Deploying Skype for Business Server (Part 2) - Preparing the environment

by [Published on 19 Jan. 2017 / Last Updated on 19 Jan. 2017]

Preparing the environment to support the first Skype for Business Server deployment which includes DNS, Shared Folder and Central Management Store installation.

If you would like to read the first part in this article series please go to Deploying Skype for Business Server (Part 1) - Preparing Active Directory.

In the previous article, we covered all steps required to prepare the Active Directory to support the Skype for Business Server 2015. Today we are going back to the Deployment Wizard and we will perform two tasks: Install Administrative Tools and Prepare first Standard Edition Server, and after that we will prepare the DNS to support Skype for Business and create a shared folder for the new deployment.

 Image


The first tasks (Install Administrative Tools) is a straight forward process, just leave default values and the installation process will add the basic tools to manage a Skype for Business Server environment, which are:

• Skype for Business Server Control Panel
• Skype for Business Deployment Wizard
• Skype for Business Server Management Shell
• Skype for Business Server Topology Builder

The second step is key to build the foundation for Skype for Business Server in your environment. The Prepare First Standard Edition server prepares the Standard Edition Server that we are going to use to host the CMS (Central Management Store).

The CMS is the central repository in Skype for Business Server solution, and it is around since Lync Server 2010. In that repository we will find the topology, configuration and policies in place on the environment. The CMS is protected and the only way to interact with it is through Topology Builder, Skype for Business Server Management Shell and Skype for Business Control Panel.

The process to prepare the CMS may take a little bit of time because involves SQL Server 2014 Express Edition installation and configuration, the preparation process will also create the Firewall exceptions to support SQL Server 2014.

Image


Creating the Skype for Business Server share…

During the initial topology creation, a shared folder will be required. We will use the same Skype for Business Server to host the shared folder. The Shared Folder requires only the local administrator group with Full Access permissions. In this article, we are using S4BShare as the name of the folder and share.

Image

 

Configuring DNS Server to support Skype for Business Server…

The DNS plays a key role when implementing Skype for Business Server, if the SIP domain that will be assigned to the future Skype for Business clients (usually the same as the SMTP address) is the same FQDN (Full Qualified Domain Name) of your Active Directory, then it is a piece of cake, your work will be just adding entries in the existent zone and we are good to go to the next phase. An example, my Active Directory FQDN is msexchange.org and my SMTP/SIP will be anderson@msexchange.org, that means that when I look at the DNS console I will have a zone called msexchange.org.

However, if the domain used by the SMTP/SIP is different from the Active Directory FQDN, then we need to decide how to configure the DNS, then we have a couple of options:

Split-brain in this scenario, we create the zone internally and assign internal names for the Skype for Business services. For example: if the AD zone is msexchange.local and the SMTP/SIP is msexchange.org, we will create the msexchange.org internally and all entries that are being used for the internal clients on the msexchange.org must be recreated internally.

Automatic Configuration using Group Policies (GPOs) This method does not require DNS modifications, however, works only for domain joined machines.

Pin-Point Internal Zones, using this method we create a dedicated zone for each record required in the DNS without creating a complete zone. Basically, the client would be able to resolve only the entries that we added, anything other than those zones will not be resolved by the DNS server.

The most elegant solution, in my humble opinion, is using the split-brain because it is easy to troubleshoot, you can use for different applications, such as Microsoft Exchange using Public Certificates, Office Online Server and etc.

The manual configuration consists of creating a zone for your SIP/SMTP domain in your internal DNS and add these following A records pointing out to the IP of the Skype for Business Server (our domain in this article will be infralab.org):

• Admin.infralab.org

• Dialin.infralab.org

• Meet.infralab.org

• Lyncdiscoverinternal.infralab.org

• Scheduler.infralab.org

The creation of the A records is straight forward, the tricky one is the SRV record, and in the picture below we can see the details required to be configured.

Image

The Skype for Business Client will search these following entries when locating the service based on the SIP domain of the user entered:

1. Lyndiscoverinternal.infralab.org (A Host), used by internal clients

2. Lyncdiscover.infralab.org (A Host), used by external clients

3. _sipinternaltls._tcp.infralab.org (SRV Record), used by internal clients

4. _sip._tls.infralab.org (SRV record), used by external clients

5. Sipinternal.infralab.org (A Host), used by internal clients

6. Sip.infralab.org (A Host), used by internal clients

7. Sipexternal.infralab.org (A Host), used by external clients

If you want to save time in this process, you can use the S4B-EasyDNS.ps1 script that was created to automate this process, basically you just need to run the script and pass the domain and the IP of the Skype for Business Server, and the DNS zone (if it does not exist) and all A and SRV records will be created automatically. The script can be found here.

Note: This script must be executed on the DNS server.

Image


If you want to check the source of the script, here is the code that was used to validate the current domain and create the DNS entries.

$tmpDomain = $args[0]$tmpIP = $args[1]$tmpZone = get-dnsserverzone $tmpDomain -ErrorAction:SilentIf (($tmpzone).ZoneName -eq $null) { write-host 'Creating the Forward Zone' $tmpDomainAdd-DnsServerPrimaryZone $tmpDomain -ReplicationScope Forest -DynamicUpdate None} #Adding the DNS entries..Add-DnsServerResourceRecord -ZoneName $tmpDomain -IPv4Address $tmpIP -A adminAdd-DnsServerResourceRecord -ZoneName $tmpDomain -IPv4Address $tmpIP -A dialinAdd-DnsServerResourceRecord -ZoneName $tmpDomain -IPv4Address $tmpIP -A meetAdd-DnsServerResourceRecord -ZoneName $tmpDomain -IPv4Address $tmpIP -A schedulerAdd-DnsServerResourceRecord -ZoneName $tmpDomain -IPv4Address $tmpIP -A lyncdiscoverinternalAdd-DnsServerResourceRecord -ZoneName $tmpDomain -IPv4Address $tmpIP -A sipAdd-DnsServerResourceRecord -ZoneName $tmpDomain -Srv -Name _sipinternaltls._tcp -DomainName ("sip." + $tmpDomain) -Port 5061 -Priority 0 -Weight 0

See Also


The Author — Anderson Patricio

Anderson Patricio avatar

Anderson Patricio is a Canadian MVP in Cloud and Datacenter Management, and Office Server and Services, besides of the Microsoft Award he also holds a Solutions Master (MCSM) in Exchange and several other certifications. Anderson contributes to the Microsoft Community with articles, tutorials, blog posts, twitter, forums and book reviews. He is a regular contributor here at ITPROCentral.com, MSExchange.org, Techgenix.com and Anderson Patricio.org (Portuguese).