Update: it appears the 6.1.2 update allows registration to Office365 without switching to Skype Mode or needing a Touch panel. I’ll test this more in depth when I get back to the office.
Looking for more detail? Polycom Legend Jeff Schertz has done two brilliant articles going in depth on the Group Series for both Skype for Business on-prem and Online
Okay, so this is going to be a big one as the Polycom RealPresence group series will be new to some people, but anyone who has had an older H.323 system should have a little understanding of how these work.
This tutorial isn’t complete, usually units like this are installed as part of a room system from a vendor and thus doesn’t cover things like setting up audio inputs / outputs or IP addressing.
Your integrator will typically do this for you. but may get stuck on the Skype4B components.
Regardless of the integrator or even if you are doing it yourself, a little prep work is required before configuring the unit for Skype4B
Requirements
- Lync/Skype4B Meeting room account
- Not a common area account, must have a username and non-expiring password
- Associated Exchange Account
- Can be a room account but must be enabled and have OWA access and a non-expiring password
or a normal everyday Exchange account with OWA access and a non-expiring password
(Thanks to Craig Johnson for the reminder)
- Can be a room account but must be enabled and have OWA access and a non-expiring password
Information you will need to give to your integrator (if you have one)
- Exchange Email Address
- Exchange Username/Password
- Skype4B/Lync Username/Password
- Skype4b/Lync Sip Address
- Domain name (Netbios format)
- Your CA’s Public Root certificate (not the private key!)
Creating the Required Account’s
First create a real exchange mailbox (Not a resource account) and remember its email address and Alias
- Keep the username short
- Make a matching SMTP Alias if you want a friendly SIP Address
- You do NOT need to UM enable this account, it should never get voicemail
Now, create a Skype4B / Lync Meeting room account for the VC system that is EV enabled
We use a Meeting room account to enable some of the logic Skype4B uses to address feedback loops. For example when you join the meeting Skype4B will ask you if you are in the room and if so, mute all your devices on your laptop/tablet
(Note, this is different from a user account and can only be created using powershell)
Create the meeting room ‘user’ and grant them the appropriate number and Voice Policy
Enable-CsMeetingRoom -Identity "80mpr1" -SipAddress "sip:[email protected]" -RegistrarPool "fepool01.skype4badmin.com" Set-CsMeetingRoom -Identity "80mpr1" -EnterpriseVoiceEnabled $true -LineURI "tel:+61386408640;ext=8640" Grant-CsVoicePolicy -policyname VP_AU-Vic-Unrestricted -identity "80mpr1"
Verify you can log into these accounts using your Skype for Business client and OWA respectively.
Getting your CA root certificate
Login to your CA at http://ca01.skype4badmin.com/certsrv/ and click the “Download a CA certificate, certificate chain, or CRL” link and download the CA chain in DER format
Configuring the unit
Note this guide was written using a unit on version 5.1.0 firmware, some older versions use a different licence;
“Real Time Video (RTV)” the licence is different, but the config process is the same.
Once your integrator (if you have one) has configured the initial setup on the RealPresense Group 500 head into the web interface of the unit and check for a Skype4B Interop or RTV Licence. Without it you need to use the VIS role in Skype4B, which doesn’t make much sense when these units support Skype4B natively.
Now, install the CA certificate to allow the unit to trust your Skype4B infrastructure
In the “Admin Settings > Security > Certificates” Tab click the “Browse” button next to “Add Certificate” and install the certificate from your CA.
Now head over to “Admin Settings > Network > IP Network” and then click the “SIP” dropdown
Make sure “Enable SIP” is ticked
The Sip Server Configuration should be set to “Auto”, this will enable the Group 500 to autodiscover your Lync / Skype4B infrastructure using DNS
Enter your Sign in Address, this is the full SIP address in UPN format (IE “[email protected]”)
In the username field, enter your username in netbios format (IE “s4badmin\jamesa”)
Change the registrar type to “Microsoft” and click Save
You will need to tab away and tab back to the page to see if you register correctly.
You should see “Registered” in the “Registration Status” field, if not. Navigate away and come back again.
If the issue persists, check your certificate install, DNS entries and connectivity to the frontends
You should also check the devices encryption setting, some integrators turn this off for legacy H.323 setups. Without it calls will disconnect on answer with ambiguous errors like;
“Error on local device”, “Client side general processing error”, “Encryption levels dont match” or even “488 Not Acceptable Here”
It’s actually the two endpoints failing to agree on an encryption algorithm as the integrator has forced it off.
Head over to “Admin Settings > Security > Global Security” and click on the “Encryption” dropdown
Change the “Require AES Encryption for Calls” to “When Available” (this allows legacy H.323 calls when required)
You should also check the Video Dialling order has been set to “SIP” under “Admin Settings > Network > Dialling Preference”
Now that your registered to the Skype4B environment, you can add additional features to enhance functionality
AD Integration
This one is easy head to “Admin Settings > Servers > Directory Servers” and fill in the details
Set the Server type to “Microsoft”
The Domain Name is in Netbios format IE “S4BAdmin” not “Skype4badmin.com”
The domain username and password will be populated from the SIP account page
Users will now be able to search and call users using the directory function on the RP Group 500
Calendar Integration
This enables users to invite the VC unit to a Skype4B meeting using outlook. When they do their Skype4B meeting will be onscreen when they walk into the room, they simply just need to select it using the remote and the unit will automatically join the conference. I’d highly recommend setting this up.
Note. This cannot be a resource account as the unit must be able to login to the exchange mailbox
Goto “Admin Settings > Servers > Calendaring Service” and enable the service
Enter the primary email address for the exchange account
Domain in Netbios format (“S4Badmin” not “Skype4badmin.com”)
Username in short format (No domain prefix)
Once these have been filed in click “Auto Discover” and the unit should automatically detect the settings using the email address, if that fails. Try changing the Auto discover using to “Sip Server”
Once all the information is detected (or entered manually) click Save
(Note for Manual settings, its looking for your OWA/EWS front end)
Testing
Jump over to “Diagnostics > System Status” and check everything is okay. The main thing you are looking for is the highlighted options, everything else is your integrators issue and is outside the scope of this document
Now head over to “Place a Call” and simply enter your SIP address in “Manual Dial” to test the system
Troubleshooting
If you do need to go digging as to why you aren’t getting anywhere you can download the logs from the appliance
Head over to “Diagnostics > System > Download Logs” and click on “Download system log”
This will compress and download a diagnostics Tar file, unpack it with your favourite archival utility and open “messages” with a text editor
(there is a folder named “.” in the archive, some utilities don’t like this folder, just extract the messages file if this happens)
Hope this helps!
Great article, very good explanations and steps. We actually do use resource accounts (Room Mailbox’s) when configuring group series for our customers. Especially if they have the room mailboxes already setup and users are already using them to book rooms. That way users can book the group series at the same time and the appointments appear in the calendar.
In order for it to work you need to assign the resource account a password, enabled the account in AD (by default its disabled), enabled the account for Skype for Business and you are good to go.
Agreed, the resource account is definably the better way to go, I have customers wont allow resource accounts to have passwords/be enabled but if that’s an option where you are it’s a great way to go (Honestly the way I tried to configure them to begin with)
We are working to configure RealPresence 500 with Lync but struggle with very simple tasks. For example, admitting someone into the call from the Lobby directly from RealPresence 500 does not seems possible.
The easiest workaround here would be when scheduling meeting for the Group 500 would be to enable users to bypass the lobby by default in outlook
http://www.skype4badmin.com/wp-content/uploads/2016/07/2016-07-28-15_43_52-Untitled-Meeting.png
You can also adjust the settings to automatically admit anonymous users or PSTN callers using set-csmeetingconfiguration (you cant do this per user, the closest you can get is per pool)
Something like;
Get-CsMeetingConfiguration | Set-CsMeetingConfiguration -AdmitAnonymousUsersByDefault $true -AssignedConferenceTypeByDefault $false -DesignateAsPresenter Company -PstnCallersBypassLobby $true
Would enable users to join a meeting by default, but the meeting pin and URL would change each meeting thus preventing uninvited members from dropping in and listening to confidential information (unless of course, someone forwarded the meeting invite)
This also simplifies the who experience for the meeting room users who “just want it to work”
Hello there, thanks for taking the time to produce a very clear article. It’s much appreciated. I was just wondering regarding the certificate side of things. We do not have an internal CA. Our SfB SSL certificate is from a public CA and installed directly onto the servers. How would I go about installing this on our Group 500? Should I just install the same cert on the Group 500?
Thanks in advance.
Hi there, Unfortunatley I’ve not configured many deployments with a Public CA.
I dont have a test unit I can verify with but the Group 500 should already trust the certificate as its from a public CA, Keeping in mind that the unit needs to trust edge servers etc which are typically signed with a public cert.
If not, you can import the Public CA cert or to potentially save yourself more hassle in the future, you can import the (public side) of the Public CA root cert that way the Group500 would trust anything generated by that CA vendor.
Hope this helps.
Hi James , thanks for the beautiful post . i am experiencing poor video quality (pixelating ), and content sharing over polycom is not great too . Is there anything i can try ?
(i am operating fast internet , Gigabit switches )
Hi Kurt, thanks for the nice comment!
I’ll assume you have QoS and CAC configured correctly? However this is usually caused by a bug with the Group 500’s using an older codec if you dont have the 1080p licence installed. As the codec is so old Skype4B caps the call at 640×480 at 600kbps, not very much bandwidth at all.
The easy fix is to increase the limit on the Skype4B MCU to 15mbit with the following cmdlet
“Set-CsMediaConfiguration –Identity Global -MaxVideoRateAllowed Hd720p15M”
Or you can ask your polycom reperesentitive for a trial 1080 key and see if that resolves the issue.
I have an article on this here, note that it was supposed to be addressed in UCS 6, but I’ve had reports that this is not the case.
http://www.skype4badmin.com/polycom-group-series-video-degrades-when-joining-a-conference-via-skype4b/
I have a Skype 4 Business Online tennant (via Office 365 E3). Will your recipe work with the online version too? There is only a Win 2012 DC on premise, Users are synced via Azure AD sync and work completely online. A local Skype server is not planned.
This should work okay, you may need to use the 365 PowerShell components to enable the Room AD account and give it a password. If there is no on-prem Skype4B server you shouldn’t need to install your local CA either. I’d also leave Exchange on Autodiscover to ensure it connects to your 365 tenant correctly. Keep in mind though without ExpressRoute to your 365 Tennant there is no assurance of the quality of your video link.
You might also run into this issue if you only have a 720p licence installed
http://www.skype4badmin.com/polycom-group-series-video-degrades-when-joining-a-conference-via-skype4b/
James – we have recently installed a Group 500 system into a clients boardroom with a Polycom S4B license. The client does not have an onsite Skype server and we have now been told by Polycom that the only way we can access Skype for Business is by adding an expensive Polycom touch panel to the system.
Does this sound correct as this is causing problems for us with our customer.
Sorry about the delay responding. As far as I’m aware this configuration *should* be possible as long as your autodiscover records are set correctly. I actually need to chase my Polycom Rep as I’m supposed to be testing another unit. So I’ll ask them then.
So after a quick chat with some of my contacts both via email and via Twitter, it seems its a requirement put in place by Microsoft due to Project Rigel. I’ve got a unit (sans screen) coming next week to tinker with, but from what Ive heard you need to put the unit into Skype4B mode to even get it to register with O365, thats what enforces the use of the Touch Screen. You can follow the conversation on twitter here. https://twitter.com/atreidae/status/821942266654650370
It seems the new 6.1.2 Software for the group series removes this limitation. I’ll test and come back to you.
Is it working without the touch tablet? I’ve got a demo Group 500 that I’m trying to test with our Skype4b online and can’t seem to get connected following your instructions above. When putting the office 365 credentials in it just says it’s not registered. The demo unit didn’t come with the tablet and i don’t want to buy one out right if we don’t decide to go with it.
I havent actually done it myself yet, but you can apparently register them to office365 if they are on the latest firmware and NOT in Skype mode
Looks like it will work without an on premise skype server setup , I managed to register mine directly with the skype registrar server.
Only issue I have is , The Group 500 switches to Skype Mode which i cannot turn off and requires a Polycom RealPresence Touch device, does this sound right? Do you need a polycom real presence touch deviice in order to use SfB on the Group 500?
Hi Macca, I’m waiting for my Polycom Rep to come back to me with a formal answer as to whats going on with these units as well as a proper demo unit so I can test. I’ll come back to you as soon as I can
So after a quick chat with some of my contacts both via email and via Twitter, it seems its a requirement put in place by Microsoft due to Project Rigel. I’ve got a unit (sans screen) coming next week to tinker with, but from what Ive heard you need to put the unit into Skype4B mode to even get it to register with O365, thats what enforces the use of the Touch Screen. You can follow the conversation on twitter here. https://twitter.com/atreidae/status/821942266654650370
Just a followup on this, I was unable to get my unit to connect to S4B Online without the TouchScreen. So make sure you order that option if your going down this path.
It seems the new 6.1.2 Software for the group series removes this limitation. I’ll test and come back to you.
Great document. I have the same setup. but the calendar does not update in the Polycom Real Presence 500. I updated the software to 6.0.1.XXXXX and still having the same issue. I can make direct video calls to Skype4B users with no problem but the room can’t join the meetings since the calendar is blank. it said “No Meetings today”. Any help will be great.
Hi Rafael. Sounds like the exchange intergration isnt working correctly. Are you sure you configured the device as a room in Exchange? On the status page is the device connecting to your Exchange cluster? I have seen in some cases before where a loadbalancer can upset the EWS connection preventing the Group500 from getting its appointments. If your using a load balancer, try pointing the unit direct to an Exchange CAS Box
Hi Rafael,
Did you find a solution for this issue? I have the same…
Thanks
@Rafael and @EldadiO, what was the fix in the end? i’m running into the same issue. weird thing is, on the admin web portal under Calendaring Service section, it shows “Registration Status:” of Registered! Scratching my head on this one… :-/
Thanks in advance for any light you can shine~
Can You Please Post the Installation and Configuration for who used it first time.
Hi Anayat, I’ve got a Polycom Group 300 series here for review and as one of the processes I’ll be posting a full guide on here when I get a chance.
Are you refering to a full guide for registering with SfB Online?
We have a Group 500, and I am yet to be able to get it to register with our Office 365 hosted Skype for Business.
I had been lead to believe that Microsoft had not yet qualified the Group Series devices for Office 365 and that is why it wouldnt work.
Thanks
Hi Sean. With the birth of Skype Room Systems v2 (aka, Project Rigel) Microsoft has stipulated some very stringent requirements for meeting room devices joining to Office365. My understanding is once the Group500 detects its connecting to 365 it will switch to “Skype Mode” which updates the UI and REQUIRES a touch screen or it wont register. Unfortunatley my demo unit came without a touch screen, but hopefully I’ll get some time with one at Polycom in the near future.
Thanks James.
I am trying to get hold of a touch screen myself.
Ill let you know if i make any progress. Will check in to see if you do the same.
Thanks,
Sean
It seems the new 6.1.2 Software for the group series removes this limitation. I’ll test and come back to you.
Any Updates about that ?
Sorry, it’s still sitting on my desk (on top of the Audiocodes) I’ve been quite busy with Ignite and a few projects. it’s coming I swear
Hi Guys,
Great article by the way, we have 500 now setup and working on both SIP and H323. I can dial directly using SFB to someone however SCHEDULED calls do not work. I can see the calendar etc and when i click join it just says failed to dial the number. It attemps to dial the SFB online meeting urls https://Mycompany.com/ijssds
PLEASE HELP.
Thanks
Kowsar
Hi Kowsar.
I’m not to sure with S4B Online myself, but are you saying you have a hybrid deployment and when you attempt to join a scheduled meeting on the Group 500 (I assume is registered on prem) is trying to connect to your office365 tennant simple url?
Have to tried with an on-prem hosted user?
Hi James , We have GS 700 + 500 deployed with S4B (on premise ) . Works well with Audio and video . But when someone shares content – monitor 2 receives very blurry – poor images. still the audio and video is ok. Any suggestions ?
Hmm. I imagine its getting the shared content via video.
1.) do you have the 1080p licence installed (enables HVC)
2.) have you tried to non HVC fix here ?
Pingback: Group Series Skype Meeting Join Issue | UCC Ramblings
Hi James – quick question – we have a group 500 / Medialign system set up and running with Skype for Business and everything seems great except for one thing.
We aren’t able to achieve multisite calls with S4B. Seems it never evokes avmcu. The accounts test out fine and when we use the accounts on a laptop to test – multiway works great! But on the Room/Medialign – we are only able to achieve peer to per calls, third participant fails. Scheduled meeting show up on the Screen as upcoming meetings properly but fail when we try and join.
Otherwise the system behaves nice with peer to peer calls.
Any ideas on this?
Thanks!! Alex
Nothing off the top of my head unless your running into the non HVC issue.. but it doesnt seem like that. I’d reccomend getting your Skype4B Admin to pull the Snooper logs for an attempted session and go from there.
Hi James, I only have one question.
Does the solution work with SFB based on a cloud platform? We actually have SFB included in the Office 365 licences of the cloud. Also we have an Active Directory federated to the Office 365 licenses.
Thank you.
If your hosting the user in Office365 as your cloud platform you will need to aquire the “RealPresence Touch” panel as well as the Group Series unit.
Microsoft requires any meeting room solution that can connect to Office 365 nativley adhere to the Project Rigel ideologiy in that meetings can be joined by a single touch and have a simple UI to manage during a call.
The Group Series remote control doesnt satisfy this requirement and thus a Group Series without a touch panel is blocked from connecting to 365 by Microsoft.
If you are using your “On-premise use rights” from 365 with your own infrastructure for the meeting room user (On *YOUR* Frontend… Cloud Connector Editon doesnt count) This will work fine.
@James, I’m trying to connect my GS 500 to S4B Online using the touch without success. The SIP registration keeps failing. Do I need to enable something on my lync online enviroment?
I haven’t played with a GS500 w/touch yet. But I imagine the device would need an E5 licence.
Hi James – We just had a integrator install a Polycom RealPresence Group 310 device which is integrated with our on-premises S4B installation. We are able to join meetings and call contacts just fine but we cannot place any phone calls. S4B has been configured to do this and we are able to dial phone numbers within our Skype clients, but our integrator has not been able to get this working on the RealPresence end. Is the Polycom device capable of placing phone calls through its Skype SIP connection?
Thanks for your help.
Yes, the Group series should be fine to place calls using your skype4b infrastructure.
Hi Kowsar,
Did you find your answer? If not, change the order in which the systems dials out, should be SIP then H323.
Dnard
I’ve tested it and can confirm that it works with skype for business without the tablet. It does seem to have limited functionality, but it does work.
Thanks for coming back to us on this one Matt
Thanks for this helpful article, After integrating skype for bussiness with RPG 500 along with touch panel All is working fine just a one problem is far end content is not visible. In skype call.. We are getting message as Your application is rejected by system. In skype.
Hmmmm I’m not sure on that one. Have you enabled VBSS (video based screen sharing) in your Skype4B deployment?
Thank you for this article. I used it for setup my polycom realpresense 310 and S4B Online. ANd all good – but i cant call from Skype (not bussines) to Polycom S4B account – call just drop and ? the end. Can u help me to find solution ? Firmware – last version (just updated)
Thanks for your comment.
I’m not sure that’s a supported configuration. You will find the GS is likely dropping the call due to a codec negotiation failure. Skype4C uses the SILK audio codec which very few devices support.. Microsoft has done a considerable amount of work to AVOID transcoding anything on the AVMCU
I think your best option would be to invite the remote party to join via the Skype4B webapp by booking the room.
THank you for answer.
Pingback: Videoconferencing solutions with Skype for Business | IT Blog by Joni Mattila
Hi James,
Thank you for this document and rest of the conversation, we have recently installed the Presence System and are running O365 Skype for Business account with a License, everything is working fine except if a users wants to share any content like screen/whiteboard during a video conference with the System, the account (SkypeforBusiness) straight away declines the invitation, any workarounds with this. Thanks
Make sure your using both the latest group series firmware and sfb clients. Changing between VBSS (video based screen sharing) and RDP is not an elegant process and only works when the AVMCU is involved
Hi, would the steps be similar to if you’re using O365 Skype?
The steps are similar. I need to make a new article for sfb-O and MSTeams
We are having LBR configured for EV and getting following error when dialing PSTN, any help would be appreciated “The user is not authorized to use the requested bearer capability. This may be due to a subscription problem. Contact your network administrator for assistance”