Let’s Encrypt and Skype for Business

Let's Encrypt Skype for Business

For my home lab I’m using the free certificates from Let’s Encrypt (Let’s Encrypt is a free, automated, and open Certificate Authority).

The certificates from them have 1 big limitation, they are only valid for 3 months but you can renew them “almost” automatically.

As explained In my blog last week about “Skype for Business environment running with just one public IP” I’m running my Reverse Proxy with IIS ARR (Application Request Routing). I’ll try to explain how to request and assign the free certificates for your homelab.

Continue Reading

Skype for Business environment running with just one Public IP

Skype for Business

For quite some time I’m running a home lab, first on a big server (HP Proliant DL360) and since beginning of this year I have a Intel Nuc, saves a lot of energy costs 😂

  • Domain Controller and CA on Windows 2016 Core Edition
  • Skype for Business Front-End Server on Windows Server 2012r2 standard
  • SQL 2014 std for monitoring and persistent chat on Windows Server 2016
  • Exchange 2016 on Windows Server 2016
  • Skype for Business Edge on Windows Server 2016
  • IIS ARR (Reverse Proxy) on Windows 2016
  • PBX on Windows Server 2016

This lab was great for testing purposes but the problem was always, no connection to the outside world with Skype because of the requirement for at least 2 external IP’s with the use of Skype for Business.

*** To be clear, DON’T use this for production environments, this is not supported by Microsoft ***

So I started searching on the internet, could not find much about setting up a Edge Server with just one nic or 2 nic’s in the same subnet.
Only on the site from Mark Vale I saw a blog article that he did the same setup with 2 nic’s and 1 public IP. The missing part for me was the Edge server configuration. How do I need to configure my networking. Check below to find out!

Continue Reading

How to install and deploy Polycom VVX 5.6.0 firmware in to Skype for Business

Polycom has released version 5.6.0 for their range of VVX handsets, which includes the following enhancements for Skype for Business:

  • Support for Dial Plan Normalization,
  • Multiple Emergency Number Dial Plan
  • Skype for Business User interface enhancements
  • Skype for Business Conference Enhancements
  • Device Lock Enhancements
  • Profile Picture on Device Lock Screen
  • Secure Single Sign-On With Third-Party Supporting Solutions
  • Safe Transfer for Boss-Admin Enhancements
  • Busy Options for Incoming Calls.

The release applies to the following phones and accessories:

  • VVX 201
  • VVX 300/301/310/311
  • VVX 400/401/410/411
  • VVX 500/501
  • VVX 600/601

For the full list of updates, read the release notes.

How to install new firmware in Skype for Business

Continue Reading

How to enable a Domain Admin for Skype for Business

Perhaps you have seen the error message below when trying to enable a Domain Admin (not recommended) in the Skype for Business control panel.

Active Directory operation failed on “DC01.skypedev.nl”. You cannot retry this operation:
“Insufficient access rights to perform the operation
00002098: SecErr: DSID-03150F93, problem 4003 (INSUFF_ACCESS_RIGHTS), data 0
“.You do not have the appropriate permissions to perform this operation in Active Directory. One
possible cause is that the Lync Server Control Panel and Remote Windows PowerShell cannot modify
users who belong to protected scurity groups (for example, the Domain Admins group). To manage
users in the Domain Admins group, use the Lync Server Management Shell and log on using a Domain
Admins account. There are other possible causes. For details, see skype for Business Server 2015 Help.

You cannot use the Control Panel to users who belong to protected security groups. So your options are to either use Powershell as suggested in the error message or you could try this magical thing:

  1. Open active directory users and computers
  2. Enable the advanced features in the view menu
  3. Search for the account which is in a protected security group
  4. Go to Properties / Security / Advanced
  5. Check the following box: Include inheritable permissions
  6. Retry what you were doing in the Lync Control Panel
Now this might not be the best “securest” way of solving this issue, but for my lab environment I do not care too much about that, but i should think twice before doing this in a productional environment. Probably you should not Skype enable your domain admin accounts at all if you want to be and stay secure.
#EOF

Microsoft Lync Connectivity Analyzer

Yesterday June 13  2017 Microsoft announced the retirement of the Lync Connectivity Analyzer, and will be no longer available for public download.
I’ve uploaded the latest version on my host. You can Download LyncConnectivityAnalyzer it right here.

What can you do with this tool?

This tool can help you to test both your internal and external network for the Lync Apps which are available via both the Windows Store and several other stores for mobile devices such as the MarketPlace.

There are a few parameters you will need to configure before you can start the test:

  • SIP URI;
  • password;
  • Username;
  • If Lync Discover will need to be used;
  • If the test is performed from internal or external;
  • For what kind of app you want to test.

Once these parameters have been specified you can push the start button.

After several seconds the result will be available and you know if your Lync infrastructure can offer service to the Apps.