Skype For Business Installation (Part 2): Lets Start and Have DNS Fun

In the Part 1 blog post, we discussed planning and building a design for the new Skype For Business environment.  Now, let’s discuss installing the Skype For Business (SfB) Server.  Today, we’ll dive into the first steps of setting up Skype For Business and the infamous topic of DNS.

Microsoft has laid out the process to upgrade to Skype For Business (see here).  Here is a flow diagram from that site:

clip_image002

I followed this process but also highlight some key points.

TechNet Steps Dean Comments
Step 1: Install Prerequisites (here) I am building my environment on Windows 2012 R2 Server. So, I setup 3 Windows 2012 Servers and joined them to the domain. I ran Windows Updates and installed the Prerequisites on all 3 machines.Would recommend using the PowerShell “Add-WindowsFeature” cmdlet to add all of the Prerequisites.
Step 2: Create File Share (here) There is a recommendation that for a high availability environment, a Distributed File System (DFS) file share is recommended.
Step 3: Install Administrative Tools (here) Install the Administrative Tools from the Skype For Business (SfB) Deployment Wizard.A key point on this step is to “Connect to computer in the topology that does not have Lync OCSCore or any other Lync components installed.” This means that you can’t do this step on the existing Lync 2013 servers.  I setup 3 new servers that would be my new SfB Front End pool and performed this step on them.clip_image004
Step 4: Prepare Active Directory (here) Followed the steps documented on Technet and had no issues.
Step 5: Create DNS Records (here) DNS. Getting the right DNS records created is probably one of the biggest sources of problems that I see.  This is right alongside with determining the number of public IP addresses needed and the names required on the certificates.(DNS, IP addresses, Certificates).I recommend reviewing the documentation notes below:· DNS Requirements (https://technet.microsoft.com/en-us/library/gg398386.aspx)

· DNS Requirements (https://technet.microsoft.com/en-us/library/gg398758(v=ocs.15).aspx)

· Simple URLs (https://technet.microsoft.com/en-us/library/gg425874(v=ocs.15).aspx)

· Lync Planning Tool (http://www.microsoft.com/en-us/download/details.aspx?id=36823)

Jeff Schertz also has a great blog on the client autodiscover process

· http://blog.schertz.name/2012/12/lync-2013-client-autodiscover/

Some considerations to think about when planning your DNS needs are:

Your DNS Architecture

Do you have:

  • Split brain DNS: For example, your internal DNS zone is domain.com and external DNS zone is domain.com.
  • Delegated sub-domain DNS: For example, external DNS zone is domain.com and internal DNS zone is subdomain.domain.com.
  • Separate domain DNS: For example, external DNS zone is domain.com and internal DNS zone is domain.net.

Your SfB Pool Architecture

  • Do you have an Standard Edition or Enterprise edition pools?
  • How many SIP domains do you have?
  • What is your Simple URL’s architecture?
  • How many SfB Edge Servers do you have?
  • How are you publishing your SfB Edge Servers external IP addresses (NAT’d?, public IP?)
  • What kind of load balancing are you going to use (DNS + Hardware load balancing, Hardware Load balancing). Remember even with DNS load balancing, you need to use a hardware load balancer for load balancing the web traffic (443).

The above articles walk you through the various decisions.

In my scenario,

I have:

  • Split brain DNS: Internal and external DNS domain zone is: mtcirvine.com
  • My Active Directory domain and DNS zone (mtc-irv.com) is different from my public DNS domain (mtcirvine.com)
  • I am building out an Enterprise Edition pool with 3 Front-End Servers
  • I have a single SfB Edge server.
  • I have a single SIP domain (mtcirvine.com)
  • I am using DNS load balancing.
  • I decided to using a single simple URL with subdomains
    • Join.mtcirvine.com
    • Join.mtcirvine.com/meet (for meeting URL)
    • Join.mtcirvine.com/dialin (for phone access URL)
    • Join.mtcirvine.com/admin (for Admin access)

Some based upon these decisions, I needed to create records on my internal DNS server and also external our DNS provider in our mtcirvine.com zone.

On my internal DNS zone for my Active Directory domain (mtc-irv.com)

A record was created for each SfB server when I joined them to the domain

On my internal DNS server for my public DNS domain (mtcirvine.com)

I created the following records

  • DNS A records
    • For the pool (e.g. irvpool2.mtcirvine.com). Created 3 DNS A records pointing to the IP address of each of the SfB front-end servers
    • For each SfB Front End (e.g. SFB2015FE1.mtcirvine.com, SFB2015FE2.mtcirvine.com, SFB2015FE3.mtcirvine.com) pointing to IP address of each SfB front-end servers
    • Created an A record for the internal leg of the SfB edge server (sfb2015Edge1.mtcirvine.com)
    • Edge servers DNS A records pointing to public IP addresses of the external NICs of my SfB edge server:
      • Access1.mtcirvine.com (for access edge)
      • Webcon1.mtcirvine.com (for web conferencing)
      • AV1.mtcirvine.com (for audio/video conferencing)
      • I used public IP addresses on the external leg of my SfB Edge server.
    • Join.mtcirvine.com (for simple URLs) pointing to public IP address of reverse proxy’s external leg
    • Rp.mtcirivne.com (for reverse proxy) pointing to public IP address of reverse proxy’s external leg
    • Lyncdiscover.mtcirvine.com ; pointing to my reverse proxy public IP address
    • Sip.mtcirvine.com ; pointing to my access edge public IP address
    • Lyncdiscoverinternal.mtcirvine.com ; pointing to internal IP address of SfB pool
  • SRV record:
    • _sip._tls.mtcirvine.com 100 1 443 access1.mtcirvine.com
    • _sipinternaltls._tcp.mtcirvine.com 0 0 5061 ; pointing to SfB pool
    • _sipederationaltls._tcp.mtcirvine.com 100 1 5061 ; pointing to SfB pool

On my external DNS server for my public DNS domain (mtcirvine.com)

I created the following records

  • DNS A records
    • Edge servers DNS A records pointing to public IP addresses of the external NICs of my SfB edge server:
      • Access1.mtcirvine.com (for access edge)
      • Webcon1.mtcirvine.com (for web conferencing)
      • AV1.mtcirvine.com (for audio/video conferencing)
    • Join.mtcirvine.com (for simple URLs) pointing to public IP address of reverse proxy
    • Rp.mtcirivne.com (for reverse proxy) pointing to public IP address of reverse proxy
    • Lyncdiscover.mtcirvine.com ; pointing to my reverse proxy public IP address
    • Sip.mtcirvine.com ; pointing to my access edge public IP address
    • Sipexternal.mtcirvine.com ; pointing to access edge public IP address
  • SRV record:
    • _sip._tls.mtcirvine.com 100 1 443 access1.mtcirvine.com
    • _sipinternaltls._tcp.mtcirvine.com 0 0 5061 ; pointing to access1.mtcirvine.com
    • _sipederationaltls._tcp.mtcirvine.com 100 1 5061 ; pointing to access1.mtcirvine.com

If you have multiple SfB Edge Servers, then you will need more DNS records and IP addresses

Posted in Lync, Office 365, Uncategorized | Leave a comment

Real Estate: Getting Started

I have been talking to a couple folks about real estate investing and they had some questions on getting started.  So, I decided to write a blog post on it.  I believe that to begin real estate investing, it’s important to get educated first.  One of the podcasts that I follow Real Estate Radio Guys has a saying:  “Education for effective action”

I have noticed a couple ways that people get started in real estate investing:

  • Option #1:  Get started.  Invest money.  Make mistakes.  Most likely lose money.  Get discouraged, quit, and say real estate investing doesn’t work.  [Not Recommended]
  • Option #2:  Watch a late night infomercial.  Spend thousands of dollars on a real estate course and then have no money left to invest.  [Not Recommended.]
  • Option #2:  Do some studying with some free to low-cost resources.  Find some mentors.  Develop your real estate plan, goals, and strategy.  Get started.  Make money [Recommended Smile]

I highly believe that its better to learn from others that have gone before you as much as possible.  Real estate investing is not new and there are hundreds of folks doing it so most likely the scenario that you are looking at or question you have has been encountered by others.  Also today, there are many free to low-cost resources that can help you get educated.

So how do I get educated you ask?  I have some free to low-cost recommendations:

  • Learn while you drive to work.  Listen to podcasts while driving or sitting in traffic.
  • Read books.  Turn off the TV, and invest 15+ min/night reading in your future.
  • Associate with other real estate investors.

Here is a list of resources that I recommend and use:

Well.  That’s a bunch.  Don’t feel that you have to do all this at once.  Don’t get overwhelmed.  Start small.  Start by downloading ITunes and subscribing to the podcasts above.  Start by listening to the podcasts while driving or working out.

Get the book, “Rich Dad Poor Dad”.   Start reading it.

I’ll update more on this later.  Have fun learning Smile

Posted in Real Estate | Tagged | Leave a comment

Skype For Business Installation (Part 1): Planning

In this series, I am going to document installing Skype For Business into my environment.  Before jumping into the install, the first step is planning and assessing your current environment and your requirements.  Then, develop the Skype For Business Architecture that fits your requirements and current environment.

There is extensive documentation on the Skype For Business planning process on TechNet (here)

In my case, I have a Lync 2013 environment with 3 Front Ends, 2 SQL 2012 Back-End Database servers and a Lync 2013 edge.

clip_image001

I want to go to a Skype For Business (SfB) pool with 3 Front Ends, SQL Back-end, SfB Edge, and hybrid configuration with Office 365.

THE FIRST THING that I noticed was that in this configuration that I can’t do an in-place upgrade (without having downtime Smile).  Yesterday, I wrote about SfB ability to support in-place upgrades.  However . . .

If you have only ONE Lync Pool then you can’t do an in-place upgrade (without downtime).

The reasons is that to perform an in-place upgrade, you need to have at least 2 Lync pools.  You move users from one Lync pool to the second Lync pool.  Then upgrade the first Lync pool to Skype For Business (SfB).  In the upgrade process, the first pool is shut down while the upgrade is happening and until all the Lync Front-End servers in the pool are upgraded.

In my scenario, although I have 3 Lync 2013 Front End servers, they are all in one Lync pool.  My option in this scenario is to setup a new SfB pool and then move users from the Lync 2013 pool to the new SfB pool.

LESSON LEARNED:  You should only consider an in-place from Lync to Skype For Business (SfB) if you have more than one Lync pool.

Posted in Lync | Tagged | Leave a comment

Skype For Business: Supports In-Place Upgrades

One of the cool things about Skype For Business is that it supports in-place upgrades.  What this means in that if you have more than one Lync 2013 pool, then you can upgrade one pool to Skype For Business and re-use the existing hardware.  Then upgrade the other Lync 2013 pool to Skype For Business.  This reduces the need to purchase additional hardware to get Skype For Business.  My colleague, Scott Stubberfield, gave an excellent presentation on this process which can be found here.

image

Posted in Lync, Office 365 | Tagged , | Leave a comment

Microsoft Ignite Conference Sessions Available On-Demand

Microsoft’s biggest technical conference, Microsoft Ignite, finished this month.  There were over 23,000 attendees and sessions the range of Microsoft technologies.  In case you missed it.  The sessions are now available for on-demand download here.  There is a search tool which you can use to filter and find topics on your area of interest.

image

Posted in Technology | Tagged | Leave a comment

Skype For Business: Releases!

Skype For Business, Microsoft’s communication software, released earlier this month.  Skype for Business is the enterprise version of the popular program, Skype, and is built specifically for companies with enterprise security, reliability, and scalability.  It provides instant messaging, audio conference calling, video conferencing, web conferencing, and telephony (can serve as your company’s phone system).  My colleagues, Christian Burke and Mark King, presented a webinar on it and the recording can be found on Youtube (here).

In the recording, we demonstrate the capabilities of Skype For Business and how to get it.

image

Posted in Lync, Office 365 | Tagged , | Leave a comment

Exchange Online Mail Migration Process

In this post, I document the process of migrating mailboxes from Exchange 2013 on-premise to Exchange Online when in the Hybrid Configuration.  This assumes that you have already performed the following steps:

  • Office 365 tenant created
  • Azure AD Sync setup
  • Exchange Hybrid Configuration Setup

There are other migration methods (cutover, staged).  However, in this post, I focus upon the Hybrid scenario with remote move using the MRS.

Review Technet Documentation on Migration

Email Migration Process

  • In O365 Admin Center, check that the user’s doesn’t have a mailbox on o365

clip_image002

  • Check the mailbox and contacts in O365

clip_image004

  • Go to the Migration tab and create a new Migration Batch (hit +) and “Migrate To Exchange Online”

clip_image006

  • Add the users to migrate who are mail-enabled in O365 and have mailboxes on-premises.

clip_image008

  • Specify the Migration Endpoint.  This needs to be setup before running the Migration Batch.

clip_image010

  • Specify the batchname.

clip_image012

  • Specify whether to automatically complete the migration.  I am going to manually specify it so that I can control when the cutover happens.

clip_image014

  • Migration synchronization process begins.

clip_image016

  • Once the synchronization process is complete and when you’re ready to move the user to Office 365, start the “Completing the Migration Batch” process.

clip_image018

  • When its completed, the user’s mailbox is now on Exchange Online in Office 365.

clip_image020

  • If you check the Exchange server on-premises, you’ll notice that the mailbox type for the user is now “Office 365”.

clip_image022

  • In Office 365, if you go to Recipients > Mailboxes, you’ll see the users with mailboxes.

clip_image024

  • In Office 365, if you go to the Recipients > Contacts, you’ll notice that the users that you migrated will no longer have MailUser objects listed there.

clip_image026

  • To allow the user to access their mailbox in Office 365, you’ll need to add the Exchange Online license to the user.
  • If you check in remote powershell to Office 365, you’ll notice by running get-user and get-mailbox that the user’s mailbox is now on Office 365 as we saw in the web UI.

clip_image027

clip_image029

Posted in Exchange, Office 365 | Tagged , | Leave a comment

Exchange Online: Mail Migration Lessons Learned (Part 3)

For the last two blog posts, I have documented my troubleshooting of a mail migration issue from Exchange 2013 On-Premise to Exchange Online.  In this post, I wanted to summarize the lessons learned.

  • Before migrating a user’s mailbox from Exchange On-Premise and Exchange Online, the directory synchronization should create a Mail user object in Office 365 for each user on-premise that has an Exchange mailbox.
  • If the user has a mailbox object in Office 365 before the migration, then the migration tool will error out.
  • To remove the mailbox object, remove the Exchange Online license from the user
  • To check the state of user object, run get-user remote powershell command against Office 365.  Run get-mailbox against Office 365 to check which users have mailboxes.
  • In the Exchange Admin Center in Office 365, you can also check who has a mailbox and who is a mail user by going to the Recipients > Mailboxes or Recipients > Contacts (shows mail enabled users).

clip_image001  (Shows Users with Mailboxes on 365)

clip_image001[5](Shows Users that are mail users)

  • Confirm that all the proxyaddresses on the mail users are in the Accepted Domain both in Office 365 and on-premises Exchange.

clip_image001[7]

  • To get an domain into the Accepted Domains in Office 365, it first needs to be registered in Office 365 and confirmed by adding a DNS record to the zone as specified in the documentation.
  • In my case, the Active Directory DNS domain name was added to the mail enabled user’s proxy addresses by the on-premise Exchange “Default e-mail address policy”.  So, I had to modify the default address policy to specify the SMTP domain instead of the AD DNS domain.
    • Although I ran the update-emailaddresspolicy against my on-premises system, it didn’t clean up the proxyaddresses field right away in my users, so I had to manually remove the AD DNS Domain from the proxy addresses.  Then I re-ran the directory sync’d and the proxy addresses for the mail users in O365 were updated.
  • Run the Office 365 mail migration.  Create a batch of users to migrate.  The first step of the migration is a synchronization of the mail from on-premises to O365.  Once synchronization is complete, run the second step which is to complete the migration.
  • When you can complete the migration, the tool changes the on-premise account to be  Office 365 and the Office 365 account will be ready to become a mailbox.
  • To enable the user’s mailbox in O365, assign the Exchange Online license to the user.  Now, the user will be able to access the e-mail in their account which has been migrated.
  • Note, you can also initiate a mail migration from the Exchange on-premise server by going to the Exchange Admin Center > Recipients > Mailbox.  Select the user and on the right panel at the bottom, initiate a move mailbox to Exchange Online.

clip_image001[9]

Posted in Exchange, Office 365 | Tagged , | Leave a comment

Exchange Online: Fixing an Perplexing Exchange Migration Issue (Part 2)

I spent the last couple days troubleshooting an Exchange On-Premises to Exchange Online mail migration issue.  See my prior post for part 1 of the troubleshooting.  After fixing the first part, we attempted to re-run the Exchange migration and ran into another error:

“You can’t use the domain because it’s not an accepted domain for your organization.”

The tricky part was that Office 365 doesn’t mention the domain is that is missing.  I checked the Accepted Domains in both the Exchange On-Premise and in Exchange Online and all the domains that I expected were there.

clip_image001[1] (Office 365)

clip_image001[3] (Exchange On-Premises)

I checked the on-premises user’s proxyaddresses field in Active Directory and everything looked ok.  Then I checked ….   the Contacts folder in Office 365.  Aha!

In the mailuser object on Office 365, the e-mail addresses tab had a secondary proxy address of:  <user>@mtc-irv.com

This is the Active Directory DNS domain name.  It turns out the default e-mail address policy (the one that’s created by default when Exchange is installed) uses the Active Directory DNS domain name as the default e-mail address policy.  There was another e-mail address policy of higher priority with the actual SMTP domain name.  However, the default policy must be influencing the e-mail addresses being stamped on the mailuser in Office 365 through the directory synchronization process.

Resolution:

We updated the default e-mail address policy to use the SMTP domain name (e.g. @mtcirvine.com).  Did an address update (update-emailaddresspolicy).  Then forced a directory synchronization in Azure AD Sync.  Then, checked the mail user objects in the Contact folder on Office 365.  The offending domain (e.g. @mtc-irv.com) was removed from the mail user objects.  Then we ran the Exchange Migration tool and ….    It worked.  The user’s were synchronized to Office 365.  Then, we completed the migration with no problem.  Then, we assigned the user’s an Exchange Online license.  This enabled the mailbox in Office 365.  We checked with the user and their mail was in their mailbox on Office 365 Smile

Posted in Exchange, Office 365 | Tagged , | Leave a comment

Exchange Online: Fixing an Perplexing Exchange Migration Issue (Part 1)

Hi, its been a while since I posted a blog entry.  Its been very busy.  But, I have been tackling a problem for the last couple days and finally solved it today so I thought that I would document it so that everyone else could benefit.  Also, if I should forget the fix (most likely), I’ll scan back here for the solution clip_image002

Situation:  I have a scenario where the customer had created an Office 365 tenant and some cloud ids with Exchange mailboxes.  They were playing around in that environment to learn about Office 365 and Exchange Online.  After their evaluation, they decided to move to Exchange Online.  So, they setup directory synchronization and Exchange hybrid configuration.  Now, when they attempted to move mailboxes to the cloud, they got the following error:

“Error: InvalidRecipientTypeException: Unsupported recipient type ‎’Mailbox‎’ provided. Only ‎’Mailuser‎’ is supported for this migration type. ”

Troubleshooting:  The problem is that since the customer had created mailboxes in Office 365 to play around with, the migration tool raised an error when they attempted to migrate the user’s on-premises mailbox to the cloud.

The Exchange migration tool expects Mailuser type in the cloud, not UserMailbox [User with a mailbox.]  You can run get-user in Powershell against Exchange Online to check the user type.  See here to establish remote powershell.

get-user-pic

Resolution:  Since the user’s were synchronized with Directory Sync into Office 365, I couldn’t edit the users directly in Office 365.  So to remove the Exchange mailbox in O365, we removed the Exchange Online license from the user in O365.  To do this, go to O365 Portal > Users > Active Users.  Check a user to edit and select Edit on the right frame next to Assigned License.  Uncheck the “Exchange Online” license.

clip_image004 clip_image006

By doing this step, Exchange Online removes the Exchange mailbox from the user’ in Office 365.

However, the user in Office 365 still had some bad data in their user objects in Azure AD on Office 365.  Since, I couldn’t’ direct delete the user objects in Office 365 since they were synchronized from on-premises, I had to take a different approach to cleaning up Azure AD.  I moved all the users into an OU on the on-premises’s Active Directory.  Then, I filtered that OU from being synchronized by Azure AD Sync.  Then, I initiated a Full Import, Full Sync, and Export.  This cleaned up the Azure AD of the user’s objects.  Then, I added the OU back into the Azure AD Sync.  This recreated the users in Azure AD.  Also, check that there are objects created in the Office 365 > Exchange Admin Center > Recipients > Contacts.

clip_image008

The user type should be “Mail User”.  Yay!.  This is what is needed to migrate a user from on-premises Exchange to Exchange Online.  There was another issue that popped up next but that is for a future blog entry.

Thanks,

Dean

Posted in Exchange, Office 365 | Tagged , , | Leave a comment