Category Archives: Skype for Business 2015

3- Migrate Users from Skype for Business 2015 to Teams

Hybrid Integration

In my last post about Skype for Business / Office 365 Skype for Business Online/Teams migration article I discussed the steps of how to create a hybrid environment between Skype for Business on-premises and went through the troubleshooting of each issue I have been through. In this article I am going to discuss the migration of users from on-premises to the cloud through UI and PowerShell.

Migrating users

This article will assume that you are planning to migrate users from Skype for Business Frontend 2015 Server and that you already have a hybrid configuration in place. If so then you’re going to fulfill the following prerequisites:

To check the currently installed PowerShell run the following cmdlet



After you Download and install PowerShell 5.1 you might need to restart the server. In which case the PowerShell will show that it is updated to the required version.


After Installing the Skype Online Connector Module, We will be able to connect right after launching PowerShell

To do so type:

Import-Module SkypeOnlineConnector


Connecting to Office 365 (Teams Online or Skype for Business Online)

The process of connecting to Office 365 Online PowerShell sounds easy but with MFA enforced in your environment you’ll have a nightmare mix of errors when you try so.

I have came through a lot of errors trying to force the use of PowerShell with MFA user authentication but eventually came to realize that Microsoft still does not support MFA for some cmdlets like Move-CsUser for instance.

So In short, to connect you’ll need to have a global or Teams admin user with MFA disabled to do so.

To create a new Skype Online Session enter:

– Make sure you start the regular PowerShell as admin and not Skype for Business Management Shell.

If you run these commands from SfB Management Shell you’ll get an error


So first, We will import the Skype Online connector Module

Import-Module SkypeOnlineConnector


Then get the OverRidePowershell URI using the command:



Next, We will connect and authenticate to our tenant using the following cmdlet

$sfbsess = New-CsOnlineSession -Username -OverRidePowerShellUri –Verbose


Moving Users to Teams

To Move users to Office 365, You need to first provide credentials of the User with MFA disabled and then use the command Move-CsUser

An Example:

$Creds = Get-Credential


Moving User

Move-CsUser –Identity –target “” –hostedMigrationOverRideUri –ProxyPool “YourFEPool.Domain.local” –Credential $Creds


Let’s check the status of the migrated user, The hosting provider attribute is what we care about as it tells us where the user is homed at.


Checking the user from Teams Portal

Users seems to be licensed, online and can now login using the Microsoft Teams app.


Bulk Enable Users and assign Tel URI numbers to them

In case you have a big number of users that you want to enable them online

# Please provide your O365 admin credential

$creds = Get-Credential

-PSSession (New-CsOnlineSession $cred) -AllowClobber

$csv = Import-csv “C:\Users\Mohammed\users.csv”

ForEach ($user in $csv) {

Write-host now enabling $user.alias

Move-CsUser –Identity $user.alias –target “” –hostedMigrationOverRideUri –ProxyPool “YourFEPool.Domain.local” –Credential $creds


The CSV File will look like this


Errors you might face

Error 1:

When you have your on-premises user enabled for dialin you will probably get the following error if you try to migrate them to Skype for Business online or teams.

Move-Csuser :: HostedMisrat ion fault: Error=(511), Description=(The user could not be moved because he or she is enabled for dial-in conferencing on-premises, but has not been an assigned an Audio Conferencing license in Office 365. Users must be licensed before they can be moved to Teams or Skype for Business Online.)

If you are sure do want to use migrate this user without an Audio Conferencing license, specify the

“BypassAudioConferencingCheck” switch. ) At line: 1 char: 1


The Solution is to either provide an audio conferencing license  or as it is showing in the error itself as it says use the switch -BypassAudioConferencingCheck to ignore that.

Error 2:

When trying to import the session, I got the following error

the runspace state is not valid for this operation for PowerShell Online.


Solution: To overcome this problem you’ll need to use the overridePowershellUri Parameter in the New-CsOnlineSession in order to connect to Skype online powershell.

To get your tenant’s PowerShell URI use the cmdlet Get-CsOnlinePowerShellEndPoint

What you need to use is the AbsoluteUri


Error 3:

When you try to import the SkypeOnlineConnector module and then run the New-CsOnlineSession cmdlet from Skype for Business Management Shell you’ll get the following error after authenticating.

Sign in

Sorry, but we’re having trouble signing you in.

AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: ‘7716031e-6f8b-45a4-b82b-922b1af0fbb4’. More details: Reply address did not match because of case sensitivity.

Troubleshooting details

If you contact your administrator, send this info to them.
Copy info to clipboard  
Request Id:  f0f97265-4669-4e4f-bcf7-609469e92f00
Correlation Id:  829c8a2b-f697-416f-bfa6-4a794a229a13

Timestamp:  2021-01-10T23:00:10Z
Message:  AADSTS50011: The reply URL specified in the request does not match the reply URLs configured for the application: ‘7716031e-6f8b-45a4-b82b-922b1af0fbb4’. More details: Reply address did not match because of case sensitivity.

Advanced diagnostics: Disable
If you plan on getting support for an issue, turn this on and try to reproduce the error. This will collect additional information that will help troubleshoot the issue.



Run the cmdlets from Windows PowerShell as admin not Skype for Business Management shell.


error when Installing Nuget module for Microsoft Teams integration


I got a client requesting to integrate Skype for Business 2015 with Microsoft Teams. Skype for Business 2015 is installed on Windows Server 2012 R2 which has PowerShell 4.0

I already installed PowerShell 5.1 and restarted the server in question.

When I tried to install the Microsoft Teams PowerShell Module to integrate Skype for Business with Teams I got the following error:



PS C:\Users\Admin> Install-Module MicrosoftTeams

NuGet provider is required to continue
PowerShellGet requires NuGet provider version ‘’ or newer to interact with NuGet-based repositories. The NuGet
  provider must be available in ‘C:\Program Files\PackageManagement\ProviderAssemblies’ or
. You can also install the
NuGet provider by running ‘Install-PackageProvider -Name NuGet -MinimumVersion -Force’. Do you want
PowerShellGet to install and import the NuGet provider now?
[Y] Yes  [N] No  [S] Suspend  [?] Help (default is “Y”): y
WARNING: Unable to download from URI ‘′ to ”.
WARNING: Unable to download the list of available providers. Check your internet connection.
PackageManagement\Install-PackageProvider : No match was found for the specified search criteria for the provider
‘NuGet’. The package provider requires ‘PackageManagement’ and ‘Provider’ tags. Please check if the specified package
has the tags.
At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\\PSModule.psm1:7405 char:21
+ …     $null = PackageManagement\Install-PackageProvider -Name $script:N …
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     + CategoryInfo          : InvalidArgument: (Microsoft.Power…PackageProvider:InstallPackageProvider) [Install-Pac
    kageProvider], Exception
     + FullyQualifiedErrorId : NoMatchFoundForProvider,Microsoft.PowerShell.PackageManagement.Cmdlets.InstallPackagePro

PackageManagement\Import-PackageProvider : No match was found for the specified search criteria and provider name
‘NuGet’. Try ‘Get-PackageProvider -ListAvailable’ to see if the provider exists on the system.
At C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\\PSModule.psm1:7411 char:21
+ …     $null = PackageManagement\Import-PackageProvider -Name $script:Nu …
+   ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     + CategoryInfo          : InvalidData: (NuGet:String) [Import-PackageProvider], Exception
     + FullyQualifiedErrorId : NoMatchFoundForCriteria,Microsoft.PowerShell.PackageManagement.Cmdlets.ImportPackageProv

More Details:

Although I have PowerShell 5.1 module installed but still it seems problems wont go away. It’s part of Microsoft’s main requirement to have Windows PowerShell 5.1 and to import the Microsoft Teams Module for an easy installation and integration with Teams as it leverages the Module MicrosoftTeams to make things easy.

When looking at the details of the error, it seems as if PowerShell is trying to connect to a particular link to download and install the NuGet Provider which is part of installing the MicrosoftTeams Module.

The error below can be noticed to be the cause.



After doing some digging it turns out that since April 2020 Microsoft has disabled the use of TLS Version 1.0 and 1.1 so people who are working on old Windows Server edition or any application servers that utilize these protocols will now have to force PowerShell or any other app to use the TLS 1.2 Version.

In order to fix this, You will need to run the following Script on your PowerShell as an Admin

[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12

See the announcement here:

After running this script, I was able to install NuGet and run the installation of MicrosoftTeams PowerShell Module


Hope this helps

Skype for Business IM integration with Exchange 2016 OWA–Part 2

This article is a completion of Part 1, Click here to go to Part 1

Configuration Steps – Part 2

7. On Exchange: Enable OWA VD Instant Messaging
8. On Exchange: Enable Messaging on OWA Policy
9. On Exchange: Create Enterprise Application for Skype Pool.
10. On Exchange: Create new SettingOverride for Skype for Business.
11- Generate a new Certificate for Exchange IM
12. Assign the newly imported certificate to IIS Exchange Back End site
13. On Exchange: Restart the WebAppPool
14. Log out and sign back in to OWA to Check
15. Troubleshooting methods

    7- On Exchange Server: Enable OWA VD Instant Messaging

    Part of enabling IM integration between Exchange and SfB is to enable OWA Virtual Directory to allow this. The below cmdlet does the job for you on all your Exchange Servers

    From Exchange, Launch Exchange Management and run the following cmdlet

    Get-OwaVirtualDirectory | Set-OwaVirtualDirectory -InstantMessagingEnabled $true -InstantMessagingType Ocs


    8- On Exchange: Enable Messaging on OWA Policy

    Run the following to enable Messaging for Owa Policy

    Get-OwaMailboxPolicy | Set-OwaMailboxPolicy -InstantMessagingEnabled $true -InstantMessagingType Ocs


    9- On Exchange: Create Enterprise Application for Skype Pool.

      From Exchange Management shell Run the following cmdlet

      Cd $exscripts

      .\Configure-EnterprisePartnerApplication.ps1 -AuthMetadataUrl “” -ApplicationType Lync

      The AuthMetadataUrl is going to be your local Skype for Business Pool URL. This URL should work in your Exchange server without any Certificate error. Meaning that the certificate assigned to your Skype for Business pool should already be imported to Exchange Servers to trust this URL.


        If your previous configuration is correct then you should see the “The Configuration has Succeeded” Message.

          10- On Exchange: Create new SettingOverride for Skype for Business.


          • To configure the same settings on all Exchange 2016 and Exchange 2019 servers in the Active Directory forest, don’t use the Server parameter.

          New-SettingOverride -Name “<UniqueOverrideName>” -Component OwaServer -Section IMSettings -Parameters @(“IMServerName=<Skype server/pool  name>”,”IMCertificateThumbprint=<Certificate Thumbprint>”) -Reason “<DescriptiveReason>” [-Server <ServerName>]

          The Thumbprint you use here will define if whether IM will work or not as this what secures the communication between Exchange and Skype. If you use the wrong certificate your Integration will fail and users wont be able to login to IM through OWA.

          11- Generate a new Certificate for Exchange IM


          In order for IM in OWA to work the certificate you will generate must have its common name set as to match the configuration.

          Using Digicert tool on Exchange Server I will generate the CSR of the new certificate

          Click on Create CSR


          Choose SSL certificate type and make sure you choose as CN

          In the SANs type all of the involved servers (Skype for Business Frontends, Mailbox servers in FQDN and in Hostnames as in the screenshot below). and click on Generate


          • Go to your CA Server’s CertSRV URL and copy the CSR code there to generate the new certificate.
          • Import the new certificate to the current server, then export it in PFX format and import it to all the Exchange Servers you’re planning to use.


          • After importing the certificate I will verify that I can see the private key


          Click on the Details and copy the Thumbprint or from MMC right click the certificate > Properties give it a friendly name e.g. (IM) and then from Exchange Management shell you can copy the Thumbprint directly.

          Get-ExchangeCertificate | select thumbprint,friendlyName


          Now use the previous script to create the setting Override for OwaServer.

          Things you can change are in bold “Name, IM Servername Value, and the Thumbprint value”.

          New-SettingOverride -Name “IM Override” -Component OwaServer -Section IMSettings -Parameters @(““,”IMCertificateThumbprint= 28E4B1BA0F2FCB1535AF199F02A64EFC78367F2D“) -Reason “Configure IM”


          If you enter the server parameter to use a single server you can change that by using. Note that you must not use FQDN but rather only the server’s hostname.

          Get-SettingOverride | Set-SettingOverride -Server sbg-mx01,sbg-mx02


          This should generate an event ID 112 on Exchange servers involved in the deployment.


            12. Assign the newly imported certificate to IIS Exchange Back End site

            Once the certificate is in the server store, You will be able to easily find in from IIS and bind it to the Exchange Back End site.

            This is the most crucial step to get IM to work in OWA. Don’t worry about breaking up Exchange Sites or Powershell. If you have added Exchange Servers Hostnames and FQDNs in this certificate then you should be good.

            • Now Launch IIS
            • Click on Exchange Back End
            • Select Binding
            • Click on the 444 port and edit
            • Select the newly generated certificate that has the as CN. (This certificate must also have all Exchange Servers hostnames and FQDNs set as SANs)



            Make sure you change the backend cert to the new on all the involved Exchange Servers.

            13. On Exchange: Restart the WebAppPool

            Restart-WebAppPool MSExchangeOWAAppPool


              14. Log out and sign back in to OWA to Check

              Log out of OWA and back in and check if you are able to Login to IM . It should normally sign you in automatically but in case of an error then you should see it.


              In case of an error you should see the following.


              If it works then you should see the presence


              15. Troubleshooting Methods

              If you follow the above steps correctly then it should work especially when applying the right certificate for your Exchange Back End IIS part however if you face an error then you should do the following steps to troubleshoot the error

              • Set the Eventlog for Instant Messaging on Exchange from Low to High

              Set-EventLogLevel -Identity “sbg-mx01\MSExchange OWA\InstantMessage” -Level High


              • Look in the following path for errors

              C:\Program Files\Microsoft\Exchange Server\V15\Logging\OWA\InstantMessaging

              • Check the Healthset of the OWA Instant Messaging.

              Get-ServerHealth -HealthSet OWA.Protocol.Dep -Server sbg-mx01 | Format-Table Name, AlertValue –Auto


              Get-MonitoringItemIdentity -Server sbg-mx01 -Identity OWA.Protocol.Dep | Format-Table Identity,ItemType,Name -Auto





                Skype for Business IM integration with Exchange 2016 OWA–Part 1

                The Story

                A good and detailed documentation is everything we need to implement any kind of project especially if it’s an integration between two different servers that perform different roles.

                And with PKI involved the complications multiply thus a good article write up is what we need.

                Previously I have tried a test lab with Skype for Business 2015/2019 IM Integration with Exchange 2016/2019 and the result was a complete failure and endless search for what’s missing to get IM to work from OWA?



                Upon completion of the steps mentioned in Microsoft’s Official documentation and after restarting Exchange IIS or OWAAppPool you will see this when you try to login to OWA with your user

                There’s a problem with instant messaging. Please try again later.


                MS Official Documentation

                In their Official documentation Microsoft says that the certificate in question must be trusted by all the servers involved meaning Skype for Business Frontend and Mailbox Servers.

                Meanwhile this is true, it still would not get the IM to login/work although it might drop the initialize event ID 112 in the event log.


                Here is what MS says about the certificate.

                Exchange and Skype for Business integration requires server certificates that are trusted by all of the servers involved. The procedures in this topic assume that you already have the required certificates. For more information, see Plan to integrate Skype for Business Server 2015 and Exchange. The required IM certificate thumbprint refers to the Exchange Server certificate assigned to the IIS service.

                REF URL:


                Step by Step Deployment

                To do things the way that should get this to work, I will detail steps one by one so we can be sure to get the positive results we are all waiting for when dealing with Exchange and Skype for Business.

                Exchange IM URL 1:

                Skype for Business Pool FQDN:

                Autodiscover URL :


                1. For Default and Web Service Internal, Your Skype for Business Frontend Server/Pool must use a certificate that is generated from an internal CA which you can use later to generate Exchange’s IM Certificate.
                2. UCMA must be installed (Doesn’t matter if version 4 or 5) both are supposed to work with Exchange 2016.
                3. Local Certification Authority must already be deployed in the domain.

                Configuration Steps – Part 1

                1. On SfB: Set CsAuthConfiguration Autodiscover URL for Skype server to find Exchange Autodiscover
                2. On SfB: Get-CsSite to see what is the current site ID.
                3. On Exchange: Check AutodiscoverServiceInternalURI
                4. On SfB: Create new Partner
                5. On SfB: Create new Trusted Application Pool
                6. On SfB: Create new Trusted Application ID

                Configuration Steps – Part 2

                7. On Exchange: Enable OWA VD Instant Messaging
                8. On Exchange: Enable Messaging on OWA Policy
                9. On Exchange: Create Enterprise Application for Skype Pool.
                10. On Exchange: Create new SettingOverride for Skype for Business.
                11- Generate a new Certificate for Exchange IM
                12. Assign the newly imported certificate to IIS Exchange Back End site
                13. On Exchange: Restart the WebAppPool
                14. Log out and sign back in to OWA to Check
                15. Troubleshooting methods


                1- Update or Create Server Default and Web Service Internal Certificate for SfB Pool servers

                The certificate installed on the Skype for Business Pool Frontend servers must be generated from a local Certification Authority which can be trusted by Exchange Server services.

                The Certificate generated for Skype for Business pool as in the below screenshot is generated from my CA and includes the names of the servers:

                • Skype for Business Pool
                • Skype for Business Frontend FQDNs
                • Exchange Servers
                • Autodiscover FQDN



                2- UCMA must be installed

                On both Exchange and Skype for Business servers I already have UCMA 4.0 version installed, but if you don’t have it or have an older version then you can’t continue without it.


                3- Make sure you have a Local Certification Authority deployed in your domain.

                Configuration Steps – Part 1

                1- On SfB: Set CsAuthConfiguration Autodiscover URL for Skype server to find Exchange Autodiscover

                For Skype for Business Server to find Exchange Autodiscover Service point and to be able to authenticate servers we’ll be using the below cmdlet

                This enables both servers to authenticate and share information when needed and without user’s interference.

                Set-CsOauthConfiguration -ExchangeAutodiscoverUrl





                2- On SfB: Get-CsSite to see what is the current site ID.

                Getting a site ID will be useful for later use to setup the Trusted Application Pool.

                On Skype for Business Management shell. Type the following


                So the Site ID is 1. I will keep this for later use


                3- On Exchange: Check AutodiscoverServiceInternalURI

                Specify the AutodiscoverServiceInternalURI for internal Autodiscover service. Make sure it points to your public URL and certificate not the internal one otherwise your users will get a certificate error through Outlook and might cause IM chat not to work.

                The Cmdlet would be

                Get-ClientAccessService | Set-ClientAccessService –AutoDiscoverServiceInternalUri


                4- On SfB: Create new Partner Application

                On Skype for Business Server, Launch Management Shell and use this cmdlet to add Exchange as a trusted Application to the SfB topology.

                New-CsPartnerApplication -Identity Exchange -ApplicationTrustLevel Full -MetadataUrl “


                5- On SfB: Create new Trusted Application Pool

                New-CsTrustedApplicationPool -Identity -Registrar -Site 1 -RequiresReplication $false


                6- On SfB: Create new Trusted Application ID

                From SfB Management Shell run the following cmdlet .

                New-CsTrustedApplication -ApplicationId OutlookWebAccess -TrustedApplicationPoolFqdn -Port 5199




                Deleting Old Skype for Business or Lync server from ADSI

                The story

                I had a project few weeks ago where my client wanted to install Skype for Business 2019 but had installed Lync before and removed the server without doing proper decommissioning which kept dirty records in AD database and had to be removed manually in order to make a new clean installation of Skype for Business 2019

                To do so:

                There are two days of doing so, One is using ADSIEdit and ADUC to remove Computer Objects and Users related attributes and Security Groups.

                I normally would prefer PowerShell but since we can demonstrate both ways for people who like to work with GUI

                Starting with GUI

                Removing Legacy Lync server from the AD Schema


                1. Using a domain or enterprise admin
                2. Access to the ADSIEdit.

                Goal of removing Legacy Lync server from your AD environment.

                1. Preparing AD schema and domain for a new deployment after you improperly deleted Lync Servers without uninstalling them.
                2. Cleaning Users’ Lync related attributes for the new deployment.



                Step#1: Remove permissions

                This step removes the original Lync permissions from the active director.

                1. Open Active Directory Users and Computers
                2. Right click on your top level domain being cleaned and select Properties
                3. From the Properties windows, select the Security tab.
                4. Remove all security users titled RTC*
                  These are usually
                  – RTCUniversalServerReadOnlyGroup
                  – RTCUniversalUserReadOnlyGroup
                  – RTCUniversalUniversalServices
                  – RTCUniversalUserAdmins

                From <>



                1. Repeat the same steps for each of the following AD Folders and

                  NOTE: Not all RTC permissions will exist in each AD Folder or OU, but these three OUs do:
                  – Domain Controllers
                  – System
                  – Users

                Domain Controllers






                Step#3: Additional AD cleanup

                1. Open Active Directory Users and Computers
                2. Drill down as follows
                  [Your Domain] \ Program Data \ Distributed \ KeyMan
                3. Delete LyncCertificates
                  NOTE: This may not exist in all scenarios.
                4. Drill down as follows
                  [Your Domain] Users
                5. Delete all RTC* and CS* users created by Lync
                  I.E. CSAdministrator, CSHelpDesk, RTCComponentUniversalServices, Etc.


                Deleting users from the User OU


                Deleting CS Users


                Step#4: Cleanup existing users

                This steps resets Lync attributes for any domain users and contacts.


                The Second way: Using PowerShell

                get-aduser -filter {msRTCSIP-PrimaryUserAddress -like “*”}|set-aduser -clear msRTCSIP-PrimaryUserAddress,msRTCSIP-PrimaryHomeServer,msRTCSIP-UserEnabled,msRTCSIP-OptionFlags,msRTCSIP-UserPolicies, msRTCSIP-DeploymentLocator, msRTCSIP-FederationEnabled, msRTCSIP-InternetAccessEnabled


                Users attribute are clean and AD has nothing left over of Previous installation of Lync or Skype for Business .


                Lync 2013 to Skype for Business in-place upgrade with Monitoring database

                This article guides you through the steps of doing an in-place upgrade from Lync 2013 to Skype for business. I am copying the article as is from my lab with all the errors that I have been through to give you a real experience feed back of what is this like.

                You might get issues that you have never expected, but resolving them is not that hard and if you have any issues please don’t hesitate to leave a comment and I will get back to help you.


                Extensible Chat Communication Over SIP protocol (XCCOS)

                From <>




                Lync CU 5


                Kb2533623 Windows Server 2008 R2


                Kb2858668 Windows Server 2012


                KB2982006 Windows Server 2012 R2


                SQL 2012 SP2 for Express version



                First Issue:

                Upon running the setup I have got the following error:

                Prerequisite not satisfied: Internet Information Services (IIS) must be installed before attempting to install this product.

                Prerequisite not satisfied: The following Internet Information Services (IIS) role services must be installed before attempting to install this product: Static Content, Default Document, HTTP Errors, ASP.NET, .NET Extensibility, Internet Server API (ISAPI) Extensions, ISAPI Filters, HTTP Logging, Logging Tools, Tracing, Client Certificate Mapping Authentication, Windows Authentication, Request Filtering, Static Content Compression, Dynamic Content Compression, IIS Management Console, IIS Management Scripts and Tools

                Prerequisite not satisfied: Before you install Skype for Business Server 2015, you must install an update for Windows Server 2012 R2. For details about the update, see Microsoft Knowledge Base article 2982006, “IIS crashes occasionally when a request is sent to a default document in Windows 8.1 or Windows Server 2012 R2” at

                Prerequisite not satisfied: Before you install Skype for Business Server 2015, you must install Microsoft ASP.NET 4.5 by using the Add Roles and Features Wizard in Windows Server 2012 Server Manager. Install the ASP.NET 4.5 role service of the Web Server (IIS) role.

                Prerequisite not satisfied: Before you install Skype for Business Server 2015, you must install Microsoft Windows Communication Foundation Activation by using the Add Roles and Features Wizard in Windows Server 2012 Server Manager. Install WCF Services and HTTP Activation, which are included with the Microsoft .NET Framework 4.5 feature.





                I will re-run prerequisites to make sure that all are satisfied before running setup again.

                STEP 1 : Installing Prerequisites

                Add-WindowsFeature NET-Framework-Core, RSAT-ADDS, Windows-Identity-Foundation, Web-Server, Web-Static-Content, Web-Default-Doc, Web-Http-Errors, Web-Dir-Browsing, Web-Asp-Net, Web-Net-Ext, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Http-Logging, Web-Log-Libraries, Web-Request-Monitor, Web-Http-Tracing, Web-Basic-Auth, Web-Windows-Auth, Web-Client-Auth, Web-Filtering, Web-Stat-Compression, Web-Dyn-Compression, NET-WCF-HTTP-Activation45, Web-Asp-Net45, Web-Mgmt-Tools, Web-Scripting-Tools, Web-Mgmt-Compat, Server-Media-Foundation, BITS, Desktop-Experience, Telnet-Client


                Updated aug-2018



                STEP 2: Installing CU5

                Download and install CU5




                After the restart we will apply the update of the databases which in my case is going to be the FQDN of the FE server since it’s standard version and not Backend server.

                Install-CsDatabase -ConfiguredDatabases -SqlServerFqdn lyncfe01.adeo.local -Verbose



                Time to upgrade the Archiving/Monitoring databases.

                To upgrade we’ll use the same command except change the FQDN of the SQL server to the SQL server where Monitoring and Archiving databases are at.

                Install-CsDatabase -ConfiguredDatabases -SqlServerFqdn sql01.adeo.local -Verbose




                Applying CMS upgrade


                Install-CsDatabase -CentralmanagementDatabase -SqlServerFqdn Lyncfe01.adeo.local -SqlInstanceName rtc -verbose



                Then run enable-cstopology

                Last thing in the CU5 update is

                %ProgramFiles%\Microsoft Lync Server 2013\Deployment\Bootstrapper.exe




                Step 3 : Installing Windows OS hotfix.

                KB2982006 Windows Server 2012 R2

                Since the FE is on Windows Server 2012 R2 then we’ll need to download this link


                RESTART is Required


                STEP 4 : Install SQL Service Pack 2 (Express) for your Lync Front end Standard Edition

                First Download SQL Express SP2 setup


                You can patch the server by opening a Lync Management Shell window and entering the following commands:


                .\SQLEXPR_x64_ENU.exe /ACTION=Patch /allinstances /IAcceptSQLServerLicenseTerms









                Step 5: SQL Server (Standard or Enterprise) for (Monitoring, Archiving)



                My SQL Server version is SP1 so I don’t need to upgrade it to SP2


                Step 6- In-place Upgrade for Skype For Business

                In order to do the in-place upgrade, we’ll need to use a machine that doesn’t have Lync 2013 to install the new Topology builder and do the upgrade process

                On a different Machine that’s joined to the same domain, I will run the prerequisites script and restart the machine. then I’ll load the Skype for business ISO and install







                We’ll now press on Installing Administrative tools




                Now in order to continue we’ll have to open the topology builder in order to upgrade our Lync 2013 topology

                I’ll open the topology builder and save the topology file somewhere


                Once the topology is open, I’ll navigate to the Standard FE Servers and right click on my main server to upgrade



                I’ll click on Upgrade to Skype for Business Server 2015…


                As soon as you press Yes, the Frontend server that you selected will be moved under the Skype For Business Server 2015 tab as you can see below.


                Since I have two FE servers (FE and SBS) I will be upgrading them both but not in the same time not not fall into any errors, so I will publish the topology and see what happens.



                We’ll check what do we need to do now in order to upgrade the servers, here is what we’ll do.

                Import existing normalization rules from the previous Skype for Business Server deployment. If you want to keep your existing normalization rules you will need to import them using the Import-CsCompanyPhoneNormalizationRules cmdlet. If you have separate normalization rules for each pool then you will need to run the command for each set.

                To perform an in-place upgrade of your Skype for Business Server, you’ll need to do the following, in order:

                (1) Stop the Skype for Business services on all of the servers that you are upgrading;

                (2) Run Skype for Business Server setup (Setup.exe) on all of the servers you are upgrading;

                (3) Start the Skype for Business services on all of the servers you upgraded. To start the services in a Front End pool, connect to one of the servers in the pool and run the Start-CsPool cmdlet. All the servers in the pool should be running Skype for Business Server before you use the Start-CsPool cmdlet. To start the services in all other pools (e.g. Edge pool, Mediation pool), run the Start-CsWindowsService cmdlet on every server in the pool;

                Server FQDN: lyncfe01.adeo.local, Pool FQDN: lyncfe01.adeo.local

                On Lync FE 01 I’ll stop all the services using Stop-cswindowsservice


                Now on the same server I’ll load the Skype4B ISO and start the setup





                Started at 1:40pm








                The required time for the upgrade process is estimated around 75-90 Minutes for each FE Server.



                Starting ‘Verifying upgrade readiness…’

                ‘Verifying upgrade readiness…’ completed successfully

                Starting ‘Installing missing prerequisites…’

                ‘Installing missing prerequisites…’ completed successfully

                Starting ‘Uninstalling roles…’

                ‘Uninstalling roles…’ completed successfully

                Starting ‘Detaching database…’

                ‘Detaching database…’ completed successfully

                Starting ‘Uninstalling local management services…’

                ‘Uninstalling local management services…’ completed successfully

                Starting ‘Installing and configuring core components…’

                ‘Installing and configuring core components…’ completed successfully

                Starting ‘Installing administrative tools…’

                ‘Installing administrative tools…’ completed successfully

                Starting ‘Installing local management services…’

                ‘Installing local management services…’ completed successfully

                Starting ‘Attaching database…’

                ‘Attaching database…’ completed successfully

                Starting ‘Upgrading database…’

                ‘Upgrading database…’ completed successfully

                Starting ‘Enabling replica…’

                ‘Enabling replica…’ completed successfully

                Starting ‘Installing roles…’

                ‘Installing roles…’ completed successfully

                Starting ‘Verifying installation…’

                ‘Verifying installation…’ completed successfully


                Upgrade the SBS (Survivable Branch Server) in the pool to Skype4B



                Publish the topology


                I’ll stop the service before I start the upgrade process.


                I’ll load the ISO on the second server and start the upgrade.






                Apparently I forgot to update Lync to the latest CU





                Resetting Root Password for FreePBX–Sangoma Linux 7

                Many people have been through this same problem either due to forgetting the root password, typing it wrong or due to console language conversion issue.

                Mine was due to using a remote console which didn’t translate my keyboard properly and caused a wrong password.

                So I ended up having access to the GUI screen but not the root. So first thing came to my mind is should I reformat the machine and reinstall it since it doesn’t take long time? but no I like challenges and started digging into how do I reset the password.

                Since I do still have the access to console I can try from the Kernel, the default ISO install FreePBX with Sangoma 7 Distro which is based on Centos Kernel 3.10.0-862.2.2.3 el7.x86_64.

                So I first attempt I tried was following the same method of resetting root password on Centos through Kernel.

                1- Restarting the machine to get into Kernel:

                When Restarting Press E to edit the Kernel


                Once pressed E you will get this screen:


                2- Edit the Kernel:

                Scroll down until you find “rhgb quiet” and replace it with “init=/bin/bash” without quotes.


                So eventually it’ll look like this


                3- Resetting Root Password:

                Once it’s changed, press ctrl-X to initiate the process of resetting the root password:

                You will get Bash cmd prompt, Type the following commands

                A- First to check the status of root partition by running following command on the single user mode.

                Mount | grep root

                In this distro of Linux you might not get anything but normally you should get partition details.

                B- To make the partition writable, you’ll have to type in the following command

                mount -o remount,rw /

                C- To Change the root password type

                passwd root

                Type your new password and you’ll get a message that all authentication tokens updated successfully


                After this restart and try to login, and you’ll see that it works fine



                After restarting the machine, I tried to get into web GUI to start configuring the FreePBX but I received the following error:

                Whoops\Exception\ErrorException (E_ERROR)

                Class ‘PicoFeed\Reader\Reader’ not found

                After doing some research it was obviously an error related to a recent update pushed by FreePBX



                and the solution was running this cmd

                fwconsole ma upgrade dashboard –edge

                Winking smile

                Hope someone would find this useful 

                Enabling E5 users on-cloud and calling from/to between IP/PBX users–Part 4

                In hybrid scenario you might want to use PBX Online or/and use your existing on-premises PBX. Sometimes the regulation in your country is strict toward the VoIP traffic and that it can’t be used on-cloud and for this type of scenarios you’ll want to deploy the Hybrid topology and route all your VoIP traffic for online users toward your on-premises PBX ..

                This can be easily managed with Skype for Business/Online and with few powershell commands you can control the call flow.


                Skype 4 Business Edge and Hybrid Configuration–Part 2

                  Configuring Edge Server

                  Edge prerequisites

                  Install Prerequisites

                  • Microsoft .Net Framework 3.5, HTTP Activation, Windows Identity foundation, Telnet Client.

                  Add-WindowsFeature NET-Framework-Core, NET-Framework-45-Core, NET-Framework-45-ASPNET,  Web-Net-Ext45, NET-WCF-HTTP-Activation45, Windows-Identity-Foundation, Telnet-Client -Source X:\sources\sxs

                  Setup NETBIOS

                  In order to configure Skype 4 Business Edge, we’ll have to change the Netbios to give it the name of our Domain but we won’t join it to the domain.



                  Setup NICs

                  Edge Server must have 2 NICs, one Local NIC will point out to the Front end server but must not have Default gateway so traffic can only flow through the DMZ out to the internet and back in. but still it must be able to ping to the FE from Edge and vice versa.

                  DMZ network can have 1 DMZ address (Public Address to be NATTED to) or 3 DMZ addresses for public IP addresses with standard HTTPS ports.



                  Configure Hostnames

                  Edit the Edge server’s host file to include Lync FE and DC’s IP addresses and Hostname



                  Now I will go back to Skype for Business FE server, I’ll launch the topology builder and add new Edge server

                  I will add the first Edge pool which contains of a single Edge server


                  Next, you will have to choose if you want to enable federation with partners or other service providers …e.g. (Google)


                  I am intending to use a single Public IP address with a different ports (nonstandard) since this is a lab. For production it’s recommended to use 3 public IP addresses for Access Edge, AV and WebConf services.


                  Next I will choose the last option which says that the Edge pool is translated by NAT. I will configure my firewall to NAT ports to the Edge’s DMZ IP addresses from the Public so I am choosing this option.



                  This is the FQDN’s the default configuration .. It’ll only use a single FQDN for all services if you’re going to use a single public IP address with a different ports.

                  IMPORTANT NOTE

                  When you use a single IP address with a different ports, the Access Edge port will normally change to 5061 (Not 443 like in the SRV record which will cause failure if you forgot to change this port to match the one in your Topology’s Access Edge settings.

                  Next I’ll have to enter my Edge server’s Local IP address.



                  Next I will be asked to enter the DMZ’s IP address which the wizard calls (Private External IP address)


                  Here I am going to place the NAT IP address which is my Public IP address.


                  Next I’ll have to choose which Lync FE pool will be used as the next hop to the Edge pool. In this case I’ll be choosing my main pool since the second is only for resilience purpose.


                  Then I’ll associate the mediation pool for Edge server for external media traffic. I can assign both in this case.


                  Now I’ll click on Finish and right click on the Site name’s properties to enable the SIP federation and XMPP federation then Publish the topology.





                  Now I will setup Azure Active Directory Sync on my DC server in order to sync the required users for the test purpose.

                  My domain is adeo.local so I want to change the UPN for users to match the synced domain. ( and


                  Installing Azure Active Directory Sync

                  Now I will install the prerequisites which consist of the following


                  Net framework 4.5.2 is required for AADS but it’s already installed on my server


                  Next I will install Microsoft Online Service Sign in assistant


                  Next I will install Azure AD Module


                  Finally Azure AD Sync


                  Before moving forward, I’ll have to go to the Office 365 portal and activate DirSync


                  Then use a global admin credentials from O365.


                  Adding the forest using an enterprise admin user account



                  Due to the fact that my domain’s public dns host doesn’t have SRV configuration because it’s hosted by the famous free domain service (Freenom) so I’ll have to add my original domain as Lync (S4B) requires SRV records to point to the on-premises lync.






                  I will only sync one OU, so I will untick the Sync now box and click on Finish


                  I will go to the following path

                  “C:\Program Files\Microsoft Azure AD Sync\UIShell” and create a shortcut for the GUI application of AADS on the desktop

                  “C:\Program Files\Microsoft Azure AD Sync\UIShell\miisclient.exe”


                  To get this GUI app to work, you will have to sign out of your account and sign back in as your username will be added to the local administrators and have the authority to open it

                  Log off, log back in


                  Next I will go to the connectors tab and double click on the ADDS connector (Adeo.local)


                  I will go to the Configure Directory Partitions and under Credentials I’ll choose “Alternate credentials for this directory partition” then enter my on-premises AD Enterprise admin credentials


                  I’ll click on Containers


                  I’ll untick the DC=Adeo,Dc=Local box and only choose Dirsync OU then click OK and apply


                  Before I start syncing my AD , I will go to Skype for Business Server and add my domain as a SIP domain


                  Next I am going to change the FQDN of the SIP access edge for public domain to and the default port for the Access Edge to 443 and publish the topology



                  I needed to finally check if all my FE servers are replicating. So then I can move to Edge server to install Lync components


                  On the Edge server, I’ll use ISO for Skype 4 business to install the setup



                  First thing I’ll install the local Configuration Store

                  I’ll click on Run and then I’ll be asked to import the configuration file which I’ll must export from Lync FE (Skype 4 b FE) server


                  In this case, I’ll go to Lync FE and open Lync Management shell and enter the following Cmdlet

                  Export-CsConfiguration -FileName c:\


                  This cmdlet will export a file to the root C drive . I’ll copy this file to the edge server.


                  I’ll click next to continue, this should start installing the local store




                  Next I’ll request a certificate for Internal NIC For edge server




                  I’ll take the CSR (Certificate sign request) code and get a certificate from my local CA


                  I’ll open MMC and add Certificates console and import the PKCS certificate



                  After importing the certificate I’ll assign it to the internal NIC by clicking on Assign to the Edge Internal





                  Once we assign the certfiicate to the internal edge. The replication service for Edge and FE will start working


                  Now I’ll import my Public Certificate to Edge Server’s DMZ NIC

                  I already imported my public certificate, now I’ll go to the S4B wizard and assign it there



                  Unlike IN lync 2013 when you Click on Start service in the Wizard all services start on their own but on Skype for business you ‘ll have to start the services manually by yourself.


                  So Instead I used the service console to start the services.

                  Now I’ll go back to the FE And enable remote connectivity to Skype for Business from outside and make sure that replication works fine by checking the Topology or from cmdlet





                  Setting up Hybrid integration with Skype online for Business (O365)


                  In order for Skype for Business Hybrid configuration to work successfully for users homed on cloud and on-prem .. Users must be created first on-premises, enabled on Skype for Business on-premises and from the Skype for Business on-prem Control panel moved to Office 365 Skype for Business online.

                  Otherwise users will not be able to see each other’s presence information due to missing attributes if users were to be created directly online or on Active Directory and not enabled on-premises first.



                  In order to allow Hybrid environment to function properly, we’ll have to federate our Skype for Business on-premises’s Edge server as microsoft says below

                  Federation allows users in your on-premises deployment to communicate with Office 365 users in your organization. To configure federation, run the following cmdlets in the Skype for Business Server Management Shell:

                  From <>

                  On the front end server, we’ll run the following CMDlet

                  Set-CSAccessEdgeConfiguration -AllowOutsideUsers 1 -AllowFederatedUsers 1 -UseDnsSrvRouting -EnablePartnerDiscovery $true


                  Next cmdlet will create a new public federated provider for skype for business online.. However it already exists so we must delete it from control panel or the cmdlet will fail with the following message

                  New-CsHostingProvider -Identity SkypeforBusinessOnline -ProxyFqdn “” -Enabled $true -EnabledSharedAddressSpace $True -HostsOCSUsers $True -VerificationLevel UseSourceVerification -IsLocal $false -AutodiscoverUrl


                  I’ll delete the hosted provider “Skype for Business Online”


                  I’ll try the cmdlet again after deleting the provider ..

                  New-CSHostingProvider -Identity SkypeforBusinessOnline -ProxyFqdn “” -Enabled $true -EnabledSharedAddressSpace $true -HostsOCSUsers $true -VerificationLevel UseSourceVerification -IsLocal $false -AutodiscoverUrl


                  Since it worked already, I will go back to the control panel and make sure it is enabled


                  Next is : Configure your Skype for Business Online tenant for a shared SIP address space


                  To configure a shared SIP address space, establish a remote PowerShell session with Skype for Business Online, and then run the following cmdlet:

                  We’ll have to download skype for business online powershell


                  After launching the PowerShell module as an administrator I’ll run the following cmdlet

                  clip_image079 (Connect to Skype for Business online (Lync Online) Powershell)

                  Import-Module SkypeOnlineConnector


                  Now I’ll connect to my Office 365 tenant


                  $cred = Get-Credential

                  $CSSession = New-CsOnlineSession -Credential $cred

                  Import-PSSession $CSSession -AllowClobber


                  Now I’ll configure the shared sip address

                  Set-CsTenantFederationConfiguration -SharedSipAddressSpace $true

                  From <>


                  To double check my configuration I will see if the SharedSipAddresSpace is enabled or not



                  To double check that the hybrid configuration is setup properly we can use the Skype for business on-premises Hybrid UI wizard from the Home Menu under “Connection to Skype for Business Online”


                  Using the Skype for Business 2015 User interface to setup Hybrid configuration:

                  After you sign in it does automatically logs you in and configure the three following options

                  1. Federation for the Edge server
                  2. Federation with Office 365.
                  3. Shared SIP address space.



                  Now I will configure my DNS Settings as recommended by Microsoft for the Hybrid Integration scenario

                  DNS Settings

                  When creating DNS SRV records for hybrid deployments, the records, _sipfederationtls._tcp.<domain> and _sip._tls.<domain>, should point to the on-premises Access Proxy.

                  From <>

                  1. Update some DNS records to direct all SIP traffic to Skype for Business on-premises:
                  • Update the A record to point to the FQDN of the on-premises reverse proxy server.
                  • Update the SRV record to resolve to the public IP or VIP address of the Access Edge service of Skype for Business on-premises.
                  • Update the SRV record to resolve to the public IP or VIP address of the Access Edge service of Skype for Business on-premises.
                  • If your organization uses split DNS (sometimes called “split-brain DNS”), make sure that users resolving names through the internal DNS zone are directed to the Front End Pool.

                  From <>

                  According to Microsoft’s configuration of the Public DNS, you will have to configure only the SRV records to point to your edge server however, running a simple wireshark on your Skype for business client machine you can notice the following:


                  Microsoft Lync / Skype client first requires the Lyncdiscover / Lyncdiscoverinternal record in order to see where the user is located… then gets redirected to which is the Cname value to the Lyncdiscover Cname in the public DNS and tries to login the user through then finds no user there and logs in using the SRV eventually in the end as in the below snapshot which I’ve used Wireshark for to monitor the DNS traffic that the Lync Client requests upon login request.



                  What have me confused here is that Microsoft says only SRV records must be pointing to your On-premises Lync/Skype for Business Edge server.. So you must enter something else other than (Which in normal cases might be the common name of your Edge certificate) for the value of the SRV Record since the and must be pointing to Office 365.

                  I tried using the Public IP address of my Edge server just to check if my on-premises user will connect without any issue however I did have an issue with the Certificate saying “There was a problem verifying the certificate from the server”.


                  Luckily the Public certificate that I had on my edge server had multiple SANs (Subject Alternative Names) and one of them was which I was intending to use for the WAC Server (Office Web Apps Server) and then I created an A record on my public DNS that points to my Edge server’s Public IP address…. although the is not a common name but it worked and I was able to federate with Office 365 users and was able to move users from on-premises to office 365 and back to on-premises as demonstrated later in the article.

                  “When creating DNS SRV records for hybrid deployments, the records, _sipfederationtls._tcp.<domain> and _sip._tls.<domain>, should point to the on-premises Access Proxy.”

                  From <>


                  Now I have changed all the SRV records to direct to the new A record


                  And finally deleted the A sip record and created a new CNAME record that points to



                  I have already a user synced from my local AD to the cloud (office 365) that’s not enabled for Skype for business on-premises .. Once this user is synced and have been assigned a license it should be directly enabled for Skype for Business Online and I should be able to sign in to it without any issue.


                  In order for both users (homed online and On-premises) to see eachother’s presence the synced user must be enabled on the On-premises Server before moved to the cloud or else the presence and M will fail.

                  Time to test, I was able to sign in to the Online homed user (admin) and now I’ll be adding the on-premises homed user to the list to check the presence, IM ..etc


                  Here I added the user admin to my other account Mohammed.hamada and vice versa.


                  The Presence appears to be working fine for user homed on-premises as it shows when I changed it to “busy, be right back..etc” on the cloud user’s Client however the Office 365 homed user’s presence takes time to change on the on-premises user’s list and the IM doesn’t seem to work properly as messages sometimes doesn’t go through and fail.

                  Sending a message from the on-premises User (Mohammed Hamada) to (ADMIN)


                  Now sending an IM from Admin to Mohammed Hamada


                  To make sure that the issue is not within my on-premises server, I will use a different Skype for Business online account and see if IM work both ways.

                  This is my other user.. The presence information seems to work properly and now I’ll test the IM


                  IM between my On-premises and another user on another Office 365 tenant seems to be working fine back and forth as in the below snapshots so the issue might be related to Office 365 tenant which I am using for this test (could be related to trial version)

                  I am going to open a case with MS and see why this issue happens since my on-premises work fine with other tenants.



                  Now It’s time to move users from and to cloud and on-premises to check how easy, flexible or hard this process is.

                  I currently have 2 users, one on cloud and one synced and homed online (Office365)


                  In order to move users, you can go to Users tab after the hybrid config is finished and find the user you want to move then click on Actions and chose to move the users to the Skype for Business Online as in the below snapshot


                  Before you move the user to Office 365, you must assign license to the user or else the move will fail.






                  You can move the user back from Office 365 to your on-premises Skype for Business server with the same process exactly except that you’ll have to choose which pool you need to move the user to.

                  Checking where the user is hosted from Skype for business Management shell

                  The Hosting Provider will show you where the user is working from now.




                  Hope this has been helpful








                Install Frontend Skype for Business 2015–Part 1

                Install prerequisites

                Frontend/Standard edition as well

                Add-WindowsFeature RSAT-ADDS, Web-Server, Web-Static-Content, Web-Default-Doc, Web-Http-Errors, Web-Asp-Net, Web-Net-Ext, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Http-Logging, Web-Log-Libraries, Web-Request-Monitor, Web-Http-Tracing, Web-Basic-Auth, Web-Windows-Auth, Web-Client-Auth, Web-Filtering, Web-Stat-Compression, Web-Dyn-Compression, NET-WCF-HTTP-Activation45, Web-Asp-Net45, Web-Mgmt-Tools, Web-Scripting-Tools, Web-Mgmt-Compat, Desktop-Experience, Telnet-Client, Windows-Identity-Foundation

                Add-WindowsFeature NET-Framework-Core, RSAT-ADDS, Windows-Identity-Foundation, Web-Server, Web-Static-Content, Web-Default-Doc, Web-Http-Errors, Web-Dir-Browsing, Web-Asp-Net, Web-Net-Ext, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Http-Logging, Web-Log-Libraries, Web-Request-Monitor, Web-Http-Tracing, Web-Basic-Auth, Web-Windows-Auth, Web-Client-Auth, Web-Filtering, Web-Stat-Compression, Web-Dyn-Compression, NET-WCF-HTTP-Activation45, Web-Asp-Net45, Web-Mgmt-Tools, Web-Scripting-Tools, Web-Mgmt-Compat, Server-Media-Foundation, BITS

                From <>

                Check prerequisites for hotfix

                NOTE: If KB2919355 is installed first then you need to Uninstall it and install Windows8.1-KB2982006-x64 first



                get-hotfix KB3173424,KB2919355,KB2919442


                From <>

                Download IIS hotfix


                From <>

                Installing Director Prerequesties

                Add-WindowsFeature RSAT-ADDS, Web-Server, Web-Static-Content, Web-Default-Doc, Web-Http-Errors, Web-Asp-Net, Web-Net-Ext, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Http-Logging, Web-Log-Libraries, Web-Request-Monitor, Web-Http-Tracing, Web-Basic-Auth, Web-Windows-Auth, Web-Client-Auth, Web-Filtering, Web-Stat-Compression, NET-WCF-HTTP-Activation45, Web-Asp-Net45, Web-Scripting-Tools, Web-Mgmt-Compat, Desktop-Experience, Telnet-Client

                From <>

                Easier solution:

                Prerequisite not satisfied: Before you install Skype for Business Server 2015, you must install an update for Windows Server 2012 R2. For details about the update, see Microsoft Knowledge Base article 2982006, “IIS crashes occasionally when a request is sent to a default document in Windows 8.1 or Windows Server 2012 R2” at


                Extract the .msu to cab

                Expand -F:* C:\Windows8.1-KB2982006-x64.msu c:\


                Install CAB

                dism /Online /Add-Package /PackagePath:C:\


                Check Powershell version = 3



                Install prerequisites



                Restart is required





                Prepare Active Directory








                Install Administrative tools





                Prepare First standard edition server














                I will create a shared folder








                It’s time to publish the topology



                Publishing failed with an error that states the following


                So I will double check that I am member of the required groups


                It seems not, I will add Csadministrator and RTCUniversalServerAdmins



                Still I get the same error every time I try to publish the topology. Apparently the way I solved this was by creating a new topology where the standard pool name must match the server’s hostname otherwise Topology won’t be able to access the SQL Express that’s installed by Lync setup.

                So in this case I am going to re-create my topology as following

       is my public domain which is going to be my sip domain in this case not my local one (






                Next I will put my server’s FQDN in the pool name, my FQDN Is













                Now it’s time to publish the topology once again




                Seems we have passed the permission issue as soon as the Standard edition FE server matches the FQDN of the server



                We’ll look up at the open to-do list now

                The to do list seems a bit different from Lync 2013 as it requires the part about the certificate


                I will run the Local setup for the server since I only have one server now.


                Before we run the local setup we need to make sure that our account has the required privileges which is shown under the Install local CS below. Since I already have configured the account’s privileges I will continue my setup.





                There’s nothing new about the local store installation on S4B except that it checks and downloads updates during this process as the report shows below.


                Detailed steps for the local store installation can be found in the sub page.


                Now it’s time to move to the next step and check for the prerequisites




                S4B says that a prerequisite is not meet, checking the link posted in the error information it seems that it needs a hotfix to be installed on the server



                I am attaching the hotfix after requesting and Installing as requested




                After finishing we’ll double check if the prerequisites are meet or not

                Running the setup again it seems that the prerequisite has been satisfied.


                The setup and in particular the next step could take approximately about 5-10 minutes depending on the resources you have assigned to the Skype for business server.



                I will navigate to the MSI file location and try to install it without using the wizard.


                The file path is as showed in the previous path:

                C:\Programdata\Microsoft\Skype for Business Server\Deployment\cache\6.0.9319.0\


                So the problem is that Windows Identity foundation is not installed. Although I have copied the prerequisite cmdlet from the official Microsoft Skype for business’s technet article but it seems they have missed out there so I will adjust the powershell cmdlet to include it which means you won’t face this issue.



                Now I’ll re-run the setup again


                We have passed the error already and now in the process of assigning accounts to SQL services.

                The setup might take approximately 30-60 minutes installing all the required components.



                In order to continue to the next step we must deploy CA (Certification Authority) to issue a certificate for Skype for Business Front end web services.

                I already have one CA deployed on my CA so I will just go ahead and click run on the step 3

                This process will be easy as it’s automated if you have configured your CA properly. First click on Request


                Now S4B certificate request wizard provides new user interface that’s easier and faster to fill, I will fill it and go ahead with issuing the certificate.








                And it’s done


                I will do the same steps for the OAuthTokenIssuer



                Now it’s time to start the Services and check eventviewer

                Trying to start the services from the wizard fails with event ID 20002 so instead I am going to try Lync Management shell instead


                Trying Management shell with the cmdlet start-cswindowsservices seems to work



                All the services are running now


                See you later at Part 2