Skip to content

Instantly share code, notes, and snippets.

@shanehoey

shanehoey/Overview.md

Last active August 4, 2023 08:44
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save shanehoey/4dedb1b75b7f3ee79070fb4e99fccff6 to your computer and use it in GitHub Desktop.
Save shanehoey/4dedb1b75b7f3ee79070fb4e99fccff6 to your computer and use it in GitHub Desktop.
Download ZIP
Teams Survivable Branch Appliance
Raw
Overview.md

Teams Survivable Branch Aplliance

Raw
powershell.md

Powershell Commands for SBA's

Teams Survivable Branch Appliance

Create the SBA

C:\> New-CsTeamsSurvivableBranchAppliance  -Fqdn "sba1.shanehoey.dev"

Identity    : sba1.shanehoey.dev
Fqdn        : sba1.shanehoey.dev 
Site        : 
Description :

Check the SBA Appliances

C:\> Get-CsTeamsSurvivableBranchAppliance

Identity    : sba1.shanehoey.dev
Fqdn        : sba1.shanehoey.dev 
Site        : 
Description :

Update the SBA Appliances

C:\> set-CsTeamsSurvivableBranchAppliance  -Fqdn "sba1.shanehoey.dev" -Description "SBA1"

Identity    : sba1.shanehoey.dev
Fqdn        : sba1.shanehoey.dev 
Site        : 
Description : SBA1

Teams Survivable Branch Appliance Policy

Create the SBA policy

C:\> new-CsTeamsSurvivableBranchAppliancePolicy -Identity "SBAPolicy" -BranchApplianceFqdns "sba1.shanehoey.dev","sba2.shanehoey.dev"

Identity             : Tag:SBAPolicy
BranchApplianceFqdns : {sba1.shanehoey.dev, sba2.shanehoey.dev}

Get the SBA policy

C:\> Get-CsTeamsSurvivableBranchAppliancePolicy 

Identity             : Tag:SBAPolicy
BranchApplianceFqdns : {sba1.shanehoey.dev, sba2.shanehoey.dev}

Update the SBA Policy

Set-CsTeamsSurvivableBranchAppliancePolicy -Identity "SBAPolicy" -BranchApplianceFqdns @{remove="sba1.shanehoey.dev"} 
Set-CsTeamsSurvivableBranchAppliancePolicy -Identity "SBAPolicy" -BranchApplianceFqdns @{add="sba3.shanehoey.dev"}

Enable User for SBA

Assign user policy for SBA

 Grant-CsTeamsSurvivableBranchAppliancePolicy -PolicyName SBAPolicy -Identity shane@shanehoey.dev

Remove user from SBA

Grant-CsTeamsSurvivableBranchAppliancePolicy -PolicyName $null -Identity shane@shanehoey.dev

Check User for SBA

 get-csonlineuser -Identity shane@shanehoey.dev
Raw
Simulate Internet Outage.md

Simulated Internet outage with a teams Survivable Branch Appliance.

The following Information is the minimum information you will need to test a single Windows Teams Client for survivability. You will need to update these values to reflect your environment.

SBA Value
SBA Fqdn sba.audiocodes.cloud
SBA IP Address 10.1.0.22
SBA Subnet 255.255.255.0
SBA Gateway 10.1.0.1
SBC Value
SBC Fqdn sbc.audiocodes.cloud
SBC IP Address 10.2.0.22
SBC Subnet 255.255.255.0
SBC Gateway 10.2.0.1
SBC Value
PC IP Address 10.4.0.100
PC Subnet 255.255.255.0
PC Gateway 10.4.0.1
PC DNS Server 10.3.0.21

Assumptions

  • To simplify testing you must only be logged into a single teams client, this guide assumes your are using a Windows PC.
  • You have previously confirmed that the SBA is registering users correctly, and SBA syslogs look correct, for both OPTIONS and Inbound PSTN Forked calls.
  • To modify the local routes on the Windows PC you will need to be a local administrator.

If you are unsure of the steps above follow This Guide

Step 1 - Current Status

  • Install Syslog Software on PC
  • Configure SBC to send Syslogs to PC
  • Ensure you are only logged into teams on a single Teams PC client. Ensure you have logged out of all other clients especially Browsers/Mobile/Tablet devices
  • Ping the SBC Fqdn
  • Ping the SBA Fqdn
  • Test an Inbound Call
  • Test an Outbound Call
  • Disable voice mail for user who is being tested. (to ensure voicemail does not answer call in tests below )
  • If you can make and receive calls continue to step 2

Step 2 - Simulate Internet outage

  • Log out and log back into the teams client.
  • create routes to ensure that you can still ping the server when you remove the default gateway from PC. Do not create persistant routes.
# route for SBA 
route add 10.1.0.22 MASK 255.255.255.255 10.4.0.1
# route for SBC
route add 10.2.0.22 MASK 255.255.255.255 10.4.0.1
# route for DNS Server
route add 10.3.0.21 MASK 255.255.255.255 10.4.0.1

  • Manually change the IP Address on the PC so the default gateway is removed. ie in this example will be 10.4.0.100/255.255.255.0 with a DNS server of 10.3.0.21 only

  • Wait for the Teams client to go into survivability mode and continue to step 3.

Step 3 - Make Inbound /Outbound Calls

  • Make a outbound PSTN Call, the call sould be successful.
  • Make a inbound PSTN Call, the call should be successful.
  • If calls in either direction are not successful follow this guide to troubleshootThis Guide.
  • If both calls are successful continue to step 4.

Step 4 - revert PC settings

  • Manually change the IP Address on the PC back to the original settings
  • remove the static routes
# route for SBA 
route delete 10.1.0.22
# route for SBC
route delete 10.2.0.22
# route for DNS Server
route delete 10.3.0.21
  • Wait for the MS Teams client to exit survivability mode.
  • Make a outbound PSTN Call, the call sould be successful.
  • Make a inbound PSTN Call, the call should be successful.
Raw
troubleshoot.md

Troubleshooting Teams SBA

Supported Clients

  • Microsoft Teams Windows desktop
  • Microsoft Teams macOS desktop
  • Microsoft Teams for Mobile
  • Microsoft Teams Phones

Client Troubleshooting

For detailed instructions refer to Collecting Teams Client Logs

  1. Exit the Microsoft Teams Client
  2. Delete all folders & files in %appdata%\microsoft\teams
  3. Restart the Microsoft Teams client.
  4. Immediately after restart, download the MSTeams Diagnostics Log (Ctrl + ALT + Shift + 1)
  5. Search the latest MS Diagnostic log in the web directory for the following

Note: String may have changed so alternative search for FQDN inste search for the FQDN

  • the string enableSurvivability ["enableSurvivability": true]
  • the string branchSurvivabilityPolicy
  • the string setAvailableAppliances [{"fqdn":"sba1.audicodes.cloud"}]
  • the string setupApplianceLivenessChecks [appliances=[{"fqdn":"sba1.audiocodes.cloud","lastCheck":1600736677529,"isUp":true}]]

SBA Monitor

  • If you can not see registered users in the SBA Monitor but have appied the policy to users, and confirmed branchSurvivabilityPolicy fqdn above then check the firewall between SBA ad Teams for blocked traffic

SBC Troubleshooting

  • SBC must be configured for Media Bypass
  • Options must be OK between SBC and SBA

Firewall Troubleshooting

  • Teams Client 3443,4444,8443 <> SBA 3443,4444,8443
  • SBA <> SBC 5061 *is dependant on sbc config, but sba will always use 5061
  • SBA > NTP Server UDP 123
  • SBA > 443 m365
  • SBA > Azure IP anges and Service Tags

Do I realy need to open all those Firewall Ports ?

Yes

Managing M365 Endpoints

  • Check with your firewall vendor, as a number of leading firewall vendors can automatically whitelist these lists for you
  • If implemented correctly then all inbound traffic except the signalling from Teams Client and SBA list above.

Collecting Logs

If requested pleae provide the following

  1. SBC Syslogs a) we looking for options between the SBA and SBC OK b) Inbound /outbound calls including tests to see inbound calls are forking.
  2. Teams Client Logs (as per above) send all the files in a single ZIP
  3. SBA Syslogs a) configure the syslog service in the tools tab, and save syslog from syslog service b) download the sba Lods in the tools tan c) download the latest sba configrutaion log in the tools tab
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment