skype for business cloud connector deployment · web viewskype for business site name; for example,...

Skype for Business cloud connector deployment

Shankar Paulraj

SEPTEMBER 8, 2017

Version Date Author Change Description1.0 21 Sep 2016 Shankar Paulraj Initial draft1.1 10 Oct 2016 Shankar Paulraj Include configuration for CLID

manipulation, Call Transfer & MOH.1.2 17 Aug 2017 Shankar Paulraj Update procedure for CCE 2.0.11.3 08 Sep 2017 Shankar Paulraj Amend Media Bypass

ContentsOverview..........................................................................................................................................2Prepare your environment for Cloud Connector.............................................................................3

IP Address Requirements.............................................................................................................3External Firewall Requirements...................................................................................................4

Outgoing Traffic from Edge....................................................................................................4Incoming Traffic to Edge.........................................................................................................4

Internal Firewall Requirements....................................................................................................5Outgoing Traffic from Mediation Server................................................................................5Incoming Traffic to Mediation Server.....................................................................................5

Edge Certificate Requirements....................................................................................................5Download CCE Setup File on Host Machine..............................................................................7Install CCE Setup on Host Machine............................................................................................7Verify Installation Directory........................................................................................................8Setup external certificate path on Host Machine.........................................................................8Create virtual switches in Hyper-V Manager..............................................................................9Update the CloudConnector.ini file.............................................................................................9

Download Sample ini file......................................................................................................21Download the bits to the Site Directory.....................................................................................21Prepare Base Virtual Disk from Windows Server 2012R2 ISO file..........................................22Set the PowerShell Execution policy to RemoteSigned............................................................24Change local Group Policy to not forcefully unload the user registry at user logoff................24Download the Skype for Business Online module for PowerShell...........................................24

Deploy a single site in Cloud Connector.......................................................................................25Register the appliance................................................................................................................25Install appliance.........................................................................................................................25

Configure Cloud Connector integration with your Office 365 tenant...........................................27

Update Public DNS for your domain.........................................................................................27Setup Hybrid and Configure O365............................................................................................27Test Client Sign-In and PSTN Dial out.....................................................................................28

Modify the configuration of an existing Cloud Connector deployment........................................30Additional Configuration...............................................................................................................31

Remove Country code from SFB Client CLID..........................................................................31Disable REFER support.............................................................................................................32Enable Client Music on Hold.....................................................................................................32Enable Media bypass.................................................................................................................32

Check if the Media bypass web service is reachable on CCE Mediation server...................33Configure Tenant for Media Bypass......................................................................................33Verify if the changes made on SfB online is synchronized to CCE......................................33Verify if SfB Client downloaded the configuration..............................................................35

Reference.......................................................................................................................................35

OverviewThis guides covers steps involved in downloading and installing Skype for Business Cloud Connector Edition 2.0.1.Microsoft TechNet link https://technet.microsoft.com/en-us/library/mt605228.aspx was used as reference throughout the deployment.To perform a successful deployment, do spend more time on planning and modifying the configuration file “CloudConnector.ini” with accurate values.The topology assumed here is single instance of Cloud Connector within a single PSTN site.Typically, CCE is deployed in DMZ, the only server that talks to customer LAN is mediation server.

https://technet.microsoft.com/en-us/library/mt605228.aspx

High-level Requirements1 x Host Server with Windows 2012R2 Data Center Edition1 x PSTN Gateway (makes no sense to test the CCE without an On-Premise PSTN Gateway)1 x Public SSL Cert1 x Public IP for the Edge Access1 x Working O365 Tenant with E5 License

Prepare your environment for Cloud ConnectorIP Address RequirementsPlan the IP address for your environment.

Host IP Address Gateway Remarks

AD 172.16.40.161/24 172.16.40.1 SfB Corp LAN

CMSServer 172.16.40.162/24 172.16.40.1 SfB Corp LAN

MediationServer 172.16.40.163/24 172.16.40.1 SfB Corp LAN

EdgeServer172.16.40.164/24 NA SfB Corp LAN

172.16.50.118/24 172.16.50.1 SfB Ext LANNAT to <public IP>One Public IP Needed for Edge External Interface

Gateway1 172.16.100.11 NA PSTN Gateway listening on Port: 5068

External Firewall RequirementsNote: Minimum Ports used, refer TechNet for recommended option.Outgoing Traffic from Edge

Source IP Destination IP Protocol

Destination Port

Port Description

CCE Edge External interface IP172.16.50.118

SFB Online IPs and FQDNs *.lync.com TCP 5061 CCE to Cloud

SIP Traffic


http://crl.entrust.net/level1k.crlBased on Public CA

TCP 80FQDN of your cert provider


External DNS (8.8.8.8) UDP 53 DNS Resolution


External DNS (8.8.8.8) TCP 53 DNS Resolution


SFB Online IPs and FQDNs *.lync.com TCP 443

For Audio and Video Session with SFB Online


SFB Online IPs and FQDNs *.lync.com UDP 3478


Incoming Traffic to EdgeSource IP Destination IP Protoco

lDestinatio

n PortPort

DescriptionSFB Online IPs and FQDNs *.lync.com

CCE Edge External interface IP172.16.50.118 TCP 5061 Cloud to CCE

SIP Traffic

SFB Online IPs and FQDNs *.lync.com

CCE Edge External interface IP172.16.50.118 TCP 443


SFB Online IPs and FQDNs *.lync.com

CCE Edge External interface IP172.16.50.118 UDP 3478


Internal Firewall RequirementsOutgoing Traffic from Mediation Server

Source Target Protocol Destination Port

Port Description

CCE Mediation Server172.16.40.163 Client Subnet TCP 50,000-

50,019Media port range

CCE Mediation Server172.16.40.163 Client Subnet UDP 50,000-

50,019Media port range

Incoming Traffic to Mediation ServerClient Subnet CCE Mediation Server

172.16.40.163 TCP 49,152- 57, 500

Media port range

Client Subnet CCE Mediation Server172.16.40.163 UDP 49,152-

57, 500Media port range

Edge Certificate RequirementsOption Description Notes

Single Site & Single SIP domain SN Provide the SN for your certificate accessedgepool.sipdomain.com

SAN Provides the SAN for your certificate

sip.sipdomain.com, acessedgepool.sipdomain.com

From any machine, run DigiCert Certificate Utility and create CSR.

Copy CSR and generate Cert using public CA.

Obtain & Install the certificate on the machine from which CSR was created.Export the certificate with private key and take note of the password.

Download CCE Setup File on Host Machinehttps://aka.ms/CloudConnectorInstaller

Install CCE Setup on Host Machine

Verify Installation Directory

Setup external certificate path on Host MachineCopy the certificate created previously to the Host machine folder C:/Certs

Set the certificate path for CCESet-CcExternalCertificateFilePath -Path <Full path to External certificate, including file name> -Target EdgeServer

Create virtual switches in Hyper-V Manager1. Open Hyper-V Manager > Virtual Switch Manager, and select New Virtual Switch

Manager.2. Create an External virtual switch and bind it to the physical network adapter that is

connected to your internal network domain.Select Allow management operating system to share this network adapter for this virtual switch.

3. Create an External virtual switch and bind it to the physical network adapter that is connected to the Internet and has a public IP address assigned.Select Allow management operating system to share this network adapter for this virtual switch.

4. Set the name of the switch that is connected to your perimeter network to your internal network domain to SfB CCE Corpnet Switch.Set the name of the switch that connects your perimeter network to the internet SfB CCE Internet Switch.

Update the CloudConnector.ini fileSite parameters Description Notes

SIP DomainsDomain(s) registered on O365.Support multiple domains separated by space. First domain is the default used

radiancecommslab.com

Virtual machine domain name

Domain name for the internal components of Cloud Connector. This domain must be different from the production domain. The name must be the same across all Cloud Connector appliances.Name in .ini file:

sfbhybridtest.local

“VirtualMachineDomain”Cloud Connector domain controller name

Name of the domain controller.Name in .ini file: “ServerName” AD

Cloud Connector domain controller IP/subnet mask

IP address of the domain controller.Name in .ini file: “IP” 172.16.40.161

O365 Online service FQDNs

Must be the default in most cases for the world-wide O365 instance.Name in .ini file: “OnlineSipFederationFqdn”

sipfed.online.lync.com

SiteName

Skype for Business site name; for example, Seattle.Name in .ini file: “SiteName”For Release 1.4.1 and later, site name must be different for each site and the name must match the PSTN site, if it exists, defined in Office 365. Note that PSTN sites will automatically be created when registering the first appliance in a site.

RadianceLAB

HardwareTypeRelease 1.4.1 and later

Type of hardware. The default value is Normal. You can also set to Minimum.

Minimum

Country Code Country Code for Dialing.Name in .ini file: “CountryCode” SG

City City (Optional).Name in .ini file: “City” SG

State State (Optional).Name in .ini file: “State” SG

Base VM IP address

The IP address of the temporary base VM that will be used to create the VHDX for all Cloud Connector virtual machines. This IP must be in the same perimeter corporate network subnet defined in the next step and requires Internet access. Be sure to define the corporate default gateway and the DNS that is routable to the internet.

Name in .ini file: “BaseVMIP”

Base VM Requires accesss to Internet.

WSUSServerRelease 1.4.1 and later

The address of the Windows Server Update Services (WSUS)—an intranet server to host updates from Microsoft Update.

You can leave blank if WSUS is not needed.

Subnet mask for internal network

Cloud Connector configures an IP network for internal communication between Cloud Connector components. Edge also must be connected to another subnet which allows Internet connectivity.

Name in .ini file: “CorpnetIPPrefixLength” under “Parameters for a pool of VM network”

24

Subnet mask for external network

For the external network of the Edge component.

Name in .ini file: “InternetIPPrefix” under “Parameters for a pool of VM network”

24

Switch name for internal network

Name for switch that will be used for the internal Cloud Connector network.

In most cases the default suggested value can be used.

Name in .ini file: “CorpnetSwitchName” under “Parameters for a pool of VM network

SfB CCE Corpnet Switch

Switch name for external network

Name for switch that will be used for the external Cloud Connector network.


Name in .ini file: “InternetSwitchName” under “Parameters for a pool of VM network

SfB CCE Internet Switch

Default Gateway for internal network

This gateway must provide access to the Internet (Internet also requires setting the DNS server) and will be configured on internal interfaces of Cloud Connector components.

Name in .ini file: “CorpnetDefaultGateway” under “Parameters for a pool of VM network

172.16.40.1

Default Gateway for external interface of Edge component

Will be configured on external interface of Edge component.

Name in .ini file: “InternetDefaultGateway” under “Parameters for a pool of VM network

172.16.50.1

DNS server for internal network

Will be configured on internal interface of temporary VM. Must provide name resolution for Internet names. Without providing a DNS server, Internet connection will fail and deployment will not finish.

Name in .ini file: “CorpnetDNSIPAddress” under “Parameters for a pool of VM network

172.16.50.254

DNS Server for external interface of Edge component

Will be configured on external interface of Edge.

Name in .ini file: “InternetDNSIPAddress” under “Parameters for a pool of VM network

8.8.8.8

Management switch name

Management switch is a temporary switch that will be created automatically, and that will be used for configuration of Cloud Connector during the deployment. It will be disconnected automatically after the deployment. It must be a different subnet from any other networks used in Cloud Connector.

SfB CCE Management Switch


Name in .ini file: “ManagementSwitchName” under “Parameters for a pool of VM network

Management subnet address/subnet mask

Management subnet is a temporary subnet that will be created automatically, and that will be used for configuration of Cloud Connector during the deployment. It will be removed automatically after the deployment. It must be a different subnet from any other networks used in Cloud Connector.

Names in .ini file: “ManagementIPPrefix” and “ManagementIPPrefixLength” under “Parameters for a pool of VM network

192.168.213.024

Central Management Store (CMS) Machine

Single FQDN used for Central Management Store (CMS). The AD Domain name will be used to generate the FQDN.

Name in .ini file: “ServerName” under “Parameters for Primary Central Management Service

CMSServer

CMS Machine IP address

IP address for CMS Server (internal in perimeter network).

Name in INI file: “IP” under “Parameters for Primary Central Management Service

172.16.40.162

File Share Name File Share Name to be created on CMS server for Skype for Business replication data (for example, CmsFileStore).


Name in .ini file: “CmsFileStore”

CmsFileStore

under “Parameters for Primary Central Management Service

Mediation component Pool Name

Pool Name of Mediation component. Enter Netbios name only. The AD Domain name will be used to generate the FQDN.

Name in .ini file: “PoolName” under “Parameters for a pool of Mediation Servers”

mspool

Mediation component name

Component Name of Mediation component 1. Enter Netbios name only. The AD Domain name will be used to generate the FQDN.

Name in .ini file: “ServerName” under “Parameters for a pool of Mediation Servers”

MedServer

Mediation component Machine IP address

Internal Corpnet IP for Mediation component (internal in perimeter network).

Name in .ini file: “IP” under “Parameters for a pool of Mediation Servers”

172.16.40.163

Edge pool internal name

Pool Name of Edge component. Enter Netbios name only. The AD Domain name will be used to generate the FQDN.

Name in .ini file: “InternalPoolName” under “Parameters for a pool of Edge Servers”

edgepool

Edge Server internal name

Component Name of Edge component. Enter Netbios name only. The AD Domain name will be used to generate the FQDN.

Name in .ini file: “InternalServerName” under “Parameters for a pool of Edge Servers”

EdgeServer

Edge server internal IP

Internal perimeter network IP of Edge component to communicate with other components of Cloud Connector.

Name in .ini file: “InternalServerIPs” under “Parameters for a pool of Edge Servers”

172.16.40.164

Access Pool External Name

Name of Access Edge; for example, AP. This name must match the name provided for the SSL certificate. Enter Netbios name only. The SIP Domain name will be used to generate the FQDN. One external pool name will be used for all Edge components in the pool. One Edge Access pool is required per PSTN site.

Name in .ini file: “ExternalSIPPoolName” under “Parameters for a pool of Edge Servers”

accessedgepool

“sip” is reserved and therefore cannot be used as the name.

The generated FQDN name must match the name provided for the SSL certificate.

External IP of Access Edge

External IP of Edge component – either Public IP if no NAT is available, or translated IP (please specify both addresses if mapped).

Name in .ini file: “ExternalSIPIPs” under “Parameters for a pool of Edge Servers”

172.16.50.118

Media Relay name

Name of Audio Video Media Relay Edge; for example, MR. One external pool name will be used for all Edge components in a pool. One Edge Media Relay pool is required per PSTN site.

Name in .ini file: “ExternalMRFQDNPoolName” under “Parameters for a pool of Edge Servers”

mr

External IP of Media Relay Edge

Currently only one IP is supported, so this will be the same IP as Access Edge, either public or mapped IP (please specify both addresses if mapped). Can be the same address as Edge component External IP of Access Edge. Note if Edge is behind NAT, you also need to specify the value for the next parameter.

Name in .ini file: “ExternalMRIPs” under “Parameters for a pool of Edge Servers”

172.16.50.118

External IP of Media Relay Edge (if Edge is behind NAT)

If your Edge is behind NAT you also need to specify the public address of the NAT device.

your pubic IP

Name in .ini file: “ExternalMRPublicIPs” under “Parameters for a pool of Edge Servers”

Voice Gateway 1 Make and Model

Specify the make and model of the SBC/Voice gateway. Note that you can connect a device or SIP trunk from the list of tested devices at https://technet.Microsoft.com/UCOIP.

Voice Gateway 2 Make and Model (copy this row if you have more than 2 gateways)

Specify the make and model of Voice gateway. Note that you can connect a device from the list of tested devices at https://technet.Microsoft.com/UCOIP.

Voice Gateway 1 Name

Used to generate the machine FQDN with AD Domain. Required if TLS will be used between the Mediation component and Voice Gateway. If you do not plan to use FQDN—for example, TLS is not required or Voice Gateway doesn’t support connection using FQDN (only IP)—please specify.

Voice Gateway 2 Name (copy this row if you have more than 2 gateways)

Used to generate the machine FQDN with AD Domain. Required if TLS will be used between Mediation component and Voice Gateway. If you do not plan to use FQDN—for example, TLS is not required or Voice Gateway doesn’t support connection using FQDN (only IP)—please specify.

Voice Gateway 1 IP Address IP Address of Voice Gateway. 172.16.100.11Voice Gateway 2 IP Address (copy this row if you have more than 2 gateways)

IP Address of Voice Gateway.

Voice Gateway 1 Port # (copy this row if you have more than 2 gateways)

Port that the Voice Gateway SIP trunk will listen on, e.g. 5060. 5068

Voice Gateway 2 Port #

Port that the Voice Gateway SIP trunk will listen on, e.g. 5060.

Voice Gateway 1 Protocol for SIP Traffic TCP or TLS. TCP

Voice Gateway 2 Protocol for SIP Traffic (copy this row if you have more than 2 gateways)

TCP or TLS.

External Media port range for traffic to and from Edge component

TCP/UDP port range for media traffic to and from external interface of edge. Must always start from 50 000. Refer to “Ports and Protocols” for more information.

50000 - 59 999

Media port range to communicate to/from the Mediation component via the internal firewall

UDP port range that the Mediation component will use to communicate to clients and gateways (recommendation 4 ports per call).

Media port range to communicate to/from Skype for Business client via internal firewall

For planning purposes, cannot be changed. Ports need to be opened in the internal firewall to communicate between Skype for Business clients within the internal network and with the Mediation component.

50 000- 50 019

Public Certificate password Must be provided in the script. Passw0rdSafe Mode Administrator Password

Version 1.4.2 only

Safe mode administrator password for internal CC domain.

Cloud Connector Domain Administrator password

Version 1.4.2 only

Password for Cloud Connector Domain Administrator (different from your production domain). User name is Administrator. You cannot change the user name.

Virtual Machines Administrator Password

Version 1.4.2 only

Used to configure management network during the deployment.

User name is Administrator. You cannot change the user name.

CABackupFile

Version 2.0 and later

Used for saving the Certification Authority Service from the Active Directory server to a file when deploying multiple appliances in a Cloud Connector site. Be sure to use the same password for all appliances within one Cloud Connector site in order to import the CA backup file to new added appliance successfully.

CCEService


Used for the Cloud Connector Management service; needs access to the Cloud Connector site directory. Be sure to use the same password for all appliances within one Cloud Connector site.

Office 365 Tenant Admin

The account is used by Cloud Connector to update and manage tenant settings for Cloud Connector:Version 2.0 and later: Credentials for a dedicated Office 365 account with Skype for Business Administrator rights.Versions previous to 2.0: Credentials for a dedicated Office 365 account with Global Tenant Administrator rights.

Enable REFER support

This will define whether SIP REFER support is enabled or disabled on the Trunk Configuration to your IP/PBX. The default value is True. If your IP/PBX Gateway supports REFER support, please leave this as True. If it does not, this value needs to be changed to False. If you are not sure if your gateway supports REFER, please see Qualified IP-PBXs and Gateways.

TRUE

EnableFastFailoverTimer


With the default value “True”, if outbound calls are not answered by the gateway within 10 seconds they will be routed to the next available gateway; if there are no additional trunks then the call will be dropped automatically.

However, in an organization with slow networks and gateway responses, or when the process of establishing calls takes more than 10 seconds, this could potentially result in calls being dropped unnecessarily.

When placing calls to some countries, for example the UAE or Afghanistan, call establishing process can take more than 10 seconds. You will need to change the value to False if you encounter similar issues. Do not forget to

TRUE

change the corresponding setting on the connected SBC or Gateway

ForwardCallHistory


This parameter is used to turn on SIP headers that are used to report the initial caller in Simultaneous Ringing, Call Forwarding, and Call Transfer scenarios. Setting the parameter to True will turn on two SIP headers:History-InfoReferred-By

The value can be True or False. The default value is False.

FALSE

Forward PAI


PAI is a private extension to SIP that enables SIP servers to assert the identity of authenticated users. For the SIP trunk provider, PAI may be used for bill-to purposes in the event that History-Info and Referred-By headers are not present. When Forward P-Asserted-Identity is enabled in the configuration, the Mediation Server will forward PAI headers with SIP & Tel URI’s from Cloud Connector onto the SIP Trunk. The Mediation Server will forward PAI headers with tel URI’s & E.164 numbers ONLY received on the SIP trunk to Cloud Connector. The Mediation Server will also forward any Privacy headers received in either direction. If the SIP Request sent by the Mediation Server includes a Privacy header of the form - “Privacy: id” in conjunction with the PAI header, then the asserted identity should be kept private outside of the network trust domain.

The value can be True or False. The default value is False.

FALSE

Download Sample ini file

Copy the sample ini file from C:\Users\Administrator\CloudConnector\ApplianceRoot

Rename the file to CloudConnector.ini and edit the file to suit your environment.

Download the bits to the Site Directory>Start-CcDownload

Download time depends on network conditions. Run the Get-CcDownloadProgress cmdlet to check the download status.

Prepare Base Virtual Disk from Windows Server 2012R2 ISO fileThis step prepares a virtual hard disk (VHDX) file from the Windows Server 2012 ISO image. The VHDX will be used to create virtual machines during deployment. A temporary virtual machine (base VM) will be created and Windows Server 2012 will be installed from the ISO file. After the VM is created, some necessary components will be installed. At the end, the base VM will be generalized (sysprep) and cleaned up, leaving only the generated virtual disk file.

Download the ISO file “WindowsServer2012R2.iso” on Host Server.

Sample command: Convert-CcIsoToVhdx -IsoFilePath c:\Users\Administrator\Downloads\WindowsServer2012R2.iso -PauseBeforeUpdate

Ensure that the VM has internet access and then type “Y”.

After almost 3 long hours,

Set the PowerShell Execution policy to RemoteSignedOn the Host machine ensure that execution policy is set “RemoteSigned”

If it is not set to "RemoteSigned," run the following cmdlet to change it:

>Set-ExecutionPolicy RemoteSigned

Change local Group Policy to not forcefully unload the user registry at user logoffThe CceService account is created during the Skype for Business Cloud Connector Edition (CCE) deployment. It runs the CCE Management Service and requires permission to uninstall the cloudconnector.msi.To change the Group Policy setting

1. Open the Group Policy Editor by running gpedit.msc.2. In the Group Policy Editor, navigate to Administrative Templates > System > UserProfile

> Do not forcefully unload the user registry at user logoff.3. Set its value to be Enabled.

Download the Skype for Business Online module for PowerShellDownload and install SFB online module for PowerShellhttps://www.microsoft.com/en-us/download/details.aspx?id=39366

Deploy a single site in Cloud ConnectorRegister the appliance>Register-CcAppliance

Enter necessary password for accounts.

Install appliance>Install-CcAppliance

Verify the Virtual Machines

Verify CCE status from SfB Online Admin Portal

Configure Cloud Connector integration with your Office 365 tenantUpdate Public DNS for your domain

TYPE

SERVICE PROTOCOL PORTTARGET NAME

SRV _sip _tls 443 sipdir.online.lync.com @

SRV _sipfederationtls _tcp 5061 sipfed.online.lync.com @

RECORDS FOR THE EDGE SERVER

TYPE

HOSTNUMERIC IP

A accessedgepool <your edge public ip>

A mr <your edge public ip>

Setup Hybrid and Configure O365

Import Module SkypeOnlineConnector

Connect to O365 Tenant

Import Session

Setup Hybrid Connectivity>Set-CsTenantHybridConfiguration -PeerDestination <External Access Edge FQDN> -UseOnPremDialPlan $false>Set-CsTenantFederationConfiguration -SharedSipAddressSpace $True

Configure Tel URI for UsersAssumption: User is configured in O365 and assigned E5 license.Set-CsUser -Identity "<User name>" -EnterpriseVoiceEnabled $true -HostedVoiceMail $true -OnPremLineURI <tel:+phonenumber>

Test Client Sign-In and PSTN Dial out

Make Test Calls

Modify the configuration of an existing Cloud Connector deploymentFollow below procedure ONLY if there is a need to change any of the CCE settings that was configured using the INI file previously.If there is only one appliance in the site, when you want to change the configuration settings after the appliance is deployed, you can modify the CloudConnector.ini file and start the deployment again.

1. Run the following cmdlet to uninstall all existing virtual machines on host server:>Uninstall-CcAppliance

2. Run the following cmdlet to unregister the appliance>Unregister-CcAppliance

3. Update the CloudConnector.ini file in the Appliance Directory.Modify INI file to include the changes that you may want.

4. Run the following cmdlet to register the appliance again>Register-CcAppliance

5. Run the following cmdlet to install Skype for Business Cloud Connector Edition:>Install-CcAppliance

Additional ConfigurationRemove Country code from SFB Client CLIDManipulate SFB Client CLID from the Mediation ServerNew-CsOutboundCallingNumberTranslationRule -Parent "site:Site1" -Name EightDigit -Description "Converts a dialed number to eight digits" -Pattern '^\+65(\d{8})$' -Translation '$1'

Disable REFER supportBased on the PSTN gateway used there might be a need to disable REFER support on the trunk configuration, otherwise the call transfer feature may not function correctly.Disable REFER support from the Mediation ServerSet-CsTrunkConfiguration –Identity Site:Site1 -EnableReferSupport $false

Enable Client Music on HoldEnable MOH from Skype Online.Connect to Skype online and issue the following command.Set-CsClientPolicy -Identity Global -EnableClientMusicOnHold $true

Enable Media bypassBy default, media bypass is disabled, the rtp traffic to PSTN gateway flow through the CCE mediation server “172.16.40.163”.SfB Client IP: 172.16.160.22

Below packet capture confirms the same.

Check if the Media bypass web service is reachable on CCE Mediation server.Access URL http://medserver.hybridtest.local/hybridconfig/hybridconfigservice.svc from client machine.

Note: In the production DNS server configure DNS A record for CCE mediation server.

Configure Tenant for Media BypassConnect to SfB online using PowerShell and issue below command,Set-CsTenantHybridConfiguration -HybridConfigServiceInternalUrl http://medserver.hybridtest.local/hybridconfig/hybridconfigservice.svc

$mediabypass = New-CsNetworkMediaBypassConfiguration -AlwaysBypass $true -Enabled $true

Set-CsNetworkConfiguration -MediaBypassSettings $mediabypass

Verify if the changes made on SfB online is synchronized to CCE.Get-CsTenantHybridConfiguration -LocalStoreGet-CsNetworkConfiguration -LocalStore

http://medserver.hybridtest.local/hybridconfig/hybridconfigservice.svc

http://medserver.hybridtest.local/hybridconfig/hybridconfigservice.svc

Verify if SfB Client downloaded the configuration.

Once media bypass is enabled, the rtp traffic from SfB client flow directly to the PSTN gateway.Below packet capture confirms the same.SfB Client IP: 172.16.160.213PSTN Gateway (DSP or Media Gateway): 172.16.150.254

Referencehttps://technet.microsoft.com/en-us/library/mt605228.aspx

https://technet.microsoft.com/en-us/library/mt605228.aspx

skype for business cloud connector deployment · web viewskype for business site name; for example,...

Documents