

image

If that doesn’t work we can talk to the realy of the end user

image

you should not see two relays as the 50K port range is open as ports the cloud service

Teams: Client to Service

image

Teams client allocated candidates

image

The service will never allocate candidates as we know the service can talk its relays, it doesn’t needs its own relay

again we try direct connection, if direct works

image

The Teams client we talk to assigned transport relay and the service component will talk tot the same relay

Bring that all together! in single table

image

Left we have workloads, allocate candidate, audio, video, desktop sharing

Teams, SfB, service port media relay, transport relay

SfB Client port while i allocated candidates will honour client ports per workload, and all of this if i can have media relay to 3478 UDP or transport relay also to 443 tcp and be redirected and once sfb establishes audio send to 443 tcp / 3478 udp , transport relay 3479 udp for audio.

Teams client source port will always 1024 and up plan to change this and have similar to SfB so you can look at traffic and see what workloads

Teams client to transport relay it will be UDP 3478 always and plan to change this and you can look at source ports to destination port. still working on this.

image

Direct is required, every client needs to connect direct to Office365 so they can establish media path, talk direct to transport or media relay

  • no proxy
  • no shaping
  • no deep packet inspection
  • If possible use local internet breakout and go to shortest route to transport relay and route over Microsoft network.
  • Prefer UDP over TCP – better for real time
  • TCP can be used as backup and in SfB used for some scenarios
  • Important to look at documented list of IPs and FQDN to open environment to
  • aka.ms/o365endpoints
  • quite a list and is updated a lot, subscribe to RSS feed!
  • Open UDP ports

If people have SfB a year ago for media open 443 (not changed) or 3478 but in the past we didn’t need 3479-3481 UDP these may not be open

Problems seen with transports relays and client try 3478 and works and then allocate candidates and talk to this IP BUT on port 3479 or 80 or 81 which could be blocked. Firewall may block this and UDP will FAIL ! now media will go over TCP! no one will call and say calls wont work but quality may be worse!

Be sure all UDP ARE OPENED!

image

Skype for Business Hybrid you need your on premises servers needs to talk to Office365 they don’t need the new ports 3479-3481 just for client to service.

Edge server will still talk 3478

Tools and Troubleshooting

image

image

SfB super easy! Uccapilog.log and have snooper

Teams – not so easy!

Need to do trick with local proxy, man in middle attack, collect traffic, examples are fiddler and Charles proxy.

SfB turn on logs

image

may need to delete logs, sign out and sign back in, start with clean logs

image

image

Search tips

a=candidate

a=remote-candidate

when reproduce problem and you want to see a=candidate sometimes after someone answer it may take 7-10 seconds for this so recommend to leave call running for 20 seconds then disconnect calls so can makes sure final candidates are there.

Reason for that is when other person picks up we may not do call over optimal candidate, in background may be talking for better connection and then switching to better connection.once final candidate pair is listed it wont change.

image

Tips to configure, web sockets can be very persistent and in test had hard time to capture them each time and then close Teams and start and sometime would see it and sometimes not.

How teams does it today but it may CHANGE!

image

Also CQD Call quality Dashboard, after every call over signalling it logs the call quality experience, IPs, ports,

image

can look at data and create filters and look at UDP calls and TCP calls, shouldn’t see a lot of TCP calls,

Practical guidance on CQD.

image

image

Filters created on this example as below

image

then report created

image

lots of TCP but that’s on App sharing so that’s expected in SfB

very few session using VBSS and it seems a lot of RDP going on, could be giving control or old clients.

image

you can investigate client types and check if client support only RDP

image

Other report with filters applied on the left

image

subnets replace to hide customer data

can compare subnet by number of TCP and UDP

find top offending subnets and find out why so much TCP traffic

image

Test that ports are open

SfB network assessment tool send real media to transport relay and collects information on jitter, delay and packet loss.

However SOON new version will be available to test connectivity for TCP and UDP ports! run from pc and find can it connect to required ports

image

image

image

Tests all the ports against set of IPs and downloaded at run and always up to date IPs, any connectivity issue this tool is great to run on PC and test connectivity

might be situations where connectivity is working but something in the way may corrupt packets

IF the tools worked then perhaps trace a call

Resources and summary

image

image

image

  • Now we understand the challenges
  • find most optimum media path
  • use tools
  • Traffic peer to peer
  • client to server
  • Leverage local internet if possible
  • Open 3478-3481 UDP on firewall !

image

Advertisements

Skype Academy Presents Upgrading to Skype for Business Server 2015 Video Summary

Following on from the SfB Hybrid video summary i wanted to view the upgrading to SfB Server which may be a consideration first before moving to Hybrid or moving to SfB Online. Its old news but hopefully this may be helpful and I’ve added some more info and links in as well to help with upgrades and planning.

This video is part of the great content on the Skype Operations Framework in the Skype Academy here

Its a great video showing supported methods for upgrading to SfB Server with InPlace, side by side and details on moving from SQL Mirroring to SQL AlwaysOn Availability Groups which is useful. So lets take a look.

image

This is the December 2016 video and starts with a training disclaimer and content is subject to change.

image

Agenda

image

Upgrading

image

SfB Server has the same hardware requirements as Lync Server 2013. Great news.

Two supported Migration methods

  • InPlace
  • Side by Side

If you have Lync Server 2013 it says its recommended to use InPlace upgrade path but it does require CU5 released in August 2014. I would recommend myself always having the latest CU in place. You can use Side by Side as well and if your using Lync Server 2013 are using Windows Server 2008 R2 i would recommend using Side by Side and moving to Windows Server 2012 R2. Do you really want to bring 2008 R2 with you ? Windows Server 2016 support for SfB Server is not here just yet but is coming soon.

Lync Server 2010 – No support for Inplace upgrade so side by side is the only method. This is the same process as it was with migrating from Lync Server 2010 to Lync Server 2013.

Side by Side is where you deployed new hardware with SfB Server 2015 installed and migrate all users and services from your old Lync Server 2013 servers to SfB servers and then decommission the old Lync Server 2013 environment.

InPlace upgrade allows you to Upgrade your servers from Lync Server 2013 to Skype for Business Server 2015 so you dont need to purchase or set up additional servers and set up all the prereqs like networking, firewall ports, dns that comes with a new deployment.

Please note there are some reasons when it may not be recommended to use InPlace upgrade with Lync Server 2013 event though you can. For example old hardware and also if your using Windows Server 2008 R2. With InPlace upgrade you have two inplace upgrade methods / modes Online and Offline. These are mentioned below in more detail.

Tri-existence – You cant have a Lync Server 2010, Lync Server 2013 and Skype for Business Server deployments in your topology at the same time and topology builder will stop you. You will need to move or consolidate to a single version. You will see an error.

Good diagram on this from TechNet here

A diagram showing coexistance support for Skype for Business Server 2015 with either Lync Server 2013 or Lync Server 2010.

image

Consolidation Steps if you need them

image

InPlace Upgrade

image

Touched on this earlier

Main benefits

  • Preserve hardware
  • No network changes required for new firewall ports, IPs, DNS
  • Smoother upgrade methods
  • reduced costs

Modes

  • Online -  can be used if you have two pools and you can move existing users to your second pool and then upgrade the empty one whilst your users are all working off the second pool. Ensure your second pool can handle the load of all users.
  • Offline – Do the upgrade out of hours and leave users in place.

Offline allows for more time ive found and i have had a couple of issues that needed troubleshooting with inplace upgrades (ive put links below on these) before like missing dbs which cost time. I would plan careful and dont assume just because it will upgrade for you that it will be quick and easy. Planning your InPlace upgrade is key and have an InPlace upgrade Plan first before jumping in. Planning steps are here on TechNet

image

Take note of the recommendations

  • Do not unpair pools if using Pool pairing
  • No pool failover
  • Upgrade from inside to outside – start with Front end pool and then edge pools.
  • If you have LRS Admin tool deployed in front end for managing Lync Room systems you must remove and replace after upgrade with SfB server version here

image

  • SBS’s and SBAs DO NOT support inplace upgrades ! Below is from technet here
  • Sonus SBA upgrade information here

Upgrade process with existing Survivable Branch Appliance and Server

Skype for Business Server 2015 doesn’t support an In-Place Upgrade of a Survivable Branch Appliance (SBA) or a Survivable Branch Server (SBS).

However, we do support coexistence of Skype for Business Server datacenters with Lync Server 2010 or Lync Server 2013 SBA/SBS.

When planning for an In-Place Upgrade of a Lync Server 2013 Front End (FE) pool with an associated branch, you can leave the existing users on the Lync Server 2013 SBA/SBS. During the upgrade, the SBA/SBS users will go in resiliency mode and will return to normal functionality after the upgrade has completed. For more information about the users’ experience during the resiliency mode, please see Branch-site resiliency features in Lync Server 2013.

When migrating a Lync Server 2010 topology to Skype for Business Server 2015, the SBA/SBS must re-added to the topology, similar to the migration to Lync Server 2013. For the required steps, please read Connecting Survivable Branch Appliance to Lync Server 2013 Front End pool.

For co-existence topologies of Lync Server 2010 and Lync Server 2013, align first to the recommendations made in the section ‘Support for coexistence with Lync Server 2013 and Lync Server 2010’.

Also to consider from TechNet here

Upgrade order

Upgrade the topology from the inside to the outside. Upgrade all your pools first, then the edge servers, and finally the Central Management Store (CMS) pool.

Kerberos authentication considerations

If you use Kerberos authentication for Web Services, you must reassign Kerberos accounts and reset the password after the In-Place Upgrade is complete. To learn how to do this, see Setting up Kerberos authentication.

Online mode Steps

image

Upgrade Steps

image

Great steps as well here on TechNet

Install Prerequisites is very important

Step 1 – Prerequisites Install

Get these right early as it will stop you when you get to upgrading as it runs a validation check before the upgrade.

image

  • Lync Server 2013 CU
  • SQL 2012 Express SP 1
  • Windows Server Hotfixes
  • Also at least 32gb of available disk space is required as well

More details from TechNet here

Before upgrading please install all new prerequisites required for Skype for Business Server 2015 which include:

  • At least 32GB of free space before attempting an upgrade. In addition, make sure that the drive is a fixed local drive, is not connected by USB or Firewire, is formatted with NTFS file system, is not compressed, and does not contain a page file.

  • PowerShell version 6.2.9200.0 or later.

  • The latest Lync Server 2013 Cumulative Update installed.

  • SQL Server 2012 SP1 installed.

  • The following KB’s installed (installed automatically if using Microsoft Update):

Also which seems to get missed from document is the new requirement for 32Gb of available disk space. This also affects CU updates as well now. So its worth checking your disk space before upgrades as well. I ran into this here

Step 2 – upgrade and publish topology using SfB topology builder

image

Have to use SfB Topology Builder YOU can not use Lync Server 2013 Topology builder.

image

image

Step3 – Stop services on ALL on the servers in the pool being upgraded

image

Step 4 – run setup.exe to upgrade server

image

Failure Examples

image

  • Updates failures
  • Services still running
  • PowerShell still running and open

image

image

Step 5 – Time to start services and you can now use the new cmdlet Start-cspool

image

Side by Side Migration

image

Build new pool, test, move users to new pool, decommission old pool.

Any old OAuth configuration needs moving to SfB Server prior to decommissioning.

image

SQL Server Availability Groups

As Part of the upgrade process with SfB server you may have to consider moving from SQL Mirroring if you are using it for database HA but you dont have to. SQL Mirroring is still supported with SfB Server but its common knowledge at some point SQL Mirroring will be deprecated but no one seems to now when. For the moment its all ok.

Below is useful information on moving to AlwaysOn Availability groups and always known issues which is helpful to review.

AlwaysOn Availability Groups are only supported with SfB Server NOT Lync Server and its great this is a supported HA method as it give more choices when deployed SfB Server. The biggest things i see is the requirement for SQL enterprise which is more expensive than SQL Standard which you can use with SQL mirroring but SQL mirroring is going away some time and its old HA SQL method so take all that into to consideration as well. Customers also may have AlwaysOn as their SQL HA standard so this fits in well now.

image

image

Requires SQL Server 2012 or 2014 SP1 Enterprise Edition

Only supported with Skype for Business Server Pools NOT Lync Server

Backup backup backup

image

Migration steps for SQL Mirroring to SQL AlwaysOn

image

Backups are key!

Lets look at each step

Step 1 – failover all databases to the primary SQL Server

image

Step 2 – Uninstall each database type and drop databases on MIRROR server

image

Step 3 – Disable database mirroring and publish the topology

Verify using SQL Management Server

image

Step 4 – Enable AlwaysOn Availability Groups

image

image

KEY points to note here!

image

image

image

image

image

image

image

image

Step 5 – Create AlwaysOn Availability Group for the existing backend databases

image

Step 6 – Add new SQL Store using the FQDN of the Availability Group Listener

image

Step 7 – Associate the pool with the new SQL store and publish the topology

image

SQL AA Known Issues

Better to know about them now and how to workaround them.

image

Issue 1 – Client goes into resiliency mode after failover

image

Logs missing from primary to replica

Issue 2 – CMS blocks upgrade to AlwaysOn

Key point to note here if the CMS is located on the SQL Mirror you want to move to AAAG.

image

Issue 3 – Cannot create listener – Connection Failure

image

Issue 4 – Create single replica Availability Group

image

Summary

image

image

image

Resources

image

Links

https://technet.microsoft.com/en-gb/library/dn951396.aspx?f=255&MSPPError=-2147217396

https://technet.microsoft.com/en-gb/library/dn951371.aspx?f=255&MSPPError=-2147217396

https://blogs.technet.microsoft.com/uclobby/2013/09/11/lync-server-2013-cumulative-update-list/

https://support.sonus.net/display/UXDOC50/Skype+for+Business+-+Best+Practice+Upgrade+to+Skype+for+Business+2015+SBA

Some great community blogs with InPlace info

https://ucgeek.co/2016/11/finer-details-skype-business-place-upgrade/

http://www.skypeadmin.com/2015/08/27/please-dont-in-place-upgrade-your-lync-os/

https://blogs.msdn.microsoft.com/mvpawardprogram/2015/12/22/upgrading-from-lync-2013-to-skype-for-business-server-2015-what-you-need-to-know/

http://windowspbx.blogspot.co.uk/2015/04/step-by-step-skype-for-business-server.html

https://ucmart.uk/2015/09/04/skype-for-business-in-place-upgrade-reassign-kerberos-account-and-password-reset/

https://ucmart.uk/2015/08/27/skype-for-business-migrate-lync-2013-persistent-chat-to-sfb/

https://ucmart.uk/2015/05/02/skype-for-business-inplace-upgrade-step-by-step/

https://ucmart.uk/2015/05/01/skype-for-business-server-2015-inplace-upgrade-requires-32gb-of-available-disk-space/

https://ucmart.uk/2015/05/02/lrs-admin-portal-after-skype-for-business-inplace-upgrade-cant-reinstall/

https://ucmart.uk/2015/06/18/skype-for-business-edge-server-in-place-upgrade-error/

image

Skype for Business Mac Client December 2016 Update Summary

There’s been an update announced for the Skype for Business Mac client that I’m sure users will be delighted with and that Desktop Sharing is here !! but its noted as in Peer to Peer Audio calls and also Video Based Screen Sharing for Skype for Business Online is here as well. A link to SfB blog post is here

The blog has screenshots of the desktop sharing feature and link to Skype Academy video but the video seems to be still on the November update even thought its titled December 2016, i guess this will be updated very soon.

This follows the recent cumulative update last month for the Mac client so the second update to two month is very welcomed and show just how invested Microsoft are with the new SfB Mac Client.

Noted on the blog post is that the December updates bring

  • Audio calls now support desktop sharing
  • VbSS viewing for Office 365 online users
  • Single Windows Mode for 2013 Server users
  • Several other improvements for the client

I think one of the most asked questions from users was the missing desktop sharing as its a feature i used and i know many many people do every day.

Manual Download to new Update

https://www.microsoft.com/en-us/download/details.aspx?id=54108

Version Number

With December 2016 update – 16.2.0.145

Features Added

Features Added Details
Audio calls now support desktop sharing The ability to share desktops in P2P communications has been asked for by many Mac users. As part of our first step to get this feature enabled, we have enabled sharing during an audio call. In the first image, the Mac client has shared their desktop during an audio call. The second image shows the same share from a Windows client perspective. We know there is more to do and it’s on our roadmap to further enhance this experience.
VbSS viewing for Office 365 online users In September 2015, we announced VbSS and added this improved form of sharing to the Windows client. Over the course of the last year we have enabled many of our clients.  And now, it’s available for the Skype for Business on Mac client. This mode of sharing performs better, supports higher frame rates, and the setup time is faster than RDP (our original approach to sharing). In this release, we have specifically enabled viewing using VbSS. If others share using VbSS, the Mac client will also use VbSS to view. If the Mac user wants to share their desktop, they will use RDP to share. We also have VbSS sharing on our futures roadmap and will let you know when that is enabled.
Single Windows Mode for 2013 Server users This has been a very popular ask by many of our customers. This allows the user to see their active IM conversations in a single window (with tabs). We have now added this feature for Lync 2013 Server customers. You will just need to enable the policy “EnableIMAutoArchiving” to enable for users on this release
Several other improvements for the client References release notes for the client but still looking for this.

Known Issues – Its worth reading over these !

Known Issues link for the Mac Client is here and was last updated 12/12/2016.

I recommend reading the known issues list as there’s quite a few two important ones are E911 support requires latest Server CU and Mobility is required unless you have applied the latest Server side CU. More details are below in the update information.

https://support.office.com/en-us/article/Known-issues-Skype-for-Business-on-Mac-494ac5d5-50be-4aa7-8f5a-669c71c98c9a?ui=en-US&rs=en-US&ad=US

 

How do i update ?

Two methods which are the same as the previous updates.

  • Either using the Microsoft AutoUpdate (MAU) if you have already deployed the SfB Mac client already Smile
  • Or for new users a manual download via Microsoft download centre here

Do i need to update Lync / SfB Servers ?

For the December update the requirements server side are the same as November SfB Mac Client Cumulative update but on the known issues page there are two important things to note, the first around E911 support which is very important and the second the requirement for mobility to be enabled if you dont have the lastest CUs deployed for Lync Server 2013 or SfB Server 2015. Details are below.

  • 911 support requires Skype for Business Server 2015 CU4 (build 9319.272 or higher, now available) or Lync Server 2013 CU8 HF2 (coming soon).

Important: Users will not be able to dial 911 until the CU4 server update is applied.

  • Without Skype for Business Server 2015 CU4 (build 9319.272 or higher, now available) or Lync Server 2013 CU8 HF1 (build 8309.973 or higher, now available), Skype for Business on Mac requires Mobility enablement on the server side. After updating to builds 9317.272 or 8309.973, Mobility enablement will no longer be required.

It does note under the manual download detail that’s its recommended for the best user experience to ensure customers are running the latest Server side cumulative updates which are November 2016 for both SfB and Lync Server 2013. Or it mentions move to Office365 for always up to date infrastructure which made me smile. Downloads link are below.

  • SfB Server 2015 (9319.272 ) – November 2016 CU4 here
  • Lync Server 2013 (8308.974) – November 2016 CU8 HF1 here
  • Lync Server 2010 – SfB Client not supported I’m afraid so it suggests Mac 2011 client only.

Screenshots of update Process and desktop sharing feature

Booted my Mac up, SfB client signed in and i already had a notification that an update was available. Smile

image

So ill click restart app and it closed and started the update

image

Click close to the notification

image

Open SfB

image

and im done ! nice !

image

So for desktop screen sharing tests i needed to call on a friend luckily Mark Vale was free Smile and thanks for helping Mark.

So i Started a Peer to Peer Audio Call

image

image

Screenshot from Marks Windows Desktop Client with me sharing on Mac

image

We couldn’t give control but its a great start.

So desktop sharing is just desktop sharing at the moment and only in a peer to peer audio call.

References

https://techcommunity.microsoft.com/t5/Skype-for-Business-Blog/Skype-for-Business-on-Mac-December-Update-available-today/ba-p/35161

https://www.microsoft.com/en-us/download/details.aspx?id=54108

https://www.microsoft.com/en-us/download/details.aspx?id=54108

https://support.office.com/en-us/article/Known-issues-Skype-for-Business-on-Mac-494ac5d5-50be-4aa7-8f5a-669c71c98c9a?ui=en-US&rs=en-US&ad=US

Skype for Business Meeting Invite formatting updates Summary

Looking over the Skype for Business SOF Blog the last post is regarding Meeting invite updates for the windows client and some new and i think welcomed formatting changes.

To check out the full post go here

Microsoft note based on feedback some new updates to meeting invites are here, so lets take a look.

The first

The Join by Phone Section

Now creates a hyperlinks including the dial in numbers and a pause and then followed by the Conference ID and then a pound sign ! nice!

image

This noted especially useful when joining conference using a mobile phone without the SfB app so going old school pstn call only, how many times have you tried to join you first grab the number then you need the code and then you cant remember and then wished you wrote in down but don’t have a pen lol.

Requirements for this are

  1. For an online user (hosted in Office365), the meeting organizer needs a license for Cloud PSTN Conferencing (CPC). They also need to be leveraging Dynamic PSTN meetings.
  2. For an on-premises user, no requirements are needed server-side.
  3. Limitations on Outlook Client versions are as follows:
    • Outlook 2016 Click to Run (C2R) installs only. Minimum version 16.0.7369.2038 (Current Channel – October 2016).
    • Outlook 2016 MSI installs will not work.
    • Outlook 2013 C2R and MSI installs will not work.
    • The meeting needs to be created using Outlook Client. (Outlook Web App [OWA] won’t work)

I noted in the title of the post also that this is for Windows clients only so looks to not apply to the Mac client im afraid.

 

The second of the changes

Meeting Join URLS

There’s a hyperlink for joining with the web app in the invite Smile 

image

This is a very requested features and reduced the need to tell people “can you copy the meeting url from the invite and then add ?SL=1, usually followed by “ do what !”

So you get an meeting invite like below

https://meet.lync.com/ucmart/martin.boam/7nhbtzz1

then copy the url and add ?SL=1 and add that in your browser, this forces the Skype / Lync Web App to launch to join the meeting instead of the client.

https://meet.lync.com/ucmart/martin.boam/7nhbtzz1?SL=1

Now this is also included in the invite under a Trouble Joining? section and Try Skype Web App.

 

I think both updates are a great for users and have been a long time coming but i think they will be welcomed by all, anything to make life easier as well.

Skype for Business Mac Client CU1 Update Summary

Yesterday Microsoft announced Cumulate update 1 for the Skype for Business Mac client which is very welcomed I’m sure ! Check out blog post from Msft here

So what’s new features and improvements has this brought to the Mac client I’m sure is the number 1 question !

But also lets not forget known issues and workarounds, one which is interesting is with single / tabbed conversations windows not available, this seems to be issue with the client not being able to detect if Server-Side conversation history is enabled and it wont default to a single windows experience. It does note to check preferences in the client. More details are below.

Tabbed conversations issue is also noted that it was allowed in previous client version to be used even if the back end infrastructure didn’t allow it previously and some users had message delivery failures and has resulted in this option being removed for some users so user may see conversation windows differences. Microsoft noted they are looking into this.

To use tabbed conversation in single windows its looking like you need Skype for Business server 2015 / SfB Online with Server-side conversation history enabled. To enable server side conversation history you need exchange 2013 or higher / Exchange Online. Also for SfB Server users server side conversation history has be enabled as well. So admins need to check this as well.

Requirements for single/tabbed window experience:

  • Skype for Business Online or Skype for Business Server 2015

  • Server-side conversation history enabled.

Features Added in CU 1

Features Added Details
Manage contact groups Skype for Business Online and Skype for Business Server 2015 users can now add and remove contact groups and enterprise distribution groups to their contact list.
Tag contacts for status change alerts Skype for Business Online, Skype for Business Server 2015, and Lync Server 2013 users can tag a contact so that they are alerted any time the status of the contact changes to online.

Improvements with CU 1

Improvements Details
Messaging Improved sender experience in the case when a recipient is unable to respond to incoming messages.

Fixed chat notification issues — In some cases, new chat notifications were not marked because the client assumed the user read them already.

Meetings Numerous fixes and reliability improvements so you get a more stable meeting experience.
General Calendar syncing issues fixed so at start up meetings can be retrieved correctly.

Sign-in bug fixes — some account types were not able to sign in.

Known Issues

Full list of Known Issues here

CU 1 Known issues highlights

Issue Details
Single/tabbed window experience not available

By default, if your topology meets the following requirements, all conversations will be shown in a single/tabbed window. However, there are cases when the client can’t detect if server-side conversation history is enabled and it will not default to single window view. This can be remedied by updating settings under Preferences.

Requirements for single/tabbed window experience:

  • Skype for Business Online or Skype for Business Server 2015

  • Server-side conversation history enabled.

Troubleshooting if single window mode is not available, check the following:

  • Preferences > General > Show conversation in separate windows is unchecked.image

E-911 with ADFS not supported This is a known issue and will be addressed in a future update of Skype for Business Server 2015.
Menu to add/rename/delete contact group are disabled right after adding a new group Workaround: Select any contact or group, and the menu will be re-enabled.
Expand/Collapse Group Chevron icon is out of sync with the list of contacts after minimize/maximize Skype for Business Workaround: Click on the chevron to correct the icon.
Adding a distribution group that has more than 100 contacts will result to 100 contacts only Workaround: To view the full member list of distribution group, use Outlook to expand the group.

How do i get the update ?

Two methods,

  • Either using the Microsoft AutoUpdate (MAU) if you have already deployed the SfB Mac client already Smile
  • Or for new users a manual download via Microsoft download centre here

Client Version number

With CU 1 – 16.1.0.456

Do i need to update my Skype for Business Server or Lync Servers ?

It does note under the manual download detail that’s its recommended for the best user experience to ensure customers are running the latest Server side cumulative updates which are November 2016 for both SfB and Lync Server 2013. Or it mentions move to Office365 for always up to date infrastructure which made me smile. Downloads link are below.

  • SfB Server 2015 (9319.272 ) – November 2016 CU4 here
  • Lync Server 2013 (8308.974) – November 2016 CU8 HF1 here
  • Lync Server 2010 – SfB Client not supported im afraid so it suggests Mac 2011 client only.

Also i have found info on the mobility requirements on the known issues page which mentions the latest CU updates for SfB Server and Lync Servers and notes mobility is not required if the latest CU is applied.

Without Skype for Business Server 2015 CU4 (build 9319.272 or higher, now available) or Lync Server 2013 CU8 HF1 (build 8309.973 or higher, now available), Skype for Business on Mac requires Mobility enablement on the server side. After updating to builds 9317.272 or 8309.973, Mobility enablement will no longer be required.

 

Here’s some screenshots of Updates and improvements

MAU Update process for SfB Client

I had a new update for the MAU so updated this first.

image

image

image

image

It then opened and i checked for updates.

image

image

image

image

I quit the Skype for Business client as it was running in the background and selected retry

image

image

It checks for more update and its done.

image

image

You can check About Skype for Business for the new version

image

 

Improvements Screenshots

Contacts – Create new groups from menu

image

Add a name

image

image

Add to Contact list

image

You can move contacts by right clicking and moving

image

Had a bit of an issue when i tried to delete group by right click and option greyed out

image

Selected group and used Contact menu option and greyed out

image

this was an empty group so i thought lets assign a user and see what happens that didn’t work. I got an error message so i signed quit the client and restarted and its ok now. I did add a new group previously with the same name and got an error so perhaps this caused it. I did try to recreate the duplicate group name error and test deleting groups again after restarting but all was ok.

I tried again and it was ok.

image

Add Group with Same name i get error.

image

 

Tag for Status Change

Right click on contacts and you can select tag.

image

Once tagged theres a tick

image

Separate Conversations

It does seem like separate conversations is happening and im using SfB Online with Exchange Online.

image

Checked preferences

image

References

https://blogs.technet.microsoft.com/nexthop/2016/11/22/skype-for-business-on-mac-cu1-released/

https://support.office.com/en-us/article/What-s-new-in-Skype-for-Business-2016-cece9f93-add1-4d93-9a38-56cc598e5781?ui=en-US&rs=en-US&ad=US&fromAR=1#OS_Type=Mac

https://support.office.com/en-us/article/Known-issues-Skype-for-Business-on-Mac-494ac5d5-50be-4aa7-8f5a-669c71c98c9a?ui=en-US&rs=en-US&ad=US

Regionally Hosted Meetings Microsoft Skype meeting broadcast summary

Few notes from the Skype meeting broadcast from Microsoft on Regionally hosted meetings.

This is big for Office 365 and Skype meetings in Skype for Business Online as currently as all Skype for Business Online users are homed in one location where your office 365 tenant is. For example if you tenant if located in Europe and you have some users in APAC, when the APAC users schedule meetings these meetings are hosted on servers in Europe which is not optimal for media and is subject to network delays, packet loss and jitter and can result in reduced call quality.

Coming soon administrators will have the choice where users are located so users and meetings can be hosted regionally by assigning their users to different Office 365 datacentres. I think this is a great step forward especially for multi national businesses. Customers will still have a single tenant but will multi region support and flexibility to move users. There are a few points to note when moving users noted and below and also customers need to ensure their network is configured optimally to route traffic to the data centre in their region.

Data centre locations are shown below.

image

“Its more than just meetings” said Jamie Stark !

“Clearly the place where we see greatest impact”

Its still a Single tenant but with multiple data centre support and users can be moved between data centre. “Closer is better” was the phase.

meetings get better with regionally support

Example of todays architecture.

image

Contoso HQ is in LA but they have an Office in Sydney, Sydney users log into North America datacentre and have all their meetings hosted in NA.

Also noted in the diagrams is a second option some customers arae doing today and routing Sydney users internet break out across their WAN and then onto the NA datacentre. With regional DC support this architecture will not be optimal and will require changes to ensure traffic is routed regionally to the closest datacentre.

Cloud previously has one place for everything, now you can have your users in Australia data centre.

SfB online is in 20 Data centres now!

Below the Office 365 Datacentre is added for the customers tenant.

image

The admin moves users to Australia datacentre and the customer needs to ensure local internet breakout as shown below, this is key! So network architecture is key as well to ensure optimal routing to the local data centre.

image

This is the scenario that customer do not want as it wont be optimal as Sydney users are routing over the WAN to LA then back to Australia O365 datacentre.

image

Ensuring the network routing is optimal is key and the Skype operation framework will help with planning.

MCU cascading / Barbelling question from audience 

Organiser in Sydney, meeting hosted in Australia, for LA users they can connect in NA data centre and connect the media inside Microsoft network to Australia.

So custpmers route traffic to the local data centre and Microsoft will route all the media within their network between datacentres. This was noted to come next year.

Getting traffic locally in the cloud and route inside of Microsoft cloud to optimise meetings. This is great !

Microsoft will take on the bandwidth for you using their cloud. How do we get great regional access is key for customer to consider.

 

How do customers move forward today ?

This is preview now, sign in at https://www.skypepreview.com/ under NDA section

Out of preview end of this calendar year.

Limited availability to start with

Premier customers must call Microsoft support at end of the year,customer works with Microsoft to enable tenant to mutli region as listed as step 1 below.

Setting up

image

Microsoft Premier support will complete item 1

The customer must complete item 2

Hybrid – running SfB server and online you can move users with item 4.

What happens to existing meetings when moving users ?

How are meeting urls affected when moving? They require updating, today you use meeSfB ting migration tool as an end user to update previously scheduled meetings for example when adding pstn conferencing to your tenant or moving data centres /sip domain. Ive done a blog post on this tool here

SfB admins don’t love this as end user uses this tool, with the cloud if your exchange mailbox is in Exchange Online Microsoft can do this for you with their new Meeting migration SERVICE !

No longer a tool for end users, its a process on the back end ! “The Power of the cloud”

Exchange Online as mailbox provider only.

With Exchange Server on premises you have to still use the meeting migration tool. Another reason to move exchange to the cloud.

image

Also available this calendar year !

~This was branded the Meeting Migration Service Not tool !!! 🙂

Customers don’t have to be a regionally hosted meeting enable on tenant. Exchange must be on the cloud so meetings can be updated automatically in the back end.

One note If moving large numbers of users then new meeting invites will be sent out so admin must communicate this otherwises users may come in the next days and find a lot of meetings invites and wonder whats going on.

 

How regionally hosted meetings impacts ACP ?

ACP are third parties audio conferencing providers such as intercall, BT, PGi. ACP is not the Microsoft PSTN conferencing option.

The third party ACP users still needs the Meeting migration tool. Third party ACPs or on premise require the tool.

Second point for ACP tenants admins need to make informed choices when moving users as ACP providers may not be data centre locations where you can move users. If you move the users then ACP may break.

Microsoft will publish DC locations where ACP providers are located so customers are aware as not too move users where ACP providers aren’t located.

 

Tell me about Cloud PBX and On premises PSTN connectivity for regional hosted meetings users?

When released broad range of testing will be completed for CCE users. CCE users will have to wait till spring to use this. CCE will be available after extensive testing is completed.

Event Link to view recording whilst available.

https://join-beta.broadcast.skype.com/microsoft.com/053d4cd94f7649d3b3209524f06ee3ed/en-US/

Next meeting broadcast from Microsoft is on the new Mac client !

Skype for Business Meeting / Migration Update Tool

This tool has been available for some time and most often used to update meeting urls when migrating users from Lync Server or Skype for Business Server to Skype for Business Online. Also useful for adding PSTN conferencing details to SfB online meetings when enabling PSTN conferencing on your tenant / users.

When users move to SfB online their scheduled meetings include a Skype meeting url that must be updated as the user has moved to Skype for Business Online servers using different meeting urls.

All meetings must be updated after migration and Microsoft currently supply a tool for this in MSI form. Expecting users to do this themselves could cause issues and raised support requests. Other options are to manually reschedule and update your meetings.

This tool will find any meeting, update with new meeting url and also send out an invite to all participants for you. Sounds good anything to make life easier would be nice.

Its also noted being used to update all of your existing meetings after you are enabled for PSTN Conferencing in Skype for Business Online so you can add dial in details. It will update the Conference URL of the meeting as the phone number and conference ID that can be used to join it via PSTN Conferencing.

I believe Microsoft are looking at automating this into SfB Online as expecting the end user to use tool could end up with more work to your helpdesk and deployment people.

I came across an on premise sip address change and thought id try it out in this scenario as well and here’s my experiences of the tool.

 

Supported Operating System, SfB Lync Client and .Net Framework

Supported Operating Systems
Windows 10 , Windows 7 Service Pack 1, Windows 8, Windows 8.1

Supported Outlook clients
– Outlook 2013
– Outlook 2016

Supported SfB /Lync clients
– Skype for Business 2016
– Skype for Business 2015
– Lync 2013

.NET framework 4.5 or above

Note Outlook 2010 and Lync 2010 are not listed so this tool is not available for 2010 users.

Client Downloads

I first checked the prereqs listed above and meet them so i can use the tool.

Grab the client, for large deployment perhaps rollout the msi to the client instead of manual install due to admin rights issues etc.

64bit – https://www.microsoft.com/en-us/download/details.aspx?id=51659

32bit- https://www.microsoft.com/en-us/download/details.aspx?id=54079

Microsoft Instructions

https://support.office.com/en-us/article/Meeting-Update-Tool-for-Skype-for-Business-and-Lync-2b525fe6-ed0f-4331-b533-c31546fcf4d4

Install Client

clip_image002[7]

clip_image004[7]

clip_image006[7]

clip_image008[7]

clip_image010[7]

clip_image012[7]

Launch Skype for Business Meeting Update Tool

Manually open and run tool

clip_image014[7]

clip_image016[7]

Great its found me.

clip_image018[7]

Found i had two reoccurring meetings that require updating Smile

clip_image019

Click update

clip_image020

Both meetings updated marked in update status

clip_image021

After clicking finish run tool again and you should see the following.

“Your meeting links are up to date. You’re good to go!”

clip_image023

I updated my meetings, got accepts to the invites that were automatically sent and everyone joined the meetings fine so it worked a treat.

After meeting updates are all done you can remove.

Uninstall

Manual install for me using Open programs and features in control panel

clip_image025

Right Click and uninstall

For mass removal an automated removal of the client would be better. There’s no harm leaving it but once its used and updates meetings it mostly likely not be used again unless future sip domain changes or move to SfB online.