Skype for Business Online updates

Announced today, Microsoft is expanding some Skype for Business Online services and offering new ones;

PSTN Conferencing preview will now be available to customers in the following countries:

  • Belgium
  • Canada
  • Denmark
  • France
  • Germany
  • Italy
  • Netherlands
  • Spain
  • Sweden
  • Switzerland
  • United Kingdom

Finland, Norway and South Africa will be able to use this feature in November.

Cloud PBX Preview now available worldwide, allowing customers to get rid of separate PBXs globally and still break out locally. This is option still requires an om-premises S4B server installation.

Polycom CX is not dead yet – Skype for Business customers can use Polycom CX600 and CX3000, HP 4120, and Mitel Mivoice 6725 to connect to the cloud directly. Polycom VVX series Can be used as well.

source and more details: Microsoft.


My adventures with the Lync Edge AV service

A call came in last week from a customer that’s using Lync 2013 on premises and Exchange Online. “We can’t reach our voicemail anymore”. Lync to Lync calls, PSTN to Lync calls, none could be forwarded to the Office 365 UM services. Funny enough, if I wanted to leave them a voicemail (being a federated partner), I managed to do so without any problem.

That did make sense in a way, since I’m being forwarded by Office 365 to contact the UM servers directly when using Lync. Then again, this would not solve the internal issues.

First discovery I made was that the Edge server in unable to resolve any external DNS queries. Having some firewall changes lately, I blamed it on the firewall and waited for that to be tested again. Indeed, something was preventing the Edge from sending DNS queries to the internet. That’s fixed now, but still – same issue. Additionally, it was not affecting only communications with the Office 365 UM service, all external communications that required the usage of the AV service failed.

Needless to say, throughout the entire process – No errors on the Edge server. Management store replication is ok, certificates are ok, server is patched, restarted – It’s all dandy and happy in Edge kingdom.

I insisted on rechecking all the firewall rules again – all seemed to be in place. I used James Cussen‘s great tool to test Edge connectivity – All results were successful.

After examining the UCCAPI log files of the clients and tracing the Edge server’s logs – everything was still ‘working’ as far as the Edge server was concerned. We could see the SIP traffic working perfectly (plus, we had IM and presence functioning), and the sessions would only drop as soon as the other party “picked up” the call.

This is where things are getting a little interesting. Back to Networking 101, if I’m testing a TCP connection – I will only accept the session as “Successful” if the handshake is completed:

TCP Handshake

This means that if the service is not responding, I will not get the server’s ACK, and the connection will time out.

When using UDP, it’s a different story:


So “testing” a UDP service might be a little tricky…

This had me suspicious about the AV service, being the one in charge of our RTP traffic.

With no other options left, I started tracing the actual UDP sessions.
Here’s how it looks when the AV service is not cooperating:

lync.exe TURN TURN:TURN:Allocate Request {UDP:59, IPv4:58}
lync.exe TCP TCP:Flags=......S., SrcPort=10963, DstPort=HTTPS(443),
lync.exe TCP TCP:Flags=...A.R.., SrcPort=HTTPS(443), DstPort=10963,
lync.exe TCP TCP:Flags=......S., SrcPort=10851, DstPort=HTTPS(443),
lync.exe TCP TCP:Flags=...A.R.., SrcPort=HTTPS(443), DstPort=10851,
lync.exe TURN TURN:TURN:Allocate Request {UDP:59, IPv4:58}
lync.exe TURN TURN:TURN:Allocate Request {UDP:59, IPv4:58}
lync.exe TCP TCP:Flags=......S., SrcPort=10963, DstPort=HTTPS(443),
lync.exe TCP TCP:Flags=...A.R.., SrcPort=HTTPS(443), DstPort=10963,

Digging a little dipper into the TURN Allocate Request, we can see all the right details:

Frame: Number = 194, Captured Frame Length = 232, MediaType = WiFi
+ WiFi: [Unencrypted Data] .T....., (I)
+ LLC: Unnumbered(U) Frame, Command Frame, SSAP = SNAP(Sub-Network Access Protocol), DSAP = SNAP(Sub-Network Access Protocol)
+ Snap: EtherType = Internet IP (IPv4), OrgCode = XEROX CORPORATION
+ Ipv4: Src =, Dest =, Next Protocol = UDP, Packet ID = 22808, Total IP Length = 168
+ Udp: SrcPort = 8588, DstPort = 3478, Length = 148
+ TURN: TURN:Allocate Request

This is where I should be getting back a TURN:Allocate Response from the application. Yet, no reply.

Tried stopping the Edge AV service – it said “Stopping” for 30 minutes but never stopped, even when using the -Force switch. Trying to kill the process and the task was unsuccessful either.
This is where I tried to remove the Lync Edge components from “Programs and Features”. This failed as well, saying there was a problem with the “Lync Server Media Relay Driver” on the Local Area Connection interface.
Immediately went to “Network Connections” and what do you know?! This is what I see:

Media Relay Driver

I uninstalled it, ran Bootstrapper again, and retried the connection. The result was clear:

lync.exe TURN TURN:TURN:Allocate Request {UDP:40, IPv4:39}
lync.exe TURN TURN:TURN:Allocate Request {UDP:45, IPv4:39}
lync.exe TLS TLS:TLS Rec Layer-1 HandShake: Client Hello. {TLS:47, SSLVersionSelector:46, TCP:44, IPv4:39}
lync.exe TURN TURN:Control message, TURN:Allocate Error Response {TCP:41, IPv4:39}
lync.exe TURN TURN:TURN:Allocate Error Response {UDP:45, IPv4:39}
lync.exe TURN TURN:TURN:Allocate Response {UDP:40, IPv4:39}
lync.exe TLS TLS:TLS Rec Layer-1 HandShake: Server Hello. Server Hello Done. {TLS:47, SSLVersionSelector:46, TCP:44, IPv4:39}

Almost Immediatley you can see that the application is responding and we can get both the TURN:Allocate Response and the TLS sessions complete.

Remember this next time you’re having issues with the Lync Edge AV service.

Lync 2013 and Exchange Online UM – notes from the field

One of my recent posts was about Configuring Lync 2013 On-premises and Exchange Online to work together. After dealing with some feedback from customers and readers, I thought it might be worth to spend some time clarifying things: Edge Server You Edge Server must be configured as described in the post and enabled for federation. Confirm you have all the firewall rules in place between your Front-End and your Edge server, and your Edge server and the internet. Alternatively, you might want to restart your edge server or services just to be sure it’s all running… It’s all about the sequence There’s some logic in the order you’re committing the changes, especially if you’re migrating mailboxes from Exchange on-premises to Exchange Online. The steps are:

  1. Before you do anything, make sure the user is already in Office 365, synced using DirSync. If you’re migrating from Exchange On-Premises to Exchange Online, you’ll have to disable the existing UM option for these users. Don’t worry, all the data will still be there when you re-enable UM later.
  2. Run the Lync 2013 UM commands first. If the user is already synced or migration was completed, that’s the time to run the following: Grant-cshostedvoicemailpolicy –identity LocalDomain\<user> –policyname <PolicyName> and Set-csuser –identity LocalDomain\<user> –hostedvoicemail $true
  3. Let it sync. Although it should usually work immediately, go get a cup of coffee. Or something.
  4. Enable the user for UM in Exchange Online.

Just follow the steps… If you try to grant the on-prem policy to a user and you’re getting an error saying that the command cannot be found  – it means you probably missed or skipped one of the steps. The workaround is simple: Disable UM for that user in Office 365 and wait a while for the attributes to reset. then, run the Grant-cshostedvoicemailpolicy command and voilà- it’ll work.

Manually configure Outlook for Office 365 Exchange Online -Updated!-

As it appears, one of my most popular posts is “Manually configure Outlook for Office 365 Exchange Online” from August 2011. I wrote that when We were still suing the previous version of Office 365, and quite a lot has changed since.

This post will guide you on how to find the server settings for the latest Office 365 version, so you can manually configure Outlook to connect.

The host name for external access will always be

That was the easy part. To find the ‘internal’ server’s name, we can use Microsoft’s Remote Connectivity Analyzer:

On the Remote Connectivity Analyzer page, choose “Office 365” and “Outlook Autodiscover”:


Fill in your details on the next page and run the test.

On the test results page, start a search on the page and search for <Server>.

The first result will be a string saying something like <Server></Server>:


This is the address of your server. Copy and paste it, and that’s it:


Configure Office 365 UM for on premises Lync Server 2013 and Skype for Business Server 2015

As Office 365 is becoming more and more popular with larger organizations, many Lync \ S4B customers would like to host their voicemail in the cloud. This post will guide you through the steps required to configure Hosted UM on Office 365 for an on premises Lync deployment.

Considering you have a full Lync \ S4B 2013 enterprise voice solution already deployed in you organization, additional prerequisites for this would be:

  • A Lync 2013 Edge server.
  • A spare DDI number for Subscriber Access (Outlook Voice Access).
  • On premises users must be synced to Office 365 by either DirSync or Azure.
  • Office 365 Exchange Online licensing that allows UM.
  • administrative permissions on both the on premises Lync side ad the Office 365 management portal.

It took 7 days to create the world, and seven steps to configure voice mail:

1. Office 365 Admin Center

From the Admin drop-down menu, choose “Exchange”:


Under “Exchange” choose “Unified Messaging”:


In “UM Dial plans”, click the ‘+’ sign to add a new dial plan:

New UM Dial plan

In the new UM Dial Plan window:

  1. Give your dial plan a name.
  2. Configure the extension digit length as used in your organization (In my case: 4).
  3. In Dial plan type: Always choose SIP URI.
  4. Choose your Audio Language.
  5. Enter your country code (No ‘+’, just the code),


Click “Save”, the window will close.

You now have a new Dial plan, click “Configure” to continue:


This will open a new window. View your settings in the “General” page. These are not changeable, so if you made a mistake, now would be a good time to start things over.


If it’s ok – continue to “dial codes” and enter your country\region code. In my case: 353.


Continue to Outlook Voice Access.
Keep the default greeting and announcement unless you have a pre-recorded file, and go to “E.164 routing numbers for your SIP server”. This is where you enter your Subscriber Access number in an E.164 format. In my case: “+35315556789”.
On the next box, “Outlook Voice Access numbers”, enter the number you entered for the previous box, and the regular display number (e.g. 015556789). Reason is that Outlook voice Access will only correspond to matching numbers, and you would like to have this configured as well:


Next, go to “Settings” and configure as desired:


Continue to Dialing rules: You can leave this as it is, or add a rule to allow Outlook to play on phone:
Click the ‘+’ sign to add a new dialing rule:

Dialing rules Add

In the new Dialing rule window:

  1. Name your rule.
  2. Add ‘*’ in “Number pattern” and “Dialed Number”:

New Dialing Rule

Click “OK” to save and go to “Dialing Authorization”. Click the ‘+’ button to add:

dialing auth new

And choose the previously created rule:

select dialing rule gruops

In “Transfer and Search”, I normally change the “Allow callers to search…” to “In the entire organization”:


Click “Save”, and this part of the configuration is done!

2. On premises Lync Server

We’ll be using mostly PowerShell (Lync Management Shell) to configure this. Not a big deal, just make sure you double-check everything for typos…

Start with finding out your current configuration. From an elevated Lync Management Shell, run the following command:
You’re looking for the following parameters:

  1. AllowFederatedUsers (Should be set to True).
  2. EnablePartnerDiscovery (Should be set to True).
  3. RoutingMethod (Should be set to UseDnsSrvRouting)

Should look like this:


If one of the parameters is missing, run the following command:
Set-CsAccessEdgeConfiguration -AllowFederatedUsers $true -EnablePartnerDiscovery $true -UseDnsSrvRouting

Now, add Office 365 Exchange Online as a new hosting provider:
New-CsHostingProvider -Identity “Exchange Online” -Enabled $True -EnabledSharedAddressSpace $True -HostsOCSUsers $False -ProxyFqdn “” -IsLocal $False -VerificationLevel UseSourceVerification

This has configured your Edge server to be able to communicate with Office 365.
Verify that it’s replicated to the Edge server by running:
Get-CsManagementStoreReplicationStatus (If replicated to all, should be “UpToDate: True” on all servers),
and last, check that it’s configured and displayed correctly by running:
Get-CsHostingProvider -LocalStore, this should be the result:


3. Office 365 Management Shell

To continue configuring Lync on premises, we need some details about the Office 365 domains and tenants.
To do so, open a new elevated PowerShell window and connect to Office 365 using the following steps:

Run: $cred = Get-Credential and press Enter.
This will pop up a credential prompt, enter your Office 365 administrator credentials and press Ok:


Next, run the following command:
$365 = New-PSSession -ConfigurationName Microsoft.Exchange -ConnectionUri -Credential $cred -Authentication Basic –AllowRedirection
This will connect you to Office 365. You might receive a warning saying “WARNING: Your connection has been redirected to the following URI: “, This is normal.

Last, run:
$importresults = Import-PSSession $365

You should end up with an output similar to this:


Now that you’re connected to Office 365, run: Get-Mailbox, to see you recognize what’s going on, and then run: Get-AcceptedDomain. Now let’s pause here for a second:

Take a good look at your domain list. What we’re looking for is the original “” domain. This is the one we’re going to use to communicate with Office 365.
Find that domain and mark it:


Whatever your domain is (for example:, this is what we’ll use in the following steps:

4. Back to Lync Management Shell

Now that we know our “OnMicrosoft” domain, we can configure Lync to communicate with it:

First, we’ll create a new Hosted Voicemail Policy. From Lync Management Sell, run the following:
New-CsHostedVoicemailPolicy -identity Office365UM -Destination -Description “Office 365 Voicemail” -Organization “”

Make sure you replaced “YOURDOMAIN” with your domain!

Next step: create a Lync-Exchange contact:
New-csexumcontact -displaynumber <E.164Number>–sipaddress <> -registrarpool <LyncFE> -ou “<YourDesiredOU>"
So for example, these are my details:

  1. Display Number: +35315556789 (This is the Subscriber Access Number we used on Exchange Online earlier)
  2. Contact’s SIP address:
  3. Lync registrar: LyncFE01.y0av.local
  4. OU: Lync Devices

My command would look like this:
New-csexumcontact -displaynumber +35315556789 –sipaddress -registrarpool LyncFE01.y0av.local -ou “OU=Lync Devices,DC=y0av,DC=local"

Once running this command, you’ll get an output with the contact’s details. Note the contact’s GUID:


This is also found in Active Directory where you created it:
I usually add a description to this contact, as Sys Admins sometimes delete strings they’re not familiar with…


Copy the contact’s identity from PowerShell and use it in the following command to grant the policy you created earlier to the user you just created:
Grant-cshostedvoicemailpolicy –identity “CN={92011efc-5608-4c7e-88ed-d79e035c39e6},OU=Lync Devices,DC=y0av,DC=local” –policyname Office365UM

So now we have a UM Policy, and a UM Contact that’s configured with that policy. You can run Get-CsExUmContact to check that:


5. Back to Office 365 Management Shell…

Last thing we need to do before it works, is connect the on premises and the cloud voice policies.
So from the previously used Office 365 Management Shell window, run the following:
Set-UMmailboxpolicy -identity “CloudUMPolicy” -SourceForestPolicyNames “OnPremUMPolicy”
In this scenario we used the same name for both policies – that’ll work too:
Set-UMmailboxpolicy -identity “Office365UM” -SourceForestPolicyNames “Office365UM”
But if you have a different name for each policy – configure that as desired.

6. Back to Lync Management Shell – last time!

The only thing left to do now is grant Lync users with the new hosted voicemail policy and enable them for hosted UM.
You can use any pipe known to humanity to do this, but here’s the basics:

To grant the policy to a user, run:
Grant-cshostedvoicemailpolicy –identity LocalDomain\y0av –policyname Office365UM

To enable the user for Hosted Voicemail, run:
Set-csuser –identity LocalDomain\y0av –hostedvoicemail $true

7. Enable the user for UM

Log on to the Office 365 admin center and enable the user for Unified messaging:


Assign the UM policy you created earlier:


Verify the details on the next screen and that’s it. You’ve voice mail configured.


If you’re having issues enabling users, you might want to check the “Notes from the field” post I published after getting some feedback on this post.

Lync 2013 and Exchnage Online Hosted Voicemail setting resets after running DirSync

Got a colleague ringing me the other day with a strange issue:

He has Lync 2013 on premises with their voicemail hosted on Office 365 Exchange online, all configured and working wonderful.

However, for some users, the “HostedVoiceMail” attribute changes from “$true” to null. If he runs the “Set-csuser –identity Domain\Username –HostedVoiceMail $true” command again it will set it, but that will disappear as soon as DirSync runs again.

Did some investigation, and apparently – If it’s a shared mailbox, DirSync will switch it back from “$true” to “null”.

There is a workaround to fix this!

Go to your DirSync server, and at the following path: “%Program Files%\Microsoft Online Directory Sync\SYNCBUS\Synchronization Service\UIShell”, or ““%Program Files%\Windows Azure Active Directory Sync\SYNCBUS\Synchronization Service\UIShell” if you’re using Azure, you will find “miisclient.exe”:

miisclient.exe location

Open “miisclient.exe” and click the “Management Agents” tab:

Management Agents tab

Right-click “Source AD” and choose “Properties”:

SourceAD Properties

In the new window, choose “Configure Attribute Flow”, and expand “Object Type: user”:

Object Type: User Expanded2

Under “Object Type: user” click “msExchUCVoiceMailSettings” once. At the Build Attribute Flow window below, uncheck the “Allow Nulls” box:

Allow Nulls

Click OK, and close the MIIS client.

Re-enable the user for hosted voicemail, then resync. The user’s HostedVoiceMail setting will remain unchanged.

Download: Microsoft Lync Server 2013 Multitenant Hosting Pack Deployment Guide

Microsoft has Announced the Release of Lync Server 2013 Multitenant Hosting Pack Deployment Guide.
The Lync Server 2013 Multitenant Hosting Pack enables service providers to sell value-added, Lync-based solutions to small and midsized customers. The hosting pack topology, based on Lync Online, enables partners to offer a more cost-effective topology to manage a large number of tenants with fewer users, which makes the offering compelling to small-to-midsized customers.

What’s Available in the Lync Server 2013 Multitenant Hosting Pack?

The features that integrate with other components and applications include the following:

  • Presence   A collection of attributes that provides an indication of a person’s status, activity, location, willingness to communicate, and contact information.
  • Instant messaging (IM)   A form of real-time text-based communication.
  • Data and desktop sharing   A feature that allows users to share files, use whiteboard, and display their desktop to a meeting or to conversation participants.
  • Conferencing   Two-way video and audio transmissions between users in multiple locations.
  • Unified Messaging   This feature is available only in combination with Microsoft Exchange Server. An application that consolidates a user’s voice mail, fax, and email into one mailbox, so that the user only needs to check a single location for messages, regardless of type. The email server is the platform for all types of messages, making it unnecessary to maintain separate voice mail and email infrastructures.
  • Private branch exchange (PBX) replacement   UC integration with Voice over Internet Protocol (VoIP) systems can replace traditional phone exchange systems.

Lync Server Multitenant Hosting Pack partner feature set includes:

  • Appliances   Hand and head set I/O devices.
  • Conferencing server gateway video   Real-time IP video, voice, and data services.
  • Audio conferencing provider   Integration with hosted conferencing systems.
  • Short Message Service (SMS)   Text messaging systems used by phones and mobile communication systems.


Manually configure Skype for Business and Lync clients for Office 365 Lync Online

* This article works for all versions of Skype for Business and  Lync clients *

You might want to configure Lync clients manually to connect to Lync Online if you don’t have an SRV record published or unable to reslove for some reason. If the Lync client cannot find the right records in DNS you will not be able to sign in and will get the following error messgae:

It is quite easy to configure a manual connection to Lync Online. To do so, please follow these instructions:

Click the gear on the right top side of Lync client:

In the new “Lync OPtions” window that opens click “Advanced”:

You’ll get the default Automatic configuration window:

Choose “Manual Configuration” and enter the address in both the Internal and External server fields, and then press “OK”:

retype your Office 365 username (always in format) and sign in:

Now you’re connected to Lync Online.

Manually configure Outlook for Office 365 Exchange Online


You might want to check the updated version of this post HERE.

***          ***          ***          ***

For many reasons, you might want to manually configure Outlook to work with Office 365.

Here are some obstacles you may encounter:

  • You don’t have the Office 365 Sign-in assistant available.
  • No Autodiscover record published.
  • You’re working on Wndows Server 2003 and can’t install Office 2010 hotfix kb2544027. (If you want you can install only the .msp file, it skips all the prerequisites)

I tried following Microsoft’s Article about how to do it, no luck.

Finally, after doing some digging, here’s how to do it:

Log on to Office 365 OWA at<your.domain>:

Office365OWA Login

Once logged on, go to “Help, About”:

Office 365 OWA Help About

In the new window, look for “Host Name”:

Office 365 Help Host Name

Copy the the host name and close this window.

Now we can create a new profile in Outlook with the following configuration;

Choose to manually configure server settings:

then choose “Microsoft Exchange or compatible service”:

in the Server Settings window in the Server field, paste the name of the Host Name you copied earlier.

Now, for this to work correctly, you need to add the word “mailbox” betwin the Host name and the rest of the FQDN. So if my Host Name is “”, my Server name here should be “”. Do the same for the name you copied:

Don’t forget to enter your Office 365 email address at the “User Name” field, then click “More Settings” and go to the “Connection” tab. Check the “Connect to Microsft Exchange using HTTP” box and click “Exchange Proxy Settings…”:

In the next window, fill the following details:

Type the Host Name you copied earlier in the “Use this URL to connect to my proxy server for Exchange” field.

Check the “Only connect to proxy server that have this principal name in their certificate” box and type:

Make sure both checkboxes are marked for connecting using HTTP first, and make sure you set the authentication method to “Basic”:

Click “OK” twice, then click “Check name” and enter your password at the prompt. the server and user names should be underlined:

Click “Next” and “Finish” and open Outlook, enter your password if prompted. That’s it, You’re connected!