Monthly Archives: August 2016

Please Don’t Put Your Skype Edge Internal Interface on the LAN

This has come up on TechNet uncountable times.  I’ve seen it in deployments large and small. I’ve seen it so much that I feel it needs a large font.

TECHNET DOES NOT SUGGEST YOU PUT YOUR EDGE ON THE INTERNAL LAN.  PLEASE DON’T DO THIS.

Every edge server should have two interfaces, one internal facing and one external facing.  I realize that the TechNet documentation doesn’t always use the clearest language and we see articles like this that states “On your internal interface, configure one static IP on the internal perimeter network subnet”.

However, that does not mean your internal network.   A perimeter network is also often called a DMZ.  This is a separate network firewalled from all other networks.

PUTTING YOUR EDGE SERVER WITH ONE LEG IN A DMZ AND ANOTHER ON YOUR INTERNAL LAN BYPASSES YOUR FIREWALL AND IS BAD SECURITY PRACTICE.

Instead, TechNet is suggesting two separate perimeter networks (or DMZs).  An external facing one that can communicate with the Internet via a firewall or with access control, and a separate internal facing one that communicate with internal servers and workstations via a firewall.  These two networks should not be able to route to each other and only necessary ports should be opened.

 

 

 

Where in the Skype Database Can I Find the PSTN Conference ID?

Spoiler: You can’t.

This one has been asked a thousand times on TechNet, and occasionally someone thinks they’ve found it, but they’re wrong.

Many companies want to generate lists of the numeric conference ID found in Skype for Business or Lync meeting invites for the dedicated or private meeting space.  The trick is that although the alphanumeric conference ID can be found in the database (you can see this ID in the URL string generated in the meeting invite), the numerical/DTMF one isn’t stored anywhere.  It’s calculated by an algorithm known only to Microsoft and mapped within the conference directory.   Have I asked for it?  Yes.  Did I get it?  No.  I’ve been told by those within the Microsoft inner circle that the formula cannot be shared publicly, even under NDA.

The format of the actual number is as follows and documented here: https://technet.microsoft.com/en-us/library/gg398802%28v=ocs.15%29.aspx?f=255&MSPPError=-2147217396

<housekeeping digit (1 digit)><conference directory (usually 1-2 digits)><conference number (variable number of digits><check digit (1 digit)>

It is NOT the ConfID stored in the database (although this may well be part of the formula along with PSTN Local ID and PSTN Authority ID).

If someone manages to figure it out using some method, please let me know.  I’ve used DBAnalyze a few times to try to pull it, but I haven’t received consistent results.  My only thought would be a complex EWS scan of calendar directories for the information.

NoPSTNID