End of Life Products and Features - Configuring SFB Front End Server on Express for Lync 3.0
Overview
This document will walk you through the steps of setting up your Skype for Business Server 2015 (SFB) on your Express for Lync appliance. All the Microsoft SFB related software has been pre-installed on your Express for Lync appliance. In order to complete this process, you would need to complete the following steps in order:
Add the Front End Server Virtual Machine to the Active Directory Domain.
Setup the SFB Deployment through the SFB topology builder and deployment wizard
Run a complete windows update to make sure all features and hotfixes get applied to all SFB components.
Please not that the creation of the initial SFB topology can take between 1-2 hours. If you plan on installing all the latest cummulative updates, it is recommended that you install them with the SFB service disabled. The latest cummulative updates can be found at https://www.microsoft.com/en-us/download/details.aspx?id=47690
Turn on the Front End Server Virtual Machine
Open Hyper-V on the host. Right click on the Front End Server as shown below to start it.
Add the Front End Server to Active Directory
To add the Express for Lync appliance to your Active Directory Domain Infrastructure, please follow the steps below:
Right click Start and select System.
In the bottom right click Change Settings.
On the System Properties page click Change.
Fill in your computer name as well as the domain being joined. Once done click OK.
You are now on the domain. Reboot the compouter to complete the process.
Ensure once you reboot that you now start logging into the server using your domain account.
Preparing Active Directory Infrastructure for SFB 2015 Deployment
In order to begin the configuration of Skype for Business 2015, you must first prepare Active Directory. The preparation wizard installs critical users and groups within the Active Directory schema, which will be added to the domain administrator account.
Active Directory Preparation
To prepare Active Directory, follow the steps below:
Open the Skype for Business Deployment Wizard.
In the Deployment Wizard click Prepare Active Directory.
Click Run next to Prepare Schema.
On the Prepare Schema page click Next.
Once the comamnds finish executing click Finish.
Next click Run next to Prepare Current Forest.
On the Prepare Forest page click Next.
On the Universal Group Location page select Local Domain and click Next.
Once the commands finish executing click Finish.
Next click Run next to Prepare Current Domain.
Click Next on the Prepare Domain page.
Once the commands finish executing click Finish.
Active Directory Preperation is now completed.
Add Universal SFB Groups to the Domain Administrator Account
Once the Skype for Business Deployment wizard has updated Active Directory, you will need to make your domain administrator account the member of 3 universal groups. This will allow the domain administrator account the ability to make changes to the Skype for Business Deployment and the Topology. To add the groups to the user account, follow the steps below:
In the Domain Controller launch "Active Directory Users and Groups" from the Windows Start screen.
In the Active Directory Users and Computers window locate your domain account.
If you are using the default administrative account, you will locate it in <Domain>->Users. It is labelled as "Administrator".
Right click on the user and then click on "Add to Group".In the Enter the Object names to select test box enter the three groups below. Notice they are seperated by a semicolon. Once done click Check Names and they will become underlined as shown below. At this point click OK.
CSAdministrator;RTCUniversalServerAdmins;RTCUniversalUserAdminsOnce the groups are added, you will need to log out of the administrative account and then log back in. This will refresh your new permissions.
Completion of the SFB 2015 Deployment
Once the Active Directory preparation is completed, you can complete the Deployment Wizard.
Update the DNS Server
In order to further the SFB deployment, you would need to create a few DNS A-Records within the Active Directory Managed DNS Server. To do this, follow the steps below:
Launch the DNS Server MMC Snap-in from your PDC (Primary Domain Controller).
In the DNS Manager, navigate to your domain by expanding the forward lookup zones. Right click on your domain, and click on "New Host (A or AAAA)...".
In the New Host Window, add the name "meet" in the name textbox. For the IP Address, enter the Internal IP Address of the Express for Lync appliance.
Follow step 2 and 3 again to add the DNS A records for "dialin" and "admin" as well.
Right click on the your domain again and select "Other New Records...".
Right click on the your domain again and select "Other New Records...".
From the "Resoure Record Type" window, select "Service Location (SRV)". Click on "Create Record" to continue.In the New Resource Record window, enter the following:
Service: _sipinternaltls
Protocol: _tcp
Port Number: 5061
Host offering this service: <FQDN of your Front End Server>
Click OK to complete the srv record creation and click Done to close the Resource Record Type window.Once the DNS names have been added, close the DNS Manager window.
Prepare the Front End Server
At this time we need to run the final preparation wizard of the SFB deployment. This will install all the required MSI files for the SFB Server. This takes several minutes to complete. To complete this step, follow the instructions below:
Click on the "Prepare first Standard Edition server" link from the Skype for Business Deployment wizard.
Once the Prepare single Standard Edition Server wizard launches, click Next to proceed.
The wizard will then ask you where the MSI files for Skype for Business are located. Click Browse and go to "C:\Program Files\Skype for Business Server 2015\DVD\Setup\amd64\". Then click Next.
The wizard will then begin installing all the required packages. Once completed, click "Finish" to exit the wizard.
You will now be returned to the Main Deployment Wizard screen to continue with the Skype for Business Deployment. You may close the Deployment Wizard as the next step requires you to create your topology.
Create SFB Server 2015 Topology
Before you can finalize your deployment, you must create a Skype for Business topology. The SFB topology defines how SFB's deployment will behave once deployed. It houses a collection of configurable options which we will go through one by one. To complete your topology, follow the steps below:
Launch the Skype For Business Server Topology Builder from the WIndows Desktop.
When the Topology Builder launches, select "New Topology" and click OK.
The Topology Builder will ask you to save the new topology. Give the topology a name and click the "Save" button to continue. You may change the location of where you would like to save the topology if you wish.
The next step will ask you to define your primary SIP domain. This typically should be a public FQDN. Such as "sfbsangoma.com".
The next step will ask you to specify any additional SIP domains you would like to add to the topology. If you do not have any, you can just click Next to proceed. If you do, please add them and click Next.
This next screen will ask you to define your first site. Enter a name and description in the textboxes and click Next to proceed.
This next screen will ask you for some details of your deployment. Fill out the City, State/Province and Country Region code where your topology is being deployed at and click Next to continue.
Once the new topology is defined, click on Finish to open the New Front End Wizard. Make sure "Open the New Front End Wizard when the wizard closes" is checked off.
When the front end pool wizard launches, click Next to proceed.
The wizard will now ask you to define the Front End Pool for SFB. Enter the FQDN of the Express for Lync Appliance and make sure "Standard Edition Server" is selected.
The wizard will now ask you to select the feature you would like included in the Front End Pool. For this guide, we have chosen to add the conferencing, Enterprise Voice and Call Admission Control features. Click Next to proceed.
The wizard will now ask you about collocation. This feature should be used in a standalone SFB Deployment. Make sure "Collocate Mediation Server" is checked off and click Next to continue.
The wizard will now ask you to define an edge pool. We will not configure an Edge Server at this point. Ensure the box is unchecked.
The wizard will now ask you to define the SQL store. Leave the SQL store options at defaults and click Next to proceed.
The wizard will now ask you to define a file store. The best idea is care a new folder called "sfb-share" on the C drive of the front end server. Then share this folder and point the wizard to this. Make sure the server FQDN is correct and the file share being used is accessible.
The wizard will now ask you to define the web services URL. Leave this at defaults unless you would like to define another URL for the web services and click Next to proceed.
The server will now ask you about your Office Web Apps server. We will not be configuring one at this point. Ensure the box is unchecked as shown below.
Expand the SFB Server menu, and navigate down to Skype For Business Server 2015 -> Standard Edition Front End Servers. Select the SFB front end server and right click on it. Click on Edit Properties to launch the properties window.
Scroll down to the Mediation Server section, and click on the "Enable TCP port" option. This will allow the Mediation Server to listen on TCP port 5068. Click OK to accept the change.
Right Click on the "Skype for Business Server" Menu item and then click on "Publish Topology". This will load the Topology publishing wizard to publish the topology to the SQL Store.
When the Publish Topology wizard opens, click Next to proceed.
The wizard will then ask you to select the server which will host the Central Management Store. Select the SFB front end server from the dropdown list and click Next to proceed.
The Publish Topology wizard will now publish the topology to the SQL store. This may take several minutes. Once completed click "Finish" to close the wizard. You can then close the Topology builder.
Install Root CA Certificate onto the Front End Server
You now need to install the certificate chain created from Active Directory Certificate Services into the Windows Server 2012 certificate store. This will then be used in the final portion of the SFB 2015 Deployment.
Launch Internet Explorer on the Front End Server from the Windows Start screen.
On your Domain Controller with Certificate Services Installed enter the Add Roles and Features Wizard. Select the server roles shown below:
- Certificate Enrollment Policy Web Service
- Certificate Enrollment Web ServiceOn the Features section click Next.
On the Confirmation section click Install.
Once done click Close.
You can return to the front end server now. In Internet Explore go to "http://<FQDN of Certificate Server>/certsrv/". Ensure you add this system as a trusted website as shown below. Remeber to uncheck "Require Server Verificatation" at the bottom.
Once at the Certificate server login with your domain credentails and Click on the "Download a CA Certificate, certificate chain, or CRL.
Click on "Download CA certificate chain" from the next loaded page. Save the chain on your windows desktop for ease of access.
Locate the file on the desktop and right click on it. Click on "Install Certificate".
Once in the Certificate Import Wizard click Browse.
Select the Trusted Root Certification Authorities store.
Click Next.
Click Finish to install the root CA certificate.
Finalizing the SFB 2015 Deployment
In order to complete the deployment, we must now re-launch the SFB 2015 Deployment Wizard. Follow the steps below to finalize the deployment:
On the Windows Desktop, double click on the "Skype for Business Server Deployment Wizard".
Click on Install or Update Skype for Business Server System
Click Run next to step 1 to begin the installation of the local configuration store on the front end server.
Select the default Retrieve directly from the Central Management store option and click Next.
Once the commands have finished click Finish to complete the installation of the central management store.
Once completed you will be taken back to the deployment wizard. Click Run on step 2 to Setup Skype for Business Server components.On the next screen click Next to continue.
Once the commands have finished click Finsht to complete the installation of the Skype for Business Server components.
Once completed you will be taken back to the deployment wizard. Click Run on step 3 to Request, Install or Assign Certificates.On the next screen select the Default Certificate and click Request.
Complete the Certificate Request form and then click Next to continue.
On the Certificate Request Summary page click Next to request the certifciate.
Once the commands finish executing click Next to proceed.
On the Online Certificate Request Status click Finshed to proceed. Ensure Assign this certificate to Skype for Business Server certificate usages is checked.
On the Certificate Assignment page click Next to continue.
On the Certificate Assignment Summary page click Next to continue.
On the Executing Commands page click Finish to complete the assignment.
Once back in Certificate Wizard click OAuthTokenIssuer and click Request.
On the Certificate Request page click Next to continue once you have filled out the form.
On the Certificate Request Summary page click Next.
Once the commands finish executing click Next.
On the Online Certificate Request Status click Fished to proceed. Ensure Assign this certificate to Skype for Business Server certificate usages is checked.
On the certificate assignment page click Next.
On certificate assignment summary page click Next to continue.
Once the commands finish executing click Finish to proceed.
At this point all certificates should have a green check mark next to them. Close this Window to proceed.
Now you can start up the Skype for Business Server 2015 services. Run the power shell command "Start-CsWindowsService" to start all of the Skype for Business Services. The installation is now complete.
