Quality of Service for Skype for Business/Lync configuration and best practice Guide V2 Overview: As you know that Microsoft Skype for Business is great product which has multiple features which help enterprise users to communicate and collaborate effectively from anywhere. To get Skype for Business to work correctly for internal and external users, is complex task as we are dealing with vast product. Improving quality of service is very important. So, this admin guide helps you to configure end to end Quality of Service. Also, this document mainly focusing on why we need Quality of Service and how we can configure this. Basically, Quality of Services is not a only solution of every quality problem, however QoS is combination of networking technologies that enables companies to optimize the end-user experience for real time audio, video and application sharing communications. QoS is commonly used when network bandwidth is limited and when network congestion, in practice bandwidth limitation and network congestion always there so we must have QoS configure correctly to optimize end-users experience. Author: Balu Ilag Microsoft MVP (Office Servers and Services) 8.27.2018, Balu Ilag, System Administrator, Microsoft MVP Office Apps and Services. Version 2.0 Contact me at: balasaheb.ilag@hotmail.com Blog: http://bloguc.com/. This document covers how to deploy quality of services and why we need it. Target audience for this admin guide are Skype for Business / Lync Administrator, Skype for Business Online (Office365) Administrator, Network Engineer and System Administrator who manages Skype for Business and Lync server 2013 environment.
Quality of Service for Skype for Business / Lync configuration and best practice Guide V2 Why QoS required? Quality of Services (QoS) is a combination of networking technologies that enables companies to optimize the end-user experience for real time audio, video and application sharing communications. QoS is commonly used when network bandwidth is limited and when network congestion, in practice bandwidth limitation and network congestion always there so we must have QoS configure correctly to optimize end-users experience. QoS can be configure as end to end, it more useful your media traffic traverse over Wide Area Network because on Local Area Network you might not have network congestion and bandwidth issues. When we talk about WAN, were most of organization uses Multi-Protocol Label Switched (MPLS). MPLS network is a L3 WAN built by a service provider to sell its bandwidth to many customers and allows to guarantee a quality of service (QoS). With that said means QoS is always required How QoS is working? Basically, all port range provided to Skype for Business/Lync client via in band provisioning. This means that once your Skype for Business / Lync client signs in, they will start using these locked down port ranges which configured on Skype for Business/ Lync Server and this ports pushed down to Skype for Business/ Lync clients. So, when client initiate the media traffic using applications like lync.exe, communicator.exe and attendeeconsole.exe. This means that all applications that utilize the Audio/Video, Application sharing, file transfer ports, which will get DSCP (Differentiated Services Code Point), markings stamped by Operating System via GPO (Group Policy Object). Operating System like, Windows Vista, Windows 7, Windows 8 and Windows 10 utilize the Policy based QoS. Policy based QoS has the benefit that you can restrict the QoS at the application level. This means that all client applications that utilize the Audio/Video Application sharing, file transfer ports that we configure for Audio/Video, Application sharing, file transfer will get DSCP markings stamped.
In other word the Windows or Windows Server operating system can identify the traffic type and apply the appropriate DSCP to each packet according to the port that it uses. Below is the client application with their executable file name: Office Communicator 2007/R2 and Lync 2010 communicator.exe Lync 2010 and Lync Attendant Console - attendantconsole.exe Lync 2013, Skype for Business 2015 and Skype for Business 2016 Lync.exe Below are the port ranges and DSCP values with their Media type: Media Type Communication Port Range Port Count DSCP Values Conferencing 49152 - Audio 8348 Server 57500 46 49152 - Audio Mediation Server 8348 57500 50020 - Audio Clients 40 50059 46 Conferencing 57501 - Video 8034 Server 65535 34 58000 - Video Clients 20 58019 34 App Conferencing 40803-8348 Sharing Server 49151 24 App 42000 - Clients 20 Sharing 42019 24 File 40783 - Clients 20 Transfer 40802 14 Signaling Client and Server 5060-5061 2 46 Note: This QoS capability is only applicable to Skype for Business clients and IP phone devices which are registered directly to an internal Skype for Business / Lync pool Server on managed networks; QoS is not applicable for traffic routed over the Internet. Let us start with QoS configuration: 1. Enable QoS for all clients, which is disabled by default: Quality of Services (QoS) is not enabled by default on Skype for Business / Lync Server.
You can run Get-CsMediaConfiguration command from PowerShell and see if EnableQoS shows True or False. By default, it shows as False. To Enable QoS globally, run the below PowerShell command: Set-CsMediaConfiguration -EnableQoS $True In case you want to enable QoS per site wise then run the below command let Set-CsMediaConfiguration -Identity Site:<sitename> -EnableQoS $True 2. Configure the port ranges for Conferencing and peer-to-peer media traffic: For Quality of Service work correctly, you should configure identical port ranges for audio, video, file transfer and application sharing on your Conferencing, Application, and Mediation servers; furthermore, those port ranges must not overlap in any ways. E.g. if you use ports 57501 through 65535 for video on your Conferencing servers. That means that you must also reserve ports 57501 through 65535 for video on your application servers. If you do not, QoS will not work as expected. You must use Power Shell to configure Port ranges. You can verify the existing port ranges for your Conferencing, Application, and Mediation servers by running power shell commands. Get-CsService -ConferencingServer Select-Object Identity, AudioPortStart, AudioPortCount, VideoPortStart, VideoPortCount, AppSharingPortStart, AppSharingPortCount Get-CsService -ApplicationServer Select-Object Identity, AudioPortStart, AudioPortCount Get-CsService -MediationServer Select-Object Identity, AudioPortStart, AudioPortCount Note: Application server and Mediation server only support QoS for audio; you do not need to change video or application sharing ports in your Application servers or Mediation servers.
As you can see in the below commands, each port type audio, video, and application sharing is assigned two separate property values; the port start and the port count. The port start indicates the first port used for that modality; e.g. if the audio port start is equal to 49152 that means that the first port used for audio traffic is port 49152. If the audio port count is 8348 that means that 8348 ports are allocated for audio. If the first port is port 49152 and last ports 57500 (port ranges should be contiguous). Thus, the port range for audio would be ports 49152 through 57500. To make changes in all Pool Servers: Get-CsService -ConferencingServer ForEach-Object {Set-CsConferenceServer - Identity $_.identity -AppSharingPortStart "40803" -AppSharingPortCount "4348" - AudioPortStart "49152" -AudioPortCount "4348" -VideoPortStart "57501" - VideoPortCount "8034"} To modify Instant messaging SIP port in all Pool Server (optional): Get-CsService -ConferencingServer ForEach-Object {Set-CsConferenceServer - Identity $_.Identity -ImSipPort 5062} You can make changes to mediation and application server audio port ranges. To set on all Edge Server: With Edge servers, you do not have to configure separate port ranges for audio, video, and application sharing; likewise, the port ranges used for Edge servers do not have to match the port ranges used with your Conferencing, Application, and Mediation servers. Get-CsService -EdgeServer ForEach-Object {Set-CsEdgeServer -Identity $_.Identity -MediaCommunicationPortStart 50000 - MediaCommunicationPortCount 10000} Configure client port ranges for peer-to-peer media: You can run below command to find existing media client ports: Get-CsConferencingConfiguration fl Client*
To make changes in client port ranges: Set-CsConferencingConfiguration -ClientMediaPortRangeEnabled $True - ClientAudioPort "50020" -ClientAudioPortRange "40" -ClientVideoPort "58000" - ClientVideoPortRange "20" -ClientAppSharingPort "42000" - ClientAppSharingPortRange "20" -ClientFileTransferPort "40783" - ClientFileTransferPortRange "20" 3. Now configure separate Group Policy Object for Client and Server: After defining port ranges you must also create Quality of Service policies that specify the DSCP code to be associated with each port range Simply, restricting a set of ports to a specific type of traffic does not result in packets traveling through those ports being marked with the appropriate DSCP code. In addition to defining port ranges you must also create Quality of Service policies that specify the DSCP code to be associated with each port range. This DSCP values association with port ranges can be achieve via GPO which has policy based QoS. If you already have all port ranges and DSCP value with communication type then processed below, if not then decide port ranges and follow the step two for configure port ranges. Microsoft outline complete steps https://technet.microsoft.com/enus/library/jj205076(v=ocs.15).aspx a. You must have consolidated all your computer object to single OU (Organization Unit). E.g. Computer. b. Login to the Domain Controller or computer which have Group Policy Management installed.
c. Open Group Policy Management tool (run > gpmc.msc) and then right click the OU (Computer) and then click Create a GPO in this domain, and Link it here to create a new GPO. E.g. SfBLyncClient-QoS. You must have required permission (Domain Admin) or like create and link policy object. d. Select the newly created Group Policy Object and right click on it and select Edit to Open Group Policy Management Editor > expand Computer Configuration > expand Policies > expand Windows Settings > right click Policy-based QoS > then click Create new policy. e. In Policy-based QoS page > give policy name as "Lync2013-Audio" > Select Specify DSCP Value: "46" > click Next. Below screenshot shows Policy name and DSCP value information: (screenshot shows exiting policy)
f. On next page > Select "Only applications with this executable name: "lync.exe" > click Next. Note: This simply ensures that Lync.exe application will match packets from the specified port range with the specified DSCP code. Below screenshot shows Application name information: (screenshot shows exiting policy)
g. On next page, make sure that both Any source IP address and Any destination IP address are selected > then click Next. Note: These two settings ensure that packets will be managed regardless of which computer (IP address) sent those packets and which computer (IP address) will receive those packets. Below screenshot shows IP address configuration information: (screenshot shows exiting policy).
h. On next page select TCP and UDP > select From this source port or range. Note: TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) are the two networking protocols most-commonly used by Skype for Business/ Lync Server and its client applications. Also, typed port range reserved for audio transmissions. Below screenshot shows protocol and port range configuration information: (screenshot shows exiting policy).
i. Follow step e to h and create new policy object as Lync2013-Signaling, Lync2013-AppShare, Lync2013-File Transfer and Lync2013-Video with above ports ranges and DSCP values. j. After you configuring all policy object, it will look like below: k. Open Group Policy Management and then right click the OU (Server) and then click Create a GPO in this domain, and Link it here to create a new GPO. E.g. SfBLync-Server-QoS. You must add your Skype for Business / Lync Server to Server OU. Then repeat step d to I and create policy object for Server as well. After you configuring all policy object for server, it will look like below screen.
4. Finally test the QoS, as a best practice you must validate QoS configuration and DSCP tagging quarterly basis. How enable QoS for Skype for Business / Lync Phone devices? Basically, Skype for Business / Phone edition mainly support audio, hence you define DSCP values for Audio traffic. To enable QoS on Skype for Business /Lync Phone Edition device, you must edit the VoiceDiffServTag and Voice8021p settings on the device By default, VoiceDiffServTag is set to 40, and Voice8021p is set to 0. Lync/Skype Server Control Panel > Clients > Device Configuration. You enable QoS using PowerShell as well:
Open Skype for Business / Lync Management Shell > type below command: Set-CsUcPhoneConfiguration -VoiceDiffServTag <value> -Voice8021p <value> E.g. Set-CsUcPhoneConfiguration -VoiceDiffServTag 46 -Voice8021p 0 You will need to restart the device for the changes to take effect. Test1: a. First, we need test GPO policy correctly applied or not, after newly created GPO applied and linked to OU where Computer and Server object stored (separate OU). Before testing you can force the policy by running "gpupdate.exe /force" on testing computer and server which will refresh the policy. b. After policy refresh on client computer > Start > Run > cmd (open as administrator) > type Gpresult /h result.htm c. You will all policy result in result.htm file and find your QoS policy. Test2: a. Enable Skype for Business/ Lync client log > then sign-in to Skype for Business / Lync client > then open Skype/ Lync (UCCAPILOG) logs in Notepad or Snooper tool. See the qosenabled shows true and verify all client port numbers. Below are log file locations. Skype for Business 2015/Lync2013 client: %userprofile%\appdata\local\microsoft\office\15.0\lync\tr acing\ Skype for Business 2015 client: %userprofile%\appdata\local\microsoft\office\16.0\lync\tr acing\ Below screenshot shows correct client ports.
Test3: Make audio call with another internal user and capture network traffic to verify, if QoS tagging shows correctly of not. Verify two way packets and see DSCP value shows correctly. Below screenshot shows UDP traffic DSCP: FE (Expedited Forwarding (46), which is correct tagging. Test4: a. On Windows machine > open regedit > browse path HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\QoS
You will see all QoS polices applied to this machine: b. On FE Server, you don t have to define application name because this server all application related to Skype/ Lync. open regedit > browse path HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\QoS On Front End Server show like below:
Best practices: 1. Every quarterly audit QoS policies and sees tagging. 2. Check with WAN (Wide Area Network) provider (MPLS) for QoS plane. 3. You must validate QoS end-to-end because sometime incorrectly configured network devices (routers, wireless access points, switches) which might set or change DSCP markings to something you did not intend or strip DSCP markings to 0 (set to 0). Thank you.