Configure Cisco Meeting Server and Skype for Business Contents Introduction Prerequisites Requirements Components Used Configure Network Diagram Callbridge Certificates Outbound rules DNS Records Verify Troubleshoot Calls not completing Introduction This document describes how to configure Cisco Meeting Server (CMS) with Skype for Business as a complement of the official guides. Prerequisites Requirements Cisco recommends that you have knowledge of these topics: Cisco Meeting Server (CMS) Domain Name Server (DNS) Skype Application Programming Interface (API) Note:The configuration guide can be found here: https://www.cisco.com/c/dam/en/us/td/docs/conferencing/ciscomeetingserver/deployment_ Guide/Version-2-2/Cisco-Meeting-Server-2-2-Scalable-and-Resilient-Deployments.pdf Components Used 2 CMS Cores, software version 2.2.2. The callbridges are in cluster. 1 CMS edge, with webridge access, software version 2.2.2. The server is not used with the Skype configuration, but exists in the topology. Skype for Business 2015
Active Directory (AD) Windows Server 2012 Secure Shell (SSH) client Secure File Transfer Protocol (SFTP) client such as WinSCP or similar API program such as Postman or similar Remote Desktop session for Active Directory, DNS and Skype server Configure Network Diagram Callbridge Certificates Table 1 provides an example of what does the certificate must contain. It provides an explanation of what does each field means. Table 1 Callbridge Certificates Server 1 CN:core1.domain.com SAN1:core2.domain.co m SAN2:cms.domain.com What does field means Cisco Meeting Server (CMS)1 core, FQDN put as a CN when callbridge certificate was created CMS2 core, Fully Qualified Domain Name (FQDN) put as a Common Name (CN), when callbridge certificate was created A separate "A" Domain Name Server (DNS) record that will be use to
resolve all the callbridge on the cluster Server 2 CN:core2.domain.com CMS2 core, FQDN put as a CN when callbridge certificate was created SAN1:core1.domain.co CMS1 core, FQDN put as a CN when callbridge certificate was created m A separate "A" Domain Name Server (DNS) record that will be use to SAN2:cms.domain.com resolve all the callbridge on the cluster The image below provides an example of a certificate for the callbridge: Note: The Certificate Configuration guide can be found here: https://www.cisco.com/c/dam/en/us/td/docs/conferencing/ciscomeetingserver/deployment_ Guide/Version-2-2/Certificate-Guidelines-Single-Split_Server-Deployment-2-2.pdf Outbound rules Table 2 provides an example on how to configure the outband rules on the CMS core. It provides an explanation of what does each field means. Table 2 CMS server outboud dial plan rules: Domain:domain.com Proxy to use: fe.domain.com What does field means Skype domain Fully Qualified Doamin Name (FQDN) of Skype Front End
Server 1 Local contact domain: core1.domain.com Server 2 Local contact domain: core2.domain.com Local from domain: domain.com Scope: callbridge Fully Qualified Doamin Name (FQDN) of callbridge1 Fully Qualified Doamin Name (FQDN) of callbridge2 Cisco Meeting Server (CMS) domain Scope of the rule DNS Records Table 3 provides an example on how to configure the DNS server. It provides an explanation of what does each field means. Table 3 DNS configuration: A records: IP example core1.domain.co 10.10.10.1 callbridge1 m core2.domain.co m 10.10.10.2 callbridge2 cms.domain.com 10.10.10.1 10.10.10.2 fe.domain.com 10.10.10.3 You need to create an A record, for all Internet Protocol (IP) adress of the callbridges in the cluster, pointing to the same Fully Qualified Domain Name (FQDN). Skype Fully Qualified Doamin Name (FQDN) Step 1. Create outbound rules for every callbridge on CMS Core. Connect to the Webadmin and navigate to Configuration > Outboud calls.
The following configuration example uses the parameters on Table 2. The hostname is: tlacoyo. Click on submit when you finish the parameters configuration. You see the outbound rule is added: In case there is a callbridge cluster, add a rule for every callbridge. Step 2. Change the scope of the outbound rule from the default option "global" to "callbridge". You can use Postman or any other API for this purpose. In order to see the scope, use get instruction and navigate to: /outbounddialplanrules Select the outbound Dial Plan Rule id. Use get and move to the oubound rule by adding the id selected.
You can see from the image above, the scope of the outbound rule is "global". You need to change it to "callbridge". To do so, use put and set the scope as shown below. Do a get again over the same outbound rule to see the changes. Note that the scope has change to callbridge. Step 3. On the webadmin inferface verify that Call bridge scope, has change from <all> to <none>
on a single callbridge. Verify the scope changed from <all> to <local> for clustered deployments. The image below shows how the scope changes on a Single callbridge The image below shows how the scope changes on a Cluster callbridge: Note: On the image above, you can see the local and the remote callbridges. The remote callbridge is shown as "queso" and is the one that you use for xmpp callbridge unique name. Step 4. Allow media encryption on the CMS. Navigate to Configuration> Call Settings. SIP media encription must be set to allowed. Step 5. Incoming call matching. On the incoming call matching, Set to yes the Targets Lync and Targets Lync Simplejoin columns.
Navigate to Configuration > Incoming calls. Domain Name Server (DNS) records Use table 3 as reference for this example configuration. Be sure the DNS A records are configured on the DNS server. The image below shows the A record configuration for Callbridge1 The image below shows the A record configuration for Callbridge2 if a cluster is configured.
The image below shows the A record configuration for the Skype server, Front End server
Step 6. Create a new DNS record for the pool integration with Skype. The A record must contain all the callbridges on the cluster in case there is one, if not, only add the single callbridge. For this guide the name used is "cms".
If you have a callbridge cluster, add the other IP addresses of the callbridges to the pool.
Configure a Skype User on CMS Step 1.Navigate to Configuration> General. On Lync Edge Settings configure the parameters shown in the image: Server address: is the FQDN of Skype front end server Usarname: a valid user that resides on Skype server, use e-mail format. Number of registrations: leave it blank, unless you want to limit it.
Repeat this process for each callbridge on the cluster. Step 2. Verify the Skype user is configured and registered on Cisco Meeting Server (CMS). Navigate to Status > General. The image below shows a succesfull registration. Skype Configuration UseSkype Management Shell for this configuration and the commands below to configure the Skype server. Apply the commands on the Front End server. Note:The suggested commands are for guidence. In case you have doubts about the configuration on Skype server, you will need to contact your Skype administrator and/or support team. To configure a trusted application pool: New-CsTrustedApplicationPool -Identity cms.domain.com -ComputerFqdn tlacoyo.domain.com -Registar fe.domain.com -site 1 -RequiresReplication $false -ThrottleAsServer $true -TreatAsAuthenticated $true In case you have more than one callbridge, add the other servers with the command: New-csTrustedApplicationComputer -Identity core2.domain.com -Pool cms.domain.com Continue with configuration by creating the trusted application: New-CsTrustedApplication -ApplicationId cmsapplication -TrustedApplicactionPoolFqdn cms.doamin.com -Port 5061 $x=new-csstatiroute -TLSRoute -Destination "cms.domain.com" -MatchUri "domain.com" -Port 5061 -UseDefaultCertificate $true If needed, configure a static route: Set-CsStaticRoutingConfiguration -Identity Global -Route@{Add=$x} Verify CMS users dial into a space.
Create a conference on Skype:
Invite the cospace to join the conference:
You see all the users are on the same conference
Troubleshoot Calls not completing You see the error: "Deactivating due to session resource teardown" To fix this problem make sure SIP media encryption is enable on the CMS.
If you encounter errors after you confirm the procedures documented in the Troubleshoot section of this document, contact Cisco TAC.