OCS Tanjay, Catalina…??

Here are the differences…

Tanjay, Catalina, and Orca. Tanjay runs WinCE and has a “lightweight” Microsoft Office Communicator client inside of it, allowing it to incorporate a user’s presence information and take advantage of Communicator’s capabilities.

Tanjay operates like a regular phone, with a keypad, handset, built-in speaker phone, and a combination of hard keys and a touch-sensitive display, but offers much more functionality, such as presence awareness, message and calendar displays, call handling rules, etc.

The Catalina is a USB phone that makes me scratch my head for one main reason:

While it has no display , it also has no keypad.  I question how long it will take for people to give up dialing a number on a phone’s keypad to make a call

Several factors influenced Microsoft’s design decision. I applaud Microsoft’s philosophy that we should connect to a person, not simply dial a number and hope someone answers at the other end. This is consistent with Microsoft’s whole approach to UC-check the presence of the person you want to communicate with and act accordingly. This is key for gaining the improved productivity and ROI that investments in UC require.

In addition to the philosophical rationale, Catalina is a USB device and is dependent on the PC to operate; the phone won’t work if the PC is turned off or locked-up. Microsoft doesn’t want users to try to make a call from a device connected to a PC that isn’t turned on or operating, and then blame the phone for not working. Moreover, the current release of Office Communicator doesn’t support DTMF signals from the phone-remember, the phone was specifically designed without this capability so users can connect to a person, rather than just dialing a number. Microsoft is expected to add DTMF support in the next release of Office Communicator and OCS.

Microsoft has been demo’ing a USB wireless device, Orca, touting its mobility capabilities and enhanced features such as subject field display. What Microsoft fails to point out, however, is that the Orca phone has no keypad-that’s right, you can’t make calls from the device. Phone calls can only be made from the Office Communicator client on the PC. Orca is a mobile wireless device, but only for calls placed within arm’s length of the user’s PC.

OCS Access Edge and Web Conferencing Public certificate

So I just finished purchasing a Go Daddy ssl certificate to install on my Acces Edge and Web Conferencing public interfaces.  Here are the important parts of that process.

Went on to the Access Edge server and went through the certificate wizard chose create a new request and chose access edge and web conferencing public interfaces.  I entered my company information and for the for the subject I enetered sip.domain.com and for SAN to be safe I put in the same thing sip.domain.com

• Generated the text file and to GoDaddy we go.
• Bought the 29.99 Standard SSL 1 year certificate.
• pasted the text file that was generated from OCS into the GoDaddy wizard.
• Verified information was correct.
• email was sent to the Administrative contact from the WHOIS registrar lookup
• Admin approved the request
• I clicked on the link after the certificate was sent to me to download the certificate.
• It was a ZIP file so I extracted the file to a folder and re-named the sip.domain.com file from .crt to .CER this was done so that the OCS certificate wizard would recognize it.
• Once I completed the wizard I needed to go to each interface, the Access Edge public and web conferencing public and assign the certificate. 
• I also right clicked on the other file GoDaddy provided and imported that in to the Enterprise Trusted Root Certification Authority.  Restarted all Edge services tested and everything worked.

One thing to remember although it was not necessary is to right click on the imported certificate and ensure the certificate is enabled for all purposes.  You can do that by right-clicking and checking the settings.

Next step Federation.

 

Update ensure you do the following…

 

1.      Download the root CA chain of the public CA and install it on the local computer store of each edge server.

 

This came with the zip file from GoDaddy

Create and Verify DNS SRV and A Records for Client Automatic Client Sign-in

You must create DNS SRV records in your internal DNS for every SIP domain. The procedure assumes that your internal DNS has zones for your SIP user domains.

To create a DNS SRV record

1.       On the DNS server, click Start, click Control Panel, click Administrative Tools, and then click DNS.

2.       In the console tree for your SIP domain, expand Forward Lookup Zones, and then right-click the SIP domain in which your Office Communications Server will be installed.

3.       Click Other New Records.

4.       In Select a resource record type, click Service Location (SRV), and then click Create Record.

5.       Click Service, and then type _sipinternaltls.

6.       Click Protocol, and then type _tcp.

7.       Click Port Number, and then type 5061.

8.       Click Host offering this service, and then type the FQDN of the pool.

9.       Click OK.

10.    Click Done.

To verify the creation of a DNS SRV record for OCS

Log on to a client computer in the domain with an account that is a member of the Administrators group or has equivalent permissions.

1.       Click Start, and then click Run. In the Open box, type cmd, and then click OK.

2.       At the command prompt, type nslookup, and then press ENTER.

3.       Type set type=srv, and then press ENTER.

4.       Type _sipinternaltls._tcp.example.com, and then press ENTER. The output displayed for the TLS record is as follows:

Server:  <dns server>.corp.example.com

Address:  <IP address of DNS server>

Non-authoritative answer:

_sipinternaltls._tcp.example.com SRV service location:

          priority       = 0

          weight         = 0

          port           = 5061

          svr hostname   = poolname.example.com

poolname.example.com       internet address = <virtual IP Address of the load balancer> or <IP address of a single Enterprise Edition Server for pools with only one Enterprise Edition Server>

 

5.       When you are finished, at the command prompt, type exit.

Could Not Sychronize address book with the server. Proxy error

I ran into this error 2 times today during an OCS deployment.  In order to fix it confirm the password in IIS for the LSGroupExpAppPool.  Re-enter the password in the identity tab.

Start the pool.

 

Log off and on to MOC.  Address book should synchronize.

Sound Driver for Windows 2003 in Virtual PC 2007

• Copy the files wdma_ctl.inf and ctlsb16.sys from a Windows XP product CD to a folder.
• In the Windows Server 2003 virtual machine, go to Device Manager –> Other Devices –> Sound Blaster 16 –> Update Driver:
• Install from a list –> Don’t search –> Sound, video and game controllers
• Have Disk –> Browse –> Select folder with the two XP files

OCS Child domain permissions

When deploying OCS in a child domain you will need to ensure that the Domain Admins group of the child domain has been added to the following groups in the root domain…

RTCUniversalServerAdmins
RTCUniversalUserAdmins

 

If you do not add domain admins to those groups you will have difficulty activating the server and will receive an access denied error message.

If you receive a “constraint” error after activation on activating the Web Components, run IISRESET and run activation again.

Technet Multiple domain note

Our Current topology consist of:

• 1 Forest – root.corp (Windows 2003 Functional Level) – with no users or any objects.
• 3 Child Domains – AA.root.corp / bb.root.corp / cc.root.corp
• Each child domain has it’s own Exchange 2007 server, and the external email address for all users are the same @root.com
• The global settings are kept in the configuration container.
• Each Child domain was installed with an OCS 2007 standard edition, and is working properly internally between users.
• Internal CA server is existing on the root domain for certificates.
• Port 5061 & 5062 is opened between the servers.
• All services are running, and the installations were completed successfully on each server including the certificates enrollment.
• Each OCS server have the Root CA certificate installed.
• the SIP domains are: root.corp, aa.root.corp, bb.root.corp & cc.root.corp
• Each certificate was issued with the subject alternate name of it’s FQDN name.
  for example on the server :AA-OCS.aa.root.corp those are the SAN:
  DNS Name=aa-ocs.aa.root.corp

  DNS Name=sip.root.corp

  DNS Name=sip.aa.root.corp

• in the DNS, there is a SRV record of  _sipinternaltls.<domain name> that points to AA-OCS.aa.root.corp for all other child domain (bb.root.corp and cc.root.corp).

OCS Director Role

A Director authenticates inbound requests and distributes them among the servers in the Enterprise pool or to the appropriate Standard Edition Server.
 
Office Communications Server 2007 supports the following Director configurations:
A single Standard Edition Server that is configured as a Director.
An array of Standard Edition Servers that are configured as a Director (requires an Enterprise CA).

An Enterprise pool that is configured as a Director.

You deploy a Director in a manner similar to the way that you deploy any other Office Communications Server 2007 server, and you configure it as a Director by using the Deployment Wizard.
In a load balanced edge server topology (a scaled single-site topology or a multiple-site edge topology), the next hop server on the Director must target the virtual IP address of the Edge Server array’s internal load balancer. Some special configuration steps are required if you choose to deploy an array of Standard Edition servers as a Director. See Appendix A for more information.

Deploy Your Director

To deploy a Director in your organization, you need to set up certificates and DNS as you would for any internal Office Communications Server. The following procedure guides you through the process of configuring a Standard Edition Server as a Director.
To configure a Standard Edition Server as a Director
1. Configure your DNS records as described in the Office Communications Server 2007 Standard Edition Deployment Guide.
2. Insert the Microsoft Office Communications Server CD. Setup starts and launches the Deployment Tool. If you are installing from a network share, navigate to the \Setup\I386 folder, and then double-click Setup.exe.
3. Click Deploy Standard Edition Server.
4. At Configure Server, click Run.
5. On the Welcome to the Configure Pool/Server Wizard page, click Next.
6. On the Server or Pool to Configure page, select the server from the list, and then click Next.
7. On the SIP domains page, verify that your SIP domain appears in the list box. If it does not, click the SIP domains in your environment box, type your SIP domain, and then click Add. Repeat these steps for all other SIP domains that the Standard Edition Server will support. When you are finished, click Next.
8. On the Client Logon Settings page, do one of the following:

a. If the Communicator and Live Meeting clients in your organization will use DNS to locate the pool, click Some or all   clients will use DNS SRV records for automatic logon.
 b. Do not select the Use this server or pool as a Director for automatic logon check box if you are configuring a     Director for external access only. This setting allows internal clients to log on through a Director, and the c. Director then routes requests to the appropriate server or pool.
 If the Communicator clients in your organization will not use DNS to logon to the pool and you plan to manually    configure clients to connect to the pool, click Clients will be manually configured for logon.
9. When you are finished, click Next.
10. On the SIP Domains for Automatic Logon page, do one of the following:
 If in the previous step you selected Some or all clients will use DNS SRV records for automatic logon, select the check box for the domains that will be supported by the server for automatic sign-in, and then click Next.
 If, in the step 8, you selected Clients will be manually configured for logon, skip to the next step.
11. On the External User Access Configuration page, click Do not configure external user access now, and then click Next.
12. On the Ready to Configure Server or Pool page, review the settings that you specified, and then click Next to configure the Standard Edition Server.
13. When the files have been installed and the wizard has completed, verify that the View the log when you click ‘Finish’ check box is selected, and then click Finish.
14. In the log file, verify that <Success> appears under the Execution Result column. Look for <Success> Execution Result at the end of each task to verify Standard Edition Server configuration completed successfully. Close the log window when you finish.
Deactivate Server Roles and Unnecessary Components (Optional)
As a security best practice, you should deactivate and uninstall the server roles that that Director does not require. This practice involves deactivating and uninstalling the Web Conferencing, A/V Conferencing and Web Component roles on this server and deactivating the Address Book Server.
 
To deactivate the roles not required for a Director
1. Log on to the Director with an account that is a member of the local administrators group and a member of RTCUniversalServerAdmins.
2. Open the Office Communications Server 2007 Administration tools: Click Start, point to All Programs, point to Administrative Tools, and then click Office Communications Server 2007.
3. Select one of the following:
• For a Standard Edition Server, expand Standard Edition Server, expand the Standard Edition that you just deployed:
1. Right-click the FQDN of the server, point to Deactivate, and then click Web Conferencing and complete the wizard.
2. Right-click the FQDN of the server, point to Deactivate, and then click A/V Conferencing and complete the wizard.
3. Right-click the FQDN of the server, point to Deactivate, and then click Web Components and complete the wizard.
• For an Enterprise pool, expand Enterprise pools, expand the pool that you just deployed:
1. Expand Web Conferencing, right-click the FQDN of the server, and then click Deactivate and complete the wizard.
2. Expand A/V Conferencing, right-click the FQDN of the server, and then click Deactivate and complete the wizard.
3. Expand Web Components, right-click the FQDN of the server, and then click Deactivate and complete the wizard.
 
To deactivate the Address Book Server
1. Open a Command Prompt window: Click Start, point to Run and then type cmd.
2. At the command prompt, type wbemtest.
3. In Namespace, type root\cimv2, and then click Connect.
4. Click Enum Classes, and then click OK.
5. Select MSFT_SIPAddressBookSetting.
6. Click Instances.
7. Select your SQL database instance.
8. Double-click  Outputlocation.
9. In the Value field, click Null.
10. Click Save Property.
11. Click Save Object.
12. Click Close.

OCS Standard Edition vs Enterprise

Office Communications Server 2007 is offered in two server editions: Standard Edition and Enterprise Edition.

• Office Communications Server 2007 Standard Edition
  Standard Edition requires that primary server components, as well as the database for storing user and conference information, be configured on a single computer. Standard Edition is recommended for organizations that do not require higher availability through clustering.
• Office Communications Server 2007 Enterprise Edition
  Enterprise Edition enables separation of server functionality and data storage to achieve higher capacity and availability. Enterprise Edition is recommended for organizations that that require higher availability through clustering.
• Pools – Standard edition allows for a single pool to be created. Technically it creates a pool, but it doesn’t appear as such in the OCS administration tool, just like a server. Enterprise edition allows for multiple pools to be created. Multiple pools allow for more granular policy enforcement (one policy per pool) and the ability to manage different classes of users individually.
• Database location – Standard edition only supports keeping the RTC databases locally on a SQL 2005 Express instance. This is supposed to scale to ~5000 users, however it can create some management issues if you try to consolidate all your databases together or behind a firewall or if a different group manages SQL and OCS or… you get the idea. The Enterprise edition allows you to specify a remote database server. With a few tweaks it can even be the same server as your LCS 2005 database (requires a separate SQL instance).
• High Availability - You can cluster various server roles with Enterprise edition. With Standard edition you’re pretty much stuck with a sticky-session HWLB to manage your front ends (edge roles) and nothing on the back end.
• Scalability – Technically Standard edition supports up to 5,000 users. Realistically I’d cap it in the 1,000-1,250 range if you’re planning to use the full functionality (Web conference, audio, voip, etc). With Enterprise edition Microsoft supports architectures up to 50,000 users and from personal experience I can say it scales to at least one and half times that with a bit of planning and tweaking.