Important! Please read the article Before installing carefully. This serves as the basis for this set of instructions.

Provisioning/Installing a Skype for Business Trusted Application Server

Configuring a SfB Trusted Application Server/Pool is beyond the scope of this manual but below you will find the main steps:

  1. Run the SfB topology builder to configure the new Trusted Application server (or pool) and publish the topology.
  2. On each Trusted Application server, run the SfB installer.
  3. Run the SfB Deployment Wizard.
  4. On the main page, click Install or Update Skype for Business Server System
    1. click Install Local Configuration Store
    2. click Setup or Remove Skype for Business Server Components
    3. click Request, Install, or Assign Certificates
      The certificate will usually come from an internal certificate authority, similar to the Default certificate installed on your Front End servers or the certificate installed on the internal interface of the Edge. Just run the cert wizard and let it do its thing. It should have the server FQDN and Pool FQDN (if setup in pool).

If you need a detailed, step by step guide on how to setup a Trusted Application Server/Pool in your SfB infrastructure, have a look at this article.

Configure the Trusted Application parts

Replace the <placeholders> with your real values and paste the commands in to an elevated PowerShell window (SfB PowerShell module needs to be installed):

  1. Add a Trusted Application Pool
    New-CsTrustedApplicationPool -id <Trusted Application Server FQDN> -registrar <Front End Pool FQDN> -site "Site:<site name>" -requiresreplication $false
  2. Add a Trusted Application – remeoserver
    New-CsTrustedApplication -ApplicationId remeoserver -TrustedApplicationPoolFqdn <Trusted Application Server FQDN> -Port <unused port number>
  3. Enable the Topology
    Enable-CsTopology
  4. Add a Trusted Application Endpoint - remeo@<Your Sip domain>  
    New-CsTrustedApplicationEndpoint -SipAddress "sip:remeo@<Your Sip domain>" -DisplayName "Remeo Server" -TrustedApplicationPoolFqdn <Trusted Application Server FQDN> -ApplicationId "remeoserver"

There must be only one instance of this SIP address in your topology. This SIP address is an application address and not a user address, therefore no user may be assigned to that address.

The address needs to be different for servers in another pool.

Installation steps

Remeo Server contains a web server which is by default listening to TCP-Port 54321. This port is automatically opened to this application by the setup via the netsh command. If you need to change the port number, you can do this after the installation is finished. Therefore you have to use netsh, and you also need to adopt it in the file %PROGRAMFILES%\Program Files\colima\Remeo Server\Remeo.Server.exe.config. Depending on your environment you need to open this port in your company and/or local firewall.


To install Remeo Server, proceed as follows:

  1. Copy and unpack the file RemeoServer_vX-X.zip into a folder on the targeting environment.
  2. Read the Readme_xx.txt file contained in the zip file!
  3. Execute the RemeoServerSetup.exe with elevated rights or deploy the file RemeoServer.msivia your software deployment application. In this case you can pass the following parameters to the MSI:                                         
    • SIPADDRESS (SIP address of the Trusted Application Endpoint)

  4. In case you want to update an existing Remeo instance you need to pass the parameters REINSTALL=ALL REINSTALLMODE=vomus
  5. Follow the instructions on the screen.


After successful installation:

  1. Open the Windows Services Manager.
  2. Start the service Remeo Server manually. If the service doesn't start, please proceed as follows:                                         
    • Just try to start it a second time. Sometimes things take a while to be ready.
    • Look in the Windows Event Log, whether in the Windows log Application error entries exist that originate from the source Remeo Server.
    • Check if in the file %PROGRAMFILES%\Program Files\colima\Remeo Server\Remeo.Server.exe.config the value of the key application-endpoint-uri does contain the correct SIP address.
    • Click the shortcut Remeo Server Logs in the Windows Start menu, which points to the path %PROGRAMDATA%\colima\Remeo.Server. Check the file ..\Logs\Global\Error_YYYY-MM.log for any errors!

Set users permissions

Basically, there are three ways to grant the permission to users for changing the reachability settings on behalf of another user:

  • Users who are in the same Remeo AD-group(s)
  • Users who are in a SfB Delegation relationship
  • Users who are in the same SfB Team-call group

All permissions can be controlled using the following Active Directory group memberships:

  • RemeoADPermission (Option 1)
  • RemeoDelegatePermission (Option 2)
  • RemeoTeamPermission (Option 3)
  • RemeoADGlobalPermission (Option 4)

These Active Directory group names are static and cannot be changed without breaking the Remeo authorization features. All options can be used separately or in parallel, in order to do so, the administrator creates the corresponding groups according to the options which are supposed to be utilized.

Technically, these groups work as an indicator whose membership activates the Remeo permission check. The membership of these groups does not include the permissions for changing the reachability settings of other users belonging to the corresponding group. To grant permissions for changing reachability settings, a user must be a delegate / Team-call group member of the targeting user or both have to be a member of any other group containing Remeo in its name.


As the name indicates, the RemeoADGlobalPermission (Option 4) differs from this rule. While being a member of this group, the user (usually administrator and super-users) is able to change the reachability settings for all user in the organization.

Hints

  • Group nesting is supported for Option 1.
  • Please make sure in the AD the Primary group of all users is set to Domain users.

Examples

Option 1

User A is an IT Admin and wants to change the call forwarding on behalf of User B, which is in the sales department.

  1. Let's say user A already belongs to the AD group IT-Department and user B in Sales-Department.
  2. Create the group RemeoADPermission in the AD.
  3. Now create a group e.g. Remeo_Sales. Important is, the string Remeo does exist somewhere (starts with, ends with or contains) in the group name.
  4. Assign the groups IT-Department and Sales-Department to the group Remeo_Sales.
  5. Assign group IT-Department to RemeoADPermission.
  6. Now all users of IT-Department are allowed to change the settings of all users in Sales-Department. If you only want certain users of IT-Department to be allowed, you wouldn't add the group IT-Department to RemeoADPermission but only those single users.

Option 2

User B is a delegate of User A and he wants to change his call forwarding settings.

  1. Make sure User B has been configured as a delegate for User A, either using the SfB client or Remeo.
  2. If not exists create the group RemeoDelegatesPermission in the Active Directory.
  3. Add User B to RemeoDelegatesPermission group which activates Remeo for checking the delegates membership settings.
  4. Now User B can change the call forwarding settings of User A.

Option 3

User B belongs to the same Team as User A and he wants to change his call forwarding settings.

  1. Make sure User B has been configured as a Team member together with User A, either using the SfB client or Remeo.
  2. If not exists create the group RemeoTeamPermission in the Active Directory.
  3. Add User B to RemeoTeamPermission group, which activates Remeo for checking the team membership settings.
  4. Now User B can change the call forwarding settings of User A.

Option 4

User B is an Domain Administrator and he wants to change the reachability settings of all user within the organization.

  1. If not exists, create the group RemeoADGlobalPermission in the Active Directory.
  2. Add User B to RemeoADGlobalPermission group.
  3. User B is now able to change all reachability settings of all users within the organization.

Logging

We provide different logging options:

  • Log files for administrative and debugging purposes                               
    • %PROGRAMDATA%\colima\Remeo.Server\Logs\Global\Global_YYYY-MM.log and Error_YYYY-MM.log
  • Protocol files for tracking purposes which contain all changes made by the users                               
    • %PROGRAMDATA%\colima\Remeo.Server\Logs\tracking\Tracking_YYYY-MM.log
  • The Remeo Server uses a rolling log file mechanism based on the current month and a maximum file size. Therefore a new log file will be created at the beginning of each month. In the event of exceeding the maximum log file size an additional log file will be created. In total a maximum of 5 log file will be archived, which means that the oldest log file will be overwritten as soon as a new log file is about to be created and the total log file count exceeds 5 files. This mechanism avoids that the log file grows indefinitely and your system may run out of disc space.
  • You can access the log file folder with ease by clicking the shortcut Remeo Server Logs in the Windows Start menu.

Uninstallation

To completely uninstall Remeo Server, proceed as follows:

  • Please stop the service Remeo Server manually just to avoid a timeout during uninstall because it can take some time depending on the number of established user endpoints.
  • In the Windows Control Panel click Programs –> Uninstall a program.
  • In the list of installed programs, click on colima Remeo Server and uninstall it. 

Installation of Remeo

Now you can proceed with installing Remeo Client on the basis of this article.