Friday, June 9, 2017

Escalate CCE PSTN Call to Conference with Skype for Business Online

Working with PSTN Conferencing in your Office 365 Skype for Business Online Tenant.

ID PSTN -> SfBOnlUsr call

Start and instant (Impromptu) Meeting or schedule a Online Meeting as usual from Outlook or your Client App.  After the meeting is escalate into ConfCall, the MCU SfB OnLine Server will send reinvite to MediationServerHybrid.

This is illustrated in the drawings below.

First we have a look into the outbound call to a PSTN user:


Next, we have a look into the inbound call from a PSTN user:


Configure online hybrid Mediation Server Settings

The setup process is curial and needs to be follow as below:

When a P2P call is escalated to a PSTN conference, the Skype for Business Online conferencing server will send an invite to the Cloud Connector Mediation Server. To ensure that Office 365 can route this invite successfully, you need to configure a setting in your online tenant for each Cloud Connector Mediation Server as follows:
1. Create a user in the Office 365 admin portal. Use any user name you want, such as “MediationServer1.”
Use the default SIP domain of Cloud Connector (the first SIP domain in the .ini file) as the user domain.
Do not assign any Office 365 licenses (such as E5) to the account you create. Wait for Office 365 AD sync to complete.

2. Start a tenant remote PowerShell session using your tenant admin credentials, and then run the following cmdlet to set the Mediation Server and Edge Server FQDN to that user account, replacing <DisplayName> with the Display Name of the user for the account you created:

Copy Set-CsHybridMediationServer -Identity <DisplayName>
-Fqdn <MediationServerFQDN> -AccessProxyExternalFqdn <EdgeServerExternalFQDN>

3. For Identity, use the Display Name of the Office 365 user account you created for this Mediation Server.

MediationServerFQDN, use the internal FQDN defined for your Mediation Server.
EdgeServerExternalFQDN, use the external FQDN defined for Edge Server Access Proxy. If there are multiple Cloud Connector PSTN sites, choose the Edge Server Access Proxy FQDN assigned to the site where the Mediation Server is located.
4. If there are multiple Cloud Connector Mediation Servers (multiple-site, HA), please repeat the previous steps for each of them.

Further conference expansion with Dial-In and Dial-Out from/to PSTN:

If another User should be called into the conference the Microsoft Office 365 PSTN Conferencing Bridge breakout is used.

Dial-Out will be charged within your Office 365 Subscription.
If you have PSTN Calling activated, the outbound call with be deducted from your PSTN Calling minutes, or individually charged based on the Microsoft Destination minute pricings.

Other Users calling into the conference with PSTN, use the Dial-In Bridge in Office 365 Skype for Business.



Tuesday, June 6, 2017

Forcing Skype for Business Web App Meeting Join

You can force joining a Skype for Business Conference in browser:


To force connecting to a Skype for business meeting (conference) using the Skype for Business Web App instead of the Skype for Business Desktop Client, do the following:
  1. Open a web browser window
  2. Copy & paste the URL for joining the meeting that you received.  But do NOT press ENTER yet!
  3. Append the following string to the URL: “?SL=1” (without the double quotes)
For example, if the URL to join the Skype for Business meeting given is:
Change it to:


Saturday, May 20, 2017

Remote PowerShell login Office 365 all modules

Remote PowerShell login

Requisites login into Office 365 Skype for Business Online are:

·         Running OS must be 64bit

·         Microsoft .NET Framework 4.5.x

·         PowerShell Version 3.0 or higher
(if you need to install Version 3.0+, download and install Windows Management Framework 4.0:


Set-ExecutionPolicy RemoteSigned

$credential = Get-Credential
Connect-MsolService -Credential $credential


Import-Module SkypeOnlineConnector
$SfBoSession = New-CsOnlineSession -Credential $credential
Import-PSSession $SfBoSession


Import-Module Microsoft.Online.SharePoint.PowerShell -DisableNameChecking
Connect-SPOService -Url -credential $credential


$exchangeSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri "" -Credential $credential -Authentication "Basic" -AllowRedirection
Import-PSSession $exchangeSession -DisableNameChecking


$ccSession = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $credential -Authentication Basic -AllowRedirection
Import-PSSession $ccSession -Prefix cc


Remove-PSSession $sfboSession
Remove-PSSession $exchangeSession
Remove-PSSession $ccSession

Set a user's password to never expire

I strongly urge you, that your admin user have the password set to never expire!

Run the following cmdlet to set the user password to never expire

1.  Connect to Windows PowerShell by using your company admin credentials. Run the following cmdlet:

2.       In the Enter Credentials page, enter your Office 365 global admin credentials.

3.       After you enter your Office 365 credentials, do the following:

o    To set the password of one user to never expire, run the following cmdlet:
Set-MsolUser -UserPrincipalName <> -PasswordNeverExpires $true

Find out whether a user's password is set to never expire

1.       Connect to Windows PowerShell by using your company admin credentials. Run the following cmdlet:

2.       Do the following:

o    To see whether a single user’s password is set to never expire, run the following cmdlet by using the user principal name (UPN) (for example, or the user ID of the user you want to check:
Get-MSOLUser -UserPrincipalName <user ID> | Select PasswordNeverExpires


Monday, May 15, 2017

Skype for Business User Group Germany

Hi all,

we have established our Mailing Lists and they are open for subscription.
Never miss any of our User Group Events.

Hallo zusammen,
wir haben unsere Mailing Liste eingerichtet und sie aktiv zu Anmelden.
Verpasst nie mehr eine unserer User Group Events.

Cheers und Servus

Sunday, May 7, 2017

Office 365 Groups and Teams

I worte a new free E-Book about Office 365 Groups and Teams.
You will learn how to calculate the Business Impact/ ROI, as well how to consult, configure and use those productivity features.

Office 365 Groups:

The Groups enable us to extend our Outlook collaboration to the next level and join in with our team members

Microsoft Teams require Office 365 Groups, this will bring the next level to our team communication, where we are even further able integrating our Office 365 Groups Tools

Happy reading!


Sunday, April 23, 2017

DNS Records for Skype for Business Hybrid Installation

DNS Configuration for Skype for Business Hybrid Deployments

DNS settings are important and you need to understand how your organizations Skype for Business communication flow works.

First important understanding:
If you run a hybrid installation, your Office 365 Tenant with Skype for Business Online is seen from your On-Premise installation as a federated organization.

Therefore the following DNS records must also be resolvable from your internal DNS infrastructure (Edge Server).
Depending on how DNS is configured in your organization, you may need to add these records to the internal hosted DNS zone for the corresponding SIP domain(s) to provide internal DNS resolution to these records. (see illustration below table)

Public IP of Access Edge
External on-premises Access Edge Interface (sip.
External on-premises Access Edge Interface (sip.
Public IP of Access Edge
Public IP of Access Edge

Illustration for DNS Best Practice:

(Click the illustration to enlarged)

The internal Clients, will not query the _sip._tls or _sipfederationtls._tcp records, but your Edge will do. Therefore the illustration above should provide you with an idea on how setting up DNS.

Remember, only the Edge is requiring the both DNS SRV record, not any internal system.
In case you decide not having a HOSTS file, this both drawing will also work, since this with or without SPLIT DNS, the internal DNS servers will provide the correct DNS records to the Edge Server.

Errors in SNOOPER:

An indication for DNS misconfiguration is for example a one-way Presence, where the external partner can see your presence, even is able calling your. But from your side no outbound presence or call are possible.

Possible seen error with a wrong setup:
SIP communication:
ms-diagnostics: 1008;reason="Unable to resolve DNS SRV record";";dns-srv-result="NegativeResult";dns-source="InternalCache";source=""

Conferencing Setup:
<diagHeader>1008;reason="Unable to resolve DNS SRV record";domain="";dns-srv-result="NegativeResult";dns-source="InternalCache";source=""</diagHeader>

Important Best Practice:
Your Edge Servers should be configured with HOSTS file and external DNS resolution. If you fail doing so, you might consider configuring Split DNS with the external DNS Records (see table) on your internal DNS SIP Domain.

Understanding Hybrid Deployments on Technet:

Troubleshooting Hybrid Deployment on Technet:


Friday, April 21, 2017

Query Office 365 Tenant ID

The Office 365 Tenant ID is pretty good hidden. Therefore here are two was finding out what's your Tenant ID ist.

Open PowerShell and login into Office 365

Set-ExecutionPolicy RemoteSigned

$credential = Get-Credential
Connect-MsolService -Credential $credential


Finding the Tenant ID in SharePoint


Tuesday, March 21, 2017

Skype for Business Cloud Connector Version 1.4.2 Release

Very important information's about the actual release of CCE Version 1.4.2

Important Support Changes:
Starting with CCE 1.4.2 we will be a little more prescriptive on updates and SLAs:
When we release version N (1.4.2 in this case) there is a 60 day window within which version N-1 (the prior released version, 1.4.1) will also be supported against the SLA commitment. After 60 days only version N is supported against the SLA commitment.


a lot of new certificate based commands are included and all issues are now fixed!

Target: Define the certificate target, either EdgeServer or MediationServer.
  • Set-CcExternalCertificateFilePath -Path <Path to Edge PFX Cerfiticate> -Target EdgeServer
    Set the path to the certificate that has private key which the script will import and assign to the external interface of the Edge server during deployment.
  • Set-CcExternalCertificateFilePath -Path <Path to PSTN Gateway Certificate> -Target MediationServer.
    Set the path to the certificate that has the certificate chain of the issuing CA for the PSTN Gateway which the script will import to the Mediation server certificate store during deployment.
Import: Import the certificate for the Edge server or Mediation server.
  • Set-CcExternalCertificateFilePath -Path <Path to Edge PFX Cerfiticate> -Target EdgeServer -Import.
    Used to both import new certificate to the Edge server and assign it to the external interface. This action will put appliance in maintenance mode.
  • Set-CcExternalCertificateFilePath -Path < Path to PSTN Gateway Certificate > -Target MediationServer -Import.
    Used to import new certificate chain of the issuing CA for PSTN Gateway certificate to the Mediatioin Server.
Defined certificate paths saved in “C:\ProgramData\CloudConnector\module.ini”:
  • ExternalCertificateFilePath.
  • GatewayCertificateFilePath.

New certificate management cmdlets

  • Backup-CcCertificationAuthorityBacks up the certification authority service to a file and saves it to the CA folder under the site share directory.
  • Export-CcRootCertificateExports the root CA certificate to a local file on the Cloud Connector host server.
  • Renew-CcCACertificateReinstalls the Certification Authority Service AD Server to create a new root CA certificate..
  • Renew-CcServerCertificateRenews the certificates for Cloud Connector when they are near expiration or already expired.
  • Remove-CsCertificationAuthorityFileRemoves the certification authority service backup file “<SiteRootDirectory>\CA\SfB CCE Root.p12” in the CA folder under the site share directory for Cloud Connector.
  • Remove-CcLegacyServerCertificate:Removes legacy server certificates on the Central Management Store, Mediation Server, and Edge Server after you execute the Renew-CcCACertificate or Renew CcServerCertificate cmdlets.
  • Reset-CcCACertificate: Resets the certificate authority servers to install a new certificate authority certificate.
Cloud Connector cmdlet reference:

Saturday, March 11, 2017

Rename a Skype for Business Server (Front end or others)

Rename a Skype for Business Server (Front end or others)

The procedure is explained in simple step's. I had this a couple of times, not only why a customer wanted to change the name. Its the same if you made a typo ;)

Today a came across with an double task to do. Upgrading a SBS from Lync 2013 to Skype for Business. This ahs put me into a dilemma of the chicken egg problem.
Should I do an in-place upgrade first or a rename or or or?

The answer to me was straight forward. Since the servers to be reinstalled, I decided removing the SBA entirely and do a re-deployment with SfB. Since it was an SBS, equal with an Front End server, please make sure there are no user hosted or anything else.

Renaming Process:

  1. Remove Skype for Business server from topology
  2. Publish topology.
  3. Run Skype for Business Server Deployment Wizard local setup on server to remove Lync components (or run the bootstrapper)
  4. Uninstall SQL Server. Front-ends have LyncLocal and RTCLocal instances. Remove both, rebooting between instance removal.  Edge only has RTCLocal instance. 
  5. Remove SQL Server 2012 Management Objects (x64)
  6. Remove SQL Server 2012 Native Client (x64)
  7. Remove Microsoft System CLR Types for SQL Server 2012 (x64)
  8. Remove Microsoft Skype for Business Server 2015, Front End Server
  9. Remove Microsoft Skype for Business Server 2015, Core Components
  10. Delete leftover data:
    Delete C:\Program Files\Microsoft SQL Server
    Delete C:\Program Files\Microsoft Skype for Business Server 2015
    Delete C:\CSData
  11. Rename server and restart
  12. Wait until AD replication completes with new server name.
  13. Open Topology Builder, add a new server to existing pool and publish. (If this is a SBA or Standard Edition Server, the pool and the server FQDN is identical.)
  14. Reinstall Skype for Business Server 2015components and all cumulative updates
  15. Generate new certificate with updated server name and assign to appropriate services using Skype for Business Server 2015 Deployment Wizard.
  16. Restart all servers in pool at same time (only relevant for front-end servers in an Enterprise pool).

Note and Warnings:
Careful if this is the Pool where CMS is located. There you need to migrate the CMS to another pool first and starte the rename procedure. than you can move back the CMS.
Same to users or other applications. simply move them to a different server and move back after the rename procedure has finished.

This procedure applies to Lync server too.

Tuesday, March 7, 2017

Polycom Group 30x, 500 and 700 support Office 365 Skype for Business Online

Polycom Group 30x, 500 and 700 support Office 365 Skype for Business Online.
You need to upgrade the Software Version to V.6.0.1 and you are good to go.

Skype for Business Cumulative Update List (10.03.2017)

It is now the 7th Update
(some may say it's CU 7, but it is only called the 7th update, the correct name is: CU4HF1

Windows 2016 Server is not supported for Skype for Business Server 2015 yet.

Cumulative Update
KB Article
February 2017: CU4 HF1
November 2016: CU4
June 2016: CU3
March 2016: CU2
November 2015: CU1
September 2015: RTM HF2
June 2015: RTM HF1


Saturday, February 11, 2017

Tenant Update Time Window for Cloud Connector (Location based)

As you can define several identities for the Tenant Update Time Window.
Nevertheless you will not find a dedicated Time Zone switch.

New-CsTenantUpdateTimeWindow -Identity AlwaysOn -Daily -StartTime 0:00 -Duration 24:00

The TIME ZONE (e.g. GMT, UTC, ..) applies on CsPSTNHybridSite physical location, where the CCE is located and the Time Zone is tight on the local Hyper-V (CCE Appliance).

The process for planning the time window across multiple location is simple:

  • define all necessary TenantUpdateTimeWindows, including StartTime and max. Duration
  • define all physical location
  • set the CCE Hyper-V Host to the physical location time zone and with the correct time
  • make sure the VM's will get there time fro the physical host (CCE)

If you disabled OS auto update or Bits auto update, your host and virtual machine may miss important windows updates; your Skype for Business Cloud Connector Edition will not upgrade to new version automatically. That means you may need spend time to modify your configuration and apply updates manually during business hours, which may affect the SLA of Skype for Business Cloud Connector Edition. It is highly recommended that you keep auto update enabled.

Monday, January 23, 2017

Cloud Connector Edition set automatic tenant update time windows

A very important task after installing a CCE (Cloud Connector Edition)

You must set a proper Update Time for your CCE Windows Updates und CCE Patching.

If you don't do this, at any point of time the CCE might start installation updates and will set you offline for the installation for up to 3hrs+.

You have to configure the UPDATE Window before you deploy the CCE!

The time zone is not configurable, but is tight to the Hyper-V host (the CCE location) defined in the windows host. Make sure the time zone setting are correct on the CCE!

First login in to your Office 365 Tenant

Import-Module skypeonlineconnector
$cred = Get-Credential
$Session = New-CsOnlineSession -Credential $cred -Verbose
Import-PSSession $session

Enable (Updates Windows)

You have to identify (name) and define a update windows

New-CsTenantUpdateTimeWindow -Identity AlwaysOn -Daily -StartTime 0:00 -Duration 24:00

You have to identify your CCE site and assign the update windows
The Update windows should be setup for both WindowsUpdates and CCE BitsUpdate

Set-CsHybridPSTNSite -Identity <SiteName> -OsUpdateTimeWindow @{add="AlwaysOn"} -BitsUpdateTimeWindow @{add="AlwaysOn"}

Disable (Update Windows)

Create a time window in which the update will not be applied:

New-CsTenantUpdateTimeWindow -Identity NeverOn -Monthly -WeeksOfMonth First -DaysOfWeek Sunday -StartTime 3:00 -Duration 0:0

Apply the new time window to your site:

Set-CsHybridPSTNSite -Identity <SiteName> -OsUpdateTimeWindow @{add="NeverOn"} -BitsUpdateTimeWindow @{add="NeverOn"}

Further information's:

The switch in the cmdlet -BitsUpdateTimeWindow can be modified with add, remove and replace

Other example:

  • New-CsTenantUpdateTimeWindow -Identity Night -Daily -StartTime 22:00 -Duration 6:00

  • New-CsTenantUpdateTimeWindow -Identity WeekdayNight -Weekly -DaysOfWeek Monday,Tuesday,Wednesday,Thursday,Friday -StartTime 22:00 -Duration 4:00

  • New-CsTenantUpdateTimeWindow -Identity FirstAndLastWeekend -Monthly -WeeksOfMonth First,Last -DaysOfWeek Sunday,Saturday -StartTime 0:00 -Duration 10:00

  • New-CsTenantUpdateTimeWindow -Identity MidDayOfMonth -Monthly -DayOfMonth 15 -StartTime 0:00 -Duration

Sunday, January 15, 2017

Installing Cloud Connector Edition in Office 365

Based on the following PDF, I have published on Technet Gallery, I explain how to setup a CCE Appliance from Sonus, the SBC 1000 Cloud Link.

Generally, if you use the same CloudConnector.ini, as provided in the How-To Guide, you will also be able installing the CCE on a dedicated physical Hyper-V Host.

The full 96 pages you can download here:

Happy reading ;)

Logical Infrastructure


DNS access is required externally for the Access Edge Server and the Media Relay (Audio); video is not implemented for local breakouts. The internal CCE servers must resolve internal DNS names and the Access Edge component via external DNS. Therefore, the Access Edge should resolve DNS externally and have a host file (C:\Windows\System32\drivers\hosts) for internal DNS resolution.

The DNS suffix external tenant is not supported.

SIP.<sipdomain> for any CCE is not supported,  it is reserved for the Office 365 Access Edge.

External DNS entries for CCE (also used for certificates):

Access Edge:     e.g.,         CCE Site (x) Access Edge

SIP domain:       e.g.,                Office 365 Access Edge

DNS Record for
Record Type
CCE Site A

IP of Access Edge, Single CCE SITE or Site A
Not required to be set (mr can be the same IP as Access Edge
CCE Site B

IP of Access Edge, Multi CCE SITES, e.g. Site B
Not required to be set
Office 365



100 1 443



Media Relay is not required in the certificate. The MRAS service will issue its own certificate for media encryption. Therefore, a DNS Record is not required too and optional.
The MR can have its own IP Address, but is neither required nor a good advice.

DNS Access queries in CCE

All internal VMs will query the CCE AD DNS installed automatically on the DC VM.
The Edge Server VM,  has a an host file install for internal DNS and uses any external “public” DNS Server for Internet related queries, as for the Office 365 tenant.

All other DNS records necessary for the internal and external (Internet) networks remain unchanged for Office 365 deployments.

During CCE installation is might be required setting the internal DNS (AD) pointing to an external system.

External Certificates

Notes: A CN starting with SIP.<domain> is not supported with others than wildcard certificate. SIP is a placeholder for access edge client logins.

It is possible to use a single certificate for all CCE sites, as long the other sites are listed with their fully qualified domain name (FQDN) in the SAN entries.

Single CCE Site

In addition to the DNS entries, publicly-signed SAN certificates are also required:



Single CCE site deployment is similar to the well-known on-premises deployments for Edge Servers; the principals are identical. That is, if an Edge Pool is used, the external Pool Name must be addressed with HLB or DNS LB, but if it is a single server, only the server name is needed.

Multi-Site CCE Site with Shared Certificates

Multiple CCE Sites can be registered with Office 365:


CCE Site 1
CCE Site 2

Wildcard Certificates

Wildcard certificate are support.  

It can be sip.* too in this case
Any other SAN

Notes: Wildcards are supported as, + san=*
Microsoft also supports sn=*, + san=*

Internal Certificates

All internal servers–including the Domain Controller–require certificates, which can be either private certificates or externally signed.

·        Typically, a CA is installed using the CCE automated setup, and the certificate can be generated automatically based on the CA

·        The “Member Servers” are in a joint domain joint with the CCE Active Directory Forest

·        Root Certificates are propagated automatically, but with the Edge component, you have to import the Root Certificate for the internal site of the Edge

CMS VMs (primary or backup) require a default certificate with server FQDN as the subject name.

Mediation Server VMs require a default certificate with the Mediation Server Pool FQDN as the subject name. A single certificate can be used across all mediation server VMs, or each VM can use its own certificate, as long as they all have the pool FQDN in the subject name.

Edge VMs requires an internal certificate with the Edge Server internal pool FQDN as the subject name. A single certificate can be used across all Edge Server VMs, or each VM can use its own certificate, as long as they all have the internal pool FQDN in the subject name.

Remember to import the Root CA certificates if internal or private certificates are going to be used. With the Sonus CCE Appliance, this step is handled by the CCE Installation Wizard.

Firewall Port Configuration[1]

Internal Firewall

Source IP
Destination IP
Source Port
Destination Port
Cloud Connector Mediation component
SBC/PSTN Gateway
TCP 5060**
SBC/PSTN Gateway
Cloud Connector Mediation component
TCP 5068/TLS 5067
Cloud Connector Mediation component
Internal clients
49 152–57 500*
TCP 50,000–50,019
Cloud Connector Mediation component
Internal clients
49 152–57 500*
UDP 50,000–50,019
Internal clients
Cloud Connector Mediation component
TCP 50,000–50,019
49 152–57 500*
Internal clients
Cloud Connector Mediation component
UDP 50,000–50,019
49 152–57 500*

* This is the default port range on the Mediation component. For optimal call flow, four ports per call are required.

** This port should be configured on the SBC/PSTN gateway; 5060 is an example. Other ports on the SBC/PSTN gateway can be configured as required.

External Firewall - Minimum Configuration

Source IP
Destination IP
Source Port
Destination Port
Cloud Connector Edge External Interface
TCP 5061
Cloud Connector Edge External Interface
Any UDP 3478 UDP 3478
Cloud Connector Edge External Interface
TCP 50,000–59,999
TCP 443
Cloud Connector Edge External Interface UDP 3478 UDP 3478
Cloud Connector Edge External Interface
TCP 50,000–59,999
TCP 443

External Firewall - Recommended Configuration

Source IP
Destination IP
Source Port
Destination Port
Cloud Connector Edge External Interface
TCP 5061
Cloud Connector Edge External Interface
Any TCP 50,000–59,999 Any
Cloud Connector Edge External Interface
UDP 3478; UDP 50,000–59,999
Cloud Connector Edge External Interface Any TCP 443; TCP 50,000–59,999
Cloud Connector Edge External Interface
UDP 3478; UDP 50,000–59,999

Configuration Guide for Users, Dial-Plans, Voice Routes and PSTN Usage

This section covers the view for Cloud Connector Edition Setup only. Remember to assign an Office 365 license before users are enabled for a Skype for Business online account.

Connect to MSOnline

Best is connecting to MSOnline too

Import-Module MSOnline
$credential = get-credential
Connect-MsolService -Credential $credential

Connect to Skype for Business Online

The Business Online Connector (Windows PowerShell module) can be download from the Microsoft download center.

For more information go to Configuring your computer for Skype for Business Online management.

Import-Module skypeonlineconnector
$cred = Get-Credential
$Session = New-CsOnlineSession -Credential $cred -Verbose
Import-PSSession $session

Configuration Data Definition CloudConnector.ini

The LAN site is network address

SIP Domain
Virtual Machine Domain
Server Name
Online SIP Federation FQDN
Site Name
Management Switch Name
SfB CCE Management Switch
Internet Switch Name
SfB CCE Internet Switch
Corpnet Switch Name
SfB CCE Corpnet Switch
Management IP Address Prefix
Internet Default Gateway
Corpnet Default Gateway
Internet DNS IP Address
Corpnet DNS IP Address

Primary CMS

Server Name
IP Address
Share Name

Mediation Server

Server Name
Pool Name
IP Address

Edge Server

Internal Server Name
External MR Public IPs
External SIP IPs
Internal Pool Name
Internal Server IPs
External MR IPs
External SIP Pool Name


IP Address
Enable Refer Support

Sonus Network (specific too)

Network Type
Deployment Type

Set the Network Interfaces on CCE
The first step is navigating to the Settings tab –> ASM Configuration in the Node Interfaces section. Here a real IP address is assigned to the physical SBC network interface.
Two Class C networks are defined:
NIC 1 LAN (and CCE VMs):                                         IP:, IP:
NIC 2 Internet (and CCE Edge VMs):                       IP:, IP:

Set VM and Hyper-V Networks on CCE
Next click the Tasks tab –> Configure CCE, where the CCE deployment information is provided, such as CCE VM IP addresses, internal/external DNS server, and so on. The Deployment Type also needs to be chosen, either Standalone or Corporate Intranet. This defines a single CCE (non-HA) and LAN deployment.
The internal DNS will be set in the next section.

Adjust or Administer the DNS Server Setting
Under System –> Node-Level Settings, change the Primary Server IP/DNS within Domain Name Service window to the Controller IP address,

Start CCE Deployment on Appliance Configuration (Wizard)

After verifying the settings and parameters, CCE deployment is ready. This can take one to two hours.

Navigate to System and click “Deploy CCE VM” where there is a summary of all the important parameters from the CloudConnector.ini file.

Deploy the CCE Appliance by clicking “Prepare CCE” at the bottom of the page.

You will be asked providing the certificate password, either your password for the imported certificate file or the certificate requires answer file writing the certificate into the CCE appliance, storing the file locally.

Next step will be a reminder proceeding with the CCE installation process.

Finalizing CCE Deployment on Appliance using the Hyper-V host powershell

The process for installing the CCE VMs and automatically letting them be configured is identically with the process described in the Technet.


Next you need to provide the required user accounts and password:
Local VmAdmin, DomainAdmin, SafeModeAdmin, ExternalCert’s and
user name and password of your Office 365 admin account
Next start the deployment for Cloud Connector Appliance with the cmdlet Install-CcAppliance

The VM deployment will start immediately. Connect to the HOST with the defined IP address and open the Virtual Machine Manager to find:
·        The VM being cloned
·        SysPrep
·        VM started
·        Updated (Windows Update)
·        Finalized

If you started a redeployment, you must unregister the existing CCE Appliance configuration with your Office 365 tenant, by using:
(NOTE: mark the IDENTITY)

Unregister-CsHybridPSTNAppliance -identity <MarkedName> -Force

[1] Taken from TechNet