Step By Step – Deploy Enterprise Edition of Skype For Business (SFB) Server 2015



Introduction

Installation of Skype For Business (SFB) Server requires proper planning and execution on following fronts.

  • Installation of Pre-requisites
  • Creating a File Share
  • Prepare SQL Server
  • Create DNS Records
  • Install Administrative Tools
  • Prepare Active Directory
  • Define & Publish the Topology
  • Install Skype For Business
  • Request & Assign Certificate
  • Start The Services
  • Enable Users
  • Login to Skype For Business Client
 These steps require interaction with lot of cross functional teams (AD, network, security, vendors, etc). It’s always recommended to identify the tasks categorically, and to keep entire set of stakeholders on the same page.

Installation of Pre-requisites

Operating Systems Requirement

Microsoft recommends to use only Windows Server 2012 R2. Other operating systems (windows 2012, Windows 2008 R2) are also supported. But, older versions are only recommended if you intend to perform in-place upgrade.

 Strongly recommended to apply the latest operating system patches. Absence of patches may kill a lot more precious time during troubleshooting.

PowerShell Command to enable required roles and features:

You need to run following command on Skype For Business (SFB) Servers.

Add-WindowsFeature NET-Framework-Core, RSAT-ADDS, Windows-Identity-Foundation, Web-Static-Content, Web-Default-Doc, Web-Http-Errors, Web-Asp-Net, Web-Net-Ext, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Http-Logging, Web-Log-Libraries, Web-Request-Monitor, Web-Http-Tracing, Web-Basic-Auth, Web-Windows-Auth, Web-Client-Auth, Web-Filtering, Web-Stat-Compression, Web-Dyn-Compression, NET-WCF-HTTP-Activation45, Web-Asp-Net45, Web-Mgmt-Tools, Web-Scripting-Tools, Server-Media-Foundation –Restart

 You need to run this command on SFB server. Launch windows PowerShell as an admin. Depending on operating system install status, you may have to supply –source switch.

Creating a File Share

You need to create a file share for the Skype For Business (SFB) pool. You can create either a basic windows share (no high availability) or a Distributed File System (DFS) file share (high availability).

  • Accessibility of file share is critical. Ensure that it is highly available.
  • Grant Allow: Full Control, Change, and Read rights to the local Administrators group of the server hosting the file share.

Prepare SQL Server

You need to prepare backend server to setup an enterprise pool. Following SQL versions are supported.

  • Microsoft SQL Server 2014 Enterprise (64-bit edition) - Cumulative Update 6 or later
  • Microsoft SQL Server 2012 Enterprise (64-bit edition) - Latest service pack.
  • Microsoft SQL Server 2008 R2 Enterprise (64-bit edition) - Latest service pack.

Microsoft supports SQL Mirroring and SQL Clustering for high availability purpose.

 Strongly recommended to apply the latest SQL server patches. Absence of patches may kill a lot more precious time during troubleshooting.

Create DNS Records

Appropriate DNS records are required to avail various features and functionalities of Skype For Business (SFB) server. DNS requirements for Skype for Business is explained at https://technet.microsoft.com/en-in/library/dn951397.aspx

The Lync Windows Store app has a different process to locate the SFB Services. It uses two records:

  • lyncdiscoverinternal. <domain> A (host) record for the Autodiscover service on the internal Web services
  • lyncdiscover.<domain> A (host) record for the Autodiscover service on the external Web services

  • http(s) traffic doesn’t support DNS load balancing                                                     

  • SFB supports IPv6

  • Simple URLs can be configured using single or different FQDNs


Install Administrative Tools

Install Skype for Business Server 2015 administrative tools from the Deployment Wizard on one of the SFB servers. This is the server you will be using to perform necessary steps.

  • Insert the Skype for Business Server 2015 installation media. If the setup does not automatically begin, double-click Setup.
  • The installation media requires Microsoft Visual C++ to run. A dialog box will pop up asking if you want to install it. Click Yes.
  • By using Smart Setup, a new feature in Skype for Business Server 2015, you can connect to the Internet to check for updates during the installation process. This provides a better experience by making sure you have the most recent updates to the product at installation. Click Install to begin the installation.
  • Carefully review the License Agreement, and if you agree, select I accept the terms in the license agreement, and click OK.
  • The Skype for Business Server 2015 Core Components will be installed on the server.
  • The Core Components consist of the following, as shown in the figure.

Launch Skype for Business Server 2015 Deployment Wizard

Click Install Administrative Tools on the Deployment Wizard.

Click Next to begin the installation.

Once the installation has completed, click Finish. The administrative tools are now added to the server, as shown in the figure.


Prepare Active Directory

Log on as a user with Schema Admins credentials for the Active Directory domain.

Open Skype for Business Server Deployment Wizard.

Click the Prepare Active Directory link.

Complete the three sub-steps (schema, forest & domain prep) in order to prepare Active Directory.


How to check if Active Directory (AD) is prepared? : http://www.rtcpedia.com/Blogs/Action?blogId=34&blogURL=ActiveDirectorypreparationSkype

Define Topology

Launch Topology Builder

Log in as admin with access to Topology Builder.

Open Skype for Business Server Topology Builder (right click and run as admin).

Select New Topology, and click OK.

Select a location and file name for the topology configuration file.


Define the Domains

On the Define the primary domain screen, enter the primary SIP domain (For example, contoso.com), and click Next.


Add any additional supported SIP domains, and then click Next.


Define the first (or additional) Site

Enter a Name and Description for the first site (location), and then click Next.

Enter the City, State/Province, and Country/Region Code for the site, and then click Next.

Select Open the New Front End Wizard when this wizard closes.


Add Front End Pool\Server

Click Next on the screen below.


Enter the fully qualified domain name (FQDN) of the pool, and select Enterprise Edition Front End Pool and then click Next.

Note: Pool FQDN is same as SFB server FQDN is you select Standard Edition Server, and it’s different than a server FQDN if you select Enterprise Edition Front End Pool.


Enter the fully qualified domain names (FQDNs) of all servers in the pool, and then click Next.

Enterprise edition pool FQDN is a unique DNS record. It’s different than the front end server FQDNs.

Standard edition pool FQDN is same as the server FQDN.



Select the features that will be included in this topology, and then click Next.


I usually configure Archiving and Monitoring separately. You can also chose to configure enterprise voice and call admission control separately.

If you intend to collocate the Mediation server on the Enterprise Edition Front End pool, ensure the check box is selected.


We recommend to leave the check box clear, and define the topology. After you have published, configured, and tested the Front End and Back End Server roles, you can run Topology Builder again to add the role servers to the topology.

Otherwise, you can select the check box, if you have an Edge Pool\Server in place.


To define a new SQL Server instance to store pool information, click New, and then specify the SQL Server FQDN in the Define New SQL Store dialog box.

Note: To use an existing SQL Server store that has already been defined in your topology, select an instance from SQL store. Also, to use SQL Mirroring, select Enable SQL mirroring, and select an existing instance, or create a new instance.




To define a new file share, select Define a new file share, in the File Server FQDN box, enter the FQDN of the existing file server where the file share is to reside, and then enter a name for the file share in the File Share box.

Note: To use a file share that has already been defined in your topology, select Use a previously defined file share.


We are using high end hardware load balancer to load balance SIP and HTTP(S) traffic. Hence, we are not selecting the Override internal Web Services pool FQDN check box. Otherwise, you need to select it and enter the internal base URL (which must be different from the pool FQDN) in Internal Base URL.

Enter the external base URL in External Base URL. You need to publish this URL to internet using a reverse proxy.


If you selected Conferencing on the Select Features page, you will be asked to select an Office Web Apps server. Click New to launch the dialog box.


Configure simple URL's

In Topology Builder, right-click the Skype for Business Server top node, and then click Edit Properties


In the Simple URLs pane, select either Phone access URLs: (Dial-in) or Meeting URLs: (Meet) to edit, and then click Edit URL.

The simple URLs should be configured using external SIP domain(s) so that external users can join meetings. The SIP domain should be able to be resolved by external DNS.

In the Administrative access URL box, enter the simple URL you want for administrative access to Skype for Business Server Control Panel, and then click OK. This is an internal URL to be resolved by internal DNS server.

Publish Topology

Right-click the Skype for Business Server 2015 node, and then click Publish Topology.

On the Publish the topology page, click Next.

On the Select Central Management Server page, select a Front End pool

On the Select databases page, select the databases you want to publish.

Click Next to complete the publishing process.

Install Skype For Business

Launch Deployment Wizard page (right click and run as admin).

On the Deployment Wizard page, click Install or Update Skype for Business Server System.

Note: You need to run the setup.exe if deployment wizard is not installed already.


Click Run next to Step 1: Install Local Configuration Store.


On the Install Local Configuration Store page, make sure that the Retrieve directly from the Central Management store option is selected, and then click Next.



When the local server configuration installation is complete, click Finish.


Click Run next to Step 2: Setup or Remove Skype for Business Server Components.




Request & Assign Certificate

Click Run next to Step 3: Request, Install or Assign Certificates.


On the Certificate Wizard page, click Request.


On the Certificate Request page fill in the relevant data including selecting the SIP domain and, click Next.


You can use internal certification authority for certificates to be assigned to the internal SFB services.

Users need to have root CA installed on their local computers.



On the Certificate Request Summary page, review the information in the summary. If the information is correct, click Next.



On the Online Certificate Request Status page, review the information returned. You should note that the certificate was issued and installed into the local certificate store. If it is reported as having been issued and installed, but it is not valid, make sure that the CA root certificate has been installed in the server’s Trusted Root CA store.

By default, the check box for Assign the certificate to Skype for Business Server certificate usages is selected. If you want to manually assign the certificate, clear the check box, and then click Finish.


On the Certificate Assignment Summary page, review the information presented to make sure that this is the certificate that should be assigned, and then click Next.



Check root CA certificate on SFB server if you don’t see the requested/obtained certificate details. Root CA certificate should be installed on all SFB servers.


On the Certificate Wizard page, confirm that all services have a green check to indicate that all have been assigned a certificate, including the OAuthTokenIssuer ,as shown in the figure, and then click Close.


Start The Services

Press windows key + R and type Services.msc. Start the SFB services. Alternatively, you can restart the server. It should start SFB services during restart of the server.

Enable Users for SFB

Using Control Panel

Log on to the computer as a member of the RTCUniversalServerAdmins group, or as a member of the CsVoiceAdministrator, CsServerAdministrator, or CsAdministrator administrative role.

Open Skype for Business Server Control Panel.

In the left navigation bar, click Users.


Add the users (you can add multiple in one go). Select appropriate parameters and click Enable.


Using PowerShell

Run following command on SFB PowerShell.

Enable-CsUser -Identity "User Display Name" -RegistrarPool "SFB Pool" -SipAddress "sip:SIP_Address"

Login to Skype For Business Client

Launch Skype for Business client from program menu. Click on the gear (encircled in red) button. Click Tools=> Options => Personal.


Type SIP address of the user under My Account. Click Advanced.


Under Advanced Connection Settings, select appropriate option. You should select Automatic configuration if correct SRV records are created in DNS. Otherwise select Manual Configuration and type the SFB pool name in Internal Server Name. You should type FQDN of Access Edge server in External server name to connect from internet. Click Ok (two times) to return to home screen of the client.


You need to have correct DNS records (A & SRV) to use automatic configuration. You need to know the SFB Pool\Edge details, if you want to use manual configuration.


Click Sign In and provide credential info when prompted.


Cheers!!! Feel free to post comment in case you have further question(s).



2 Comments

Ram

Apr 12 2016 8:27AM

Thanks John.

JohnS

Apr 10 2016 6:02AM

Very good article. Keep it up!