Skip to main content

Deploy Quality of Service for Skype for Business / Lync with best practices


Deploy Quality of Service for Skype for Business / Lync and best practice Guide

 

Why QoS required?

Quality of Services (QoS) is a combination of networking technologies that enables companies to optimize the end-user experience for real time audio, video and application sharing communications.

QoS is commonly used when network bandwidth is limited and when network congestion, in practice bandwidth limitation and network congestion always there so we must have QoS configure correctly to optimize end-users experience.

QoS can be configure as end to end, it more useful your media traffic traverse over Wide Area Network because on Local Area Network you might not have network congestion and bandwidth issues.

When we talk about WAN, were most of organization uses Multi-Protocol Label Switched (MPLS). MPLS network is a L3 WAN built by a service provider to sell its bandwidth to many customers and allows to guarantee a quality of service (QoS). With that said means QoS is always required J

How QoS is working?

Basically, all port range provided to Skype for Business/Lync client via in band provisioning. This means that once your Skype for Business / Lync client signs in, they will start using these locked down port ranges which configured on Skype for Business/ Lync Server and this ports pushed down to Skype for Business/ Lync clients. So, when client initiate the media traffic using applications like lync.exe, communicator.exe and attendeeconsole.exe.  This means that all applications that utilize the Audio/Video, Application sharing, file transfer ports, which will get DSCP (Differentiated Services Code Point), markings stamped by Operating System via GPO (Group Policy Object).

Operating System like, Windows Vista, Windows 7, Windows 8 and Windows 10 utilize the Policy based QoS. Policy based QoS has the benefit that you can restrict the QoS at the application level.  This means that all client applications that utilize the Audio/Video Application sharing, file transfer ports that we configure for Audio/Video, Application sharing, file transfer will get DSCP markings stamped.

Below is the client application with their executable file name:

  • Office Communicator 2007/R2 and Lync 2010 – communicator.exe
  • Lync 2010 and Lync Attendant Console - attendantconsole.exe
  • Lync 2013, Skype for Business 2015 and Skype for Business 2016 – Lync.exe

Below are the port ranges and DSCP values with their Media type:

Media Type 
Communication 
Port Range 
Port Count 
DSCP Values
Audio 
Conferencing Server 
49152 - 57500 
8348 
46
Audio 
Mediation Server 
49152 - 57500 
8348 
 
Audio 
Clients 
50020 - 50059 
40 
46
Video 
Conferencing Server 
57501 - 65535 
8034 
34
Video 
Clients 
58000 - 58019 
20 
34
App Sharing 
Conferencing Server 
40803 - 49151 
8348 
24
App Sharing 
Clients 
42000 - 42019 
20 
24
File Transfer 
Clients 
40783 - 40802 
20 
14
Signaling
Client and Server
5060-5061
2
46

 

Note: All mobility clients, like iOS, Android, Windows, Skype for Business/ Lync 2013 Mobility clients will not utilize this QoS capability as it is only applicable to Skype for Business Windows and Skype for Business for Mac clients and IP phone devices which are registered directly to an internal Skype for Business / Lync pool Server on managed networks; QoS is not applicable for traffic routed over the Internet.

Microsoft recently released Skype for Business on Mac client, which can tag traffic, but the OS X does not support. Microsoft is working with Apple to support tagged traffic. However as of now it not working.

Let us start with QoS configuration:

  1. Enable QoS for all clients, which is disabled by default:
    Quality of Services (QoS) is not enabled by default on Skype for Business / Lync Server.
    You can run Get-CsMediaConfiguration command from PowerShell and see if “EnableQoS” shows “True” or “False”. By default, it shows as False.
    To Enable QoS globally, run the below PowerShell command:
    Set-CsMediaConfiguration -EnableQoS $True
    In case you want to enable QoS per site wise then run the below command let
    Set-CsMediaConfiguration -Identity Site: -EnableQoS $True
     
  2. Configure the port ranges for Conferencing and peer-to-peer media traffic:
    For Quality of Service work correctly, you should configure identical port ranges for audio, video, file transfer and application sharing on your Conferencing, Application, and Mediation servers; furthermore, those port ranges must not overlap in any ways. E.g. if you use ports 57501 through 65535 for video on your Conferencing servers. That means that you must also reserve ports 57501 through 65535 for video on your application servers. If you do not, QoS will not work as expected.
    You must use Power Shell to configure Port ranges. You can verify the existing port ranges for your Conferencing, Application, and Mediation servers by running power shell commands.
    Get-CsService -ConferencingServer | Select-Object Identity, AudioPortStart, AudioPortCount, VideoPortStart, VideoPortCount, AppSharingPortStart, AppSharingPortCount
     
     
    Get-CsService -ApplicationServer | Select-Object Identity, AudioPortStart, AudioPortCount
    Get-CsService -MediationServer | Select-Object Identity, AudioPortStart, AudioPortCount
     
    Note: Application server and Mediation server only support QoS for audio; you do not need to change video or application sharing ports in your Application servers or Mediation servers.
     
    As you can see in the below commands, each port type – audio, video, and application sharing – is assigned two separate property values; the port start and the port count. The port start indicates the first port used for that modality; e.g. if the audio port start is equal to 49152 that means that the first port used for audio traffic is port 49152. If the audio port count is 8348 that means that 8348 ports are allocated for audio. If the first port is port 49152 and last ports 57500 (port ranges should be contiguous). Thus, the port range for audio would be ports 49152 through 57500.
     
    To make changes in all Pool Servers:
    Get-CsService -ConferencingServer | ForEach-Object {Set-CsConferenceServer -Identity $_.identity -AppSharingPortStart "40803" -AppSharingPortCount "4348" -AudioPortStart "49152" -AudioPortCount "4348" -VideoPortStart "57501" -VideoPortCount "8034"}
     
    To modify Instant messaging SIP port in all Pool Server (optional):
    Get-CsService -ConferencingServer | ForEach-Object {Set-CsConferenceServer -Identity $_.Identity -ImSipPort 5062}
     
    You can make changes to mediation and application server audio port ranges.
     
    To set on all Edge Server:
    With Edge servers, you do not have to configure separate port ranges for audio, video, and application sharing; likewise, the port ranges used for Edge servers do not have to match the port ranges used with your Conferencing, Application, and Mediation servers.
     
    Get-CsService -EdgeServer | ForEach-Object {Set-CsEdgeServer -Identity $_.Identity -MediaCommunicationPortStart 50000 -MediaCommunicationPortCount 10000}
     
    Configure client port ranges for peer-to-peer media:
    You can run below command to find existing media client ports:
    Get-CsConferencingConfiguration | fl Client*
    To make changes in client port ranges:
    Set-CsConferencingConfiguration -ClientMediaPortRangeEnabled $True -ClientAudioPort "50020" -ClientAudioPortRange "40" -ClientVideoPort "58000" -ClientVideoPortRange "20" -ClientAppSharingPort "42000" -ClientAppSharingPortRange "20" -ClientFileTransferPort "40783" -ClientFileTransferPortRange "20"
     
  3. Now configure separate Group Policy Object for Client and Server:
    After defining port ranges you must also create Quality of Service policies that specify the DSCP code to be associated with each port range
    Simply, restricting a set of ports to a specific type of traffic does not result in packets traveling through those ports being marked with the appropriate DSCP code. In addition to defining port ranges you must also create Quality of Service policies that specify the DSCP code to be associated with each port range.
     
    This DSCP values association with port ranges can be achieve via GPO which has policy based QoS.
     
    If you already have all port ranges and DSCP value with communication type then processed below, if not then decide port ranges and follow the step two for configure port ranges.
     

  1. You must have consolidated all your computer object to single OU (Organization Unit). E.g. Computer.
  2. Login to the Domain Controller or computer which have Group Policy Management installed.
  3. Open Group Policy Management tool (run > gpmc.msc) and then right click the OU (Computer) and then click “Create a GPO in this domain, and Link it here” to create a new GPO. E.g. SfBLyncClient-QoS. You must have required permission (Domain Admin) or like create and link policy object.
     
  4. Select the newly created Group Policy Object and right click on it and select Edit to Open Group Policy Management Editor > expand Computer Configuration > expand Policies > expand Windows Settings > right click Policy-based QoS > then click ‘Create new policy’.
  5. In Policy-based QoS page > give policy name as "Lync2013-Audio" > Select Specify DSCP Value: "46" > click Next.
    Below screenshot shows Policy name and DSCP value information: (screenshot shows exiting policy)
  6. On next page > Select "Only applications with this executable name: "lync.exe" > click Next.
    Note: This simply ensures that Lync.exe application will match packets from the specified port range with the specified DSCP code.
    Below screenshot shows Application name information: (screenshot shows exiting policy)
  7. On next page, make sure that both Any source IP address and Any destination IP address are selected > then click Next.
    Note: These two settings ensure that packets will be managed regardless of which computer (IP address) sent those packets and which computer (IP address) will receive those packets.
     
    Below screenshot shows IP address configuration information: (screenshot shows exiting policy).
     
  8. On next page select TCP and UDP > select ‘From this source port or range’.
    Note: TCP (Transmission Control Protocol) and UDP (User Datagram Protocol) are the two networking protocols most-commonly used by Skype for Business/ Lync Server and its client applications.
    Also, typed port range reserved for audio transmissions.
    Below screenshot shows protocol and port range configuration information: (screenshot shows exiting policy).
     
    Follow step e to h and create new policy object as “Lync2013-Signaling, Lync2013-AppShare, Lync2013-File Transfer and Lync2013-Video” with above ports ranges and DSCP values.
    After you configuring all policy object, it will look like below:
  9. Open Group Policy Management and then right click the OU (Server) and then click ‘Create a GPO in this domain, and Link it here’ to create a new GPO. E.g. SfBLync-Server-QoS. You must add your Skype for Business / Lync Server to Server OU. Then repeat step d to I and create policy object for Server as well.
    After you configuring all policy object for server, it will look like below screen.
     

  1. Finally test the QoS, as a best practice you must validate QoS configuration and DSCP tagging quarterly basis.
    Test1:

    1. First, we need test GPO policy correctly applied or not, after newly created GPO applied and linked to OU where Computer and Server object stored (separate OU). Before testing you can force the policy by running "gpupdate.exe /force" on testing computer and server which will refresh the policy.
  1.  After policy refresh on client computer > Start > Run > cmd (open as administrator) >    type Gpresult /h result.htm
  2. You will all policy result in result.htm file and find your QoS policy. 

Test2:

    1. Enable Skype for Business/ Lync client log > then sign-in to Skype for Business / Lync client > then open Skype/ Lync (UCCAPILOG) logs in Notepad or Snooper tool. See the qosenabled shows true and verify all client port numbers. Below are log file locations.

  • Skype for Business 2015/Lync2013 client: %userprofile%\appdata\local\Microsoft\Office\15.0\Lync\Tracing\
  • Skype for Business 2015 client: %userprofile%\appdata\local\Microsoft\Office\16.0\Lync\Tracing\

Below screenshot shows correct client ports.


 

Test3:

Make audio call with another internal user and capture network traffic to verify, if QoS tagging shows correctly of not.

Verify two way packets and see DSCP value shows correctly.

Below screenshot shows UDP traffic DSCP: FE (Expedited Forwarding (46), which is correct tagging.


 

Best practices:

  1. Every quarterly audit QoS policies and see tagging.
  2. Check with WAN (Wide Area Network) provider (MPLS) for QoS plane.
  3. You must validate QoS end-to-end because sometime incorrectly configured network devices (routers, wireless access points, switches) which might set or change DSCP markings to something you did not intend or strip DSCP markings to 0 (set to 0).
     
    Thank you.

Comments

Popular posts from this blog

Outlook Add-in for Skype meeting getting disable after restarting Outlook.

Issue: Outlook Add-in for Lync meeting getting disable after restarting Outlook.
Problem Statement: Outlook Add-ins gets install automatically when Office 2013 installs (Lync and Skype for Business clients are part of Office package). Add-ins name is Lync Meeting Scheduling Outlook Addin or Skype meeting Add-in for Microsoft Office 2013. Sometime if other add-ins conflict with Outlook add-ins then outlook add-in keep getting disabled. And user has to enable it manually after Outlook restarts. 
Resolution: By default Lync Meeting Scheduling Outlook Addin or Skype Meeting Add-in for Microsoft Office 2013 installs wit load behavior "Load at Startup". However due to some conflict users Lync or Skype add-ins load behavior get changed to loaded instead of "Load at Startup" had to re-enable Lync Meeting Add-In in each time Outlook 2013 was started as it was not set to "Load at Startup". Look at the below screenshot. Now question is how we can change load behavior …

Unable to share desktop in Skype for Business?

Unable to share desktop in Skype for Business?
You can show your entire desktop or just a program to everyone in a Skype for Business Meeting, call, or instant messaging (IM) conversation. However sometime this feature does not work and give different errors.  Error message: ·Cannot start Desktop/Application Sharing due to network issues. ·An error occurred during the screen presentation. Resolution: There are multiple thing which may affect application/desktop sharing. 1.Make sure application / desktop sharing enabled on Skype for Business / Lync Server. SfB /Lync Control Panel > Conferencing > Conferencing policy > select Global or create new policy and set enable ‘Enable application and desktop sharing’. Refer below image. 2.Make sure your Skype for Business (Lync) client is updated with latest cumulative updates. Download latest update Skype (Lync) client. 3.Update your Video and Display drivers. a.Go to Start > Control panel. b.Search for Device Manager, and then open it. c.Find V…

Unable to login to Skype for Business client?

Unable to login to Skype for Business client? In order to sign-in on Skype (Lync) you must have login credential provided to you from your organization. ·Sign-in address: bilag@orgname.com ·User name: orgname\bilag ·Password: ************
Note: Orgname.com is my SIP domain name. Here are the most common mistake people make while sign-in on Skype for Business (Lync).
1.If you have login credential however still unable to sign-in then make sure you are putting proper login credential. Below error shows when you are wrong entering your sign-in address:
2.If you are writing correct Sign-in address however getting DNS error then contact administrator/ Support team there may be a DNS resolution or configuration issue. Administrator need to verify the SfB (Lync) AutoDiscover DNS records. 3.Sometime users password may expired/ lockout: Make sure that you password is not expire and lockout. If yes then call to helpdesk and reset your password / unlock. 4.Make user to have updated Skype for Business cli…