Monday, July 4, 2016

Cloud Connector Edition Hybrid Voice Guide Version 2

Hi to all excited CloudPBX fans.

I finalized the Cloud Connector Edition Hybrid Voice Guide Version 2.
All important changes are covered and contains the full explanation of CCE Multi-Site Design, as well as how users must be configured.

Have fun reading it.


This guide is for Microsoft customers and partners, as well as vendors useful in the same (I promise ;) ).
It explains the entire technology and all related commands and cmslets.
Important is the Multi-Site CCE Design, which is most complex, but fully discovered and made open for your understanding.

A huge thanks the Westcon UCC, who allowed my spending a lot of time finishing this.
Therefore I'm very pleased in supporting the readers and try my best answering all question. You can contact me via my blog


Introduction of Cloud Connector Edition 5
Generic terms of Office 365 PSTN connectivity 5
Topology support in Office 365 with Skype for Business 6
On-Premise without any Office 365 connectivity 6
On-Premise Skype for Business with Office 365 Cloud PBX connectivity (Federation to Office 365 and Cloud PBX and PSTN CALLING SERVICE) 6
Office 365 with CCE (Cloud PBX) 7
Office 365 with PSTN Calling Service (native Calling Plan) 7
Typical Skype for Business federated On-Premise Installation 7
Tenant support in Office 365 10
Cloud Connector Active Directory Forest 11
Cloud Connector (CCE) Topologies 12
Outbound Call Flow 12
Inbound Call Flow 13
CCE “SBA” in planning: 14
High Availability: 15
Multi-Site deployment 15
CCE Voice Routing with multi-site (generics) 17
CCE Voice Routing on gateways (optional) – not yet supported by Microsoft 19
Migration to Cloud PBX with Cloud Connector Edition 20
Greenfield 20
Skype for Business with Enterprise Voice on-premise 21
Target: native Cloud Connector Edition 21
Target: Cloud Connector Edition with Office 365 Calling Plan (Cloud Voice Users) 21
Target: Cloud Connector Edition + Skype for Business partial Enterprise Voice (on-premise) 22
Target: Cloud Connector Edition + Office 365 Calling Plan (Cloud Voice Users) + Skype for Business partial Enterprise Voice (on-premise) 22
Summary: 23
Infrastructure requirements for Cloud Connector Edition 24
Physical infrastructure 24
Logical infrastructure 25
DNS 25
Certificates externally 26
Certificates internally 27
Firewall Port Configuration 28
Configuration Guide for Users, Dial-Plans, Voice Routes and PSTN Usage 29
Connect to Skype for Business Online 29
CCE Site generation and assignment 30
Management Guide for Users 30
Moving a User to Skype for Business Online 31
CCE User to Site assignment 32
Configuration Guide for Dial-Plans 34
Configuration Guide for Voice Routes 35
Appendix 36
Commandlets for Online configuration 36
Dial-in conferencing cmdlets 36
E911 and Location Information Service (LIS) cmdlets 36
Skype Meeting Broadcast cmdlets 36
PSTN calling cmdlets 36
Hybrid PSTN site and user cmdlets 37
Internet Protocol (IP) phone cmdlets 38
Reporting cmdlets 38
Online User cmdlets 38
Reading/ Writing Users Information and Settings 39

Tuesday, June 21, 2016

Activate Office 365 for Internal User Rights (IUR)

Microsoft Partners are entitled for Office 365 E3 internal use:

If you wish activating your license, please follow the short introduction below and click the respective links:

How to earn Office 365 (E3) internal-use rights benefits through Microsoft Partner Network programs

How to activate and assign Office 365 (E3) internal-use rights licenses

New partners:
Please begin by signing up for a Microsoft Action Pack subscription or earning either a silver or gold competency. (You may also learn how to earn Office 365 (E3) internal-use rights benefits from the Microsoft Partner Network programs here.)Existing partners:
Use the following directions to help you get started:A. Activate Office 365 (E3) IUR on an online tenant:
  1. Go to the Microsoft Partner Digital Download Portal (
  2. Sign in with the Microsoft Account (formerly Windows Live account) currently assigned administrator rights.
  3. Select the Microsoft Online Services section.


Sunday, June 19, 2016

OneDrive Bulk Data Upload

Hi all,

just a side Skype for Business.
I upgrade my Office 365 Home account getting the 1TB HDD Storage.
Wow, what a nice opportunity have a valued backup in the Cloud.

Now I had the question in mind:
Damn, how should I get approx. 400GB into the cloud?

Microsoft tells you two option if you run Windows 10, assuming we all do so.
1a. Open EDGE Browser, navigate to OneDrive and drag&drop files and folder.
1b. Chose the upload feature in EDGE once you open OneDrive and choose the folder you like to sync
2.  Copy all your data on you local hard drive and let it sync

Super idea, 400GB didn't fit on any of my laptops anymore. So bad and stupid option
Second I tried use drap&drop. Perfect it failed, simply not working.
Ok, than lets chose the Folder Upload option.
And see here it goes, it took 1hr screen the files on my external disk. Than the upload started with approx. 35.000 files.

After two days, how wonders, it failed.

No intelligent option in the EDGE Browser giving me a way restarting the upload. -> Result totally useless

Even breaking it into smaller pieces resulted in a failure.

A side I don't know why there is no proper tool for upload, why IE is not working and why the Win8.1 option for online folder was removed. Also if you use EDGE, your RAM is utilized by 100% making this Laptop unusable for multiple days.
Yes, I'm totally frustrated with Microsoft here.


Thanks to some intelligent ideas, I decided splitting the folders in to smaller pieces and copy them into OneDrive.
What a hassle but using BITS is the best idea for syncing.

Once finished, I'm using OneDrive online and move the folder to its dedicated Backup Location.

This deletes the local HDD copy on my Laptop and I can proceed further.

I know this is not a very user friendly solution and I really hope Microsoft is developing some better tools and solutions.


Tuesday, June 14, 2016

Skype for Business Topology Support with Office 365, Cloud Connector Edition, Cloud PBX and PSTN Calling

Topology support in Office 365 with Skype for Business

A frequently asked question is the support for the different topologies. Later in this document I also provide a generic overview about a possible migration path towards one or the other topology.

The rudimentary described supported topologies are the ONLY possible setups.

There is not possible and supported way in combining any of those topologies!

On-Premise without any Office 365 connectivity

This is typically a solution, where you don’t own an Office 365 “E” Plan. Therefore, you are not entitled using any of the Office 365 features. Same is valid, if you own only an Exchange Online Plan, whereby none of the Skype for Business Online Services are subject to be used.

On-Premise with Office 365 connectivity (Federation to Office 365 and Cloud PBX and PSTN CALLING SERVICE)

This is the only scenario, where users are hosted either in Office 365 and some users stay SfB enabled On-Premise. Meaning you have a mixed environment.
This is the only mixed scenario, where local PSTN breakouts with your On-Premise Skype for Business enabled users and the other users enabled on Office 365 (which MUST use PSTN Calling Service or the local PSTN breakouts) are combined. It is not possible for Online user to be mixed for PSTN Calling Service and PSTN local breakout on-premise. This is technical limitation due to Voice Routes in the Office 365 environment.
A PSTN Calling Service is subject to the regional availability in the country where you required PSTN Calling.
PSTN breakout
Users enabled with SfB On-Premise
MUST be On-Premise with local PSTN Gateway
Users enabled with SfB Online in Office 365 (either or option)

PSTN Calling Service in Office 365 -> Calling Plan
On-Premise PSTN breakout with local Gateway -> CloudPBX

Advanced Voice Features (e.g. Response Group or Group Call Pickup)

In case any user requires Advanced Calling Feature, this user must be enabled for On-Premise Skype for Business.

In later updates, Microsoft will successively add more features to the Office 365 environment, making is obsolete running On-Premise installations.

Office 365 with CCE (Cloud PBX)

If e.g. the PSTN Calling Service isn’t available, or you required On-Premise PSTN connectivity (e.g. for Contact Centers) you can move all users into Office 365 and utilize the Cloud PBX feature in combination with Cloud Connector Edition.

With CCE you can mix online users with CCE On-Premise Voice PSTN breakout and Microsoft Calling Service.

Explicitly, CCE CANNOT be used with Skype for Business On-Premise Topology!

Office 365 with PSTN Calling Service (native Calling Plan)

If you don’t need either advanced calling features or any PSTN On-Premise connectivity, you can move all users into Office 365.


Saturday, April 2, 2016

Cumulative Update List (Skype for Business Server 2015)

Version Number, Release Date, Download Link

6.0.9319.235 (CU2) March 2016
6.0.9319.102 November 2015
6.0.9319.88  September 2015
6.0.9319.55  June 2015
6.0.9319.0   RTM NA

You can verify the installed component version:



Cumulative Update (Lync 2013)

Version Number, Release Date, Download Link

5.0.8308.945 January 2016
5.0.8308.941 December 2015
5.0.8308.933 September 2015
5.0.8308.920 July 2015
5.0.8308.887 May 2015
5.0.8308.872 February 2015
5.0.8308.857 December 2014
5.0.8308.834 November 2014
5.0.8308.831 October 2014
5.0.8308.815 September 2014
5.0.8308.738 August 2014
5.0.8308.577 January 2014
5.0.8308.556 October 2013
5.0.8308.420 July 2013
5.0.8308.291 February 2013
5.0.8308.0   RTM NA


Skype for Business Command Output shown as cropped List : Get-CsSimpleURLConfiguration

If a Skype for Business Get-Cs command provides an output as list, which is longer, it will provide a cropped output only.

The solution towards is, you need writing the output into a variable and screen print it into the command shell.


Identity  : Global
SimpleUrl : {Component=Dialin;Domain=*;ActiveUrl=
            dialin, Component=Meet;;ActiveUrl=https://l
  , Component=Meet;Domain=
            .com/meet, Component=Meet;;ActiveUrl=https

Getting the entire output you need the shell providing the output in a variable


This should output something like this:
PS > $A=Get-CsSimpleUrlConfiguration
PS > $a.SimpleUrl

SimpleUrlEntry : {Url=}
Component : Dialin
Domain : *
ActiveUrl :

SimpleUrlEntry : {Url=}
Component : Meet
Domain : *
ActiveUrl :

If you wish writing the output into a txt file, simple use:
PS > $a.SimpleUrl > C:\output.txt

Just making the article complete, a new Simple URL will be added in a similar way:

$urlEntry = New-CsSimpleUrlEntry -Url “”

$simpleUrl = New-CsSimpleUrl -Component “WebScheduler” -Domain “*” -SimpleUrlEntry $urlEntry -ActiveUrl “”

Set-CsSimpleUrlConfiguration -SimpleUrl @{Add=$simpleUrl} -Verbose

Added Note:
Thanks to my MVP mate Greig Sheridan, he figured out a more simple way of showing an entire list element.


This enables PowerShell showing unlimited elements in a list. as per default this variable is set to 3. Changing it too -1 removes the limitation and provides a full inside view of the list element.

Tuesday, March 22, 2016

Event 1034, LS File Transfer Agent Service fail after server removal

After a pool and his associated Edge server were decommissioned, I consistently receiving this error:


Skype for Business Server 2015, File Transfer Agent service encountered an error while accessing a file share and will continuously attempt to access this file share until this issue is resolved. While this condition persists, replication to replica machines might not occur.

Access denied. (\\\xds-replica\from-master\

Cause: Possible issues with file share permissions. This can occur if the computer hosting the file share has outdated cached credentials for the computer that is trying to access the file share.


For details about how to resolve file share permission issues, see the product documentation.

Event ID: 1034
Task Category: 1121

Next I need to check some leftovers from the decommissioning.
Checking the Central Management Store Status gave me a hint:

PS C:\Windows\system32> Get-CsManagementStoreReplicationStatus -CentralManagementStoreStatus

LastUpdatedOn                        : 22/03/2016 6:48:58 PM
ActiveMasterFqdn                     :
ActiveMasterLastHeartBeat            : 22/03/2016 6:52:18 PM
ActiveFileTransferAgentFqdn          :
ActiveFileTransferAgentLastHeartBeat : 22/03/2016 6:52:17 PM
ActiveReplicas                       : {,}
DeletedReplicas                      : {,}

PS C:\Windows\system32>

I was able and saw the DeletedReplicas.

Normal the Invoke-CsManagementStoreReplication should solve the problem, but simply it didn't work out.

Even if you had decommission a server proper, which is:
1. remove from Topology
2. must Disable-CsComputer

If you run Bootstrapper, the Disable/ Uninstallation is not working.

They stuck still in the DeletedReplicas.

The only solution,(but not support if you can run Disable-CsComputer any longer) is, you have to remove them manually from the XDS database.

Go the SQL CMS Server and execute the script finding the left over servers:

USE xds
GOSELECT [ReplicaId]
FROM [dbo].[Replica]

Than identify the DeletedReplica Server and delete them with:

delete [dbo].[Replica] where [ReplicaId] in (1,4)
where (1,4) are the column identified with the DeletedReplicas server.

This should support this issue.

Friday, March 18, 2016

Move User from a dedicated Pool via Powershell

How to move users to different pool or how to migrate user to another pool.

Simple and often forgotten:

The Get-CsUser command do not offer a -Pool or -SourceFQDN parameter!

Therefor you need to use pipelining and filtering.

Get-CsUser -Filter {RegistrarPool -eq "CurrentPoolFqdn"} | Move-CsUser -Target "TargetPoolFQDN" -MoveConferenceData

The Option CurrentPoolFqdn and TargetPoolFqdn must be specified in the form of: server.domain.local
MoveConferenceData : Please don't forget moving the users conferencing data stored in the File Share.
Note that you should not use the MoveConferenceData parameter if you are moving users as part of a disaster recovery procedure. Instead, you should rely on the backup service for moving conference data as part of a disaster recovery procedure

Care about users conferencing ID is not necessary while moving a user to new pool:

When you move a user to an Skype for Business or Lync Server 2013 pool, the data for the user is moved to the back-end database that is associated with the new pool.

This includes the active meetings created by the user. For example, if a user has configured a my meeting conference, that conference will still be available in the new Skype for Business/ Lync Server 2013 pool after the user has been moved.
The details to access that meeting will still be the same conference URL and conference ID.
The only difference is that the conference is now hosted in the new pool, and not in the source pool.

The Get-CsUser command has the following Properties which can be used for filtering:

Identity                    : CN=USER,CN=Users,DC=ADdom,DC=local
VoicePolicy                 :
VoiceRoutingPolicy          :
ConferencingPolicy          :
PresencePolicy              :
DialPlan                    :
LocationPolicy              :
ClientPolicy                :
ClientVersionPolicy         :
ArchivingPolicy             :
ExchangeArchivingPolicy     : Uninitialized
PinPolicy                   :
ExternalAccessPolicy        :
MobilityPolicy              :
PersistentChatPolicy        :
UserServicesPolicy          :
CallViaWorkPolicy           :
ThirdPartyVideoSystemPolicy :
HostedVoiceMail             :
HostedVoicemailPolicy       :
HostingProvider             : SRV:
RegistrarPool               : Pool or StdServer.ADDomain.local
Enabled                     : True
SipAddress                  : sip:USER@SIPDOM.COM
LineURI                     :
EnterpriseVoiceEnabled      : False
ExUmEnabled                 : False
HomeServer                  : CN=Lc Services,CN=Microsoft,CN=1:1,CN=Pools,CN=RTC
DisplayName                 : USER for TEST
SamAccountName              : USER

I always let the entire process being documented to >C:\User-Move.txt this is for later validation and error correction.

Get-CsUser -Filter {RegistrarPool -eq ""} | Move-CsUser -Target "" -MoveConferenceData > C:\move-user.txt 

Move user in event of a Data Center failure:

Well if a DC is in failover mode, there are two things happen.
  • If the resiliency mode is active, the conferencing focus is still hold on the other side and therefor the conferencing ID stuck there and it will fail!
  • If the DC fail with a proper failover incl. the SQL copy and you have activated the failover manually! Everything is working fine.
If you google about Conferencing Focus Lync you find a lot for my fellow MVP mate writing about this.
Assuming, you move the user to new pool permanently, this conferencing focus will be copied as part of the user setting. So the same ID is valid.
Just last weekend I was migrating an entire pool to new pool and everything got moved and all conferences stood as expected.
and if everything failed:
This is from MVP mate Richard Brynteson, Lync MVP, Microsoft Certified Solutions Master, he work it out very proper, if you like to understand conferencing.

Btw you can also download my Skype for Business and Lync Troubleshooting Guide:

Sunday, March 13, 2016

Skype for Business Client Update Februar + March 2016

Let me give you an overview about the changes applied with the SfB Client Update from February and planned for CU for March:

  • Auto-accept presented content
  • Single click Desktop Sharing (single Monitor)
  • Meeting join with / without mic or speaker
  • better sharing real estate
  • Notify other when everyone can see presented content
  • fast switching to newly connected devices without call on hold
  • additional connected monitor: prompt fir sharing
  • auto hide sharing tool bar
  • smart Team Contacts
  • Meeting Reminder

A new video technology/ codec for P2P screen sharing is implemented:
The P2P sharing is changed from RDP to High Fidelity Video-Based Screen Sharing (VBSS)
With the targeted update for March, it should be implemented for Meeting too.
Requirement ist the Office 2016 client. NOT the Office 2013 updated client Version (15).

Fast and more efficient:
15 FPS with VBSS instead of 8 FPS with RDP



Therefor it becomes als more reliable


More news are:
Co-Author OneDrive Office Document.
You can now collaborate on Office document with OneDrive in a meeting. The Access is granted automatically to the office document (OD4B). you will see the editor who wrote to the document. It is a concurrent editing possible.

Most important request are implemented:
Offline Messaging
  • Send messages to contact even if they are not signed-in
  • Read missed messages in email of in Skype for Business
  • Use unread count badges to navigate through missed messages
  • Read on any device with SfB/Lync that supports missed messages

Some more info's were:
The SfB Client for MAC is coming soon to a preview.
And yes, it is true, try to discover how you can utilize Office 2016 Click2Run in your enterprise.
Several new feature are only available with the C2R version and will not be implemented in the MSI package.

Sunday, February 21, 2016

Skype for Business Cloud, Hybrid or OnPremise decision maker

Thanks Jamie Stark (Microsoft)
we have finally a slide were we can easily make the right decision for the right approach.

Just consider, if you deiced for On-Premise deployment. If you have the Office 365, please always consider the hybrid approach. This let you utilize the Skype for Business Broadcast Meeting feature as well. It is not available, if you didn't set up the hybrid configurations.

You can download the PDF from my slideshare: DOWNLOAD

Tuesday, January 26, 2016

Skype for Business Meeting Failed: Content was blocked because it was not signed by a valid security certificate

In either Internet Explorer or other browsers you might see this issue finally popping when you try joining a Skype for Business Server Meeting if the Meeting is hosted on Premise,

This issue also pop's up with Lync Meeting, not only with Skype for Business Meetings.

Content was blocked because it was not signed by a valid security certificate

After investigation, I saw this was most likely related to changes in Skype for Business Client Update from Januar 2016:

It implements a new and proper described certificate validation procedure for all SIMPLE URL's.
(Note: This issue can't be replicated each time, therefore you have to consider this as "possible issue")

As I described earlier in my blog:
It is absolute curial following the infrastructure recommendations from Microsoft, regardless if it might work or not. Once there will be an update released, the not recommended setup will have issues or will fail!

A valid SAN Wildcard certificate could look like this:

CN   = fqdn.DOMAIN.COM


I took a deeper look into the assigned certificate.
Btw, it is also in hybrid Skype for Business setup required to be assigned to a local point of access for simple URL's.

We see the CN (or SN) has FQDN as *
next screenshot show's it in detail again.
While the last screenshot show's the wildcard name repeated in the SAN (Subject Alternative Name).

I have seen several environment running this configuration without issues as they told me.
But, how they can trace the join users experience?
True, they can't and here I give the example of a situation,where it ended up in mess.

Please define your Reverse Proxy and your Edge Server certificates in the supported and best practice setup.