Content failed to download due to a problem with the Conference Center configuration

“Content failed to download due to a problem with the Conference Center configuration.”.  Whiteboard was fine.  The issue was related to having the wrong credential for connecting to the Meeting content file share. 

In “Basic Settings” on the /Etc/Place/null/Filetree virtual directory (IIS7), the correct “Connect As” credential should be RTCGuestAccessUser.  If you don’t know the password, you can just copy that user in AD (to get group membership, etc), create your own password, and add that user as the “Connect-As” cred.  It is assumed that your meeting content is stored on a network share with permissions based on the MS OCS deployment docs (RTCComponentUniversalServices (Modify); RTCUniversalGuestAccessGroup (Read)).

You will need to input the user name as <domainname>\RTCGuestAccessUser otherwise it will say your password is incorrect.

IISRESET after you are done and test again.

Windows Server 2008 OCS 2007 R2 Certificate requests

After generating a certificate in OCS 2007 R2 and taking it to GoDaddy for a CSR request the request fails.  When generating the certificate in Windows Server 2008 use 2048 bit length also after the CSR is created open the file and see if the —–BEGIN CERTIFICATE REQUEST—– and —–END CERTIFICATE REQUEST—– is present.  If it is not there you will need to manually add it to the beginning and the end of the file.  Also after importing it using the OCS 2007 R2 snap-in verifiy that your internal interface has not been modified.  I needed to renew a certificate and it actually modified the internal interface.

For some reason the dashes above do not appear correctly you need 5 dashes on each side of the ALL CAPS BEGIN CERTIFICATE REQUEST and END CERTIFICATE REQUEST.  Lower case will not work.

Microsoft Business Productivity Online

Vox is announcing availability of the Microsoft Online Services. Below you will find a link that you can use to initiate a free 30 day trial. The Microsoft Business Productivity Online Suite includes:

 Hosted Microsoft Exchange 2007
Hosted Microsoft SharePoint Server 2007
Hosted Live Meeting 2007
Hosted Microsoft Office Communications Server 2007

https://mocp.microsoftonline.com/site/services/bpos/signup.aspx?offer=suite”eid=2860610e-b5ef-4480-8ae4-7beaff86a513

** Business Productivity Online Standard Suite ** Sign up for a 30-day trial!
This trial includes 20 user licenses for Exchange Online, SharePoint Online, Office Live Meeting, and Office Communications Online

Move your business to the cloud and save money!

Please contact Chad McGreanor at Vox Network Solutions if anyone has any questions:

cmcgreanor@voxns.com

Vox Network Solutions is a Microsoft Certified Partner and a Microsoft Small Business Solutions Specialist

Microsoft Office Communicator 2007 R2 in conjunction with Office Communications Server 2007 R2 would intermittently fail to communicate with AOL AIM clients via PIC. Note that this would only reproduce if your OCS 2007 R2 Edge role is running Windows Server 2008 (x64); not Windows Server 2003 (x64).

In order to change the cipher suite order, do the following on your Windows Server 2008 (x64) Edge server:

1. Start -> Run -> gpedit.msc -> OK
2. Within the Group Policy Object Editor, expand Computer Configuration, Administrative Templates, Network
3. Under Network, select SSL Configuration, and then double-click on SSL Cipher Suite Order (by default, the SSL Cipher Suite Order is set to “Not Configured”)
4. Select the “Enabled” radio button, and in the in the SSL Cipher Suites text box, copy the entire string into Notepad.  It should look like the following:
   TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,
   TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521,
   TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521,
   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521,
   TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521,
   TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,TLS_RSA_WITH_RC4_128_MD5,
   SSL_CK_RC4_128_WITH_MD5,SSL_CK_DES_192_EDE3_CBC_WITH_MD5,TLS_RSA_WITH_NULL_MD5,TLS_RSA_WITH_NULL_SHA
5. The objective is to move TLS_RSA_WITH_RC4_128_MD5 to be a the front of the list.  The new order should look like the following:
   TLS_RSA_WITH_RC4_128_MD5,TLS_RSA_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_RC4_128_SHA,TLS_RSA_WITH_3DES_EDE_CBC_SHA,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384,
   TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P521,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384,
   TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P521,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384,
   TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P521,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384,
   TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P521,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,
   TLS_DHE_DSS_WITH_3DES_EDE_CBC_SHA,SSL_CK_RC4_128_WITH_MD5,SSL_CK_DES_192_EDE3_CBC_WITH_MD5,TLS_RSA_WITH_NULL_MD5,
   TLS_RSA_WITH_NULL_SHA
6. Paste the newly-formatted string back into the text field in the GPO Editor, click OK, then restart your Windows Server 2008 (x64) Edge server for these changes to take effect.

OCS 2007 R2 MCU Factory issue

So today a customer called in with a wierd OCS 2007 R2 dial in conferencing issue.  The customer could not join any conferences.  The attendant would answer but the user could never join.

I was able to resolve it by doing the following:

1. Deactivate the Web Conferencing Component (Great now how do I reactivate it?)
2. Activate the conferencing componenet

LCSCmd.exe /MCU /Action:Activate /Role:DATAMCU /PoolName:Pool01 /Password:My$tr0ngPwd

Sustitute Pool01 with the server name if using standard edition.

3. Great I try it again and it still doesnt work
4. Stopped all OCS Services
5. Started all OCS Services
6. Tried again and it worked.

Microsoft Office 2010

http://www.office2010themovie.com/

OCS 2007 R2 Communicator Web Access Issues

I am going to keep this short.  I wish stuff would work the first time…

Apparently there is a bug with CWA and Windows 2008 where the Service Principal Name (SPN) isn’t created for the FQDN of your CWA site. The result is the following error when you attempt to sign in with integrated Windows authentication

Cannot sign in because your computer clock is not set correctly or your
account is invalid (error code: 0-1-492)

The Windows authentication site will fail with the error if your site is running on Windows 2008 Server

 

HOW TO FIX IT:

• You need to add an SPN matching the FQDN of your internal site (cwa.contoso.com) to the user account you assigned in AD for CWA.
• Open ADSIEDIT and navigate to the OU where your CWA service account is stored.
• Locate the CWA service account (mine is called ‘CWAService’) and right-click then choose Properties.
• Turn on the checkbox to ‘Show only attributes that have values’ and scroll down to an entry called ’servicePrincipalName’.
• Click the Edit button.
• Type in the SPN using the following format (http/). For example, if your site is called “cwa.contoso.com” then type in “http/cwa.contoso.com”.

NOTE: Do NOT type http://

 

 

CWA Sign in error code 0-1-492

With all the cool new features of CWA 2007 R2 I was excited to get ours fully functional. We received ambiguos errors publishing CWA with ISA (using both FBA and directly without authentication),  and this error code (0-1-492) beat me up for quite a while. Most posts/fixes I found were related to missing SPNs. After verifying all SPNs were correct on the CWA Service accounts I still received the error.

It turns out the CWA installer doesn’t always apply the correct authentication methods to the right locations. The fix is to enable anonymous authentication on Website/cwa/AuthMainCommandHandler.ashx to ensure clients can successfully authenticate.

 

OCS 2007 R2 Limited External Calling

If you run into a problem with a “Limited External Calling” indication in your office communicator check the following…

 

some calls to and from people outside of your corporate network may not connect due to server connectivity problems. Try Signing out and signing back in. If this problem continues, contact your system administrator with this information.

This is most often because of faulty configuration of the Front-end and Access Edge server.

Verify the listening ports of the Access Edge server and the Front End server that they match.
Verify connection on the specified port (do a telnet on the A/V port)

Its to do with the Mediation server that is unable to contact the A/V Authentication server on the OCS Access Edge server.

Check the following settings.

- Verify that alle Mediation servers are added to the Access Edge servers “verified” internal servers list
- Verify that alle Front End servers are added to the Access Edge servers “verified” internal servers list
- Verify that the A/V Authentication server is configured on the Mediation Server (and pointing to the Access Edge server holding this service)
- Verify firewall configuration by telnet to the A/V aut. port from the Mediation Server
- Verify that the Access Edge server is configured on the Mediation Server and Front End Server

Configuring the OCS 2007 R2 Web Scheduler

To install Web Scheduler

1. 1.       In the Microsoft Office Communications Server 2007 R2 Deployment Tool, run the  WebScheduler.msi.

Note If you are installing this on an Enterprise Edition Pool, step 1 must be performed on every server in the pool that has Web Components installed on it. In addition, the load-balancer must be configured to use Client IP Affinity to ensure that multiple HTTP requests from a user reach the same server that the user logged on to at the start of the session.

 

 

1. 2.       Activate the Web Scheduler. Use the same user name and password that you used to activate Web Components on the computer to activate Web Scheduler by doing one of the following, as appropriate for the edition of Office Communications Server:

• Standard Edition. At a command prompt, issue the following command:

LcsCmd.exe /web /action:Activate /role:Meeting /poolname:<pool_name> /User:<user_name> /Password:<password>

Where pool_name is the name of the computer (for example, computer1) and user_name and password are the same credentials that you used to activate Web Components on this computer.

• Enterprise Edition. At a command prompt, issue the following command:

LcsCmd.exe /web /action:Activate /role:Meeting /poolname:<pool_name> /User:<user_name> /Password:<password> /guest:<guestuser> /guestpassword:<guestpassword>

Where pool_name is the name of the Enterprise pool name (for example, pool1). and user_name and password are the same credentials that you used to activate Web Components on this pool. For the guest user and guest password, use the same guest user account name and password that you used to activate Web Components on the computer.

 The defualt Guest Account it RTCGuestAccessUser    -  This part held me up for a while.

Note LcsCmd.exe tool is located under %CommonProgramFiles%\Office Communications Server 2007 R2.If you do not remember the user name used to activate Web Components, use the following steps. Open IIS Manager (%SystemRoot%\system32\inetsrv\iis.msc), and then navigate to Local Computer, Application Pools, and LSGroupExpAppPool. Right-click LSGroupExpAppPool, click Properties, and then click the Identity tab. Note the user name under Configurable identity type. You only need the name part of the string. If the user name string is Domain\RTCComponentService, RTCComponentService is what you need to use in the activation procedure..

 

1. 3.       Do one of the following to configure an SMTP server:

• Run the WebSchedulerConfig.vbs script. For details, see “Using the WebSchedulerConfig.vbs Script” later in this guide.
• Go to the installation location for Web Components (by default, %systemdrive%\Program Files\Office Communications Server 2007 R2 Web Components), and then edit the Web.config files under the conf\int and conf\ext directories by using Notepad to change the SMTPServer value from an empty string to the FQDN of an SMTP server in the enterprise.

Note The SMTP server needs to permit the <domain>\RTCComponentService account to relay e-mail on behalf of any enterprise user.

 

1. 4.       Verify the Web Scheduler URLs. In a Web browser, go to https://<internal web FQDN>/conf/int and then to https://<external web FQDN>/conf/ext. In these URLs, the internal Web FQDN and external Web FQDN refer to configuration settings provided when you installed the Standard Edition server or Enterprise Edition Pool.

Note The conf/ext virtual directory must be exposed by an HTTP reverse proxy.

BlackBerry support for OCS 2007 R2

Yes today I got my Blackberry to log into the OCS 2007 R2 Enterprise server today.  The trick is having a OCS 2007 R1 CWA server in place prior to loading R2.  I sure hope RIM fixes that as that is going to cause alot of problems.