Plan and Configure Hybrid Voice in Skype for Business 6/4/2018 8:36 AM BRK3035 Plan and Configure Hybrid Voice in Skype for Business Nikolay Muravlyannikov, Senior Program Manager Carolyn Blanding, Senior Supportability Program Manager © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

About me Carolyn Blanding Senior Supportability PM Skype for Business Supportability Beta Technical Support

About me Nikolay Muravlyannikov Senior Program Manager Office Communications Services Product Group

Session objectives Objectives: Understand Microsoft telephony options; Tech Ready 15 6/4/2018 Session objectives Objectives: Understand Microsoft telephony options; Understand common migration path from existing PBX to Microsoft Cloud PBX (Phone System) using Hybrid Voice; Review the architecture of Hybrid Voice based on real life examples; Understand typical misconfigurations, their impact and how to avoid them; © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Telephony in Microsoft overview

Terminology PSTN – Public Switched Telephony Network; 6/4/2018 8:36 AM Terminology PSTN – Public Switched Telephony Network; PBX/Phone System – Private Branch Exchange; connect phones to PSTN and provide calling features; Trunk – telephony line which connects PBXs to PSTN (TDM or SIP); SBC – Session Border Controller, a device that serves as a firewall and router in telephony networks. Examples of what SBCs do: Security – Inspect packets; Connectivity – translate different protocols; NAT traversal; Interoperability – transcode media; Quality of Services – prioritize traffic; PSTN Gateway – a device which serves as a router in telephony networks, capable of doing most of what SBC is doing except security and NAT traversal. © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Telephony in Microsoft Enterprise Voice Cloud PBX (Phone System) Version Microsoft provides PBX Where to get telephony trunk OCS 2007, Lync 2010/2013, Skype for Business Yes, Microsoft product name Enterprise Voice Trunks must be provided by customer and connected directly to servers (only certified trunks) or via SBC/PSTN Gateway Skype for Business Online Yes, Microsoft product name: Before September, 2017 – Cloud PBX; After September, 2017 – Microsoft Phone System Option 1. Buy SIP trunk from Microsoft. Available in Belgium, France, Germany, Ireland, Puerto Rico, Netherlands, Spain, UK, US Microsoft product name: Before September, 2017 – Microsoft PSTN Calling; After September, 2017 – Calling Plan Option 2. Connect customer provided trunk via SBC or Gateway which is paired to Cloud PBX (Phone System) using a small Skype for Business footprint (deployed on-premises) Name: Hybrid Voice Note all telephony in Microsoft products is SIP based. Connection of legacy TDM trunks is possible via a TDM Gateway or SBC

Cloud PBX: Interoperability with 3rd party equipment 6/4/2018 8:36 AM Cloud PBX: Interoperability with 3rd party equipment Hybrid Voice: Provides Interoperability with 3rd party systems (e.g. PBX, Call Centers); Unblocks gradual migration to Microsoft Phone System; Option to connect Analog devices © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Common Migration Path from a PBX to Microsoft Cloud PBX (Phone System)

Migration example overview Seattle PBX served numbers: User Numbers: +1 (425) 500 1000 – 2992: Call Center Numbers: +1 (425) 500 2993 -2997; Analog phones: +1 (425) 500 2998 -3000 Session Border Controller SEA-GW1.Contoso.com Inbound Routes Microsoft Phone System served numbers: +1 (425) 500 1000 – 3000 to PBX; SIP Trunk: Inbound route +1 (425) 500 1000 – 3000 to SBC MS/Edge (CCE or SfB Pool)

Migration example overview Seattle PBX served numbers: User Numbers: +1 (425) 500 1000 – 2992: Call Center Numbers: +1 (425) 500 2993 -2997; Analog phones: +1 (425) 500 2998 -3000 Session Border Controller SEA-GW1.Contoso.com Inbound Routes Microsoft Phone System served numbers: +1 (425) 500 1000 – 3000 to PBX; +1 (425) 500 2998 -3000 to ATA +1 (425) 500 1000 – 2992 to Microsoft PBX SIP Trunk: Inbound route +1 (425) 500 1000 – 3000 to SBC +1 (425) 500 2993 -2997 to PBX; MS/Edge (CCE or SfB Pool)

Architecture and Traffic Flow

Why do we need to place something on customer/partner premises 6/4/2018 8:36 AM Why do we need to place something on customer/partner premises Cloud Connector Edition or Skype for Business pool are required for two modalities: SBC/Trunk pairing and authentication; Keep media local; Let’s have a deeper look into this © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

SBC/Gateway pairing 6/4/2018 8:36 AM Authentication and pairing: Tenant Administrator pairs the Microsoft certified Gateway/SBC to Mediation server (part of CCE or Skype for Business on-premises pool) and then pairs the Edge to Office 365 Traffic coming from this SBC/Gateway is now trusted by Office 365 and can be routed to the users (Microsoft PSTN or Hybrid Voice Users) © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6/4/2018 8:36 AM Media Flow: routing Does called number belong to anyone in this tenant? (RNL) Yes Transform call from PSTN to VOIP, call callee points of presence No What Voice Policy of the user says? IP: 10.10.11.3 Media Port: 49347 IP: 10.10.11.5 Media Port: 49350 IP: 52.61.34.50 Media Port: 50100 Route to Hybrid Voice Edge Route via MSFT SIP trunk Call to +43 1 610 640 SIP Signaling Media Traffic © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Media Flow: internal client with bypass 6/4/2018 8:36 AM Media Flow: internal client with bypass External Provide the mediation server candidates (including Edge) Is client internal or external Is this a Skype for Business Windows client at least 16.0.7870.2020 Internal IP: 10.10.11.3 Media Port: 49347 Yes IP: 10.10.11.5 Media Port: 49350 IP: 52.61.34.50 Media Port: 50100 SIP Signaling Media Traffic © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Media Flow: internal client with bypass 6/4/2018 8:36 AM Media Flow: internal client with bypass External Provide the mediation server candidates (including Edge) Is client internal or external Is this a Skype for Business Windows client at least 16.0.7870.2020 Internal Yes IP: 10.10.11.5 Media Port: 49350 IP: 52.61.34.50 Media Port: 50100 SIP Signaling Media Traffic © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Media Flow: internal client, no bypass 6/4/2018 8:36 AM External Provide the mediation server candidates (including Edge) Is client internal or external Is this a Skype for Business Windows client at least 16.0.7870.2020 Internal IP: 10.10.11.3 Media Port: 49347 No IP: 10.10.11.5 Media Port: 49350 IP: 52.61.34.50 Media Port: 50100 SIP Signaling Media Traffic © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Media Flow: internal client, no bypass 6/4/2018 8:36 AM Media Flow: internal client, no bypass External Provide the mediation server candidates (including Edge) Is client internal or external Is this a Skype for Business Windows client at least 16.0.7870.2020 Internal IP: 10.10.11.3 Media Port: 49347 No IP: 10.10.11.5 Media Port: 49350 IP: 52.61.34.50 Media Port: 50100 SIP Signaling Media Traffic © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Media Flow: internal client, no bypass 6/4/2018 8:36 AM Media Flow: internal client, no bypass External Provide the mediation server candidates (including Edge) Is client internal or external IP: 10.10.11.3 Media Port: 49347 IP: 10.10.11.5 Media Port: 49350 IP: 52.61.34.50 Media Port: 50100 SIP Signaling Media Traffic © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Media Flow: external client 6/4/2018 8:36 AM Media Flow: external client External Provide the mediation server candidates (including Edge) Is client internal or external IP: 10.10.11.5 Media Port: 49350 IP: 52.61.34.50 Media Port: 50100 SIP Signaling Media Traffic © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Architecture and Migration Path 6/4/2018 8:36 AM Architecture and Migration Path © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

CCE in each location Customer profile: 6/4/2018 8:36 AM CCE in each location Customer profile: Customer with a single location or multiple locations; Dependencies for survivability: SIP trunk connected via two ISPs for redundancy; Redundant ISP connection (two providers) Cons: Not a best option for customer with multiple small locations (price); SIP Signaling Media Traffic Traffic flow on the picture with Media Bypass enabled © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Centralized CCE/SIP trunk 6/4/2018 8:36 AM Customer profile: Customer with multiple locations with small to medium amount of users in branches; Want to save on cost of PBXs in branch locations; Dependencies: Requires appropriate WAN (QoS) to route media to and from the central location SIP trunk centralized in one location for all connected branches; SIP trunk connected via two ISPs for redundancy; Redundant ISP connection (two providers) Pros: Cost effective, saves on PBXs cost in branches Cons: Rely on WAN connection from the branches to main location SIP Signaling Media Traffic Traffic flow on the picture with Media Bypass enabled © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Centralized CCE/Non-centrilized trunks 6/4/2018 8:36 AM Customer profile: Customer with multiple locations with small to medium amount of users in branches; Want to save on cost of PBXs in branch locations; No technical ability to centralize SIP trunks Dependencies: Requires appropriate WAN to route media to and from the central location Redundant ISP connection (two providers) Pros: Preserves existing connectivity; Cost effective, saves on PBXs cost in branches; Cons: Requires media traffic flow from branches to central SBC and back; Complex to manage SIP Signaling Media Traffic Traffic flow on the picture with Media Bypass enabled © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Typical misconfigurations, impact and how to avoid them

Terminology On Premises Call Handling (OPCH) – On-premises software is Skype for Business Server 2015 Cloud Connector Edition (CCE) – On-premises software is Cloud Connector

Misconfigurations types and impact Typical misconfigurations during deployment Common management mistakes

Misconfigurations during deployment 6/4/2018 8:36 AM Misconfigurations during deployment © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Things missed during deployment Certificate Configuration SAN Name Missing for Supported Sip Domains OPCH CCE Certificate Chain not Trusted

Certificate Chain not Trusted 6/4/2018 8:36 AM Certificate Chain not Trusted Impact CCE Edge Services Fail to Start Diagnostic Information CCE Deployment Script Shows: "Service RTCMRAUTH failed to start. Check to make sure the service is not disabled.“ Resolve Use CCE PowerShell Import valid certificate with full certificate chain and private key to CCE using: Set-CcExternalCertificateFilePath –Import Troubleshoot your “CCE” deployment © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Things missed during deployment Firewall and Proxy Configuration Traffic to/from O365 OPCH CCE Traffic Host Appliance -> VM’s Traffic Host Appliance -> Internet No Connectivity Between Clients and Gateway with Media Bypass Enabled

Proxy Server Blocking Connectivity from Host to CCE VM’s 6/4/2018 8:36 AM Proxy Server Blocking Connectivity from Host to CCE VM’s In V2+, be sure that the Network Adapter selected for the CCE Corpnet switch has IP address configured in same range as the CCE corpnet subnet Impact CCE Deployment Fails Diagnostic Information CCE Deployment Script Shows: "Can’t connect to machine # after waiting 600 seconds. WinRM cannot connect to remote machine .“ Resolve Use NetSh Add CCE Management and Corporate Network Subnets to the WinHttp Proxy Bypass List © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Things missed during deployment Office 365 Tenant Configuration Hybrid Mediation Server Settings CCE Shared Sip Address Space = True Domain Federation Enabled and Match Online<->On-Prem OPCH Use On-Premises Dial Plan = False

Hybrid Mediation Server Missing in Tenant 6/4/2018 8:36 AM Hybrid Mediation Server Missing in Tenant To confirm Hybrid Mediation servers configured in your tenant, run: Get-CsOnlineUser -Filter "HostingProvider -like '*.<SipDomain>'" | Get-CsHybridMediationServer Impact CCE P2P PSTN Call Escalation Fails Diagnostic Information Client UCCAPI Log Shows Adding Participant to Conference 404 Error: 1003:reason=“User does not exist”;source=sipfed.online.lync.com Resolve Remote PowerShell Set-CsHybridMediationServer Configure Online Hybrid Mediation Server Settings © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Shared Sip Address Space = $False 6/4/2018 8:36 AM Shared Sip Address Space = $False Impact CCE P2P PSTN Call Escalation Fails Diagnostic Information Online CLS Tracing Shows “SIPPROXY_E_EPROUTING_MSG_ INTERNALDOMAIN_NOTALLOWED” Resolve Remote PowerShell Set-CsTenantFederationConfiguration -SipAddressSpace $True © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Common Things Missed during Configuration DNS Configuration Sip Federation SRV Record(s) OPCH CCE Strict Domain Name Matching Sip Federation SRV Edge server Host A Record(s) Edge Server can Resolve Sip Federation SRV Record(s)

Edge Server Can’t Resolve Sip Federation SRV 6/4/2018 8:36 AM Edge Server Can’t Resolve Sip Federation SRV Impact Inbound Calls Fail Diagnostic Information Server CLS Log Shows 504 server timeout ms-diagnostics:10008 reason= "Unable to resolve DNS SRV record"; Resolve DNS Set Edge to use external Public DNS for resolution Use pinpoint records internally © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Common management mistakes 6/4/2018 8:36 AM Common management mistakes © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Common Management Mistakes Infrastructure Missed topology update when adding new appliances CCE Add deep packet inspection on firewall OPCH Change host appliance administrator password

Missed Topology Updat when Adding new Appliance (CCE) 6/4/2018 8:36 AM Missed Topology Updat when Adding new Appliance (CCE) In a stretched site, missing static routes on Edge internal interface and/or firewalls Impact Outbound Calls Fail Edge can’t reach Mediation server Diagnostic Information Server CLS Logs Show: 503 Service Unavailable ms-diagnostics: 12006;reason="Trying next hop";source=“EDGEFQDN";…. appName="OutboundRouting" Resolve CCE PoweShell Publish-CcAppliance Add an appliance to an existing site © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Add Deep Packet Inspection to Edge Firewall 6/4/2018 8:36 AM Add Deep Packet Inspection to Edge Firewall Impact Inbound Calls Fail Diagnostic Information Outbound Calls Work Client UCCAPI log shows: 504 server timeout ms-diagnostics:1047 Resolve Firewall Remove Deep Pack Inspection From Edge, browse https://sipfed.online.lync.com:5061 Verify certificate challenge pop-up. © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Common Management Mistakes User Configuration Missed configuring online Enterprise Voice when moving user online OPCH CCE Missed assigning CsVoiceRoutingPolicy to user when moving online User not assigned to PSTN Site

Online User not Enabled for Enterprise Voice 6/4/2018 8:36 AM Online User not Enabled for Enterprise Voice Note for OPCH the LineURI will be set on-premises. For CCE it will be set online in OnPremLineURI attribute. Line URI must be set as E.164 Impact Inbound Calls Fail Diagnostic Information Server CLS Logs Show: 404 ms-diagnostics:1003 reason= “User does not exist"; Resolve Remote PowerShell Set-CsUser –EnterpriseVoiceEnabled $True Enable Users for Cloud PBX © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Online User not Assigned On-Prem Voice Routing Policy (OPCH) 6/4/2018 8:36 AM Online User not Assigned On-Prem Voice Routing Policy (OPCH) Impact Outbound Calls Fail Diagnostic Information Server CLS Logs Show: 403 Forbidden ms-diagnostics: 12001;reason="User Policy does not contain phone route usage" Resolve SfB Server Management Shell Set-CsVoiceRoutingPolicy Grant-CsVoiceRoutingPolicy Assign a Voice Routing Policy © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Session objectives and takeaways Tech Ready 15 6/4/2018 Session objectives and takeaways Objectives: Understand Microsoft telephony options; Understand common migration path from existing PBX to Microsoft Cloud PBX (Phone System) using Hybrid Voice; Review the architecture of Hybrid Voice based on real life examples; Understand typical misconfigurations, their impact and how to avoid them; © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Please evaluate this session Tech Ready 15 6/4/2018 Please evaluate this session From your Please expand notes window at bottom of slide and read. Then Delete this text box. PC or tablet: visit MyIgnite https://myignite.microsoft.com/evaluations Phone: download and use the Microsoft Ignite mobile app https://aka.ms/ignite.mobileapp Your input is important! © 2012 Microsoft Corporation. All rights reserved. Microsoft, Windows, Windows Vista and other product names are or may be registered trademarks and/or trademarks in the U.S. and/or other countries. The information herein is for informational purposes only and represents the current view of Microsoft Corporation as of the date of this presentation. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information provided after the date of this presentation. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Appendix

Reference Details for other Issues 6/4/2018 8:36 AM Reference Details for other Issues © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Missing SAN in Certificate for Sip Federation Host Name (OPCH) Impact Outbound and Inbound Calls Fail Diagnostic Information Client UCCAPI Log Shows For Outbound: 504 Server Time-Out; ms-diagnostics:1010;reason= "Certificate trust with another server could not be established" Resolve SfB Server Deployment Tool Import and Assign Certificate including SAN name(s) of all sip domains. © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Missing SAN in Certificate for Sip Domain (CCE) 6/4/2018 8:36 AM Missing SAN in Certificate for Sip Domain (CCE) Impact Outbound and Inbound Calls Fail Diagnostic Information Client UCCAPI Log Shows For Outbound: 504 Server Time-Out; ms-diagnostics:1017;reason= “Cannot route From and To domains in this combination" Resolve CCE PowerShell Import certificate including SAN name(s) of all sip domains: Set-CcExternalCertificateFilePath –Import © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Firewall Blocking Inbound Port 5061 6/4/2018 8:36 AM Firewall Blocking Inbound Port 5061 Impact Outbound Calls Fail Diagnostic Information Client UCCAPI Log Shows SIPPROXY_E_CONNECTION_FAILED Resolve Firewall Open Port 5061 Inbound to Public IP of Access Edge © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Miss-Match DNS in Sip Federation SRV (OPCH) 6/4/2018 8:36 AM Miss-Match DNS in Sip Federation SRV (OPCH) Impact Outbound and Inbound Calls Fail Diagnostic Information Client UCCAPI Log Shows For Outbound: 504 Server Time-Out; ms-diagnostics:1009;reason= “No match for domain in DNS SRV results” Resolve DNS Modify Hostname for SRV Record to Match .<sipdomain> _sipfederationtls._tcp.<sipdomain> © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Missing Sip Federation SRV Record 6/4/2018 8:36 AM Missing Sip Federation SRV Record Impact Outbound and Inbound Calls Fail Diagnostic Information Client UCCAPI Log Shows For Outbound: 404 Not Found; ms-diagnostics:10008 reason= "Unable to resolve DNS SRV record"; Resolve DNS Add DNS Record(s) Type = SRV _sipfederationtls._tcp.<sipdomain> For all supported sip domains © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Use On Prem Dial Plan <> $False 6/4/2018 8:36 AM Use On Prem Dial Plan <> $False There is no on-premises FE pool to provide dial plan Impact CCE Call Normalization Fails Diagnostic Information UCCAPI client log shows 504 Response to the Service request for app.locationprofile Resolve Remote PowerShell Set-CsTenantHybridConfiguration -UseOnPremDialPlan $False © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

Change Host Appliance Administrator Password (CCE) 6/4/2018 8:36 AM Change Host Appliance Administrator Password (CCE) Impact Deployment and Management Fails Diagnostic Information CCE Management Log Shows “ConvertTo-SecureString : Key not valid for use in specified state.” Resolve CCE PowerShell Restart CCE Host and, Delete Credentials.<CurrentUser>.xml Run Register-CcAppliance –Local Troubleshoot your “CCE” Deployment Steps can vary depending on installed version. Please refer to our troubleshooting guidance for details © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

No Connectivity Between Clients and Gateway 6/4/2018 8:36 AM No Connectivity Between Clients and Gateway Impact Media Fails to Connect Diagnostic Information Toast Received Call Shows Connecting by Never Connects Resolve Firewall Open Firewall between Clients and Gateway on Defined Media Port for Gateway (e.g. 5068) © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

User not Assigned a PSTN Site (CCE) 6/4/2018 8:36 AM User not Assigned a PSTN Site (CCE) Impact Outbound Calls Fail Diagnostic Information Client UCCAPI Shows ms-diagnostics:1003 reason= “User does not exist”; domain=<sipdomain>; source=“sipfed.online.lync.com” Resolve Remote PowerShell Set-CsUserPstnSettings Assign users to PSTN sites © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.

6/4/2018 8:36 AM © Microsoft Corporation. All rights reserved. MICROSOFT MAKES NO WARRANTIES, EXPRESS, IMPLIED OR STATUTORY, AS TO THE INFORMATION IN THIS PRESENTATION.