2015-05-10

This step by step guide will walk you through the process of installing Skype for Business Server 2015.

See the following links for more information on the other deployment options:

Skype for Business In-Place Upgrade Step by Step

Skype for Business Migration Step by Step (From Lync 2010 or Lync 2013)



Tip: Click each section to expand and contract its content

Hardware Prerequisites

Microsoft recommends the following minimum requirements for Front End Servers, Back End Servers, Standard Edition Servers, Persistent Chat Servers, and Persistent Chat Store and Persistent Chat Compliance Store (Back End Server Roles for Persistent Chat Server):

Dual CPU with 6 Cores, 2.26GHz

32Gb Ram

72Gb Disk Space

1GHz Network adapter

Microsoft recommends the following minimum requirements for Edge Servers, Standalone Mediation Servers, and Directors:

Dual CPU with 4 Cores, 2GHz

16Gb Ram

72Gb Disk Space

1GHz Network adapter

In reality these can be much less depending on the number of users and activity. To give you an example for a deployment of 500 users, a Skype for Business Front End will happily run as follows:

Single CPU with 4 Cores, 2.26GHz

12Gb Ram

72Gb Disk Space

1GHz Network adapter

Software Prerequisites

In this section you will find the software requirements for Skype for Business Server, including Windows Server and its required prerequisites, and SQL server.

Server Operating Systems

Before you get started you will need to decide on and operating system and install some prerequisites. Skype for Business is supported on Server 2008R2, 2012, and 2012R2. It is highly recommend that you choose Server 2012 or newer unless you have good reasons to use 2008R2, such as performing an in-place upgrade from Lync 2013 which is already running on 2008R2. In any case ensure you have the latest service packs and updates applied.

Why 2012 or newer?
Windows Fabric v3 is supported on these newer operating systems, which brings some significant improvements over v2. Also Windows Server 2008 R2 reached the end of the mainstream support lifecycle on 1/13/2015.

Make it easy!
Keep an eye out for an updated version of Pat Richards prerequisites script for Server 2012 and 2012R2. At the time of writing this had not been updated, but I am sure it wont be far away!

Prerequisites for all Skype for Business roles

Apply all Windows Updates ensuring the following are included:

Server 2012 - Install KB2858668

Server 2012 R2 - Install KB2982006

Server 2008 R2 - Install KB2533623

Microsoft .NET Framework 4.5 - Install via Server Manager Features on Server 2012 or Server 2012 R2 or get it here

Windows PowerShell 3.0 (included with Server 2012 or Server 2012 R2) - get it here

Tip: You should be on build version 6.2.9200.0 or greater. Run $PSVersionTable to check

Windows Identity Foundation 3.0 - Install via Server Manager Features on Server 2012 or Server 2012 R2 or get it here

AD DS and AD LDS tools – install from Server Manager Features (under Remote Administration Tools -> Role Administration Tools)

Additional Prerequisites for Front End Servers

Enable .NET 4.5 WCF Services -> HTTP Activation from Server Manager Features

.NET 3.5

Installed by default with Server 2008 R2

Server 2012 and Server 2012R2 - install from Server Manager Features, and point to the installation media (specifically the \sources\sxs folder) if asked for it (installation media may not be required if you have internet access on your server)

Media Foundation/Desktop Experience – install from Server Manager Features

Server 2012/2012R2 install Media Foundation

Server 2008R2 install Desktop Experience

SilverLight (Required for the Skype for Business Control Panel) - get it here

IIS

Common HTTP Features

Default Document

HTTP Errors

Static Content

Health and Diagnostics

HTTP Logging

Logging Tools

Tracing

Performance

Static Content Compression

Dynamic Content Compression

Security

Request Filtering

Client Certificate Mapping Authentication

Windows Authentication

Application Development

.NET Extensibility 3.5

.NET Extensibility 4.5

ASP.NET 3.5

ASP.NET 4.5

ISAPI Extensions

ISAPI Filters

Management Tools

IIS Management Console

IIS Management Scripts and Tools

Make it easy!
If you're installing on Server 2012 or Server 2012R2, run the following PowerShell commands to prepare your Front End Server server:

Add-WindowsFeature NET-Framework-Core, RSAT-ADDS, Windows-Identity-Foundation, Web-Server, Web-Static-Content, Web-Default-Doc, Web-Http-Errors, Web-Dir-Browsing, Web-Asp-Net, Web-Net-Ext, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Http-Logging, Web-Log-Libraries, Web-Request-Monitor, Web-Http-Tracing, Web-Basic-Auth, Web-Windows-Auth, Web-Client-Auth, Web-Filtering, Web-Stat-Compression, Web-Dyn-Compression, NET-WCF-HTTP-Activation45, Web-Asp-Net45, Web-Mgmt-Tools, Web-Scripting-Tools, Web-Mgmt-Compat, Server-Media-Foundation, BITS -Source <source e.g. D:\sources\sxs>

Tip: If you a have internet access you do not need to specify the BITS source
Tip: If you are upgrading a Server 2008R2 server you should already have these prerequisites installed

Additional Prerequisites for Persistent Chat Servers

Message Queuing (MSMQ) – Install from Server Manager

Additional Prerequisites for Directors

IIS

Common HTTP Features

Default Document

HTTP Errors

Static Content

Health and Diagnostics

HTTP Logging

Logging Tools

Tracing

Performance

Static Content Compression

Security

Request Filtering

Client Certificate Mapping Authentication

Windows Authentication

Application Development

.NET Extensibility 3.5

.NET Extensibility 4.5

ASP.NET 3.5

ASP.NET 4.5

ISAPI Extension

ISAPI Filters

Make it easy!
If you're installing on Server 2012 or Server 2012R2, run the following PowerShell commands to prepare your Front End Server server:

Add-WindowsFeature RSAT-ADDS, Web-Server, Web-Static-Content, Web-Default-Doc, Web-Http-Errors, Web-Asp-Net, Web-Net-Ext, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Http-Logging, Web-Log-Libraries, Web-Request-Monitor, Web-Http-Tracing, Web-Basic-Auth, Web-Windows-Auth, Web-Client-Auth, Web-Filtering, Web-Stat-Compression, NET-WCF-HTTP-Activation45, Web-Asp-Net45, Web-Scripting-Tools, Web-Mgmt-Compat, BITS -Source <source e.g. D:\sources\sxs>

Tip: If you a have internet access you do not need to specify the BITS source
Tip: If you are upgrading a Server 2008R2 server you should already have these prerequisites installed

Additional Prerequisites for Edge Servers

Because Edge servers are not domain joined, they require that you manually specify a DNS suffix for the server e.g. SERVERNAME.dnssuffix.com.

To do this:

Open the servers System Properties (Control Panel\System and Security\System)

Select "Change Settings:

Select "Change"

Select "More"

Under "Primary DNS suffix of this computer", enter the DNS suffix. The server name together with the DNS suffix should match what you have defined in the topology builder. e.g. S4BAE0101.ucgeek.nz



SQL Server

A backend SQL Server is required for Enterprise Edition pools as well Monitoring, Archiving, and the Call Quality Dashboard (CQD).

Ensure you are running the latest service packs and updates

The Monitoring and Archiving role requires SQL Reporting Service

The Call Quality Dashboard (CQD) requires SQL Analytics Service

Overview of SQL high availability options:



Tip: SQL Server Reporting Services for the Monitoring Server role isn't going to be supported with SQL Always on until post-RTM

Other Environmental Requirements

Outside of the hardware and software requirements there are environmental requirements to consider.

Active Directory

Supported Domain Controllers:

Windows Server 2012 R2

Windows Server 2012

Windows Server 2008 R2

Windows Server 2008

Domain and Forest Functional Level:

Windows Server 2012 R2

Windows Server 2012

Windows Server 2008 R2

Windows Server 2008

Windows Server 2003

Support Active Directory Topologies:

Single forest with single domain

Single forest with a single tree and multiple domains

Single forest with multiple trees and disjoint namespaces

Multiple forests in a central forest topology

Multiple forests in a resource forest topology

Multiple forests in a Skype for Business resource forest topology with Exchange Online

DNS

DNS is required to resolve friendly names to IP address and is a requirement for Skype for Business. For more information see here.

Certificates

A public key infrastructure (PKI) for transport layer security (TLS) and mutual transport layer security (MTLS) connections. Basically, to communicate securely in a standardized way, Skype for Business Server uses certificates issued by Certificate Authorities (CAs).

File Share

Skype for Business Server 2015 is able to use the same file share for all file storage, but you need to keep the following in mind:

A file share needs to be on either direct attached storage (DAS) or a storage area network (SAN), and this includes the Distributed File System (DFS)

Distributed File System (DFS) is supported

The file share for Skype for Business Server shouldn't (but can) be located on the Front End server or the server running SQL Server

Network Requirements

If you are deploying a single Edge Server or an Edge pool using DNS load balancing, you can configure the external firewall to perform network address translation (NAT). You can't configure the internal firewall to perform NAT

If you use Internet Protocol security (IPsec), we recommend disabling IPsec over the port ranges used for A/V traffic - details here

To provide optimal media quality, do the following:

65 kilobits per second (Kbps) per audio stream and 500 Kbps per video stream - A two-way audio or video session uses two streams

To cope with unexpected spikes in traffic and increased usage over time, Skype for Business Server media endpoints can adapt to varying network conditions, supporting three times the throughput for audio and video while still maintaining acceptable quality. In an under-provisioned network, the ability of the Skype for Business Server media endpoints to dynamically deal with varying network conditions is reduced

For network links where provisioning is very costly and difficult, you may have to consider provisioning for a lower volume of traffic. In this scenario you can let the elasticity of the Skype for Business Server media endpoints absorb the difference at the cost of some reduction in the voice quality

Consider disabling video for certain users where bandwidth is limited

Provision the network to guarantee a maximum end-to-end delay (latency) of 150 milliseconds (ms) under peak load. Latency is the one network impairment that Skype for Business Server media components can't reduce

For servers that are running antivirus software, include all servers that are running Skype for Business Server in the exception list to provide optimal performance and audio quality

QoS

Skype for Business Server does not require QoS, but it is strongly recommended. QoS can prioritise traffic and guarantee bandwidth for Skype for Business media endpoints. For more information on network requirements, QoS and bandwidth utilisation in different call scenarios see here.

Other

Load balancing requirements - see here
Ports and protocols for internal servers - see here

Deployment

Now that you understand the requirements, lets get deploying!

Create File Share

For the purpose for this article we will create a basic file share:

Log on to the computer that will host the file share

Right-click the folder you plan to share, and select Properties

Select the Sharing tab, select "Advanced Sharing", then tick "Share this folder":

Select "Permissions" and make sure the account you will use to publish the topology has "Full Control" permissions:

When the Topology is published the required NTFS and share permissions will be added

Install Administration Tools

The Skype for Business Administration Tools are required to manage your Skype for Business deployment. You don’t have to install these tools on all servers, however you would typically install these on your Front End and management servers. If you are upgrading a Lync 2013 pool you will need to install these tools on a management server that does not contain any other Lync server components. Here's how you install them:

Start setup (Setup\amd64\setup.exe) from your Skype for Business media and follow the prompts to install the Core Components

During installation you can choose whether or not you want to check for product updates before installing:

Once installed run the “Skype for Business Server 2015 Deployment Wizard” and select “Install Administration Tools":

Once installed you should have the following management tools:

Prepare Active Directory

Active Directory preparation is required in preparation for Skype for Business. You only need to run this step once per deployment.

If you are upgrading from Lync 2013 Active Directory preparation is not required (to be confirmed)

Start the Deployment Wizard and select "Prepare Active Directory":

There are 3 steps that need to be completed and verified - schema updates, forest prep and domain prep:

Step 1 - Prepare Schema
To prepare the Active Directory Schema for Skype for Business, login as a user with Schema Admin rights.

You can also run this step in PowerShell - Enable-CsAdServerSchema

Step 2 - Verify replication of schema partition

Log on to the domain controller for the domain.

Open ADSI Edit from the Tools drop-down menu in Server Manager.

On the Action menu, click Connect to.

In the Connection Settings dialog box under Select a well known Naming Context, select Schema, and then click OK.

Under the schema container, search for CN=ms-RTC-SIP-SchemaVersion. If this object exists, and the value of the rangeUpperattribute is 1150 and the value of the rangeLower attribute is 3, the schema was successfully updated and replicated. If this object does not exist or the values of the rangeUpper and rangeLower attributes are not as specified, the schema was not modified or has not replicated.

Step 3 - Prepare Current Forest

To prepare the Active Directory Forest for Skype for Business, login as a user with Enterprise Admin rights.

You will be asked to specify where you would like to create the security groups for the deployment. Typically this would be in the root domain of the forest.

You can also run this step in PowerShell - Enable-CsAdForest -GroupDomain <domain to create security groups>

Tip: By using the parameter GlobalSettingsDomainController, you can indicate where global settings are stored. If your settings are stored in the System container (which is typical with upgrade deployments that have not had the global setting migrated to the Configuration container), you define a domain controller in the root of your AD DS forest. If the global settings are in the Configuration container (which is typical with new deployments or upgrade deployments where the settings have been migrated to the Configuration container), you define any domain controller in the forest. If you do not specify this parameter, the cmdlet assumes that the settings are stored in the Configuration container and refers to any domain controller in Active Directory.

Step 4 - Verify Replication

From PowerShell run Get-CsAdForest

If the result is LC_FORESTSETTINGS_STATE_READY, the forest has successfully been prepared

Step 5 - Prepare Current Domain
To prepare the Active Directory Forest for Skype for Business, login as a user with Domain Admin or Enterprise Admin rights.

You can also run this step in PowerShell - Enable-CsAdDomain –Domain <domain to prepare>

Step 6 - Verify Replication

From PowerShell run Get-CsAdDomain

If the result is LC_DOMAINSETTINGS_STATE_READY, the domain has successfully replicated.

Once you have completed all steps they should be marked as "Complete":

Tip: After Active Directory preparation has completed it’s a good time to add the CSadministrator role to user account that will be performing the installation as well as any other account that will require full access to Lync. It is also worth adding RTCUniversalServerAdmins to the installation account.

Create DNS Records

Create the DNS records required to support the topology. Ensure that DNS round robin is enabled for DNS load balancing.

DNS configuration example coming soon.

Define and Publish Topology

Before you can install the Skype for Business Server on each of the servers in the topology, you must create a topology and publish it. When you publish a topology, you are loading the topology information into the Central Management Store database.

If this is an Enterprise Edition pool, you are creating the Central Management Store database the first time you publish a new topology on an existing backend SQL server.

If this is Standard Edition, you will need to run the Prepare First Standard Edition Server process from the Deployment Wizard before you publish a topology. This prepares for Standard Edition by installing a SQL Server Express Edition instance and creating the Central Management Store.

Important!
If have another version of Lync installed then you will need to follow the upgrade or migration path, and will need to select “Download Topology from existing deployments”. For more information select one of the following links:

Skype for Business In-Place Upgrade Step by Step

Skype for Business Migration Step by Step (From Lync 2010 or Lync 2013)

Prepare First Standard Edition Server
From the Deployment Wizard select "Prepare first Standard Edition server" and follow the steps:

Create a new topology

Open the “Skype for Business Topology Builder”

Select New Topology, and click OK:

Select a location and file name for the topology configuration file

On the Define the primary domain screen, enter the primary SIP domain, and click Next. In this example, we are using contoso.local, as shown in the figure:

Add any additional supported SIP domains, and then click Next:

Enter a Name and Description for the first site (location), and then click Next, as shown in the figure:

Enter the City, State/Province, and Country/Region Code for the site, and then click Next:

Click Finish to complete the process of defining a new topology. Make sure "Open the new Front End Wizard when this wizard closes" is ticked so the Front End Wizard launches automatically

Enterprise Edition Pool or Standard Edition Server

Skype for Business Server Enterprise Edition can include multiple servers working together to provide the Front End role. When multiple servers are used to fulfill the role, it is called a pool. Standard Edition can include only a single server to provide the Front End role. It is common to refer to the Front End pool even if only a single server is providing the role; the pool FQDN would be the FQDN of the Standard Edition server.

You can define a Front End server pool from the Topology Builder by right clicking "Standard Edition Front End pools" or "Enterprise Edition Front End pools" and selecting "New Front End Pool":

You also have the option during the Create New Topology wizard to automatically start Define New Front End Pool wizard. Select the "Open the New Front End Wizard..." tick box:

The screenshots in the following example are from a Standard Edition deployment, however the process is very similar and the differences will be called out.

Review the wizard prerequisites, and then click Next

Enter the fully qualified domain name (FQDN) of the pool or Standard Edition server and select either Enterprise Edition Front End Pool or Standard Edition Server, and then click Next:

If you chose an Enterprise Edition pool you'll need to enter the FQDN's of all computers in the pool, and then click Next

Select the features that will be included in this topology, and then click Next:

On the Select collocated server roles page, you can choose to collocate the Mediation server on the Front End server, or you can deploy it as a standalone server later:

If you want to associate an Edge server now you can define it now (see below to learn more about this process)

Next, you will define the SQL Server store that will be used with the topology. In this example, we don't need to do anything since we are using a Standard Edition server which hosts its own SQL server locally. For Enterprise Edition pools we would select or define a backend SQL server. For more information about SQL Server features see here.

Define the file share that you want to use. The file share needs to be preconfigured before you publish the topology as discussed in the prerequisites section (Other Environmental Requirements -> File Share. Define a new file share, in the File Server FQDN box, enter the FQDN of the existing file server where the file share is to reside, and then enter a name for the file share in the File Share box:

Specify the internal and external Web Services URL

For an Enterprise Edition pool you must decide if you need to override the internal Web Services Base URL. The reason for this override has to do with load balancing; If you do not override the URL, both SIP traffic and HTTP(S) web traffic will use the pool FQDN. SIP traffic can be load balanced using DNS load balancing, however web services must use a supported Hardware or Software load balancing solution, and thus you must override to separate the DNS load balanced components from the web services

For a Standard Edition server there is no need to override the internal URL since there is only one server

The External Base URL is the FQDN for the externally available web services which will be published via the reverse proxy

If you selected Conferencing on the Select Features page, you will be asked to select an Office Web Apps server. Click New to launch the dialog box:

In the Define New Office Web Apps Server dialog box, type the FQDN of your Office Web Apps.

If the Office Web Apps server is installed on-premises, and in the same network zone as Skype for Business Server, do not select the "Office Web Apps Server is deployed in an external network (that is, perimeter/Internet)"

If the Office Web Apps server is deployed outside your internal firewall, select the option "Office Web Apps Server is deployed in an external network (that is, perimeter/Internet)":

If you chose to enable Archiving you will be asked to select or define a SQL server store

Select New if you need to define a new SQL server store

If you chose to enable Monitoring you will be asked to select or define a SQL server store. You can use the same SQL server store define for Monitoring, or select New to define one as we did in the step above:

You should now be a the end of the wizard, select "Finish" to complete the process.

Edge Server

Like Front End servers, Edge servers can be pooled together with a pool FQDN, or can be standalone.

You can define an Edge server pool from the Topology Builder by right clicking "Edge pools" and selecting "New Edge Pool":

You also have the option during New Front End Pool wizard to automatically start New Edge Pool wizard. Select the "Enable an Edge pool..." tick box:

Then select the "New" button":

Defining Edge Server

Start the New Edge Server wizard using one of the methods noted above

Enter the fully qualified domain name (FQDN) of the pool or Edge server and select whether you will be defining a multi-server or single server pool, then select "Next:

If you chose a multi-server pool you'll need to enter the FQDN's of all computers in the pool, and then click Next

Enable the federation features that you require

Choose whether you will use single or multiple public IP addresses

Tip: If you have 3 public IP addresses available, I would strongly recommend the multiple IP option. Choosing this option allows you to run Access Edge, Conferencing Edge and Audio Video Edge on port 443. If you choose a single IP this is not possible, and could cause issues communicating with companies that have strict outbound firewall policies.

Select IPv4 and IPv6 options (IPv4 is covered by this article) and whether you require NAT on the public side:

Define your externally resolvable FQDN's for the Access Edge. Conferencing Edge and Audio Video Edge services.

If you chose to use multiple IP's you can define all 3 of these distinctly. Port 443 is recommended for all services:

Otherwise you only need define the Access Edge FQDN and ports. The default ports are a good compromise if you only have a single IP address:

Define your Edge servers internal IP address (this must not use NAT!):

Define the public IP addresses for each service

If you are not using NAT enter the public IP addresses:

If you are using NAT enter the private IP address that the public IP will be NAT'ed to:

If you are using NAT you will also need to enter the actual Public IP address of the Audio Video service:

Select the Front End server pool that will be the next hop for the Edge server pool:

You may also be asked to associate the Edge server pool to any Mediation Pools you have:

You should now be at the end of the Wizard, select "Finish"

Configure Simple URL's

Simple URL's will be configured by default, however you may wish to make changes to these to meet you specific requirements. Additionally it can be useful to define an Administrative access URL to make it easy to remember the URL to the Skype for Business Control Panel.

In Topology Builder, right-click the Skype for Business Server top node, and then click Edit Properties, as shown in the figure

In the Simple URLs pane, select either Phone access URLs: (Dial-in) or Meeting URLs: (Meet) to edit, and then click Edit URL

Update the URL to the value you want, and then click OK to save the edited URL. You should configure the simple URL using the external SIP domain so that external users can join meetings, for example, contoso.com, which is external, as opposed to contoso.local, which is an internal domain. Thus, the SIP domain should be able to be resolved by external DNS

Edit the Meet URL by using the same steps, if necessary

In the Administrative access URL box, enter the simple URL you want for administrative access to Skype for Business Server Control Panel, and then click OK.

Publish Topology

Now we are ready to publish the topology to the Central Management Store.

When you publish the topology for the first time the databases are created – This would be a backend SQL server for an Enterprise pool or a local SQL instance on a Standard Edition server. One of these databases, named XDS, holds data for the Central Management Store (CMS). This is an important database because it holds Lync Servers Topology, policy and configuration information. A replica copy of the XDS database is located locally on each Lync Server role as an instance of SQL Server Express named "RTCLOCAL"'.

Permissions required to publish the topology

Permissions required to publish the topology - see here

Delegate Setup Permissions (if you do not want to grant the setup account Domain Admin rights) - see here

Permissions required for SQL - see here

Publish the Topology

From the Topology Builder right click the top node of the tree and select "Publish Topology":

Select "Next"

Select the Front End pool that will host the Central Management Store:

You can optionally select the "Advanced" button if you need to define the database instance or file locations:

Next you will be presented with an option create your databases. Make sure you have the required permissions to run this step. If you don’t untick this option and ask someone who does to run this step later:

Select Next to start publishing the topology:

Install Servers

Once the topology has been published you are ready to install the Skype for Business Server roles on your pre-built servers. One of the nice things about Skype for Business Server is the ease in which this is done. All you need to do is run the installer and work through the wizards. Each server will contact the Central Management Store (CMS) to learn the role it lays in the topology. With this information the required components will be installed.

Install Servers
For each server in the topology you need to install the Core Components and run the Deployment Wizard.

Start setup (Setup\amd64\setup.exe) from your Skype for Business media and follow the prompts to install the Core Components

During installation you can choose whether or not you want to check for product updates before installing

Once installed run the “Skype for Business Server 2015 Deployment Wizard” and select “Install or Update Skype for Business Server System":

There are 4 key steps that are required to install Skype for Business

Step 1 - Install Local Configuration Store
Running the first step installs the Local Configuration Store (a local copy of the Central Management Store).

Tip: For this step to work, the servers FQDN must match its role as defined in the topology. Because Edge servers are not domain joined you'll need to make sure you have given the server a DNS suffix as described in the prerequisites section for Edge Servers (Software Prerequisites -> Server Operating Systems -> Additional Prerequisites for Edge Servers).

For the internal domain joined servers select "Retrieve directly from the Central Management Store...".

For the Edge servers select "Import from a file...". You will need to export the topology to file, then copy it across to the Edge server. To export the the topology run Export-csconfiguration -filename c:\topology_export.zip from PowerShell.

Step 2 - Setup or Remove Skype for Business Components

Step 3 - Request, Install or Assign Certificates
You need to create a server certificate and OAuth certificate.

Highlight the certificate you wish to create and then select "Request":

Complete the certificate request form:

Select "Next", then "Next" again

You will be presented with an option to assign the certificate. Select this option to assign the requested certificate:

Select "Next" then "Finish"

Repeat for the OAuth certificate

You should now have met the certificate requirements for the server

Step 4 - Start Services
You are now ready to start your Skype for Business services. Open Skype for Business Server Management Shell and run the following command:

Start-CsPool -PoolFQDN <pool FQDN>

Open Services and check that all services are in a running state:

Show more