Tuesday, August 9, 2016

Multiple Phone Numbers for Skype for Business Users

As we know, Skype for Business only supports a maximum 2 phone numbers per user.
The LineURI and the PrivateLineURI.

At point of writing this article, this option is on available for On-Premise users

(09. Aug. 2016)

While the PrivateLineURI is not aware of the current user status.
If you are calling the Private Number while you are "do not disturb" the phone call will ring at your endpoint.

How do we work around this typical PBX feature with Skype for Business?

This is proposed solution is a little bit a hassle to configure, but works perfectly.

Skype for Business has two services/ features:

Unassigned Number

if we combine those services in a manner supporting a multi number concept for users, we have the same feature available like every traditional PBX.

The process workflow explains what we need to configure.
You can create multiple Unassigned Number with the same Announcement. This will give you the option have beside the LineURI multiple other number assigned to this user.

Create the announcement:

New-CsAnnouncement -Parent service:ApplicationServer:SfBFrontEnd.domain.local -Name "Forwarding to USER" -TargetURI "sip:user@domain.com"


Create the Unassigned Number:

We can create unassigned numbers via the CSCP or via PowerShell. I have provided both methods.

The second option via PowerShell:

New-CsUnassignedNumber -Identity "Second Number for USER" -AnnouncementService "ApplicationServer:FEPOOL.domain.local" -NumberRangeStart "tel:+498912345678" -NumberRangeEnd "tel:+498912345678" -AnnouncementName "Forward to USER"


Remove Server from Topology Error EventID 1034

Once more I ran into the issue with the say EventID 1034.

LS File Transfer Agent Service


Skype for Business Server 2015, File Transfer Agent service encountered an error while accessing a file share and will continuously attempt to access this file share until this issue is resolved. While this condition persists, replication to replica machines might not occur.
Can't watch SfBFrontEnd.domain.local
Cause: Possible issues with file share permission.


This issue while removing a Server from the Topology is not related to any permission issues, rather it is related to DeleteReplicas.
This occurs, if anything with the server removal was not working as expected, even if the removal and the bootstrapper process ran well.

You should verify first the:

As you see the replication is working fine and we only have a Polycom RMX which did have the do not replication option set in the topology.

Next step is the verification of the
Get-CsManagementStoreReplicationStatus -CentralManagementStoreStatus

Here we can see the DeletedReplicas and the "old" Lync Server" lingers around in the XDS Database.


If do didn't delete the removed server, go and manually uninstall all Lync or Skype for Business Server components.
It might be the Core Component helping solving this issue.




This is the "hardcore" removal within the XDS Topology Database.

Best you do a database backup before you touch and modify the SQL database.

Prepare the following script in SQL:

USE [xds]


SELECT TOP 1000 [ReplicaId]


  FROM [xds].[dbo].[Replica]


Sorry for having this screen shot in german:

As you can see, the old Lync Server is allocated in row 2.
This is causing the issue.

We need to delete this row with another script:

USE [xds]


DELETE FROM [dbo].[Replica]

      WHERE ReplicaId IN (2)


Now the problem is solved after your run the command:


Monday, August 8, 2016

Skype for Business Cloud Connector with Sonus @MicrosoftDE und @Westcon

Hallo zusammen,

mit Microsoft, Westcon und Sonus veranstalten wir eine super Event zu Office 365 E5 Skype for Business Online und Cloud Connector.

Bitte fleißig anmelden.


Wann? Wo ?
13.09.2016 Microsoft Hamburg, Gassstraße 6a, Gebäude M, 22761 Hamburg
14.09.2016 Microsoft Berlin, Unter den Linden 17, 10117 Berlin
20.09.2016 Microsoft Köln, Holzmarkt 2a, 50676 Köln
21.09.2016 Microsoft München, Walter-Gropius-Straße 1-3:, 80807 München


11:30 – 12:15Registrierung und Lunch
12:15 – 12:25Begrüßung durch Sonus
12:25 – 12:55Microsoft: Office 365 E5, CloudPBX
12:55 – 13:10Sonus: SBC und Cloud Link Lösungen 
13:10 – 13:30Westcon: MVP über Cloud Connector Edition mit Sonus Appliance
13:30 – 13:45Pause
13:45 – 14:15Sonus: Migration PBX nach CloudPBX
14:15 – 14:45Westcon: End-2-End Sales Motion (mit Skype for Business ECO System) und Sonus Partner Programm
14:45 – 15:30Fragen & Antworten, Networking

Bitte beachten, die Teilnahmeplätze sind limitiert!

Saturday, August 6, 2016

500 - Internal Server Error - Skype for Business Mobility

500 - Internal Server Error - Skype for Business Mobility

this is very common error, which can be related to some of the following issue:
  • wrong internal/ external certificate
  • firewall ports 4443-443 not assigned correctly
  • firewall does a packet inspection and change (reverse proxy)
  • load balancer issue, wrong persistence, wrong ticket validity period,...
  • Direct Server Return (DRS) issue on load balancer

I could continue with this list.

But there is one issue not discussed on the blog side yet.
if you see a Error 500 in the IIS LogFile, showing the /AUTH module, possibly the IIS has a wrong configuration and it is not related to any of the other common (caused) issues.

/webticket/webticketservice.svc/auth - 4443 - COP 500 0 0 3037

As we know, the client first receive the JSON WebService link information.
Then try to access the WebTicketService and will receive an ERROR 401, because the authentication wasn't done yet.
It now tries to connect to the webticketservice and try the authentication, which is NTLM!

If the negotiate option is first, it will fail and generate the ERROR 500.


On all Skype for Business Frontend Servers, you should check manually on the Internal and the External Website, if NTLM is the first choice for authentication and NEGOTIATE the second option.

Use the appcmd command to query the settings:
C:\Windows\System32\inetsrv>appcmd list config /section:windowsAuthentication
<windowsAuthentication enabled="true" useKernelMode="false">  
<add value="Negotiate" />   --> Must NOT be first!
<add value="NTLM" />  

If you need changing this setup, please user this method:
cscript adsutil.vbs set w3svc/NTAuthenticationProviders "NTLM,Negotiate"


appcmd set config /section:windowsAuthentication /-providers.[value='Negotiate']

appcmd set config -section:system.webServer/security/authentication/windowsAuthentication /+"providers.[value='Negotiate']" /commit:apphost