Trusted Application Pool setup
The DNS entries must be created for each server that will belong to the trusted application pool. This is done in the DNS section (forward lookup zones) of the server manager application.
Follow the steps:
- Go to the machine where Active Directory is configured
- On Windows Server 2008, go to Start> Run.
On Windows Server 2012, press Windows key + r. - Type msc, and then choose OK.
- In DNS Manager, expand <DNS server name>> Forward Lookup Zones.
- From the expanded list, click to select and then right-click the domain name.
From the displayed context menu, click the New Host (A or AAAA) option
DNS Manager - Creating New Host- On the opened "New Host" dialog, in the "Name" (uses parent domain name if blank) field, type the hostname of the computer or application pool FQDN for which you want to create a new record in the DNS server.
- Type the IP address of the target computer in the IP address
- Repeat step 7 and 8 for each host in the trusted application pool.
Registering Trusted Application Pool on SfB Server Machine
One of the steps to set up the machines for TM installation is to run PowerShell scripts to manage SfB Server applications and trusted third-party applications.
On the machine where SfB Server is installed run the SfB Server Management Shell and follow the steps:
Create trusted application pool:
- Run "Get-CsSite"
Note down the SiteID you get as response- Run "Get-CsService–Registrar"
- Note down the Registrar you get as response
- Run New-CsTrustedApplicationPool –Identity [PoolName] –Registrar [Registrar] –Site [SiteId] -ComputerFqdn [First Computer’s FQDN]
- Run Enable-CsTopology
Example
New-CsTrustedApplicationPool -Identity tm.dev.local -Registrar lyncserver.dev.local -Site: MainSite -ComputerFqdn TM01.dev.local
POWERSHELL
If you have only one machine, the Identity and ComputerFqdn is the same. In this case the -ComputerFqdn can be skipped
Add computers to the pool:
If there are multiple computers that will host trusted applications, add them to an existing pool:
- Run Get-CsTrustedApplicationPool Note down the "TrustedApplicationPool" you get as response
- Run "New-CsTrustedApplicationComputer -Identity [Computer‘s FQDN] -Pool [TrustedApplicationPool]"
- Run "Enable-CsTopology"
Example
New-CsTrustedApplicationComputer -Identity TM02.dev.local -Pool TM.dev.local
POWERSHELL
If a you want to add more computers later, you only need to run this command again.
More information about Power Shell commands is available in ‘Application management cmdlets in SfB Server’ section in the TechNet Library.
Register Trusted Applications Script
You can use the following script to create the entries for you
Register Trusted Application Endpoints Script
##############################################
# Script Name: Registering_LUCS_TM_TrustedApps.ps1
# Description: Create TrustedAppPool / Apps / Endpoints
#
#V1.0.0.0: Initial - Davide Iadarola
#V1.0.0.1: Update: Feature - Create default endpoint - Davide Iadarola
#V1.0.0.2: Update: Feature - Add ApplicationPrefix - Davide Iadarola
#V1.0.0.3: Update: Feature - Create LUCS/TM Conference Policy if not exists / Bugfix - Outputfile folder not created /
# Feature - Assign Conference Policy to Endpoints - Davide Iadarola
##############################################
#Config section:
$Application = "lucs"; #Options: lucs / tm
$ApplicationPrefix = ""; #Placeholder for TrustedappPoolName in TrustedApps and SipAddresses - Option is not required
$TrustedAppPool = ""; #LUCS or TM TrustedAppPool - FQDN
$SfBRegistrar = ""; #Skype for Business Registrar - FQDN
$SfBSite = ""; #Skype for Business Site
$TrustedAppComputers = @(
""
,""
,""
); #Hostname.domain.local
$SipDomain = ""; #Customer SIP Domain - sipdomain.local
$InstallMMSwitch = $false; #Options: $true / $false - Install LUCS MM?
$AdditionalEndpointsSwitch = $false; #Options: $true / $false - Add more Endpoints to the System
$AdditionalEndpointsStart = 10; #First Additional Endpoint
$AdditionalEndpointsEnd = 20; #Last Additional Endpoint
$ConfigOutputPath = "C:\Temp\LuwareTrustedAppConfig.txt"; #Path to Config Export
$DefaultEndpointSwitch = $false; #Options: $true / $false - Create default endpoint for failover scenarios
$DefaultEndpointPrefix = "defaultendpoint"; #Default endpoint name - "sip:" and "@sipdomain" will be added automaticaly
#------------------------------------------------------------------------------------------------------
#Do not Change below
#Add "-" to $Applicationprefix if used
if($ApplicationPrefix -ne ""){
$ApplicationPrefix = ($ApplicationPrefix + "-")
}
#Check if ConferencePolicy Tag:LucsService exists -> if not -> create ConferencePolicy
if((Get-CsConferencingPolicy -Identity "Tag:LucsService" -ErrorAction SilentlyContinue) -eq $null){
New-CsConferencingPolicy -Identity "Tag:LucsService" -AllowIPAudio $true -AllowIPVideo $true -AllowMultiView $false `
-Description "Lucs Contact Center Conferencing Policy" -AllowParticipantControl $true -AllowAnonymousParticipantsInMeetings $true `
-AllowExternalUserControl $true -EnableDialInConferencing $true -AllowConferenceRecording $false -EnableDataCollaboration $true `
-MaxVideoConferenceResolution "VGA"
}
#Save AdditionalEndpointsStart Var for Output
if($AdditionalEndpointsSwitch -eq $true){
$AdditionalEndpointsStartOutput = $AdditionalEndpointsStart;
}
else{
$AdditionalEndpointsStartOutput = "";
}
#Create TrustedAppPool
New-CsTrustedApplicationPool -Identity $TrustedAppPool -Registrar $SfBRegistrar -Site Site:$SfBSite -ComputerFqdn $TrustedAppComputers[0];
#Add Computers to Pool
Foreach($TrustedAppComputer in $TrustedAppComputers){
if($TrustedAppComputer -ne "" -and $TrustedAppComputer -ne $TrustedAppComputers[0]){
New-CsTrustedApplicationComputer -Identity $TrustedAppComputer -Pool $TrustedAppPool;
}
}
#Set Port Numbers
if ($Application -eq "lucs"){
$PortPrefix = 6;
$StartDefaultPort = 7000;
$StartAddPort = 7500;
}
elseif ($Application -eq "tm"){
$PortPrefix = 8;
$StartDefaultPort = 9000;
$StartAddPort = 9500;
}
# ICH Registration - Create TrustedApp ICH
New-CsTrustedApplication -ApplicationId ($ApplicationPrefix + $Application + "-ich") -TrustedApplicationPoolFqdn $TrustedAppPool `
-Port ("$PortPrefix" + "000");
#Create Default TrustedApps + Endpoints
$Count = 0;
Do{
New-CsTrustedApplication -ApplicationId ($ApplicationPrefix + $Application + "-connector-" + $Count) `
-TrustedApplicationPoolFqdn $TrustedAppPool -Port $StartDefaultPort;
New-CsTrustedApplicationEndpoint -ApplicationId ("urn:application:" + $ApplicationPrefix + $Application + "-connector-" + $Count) `
-TrustedApplicationPoolFqdn $TrustedAppPool `
-SipAddress ("sip:" + $ApplicationPrefix + $Application + "-connector-" + $Count + "@" + $SipDomain);
Get-CsTrustedApplicationEndpoint ("sip:" + $ApplicationPrefix + $Application + "-connector-" + $Count + "@" + $SipDomain) `
| Grant-CsConferencingPolicy -PolicyName "Tag:LucsService";
$StartDefaultPort = $StartDefaultPort + 100;
$Count++;
}
While($Count -le 4)
#Additional Endpoints
if($AdditionalEndpointsSwitch -ne $false){
Do{
New-CsTrustedApplication -ApplicationId ($ApplicationPrefix + $Application + "-connector-" + $AdditionalEndpointsStart) `
-TrustedApplicationPoolFqdn $TrustedAppPool -Port $StartAddPort;
New-CsTrustedApplicationEndpoint -ApplicationId ("urn:application:" + $ApplicationPrefix + $Application + "-connector-" `
+ $AdditionalEndpointsStart) -TrustedApplicationPoolFqdn $TrustedAppPool -SipAddress ("sip:" + $ApplicationPrefix + $Application `
+ "-connector-" + $AdditionalEndpointsStart + "@" + $SipDomain);
Get-CsTrustedApplicationEndpoint ("sip:" + $ApplicationPrefix + $Application + "-connector-" + $AdditionalEndpointsStart + "@" + $SipDomain) `
| Grant-CsConferencingPolicy -PolicyName "Tag:LucsService";
$StartAddPort = $StartAddPort + 1;
$AdditionalEndpointsStart++;
}
While($AdditionalEndpointsStart -le $AdditionalEndpointsEnd)
}
#CR Registration
$Count = 1;
New-CsTrustedApplication -ApplicationId ($ApplicationPrefix + $Application + "-cr") -TrustedApplicationPoolFqdn $TrustedAppPool `
-Port ("$PortPrefix" + "200");
Do{
New-CsTrustedApplicationEndpoint -ApplicationId ($ApplicationPrefix + $Application + "-cr") -TrustedApplicationPoolFqdn $TrustedAppPool `
-SipAddress ("sip:" + $ApplicationPrefix + $Application + "-conversationrecording-" + $count + "@" + $SipDomain);
$Count++;
}
While($Count -le 2)
#MM Registration
if($InstallMMSwitch -eq $true -and $Application -eq "lucs"){
New-CsTrustedApplication -ApplicationId ($ApplicationPrefix + $Application + "-mm") -TrustedApplicationPoolFqdn $TrustedAppPool -Port 6300;
New-CsTrustedApplicationEndpoint -ApplicationId ("urn:application:" + $ApplicationPrefix + $Application + "-mm") `
-TrustedApplicationPoolFqdn $TrustedAppPool -SipAddress ("sip:" + $ApplicationPrefix + $Application + "-mailmanager@" + $SipDomain);
}
#AC Registration
New-CsTrustedApplication -ApplicationId ($ApplicationPrefix + $Application + "-ac") `
-TrustedApplicationPoolFqdn $TrustedAppPool -Port ("$PortPrefix" + "100");
New-CsTrustedApplicationEndpoint -ApplicationId ("urn:application:" + $ApplicationPrefix + $Application + "-ac") `
-TrustedApplicationPoolFqdn $TrustedAppPool -SipAddress ("sip:" + $ApplicationPrefix + $Application + "-agentcontrol@" + $SipDomain);
#SMD Registration
$ServerAppPrio = Get-CsServerApplication | ?{$_.Identity -like "*$SfBRegistrar/TranslationService"} | Select-Object Priority;
$ServerAppPrio.Priority = $ServerAppPrio.Priority + 1;
New-CsServerApplication -Identity ("Registrar:$SfBRegistrar/" + $Application + "-SMD") -Uri ("http://www.luware.net/" + $Application `
+ "-SMD") -Priority $ServerAppPrio.Priority -Critical $False -Enabled $True;
#Default endpoint
if($DefaultEndpointSwitch -eq $true){
#Create default endpoint
New-CsTrustedApplicationEndpoint -ApplicationId ($ApplicationPrefix + $Application + "-ich") -TrustedApplicationPoolFqdn $TrustedAppPool `
-SipAddress ("sip:" + $ApplicationPrefix + $Application + "-" + $DefaultEndpointPrefix + "@" + $SipDomain) `
| Grant-CsConferencingPolicy -PolicyName "Tag:LucsService";
}
#------------------------------------------------------------------------------------------------------
# Output
$ichport = ("$PortPrefix" + "000");
$acport = ("$PortPrefix" + "100");
$crport = ("$PortPrefix" + "200");
$connectorprefix = ("$ApplicationPrefix" + "$Application" + "-connector-");
$connector0 = ("$ApplicationPrefix" + "$Application" + "-connector-0");
$connector1 = ("$ApplicationPrefix" + "$Application" + "-connector-1");
$connector2 = ("$ApplicationPrefix" + "$Application" + "-connector-2");
$connector3 = ("$ApplicationPrefix" + "$Application" + "-connector-3");
$connector4 = ("$ApplicationPrefix" + "$Application" + "-connector-4");
#Change Var if
if($AdditionalEndpointsSwitch -eq $false){
$AdditionalEndpointsStart = "";
$AdditionalEndpointsEnd = "";
$connectorprefix = "";
}
if($InstallMMSwitch -eq $true){
$mmurn = ("urn:application:" + $ApplicationPrefix + $Application + "-mm");
$mmport = ("$PortPrefix" + "300");
$mmuseragent = ($ApplicationPrefix + $Application + "-mm");
$mmtrustedapppool = "$TrustedAppPool";
$mmservertype = "MM";
}
else{
$mmurn = "";
$mmport = "";
$mmuseragent = "";
$mmtrustedapppool = "";
$mmservertype = "";
}
if($DefaultEndpointSwitch -eq $true){
$DefaultEndpointSipAddress = "sip:$DefaultEndpointPrefix@$SipDomain";
}
else{
$DefaultEndpointSipAddress = "";
}
$ApplicationPrefixAndApplication = ($ApplicationPrefix + $Application);
$OutputConfig = @("
Please enter those settings in the Webconfigurator under the following chapters:
Settings -> Topology -> Frontendpools:
Name: $SfBRegistrar
-------------------------------------------------------------------------------------------------------
Settings -> Topology -> Trusted Application Pools
FQDN: $TrustedAppPool
Select: $SfBRegistrar
-------------------------------------------------------------------------------------------------------
Settings -> Topology -> Trusted Applications
********* ICH *********
URN: urn:application:$ApplicationPrefixAndApplication-ich
Port: $ichport
User Agent: $ApplicationPrefixAndApplication-ich
Application Pool: $TrustedAppPool
Server Type: ICH
********* AC *********
URN: urn:application:$ApplicationPrefixAndApplication-ac
Port: $acport
User Agent: $ApplicationPrefixAndApplication-ac
Application Pool: $TrustedAppPool
Server Type: AC
********* CR *********
URN: urn:application:$ApplicationPrefixAndApplication-cr
Port: $crport
User Agent: $ApplicationPrefixAndApplication-cr
Application Pool: $TrustedAppPool
Server Type: CR
********* MM *********
URN: $mmurn
Port: $mmport
User Agent: $mmuseragent
Application Pool: $mmtrustedapppool
Server Type: $mmservertype
-------------------------------------------------------------------------------------------------------
Settings -> Topology -> Components
********* CR *********
SipUris: sip:$ApplicationPrefixAndApplication-conversationrecording-1@$SipDomain;
sip:$ApplicationPrefixAndApplication-conversationrecording-2@$SipDomain
********* ICH *********
ConnectorApplicationURN: urn:application:$connector0
ConnectorApplicationURN1: urn:application:$connector1
ConnectorApplicationURN2: urn:application:$connector2
ConnectorApplicationURN3: urn:application:$connector3
ConnectorApplicationURN4: urn:application:$connector4
ConnectorEnd: $AdditionalEndpointsEnd
ConnectorPrefix: urn:application:$connectorprefix
ConnectorStart: $AdditionalEndpointsStartOutput
DefaultEndpointSipAddress: $DefaultEndpointSipAddress
********* SMD *********
ManifestURI: http://www.luware.net/$ApplicationPrefixAndApplication-AgentMonitor
-------------------------------------------------------------------------------------------------------
PLEASE BE AWARE THAT YOU NEED TO FINALIZE THE CONFIGURATION OF EACH COMPONENT
")
#Create Output
if(Test-Path ($ConfigOutputPath.Substring(0, $ConfigOutputPath.lastIndexOf('\')))){
$OutputConfig > $ConfigOutputPath;
}
else{
New-Item -Path ($ConfigOutputPath.Substring(0, $ConfigOutputPath.lastIndexOf('\'))) -ItemType Directory;
$OutputConfig > $ConfigOutputPath;
}
#------------------------------------------------------------------------------------------------------
Write-Host "Script finished - Please Run Enable-CsTopology command and check the output file - Path: $ConfigOutputPath" `
-ForegroundColor Yellow;
POWERSHELL