Jan 10, 2017

How To Deploy Skype For Business 2015

This article will guide you through the steps to install and configure Skype for business server 2015. The first step is to download the product, for this guide we will download the evaluation from here. The next step is to install Windows Server 2012 R2 or Windows Server 2012 Standard or Datacenter edition to support Skype for Business Server 2015. Make sure that a Windows Update was run and all updates are in place.

Unfortunately, you can not install Skype for business 2015 on the latest Windows Server 2016 and it is not yet supported.

Planning Skype for Business

This section of the article looks at understanding the Skype for Business Server 2015 server roles and how to start the planning process to deploy the solution.

We are going to to discuss how to deploy a brand new Skype for Business Server 2015 into an existent environment running Active Directory and Exchange Server 2016. This new release of Skype for Business Server has tons of new/improved features. Some of these are: in-place upgrade from previous versions, support for Always On SQL feature, centralized logging and improved Snooper debugging tool, hybrid environment which supports CloudPBX feature, Video Interop Server (VIS) to integrate Skype for Business Server 2015 and Cisco video teleconferencing systems, built-in data call quality survey results, improved mobility and meeting experience to the end-users.

The first step before starting the technical process is to understand the roles available in this release and that is going to be the primary goal of this article. We will also discuss how to take advantage of Microsoft documentation to understand the inter-communication among Skype for Business Server roles, as well certificate, and DNS diagrams and planning tools to help during the planning phase.

Skype for Business Server 2015 Roles

The first stop in our journey is to recap the server roles available in Skype for Business Server, and here is a resume of each one of them.
  • Front End Server
    This role is required on any Skype for Business Server 2015 deployment. It always has a back end component which is an SQL Database that, depending on the design, can be in a cluster or in a separate server. When configured in Enterprise Mode, then a series of Front End Server are grouped together and they create a Front End pool and provide high availability and fault tolerance.
    This role is key for the Skype for Business Server 2015, it is responsible for user authentication and registration, presence information, IM (Instant Messaging) including multiparty IM conferences etc.
    Usually the first Front End will have the CMS (Central Management Server) which is the main database that is replicated to all servers, and it is responsible to keep the configuration of the entire Skype for Business environment consistent on all servers.
  • Edge Server
    If there is need to communicate with external users, and that external user can be an internal user located outside of the company, federated partners, or external users being invited to meeting, then the Edge Server role is a requirement.
    Another requirement for the Edge Server role is the use of mobile devices (including Android, Apple, and Microsoft devices) to use Instant Messaging, presence, conference and Call via Work feature.
  • Mediation Server
    This role is required when we want to integrate the Skype for Business Server environment with Telephony systems which will enable some cool features, such as: dial-in conferencing, Enterprise Voice (send and receive calls from your Skype for Business endpoints) and Call Via Work.
  • Director
    Director is a role that allows the authentication process to be performed however it does not home any user on these servers. They are used to improve the security where in a DoS (Denial of Service) attack the requests will be stopped at the Director level and not directly on the Front End Server.
  • Video Interop Server
    This is a new role in this new release of the product. It allows integration of Skype for Business Server 2015 with certain third-party VTC (Video Teleconferencing System), mainly with Cisco/Tandberg systems.
  • Persistent Chat Server
    This role allows a conversation based on topic to persist over-time, and helps team collaboration.
Now that we are on the same page about the roles available on Skype for Business Server 2015, we need to understand how the roles interact for several workloads, such as: IM and Presence, A/V and Web Conferencing, Enterprise Voice, Application Sharing and Broadcast Conferencing.

Before heading to the Internet and trying to figure out what connects where, we can use a great resource from Microsoft called Technical Diagrams and they help the administrator to understand why some roles are required and how it integrates with other roles. The Technical Diagrams can be found here.

IM and Presence Technical Diagram

Besides showing the integration among server roles, the same technical diagram file has some additional pages that help the planning process by providing a great deal of details on the Certificate Requirements, DNS Configuration and CMS (Central Management Store) component.

Certificate Requirements for Skype for Business Server 2015

Server collocation

One question that may come up is… Should we have a server for each role? The answer is simple, depends of the role. The best way to tackle this question is understanding which roles require a separate server, which are: Director, Edge, and VIS (Video Interop Server).

The role that can be collocated is Mediation with the Front End Server role.

Skype for Business Scenarios

Skype for Business Team created a reference topology page which helps administrators to understand Skype for Business components that need to be evaluated during the planning phase, and since they provide some examples it is easy to understand what we should consider during the planning stages of the solution.

In the next step, we will cover the Skype for Business Planning Tool which will use the concepts that we are working here and add information on the tool to get an idea of the future environment.

Reference Topology for a small organization

Using the Planning Tool to design a future Skype for Business Server 2015 deployment.

We are going to discuss the Skype for Business Server 2015 Planning Tool which is a tool that allows the administrator do define the sites, size of the sites and features that will be enabled to the end-users, and it will give you a diagram of your environment. After that you can go one step further and configure the IP Addresses and FQDN (Full Qualified Domain Names) of your servers to complete a huge chunk of your design phase.

The first step is to download the tool by clicking here. The installation process is straight forward and does not require any additional settings just the default settings. The system requirements are Windows 7 or later and Microsoft .NET Framework 4.5 or later.

The tool should be installed on a workstation since there is no server requirements for it. The tool has some changes when compared with previous versions, as follows:
  • IPv6 Support
  • Support up to 10 sites
  • Better IP/FQDN/Port editing
  • The tool does not support Virtualized server design
  • The tool does not support exporting the information to Topology Builder

Designing the future Skype for Business Server environment

The tool is simple and easy to use. In the first page you will have an introduction about the tool capabilities, and we have two options Get Started or Design Sites.

Skype for Business Server 2015 Planning Tool welcome page

If the decision was Get Started which is a good option for those that are not too familiar with Skype for Business Server. This helps because it asks questions which are not based on server roles but features, and based on those answers the site design (which is the second portion) will come with all Skype for Business features/roles filled out automatically. These are the main topics when using the Get Started option.
  • Audio/Video Conferencing
  • Dial-In Conferencing
  • Web Conferencing
  • Enterprise Voice
  • Call Admission Control
  • Monitoring
  • Archiving
  • Persistent Chat
  • Video Interop
  • Mobility
  • Federation
  • High Availability
  • IP Support
  • Disaster Recovery
The site design can be accessed directly from the main page, the only difference is that we need to define the features based on our knowledge of Skype for Business Server 2015. In the example below we run the Get Started option first and all options were already selected when we get to the site definition.

The process of creating a site is straight forward. The administrator defines Site Name, and the number of users for either on-premises and Cloud, and then features/roles that will be used on the site. Based on that selection a series of questions will be asked to size the solution properly. At the end the administrator has the option to add another site (keep in mind that the current limitation is 10 sites)

Defining the features/roles of a new site

For the first site we will define the SIP Domain, and the questions after that will be based on the selections. Here are some items that may be asked by the wizard: Conference Settings, Voice Infrastructure, External User Access, Persistent Chat, Collocation Options, Mobile, High Availability, Branch Sites

The SIP Domain should be the same one used by the corporate e-mail to keep settings simple in your environment.

After adding all sites, a Global Topology will be shown, and on the right side we have a couple of options to manage the site (Add, View, Delete and Edit) and the most important is the Hardware Configuration for our planning, including number of servers for each role.

The diagram generated based on the previous questions

For more information in any given site, double click on it, and the diagram of the environment will be displayed based on the information that we entered during the wizard. On the right side we have information about the utilization of the site itself (Site Information area) and hardware for that site.

The diagram with more details about servers and infrastructure for Toronto’s site

Using the options View Planning Steps and View Deployment Steps the administrator has a list of useful resources to perform the tasks required to complete the Skype for Business Server 2015 deployment.

Checking the Deployment Steps based on your scenario

Checking Hardware Requirements

After having all Skype for Business Servers laid out in a nice diagram, we can use the same diagram to check the hardware requirements based on our input during the wizard. Just double click on any server from the diagram and a new page containing the Hardware Requirements and Port Requirements will be displayed. Keep in mind that the view is per server, to check other server requirements we must double click on them.

Hardware and Port Requirements for a specific server in the diagram

Adjusting the design to fit your new environment

In my opinion, the best feature is when the environment requires an Edge Server which, based on our first article allows external communications with our Skype for Business Server through federation, mobile or external users connecting in IM, Web Conferencing and so forth.

The Edge Server is not simple at all. It requires at least two servers (for high availability purposes), a reverse proxy, load balancing (DNS or Hardware), public IPs, DMZ and etc. Basically, if you don’t plan well, our chances of success are drastically reduced.

When we double click on any server from any given site, there is a tab called Edge Network Diagram and it will show a beautiful design of the environment with some names and IPs. The diagram helps to understand the environment, and trust me your network folks will understand the diagram much better than you trying to explain over a Change Management session.

Edge Network Diagram using default values

The diagram is good, but with all those weird names and weird IPs that do not match your existent network is not perfect. The Skype for Business Team thought about that, and we can double click on any object and change its name and IP, and that updates the diagram making it even more useful for documentation and design purposes.

Updating the server object with the proper name and IP address

After updating the diagram with the proper IPs and server names, there is one more tab that helps the administrator to plan the new environment. Click on Edge Admin Report and a new page with four (4) tabs: Summary Report, Certificates Report, Firewall Report and DNS Report will be available.

The most important thing is that all information there is based on the design and using the names that we updated on the diagram. That makes it extremely easy to hand it over to different teams such as Network and/or security to perform configuration changes to support Skype for Business.

After creating the design, editing to match your future environment and getting all information for your design, there is one more feature that is extremely helpful, there is an option to export to VSD (Visio) and Excel the information and edit the diagrams to add to your design documents.

Preparing the Server 

The first step is to prepare the server to set up the Skype for Business Server 2015, the setup process can be initiated by running Y:\Setup\amd64\setup.exe (where Y: is the drive letter where the ISO was mounted).

The setup will install automatically the Microsoft Visual C++ 2013 which is a requirement for the installation process, and after that a location on the local disk must be defined to store the installation files, by default this location is C:\Program Files\Skype for Business Server 2015 folder.

Click on Install, the process will require acceptance of the license terms and after that a connection with the Internet to check the latest updates will be performed, wait for the completion and click on Next when the button becomes available.

The entire process to install Skype for Business Server 2015 is using the Deployment Wizard which is a wizard that has step by step how to deploy the entire solution, and it tracks the progress as we move forward with the product installation.

Before starting the Deployment Wizard, the server where the first Skype for Business Server (Front End role) will be installed will require a series of features, the best way to accomplish that is opening PowerShell as administrator and run the following cmdlet. After the completion, restart the server and then we can continue with the Skype for Business Server deployment process.

Add-WindowsFeature RSAT-ADDS, Web-Server, Web-Static-Content, Web-Default-Doc, Web-Http-Errors, Web-Asp-Net, Web-Net-Ext, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Http-Logging, Web-Log-Libraries, Web-Request-Monitor, Web-Http-Tracing, Web-Basic-Auth, Web-Windows-Auth, Web-Client-Auth, Web-Filtering, Web-Stat-Compression, Web-Dyn-Compression, NET-WCF-HTTP-Activation45, Web-Asp-Net45, Web-Mgmt-Tools, Web-Scripting-Tools, Web-Mgmt-Compat, Desktop-Experience, Telnet-Client

To continue the deployment process after the server restart, open up C:\Program Files\Skype for Business Server \Deployment and click on Deploy. The Deployment wizard will determine the deployment state and that may take a few seconds during the initial start.

Preparing Active Directory

The Active Directory preparation is composed of seven (7) steps altogether, but only three are preparation of the Active Directory and the other are checking and the last one is managing accounts to be administrator of the Skype for Business Server 2015 environment.

This operation will modify the current Active Directory, then the best practices requires to have replication in place and running smoothly, and a proper backup before starting this process. Also, you should have all FSMO up and running, we can check these servers by running netdom query fsmo.

The Deployment Wizard will list all steps in the proper order and they are numbered from Step 1 to Step 7 (Item 1), for each step we will have the Prerequisites and Help explaining the process (items 2 and 3), and finally the administrator can run the process using the graphical user interface (item 4). Keep in mind that in order to prepare Step 3, we must complete steps 1 and 2 otherwise the button will be grayed out.

The Prepare Schema (Steps 1 and 2), requires Schema Admins credentials to be performed, we can find that out by checking the Active Directory Users and Computers or running net user /domain and check if the Schema Admins has the current user as member.

After clicking on Run, a small wizard will be displayed, just click Next and then wait for the completion of the process (it may take a few minutes) and the last page of the wizard allows the administrator to check the logs of the operation.

If we want to be a little more thorough, we can open ADSIEdit.msc, connect to the Schema, search for CN=ms-RTC-SIP-SchemaVersion and check the attributes rangeLower and rangeUpper, they should have the values 3 and 1150 respectively.

The Prepare Current Forest (steps 3 and 4) requires Enterprise Admins privileges, and in this step the Skype for Business Server groups will be created in Active Directory (they all start with CS or RTC on their names). In order to prepare the forest, click on run and leave default settings to complete the preparation.

In order to check if the process was successful, check the Users container in Active Directory Users and Computers, and several groups related to Skype for Business should be listed. Make sure to give enough time for Active Directory replication to take place in larger environments.

The Prepare Current Domain (steps 5 and 6) will configure the proper permission for the groups created in the previous step, just click on Run and leave default settings to complete the wizard.

In order to check what was done during this process, we can look at the Security tab of the Active Directory domain object, and we will see at least four (4) entries for the RTC groups.

The final step of this preparation process is to add the future Skype for Business Administrators as part of the group CSAdministrator, by default that group is created empty.

Since we have prepared Active Directory to support Skype for Business Server 2015, we will continue the installation process in next step.

Preparing the environment

Preparing the environment to support the first Skype for Business Server deployment which includes DNS, Shared Folder and Central Management Store installation. Through the Deployment Wizard, we will perform two tasks:

  1. Install Administrative Tools and Prepare first Standard Edition Server
  2. Prepare the DNS to support Skype for Business and create a shared folder for the new deployment.

The first tasks (Install Administrative Tools) is a straight forward process, just leave default values and the installation process will add the basic tools to manage a Skype for Business Server environment, which are:

• Skype for Business Server Control Panel
• Skype for Business Deployment Wizard
• Skype for Business Server Management Shell
• Skype for Business Server Topology Builder

The second step is key to build the foundation for Skype for Business Server in your environment. The Prepare First Standard Edition server prepares the Standard Edition Server that we are going to use to host the CMS (Central Management Store).

The CMS is the central repository in Skype for Business Server solution, and it is around since Lync Server 2010. In that repository we will find the topology, configuration and policies in place on the environment. The CMS is protected and the only way to interact with it is through Topology Builder, Skype for Business Server Management Shell and Skype for Business Control Panel.

The process to prepare the CMS may take a little bit of time because involves SQL Server 2014 Express Edition installation and configuration, the preparation process will also create the Firewall exceptions to support SQL Server 2014.

Creating the Skype for Business Server share

During the initial topology creation, a shared folder will be required. We will use the same Skype for Business Server to host the shared folder. The Shared Folder requires only the local administrator group with Full Access permissions. In this article, we are using S4BShare as the name of the folder and share.

Configuring DNS Server to support Skype for Business Server

The DNS plays a key role when implementing Skype for Business Server, if the SIP domain that will be assigned to the future Skype for Business clients (usually the same as the SMTP address) is the same FQDN (Full Qualified Domain Name) of your Active Directory, then it is a piece of cake, your work will be just adding entries in the existent zone and we are good to go to the next phase. An example, my Active Directory FQDN is techsupportpk.com and my SMTP/SIP will be support@techsupportpk.com, that means that when I look at the DNS console I will have a zone called techsupportpk.com.

However, if the domain used by the SMTP/SIP is different from the Active Directory FQDN, then we need to decide how to configure the DNS, then we have a couple of options:

• Split-brain in this scenario, we create the zone internally and assign internal names for the Skype for Business services. For example: if the AD zone is techsupportpk.local and the SMTP/SIP is techsupportpk.com, we will create the techsupportpk.com internally and all entries that are being used for the internal clients on the techsupportpk.com must be recreated internally.

• Automatic Configuration using Group Policies (GPOs) This method does not require DNS modifications, however, works only for domain joined machines.

• Pin-Point Internal Zones, using this method we create a dedicated zone for each record required in the DNS without creating a complete zone. Basically, the client would be able to resolve only the entries that we added, anything other than those zones will not be resolved by the DNS server.

The most elegant solution, in my humble opinion, is using the split-brain because it is easy to troubleshoot, you can use for different applications, such as Microsoft Exchange using Public Certificates, Office Online Server and etc.

The manual configuration consists of creating a zone for your SIP/SMTP domain in your internal DNS and add these following A records pointing out to the IP of the Skype for Business Server (our domain in this article will be techsupportpk.com):

• Admin.techsupportpk.com

• Dialin.techsupportpk.com

• Meet.techsupportpk.com

• Lyncdiscoverinternal.techsupportpk.com

• Scheduler.techsupportpk.com

The creation of the A records is straight forward, the tricky one is the SRV record, and in the picture below we can see the details required to be configured.

The Skype for Business Client will search these following entries when locating the service based on the SIP domain of the user entered:

1. Lyndiscoverinternal.techsupportpk.com (A Host), used by internal clients

2. Lyncdiscover.techsupportpk.com (A Host), used by external clients

3. _sipinternaltls._tcp.techsupportpk.com (SRV Record), used by internal clients

4. _sip._tls.techsupportpk.com (SRV record), used by external clients

5. Sipinternal.techsupportpk.com (A Host), used by internal clients

6. Sip.techsupportpk.com (A Host), used by internal clients

7. Sipexternal.techsupportpk.com (A Host), used by external clients

If you want to save time in this process, you can use the S4B-EasyDNS.ps1 script that was created to automate this process, basically you just need to run the script and pass the domain and the IP of the Skype for Business Server, and the DNS zone (if it does not exist) and all A and SRV records will be created automatically.

Note: This script must be executed on the DNS server.

# This script will create all entries required for Skype for Business Server 2015

$tmpDomain = $args[0]
$tmpIP = $args[1]
$tmpZone = get-dnsserverzone $tmpDomain -ErrorAction:Silent

If (($tmpzone).ZoneName -eq $null) {
    write-host 'Creating the Forward Zone' $tmpDomain
    Add-DnsServerPrimaryZone $tmpDomain -ReplicationScope Forest -DynamicUpdate None

#Adding the DNS entries..
Add-DnsServerResourceRecord -ZoneName $tmpDomain -IPv4Address $tmpIP -A admin
Add-DnsServerResourceRecord -ZoneName $tmpDomain -IPv4Address $tmpIP -A dialin
Add-DnsServerResourceRecord -ZoneName $tmpDomain -IPv4Address $tmpIP -A meet
Add-DnsServerResourceRecord -ZoneName $tmpDomain -IPv4Address $tmpIP -A scheduler
Add-DnsServerResourceRecord -ZoneName $tmpDomain -IPv4Address $tmpIP -A lyncdiscoverinternal
Add-DnsServerResourceRecord -ZoneName $tmpDomain -IPv4Address $tmpIP -A sip
Add-DnsServerResourceRecord -ZoneName $tmpDomain -Srv -Name _sipinternaltls._tcp -DomainName ("sip." + $tmpDomain) -Port 5061 -Priority 0 -Weight 0 

Preparing the Topology

Using Topology Builder to create the initial topology and deploy it to the recently created CMS (Central Management Store). We will focus on building the infrastructure that we planned using Topology Builder tool and saving (in Skype for Business world the verb is “to publish”) into the CMS database.

Building the Topology

In order to build the topology, we need to open the Topology Builder which was installed on the previous article of this series. When the Topology Builder opens, a welcome window will be displayed, we can download the topology from an existent environment (which is the common option when we already have Skype for Business Server installed on the environment), open from an existent file, or New Topology which we are going to select and click on OK.

A new topology will trigger a series of assisted wizards to define the initial structure of the Skype for Business Server 2015 environment. The first thing is to define a local file where all the definition that we are creating are going to be saved. The location and name of the file is not important, so use any name that is easy to remember.

In the Define the primary domain page. We will define the primary SIP domain, in our article series it will be techsupportpk.org, in the next page we can define additional SIP domains. Click Next.

In the Specify additional supported domains page. Type in any additional domain (we can always add domains later), and click Next.

In the Define the first site page. Skype for Business Server uses a different site structure than Active Directory, and we need to create the topology by defining sites before even having the servers. The name of the site does not need to match the Active Directory information. After defining the name and description, click on Next.

In the Specify site details page. Fill out the detailed information, such as City, State and Country, and click Next.

In the New topology was successfully defined page. The first site was created, and that completes the first wizard, however before publishing the topology we need to create the first server (Front End role) in that new first site. We will leave the option Open the New Front End Wizard when this wizard closes and click on Finish to start automatically the new wizard.

In the Define the New Front End pool page. The initial page of the wizard describes some common questions that help the administrator to define the upcoming features that will be defined as part of this wizard. Click Next.

In the Define the Front End pool FQDN page. Type in the FQDN of the server that will host the Skype for Business Server 2016 and select Standard Edition Server.

Note: If you want to be sure of the FQDN, open the command prompt and run net config rdr and copy the content of Full computer name line.

In the Select Features page. For now, we will select only Conferencing (includes audio, video and application sharing) and click Next.

In the Select collocated server roles page. Leave default values and click Next. At this point we will not collocate the mediation server (telephony integration role), but we can always add/configure later on.

In the Associate server roles with this Front End pool page. We can associate an Edge pool to be used by the media component of this current Front End server, in this current scenario we will leave default settings which is not selected, and then click Next.

In the Define the SQL Server store page. Because we are using the Standard Version, all information is already in place and no additional configuration is required. Just click Next.

In the Define the file store page. We will use the shared folder that we created in the previous article, type in the FQDN of the server and the folder that we had defined was SB4Share, click on Next.

In the Specify the Web Services URL page. We can define the external URL to access that specific Front End from the Internet. We will use the name CATORWeb.techsupportpk.org and then click Next.

In the Select an Office Web Apps Server page. In the current scenario, we do not have an Office Web Apps Server implemented in the environment, let’s uncheck associate pool with an Office Web Apps Server and click Finish.

The result of all options that we have defined in the previous set of wizards can be seen on the main console of the Topology Builder. So far all configuration is stored in the file that we defined at the beginning of this article, our next step is save all that information on the CMS database, and this process is called publishing.

In order to publish, right-click on the first item on the left side, and then click on Publish Topology… and that will start a new wizard to publish the topology. This wizard is smart enough to perform some validations, inform and provide detailed log information in case of errors, so always spend some time analysing the output of this process.

In the Publish the topology page. The initial page has all the requirements that must be satisfied before executing this procedure, if you follow all the steps here at techsupportpk.com, we are golden, just click Next.

In the Select Central Management Server page. Select (if not already) the server that we have installed the CMS in the previous article, and click Next.

The final page shows a status on each step performed by this wizard, and on each one we can click on the item and then click on View Logs and a detailed log will be displayed.

One important feature is the link Click here to open-to-do-list which will bring a simple file with the next steps that need to be performed. We already created the DNS entries using the script from the previous article.

At this point of the deployment we have all information required to deploy the actual servers that were defined and published in our CMS. Keep in mind that the process is always the same, the administrator will add/change the CMS using Topology Builder to add/remove a server, and after making the changes and publishing, and only after the administrator will work on the actual server.

The dynamics are a little bit different than other products where you just go to the add/remove programs to remove a server, or just run setup to install a new server/add a role. Using Skype for Business the administrator must always work on the Topology Builder first when adding/removing server roles and features to the environment.

Server Deployment
Deploying Skype for Business server bits, configuring the certificate requirements and starting the service for the first time.

In this stage, we need an internal CA (Certification Authority) in place, Skype for Business will use the internal CA certificate to create the certs required internally, and that CA (if it is an Enterprise CA) will have all certificates issued accepted automatically by the clients.

The final step will use the same Deployment Wizard, at this point we will have Complete checks on Prepare Active Directory and Install Administrative Tools on the first page. In order to start the deployment, click on Install or Update Skype for Business Server System.

In the Install or update member system page. We need to perform all steps listed on this new page.

In the Step 1: Install Local Configuration Store, click on Run.  This step will configure a local replica of the Central Management Store (CMS), and the information to be synchronized can be retrieved directly from the already existent CMS database or using a file (only used when there is no connection from the server being installed and the CMS which is the case of an Edge Server role that typically stays on a secure DMZ).

In this case the CMS and the Front End are the same server, so we will use the default option which is Retrieve directly from the Central Management store (requires read access to the Central Management Store) and click Next, check the results on the following page and if everything was successful click on Finish.

Back to the Deployment Wizard / Install or update member system, click on Run located on the Step 2: Setup or Remove Skype for Business Server Components. The first page of the wizard will inform that this process will configure the server as it was defined in the Topology. We already configured the topology and when we click on Next the server will install the Skype for Business bits.

In case of a missing component, the administrator will be informed, in the example depicted in the image below we can see that a hotfix is missing and a link is provided, if that is the case download the recommended link (a restart may be required) and run the same process, until we get the status of Task Status: Completed, then we will be ready to continue the deployment, click on Finish.

Note: If a Foundation error is presented, make sure to install the Windows Identity Foundation 3.5 feature is installed on the server using Server Manager or Add-WindowsFeature cmdlet.

The next step is Step 3: Request, Install or Assign Certificates page. Click on Run.  The new window will be the Certificate Wizard where the administrator can manage certificates for the local server. Click on Request.

The new Certificate Request page. This is huge improvement when compared with previous versions, now we have a single page that summarizes all the certificate requirements, such as: Certification Authority, Friendly Name, Organization information, SAN (Subject Alternative Names) and so forth.

The Certificate Wizard is smart enough to list all the names already defined in the topology, which means that planning well pays off on this wizard.  After filling out the requested information, click on Next.

In the Certificate Request Summary page. A summary of all decisions made so far will be listed, click on Next.

In the Executing Commands page. All output of the operation will be listed, click on Next.

In the Online Certificate Request Status page. The information that the certificate was added to the local store of the server will be informed as well the certificate thumbprint. Leave default settings which includes the option Assign this certificate to Skype for Business Server certificate usages, and click on Finish, and that will trigger another wizard to start automatically to complete the assignment process.

In the Certificate Assignment page. The wizard that we have just requested and stored on the local computer will be the one that will be assigned to the Skype for Business services, just click on Next.

In the Certificate Assignment Summary page. A summary containing the thumbprint and details of the cert will be displayed, click on Next.

In the Executing Commands page. The output will be all tasks that were performed to assign the certificate, if everything went okay (the Task Status should show Completed), then click Finish.

The result of the certificate request and assign wizard, should be a couple of green checks on the Server default, Web services internal and web services external on the main page of the Certificate Wizard, as depicted in the image below. Click on Close.

Note: If you have just installed the Certification Authority on your environment, make sure to force the group policies on the Skype for Business Server by running gpupdate /force and give some time for the Active Directory replication to take place before working on the certificates.

Back to the Deployment Wizard, we can track down our success by glancing at the Complete tasks for each step that we have just performed.

The next step is to start the Skype for Business Services, we can do that using PowerShell. Open Skype for Business Server Management Shell as administrator, and first run the following cmdlet to check the status of the services, you will notice that most of the services are with Stopped status.


In order to start all services, we can run the following cmdlet listed below and after that we can run the same command to check the services and at this time we will see that all of them will be running. One of the benefits of checking the Skype for Business Services using the cmdlet is that besides of checking only the essential services required, we can have some measurements of the utilization, such as how may active conferences, calls, connected users and messages.


We can always check the services by looking at services.msc. All Skype for Business services start with the Skype for Business Server prefix.

One last step is to configure Microsoft Updates, and we can do that using the Enable Microsoft Update section. The administrator has the choice to configure Windows Update to include Skype for Business Server.

The final step to make sure that everything is working is to open the Skype for Business 2015 Control Panel, and authenticate with an user that is member of the CSAdministrator group.

At this point, we have the first Skype for Business Server up and running in our environment and the next is to create users and manage the client side which are the topics of our next step.


  1. pls post failover/high availability set up for Skype business 2015

  2. Ahtisham Ullah ShahFebruary 06, 2017

    thx Anwar Bhai....your articles are very pratical and helful....

    1. I always try to make (how to guides) as easy as possible.

  3. Jaap BrasserFebruary 07, 2017

    Very useful...thanks

  4. Timothy WarnerFebruary 11, 2017

    Comprehensive and very detailed.

  5. Kuba WojtaszFebruary 11, 2017

    How would you differentiate between Lync and Skype for business?

  6. Nicely written

  7. David das NevesFebruary 11, 2017



TECH SUPPORT © 2012-2017