Wednesday, August 12, 2015

Skype for Business File Share: Failed to save permissions during Topology publishing

While your are installing and publishing a Skype for Business Server 2015 Topology, you have to create a File Share for all important services.

In this example the File Share is located on the same server which will later host the Skype for Business Standard Server. But in larger or other setup, where the File Share is located on SAN, DFS or File Cluster, you might experience the same issue.

File Share and Folder Prerequisites:

The share name can either a normal share as well as a administrative share$

Share Permission:


Folder (Security Settings):

SYSTEM and CREATOR: must be Windows Server defaultInstalling user: FULL CONTROLlocal Server Administrators: FULL CONTROL

Skype for Business Topology Builder:

Must be started with: "Run as administrator"

Example and problem description:

This example applies to a Windows Server 2012 R2, where we are installing in Single Domain Forest with an Domain Admin. The Domain Administrator Group was placed in the local Member Server Groups for Administrators.

Next step I personally do is setting the User Access Control UAC to NEVER, meaning switching it off entirely.

Next step after defining the Topology is going to publish it, either with the PoC's Standard Server or with the Primary Pool associated SQL Backend Store.
Doing so resulted in the describe issue below:

Role: FileStore:1
Acl: "Accesswrite" permission for "RTCHSUniversialServices" on \\fileshareServer\SkypeShare$
Acl: Committed permission changes for \\fileshareServer\SkypeShare$\WinFabDumpFiles.
ACLError: Access permission error.
Error: Failed to save permissions on \\fileshareServer\SkypeShare$

The funny part is, that most of the Directories where created successfully during this point.
Next important check are link with Lync 2013 the share permission, well EVERYONE is READ, and the local ADMINISTRATORS have FULL CONTROL, CHANGE and READ
Next to share permissions, we also have to check the file/ folder permission. Here the Admin we logged on with can normally stay in the permission for file7 folders, just as a test we removed the administrator from the tap.
This resulted in the normal issue with Windows Server 2012 and 2012 R2, where the Access Control prevents the user/ admin accessing this folder. Once you click the Continue button, the admin will be part of the permissions again.
Therefor I DID NOT ADD the ADMIN the permissions!
Than we executed the Topology publishing task again and ran in a very interesting issue:
Role: FileStore:1
InvalidFolder: Invalid Share.
Error: Caller does not have required permission to create directory \\fileshareServer\SkypeShare$\WinFabTraceFiles. Verify that your user account has administrative privileges and that you selected "Run as administrator" when your started Windows PowerShell.


 This is a very good hint, but remember we were Domain Admin, local Server Admin and had switched of the UAC.

Finally due to the hint I stared the Topology Builder with the option "Run as administrator"

As expected the Wizard finished without any issue or error.
Once I tried to access the folder for the Skype for Business File Share, the same warning popped up again and I granted access myself.
In the last picture, you can see the correct permission and also the correct groups were set to the file share and folders finally.

Thursday, July 30, 2015

Skype for Business Server 2015 prerequisites (pre role and with powershell script)

For any other pre Skype for Business 2015 versions, e.g. Lync Server 2013 and the different OS, please refer to the old blog article:

Skype for Business 2015 Server Software Prerequisites:

Since the installation of Skype for Business 2015 Server require a modern OS, only the Standard and Data Center version of Windows Server 2012 and 2012 R2 are entitled for an installation.
Both servers having the same prerequisites.
Recommendation for Windows Server 2008 R2 is only give for in-place upgrades.

Required HotFixes Windows Server

(please consider the KB 2858668, KB2982006 and KB2533623 for in-place upgrades and fresh installations)
Windows Server 2012, KB article 2858668. Download.
Windows Server 2012 R2, KB article 2982006. Download.
Windows Server 2008 R2 KB article 2533623. Download.
Not all HotFixes apply to the different rules, e.g. you only need the 2012 R2 KB2982006 on Skype for Business 2015 Server rules, where the IIS is installed, meaning like the Edge doesn't require this hotfix. 
Windows 2012/ 2012 R2

All Server Roles require:

Add-WindowsFeature RSAT-ADDS, NET-Framework-Core, NET-Framework-45-Core, NET-Framework-45-ASPNET,  Web-Net-Ext45, NET-WCF-HTTP-Activation45, Windows-Identity-Foundation, Telnet-Client -Source X:\sources\sxs

(-Source X:\sources\sxs, where X should be the drive/ or network location where your Windows Server 2012/2012R2 Server ISO/DVD is found)

The RAST is not required on EdgeServer, but you can install them without any negative impact

On all Frontend Standard and Enterprise Server:

  •   SilverLight (optional)

Add-WindowsFeature Web-Server, Web-Static-Content, Web-Default-Doc, Web-Http-Errors, Web-Asp-Net, Web-Net-Ext, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Http-Logging, Web-Log-Libraries, Web-Request-Monitor, Web-Http-Tracing, Web-Basic-Auth, Web-Windows-Auth, Web-Client-Auth, Web-Filtering, Web-Stat-Compression, Web-Dyn-Compression, Web-Asp-Net45, Web-Mgmt-Tools, Web-Scripting-Tools, Web-Mgmt-Compat, Desktop-Experience, Telnet-Client -Source X:\sources\sxs


On all Director:

Add-WindowsFeature Web-Server, Web-Static-Content, Web-Default-Doc, Web-Http-Errors, Web-Asp-Net, Web-Net-Ext, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Http-Logging, Web-Log-Libraries, Web-Request-Monitor, Web-Http-Tracing, Web-Basic-Auth, Web-Windows-Auth, Web-Client-Auth, Web-Filtering, Web-Stat-Compression, Web-Asp-Net45, Web-Scripting-Tools, Web-Mgmt-Compat, Desktop-Experience, Telnet-Client -Source X:\sources\sxs

Video Interop Server:

No more additional prerequisites


No more additional prerequisites



No more additional prerequisites


We need Microsoft Message Queuing (Server and Services)
Add-WindowsFeature MSMQ-Services


Additional Information:

Do not install any Winsock Layered Service Providers (LSP) software, on any Front End Servers or stand-alone Mediation Servers. Installing this software could cause poor media traffic performance.
A LSP Software for example it:
Microsoft Internet Security and Acceleration (ISA) Server client software


Lync 2013 Survival Branch Server

(30.07.2015 SBA under Skype for Business 2015 are not yet available, instead we use the SBA Lync 2013)

In this section regarding the SBS (the equivalent "self-build" SBA:), I assume Windows Server 2012/ 2012 R2 is used:
As written, all server role have requirements in common, therefore to realize the SBA has its Registrar, Lync Frontend Service, the same overall requirements are valid too:

All Server Roles require:

  •  Windows PowerShell 3.0 (is installed by default)
  •  Microsoft .NET Framework 4.5 ( Additional Step's after Installation: Select WCF Activation if it isn’t already selected. Then select HTTP Activation, or include in PowerShell
    Add-WindowsFeature NET-WCF-HTTP-Activation45, Web-Asp-Net45
  •  Windows Identity Foundation 3.5 (activate via Server Manager)
    or add via PowerShell
Principally said, it is another Server where you can use the first Windows Feature command line at the top of this article.

Wednesday, July 8, 2015

DID (Direct Inward Dial), Pilot Numbers and Extentions in Skype for Business Enterprise Voice

Pilot Number = single phone number, e.g. caught by a hunt-group
A pilot number is the address, extension, or location of the hunt group inside the PBX or IP PBX. It’s generally a blank extension number or one extension number from a hunt group of extension numbers that doesn't have a person or telephone associated with it. For example, you might configure a hunt group on a PBX or IP PBX to contain extension numbers 4100, 4101, 4102, 4103, 4104, and 4105. The pilot number for the hunt group is configured as extension 4100. When a call is received on extension number 4100, the PBX or IP PBX looks for the next available extension number to determine where to deliver the call. In this example, the PBX or IP PBX will use its programmed search algorithm to look at extension numbers 4101, 4102, 4103, 4104, and 4105.

PILOT NUMBER: e.g +49 89 1234 0
Next we talk about the DID/DDI, this is the range assigned to the callee.

DID or DDI = Direct Inward Dialing number
The telco configures how many digits of the telephone number dialled by the caller is sent down to your PBX. Some connections, PRI or BRI, send all digits and some only the part that distincts the number from others, like the four last digits.
Any PSTN subscriber can contact an enterprise user inside or outside the corporate firewall by dialing a Direct Inward Dialing (DID) number associated with that enterprise user.
Direct Inward Dialing is used when your PBX telco connection allows direct dialling to extensions within a PBX, using physical lines (or channels on a PRI) on a shared basis.
So DID ("direct inward dialing") was invented as a way to re-use a limited number of physical phone lines to handle calls to different published numbers. In a business with DID, the phone company uses DID signalling to identify the number they are about to connect to the business's PBX. Historically, this was done by pulsing the last 3 or 4 digits of the number being dialed before connecting the number. The PBX would use these DID digits to switch the call to the right recipient.

PILOT NUMBER: e.g +49 89 1234 0
with a range of 1234-0000 until 1234-9999 possible.
A caller can now DIRECTLY dial to a target user, e.g +49 89 1234 1111

Extension = numbers extension behind the central number
Not like a phone number (like DID), more like an internal identifiy....
also used for internal dialing and AutoAttendants (e.g. Exchange AA)

If we work with extensions, we need for callees an INTERNAL number. The internal number in Skype for Business/ Lync should be in E.164 from, but can be also a shorter number, even a extension.
In PBX, the Auto Attendant can receive an external call, and proxy this call to the internal extension.

Important is, not to be confused with DIAL PLAN and EXTENSIONs!

If we have our Skype for Business real work scenario:
Exchange and Skype for Business is required. Exchange handles the Auto Attendant and will be used for the INTERNAL EXTENSION. Therefore the user needs to be UM enabled. Only than a external Pilotnumber can be assigned to Exchange Auto Attendant and the user can be called from external without a DID.

Difference between, EURO ISDN and NA ISDN
;ext=123 (EU)
x123 (NA)

E.164 maximum length is 15-digits

Recommended link for Lync normaizations between EU and NA formats and how to handle the AD assigend phonnumbers (not the Lync assigned! ones)

Tuesday, July 7, 2015

Skype for Business Mobile Client, feature set of Skype for Business for Windows Phone

Finally, this morning it was the day where I had the biggest smile.
The new Skype for Business Mobile Client was released. Amazingly the updates installed over night without actively doing anything.

The naming is not the mobile client, it is:
Skype for Business for Windows Phone, or iPhone and so on.

For me this is a good sign looking forward for all changes coming along with Skype for Business Server. What we can see is the focus on Enterprise Voice, Voice in unified Communication is essential and we need straight forward and simple to use user experiences. we need to have a client which works seamless with the desktop version and features.

Let me introduce you to some new feature in Skype for Business Mobile Client:

First look when the desktop tile is on the main screen:

Form here you can click your tile and will start the new welcome screen:
You are required to confirm the update and will proceed as normal.

Well on the first look it seems not to be different from the old Lync Client and only the Logo has changed.

But this would not what we expect!
First having a look into the About Page, checking the Version Number:
The Version yet is:
6.0.1430.0, called Skype for Business for Windows Phone.

We can see the view and join experience for meeting changed and is a little better to use and view.


What we need to recognize is the Call via Work (CvW) feature, but where this is hidden and what could be done here?

Next we need to have a look into the SETTINGS:
As we see the Call Forwarding settings have changed and can be controlled form the windows phone client / mobile client.
This is a important feature, but remember, if Call via Work is enabled for a user this configuration is greyed out!
Else, soon we operate natively in Skype for Business Enterprise Voice, the feature is helpful and makes our life more easy.
I also help making the Phone Client "quiet", by forwarding a call to another number/ user.
Since we need to have a Exchange Server with proper configured EWS (Exchange Web Service), we can now query the Outlook WORK HOURS! this is good for a very much controlled FORWARD configuration and helps making the systems more user friendly.

One new feature and finally it's there. We can use the FORWARD Option will all possible contacts, it is searching the:
- DEVICE (email and contacts)
- Skype for Business ADDRESS BOOK
Next look I'm looking more closer to the FORWARD CALL settings.
I can see the configured Mobile Number is in, this helps using a reliable network for phone call, since the mobile network is mostly more suitable for voice calls.
As said earlier, the entire Skype for Business Address Book can be searched. also the Contacts in S4B Phone Client. Here you can see the result of a Address Book and Call History test.
Michael has an account with one of our customers and he is in my conversation history, therefore he can becomes visible.
Remember same as with the Desktop Client, your CANNOT forward calls OUTSIDE your organization!
Showing the Device Contacts. I'm having all my contacts sync from 3 email accounts and here they are all! Perfect !!
Interestingly I found a good part of how we can configure the Skype for Business Mobile Policies. Especially here the Voice settings. This is not the same as the Wi-Fi required option for Voice/ Video, it is more related to the BEST USER EXPERIENCE.
If we are in an area of bad network coverage, we can set our best quality calling based on the three options:
VoIP always
All calls will be transmitted over the best data network choice. 1st WiFi, 2nd CELLULAR
VoIP over WiFi only
All call must use WiFi network, if the network isn't available outbound calls are NOT working. Inbound experience is different, here inbound calls are receive if the WiFi networks is not accessible via Cellular / phone, it will also change the call forwarding settings to simultaneous ringing to your mobile number.
All voice call must use the normal cellular network, you mobile plan. this feature activates the call forward to simultaneously ringing to your mobile phone.
Some might now ask, I thing we had something similar with Lync. No we hadn't, because this feature now exactly controls the behavior. Therefore e.g. your do not receive a Skype call and a cellular call at the same time on your mobile anymore!

Btw the starting behavior hasn't changed and the client is still slow!

Friday, July 3, 2015

MVP's explain: Upgrade Lync to Skype for Business and Exchange in WebCast

KEMP & Fujitsu @ Allgeier Webcast Windows Server 2003 Migration präsentiert von Skype for Business MVP Thomas Poett und Exchange MVP Siegfried Jagott


Please ask questions in regards either to my corporate email, the contact form on my blog or simply post a question here.

Saturday, May 9, 2015

Skype for Business In-Place Upgrade failed with "Unsupported version of SQL Server detected"

I came across a problem a customer reported while he tried to upgrade an Lync 2013 Standard Server to Skype for Business Server.

The error is:

Before this server can be upgraded, the following must be resolved:
An unsupported version of SQL Server was detected. The local RTCLOCAL instance should be Microsoft SQL Server 2012 Express Edition SP1 or later. More information on downloading....
The local LYNCLOCAL instance should be Microsoft SQL Server 2012 Express Edition SP1 or later....
First let me remind, that you have to follow this upgrade steps: 
  • Install CU5+ latest hotfix to Lync 2013 topology
  • PowerShell RTM version (6.2.9200.0) or later
  • Have at least SQL server 2012 SP1 installed
    SP1 (
    download), SP2 (download)
  • Operating System Hotfixes:
Out of the Box, Lync Server 2013 installed the SQL 2012 Express Edition RTM.


Now if you only install SP1, make sure you updated both instances RTCLOCAL and LYNCLOCAL.

Next, please ensure your CU Update is installed correctly.
You MUST patch you database. Read the instruction very carefully (LINK):

Install-CsDatabase -ConfiguredDatabases -SqlServerFqdn <SE.FQDN> -Verbose
If you simply for got, which is very very very often the case, you run into issue and it is very hard to support this. Mostly we MVP also forget checking all Lync Server if you have patch the Server since beginning correctly.

Friday, April 10, 2015

Configure the client experience with Skype for Business

Hi dear blog reads,
since I was often asked how to set the UI in Skype for Business Client.
Microsoft posted the update under Lync 2013 Server:

Set-CsClientPolicy -Identity Global -EnableSkypeUI $true

And the Registry Key
In the [HKEY_CURRENT_USER\Software\Microsoft\Office\Lync] key, create a new Binary value.
The Value name must be EnableSkypeUI, and the Value data must be set to 00 00 00 00.
The key should look like the following:

Monday, March 23, 2015

Skype for Business Client Preview Download

Hi all,
the CeBIT was a great success.
Let me share the Skype 4 Business Client bits.

There is one issue:
If you run any Office 2013 version, you installed from the Cloud. Click2Run.

You must first uninstall or at least install the ISO Images.

The error reported is:
German: Von dem auf diesem Systems installierten Paket sind keine Produkte betroffen.
English: From the package installed on this system no products are affected.
The language is changed to the location you have defined on your OS.

This is, because the Skype4Business client is not a "full client", it is a GUI update to your Lync 2013 client.

Thursday, January 22, 2015

Lync Mobile Client does not normalize dialed number

There is an issue cause confusion with the Lync Mobile Client behavior.
Let me give you a scenario:
Assume a user is located in Munich:
+49    Country Code Germany
89     Area Code Munich
314253 (main number)
554    (extension)
Full number : +4989314253544
Munich Lync phone number: tel:.+4989314253544;ext=1544
(the 1 stands for Munich)

New York Lync phone number: tel:.+16312455554;ext=2544
(the 2 stands for New York)

This number belongs to an internal Lync user and you have the normalization rules for this Munich location profile set as:
normalizing to 3-digit ->       +4989314253$1
normalizing to 4-digit ->       cut 1 - +4989314253$1
normalizing to 4-digit ->       cut 2 - +16312455$1
normalizing to 9-digit ->       +4989$1
normalizing to 0+11-digit ->    cut 0 - +49$1
normalizing to 0049+11-digit -> cut 00 - +$1
normalizing to 001+10-digit ->  cut 00 - +$1
This number belongs to an internal Lync user and you have the normalization rules for this New York location profile set as:
normalizing to 3-digit ->       +16312455$1
normalizing to 4-digit ->       cut 1 - +4989314253$1
normalizing to 4-digit ->       cut 2 - +16312455$1
normalizing to 7-digit ->       +1631$1
normalizing to 0049+11-digit -> cut 00 - +$1
normalizing to 001+10-digit ->  cut 00 - +$1
It normalize the expected E.164 format matching the internal users Lync Phone Number
If you dial as use have a location profile of Munich location to, you now can dial the following:
544             Mobile Client show: 544
1544            Mobile Client show: 1544
314253544       Mobile Client show: 314253544       
089314253544    Mobile Client show: 089314253544      
+4989314253544  Mobile Client show: +4989314253544 
004989314253544 Mobile Client show: 004989314253544       
All Calls are successful !
If you dial as use have a location profile of New York location to, you now can dial the following:
544             Mobile Client show: 544 (not match and normalize to New York)
1544            Mobile Client show: 1544 (CALL SUCCESSFUL and normalize to Munich)
314253544       Mobile Client show: 314253544 (no match)       
089314253544    Mobile Client show: 089314253544 (no match)     
+4989314253544  Mobile Client show: +4989314253544  (CALL SUCCESSFUL)
004989314253544 Mobile Client show: 004989314253544 (CALL SUCCESSFUL)
As you see the Lync mobile client do not show the normalization.
It keeps the number you dialed, similar as the behavior dialing from your mobile itself.

Why the call can reach the user?
Lync can process the given normalization rules on the Server, (in-band provisioning) and also knows the location profile the calling user has assigned, which than include the DialPlan with the Normalization Rules.

Therefore its a normal behavior.

If the call do not work as described in the simple example aforementioned, your location profile and normalization rules are incorrect. You need modifying your dial plans.

Wednesday, January 21, 2015

Cannot send IM from Outlook Web Apps

There are three possible reasons why you can't send IM from Outlook Web Apps (OWA).
I assume first, the integration was done according to the recommendations given. Meaning you have also tested that internal IM from OWA was possible to send and receive.

If you encounter the following behavior:
- Presence can be queried, but I’M cannot be initiated.
- If you receive an external IM, you are able to answer the external contact.
- You cannot receive or send external IM from OWA
While you are using the OCSLogger on the Lync Edge Server, you might see the following SIP 403 Forbidden message:
Text: SUBSCRIBE request for get rich presence was rejected by the Access Edge Server

You also see the internal Exchange Server with ipconfig -displaydns as:

1. Your external policy do not allow access to federated partner or public IM systems. Therefore you need to change those policies, or assign the correct policy to the affected users

2. You have the correct policy, but you sill can't reach out to external contact, the SIP address might be incorrect, or the federated partner is not allowed to communicated externally

3. Most likely, if the policy settings are correct the third possibility occurs. For external IM communication you must have a CONTACT OBJECT in Exchange. IM can only be initiated via a contact object and this is different from your Lync Client, where you are able to type a address in the address bar.
In OWA you can add a contact including the CHAT address, but here you have to add the chat address in the following format:
OWA can only initiate a IM if the SIP Prefix is present, else the error message shown above will be logged. This is an issue by design of Exchange utilizing the UCMA API.
Additionally, you also have to apply the Lync Cumulative Updates to the UCMA installed on each Exchange CAS Server. This is mostly forgotten by the Exchange admins.

This article says, if you wish to communicate with external buddies, you have to add a Outlook Contact and MUST include SIP: prefix.

Thursday, January 15, 2015

Skype for Business and Lync Monitoring for Enterprise Voice

Monitoring, a component in Lync which is most important.
Not only collecting information about the servers and their services. Since here are users directly involved with their end devices, like phones, headset or computers. In between of those components sits the network and routing devices. Not enough here, mostly Lync or Skype for Business work in an environment where other voice solutions, e.g. PBX's or SIP Systems are running in parallel. During a migration for example, if you move users towards Enterprise Voice, the PBX and e.g. SIP Trunk Providers are in the loop for quite some time.

This makes monitoring of the entire Voice solution essential.

Lets see hat Lync and Skype for Business offers:
Microsoft has introduced a two databases, the CDR and QoE database. Those are databases where Call Details are recorded and the entire environment quality data, like Server and service health, as well as the quality relevant information about call, either a P2P or Enterprise Voice call, and data about conferences.
With predefined SQL Reports you can query those data. And they are essential not only for troubleshooting, they are essential monitoring trends as well.
You have a dashboard providing an generic overview and the individual reports allowing you having a deep inside view of each call and component.

But here the main question comes into place: If I'm in the midst of an migration, or even having two UC solution in place, where can I see and monitor the entire environment of my company.

The answer is you cannot do this with the Microsoft Monitoring components. You need either multiple different systems, where you will encounter difficulties bringing those information together.

Saying a Skype for Business user is calling a user still not migrated from an AVAYA PBX. Both system are connected via SIP Trunk or via the SBC.
Now you cannot monitor this call.
The only solution is you take the Microsoft site and the Avaya site combine possible reports and try your best.

Now what I personally recommend to customers addressing this problem:


This is the only solution able to utilize every source in your environment, the Microsoft Reporting databases, the SDN APIs, and the most PBX and UC vendors. Consolidating all information into a single system and provide you the entire, overall view.

Lets have a look into it:

With Prognosis I can address all components in Lync and Skype for Business, including the SDN API too. Therefore I also collect the CDR and QoE database information.
But that's not enough, in an UC environment, we learned that the user experience is quite important. This the user has a sensitive organ, the ear. Therefore he has subjective sense to a call he made. It is helpful, if we can identify those calls too. We know that the Skype for Consumes offer those function. With Prognosis, we can integrate this feature also into Lync 2010 and Lync 2013.
From here we can validate the call in more simpler way than we could do with the integrated reporting in Lync/ Skype for Business. 
As mentioned earlier, having a view over all involved components, we call this feature in Prognosis Voice Quality 360. The call can be monitored from end-to-end over all solution, e.g. from Lync to Avaya, or from CCM to Skype for Business.

As the path is important we also need trace those call with e.g. SBC. here is an example tracing a call from Cisco Call Manager to Lync, End-to-End. Have the SBC from AMCE in place. This can help us to clearly identify where we would have the problem located, e.g. a lower MOS Score. From this point onwards we simple click down to the component identified.

Conference are another issue. How often I was asked to identify a "bad" call in a conference, even with more than 100 participants. Wow difficult task and a lot of work.
With Prognosis, it made my life easy, as I could see the call was bad on the sending path.

if you are the Administrator in company, you should be able tracing your environment entirely and have the right tool to support your work, so you can approach the correct troubleshooting way directly.
Additionally, we can deliver those information also to our support partners which than save a lot of time doing their parts.