Month: July 2021

Using Supplementary Certificate of SBC 1000 / SBC 2000 / SBC SWe Lite for Teams Direct Routing

Azure SWe Lite, Enterprise Voice, Ribbon, SBC, SWe Lite, Teams / April 5, 2022

With the newer firmware versions of SBC 1000 /2000 and even SWe Lite, you can add a supplementary certificate that is different from the main certificate of the device.

This is helpful if you want to keep the main certificate intact while adding an additional certificate to be used with other services. The only thing you need to do after adding the supplementary certificate is to configure the TLS profile that is associated with the service to use that certificate.

You can have multiple supplementary certificates and use each certificate for a different service. All you need to do is to assign each certificate to the TLS profile of that service.

In my experience, this is useful mostly if you have an SBC that is configured and associated to work with Skype for Business (on-premise) and you want to configure the same device to be integrated with Teams Direct Routing.

Importing a supplementary certificate

On the SBC web interface select the Task tab

Under “SBC Easy Setup”, select certificate

Click on “SBC Supplementary Certificates” Tab

Click on “Import” > “PKCS12 Certificate and Key” to import a certificate with its private key

Click on “Choose File”

Select the file that contains the certificate

And click on Open

Supply the password for PFX file (remember that each PFX contains a password to protect the Private Key. The password was set during the export of the certificate to PFX)

And click on OK

A warning about importing a new certificate will appear. Click on OK

The new certificate will appear under the list of supplementary certificates

You can expand it to show the details of the certificate

Configuring TLS profile to use the newly imported certificate.

To utilize the newly imported supplementary certificate, you need to configure the TLS profile of the service that you want to configure it to use the certificate.

In my example below, I am configuring the TLS profile that was used by Teams Direct Routing (to make my device use the new certificate for Teams Direct Routing and keep the main certificate used for other services)

Go to Settings Tab > Security > TLS Profiles > Select the TLS profile that you want to configure it to use the newly imported certificate

The details of the select TLS Profile will be shown

Under TLS Parameter, select the certificate list

From the list of certificate, select the supplementary certificate to be used

The parameter named certificate will show the chosen certificate

Scroll down and click on Apply button

Filter failed to return unique result

Enterprise Voice, Teams, Teams Client / April 6, 2022

When you try to enable a user for Teams DirectRouting and assign a LineURI to a user using a command such as the below

Set-CsUser -Identity user@domain.com -OnPremLineURI “tel:+xxxxxxxxxxxx;ext=xxxx” -EnterpriseVoiceEnabled $true -HostedVoiceMail $true

And you get the following error:

Filter failed to return unique result

This might mean that the LineURI is already assigned to another user, Call Queue

You need first to remove the LineURI from the other users

To remove the Line LineURI (which represents the phone number that is assigned to the user) from a user

Removing the licensing of Office 365 is not enough. It would disable users on Teams, but the LineURI will remain unusable

To solve the issue, you simply need to run the following on the old user

Set-CSUser olduser@domain.com -OnPremLineURI $null

The would set LineURI and the number will be free to be assigned to another

Now, you can run Set-CsUser to assign the LineURI to the new user

Set-CsUser -Identity user@domain.com -OnPremLineURI “tel:+xxxxxxxxxxxx;ext=xxxx” -EnterpriseVoiceEnabled $true -HostedVoiceMail $true

 

User Account Roles Required to Configure Teams Direct Routing

Enterprise Voice, Teams / April 6, 2022

The following are the user accounts roles required to configure Teams Direct Routing

Global Administrator

A user with a Global Administrator role is required to check and manage the settings of the tenant. If there are any changes in the tenant settings. This user account should be used in case of any.

Teams Service Administrator

A user account with this role is required for creating, managing, and viewing a Teams direct routing configuration. That includes things like registering SBC as a gateway, creating dial plans, and voice routing policies.

Of course, if you have access to a Global Administrator, you don’t need a user account with the Teams Service Administrator role. But it is always better to use a user account with minimum required privileges.

Skype for Business administrator

You also need Skype for Business administrator role. This role is required for enabling Teams users for direct routing, which includes enabling enterprise voice, hosted voicemail, and setting a direct routing phone number.


Usually, I ask my customers to create a user with the Teams Service Administrator role and Skype for Business administrator role. And they are ok with giving me its credentials so I can use it freely. When I have changes that require a Global Administrator. I ask and guide the customer to do these changes.

The following image shows Teams Service Administrator role and Skype for Business administrator role both selected for the same user (in Admin Center of Office 365):

Set-CSuser Fails If When Using The Old MicrosoftTeams Module

Enterprise Voice, Teams / April 7, 2022

This happened to one of my customers

After using

Import-Module -Name MicrosfTeams

and connecting to teams using Connect-MicrosoftTeams

I tried to use Set-CSUser to assign the LineURI and other information

But, we were getting

Get-CsUser : The term ‘Get-CsUser’ is not recognized as the name of a

cmdlet, function, script file, or operable program. Check the spelling

of the name, or if a path was included, verify that the path is

correct and try again. At line:1 char:1

It seemed that we were using an old version of MicrosoftTeams module

In fact, many of the PowerShell commands that are used to manage Teams Direct Routing might fail if you are using the old version of MicrosoftTeams module

I asked my customer to close all of the opened PowerShell windows and open a new one and run the following command to uninstall the old module.

Uninstall-Module -Name MicrosoftTeams -Force

After that, we run:

Install-Module MicrosoftTeams -AllowClobber

And also connected to teams using

Connect-MicrosoftTeams

After that, Set-CSUser worked fine

Remember, many of the PowerShell commands that are used to manage Teams Direct Routing might fail if you are using the old version of MicrosoftTeams module