Home » Posts tagged 'Skype for Business'

Tag Archives: Skype for Business

Skype for Business Mobile Autodiscover Gotcha When Moving to Microsoft Teams

On a migration recently we moved a bunch of users from Skype for Business On-Premises to Microsoft Teams Only, leaving behind Enterprise Voice users for the time being.

During this interop period it is required that both EV and Teams users can join Skype for Business meetings hosted by the remaining on-prem users until such time as Teams meetings take over.

After moving several users, reports came in that Teams Only people could not sign in to Skype for Business using the mobile app to join a Skype meeting, but where able to sign-in using the Skype desktop client.

The message received on the mobile client

Troubleshooting the issue with the old Lync Connectivity Analyzer suggested that something wasn’t quite right with the authentication process via the autodiscover web service

Autodiscover: SendRequest(): the URL https://lyncdiscover.commsverse.com/Autodiscover/AutodiscoverService.svc/root/user?originalDomain=commsverse.com?sipuri=John.Smith@commsverse.com couldn’t be connected.  Complete HTTP headers:\r\n Pragma: no-cache

I decided that I would run CLS Logging and trace the authentication, so from a Front End

Start-CsClsLogging -Pools FEPOOLA.commsverse.com -Duration 00.00:02 -Scenario Authentication

I attempted to sign in from mobile to capture some logs.

Searching the logs, top tip to reduce the export size, always specify the URI you are interested in, it makes following the log much, much easier!

Search-CsClsLogging -Pools FEPOOLA.commsverse.com -OutputFilePath c:\temp\mobile.log -Uri "john.smith@commsverse.com" -MatchAny

Opening the log in snooper and following it line by line I found that authentication passed, but the FE could not find the hosting provider for the user.

(0000000001B0CB29)Could not find hosting provider for hosted user. User: john.smith@commsverse.com

So Next step was to check the hosting provider for Skype for Business Online

Get-CsHostingProvider -Identity SkypeforBusinessOnline
Identity                  : SkypeforBusinessOnline
Name                      : SkypeforBusinessOnline
ProxyFqdn                 : sipfed.online.lync.com
VerificationLevel         : UseSourceVerification
Enabled                   : True
EnabledSharedAddressSpace : True
HostsOCSUsers             : True
IsLocal                   : False
AutodiscoverUrl           :

Missing was the Autodiscover URL for Skype Online, so setting that on the hosting provider as follows

Set-CsHostingProvider -Identity SkypeforBusinessOnline -AutodiscoverUrl https://webdir.online.lync.com/Autodiscover/AutodiscoverService.svc/root

Forcing replication of the CMS and then trying to sign in again fixed the issue and Teams Only users are able to sign in to Skype for Business Online using their mobile app successfully.

The reason why the desktop client was unaffected is because it looks up the _Sip SRV DNS record for the access edge location and redirection was happening properly through SIP registration.

So make sure you set the Autodiscover URL in your Hosting Provider for SfB Online if you want mobile sign in for those legacy meetings!

Tranching Users Ready For Your Microsoft Teams Migration

If you are planning on migrating your users from another system, perhaps Skype for Business or indeed a 3rd party system, the question of how to do this gets more complicated to answer as the numbers of users you have to deal with increases.

Consider the scenario where you have a large Skype for Business deployment of tens of thousands of users. There will be a number of users with a persona that can be easily migrated to Teams e.g. chat and meetings. Others will be more complicated and require more thought, voice users for instance.

Doing moves from Skype to Teams using PowerShell is a must, but when you are moving hundreds, or thousands of users in multiple threads and shells to the cloud at scale and speed, how do you keep track of your progress, and more importantly ensure that you are moving the correct users?

The answer invariably means tranching your users offline in some kind of Excel file. To ease the burden of this manual task I have created a simple script to tranche users based on a full export from your Skype for Business deployment.

Step 1 – Export your users to csv files

You can export your users to one csv file by running this command

Get-CsUser | Export-Csv c:\temp\allusers.csv -NoTypeInformation

Alternatively, you can export by whatever chunking condition you want, e.g. users by pool

$pools = Get-CsPool | Where {$_.Service -like "*Registrar*"} | Select Fqdn
ForEach ($pool in $pools){
    Get-CsUser | Where {$_.RegistrarPool -eq $pool.fqdn} | Export-Csv "c:\temp\$($pool.fqdn).csv" -NoTypeInformation
}

Step 2 – Edit the Tranching Script

The default behaviour of the tranching script is to tranche all users that do not have Enterprise Voice Enabled. You can make your own filter by editing the line (31)

$validUsers = $importFile | Where {$_.<column name to filter on> -<condition> <value>}

Step 3 – Run the Script

Run the script from PowerShell to parse the source files extracted in Step 1. The script will ask you the location of those files as an input parameter e.g. c:\temp\.

The script will collect all csv files in that directory and parse them as per your condition filter. By default, it will create csv files in output folders in blocks of 250 users per file. You can then use these files to migrate to Teams using multiple shell windows, users and servers.

If you want to change the number of users per tranche, edit the script and change the following variable

$blockSize = <your number here> default is 250

The script can be found below

 #Tranching Users by Source File

$sourceDir = Read-Host "Please set the working directory of where the Source Files are"

$filesToProcess = Get-Childitem $sourceDir | Where {$_.Extension -eq "csv"}

ForEach ($sourceFile in $filesToProcess){

    Set-Location $sourceDir

    $importFile = Import-Csv $sourceFile.Name

    #create output dir

    $folderName = ($sourceFile.Name).split('.') | Select -First 1

        try{

        New-Item -ItemType Directory -Name $folderName -Force

        }catch{

        }

    Set-Location ".\$($folderName)"

    # Filter users that are not EV enabled

    $validUsers = $importFile | Where {$_.EnterpriseVoiceEnabled -eq $False}

    $countUsers = ($validUsers).count

    Write-Host "There are $($countUsers) users found to be tranched" -ForegroundColor Yellow

    # Set Pagination

    $blockSize = 250

    # Create Tranches

    $startPos = 0

    $counter = 1

        While($startPos -lt $countUsers){

                $validUsers | Select-Object -Skip $startPos -First $blockSize | Export-Csv "MigrationBlock_$($counter).csv" -NoTypeInformation -Force

                $startPos += $blockSize

                $counter++

                Write-Host "Tranching next Block Starting at Row $($startPos)" -ForegroundColor Yellow

    }

}

    Write-Host "Finished Tranching Users" -ForegroundColor Green 

Microsoft Teams & Skype for Business Online Back-end Provisioning Monitor Script

Working in the Cloud should be fast. But sometimes you just got to wait it out. One of the biggest pain points for me is the lag between licensing a user in Office 365 and Skype for Business Online to complete its back-end provisioning so I can actually start assigning policies and phone number etc.

This delay can range from a minimum of 30 minutes to 24 hours! There is nothing I can do to speed it up and the biggest challenge is providing a predictable experience to the end user. Typically, I want to license and then do something in Skype. With this delay, I am not going to sit around and keep checking when I can actually complete the task. I’m going to do other stuff.

The problem with this is that I am introducing a lag between the back-end ready state and bringing myself back to this task. This could lead to end user realising functionality before I have tailored it to their needs.

Skype Online applies to Microsoft Teams as well. So this is needed if you’re deploying Teams too. Skype for Business Online gives out two properties, assigned plan and provisioned plan. You can access these properties by calling the user object out of PowerShell. Assigned Plan is the core functionality we have given the user based on their Office 365 licenses and Provisioned Plan is the current plan that has been provisioned. There may / will be a drift between these 2 properties when a user is first licensed. This is what takes time to get into sync.

Having been tired of this problem, I created a script that monitors the license provision in Office 365 every 5 minutes, if all assigned Skype licenses return a success the script will continue to Skype Online and check the provisioned plan against these licenses. The script will continue to check the provisioned plan every 5 minutes until all assigned plans return a success. Upon which I can then add my in band configuration commands such as Grant-CsTeamsMeetingPolicy etc.

This now means all I need to do is enter the user’s UPN into the script and hit enter. Simply call the script from the PS window

 .\SkypeProvisioningStatus.ps1 -upn user@mvc-labs.com

Skype for Business Address Book Failed in Resource Forest

I never thought I would be blogging about Skype for Business in 2019…. Oh Well! 🙂

I was contacted by a friend who had deployed an Audiocodes CloudBond appliance to one of their customers. They were experiencing issues with users not being able to search the address book service in Skype for Business.

The Audiocodes Cloudbond appliance deploys Skype for Business Standard Edition into its own domain. In order to connect users to it, an AD Forest trust is required between the Cloudbond and User AD Forest. Users are then synched from the User domain to the CloudBond domain.

This is a typical resource forest deployment.

Initial testing showed that when you ran Test-CsAddressBookService with the credentials of a Skype enabled user in the user forest, the result that came back was an IIS Error 500 Internal Server Error.

After much digging around proving that there was nothing wrong with Skype for Business itself, I decided to take a step back and troubleshoot authentication. I could see that the user could indeed authenticate in the resource forest, I could see the user authenticating against the IIS ABS website and the 500 error was coming from an IIS module

ModuleName="OCSABSModule", Notification="AUTHORIZE_REQUEST", HttpStatus="500", HttpReason="Internal Server Error", HttpSubStatus="0", ErrorCode="The operation completed successfully."

Checking the user permissions on the Skype server Local Security Policy I couldn’t see the user domain, domain users group in the Access this computer over the network setting in LSP / Local Policies / User Rights Assignment.

I thought I would check the local Users group on the server to see if it was listed there, and it wasn’t. After adding USERDOMAIN\Domain Users to the local Users group and rebooting the Skype Front End, users were allowed to search the address book service.

Test-CsAddressBookService -UserSipAddress "sip:a009602@domain.com" -UserCredential "a009602@domain.com" -TargetFqdn "rfsfb.sfb.domain.com" 
Target Fqdn : rfsfb.sfb.domain.com
Target Uri : https://rfsfb.sfb.domain.com:443/abs/handler
Result : Success
Latency : 00:00:19.1432698
Error Message :
Diagnosis :

And testing on the client:

Simple fix in the end, but not an easy one to find initially.

Skype for Business 2019 Now GA WHEY!

So without much fan fare or fuss, Microsoft’s latest version of Skype for Business Server officially entered General Availability this week. Yes 2019 is officially launched alongside Office 2019, Exchange Server 2019 and SharePoint Server 2019.

It was somewhat of a damp squib event with very little song or dance on the twittiverse from both Microsoft themselves and MVPs. An official Microsoft blog limped up on Tech Community to make the announcement like Lewis Hamilton stepping up to the 3rd place podium at the US F1 Grand Prix knowing he and his team were out performed by Ferrari.

However, unlike Lewis, where he is still undoubtedly the current world’s best at what he does and another year at the top is almost as certain as night follows day, the same it seems cannot be said about Skype for Business Server 2019.

And this is no surprise really

Sure, Skype for Business 2019 comes with some useful enhancements for some customers who are on their cloud journey, like leveraging cloud voicemail, ability to collocate on-prem CDR and QoE data in the cloud so they can report through one pane of glass across all their hybrid estate, the ability to use Cloud Auto Attendant (quietly renamed from Organizational Auto Attendant), Ability to use Cloud hosted meeting and of course in built TLS 1.2 support. But for many others, this seems like Microsoft are doing it their way and making sure that the next jump customers take will be their cloud for UC and Enterprise Voice. Que this song..

While this is commendable and trail blazing it doesn’t suit all and some (including many I know personally) will not take the message in a positive way. Instead, they’ll receive the message more like this…

Putting feelings aside now, let’s look at the reasons as to why you would want to upgrade to Server 2019.

One thing Skype admins are going to have to watch out for is if their messaging team decide their strategic direction is to implement Exchange Online or Exchange Server 2019. If this is the case, then you’re probably going to be forced into an upgrade since Exchange 2019 lacks voicemail facilities and Exchange Online will soon follow suit. As of now, Skype for Business 2015 does not support Azure voicemail, the system preferred and used by Microsoft Teams.

You may be running Windows Server 2012 or even 2008 R2 base OS on your Skype for Business Server 2015 nodes and with 2012 especially entering extended support, combine that with SQL 2012 as well then you may choose to upgrade your servers to Server 2016 or even more recent 2019 to protect you on OS support. This may be a good time to future proof your on-prem deployment to 2019 if your cloud journey is not expected to finish by 2020.

Another actually quite valuable reason to upgrade is the ability for on-prem users to leverage cloud audio conferencing and meetings. Offloading your meeting capability to the cloud could potentially improve capacity and performance whilst extending availability and coverage you struggled with in the past. By using Microsoft global dial in capability and their global network this could actually be very advantageous to some customers over what they have today. Will it lead to cost saving?  Not sure, that depends on your situation.

One thing is abundantly clear though, Microsoft want you in Teams and they are doing everything they can to make that happen. Why? We have to look at the migration path from 2015 to 2019.

No in place upgrade, which was a welcome addition to 2015 that pleased a lot of customers because they could reuse their 2 or 3 year old servers and extract the ROI they projected from them. Now we have to go back to side by side and the hardware requirement has almost doubled in some areas e.g. RAM from 32GB to 64GB (thank god it wasn’t 256GB like was originally floated around the DLs).

Couple the new hardware with you now need Server 2016 at a minimum to install 2019 and your Wintel team may yet to be at the point of being able to support the image which could be challenging and make the project stretch further than originally budgeted.

The most shocking and inexcusable omission from 2019 is that it no longer supports SQL mirroring. When I questioned this, the response was that most organizations wanting HA will have SQL Enterprise Licensing. I have to say I have done many deployments over tens of thousands of seats with HA and only may be 3 had enterprise licensing for SQL. The average enterprise cannot afford that licensing model and use Standard. So now if you want 2019 and you want HA for your databases then your only option is SQL Always On and that comes with Enterprise. Yes Standard allows you one database in a AOAG, and that would make your XDS database highly available but not others like LIS or your back end pool databases which basically means its irrelevant to the cause.

Now take into account that pretty much all admin diagnostic tools are deprecated e.g. snooper being the biggest means that debugging and tracing issues with your deployment just got a lot harder. Why would you deploy it if you cannot support it?

So to me 2019 right now is expensive and that may make customers who were hesitant or ignorant to the cloud look more closely at their options. One thing is for sure, 2019 is now a stepping stone to the cloud more so that 2015 and the cloud is where the focus is right now. Could 2019 be the last on-prem version we see? Certainly seems that way right now.

However, it is not all doom and gloom. Yes SfB Server ends mainstream support in 2020, but it is still officially supported until 2025 in extended support, so now you can protect against Windows 2012 R2 exiting mainstream as of the 9th October 2018 and move to Server 2016 with a fraction of the investment it would take for 2019 and protect your business for another 6 years. Subject of course to the Exchange problem, but there are solutions out there that can be used.

Should we all protest at Redmond? Probably not. if we are sensible we would have seen the direction this was moving towards even before Teams was conceived, we knew the end game and it now appears closer than ever. The sooner people accept that the better because now you’ve a decision to make, adopt the Microsoft way forward which still has an incredible amount of value in the cloud or evaluate other solutions that fit more closely with your business needs.

Cloud maybe for everyone, or just some, whichever cloud (public or private) you choose it should be a free choice. This will probably be my last Skype for Business specific post because the organizations I work with today are all focused on moving towards Microsoft Teams.  I just wanted to give a balanced opinion on this version that both personalities can take away something of value from it.

Microsoft Voicemail Just Got Expensive For Some

Well Skype for Business Server 2019 got released in Public Preview alongside Exchange and Sharepoint distros this week and there has been lots of noise about feature removals and quiet squeaks about feature additions.

It comes as no surprise really as Microsoft turns the cloud up to eleven and trail blaze into a seemingly cloud only model of subscription based services. The 2019 releases of the application packages that defined Microsoft as a software company have got people in a downer. It’s the first time in my history where I have witnessed the complete lack of enthusiasm towards a new product release from Microsoft. And although quite sad, I also have come to accept that on-prem is just not strategic enough anymore.

Although Skype for Business 2019 has removed features considered no longer relevant for 2020 onward, it has improved the integration between on-prem and cloud which is aimed at unlocking those blockers that customers have where cloud communications are concerned.

This of course assumes that every customer of Microsoft will want to use at least “some cloud”.

For these customers 2019 makes sense at the surface by allowing them to use Call Queues, OrgAA instead of response groups, use Azure voicemail, Teams for Group Chat and send their QoE statistics to the cloud and use Microsoft’s compute for reporting.

But all of this requires may require that the user is licensed for a cloud offering. At the very least they are going to need Skype for Business Online Plan 2 and Phone System. Licensing that an on-premises user never needed to have potentially.

Add into the mix that 2019 requires new hardware of increased specification, reliance on Windows Server 2016 and SQL 2016 Enterprise if you want HA on your CMS as mirroring has gone. Skype for Business 2019 is a really expensive update for customers vs feature offering without cloud.

The fact the cloud reduces hardware and licensing requirements for on-prem features like persistent chat, SQL data analysis and reporting is true, but I am not convinced that this has a monetary saving.

Of course, if you are that company, who is willing to leverage the cloud offerings for your users then it probably makes more sense for you to jump in to the cloud with both feet and migrate from 2015 to native cloud, whether that is Skype for Business Online first or straight to Teams.

One thing for sure, there really has to be a compelling reason to want to update from Skype for Business Server 2015 to 2019 at this moment. There will be a day where you will have to do something due to EOL of 2015, but that could make you look towards other solutions if Microsoft cloud and 2019 are not viable alternatives for you.

2019 for businesses who just will not go to the cloud because of the data at rest complexities and risk management will really have to consider their options. 2019 for them probably feels like Microsoft are alienating and penalizing them for not doing it the Microsoft way and using cloud or hybrid.

One thing 2019 will do though is force the hand and this is a high risk strategy or so it seems right now.

However, perhaps the biggest news and impact to customers is the drop of Unified Messaging from Exchange 2019. This affects not just Skype for Business server users but also the thousands of other 3rd party VoIP users out there. For 3rd party users who rely on UM for their voicemail this is a huge issue that isn’t just limited to Exchange 2019 server, but online also.

I know customers who have retired their Cisco Unity solution in favour of both on-prem and online UM to have that integration with the users mailbox. UM used to be free and inclusive in the user license for Exchange and now customers will need to look at other providers for voicemail and go back to the year 2006 before the days of UM.

Perhaps voicemail is old fashioned?

Perhaps this move by Microsoft is going to question the importance of voicemail in general. Is voicemail old fashioned? Should we care about it? I must admit that I rarely listen to voicemails even in Teams and I don’t even have it enabled on my landline. Is voicemail just a courtesy service that society just expects to have, but in reality serves very little purpose?

Personally when I want to call someone it is because I need to speak to them about something that is “in the moment” topical. If they didn’t answer I would either email them to ask the question, or find someone else who can service my query. I’d only leave a voicemail if I knew they were the only person that could answer my question and I knew that they would probably pick the voicemail up quicker than an email (friday afternoon for instance) and I needed an answer urgently.

In addition, today, most people have a mobile phone anyway, and the more savvy users would have configured simultaneous ringing anyway so the chances of hitting a user’s voicemail service is reduced. Plus with no answer, you’re probably going to hit the mobile service voicemail anyway.

When I think of it, do I personally care if I have no voicemail? No I don’t, I could quite happily live without it. Voicemails to me are like unwanted spam anyway.

But there will be customers out there that still require voicemail and those who do will probably be using some kind of call center service that should have its own voicemail capability anyway. Or there will be just users who think they need it just because they’ve always had it. The fact the last time they had a voicemail was 3 years ago doesn’t come into that decision making process lol 🙂

But anyway if you’re a 3rd party voip user now using Exchange UM in any flavour then you have a problem to solve if you want to maintain this service.

In short, Microsoft have a solution for you. If you want Microsoft Voicemail, then move to Microsoft Teams or Skype for Business 2019 or both! Alternatively, and most probably the default position would be to seek alternative solutions from your current voip provider. Then you have to factor in costs for hardware, software licensing and probably 6 years of lapsed unpaid support to get you current with them.

For Skype for Business server users, you’re pretty safe. Lync 2013 and Skype for Business 2015 users you can continue to use Exchange UM for as long as your messaging team allow you to keep 2013 – 2016 UM servers around. Skype for Business 2019 users can use the same or use Azure Voicemail.

As a said before, Azure voicemail requires a SfB Online and Phone System license so voicemail that used to be free and a value added service has now become a $7 a month per user service.

[Update] Clarification was received by Roy Kuntz from Microsoft who is in charge of the Voicemail direction which states the following:

For On-Prem Skype for Business users, cloud voicemail will be provided at no cost. The only requirement is that an Office 365 tenant exists with at least a Skype for Business Plan 2 or Teams license subscription on the tenant. This triggers the back end systems for configuration to allow the voicemail service for the tenant. All that is needed is AAD Connect and accounts synchronized. No Exchange or Skype for Business hybrid required. For those tenants without a Teams or SfBO subscription, a trial license can be obtained. When expired, Microsoft are issuing some promo codes available when in Public Preview.

In summary, start questioning your usage of voicemail before deciding that this is super critical for you and you go and spend a ton of cash on providing that service when the time comes. You probably have 1-3 years depending on whether you use Exchange Online or On-Prem to do something, so don’t panic too much yet.

 

Polycom RPRM Phone Provisioning Demo with Skype for Business

I have been testing Polycom’s Real Presence Resource Manager, RPRM for short phone provisioning solution for the last few days. I thought I would share with you a demo of the experience.

Historically, if you wanted to provision VVX phones for your Skype for Business voice deployment you had 2 choices; use Polycom’s ftp provisioning solution, or use Event Zero UC Commander. Although the ftp solution was free, because it used built-in windows tools and XML files, people often preferred EZ’s solution because of the nice friendly UI experience meant they could provision phones without having to trawl through the 635 page VVX admin guide each time they wanted to make a change!

Now it seems Polycom are getting into the provisioning game with RPRM 10.1.0 now including Phone Management. This does not replace the free ftp solution, but allows you to leverage a single management solution for your Polycom Video Conferencing and Phone estate.

Watch the demo here to find out more

In summary, i found the tool incredibly easy to provision on Hyper-V and within an hour has mastered the basics of provisioning a phone. The intelli-sense configuration profiles combined with the ability to partition your configuration between global, endpoint groups, sites, devices and specifically down to an individual endpoint makes this a truly scalable and elastic enterprise tool.

Features I really like:

  • Being able to remote call control to prove an endpoint is working in advance of a meeting for instance
  • Being able to see the running config and log files easily
  • Being able to paste in your old XML config into your config profiles
  • Complete Zero Touch Provisioning out of the box
  • Simple to understand and logically built

Things that could be improved:

  • UI menu could do with being tweaked, having re-expand menus and scroll back up the page is a bit tedious after a while
  • Ability to schedule device updates at a granular level
  • Improved location awareness for asset tracking
  • Ability to distribute firmware to remote distribution points (without needing another full RPRM server) to ease WAN constraints (UDM has this)

Of course EZ’s UDM Pro is a competing product and will do all what RPRM can do with VVX phones and has the added value of number management on top of this so I can see people still venturing that way. However, the biggest USP here for using RPRM is that you now have an end to end support chain with one vendor rather than two. Plus, buy enough VVX’s and Trio’s in one go and I am sure that RPRM will come at a very competitive price!

Secure Your Meetings Now–No More Excuses!

In Skype for Business you can choose from two meeting creation types, secure or dedicated meeting space. During my time on deployments I always recommend and try to steer customers down the secure route as it avoids a multitude of situations around conference bleeding. Imagine having a conversation with management discussing an employee’s future, and you’re having a meeting with the employee immediately after the meeting. Maybe you leave 15 minute gap, but the meeting runs over by several minutes, then the employee joins early expecting silence but hears you talking about how to best fire them! Sticky situation right?

However, some choose to go down the dedicated route because “its easier”. But ease often comes with compromise. Aside from the conference bleeding, if not used in the correct manner then you leave yourself open to some serious abuse. Not only from internal users, but anonymous users as well that could have some serious impacts on your business from financial to corporate espionage!

Did you know its relatively easy to find a conference on the internet? Even if you don’t have the meeting URL? Dedicated meetings make it super easy, while secure meetings a lot harder.

Homework!

Google “Skype for Business Web App” and go to page 3 onwards (actually look who is on page 1….) and you will see some names with URLs like join.domain.com/meet/user.name/meetid

 

image

Notice that dedicated Meeting IDs are exposed (Last result). Undefined means that the conference has expired and no longer available. On the meetings that have an ID you can click to join them anonymously using the Skype for Business Web App

image

After that you are at the mercy of the conference policy applied to the conference organizer! If it allows anonymous users to dial out, then any one can use this conference to dial out to the PSTN and call whoever they want for free (well to them at least!). If you have added any attachments or other meeting content this is also accessible by the anonymous user (policy dependent).

So now do you want to secure your meetings?….. I thought so!

There are some valid reasons to use dedicated meeting spaces, but if you are using conferences for internal private communication then it really should be secure. The problem here is that meeting join pages are can be indexed by search engines. So you need to take action to prevent indexing as well as employing adequate conference policies that protect you in a last line of defence against fraud or espionage.

Recommendation 1

Ensure that your conference policy applies the following permissions

  • Allow Anonymous Dial Out set to false
  • Profile your users, do you need to allow anonymous users into a meeting for some of the user departments?
  • Allow External users to save content set to false
  • Allow external users to record meetings set to false
  • Make sure you do not allow anyone to bypass the lobby

There are others that you may consider, full settings found here: https://technet.microsoft.com/en-us/library/gg425788.aspx

Recommendation 2

Block search engines from indexing your meeting url. You can do this using IIS on the External Skype for Business Website on ALL your front end servers. You can do this in multiple ways and no single way really is 100% fool proof. The most obvious method is to use a robots.txt file located in the root of the External Skype for Business website. Most reputable search engines use this file to figure out if they are supposed to index or not.

  1. Create a text file in the root of the External Website folder for Skype for Business called robots.txt
  2. Add the following code and save it.
# Make changes for all web spiders
User-agent: *
Disallow: / 

The second method you can use is to use the HTTP Response Header

  • Open IIS Manager
  • Click on the Server name
  • Then click on HTTP Response Headers and open it
  • Click Add to add a new response
  • In the Name field enter X-Robots-Tag
  • In the Value field enter noindex

You could also deploy IIS Search Engine Optimization module from the IIS Web Gallery and control indexing via a UI. More Information here: https://docs.microsoft.com/en-us/iis/extensions/iis-search-engine-optimization-toolkit/managing-robotstxt-and-sitemap-files 

Recommendation 3

If you find that your meetings have been indexed, I recommend that the immediate course of action is to re generate your conference IDs and delete your old conference(s) (every event that uses the same ID) out of your Outlook calendar. This will deactivate the conference on all conference servers making it unavailable to join.

Then you should request that the search engine removes the link from their search. Here are the removal links for the major engines

Google – https://www.google.com/webmasters/tools/removals?pli=1 

Bing – https://www.bing.com/webmaster/tools/content-removal?rflid=1

Yahoo – Does not have a removal tool – so you’ll just need to sit tight

 

Skype for Business–Thumbnail Image Quality Issues

Over the weekend I was scanning a few message boards and came across a post asking

Why does the image of a person look ok sometimes but pixelated at other times for the same person?

To clarify the problem is when a user answers a call from a person and the picture of the caller is expanded and displayed in the conversation window.

Unlike most quality issues within Skype for Business, this problem is not down to lack of bandwidth or some other Skype for Business trick to ensure best possible experience. The actual cause of this is simple.

Back in the days before Exchange 2013, Lync didn’t really have a plausible Photo store worth having anyway. We were limited to using Active Directory based photos or using a web site hosting images of each user. Most organisations used AD based photos, and in so doing limited the quality to a 96 x 96 pixel image of no more than 100KB in size.

So give you an idea of what this looks like, here is an image at 96 x 96 pixels

image

The first problem is that people usually use pictures taken in landscape format, rather than portrait. The problem with is that when resizing to equal aspect ratios for horizontal and vertical axis is that they are not uniform. So converting a 1200 x 600 image to 96 x 96 pixels means that the horizontal axis is resized out of proportion to that of the original resolution. This makes the resized picture seem thin and long. As you can see in the above example it is pretty hard to make out any type of facial definition and is about as much use as a thumbnail image as a blank placeholder. A picture taken in portrait mode fairs better with resizing due to the 1:1 aspect ratio. So when resized to 96 x 96 pixels it comes out a bit clearer

image

But the story does not end there. In the Skype for Business client will actually retrieve the AD thumbnail photo and resize further to 48 x 48 pixels to get to the address book thumbnail display size of this:

image

Look familiar?

When this person calls you, or you call them, the conversation window expands this 96 x 96 pixel image into 648 x 648 pixels, and herein is the problem… The result blurred image!

image

 

The introduction of High Resolution images in Exchange 2013 allows users to upload their own images to Exchange. This means that they are able to upload an image with a resolution of 648 x 648 pixels. As with AD, the same rules apply, the image should be in portrait mode to get the best resize scaling. There is no value in uploading an image to Exchange higher than the resolution of 648 x 648 pixels as that is the largest size Exchange supports. If you upload an image of greater resolution it is going to be resized to this anyway. If you do not properly format and scale the high resolution image then you are reducing the potential image quality.

Here is a example of a high resolution image at 648 x 648

Image result for man portrait

However, High Resolution photographs are not the complete answer to these photo quality issues. When you upload the image to exchange a few things happen:

  • Exchange will resize your picture if over 648 x 648 to 648 x 648 pixels, so make sure that your image will scale to this resolution in the first place!
  • Exchange will store a picture in Active Directory Thumbnail attribute of 64 x 64 pixels!
  • Exchange will also store a 96 x 96 version to be used in OWA, Outlook, Skype Web App and the Skype Client

So even though you think you have solved your picture resolution woes, there is one more thing to consider and this is the reason for the image quality problems even with High Resolution photos.

Skype for Business will attempt to retrieve the high resolution photograph of the user as stored in Exchange using Exchange Web Services. If there is a problem with EWS or Skype’s ability to access EWS at the time of photo retrieval, the Active Directory thumbnail image of 64 x 64 pixels is used instead. Therefore, when the conversation window expands, it is blowing up the 64 x 64 pixel image to 648 x 648 pixels, giving you the same experience as if you were just using AD pictures…. errr because at this moment you are! Smile

So if you are experiencing issues with your high resolution photo’s quality, then this will be the reason behind it. The resolution will be to figure out why EWS and Skype are not behaving themselves for you!

Skype for Business–Can Your Conferencing Servers Cope with Anywhere365?

For the last 6 months I have been delivering a number of global contact centers based on Skype for Business and Anywhere365. The journey has been long and at some points painful, but we have got there and everyone is happy! Along the journey I have learnt a lot, cried a lot and laughed a lot! Now I am going to share with you some information that will help you decide if your Skype for Business deployment can cope with Anywhere365.

Firstly, Anywhere365 is one of only a few native Skype for Business contact centers. Do not get confused between this and contact center vendors who say they integrate with Skype for Business! To help you understand the meaning:

  • NATIVE means that the application uses Skype for Business Server functionality and APIs such as UCMA to build the contact center software. This means that it will use SfB Server components and media to deliver the functionality as well as baked in support of the Skype for Business client application.
  • INTEGRATED usually means that the contact center has an endpoint(s) registered in Skype for Business that takes the call away from the native components into their own system and deliver this back to the agent maybe to the Skype for Business client by itself, maybe a dedicated agent application, or the Skype client with the aid of a plugin.

There are positives and negatives for each, and this post is not about pitching one over the other.

As a result of being a native contact center, Anywhere365 of course leverages a lot of what Skype for Business has to offer in order to create those special contact center communication scenarios. To begin with Anywhere365 hooks into Skype for Business as a trusted application. As a trusted application, it requires trusted application endpoints. These endpoints act as the route in and out of the Anywhere 365 application and Skype for Business.

Another fundamental aspect is that Anywhere365 does not have its own media engine. In other words, it cannot control media paths, transcoding, media establishment etc. It is oblivious to that. Instead Anywhere365 leverages the conferencing service on the Skype for Business Front End Servers to connect the caller to the agent. This means that Anywhere365 is only part of the SIP signaling loop between caller and agent and as a result, requires less server resources that integrated contact centers.

So How Does a Conversation Work?

When a caller places a call to the contact center, they are calling the LineURI that is assigned to the trusted application endpoint attached to the contact center application. At this point all Skype for Business has done is routed the SIP signaling through to Anywhere365. Anywhere365 will accept the SIP INVITE sent to it and then send a signal back to Skype for Business to create a conference. Once the conference is created, Anywhere365 invites the caller to join that conference. The conference is hosted on the front end pool that the Anywhere365 server is paired to by the trusted application pool.

As soon as the caller is placed into the conference, Anwhere365 will play the welcome and queue messages to the caller within the conference. When you look at the logs, you will see that during these messages temporary SIP URIs join the conference to play the messages or hold music and remove themselves when no longer needed. Once the caller is in a position to be connected to an agent, Anywhere365 hunts an agent based on presence (and other parameters) and once an agent has been found they are invited to join the conference that the caller is in.

Considerations

As you can see, conference performance is of paramount importance to Anywhere365. A well performing AVMCU will create and join the caller to the conference in about half a second when done programmatically. In layman’s terms this is approx. half an ring. If you call an Anywhere365 contact center you hear multiple rings before hearing the first message, or the call being accepted, then more than likely you have a problem with your conferencing service. Similarly if it takes a noticeably long time for messages to play then this could also be related to conferencing service performance issues.

Luckily there are a few things that you can do to eliminate other possibilities:

  1. Assign a conferencing policy to every endpoint you create for your contact center. This includes the main, hunting and other system endpoints you may create. Why? Well Anywhere will use a random endpoint to create the conference. If that endpoint does not have a conferencing policy, then the conference creation can fail, then another endpoint is tried etc. etc. resulting in delays.
  2. The conferencing policy must have the following parameters set; –AllowAnonymousUsersToDialOut $True, –AllowAnonymousParticipantsInMeetings $True, –AllowExternalUsersToRecordMeeting $True (if you want audio recording), –AllowNonEnterpriseVoiceUsersToDialOut $True. If these are not set in the conferencing policy, some random things will happen, usually resulting in performance issues of a varied kind.
  3. Assign each endpoint an appropriate dial plan and voice policy too if you want dial out to work via the contact center.

Performance Baselining

Before installing Anywhere365 and trying to use it, you need to spend some time understanding your environment and your current performance across all components and modalities. Luckily Microsoft have invested a lot of time and effort producing performance benchmarking tools such as Key Health Indicators and the Stress Test Tool (often ignored due to complexity and time). These should absolutely be run to establish a baseline of your current performance as underlying issues could be amplified as soon as contact center workloads are placed on the environment.

Next you need to work out whether your conferencing servers (front ends) can handle the expected number of contact center conferences above the normal number currently consumed. This will help you decide whether you need a separate front end pool for your contact centers or not.

Calculating Conference Availability

To calculate this accurately, you need access to the Skype for Business Monitoring and reporting database. Your aim here is to produce a report containing the number of conferences on the pool over the course of a normal working week. For Example,

Day AU UK US
Monday 241 740 588
Tuesday 223 767 593
Wednesday 256 815 625
Thursday 267 717 671
Friday 251 827 633

Once you have the numbers, you can establish an average number of conferences for each pool per day. In my example above the averages look like this:

AU UK US
Average Per Day 248 773 622

From the report you also need to establish the average number of conference participants and also the average conference duration in minutes

AU UK US
Average Number of Participants 5 15 5
Average Conference Duration (minutes) 31 35 31

Now you have this base information, you can now start working out your concurrent conferences per pool. We can do this by first calculating the total average talk time per day, (AVERAGE DURATION x AVERAGE NUMBER OF CONFERENCES ON POOL) e.g. For UK that’s 35 x 773 = 27055 minutes.

Next, the working day for the UK is 8 hours, so we can deduct from the reporting that these conferences took part over the course of an 8 hour window. So we need to find out the concurrency. For that we need to find out how many conferences are taking place every second. This can be achieved by (AVERAGE TOTAL TALK TIME PER DAY / WORKING DAY) / 60 In the UK’s example that’s (27055/8) / 60 = 57 concurrent conferences.

Once this has been calculated we are closer to finding out the available capacity. The theoretical maximum number of conferences on a front end pool is calculated by the total number of conferencing users in a pool at any one time. The theoretical limit is 3,996 users in a 12-node pool, or 333 per front end server. But as not everyone has 12-node front end servers and conference consumption is hugely different between companies, the calculation between conferencing users and total number of conferences per pool can vary massively. For instance if your average participation in conferences is 3 users, then you have 111 conferences available per FE. However, if your average participation is 12, then you only have 27 conferences available per server!

In the UK example here, I have an average participation of 15 users per conference. The UK pool is a 3-node FE Pool. So using the logic applied we can calculate that each Front End has a capacity of 22 x 15 person conferences per server, resulting in a pool maximum of 66 x 15 person conferences

Now how are these conferences divided? We can calculate we have 57 simultaneous conferences going on, so (SIMULTANEOUS CONFERENCES / NUMBER OF SERVERS IN POOL) e.g. 57 / 3 = 19 conferences per server

To find the total number of conferencing users per pool you need to multiply the average number of participants by the number of simultaneous conferences taking place (AVERAGE NUMBER OF PARTICIPANTS x NUMBER OF SIMULTANEOUS CONFERENCES) e.g. 15 x 57 = 855 in the UK example

Next, you need to find calculate the distribution of these conference users over the number of servers in the FE pool (NUMBER OF CONFERENCING USERS / NUMBER OF FE SERVERS IN POOL) e.g. 855 / 3 = 285 in the UK example based on a 3-node FE pool. So the UK has 48 conferencing users available per server or 144 available conferencing users in the pool.

So the baseline result for Anywhere 365 conference availability for the UK is as follows:

  • 144 x conferencing users available in the pool
  • 6 x 15 person conferences available in the pool

Calculate the Predicted Anywhere365 Conference Consumption

In this example we are limited by the number of available conferences being 6. However, it is likely that contact center calls are only going to have 3 participants at any one time (caller, agent and system endpoint). So if we multiply the 6 available conferences by 15 (number of users) then we can see that we could have a further 90 x 1 person conferences instead of 6 x 15 person conferences. Divide 90 by 3 and we can subdivide those 6 x 15 person conferences into 30 x 3 person Anywhere365 available conferences.

So now we have a potential upper limit of 30 Anywhere365 conferences available for the UK pool. But we aren’t finished yet!

From the contact center design, you need to know the expected average call duration of inbound and outbound calls combined, for example 4 minutes. On top of that you need to calculate the average hold time and the time required to play messages to the user, because the conference begins on acceptance of the call, not when the agent begins to talk! So the calculation is (AVERAGE TALK TIME+AVERAGE WAIT TIME+AVERAGE SYSTEM TIME) e.g. for the UK pool we estimate in this example 4 minutes of actual talk time, 3 minutes of wait time and 2 minutes of messages (welcome, IVR, busy etc.) i.e. 4+3+2 = 9 minutes

We also need to know how many calls are expected per day across all contact centers deployed on the same Anywhere365 pool. In this example we will assume that there will be 300 calls per day across all UCCs.

So now we can do the same calculations to predict the Anywhere365 conference consumption.

1) Calculate average total conference duration over the course of the day = 300 calls per day * 9  minute duration = 2700 minutes total conference time

2) Calculate the total number of simultaneous Anywhere365 conferences at any time = (2700 / 8)/60 = 6 conferences per second

3) Calculate the total number of conferencing users per simultaneous conference = 6*3 = 18 (subtract 18 from 144 = 126 conferencing users left in the pool)

4) Subtract the number of expected conferences from the available Anywhere365 conferences = 30 – 6 = 24 remaining Anywhere365 conferences in the pool

From this we can summarise that the existing front end pool in the UK can support the expected conference workload without adding capacity or dedicating a conferencing pool to just Anywhere365 workloads. Keep the metric under the potential limit and you should be within optimum performance ranges.

I hope this helps you calculate your capacity when deploying Anywhere365.

%d bloggers like this: