Quality of Service for Skype for Business/Lync configuration and best practice Guide
V2
Overview:
As you know that Microsoft Skype for Business is great product which has multiple
features which help enterprise users to communicate and collaborate effectively from
anywhere. To get Skype for Business to work correctly for internal and external users, is
complex task as we are dealing with vast product. Improving quality of service is very
important. So, this admin guide helps you to configure end to end Quality of Service.
Also, this document mainly focusing on why we need Quality of Service and how we can
configure this.
Basically, Quality of Services is not a only solution of every quality problem, however
QoS is combination of networking technologies that enables companies to optimize the
end-user experience for real time audio, video and application sharing communications.
QoS is commonly used when network bandwidth is limited and when network
congestion, in practice bandwidth limitation and network congestion always there so we
must have QoS configure correctly to optimize end-users experience.
Author: Balu Ilag Microsoft MVP (Office Servers and Services) © 8.27.2018, Balu Ilag, System Administrator, Microsoft MVP
Office Apps and Services. Version 2.0
Contact me at: [email protected]
Blog: http://bloguc.com/ . This document covers how to deploy quality of
services and why we need it. Target audience for this admin guide are Skype for Business / Lync Administrator, Skype for Business Online (Office365) Administrator, Network Engineer and System Administrator who manages Skype for Business and Lync server 2013 environment.
Quality of Service for Skype for Business / Lync configuration and best practice Guide
V2
Why QoS required?
Quality of Services (QoS) is a combination of networking technologies that enables
companies to optimize the end-user experience for real time audio, video and
application sharing communications.
QoS is commonly used when network bandwidth is limited and when network
congestion, in practice bandwidth limitation and network congestion always there so we
must have QoS configure correctly to optimize end-users experience.
QoS can be configure as end to end, it more useful your media traffic traverse over Wide
Area Network because on Local Area Network you might not have network congestion
and bandwidth issues.
When we talk about WAN, were most of organization uses Multi-Protocol Label
Switched (MPLS). MPLS network is a L3 WAN built by a service provider to sell its
bandwidth to many customers and allows to guarantee a quality of service (QoS). With
that said means QoS is always required ☺
How QoS is working?
Basically, all port range provided to Skype for Business/Lync client via in band
provisioning. This means that once your Skype for Business / Lync client signs in, they
will start using these locked down port ranges which configured on Skype for Business/
Lync Server and this ports pushed down to Skype for Business/ Lync clients. So, when
client initiate the media traffic using applications like lync.exe, communicator.exe and
attendeeconsole.exe. This means that all applications that utilize the Audio/Video,
Application sharing, file transfer ports, which will get DSCP (Differentiated Services Code
Point), markings stamped by Operating System via GPO (Group Policy Object).
Operating System like, Windows Vista, Windows 7, Windows 8 and Windows 10 utilize
the Policy based QoS. Policy based QoS has the benefit that you can restrict the QoS at
the application level. This means that all client applications that utilize the Audio/Video
Application sharing, file transfer ports that we configure for Audio/Video, Application
sharing, file transfer will get DSCP markings stamped.
In other word the Windows or Windows Server operating system can identify the traffic
type and apply the appropriate DSCP to each packet according to the port that it uses.
Below is the client application with their executable file name:
• Office Communicator 2007/R2 and Lync 2010 – communicator.exe
• Lync 2010 and Lync Attendant Console - attendantconsole.exe
• Lync 2013, Skype for Business 2015 and Skype for Business 2016 – Lync.exe
Below are the port ranges and DSCP values with their Media type:
Media Type
Communication Port Range Port Count
DSCP Values
Audio Conferencing Server
49152 - 57500
8348 46
Audio Mediation Server 49152 - 57500
8348
Audio Clients 50020 - 50059
40 46
Video Conferencing Server
57501 - 65535
8034 34
Video Clients 58000 - 58019
20 34
App Sharing
Conferencing Server
40803 - 49151
8348 24
App Sharing
Clients 42000 - 42019
20 24
File Transfer
Clients 40783 - 40802
20 14
Signaling Client and Server 5060-5061 2 46
Note: This QoS capability is only applicable to Skype for Business clients and IP phone
devices which are registered directly to an internal Skype for Business / Lync pool Server
on managed networks; QoS is not applicable for traffic routed over the Internet.
Let us start with QoS configuration:
1. Enable QoS for all clients, which is disabled by default:
Quality of Services (QoS) is not enabled by default on Skype for Business / Lync
Server.
You can run Get-CsMediaConfiguration command from PowerShell and see if
“EnableQoS” shows “True” or “False”. By default, it shows as False.
To Enable QoS globally, run the below PowerShell command:
Set-CsMediaConfiguration -EnableQoS $True
In case you want to enable QoS per site wise then run the below command let
Set-CsMediaConfiguration -Identity Site:<sitename> -EnableQoS $True
2. Configure the port ranges for Conferencing and peer-to-peer media traffic:
For Quality of Service work correctly, you should configure identical port ranges
for audio, video, file transfer and application sharing on your Conferencing,
Application, and Mediation servers; furthermore, those port ranges must not
overlap in any ways. E.g. if you use ports 57501 through 65535 for video on your
Conferencing servers. That means that you must also reserve ports 57501
through 65535 for video on your application servers. If you do not, QoS will not
work as expected.
You must use Power Shell to configure Port ranges. You can verify the existing
port ranges for your Conferencing, Application, and Mediation servers by running
power shell commands.
Get-CsService -ConferencingServer | Select-Object Identity, AudioPortStart,
AudioPortCount, VideoPortStart, VideoPortCount, AppSharingPortStart,
AppSharingPortCount
Get-CsService -ApplicationServer | Select-Object Identity, AudioPortStart,
AudioPortCount
Get-CsService -MediationServer | Select-Object Identity, AudioPortStart,
AudioPortCount
Note: Application server and Mediation server only support QoS for audio; you
do not need to change video or application sharing ports in your Application
servers or Mediation servers.
As you can see in the below commands, each port type – audio, video, and
application sharing – is assigned two separate property values; the port start and
the port count. The port start indicates the first port used for that modality; e.g. if
the audio port start is equal to 49152 that means that the first port used for
audio traffic is port 49152. If the audio port count is 8348 that means that 8348
ports are allocated for audio. If the first port is port 49152 and last ports 57500
(port ranges should be contiguous). Thus, the port range for audio would be ports
49152 through 57500.
To make changes in all Pool Servers:
Get-CsService -ConferencingServer | ForEach-Object {Set-CsConferenceServer -
Identity $_.identity -AppSharingPortStart "40803" -AppSharingPortCount "4348" -
AudioPortStart "49152" -AudioPortCount "4348" -VideoPortStart "57501" -
VideoPortCount "8034"}
To modify Instant messaging SIP port in all Pool Server (optional):
Get-CsService -ConferencingServer | ForEach-Object {Set-CsConferenceServer -
Identity $_.Identity -ImSipPort 5062}
You can make changes to mediation and application server audio port ranges.
To set on all Edge Server:
With Edge servers, you do not have to configure separate port ranges for audio,
video, and application sharing; likewise, the port ranges used for Edge servers do
not have to match the port ranges used with your Conferencing, Application, and
Mediation servers.
Get-CsService -EdgeServer | ForEach-Object {Set-CsEdgeServer -Identity
$_.Identity -MediaCommunicationPortStart 50000 -
MediaCommunicationPortCount 10000}
Configure client port ranges for peer-to-peer media:
You can run below command to find existing media client ports:
Get-CsConferencingConfiguration | fl Client*
To make changes in client port ranges:
Set-CsConferencingConfiguration -ClientMediaPortRangeEnabled $True -
ClientAudioPort "50020" -ClientAudioPortRange "40" -ClientVideoPort "58000" -
ClientVideoPortRange "20" -ClientAppSharingPort "42000" -
ClientAppSharingPortRange "20" -ClientFileTransferPort "40783" -
ClientFileTransferPortRange "20"
3. Now configure separate Group Policy Object for Client and Server:
After defining port ranges you must also create Quality of Service policies that
specify the DSCP code to be associated with each port range
Simply, restricting a set of ports to a specific type of traffic does not result in
packets traveling through those ports being marked with the appropriate DSCP
code. In addition to defining port ranges you must also create Quality of Service
policies that specify the DSCP code to be associated with each port range.
This DSCP values association with port ranges can be achieve via GPO which has
policy based QoS.
If you already have all port ranges and DSCP value with communication type then
processed below, if not then decide port ranges and follow the step two for
configure port ranges.
Microsoft outline complete steps https://technet.microsoft.com/en-
us/library/jj205076(v=ocs.15).aspx
a. You must have consolidated all your computer object to single OU
(Organization Unit). E.g. Computer.
b. Login to the Domain Controller or computer which have Group Policy
Management installed.
c. Open Group Policy Management tool (run > gpmc.msc) and then right click
the OU (Computer) and then click “Create a GPO in this domain, and Link it
here” to create a new GPO. E.g. SfBLyncClient-QoS. You must have required
permission (Domain Admin) or like create and link policy object.
d. Select the newly created Group Policy Object and right click on it and select
Edit to Open Group Policy Management Editor > expand Computer
Configuration > expand Policies > expand Windows Settings > right click
Policy-based QoS > then click ‘Create new policy’.
e. In Policy-based QoS page > give policy name as "Lync2013-Audio" > Select
Specify DSCP Value: "46" > click Next.
Below screenshot shows Policy name and DSCP value information:
(screenshot shows exiting policy)
f. On next page > Select "Only applications with this executable name:
"lync.exe" > click Next.
Note: This simply ensures that Lync.exe application will match packets from the
specified port range with the specified DSCP code.
Below screenshot shows Application name information: (screenshot shows
exiting policy)
g. On next page, make sure that both Any source IP address and Any
destination IP address are selected > then click Next.
Note: These two settings ensure that packets will be managed regardless of
which computer (IP address) sent those packets and which computer (IP
address) will receive those packets.
Below screenshot shows IP address configuration information: (screenshot
shows exiting policy).
h. On next page select TCP and UDP > select ‘From this source port or range’.
Note: TCP (Transmission Control Protocol) and UDP (User Datagram Protocol)
are the two networking protocols most-commonly used by Skype for
Business/ Lync Server and its client applications.
Also, typed port range reserved for audio transmissions.
Below screenshot shows protocol and port range configuration information:
(screenshot shows exiting policy).
i. Follow step e to h and create new policy object as “Lync2013-Signaling,
Lync2013-AppShare, Lync2013-File Transfer and Lync2013-Video” with above ports ranges and DSCP values.
j. After you configuring all policy object, it will look like below:
k. Open Group Policy Management and then right click the OU (Server) and then
click ‘Create a GPO in this domain, and Link it here’ to create a new GPO. E.g.
SfBLync-Server-QoS. You must add your Skype for Business / Lync Server to
Server OU. Then repeat step d to I and create policy object for Server as well.
After you configuring all policy object for server, it will look like below screen.
4. Finally test the QoS, as a best practice you must validate QoS configuration and
DSCP tagging quarterly basis.
How enable QoS for Skype for Business / Lync Phone devices?
Basically, Skype for Business / Phone edition mainly support audio, hence you define
DSCP values for Audio traffic.
To enable QoS on Skype for Business /Lync Phone Edition device, you must edit the
VoiceDiffServTag and Voice8021p settings on the device By default, VoiceDiffServTag
is set to 40, and Voice8021p is set to 0.
Lync/Skype Server Control Panel > Clients > Device Configuration.
You enable QoS using PowerShell as well:
Open Skype for Business / Lync Management Shell > type below command:
Set-CsUcPhoneConfiguration -VoiceDiffServTag <value> -Voice8021p <value>
E.g.
Set-CsUcPhoneConfiguration -VoiceDiffServTag 46 -Voice8021p 0
You will need to restart the device for the changes to take effect.
Test1:
a. First, we need test GPO policy correctly applied or not, after newly
created GPO applied and linked to OU where Computer and Server object
stored (separate OU). Before testing you can force the policy by running
"gpupdate.exe /force" on testing computer and server which will refresh
the policy.
b. After policy refresh on client computer > Start > Run > cmd (open as
administrator) > type Gpresult /h result.htm
c. You will all policy result in result.htm file and find your QoS policy.
Test2:
a. Enable Skype for Business/ Lync client log > then sign-in to Skype for
Business / Lync client > then open Skype/ Lync (UCCAPILOG) logs in
Notepad or Snooper tool. See the qosenabled shows true and verify all
client port numbers. Below are log file locations.
• Skype for Business 2015/Lync2013 client:
%userprofile%\appdata\local\Microsoft\Office\15.0\Lync\Tr
acing\
• Skype for Business 2015 client:
%userprofile%\appdata\local\Microsoft\Office\16.0\Lync\Tr
acing\
Below screenshot shows correct client ports.
Test3:
Make audio call with another internal user and capture network traffic to verify,
if QoS tagging shows correctly of not.
Verify two way packets and see DSCP value shows correctly.
Below screenshot shows UDP traffic DSCP: FE (Expedited Forwarding (46), which
is correct tagging.
Test4:
a. On Windows machine > open “regedit” > browse path
“HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\QoS”
You will see all QoS polices applied to this machine:
b. On FE Server, you don’t have to define application name because this server
all application related to Skype/ Lync.
open “regedit” > browse path
“HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\QoS”
On Front End Server show like below:
Best practices:
1. Every quarterly audit QoS policies and sees tagging.
2. Check with WAN (Wide Area Network) provider (MPLS) for QoS plane.
3. You must validate QoS end-to-end because sometime incorrectly configured
network devices (routers, wireless access points, switches) which might set or
change DSCP markings to something you did not intend or strip DSCP
markings to 0 (set to 0).
Thank you.