copy the Directory AgatContentManager to the FE

 Pre-installation:

Agat Content Manager Service need to run in new User.

Step 1: create new User in the AD called: "AGATContentManager"

Step 2: Set permissions to "AGATContentManager"  user:

• in the AD you need to add "AGATContentManager"  user to the Group RTCComponentUniversalServices.
  example for a script: 
  
  

net user "AGATContentManager" <password> /ADD
net localgroup "RTCComponentUniversalServices" "<domain>\AGATContentManager" /add

in the same server with AGAT Content Manager Service - usually Front-End:

• working directory - need to read the configuration file and encrypt the connection string.
• Log file - usually located in  C:\Agat\Logs
• Temp folder - usually located on Front-End in "C:\ProgramData\Microsoft\Skype for Business Server\WebConferencing\Temp"
• for RSA encryption need access to the NetFrameworkConfigurationKey
• add the user to RTC groups - for a further purpose
  


example for script: 

icacls "C:\Program Files\AgatContentManager" /grant "<domain>\AGATContentManager":(OI)(CI)F /T
icacls "C:\Agat" /grant "<domain>\AGATContentManager":(OI)(CI)F /T
icacls "C:\ProgramData\Microsoft\Skype for Business Server\WebConferencing\Temp" /grant "AGATWORK\AGATContentManager":(OI)(CI)F /T
net localgroup "RTC Component Local Group" "<domain>\AGATContentManager" /add
net localgroup "RTC Local Administrators" "<domain>\AGATContentManager" /add
net localgroup "RTC Server Applications" "<domain>\AGATContentManager" /add
net localgroup "RTC Local User Administrators" "<domain>\AGATContentManager" /add
cd %systemroot%\Microsoft.NET\Framework64\v4.0.30319\
aspnet_regiis -pa "NetFrameworkConfigurationKey" "<domain>\AGATContentManager"

Otherwise, one of the exception you'll get:

Exception: "An error occurred executing the configuration section handler for connectionStrings."
Inner Exception: "Failed to encrypt the section 'connectionStrings' using provider 'RsaProtectedConfigurationProvider'. Error message from the provider: Object already exists.\r\n"

Access Portal Configuration (both versions)

theConnectionStringin the app.config file (or AgatContentManagerService.exe.config file) need to contains the user: "AgatDBNotificationsUser"

explanation: SQL has a user named: "AgatDBNotificationsUser" and he has the following permissions:

• ALTER
• CONTROL
• CREATE CONTRACT
• CREATE MESSAGE TYPE
• CREATE PROCEDURE
• CREATE QUEUE
• CREATE SERVICE
• EXECUTE
• SELECT
• SUBSCRIBE QUERY NOTIFICATIONS
• VIEW DATABASE STATE
• VIEW DEFINITION
• CONNECT

After Content Manager first running, the Connection-string has been encrypted, so if you already run it and the Service failed and the failure was due to incorrect Connection String.

in the following section, I show you how to fix it.

The file: "AgatContentManagerService.exe.Config" (app.config) should look like this before first running (after compilation):

in the red rectangle, you can see the connection-string as plane-text.

in the blue rectangle, you can see the connection-string under comment.

After first running:

in the red rectangle, you can see the connection-string after encryption.

in the blue rectangle, you can see the connection-string before encryption and under comment.

Delete all the red area and replace it with the blue area (I suggest to save the blue area for backup so just copy it, not cut it) 

uncomment the blue area and change the credentials 

Access-Portal:

In Access Portal -> settings ->File Handling:

you need to fill: Front End Pool and Collaboration Content Directory.

Front End Pool:

you can find the Front End Pool name in the FE server -> Skype For Business Topology Builder:

Collaboration Content Directory:

you can find the Collaboration Content Directory in the FE server -> Skype For Business Topology Builder -> Shared Components -> File store:

you need to find the directory: "CollabContent", usually you just need to append: "\1-WebServices-1\CollabContent".

in the example above, the  Collaboration Content Directory will be: "\\sql.agatwork.com\SkypeShare\1-WebServices-1\CollabContent".

P2P conversation:

in case of support P2P conversation, you also need to install a trusted application, go to this page: UCMA General Information, and follow the installation instructions.

important note:

if the trusted application is already installed on the server, so you just need to configure in Access-Portal:

• Lync pool name  - as it appears in the topology,
• Access Portal server - the FQDN of the Access Portal server
• Lync site - the SfB/Lync site as it appears in the topology
• Trusted application user SIP - run command on Skype (FE) server (where the trusted application is installed on):

Get-CsApplicationEndpoint

you can see we 2 OwnerUrn SkypeShieldTrustedApp and SIPfilterTrustedApp, so you need to take only the sip address (without the "sip:") of SkypeShieldTrustedApp,
in this example, we take only the string: "alert@agatwork.com".

note that in the Sip-Filter yaml file you also need to make sure that Lync site is configured:

Service Configuration

installation:

• Simply run in cmd "AgatContentManagerService.exe install"