How to manually install the SIP Filter on the Edge server?
In Edge 2019, before installing the service you need to replace files in SIP filter folder.
Open C:\Agat\SphereShield.Setup\Payload\SipFilter\2019
Copy all files
Replace them in C:\Agat\SipFilter
Before proceeding please make sure you have all the requirement installed by following this KB.
Installation
In the extracted SIP folder open CMD and type the following command:
AgatSfbSipFilter.exe install
A successful installation should resemble:
Permissions
Verify which user is running the SIP Filter service:
To that user ("Local Service") grant the following permissions:
- Modify permissions to the SIP Filter folder
- Member of the local group 'RTC Server Application'
- Member of the local group 'RTC Component local group'
- Member of the local group 'RTC Local Administrators'
Configurations
The configuration file of the SIP is called 'AgatSfbSipFilter.yaml'
In that file edit the connection string to match your environment. The syntax should be as follows:
Data Source=<<SQLSERVER>>;Initial Catalog=<<DataBaseName>>;Persist Security Info=True;User ID=<<username>>;Password=<<password>>
In order to initiate a secured connection to the Access Portal, we will need the IV and KEY values from that server.
Open the applicationSetting.config file, its default location is:
C:\inetpub\AccessPortal\configuration\applicationSetting.config
Correct configuration should look like so:
New Application Entry
In the Front End server run the following Powershell command in order to add a new application entry for the SIP Filter:
new-CsServerApplication -identity "Service:EdgeServer:<Edge Server Pool>/lync_access_control" -uri "http://www.agatsolutions.com/lync_access_control" -critical $false -enable $true -priority 0
You can make sure that the application was created by running the 'GetCsServerApplication' Powershell command and looking for the new entry:
All that is left to do now is start the service.