INSERT INTO sites(host) VALUES('communicationsserverteam.com') 2002: Can't connect to local MySQL server through socket '/var/run/mysqld/mysqld.sock' (2) communicationsserverteam.com 网站价值¥316,979(不含域名),MYIP.CN网站综合数据统计 - 域名,Alexa,PR,反向链接,关键字
  测网速 网站优化诊断 广告招商QQ3066631932 CodeForge最好的源码站!   手机测速 测速APP

  
                       

网站页面信息

标题:
描述:
关键字:
sponsored links:
连接:
图片:
网站历史:
sponsored links:

网站流量与估价

网站流量:
网站估价:  (注:不包含域名价值,不代表公司价值)

网站排名

Alexa全球排名:
Google Page Rank:
真假PR鉴别:   (提示:若此处显示网站与查询网站不同,则疑为劫持PR)
Sogou Rank:
百度快照日期:

搜索引擎收录

搜索引擎收录情况反向链接
 谷歌Google:
 百度Baidu:
 微软Bing:
 搜搜Soso:
 雅虎Yahoo:
 有道Youdao:
 搜狗Sogou:

服务器信息

Web服务器:
IP地址:    
IP所在地:

域名注册信息

注册人:
Email:
ICANN注册机构:
创建时间:
修改时间:
过期时间:
状态:
Name Server:
Whois Server:

Alexa 排名走势数据

流量统计: 当日 一周平均 三个月平均
排名:
PV:
日独立IP:

网站在各国/地区的排名

国家/地区访问比例

下属子站点被访问比例

Alexa 排名走势图

Alexa Reach走势图

域名 Whois 记录

Who is communicationsserverteam.com at whois.corporatedomains.com



Corporation Service Company(c) (CSC) The Trusted Partner of More than 50% of the 100 Best Global Brands.



Contact us to learn more about our enterprise solutions for Global Domain Name Registration and Management, Trademark Research and Watching, Brand, Logo and Auction Monitoring, as well SSL Certificate Services and DNS Hosting.



NOTICE:
You are not authorized to access or query our WHOIS database through the use of high-volume, automated, electronic processes or for the purpose or purposes of using the data in any manner that violates these terms of use. The Data in the CSC WHOI

S database is provided by CSC for information purposes only, and to assist persons in obtaining information about or related to a domain name registration record. CSC does not guarantee its accuracy. By submitting a WHOIS query, you agree to abide by the

following terms of use: you agree that you may use this Data only for lawful purposes and that under no circumstances will you use this Data to: (1) allow, enable, or otherwise support the transmission of mass unsolicited, commercial advertising or soli

citations via direct mail, e-mail, telephone, or facsimile; or (2) enable high volume, automated, electronic processes that apply to CSC (or its computer systems). CSC reserves the right to terminate your access to the WHOIS database in its sole discreti

on for any violations by you of these terms of use. CSC reserves the right to modify these terms at any time.



Registrant:


Microsoft Corporation

Domain Administrator

One Microsoft Way

Redmond, WA 98052

US

Email:
domains



Registrar Name....: CORPORATE DOMAINS, INC.

Registrar Whois...: whois.corporatedomains.com

Registrar Homepage: www.cscprotectsbrands.com



Domain Name:
communicationsserverteam.com



Created on..............: Fri, Jul 20, 2007

Expires on..............: Wed, Jul 20, 2011

Record last updated on..: Fri, Jul 17, 2009



Administrative Contact:


Microsoft Corporation

Domain Administrator

One Microsoft Way

Redmond, WA 98052

US

Phone:
+1.4258828080

Email: domains



Technical Contact:


Microsoft Corporation

MSN Hostmaster

One Microsoft Way

Redmond, WA 98052

US

Phone:
+1.4258828080

Email: msnhst@microsoft.com



DNS Servers:




ns1.msft.net

ns5.msft.net

ns4.msft.net

ns2.msft.net

ns3.msft.net





Register your domain name at http://www.cscglobal.com

网站缩略图

sponsored links:

网站访问速度测试

国内Ping速度测试      国内TraceRoute路由测试
美国Ping速度测试      美国TraceRoute路由测试

网站关键字指数 (越高越热门)

域名 communicationsserverteam 其他后缀注册情况   查看更多

后缀 注册时间 到期时间 是否注册
.com
.net
.org
.cn
.com.cn
.asia
.mobi

同类相似网站

查看更多
Alexa标题
149,200Office Communications Server Team Blog
0Office Communications Server
21,352,607OCS - Unified Messaging - Office Communications Server
0LCS-Guides :: Microsoft Live Communications Server Support :: | Live C
0Business Computer Blog (UK) - Main page 1 - IT Know-How for Business P
692,579Office Humor Blog | Office pranks, daily jokes, funny poems, gift
580,761SQL Server Customer Advisory Team - SQL Server Best Practices
89,794International telecommunications website- Communications Resource Con
796,303Office Supplies Blog | Reception Desks
9,155Caltech Office of Communications
909,386Internet communications software for the small to medium sized enterpr
0Internet communications software for the small to medium sized enterpr
349,492Verint : Actionable Intelligence, Workforce Optimization, Networked Vi
920,100Tutorial: Cryptography, Linux Security, Linux Server, Windows Server,
174,272Buy Cheap Software - Discount Prices on Office, Windows, Antivirus, Se
574,713Teambuilding, Inc., Team Building, Consultants, Tools, Training, On-Li
0Mesh Chair, Office Furniture Manufacturer - Elite Team International C
556,876Office Furniture | Computer Desks | Office Seating | Office Tables | O
769,585Server Tarife | Ihr gro
461,404Used Office Furniture - Used Office Cubicles - Office Workstations - D
347,946DP Communications headsets free shipping Business Office Phone System
702,033Office Furniture | Home Office Furniture | Office Chairs | Office Desk
520,100Welcome to Team Atom | Your number 1 private server!
1,595,033Sanitätshaus Aktuell AG - care team - ortho team - reha team - sani t
288,012Serviced Office, Executive Office, Virtual Office, Virtual Receptionis
841,129STRIKE TEAM :: XWIS : OFFICIAL C&C SERVER IN PARTNERSHIP WITH EA
160,080BrMU Server - powered by DarK TeaM Softwares
825,406Office furniture Orlando
21Use a Friendly FQDN when You Configure Communications Server 2007 R
457,273Hosting | Dedicated Server | Domain Names -

模拟搜索引擎蜘蛛抓取

Title:Office Communications Server Team Blog
Description:
Keywords:
Body:
Office Communications Server Team Blog
Welcome to Community Server
Sign in | Join
| Help
Search
.
Syndication
RSS 2.0
Atom 1.0
This Blog
Home
About
Email
Links
Post Categories
ABS (1)
Archiving (1)
Certificates (3)
Communicator 2005 (1)
Communicator 2007 R2 (4)
Communicator Web Access (2)
Conferencing (2)
Developer Tools (1)
Edge Servers (4)
Events (2)
Federation amp; PIC (1)
Interoperability (1)
IT Pro/Dev Documentation (5)
KB Articles (5)
LCS 2005 (3)
Messenger for Mac (1)
Microsoft Certified Master (6)
OCS (17)
OCS R2 (26)
OCS Tools (7)
Online Services Category (2)
Phone Edition (2)
PIC (4)
Powershell (3)
QMS (1)
Setup amp; Deployment (9)
SIP (6)
Speech Server (1)
Survey (1)
Team Bio's (35)
The Next Hop (1)
Training (2)
UC-RTC Sustained Engineering (5)
Video Conferencing (1)
Voice (6)
XMPP (2)
Archives
September 2010 (1)
June 2010 (4)
March 2010 (1)
February 2010 (2)
January 2010 (2)
December 2009 (2)
November 2009 (2)
October 2009 (7)
September 2009 (4)
August 2009 (4)
July 2009 (2)
June 2009 (5)
May 2009 (6)
April 2009 (8)
March 2009 (5)
February 2009 (5)
January 2009 (4)
December 2008 (8)
November 2008 (3)
October 2008 (4)
September 2008 (4)
August 2008 (8)
July 2008 (5)
May 2008 (5)
April 2008 (1)
March 2008 (7)
February 2008 (2)
January 2008 (7)
December 2007 (6)
November 2007 (5)
October 2007 (6)
September 2007 (2)
August 2007 (2)
July 2007 (2)
Monday, September 27, 2010 3:23 PM
OCS Blog Transitions to NextHop
The OCS Team blog is now officially retired. Let me take this opportunity to thank all of our contributors and loyal readers. It has been a privilege working with you. But, we aren’t going far. You may have noticed that recent posts include a reference to NextHop. Here’s an introduction to our new Lync Server blog for IT Pros. Same great information with a different wrapper. What Is NextHop? Welcome to NextHop! NextHop is the Microsoft Lync Server team’s customer response channel—a new medium to rapidly make the information you need available to you, when you need it. NextHop provides pertinent, short-format, technical articles between major releases of the product and associated product documentation (technical library content, Resource Kit book, whitepapers, and tools). NextHop highlights the knowledge of experts in the Communications Server community, bringing you information from internal and external experts, such as the Lync Server engineering team and our Most Valuable Professional (MVP) community. In addition to publishing great content by contributing authors, NextHop keeps a pulse on the community. The Lync Server Blog Roll and @DrRez Twitter feed highlight the activities of other blogs focused on Lync Server. NextHop provides pointers to a wealth of information about Lync Server. Our plan is to support, encourage, and evangelize all the great content that is being written about Lync Server. NextHop brings you fresh articles every week. Many of our article ideas come from none other than YOU. We look forward to lively engagement with our readers. Most articles will be between 2 and 7 pages, so 5 to 10 minutes of reading is usually all that’s required at any one time. Our objective is to help you find quick answers on how to: Ramp up on Lync Server Find information to get started Solve a particular problem Get advice from the experts Read and use the articles and let us know how we are doing, what helps you, and what additional information you think we should provide. If we’re not hitting the mark, let us know. We’ll use your feedback to improve what we deliver. To tell us how we are doing and what you want: E-mail us: NextHop@microsoft.com Tweet us: http://www.twitter.com/DrRez To update your RSS reader, here are the key sites that form our UC social media outreach ecosystem: · NextHop blog: Lync core articles: http://blogs.technet.com/b/nexthop/
posted
by
ocsteam |
37 Comments
Filed Under:
OCS R2, The Next Hop
Friday, June 04, 2010 4:14 AM
Set Up an Office Communications Server 2007 R2 Federation Clearinghouse
Check out this post on NextHop, our new Communications Server IT Pro web portal.
This article provides some guidance about how to set up a Microsoft Office Communications Server 2007 R2 federation clearinghouse deployment. The goal of the clearinghouse is to simplify Public IM Connectivity (PIC) (such as AOL, The Microsoft Network (MSN), and Yahoo) with existing on-premise Office Communications Server 2007 R2 deployments. The clearinghouse model also facilitates relationships between member organizations.
posted
by
ocsteam |
74 Comments
Friday, June 04, 2010 4:12 AM
Protecting the Edge Server Against DoS and Password Brute Force Attacks in Office Communications Server
Check out this post on NextHop, our new Communications Server IT Pro web portal.
Companies that allow employees to sign in to Office Communications Server remotely from the Internet can be susceptible to denial-of-service (DoS) and brute-force attacks. These kinds of attacks involve guessing users’ passwords or locking out user accounts when too many incorrect password attempts are made to a valid Active Directory user account when password policy is enforced.
posted
by
ocsteam |
34 Comments
Friday, June 04, 2010 4:07 AM
Ten Steps to PowerShell Scripting with Office Communications Server 2007 R2
Check out this post on NextHop, our new Communications Server IT Pro web portal.
Windows PowerShell can be used as a management tool for Microsoft Office Communications Server 2007 R2. PowerShell is one of most versatile scripting environments available on the market today.
posted
by
ocsteam |
14 Comments
Friday, June 04, 2010 2:26 AM
Use a Friendly FQDN when You Configure Communications Server 2007 R2 and Outlook Web App Integration
Check out this post on NextHop, our new Communications Server IT Pro web portal.
Outlook Web App now supports the use of SIP client integration with Office Communications Server. This provides a great feature set for users, but there are some things you must do when integrating with Communications Server to make it all work.
posted
by
ocsteam |
10 Comments
Thursday, March 25, 2010 6:11 PM
Feedback around protecting OCS
Our friends on the Forefront Server Protection team are conducting research to understand what applications you would like to protect, and how you would like them protected. One of the applications they are soliciting feedback on is OCS. The survey shouldn't take more than 5-10 minutes, and your feedback directly impacts product decisions. Please head over to http://www.surveymonkey.com/s/forefrontsurvey to take the survey. #160; We appreciate your valuable input.
posted
by
ocsteam |
34 Comments
Filed Under:
OCS, OCS R2
Friday, February 19, 2010 12:26 PM
Archiving Report for OCS 2007 R2
The Archiving Report* is meant to provide an easy way to pull information out of the archiving database. It builds on the functionality provided by the Archiving PowerShell script that was written (http://communicationsserverteam.com/archive/2009/09/28/584.aspx) and adds a GUI interface, the ability to filter by date, and message formatting. It has been tested against OCS 2007 R2 and SRS 2005.?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /
Installation
1. Open Report Manager – http(s):// lt;SRS Server gt;/Reports
2. Click on New Folder
3. Give the folder a name – i.e. OCSArchivingReport
4. Click OK
5. Click on the folder you just created
6. Click on Upload File
7. Browse to the location where you downloaded OCSArchivingReport.rdl and select the file
8. Click OK to upload the report
9. Click on New Data Source
10. Enter LcsLog for the Data Source name
11. Enter Data Source= lt;SQL Servername gt;;Initial Catalog=LcsLog for the Connection String
a. Replace lt;SQL Servername gt; with your SQL server\instance
12. Select the Windows integrated security radio button
13. Click OK
14. Click on OCSArchivingReport
a. You will see the following error: The report server cannot process this report. The data source connection information has been deleted. (rsInvalidDataSourceReference). This is normal, since we haven’t linked the report to the data source we just created.
15. Click on the Properties tab
16. Click on Data Sources in the left-hand column
17. Make sure A shared data source radio button is selected
18. Click the Browse button
19. Expand OCSArchivingReport and click on LcsLog
20. Click OK
21. Click Apply
The report is now linked to the data source and ready to be used.
Using the Report
The report allows you to enter the SIP URI of any 2 users that you want to view archived messages from. If you enter “Any User” (case sensitive) for either of the user input boxes, you are able to view any message from any user to a specific user as well as any user to any other user. You can use the Start Date and End Date to narrow down the search to a specific date range. Once you have entered all of the inputs, click on View Report.
The results of the search are shown. The First User column represents the sender of the message and the Second User column represents the recipient of the message. The Message column shows the message that was sent as well any formatting on the message. Changing Show Toast to Yes will show the toast messages as well as the Toast column.
A big Thank You to Rich Thorp for helping me put together this report!
Doug DeitterickPFE
* This is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified in the Terms of Use (http://www.microsoft.com/info/cpyright.htm).
posted
by
ocsteam |
50 Comments
Attachment(s): http://communicationsserverteam.com/files/9/powershell_scripts/entry756.aspx
Friday, February 12, 2010 1:39 PM
Microsoft Certified Master (MCM) Program
Microsoft Certified Master (MCM) Program: Recognizes, Develops, Certifies Technical Excellence
How do senior IT professionals differentiate themselves from the competition? The MCM program, through intensive training by world class experts, plus extensive written and lab-based testing, certifies only the most qualified. As an MCM you’ll join an elite community of Microsoft software and technology experts, and you’ll be recognized as one of the top Microsoft technology experts in the world. Learn more about the Microsoft Certified Master Program
posted
by
ocsteam |
20 Comments
Monday, January 25, 2010 2:02 PM
Free Instructor-Led Training for end-users: Introduction to Office Communicator
Do you have end users that need Office Communicator training? Are your users maximizing the basic features of OC? Microsoft now offers a free instructor-led session that introduces key Office Communicator usage scenarios through live demonstrations and hands-on activities. This live course is held in a virtual classroom via Office Live Meeting. It will allow hands-on experience to build knowledge, skills, and confidence to use Office Communicator more effectively. These features will be covered in this high-level overview: Instant Messaging Presence Contact Management Audio and Video Desktop Sharing Office Application Integration Add a Live Meeting Communicator Web Access Click here to register: https://events.livemeeting.com/967/15027/reg.aspx?pc=05 We hope to see your users at an upcoming session!
posted
by
ocsteam |
12 Comments
Thursday, January 21, 2010 5:46 PM
Additional Windows Live Messenger PIC/Federation IP Address
This information was originally posted by Terry Lyons on his blog.
Feb 12 update from Terry's blog:
=====================================================
POSTPONED: Additional Windows Live Messenger PIC/Federation IP Address
Reference my original blog on an Additional Windows Live Messenger PIC/Federation IP Address
Tomorrow’s planned added capacity has been postponed for technical reasons and to provide additional time for administrators to update their firewall settings if necessary to reflect the additional IP address. The new date that this work is scheduled to go into place is Friday, March 26, 2010. For organizations that have chosen to restrict this traffic to specific IP addresses, you must have the list in KB 897567 in place prior to Friday, March 26, 2010 or PIC connectivity with MSN will fail.
897567 Known issues that occur with public instant messaging and Communications Serverhttp://support.microsoft.com/default.aspx?scid=kb;EN-US;897567
=====================================================
Notification
In an effort to provide enhanced capacity and service reliance, Windows Live Messenger will soon be adding an additional IP address used for PIC/Federation traffic. Some organizations have chosen to restrict this type of traffic to specific IP addresses, as referenced in Microsoft KB 897567 (http://support.microsoft.com/kb/897567). With this in mind we want to give you advanced notice of our intended change if you have configured your enterprise network in this manner.
Please ensure your enterprise firewall configuration is updated with the full list of Windows Live Messenger addresses below on or before Friday, February 12, 2010. Windows Live Messenger will NOT enable the additional IP addresses until on or after February 12, 2010 (Pacific Time) to ensure your services will not be disrupted by this change.
IP address for Windows Live Messenger PIC/Federation:
64.4.9.181 64.4.9.245 64.4.50.110 (Additional new IP address) 65.54.52.53 65.54.52.245 65.54.227.249
For more information please reference Microsoft KB 897567, or for further assistance, please engage Microsoft Customer Support Services via http://support.microsoft.com/.
posted
by
ocsteam |
17 Comments
Monday, December 14, 2009 1:31 PM
Office Communications Server Remote Connectivity Analyzer
Have you ever installed an Office Communication Server and wanted to verify your remote access was setup and configured properly? Or what if you get a call or an escalation regarding a service or connection not working? How do you verify whether the issue is with an individual user or with everyone throughout the company? And if there is a problem, where do you start troubleshooting? Is it a DNS problem? Is it a certificate problem? Is a port not open on the firewall? The Office Communications Server Remote Connectivity Analyzer is a great tool for performing testing, troubleshooting, and diagnostics on OCS 2007 amp; OCS 2007 R2 deployments. The tool will assist you in finding answers to the before mentioned scenarios. #160; You should use the RCA as your initial stop when attempting to troubleshoot an OCS edge server connectivity issue. #160; #160; The Office Communications Server Remote Connectivity Analyzer is a web site for IT Administrators to validate and diagnose end-to-end Office Communications Server scenarios. The site simulates multiple Office Communications Server client access scenarios from outside the customer's infrastructure and reports whether the test was successful. #160; If the test fails, we inform the IT Admin exactly where in the process it failed as well as provide troubleshooting tips on resolving the issue. The OCS Remote Connectivity Analyzer is found here: https://www.testocsconnectivity.com/ Right now the tool is in its BETA release. This release allows you to either manually specify your server settings or have the server attempt to autodiscover your settings. Future tool enhancements will include deeper diagnostic information, detailed troubleshooting information, and other tests. If you encounter any issues with the tool or would like to provide suggestions/feedback, please do so using the email: ocsrca@microsoft.com
posted
by
ocsteam |
25 Comments
Filed Under:
OCS, OCS R2, Communicator 2007 R2
Wednesday, December 09, 2009 12:41 PM
Interoperability support between Cisco and Microsoft products in unified communications
Cisco and Microsoft are competitors in the unified communications space, with very different visions and product approaches – I don’t think that’s going to come as a surprise to anyone. Nor should it be a surprise that many customers have Cisco networking and telephony gear along with desktop, messaging and collaboration software from Microsoft and want our products to interoperate together well in the customer’s environment. ?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /
To Microsoft, that means we want to offer customers software that runs great on Cisco networks. With Office Communications Server’s support for the Cisco ISR platform, great support for DSCP packet marking to deliver QoS, VLAN tagging, and many more technologies, we are delivering a lot of capabilities so customers can get the most out of their Cisco network investments.
We also look to interoperate broadly using open standards with Cisco products in unified communications. As part of both companies’ commitments to our customers and shareholders, we’ve recently published a joint statement of interoperability for our products in unified communications, specifically addressing how Microsoft Office Communications Server and Cisco Unified Communications Manager work together across three different deployment scenarios, and what each company supports. You can download that statement on the Microsoft site and yes the same document from the Cisco site.
The statement was drafted specifically with regard to Cisco of course, but an important point to remember is that Microsoft looks at interoperability across all of the vendors in a particular space – we don’t provide preferential treatment to support Cisco products or scenarios uniquely. So the support statements we’ve crafted with Cisco, while applying directly to Cisco products, are founded on principles that can be applied to any vendor’s products in a given scenario.
The first scenario is Direct SIP, where Office Communications Server is a peer telephony platform to an IP-PBX and exchanges calls using SIP, without the use of an intermediate gateway. A number of IP-PBXs have qualified for Direct SIP support with Office Communications Server by engaging through our Unified Communications Open Interoperability Program (UCOIP) to provide joint support. In addition to that effort, Microsoft also tests IP-PBXs that have not engaged in the program, based on customer demand. As such, we delineate between products that have been “qualified”, where the IP-PBX vendor engages through the UCOIP and both companies support the integration, and those that have been “tested”, where Microsoft solely does the testing and supports the configuration. This is why you see some versions of Cisco Unified Communications Manager supported by Microsoft for Direct SIP, but not by Cisco. Our customers have clearly told us it’s important to provide both programs, as many have older IP-PBXs that vendors may not choose to come through the UCOIP. Those models Microsoft can test and potentially support (based on the IP-PBXs adherence to standard-based SIP), allowing customers to get more value out of their existing investments.
The second scenario is Remote Call Control (RCC), where the PBX station set (doesn’t have to be IP in this case) is controlled by Office Communicator. Here, we don’t have a testing or qualification program – there are many PBXs and Gateways that support the ECMA TR/87 standard used by RCC and those products will work with Office Communicator, as we support the TR/87 interface. Many PBX vendors will have a specific testing matrix for which middleware layer or CTI link is supported with Office Communications Server. In addition, there are a variety of RCC gateways in the market from companies like CoreBridge, Estos and Genesys that further expand the diversity of PBX models and versions available. Microsoft has announced the deprecation of the RCC feature for the next release of Office Communications Server, so new deployments of RCC will not be supported with the coming release. However, customers who have existing deployments of RCC can upgrade to the next release and will continue to be supported through the lifecycle of that release – a good long time.
Finally, several PBX vendors have brought to market plug-ins to Microsoft Office Communicator that allow for Office Communicator to interact directly with a PBX environment. These plug-ins are built on top of the Office Communications Server APIs which provide an extensible platform for the development of communications integrated directly into business process applications, customizing the functionality of Office Communicator or Office Communications Server and much more. Microsoft welcomes all vendors who build on our platform, whether they are Microsoft ISVs, Partners or traditional competitors in the unified communications space. My colleague BJ Haberkorn has devoted an entire blog post to this, and specifically discusses the Cisco Unified Communications Integration for Microsoft Office Communicator, or CUCiMOC – don’t hesitate to check that out.
Finally, look forward to the dialogue - I’ll hound the blog for comments, or you can contact me directly at [sip | smtp] : jastark (at) microsoft.comP
Jamie Stark
OCS Senior Product Manager
P
posted
by
ocsteam |
47 Comments
Filed Under:
Voice, SIP, OCS R2, Interoperability
Friday, November 20, 2009 9:35 AM
Looking for Troubleshooting Help? Easy as 1-2-3
1) Search; 2) Ask; 3) Contact Microsoft from the revised Office Communications Server and Client Troubleshooting and Support page. You know it; we know it: Stuff happens. There are times when an unforeseen confluence of circumstances causes problems in your deployment (which only an hour ago was running perfectly): Interaction with some piece of new hardware or software, the need for some atypical set of system configurations, some update in settings that seems likes it should just work, or some set of recent network or other events--not to mention, some very quot;creative quot; end user behaviors. When stuff happens, you want answers. We want to help. The revised Office Communications Server and Client Troubleshooting and Support page design is streamlined to make the process of finding an answer faster and easier: 1) Search to find out quickly whether your issue, event, or error message has been addressed in a KB article or other documentation. 2) Ask community experts (both inside and outside of Microsoft) who may have experienced similar issues or can provide insight. 3) Contact Microsoft Support if you still cannot get the answer you need. #160; Adam Dudsic Site Manager
posted
by
ocsteam |
20 Comments
Filed Under:
OCS, OCS R2, Communicator 2007 R2
Monday, November 09, 2009 1:21 PM
Update Headaches? Help is here!
We’ve just published a new Updates Resource Center for Office Communications Server 2007 R2 and Clients on the OCS TechCenter.?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /
And we’ve gone one step further: Our Sustained Engineering and support teams* have created a Cumulative Server Update Installer tool to help simplify the application of the updates. The Cumulative Server Update Installer applies all updates for the appropriate server role in one click!
*Kudos to our Sustained Engineering and support team members.
Each link text on the Updates Resource Center page contains the release date for the update so that you can easily recognize whether you have the most recent updates. Each link leads to a Knowledge Base article that lists the contents of the updater, describes the issues fixed, and provides other important installation information–in addition to pointing to the actual downloadable file.
Adam Dudsic
Site Manager
posted
by
ocsteam |
7 Comments
Filed Under:
OCS Tools
Friday, October 30, 2009 3:22 PM
Office Communications Server Resource - User Forest Topology
Office Communications Server 2007 and Office Communications Server R2 have two multi forest topologies that have been tested by and are supported by Microsoft. One of these topologies is the Office Communications Server Resource forest \ User forest topology and the other is the Office Communications Server Central forest and User forest topology. The focus of this document will be to discuss the implementations of the Office Communications Server Resource forest \ User forest topology.?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /
The Office Communications Server Resource forest \ User forest topology allows resources like Exchange 2007, Exchange 2003, Sharepoint services and Office Communications Server which will reside in the Resource forest to be accessed by the users that reside in the User forest. The configuration of the Resource forest \ User forest topology requires that the following prerequisites be completed prior to the configuration of the domain user account information that will be hosted in the local Active Directory of each forest that is part of this topology.
Here are the prerequisites that are required to accomplish the task of creating the office Communications Server Resource forest \ User forest topology.
Firewall configurations
Depending on the two forests intra / inter active directory topology the usage, placement and configurations of firewalls can vary. Configuring any firewalls to securely manage the needed network connectivity can be a challenging task. If necessary this operation will have to take place first to allow the creation of the needed forest trust between the Resource and User forests.
The Microsoft KB article listed below will describe the Server 2003 domain services protocols / ports that will need to pass through the organizations firewalls that separate the Windows Active Directory locations which host the Resource servers and the user domain accounts that will be enabled for Office Communication Server sign on.
Service overview and network port requirements for the Windows Server system
http://support.microsoft.com/kb/832017
Please take into consideration the version of Office Communications Server and Microsoft Exchange that you will be deploying when planning your firewall configurations. Office Communications Server 2007 R2 UC client connectivity requires a wider range of port connectivity for client access to the larger range of services that Office Communications Server 2007 R2 hosts, when compared to Office Communications Server 2007. Exchange 2007 uses its web hosted Exchange Web Service for client mailbox access and Free \ Busy data access this requires the use of TCP port 443 from the UC clients in the User forest. Exchange 2003 will allow MAPI client mailbox access through the use of RPC and the Endpoint Mapper management of TCP ports in the ephemeral range. The Office Communicator client will also have to have access to the Exchange 2003 public folders using a range of TCP ephemeral ports. The use of Virtual Private Network technologies to manage the needed network communications between the network endpoints that separate the server deployment in the Resource forest from the domain user accounts in the User forest is a preferred method for secured communications between the two.
For information on how Office Communicator accesses free busy data please read
Communicator 2007 does not update the free/busy information as scheduled
http://support.microsoft.com/kb/941103
The following KB article discusses how to limit the amount of TCP ephemeral ports that are managed by the domain's RPC Endpoint Mapper Service. This may help network administrators provide more security at the level of inter and intra forest firewalls.
How to configure RPC to use certain ports and how to help secure those ports by using IPsec
http://support.microsoft.com/kb/908472
To test domain service port access and all TCP port connectivity between to IP endpoints please download and use the Microsoft tool PortQryUI.exe which can be down loaded the Microsoft downloads web site.
PortQryUI - User Interface for the PortQry Command Line Port Scanner
http://www.microsoft.com/downloads/details.aspx?displaylang=en amp;FamilyID=8355e537-1ea6-4569-aabb-f248f4bd91d0
How to use Portqry to troubleshoot Active Directory connectivity issues
http://support.microsoft.com/kb/816103
The following Microsoft KB article provides information on the various VPN technologies that Microsoft has to offer.
Virtual Private Networks
http://technet.microsoft.com/en-us/network/bb545442.aspx
DNS resolution
The active directory forests / domains that participate in any multi forest topology will require name resolution. The Resource forest / User Forest design requires at least DNS resolution for the Users in the User forest to access the server resources in the Resource forest. This one way DNS solution will work with the manual deployment method (which is described below) when you do not have to use a scripting tool in the Resource forest to access the domain user account information in the User forest. When using the automatic method (which is described below) the Exchange Linked Mailbox wizard will have to be able to access the active directory in the User forest. This will require DNS resolution from the User forest to the Resource forest and the User forest will require DNS resolution from the Resource forest to the User forest. Also, the type of DNS infrastructure that is required will be instrumental in the implementation of the required Server 2003 forest level trust relationship.
The Outlook 2007 and Office Communicator clients that will be hosted in the Users forest will require an additional HOST record in the DNS zone that represents the active directory domain which hosts the Exchange 2007 resource. This record will allow the Outlook 2007 client access to the Exchange Web Services for autodiscover and availability. The host record should be entered in the following format e. g. autodiscover.domain.com. This additional FQDN will be used to make secure requests to the Exchange Web Services folders that are hosted on the Exchange 2007 CAS such as https://autodiscover.domain.com/autodiscover/autodiscover.xml. These secure requests to the Exchange 2007 server on TCP port 443 require the use of an additional Web Server certificate that will be hosted locally on the Exchange 2007 server's computer certificate store and assigned to the local IIS Default web server. This certificate will have a Subject Name value that matches the FQDN of the Exchange server and it must contain the autodiscover FQDN in the SAN list e. g. autodiscover.domain.com.
Forest Level Trusts
The type of Server 2003 forest level trust that will be required depends on whether you plan to use the manual method or the automatic method for the implementation of the Office Communications Server Resource forest \ User forest topology. The manual method will require a one way Server 2003 forest level trust where the Resource forest trusts the User forest. The automatic method will require a two way Server 2003 forest level trust relationship so both forests will trust the other forest for resource access. Please do not confuse the Server 2003 forest level trust with the Windows external trust. The external trust will function between any two forests and the Exchange 2007 Linked mailbox implementation is fully operational when using a two way Windows external trust between ant two forests, but the Office Communication Server users in the User forest will not be able to sign into Office Communicator when using the Windows external trust. The design of the Server 2003 forest level trust supports both the use of NTLM and Kerberos v5 authentication methods.
Forest Functional Level
The creation of the Server 2003 forest level trust requires a forest functional level of Server 2003. Again the Exchange 2007 Linked mailbox implementation only requires a Windows 2000 forest functional level. So Exchange could already be operational in a Resource forest \ User forest environment as per a prior deployment too Office Communication Server. This can lead to sign on issues with the Office Communicator client in the User Forest.
Here are the steps you will need to take to implement the automatic and manual methods for creating the Office Communications Server resource forest \ User forest topology:
1. Manual method: make sure that the User forest can perform DNS resolution to the Resource forest. Automatic method: Make sure that each forest can perform DNS resolution for the resources in the other forest. If you are using a Microsoft Server 2003 DNS infrastructure then you will be able to use the DNS manager which is located on the Server 2003 DNS server or servers in either forest to create the needed secondary DNS forward lookup zones that will allow domain name resolution to the other forest in the multi forest topology.
2. The forest functional level has to be set to Server 2003. This can be confirmed by using the Active Directory Domains and Trusts MMC on the domain controller in the forest root domain that holds the PDC emulator role. This step requires research in a mixed domain forest. Please read the following Microsoft KB article before proceeding with this step.
How to raise domain and forest functional levels in Windows Server 2003
http://support.microsoft.com/kb/322692
3. Creating the forest trust relationships can be done by using the Server 2003 trust wizard that can be accessed in the Server 2003 Active Directory Domains and Trusts MMC. Please read the following Microsoft Technet information before proceeding with creating the needed forest trust relationship between the Resource forest and the User forest.
Creating Domain and Forest Trusts
http://technet.microsoft.com/en-us/library/cc740018.aspx
Certificates
The Exchange server and the Office Communications Server will require their certificates to be managed as per the PKI deployments that are described in their deployment documentation. Please read the available certificate documentation for these products. Certificate design can vary to meet the needs of the different hardware configurations that Exchange and Office Communications Server can be deployed using. If the services that are hosted in the Resource forest use a Windows PKI for certificate level security, then be sure to assign that trusted Root CA certificate to the Windows clients in the Users forest that will require secure access to these services. If you are using Exchange 2007 with Outlook 2007 clients please read the information about certificate design listed above under the DNS sub title.
Resource \ User Forest Deployment Methods
There are two methods that can be used to ensure access to Office Communications Server in the Resource forest by domain user accounts that exist in the User forest. The first is the manual method. The manual method will be typically used when Exchange 2003 or Exchange 2007 is not installed in the Resource forest or user mailboxes are not configured yet and Office Communications Server is deployed in the Resource forest. The manual method requires that you manually create user accounts in the Resource forest that match the domain user accounts that you want to be Office Communications Server enabled in the User forest. These accounts must have at least matching first and last name, sign on name, and password information. These domain user accounts must be homed to the local Office Communications Server front end server or pool that is located in the Resource forest. The domain user accounts should be disabled in the Resource forest domain that they are hosted in for security purposes. The most important step is the manual mapping of the objectSID attribute from the user account in the User forest to the disabled user account in the Resource forest. The second method known as the automatic method is the more preferred method, preferred because it incorporates the extensibility of Microsoft Exchange 2003 or Microsoft Exchange 2007 along with the use of Office Communications Server services. This design can include the integration features of Office Communications Server and Exchange 2007 Unified Messaging for a richer user experience. The use of either version of Exchange will ensure the integration of the enhanced presence features of Office Communications Server for use with the Office Communicator and Outlook 2007 SP1 clients. The automatic method will use the Linked Mailbox enablement procedure to create the Exchange 2007 mailbox for the domain users in the User forest. This procedure will also create the matching disabled user accounts in the Resource forest. This step will not enable the use of Office Communications Server for users in the User forest. First, the disabled user accounts have to be enabled for Office Communications Server in the Resource forest and homed to the Office Communications Server Pool or FE server. The automatic method allows the use the Office Communications Server Resource Kit tool sidmap.wsf to locate the Exchange mailbox enabled / Office Communications Server enabled account and map the objectSid attribute from the user object in the User forest to the correct attributes of the matching disabled user object in the Resource forest.
Manual Method
The manual method does not require that Exchange 2007 or Exchange 2003 be installed into the Resource forest. However Office Communications Server does have to be installed in the Resource forest and the Office Communications Server enabled for sign on user accounts must exist only in the Users forest. The manual method provides us with a good way to test the Office Communications Server functionality of the Office Communications Server Resource forest / User forest deployment prior to adding other server resources to the Resource forest. This method will allow the Office Communications Server enablement of a few user accounts so administrators can test instant messaging and other built in functionality of the Office Communicator client. The result of this implementation is basically the same as the automatic method just less the availability of Exchange services. Here's how it’s done:
1. In the User forest create a user account in one of the active directory domains that will be hosting Office Communication Server services. The Domain user account can simply be defined with a username, first name, last name, and a password.
2. Now move to the Resource forest and from a domain controller in the active directory domain that is hosting Office Communications Server create a domain user account using the same information that was used to create the domain user account in the User forest. Please remember to disable the new domain user account in the Resource forest for security purposes.
3. Now on the Office Communications Server in the Resource forest open the dsa.msc (AD Users amp; Computers). Locate the domain user account that you just created and then open its properties dialog. Use the Communications tab to associate the account with a SIP URI and the Office Communication Server pool or server that the user will be homed to.
4. Now all we have to do is use adsiedit.msc on a domain controller that hosts the new domain user account in the User forest and access that domain user account's properties. Browse the attributes of the domain user account and locate the objectSID attribute. Edit the attribute and then copy the SID value to notepad and save it to a shared location on the server. Make sure that the SID value does not get accidentally updated in either location, then exit out of adsiedit.msc without saving any changes.
5. Now from a domain controller in the active directory domain that hosts the Office Communications Server installation use adsiedit.msc to locate the new domain user account that you want to use with Office Communications Server in the User forest. Open the properties dialog of this domain user account and then search the attribute listing for the msRTCSIP-OriginatorSID attribute. Edit the msRTCSIP-OriginatorSID attribute, and paste the SID value from the objectSID of the user forest / domain user account into the SID value window in adsiedit.msc. Apply the changes and close adsiedit.msc.
a. msRTCSIP-OriginatorSID = objectSID of the User Forest User
?xml:namespace prefix = v ns = "urn:schemas-microsoft-com:vml" /
msRTCSIP-OriginatorSID
This attribute is used in resource and central forest topologies to enable single sign-on when a user’s ObjectSID from the Windows NT principal account is copied into this attribute of the corresponding user or contact object in the resource or central forest. Communicator Web Access searches for a user in Active Directory using this attribute or the user’s ObjectSID. This attribute is marked for global catalog replication.
6. Now from a client in the Resource forest you can sign into Office Communicator using the domain user account that is enabled for Office Communications Server in the Resource forest.
7. Perform this task with two or three domain user accounts to test the basic usages of Office communicator in the User forest.
Automatic Method
The automatic method requires the installation of Exchange 2007 or Exchange 2003 in the Office Communications Server resource forest. This method will also require the installation of the Office Communications Server Resource Kit tools on a server in the Resource forest.
1. In the User forest create a user account in one of the active directory domains that will be hosting Office Communication Server services. The Domain user account can simply be defined with a username, first name, last name, and a password.
2. Exchange 2007 SP1 allows the Administrator to create mailboxes for domain users in remote forest by using the New Mailbox wizard option called appropriately "Linked Mailbox".
a. The wizard will prompt you to create a new user or use an existing one. Using these steps you can create a new domain user account in the Resource forest using the same information that was used to create the domain user account in the User forest.
b. Choose the mailbox database for the new account. Click Next
c. Choose the trusted User forest.
d. Enter the credentials for the Administrator in the Resource forest and choose the specific Domain Controller that you can authenticate to in the User Forest which hosts the user account for mailbox creation.
e. Choose the user account in the User forest that you want to create the mailbox for.
f. Click Next / Next / Finish to create the mailbox
6. Upon the creation of the mailbox user in the User forest you will have created a matching disabled user account in the Resource forest. The new disabled user account will contain all the MSEXCH* attributes along with User forest and Resource forest accounts will contain different objectSID attribute values. However, the msEXCHMasterAccountSID attribute of the Exchange enabled domain user in the Resource forest will have been updated in the following manner.
a. msEXCHMasterAccountSID = objectSID of the User Forest User
msExchMasterAccountSid
If the mailbox is owned by a user that is outside of the local Windows 200x forest, msExchMasterAccountSid should contain the SID of that external user account. In this case, the disabled user account is also not used to log on directly, but instead this configuration allows a user outside of the forest to own an Exchange 200X mailbox within your organization. The foreign user account may be either a Windows 200X user from a separate forest, or a Windows NT 4.0 user account. If the value of msExchMasterAccountSid is the SID of an external account, the value must be unique. You may not have more than one disabled user account with the same SID in msExchMasterAccountSid in the entire forest. The msExchMasterAccountSid attribute should not point to a security principal (User or group) that is in the local forest, with the exception of foreign security principals. The external account specified in the msExchMasterAccountSid attribute should also have "Full Mailbox Access" rights granted in the Mailbox Security Descriptor. The SID must be written in a binary format, not security descriptor definition language (SDDL) format.
7. The next step is to Office Communications server enable the disabled domain user or users accounts. If the domain user's SIP address matches their SMTP address then you can use the AD U amp; Cs Office Communications Server Enable Users wizard to SIP enable the domain user accounts in their OU or the Users container. If not then you can use the manual method in AD U amp; Cs, by first accessing the property dialog of the domain user account in its OU or Users container and then from the Communications tab assign the domain user’s SIP URI and home them to the Office Communications Server Pool or FE server.
8. Now you can use the Office Communication Server Resource kit tool sidmap.wsf to populate the following disabled domain user account's attributes in the Resource forest as follows:
a. msRTCSIP-OriginatorSID = objectSID of the User Forest User
msRTCSIP-OriginatorSID
This attribute is used in resource and central forest topologies to enable single sign-on when a user’s objectSID from the Windows NT principal account is copied into this attribute of the corresponding user or contact object in the resource or central forest. Communicator Web Access searches for a user in Active Directory using this attribute or the user’s objectSID. This attribute is marked for global catalog replication.
The objectSID attribute for the user account in the resource forest and the user forest retain their original and unique SID values.
Here’s the how to information on using the Office Communications Server Resource Kit tool sidmap.wsf
Microsoft Office Communications Server 2007
Populating the Required Attributes for Office Communications Server
http://technet.microsoft.com/en-us/library/bb663753.aspx
Our Microsoft Technet documentation mentions the use of other user object attributes, such as:
telephoneNumber
displayName
givenName
surname
physicalDeliverofficeName
l (city)
st (State)
Title
Company
Country
Mail (SMTP Address)
Except for the Mail attribute which is added at the creation of the user's mailbox, the use of all other attributes in the list above is arbitrary. However, they do add descriptive factors to the user account that will help distinguish the difference between to Office Communications Server enabled accounts when the Office Communicator user performs s a AD search for a contact using the Add Contact Wizard.
When a domain user in the Users forest performs a AD search using the Add Contact wizard the search will take place in the Resource forest and not in the users forest. Please remember since the domain user objects will reside in two separate forests achieving consistent active directory searches based on these attributes, will require that the domain user attributes in the Resource forest match the domain user attributes in each separate active directory Users forest.
Exchange 2003 does support the use of Resource forest. In Exchange 2003 this was called the Dedicated Exchange forest as noted in the linked Microsoft Technet article listed below.
Exchange Server 2003
Using a Dedicated Exchange Forest
http://technet.microsoft.com/en-us/library/aa997312(EXCHG.65).aspx
In this topology MIIS 2003 could have been used to provision user attributes to the manually disabled duplicate account in the Resource forest or these attribute values such as the msExchMasterAccountSid could have been manually mapped from the objectSID of the enabled sign on account in the User forest. The Dedicated Exchange forest topology does not use MIIS to synchronize Exchange information as it would in the Exchange 2003 Cross Forest topology where Exchange 2003 could be hosted in multiple forests.
I would like to say that deployments that are hosting this type of Exchange 2003 Resource forest / User forest topology are using a legacy deployment that was intended for just the Exchange 2003 Resource. They may want to add Office Communications Sever to their Resource forest though.
If so then all the prerequisites should already be in place
They will have to add Office Communications Server to their Resource Forest and then Office Communications Server enable the disabled user accounts in the Resource forest.
Next they would use the Office Communication Server Resource kit tool sidmap.wsf to populate the following disabled user account's attributes in the Resource forest as follows:
msRTCSIP-OriginatorSID = objectSID of the User Forest User
The msEXCHMasterAccountSID should already be populated with the correct SID information from the Exchange 2003 mailbox enabled account in the user forest. I have not tested this yet, but the resource kit information does not specify a required version of Exchange Server.
Mike Adkins P
posted
by
ocsteam |
15 Comments
Filed Under:
Setup amp; Deployment, OCS R2
Wednesday, October 28, 2009 3:41 PM
Check out the improved Downloads pages on the TechCenter
We've been working on the Downloads page on the Communications Server TechCenter! Check out the improvements:?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /
· Separate pages devoted to 2007 R2 Downloads and 2007 Downloads;
· Clearer categorization of available 2007 R2 downloads;
· And most importantly…more of the good stuff: More listings!
Find even more links than before to all the tools and resources that our team produces, including new links to Office Communications Server 2007 R2:
· Best Practices Analyzer (for both 2007 and 2007 R2 versions)
· Capacity Planning Tool
· Edge Planning Tool
· Planning Tool
· Resource Kit Tools (64-bit)
· Web Scheduler
…as well as links to:
· Agent Communications Panel for Microsoft Dynamics CRM 4.0
· Language packs for CWA, Response Group Service, and Speech
· Communicator Multilingual User Interface
· Management packs
· Communicator Mobile (for Pocket PC, Smartphone, and Java)
The new 2007 R2 page now also includes links to all downloadable, technical product documentation for 2007 R2, including:
· Collections of the full IT Pro library
· Pointers to the various topic-focused documentation downloads
· Pointers to the indices of the server, client, and end user documentation downloads
Let us know whether the new pages help you find what you need, or if there are additional resources that you cannot find there!
Adam Dudsic
Site Manager
posted
by
ocsteam |
5 Comments
Tuesday, October 20, 2009 11:47 AM
Speech Server (2007) runtime support on Windows Server 2008
We are pleased to announce that the Microsoft Office Communications Server 2007, Speech Server (a.k.a. Speech Server (2007)) runtime is now officially supported on Windows Server 2008, in addition to the originally supported Windows Server 2003 Platforms(listed at http://msdn.microsoft.com/en-us/library/bb813400.aspx).
Microsoft will support application deployments, Administrative tools and Data Processing Utilities like the MssLogToDatabase and MssLogToText tools. However Microsoft will not support installation and usage of the Development Tools that include Speech Server (2007) application development, call data analysis and grammar tuning running on Windows Server 2008. For those tools please refer back to the original list of supported Platforms for development at http://msdn.microsoft.com/en-us/library/bb662074.aspx.
To illustrate the above, the following screenshot shows the Speech Server (2007) components that are officially supported to run on Windows Server 2008. Please note that the installation wizard will not block you selecting the "Development Tools" option automatically, when you run the setup on the Windows Server 2008 operating system, so you will have to make sure that you do not select the Development Tools option during the installation process.
We expect that Windows Server 2008 support will benefit many customers who are deploying Windows Server 2008 today!
Microsoft is still investigating potential support for Windows Server 2008 R2 for Speech Server (2007). We will inform you via this blog in case we have more to announce on that topic. Till then customers are advised not to deploy Speech Server (2007) on Windows Server 2008 R2.
posted
by
ocsteam |
8 Comments
Filed Under:
Speech Server
Wednesday, October 14, 2009 9:26 AM
Urgent: Known issue under investigation with KB974571 and LCS/OCS
October 24 Update - The MS09-56: Vulnerabilities in CryptoAPI could allow spoofing article has been updated with a Known Issues section and FIX for the LCS and OCS product. That article is the authorized content as it requires the proper groups to coordinate and confirm the data published. We thank those of you who both reported this issue to us as well as helped blog/tweet to help reduce the number of customers deploying the patch until this issue is resolved. We also want to note that for future issues with security fixes should be reported through support in order to be properly tracked and escalated and that it will be the official communication vehicle. #160; lt;Deleting original text of blog message as it duplicates the information in the KB article gt; p
posted
by
ocsteam |
12 Comments
Friday, October 02, 2009 3:39 PM
Configuring XMPP Gateway with Jabber XCP 5.4
Hooray! Office Communications Server 2007 R2 XMPP Gateway Has Been Released?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /
This article walks you through setting up the XMPP Gateway and configuring it to work with Jabber XCP 5.4. For those who have been anticipating this release, I am happy to say, here it is, and it’s been worth the wait if you require Jabber or GMail connectivity.
You will be required to complete the following steps to successfully configure Office Communications Server 2007 R2 XMPP Gateway with Jabber XCP 5.4.
1.   DNS Configuration
2.   Office Communications Server Edge Configuration
3.   Office Communications Server XMPP Gateway Configuration
4.   Jabber XCP (s2s Configuration)
Environment Requirements
Enable your current environment to work with the new Office Communications Server 2007 R2 XMPP Gateway
Office Communications 2007 R2 Edge Server
Permissions to request a server certificate from a private or public certification authority.
Permissions to create DNS records in your internal Enterprise, as well as public DNS servers
Windows 2003 x64 or Windows 2008 x64 for your new XMPP Gateway
Jabber XCP 5.4
To help you visualize the environment, Figure 1 shows how you could implement the XMPP Gateway. This design will change depending on where your Jabber server is deployed in your environment. I am assuming that your Jabber server is deployed in your network perimeter.
?xml:namespace prefix = v ns = "urn:schemas-microsoft-com:vml" /
Figure 1   XMPP Topology
If you have firewalls in the network perimeter that will prohibit communication between your Edge Server and Jabber server, you must open TCP port 5269 in both directions for communication to be successful. 
DNS Configuration
Most of this configuration has already been done when deploying your Office Communications Server 2007 R2 pool and Edge Server. Therefore, I will just go over the recommended DNS SRV records and what records are required for the XMPP Gateway.
SRV record: _sipinternaltls._tcp.contoso.com
Host record: pool.contoso.com
Port number: 5061
SRV record: _sip._tls.contoso.com
Host record: edge.contoso.com
Port number: 443
SRV record: _sipfederationtls._tcp.contoso.com
 Host record: edge.contoso.com
Port number: 5061
The previous three records are the standard records used when deploying Office Communications Server for internal automatic configuration, external automatic configuration, and enhanced federation. To configure the XMPP Gateway requires the following additional DNS records.
SRV record: _xmpp-server._tcp.contoso.com
Host record: xmpp-gw.contoso.com
Port number: 5269
SRV record: _sipfederationtls.tcp.jabber.contoso.com
Host record: sip-xmpp.jabber.contoso.com
Port number: 5061
Let me try and explain these records in more detail. Only one record is required. The required record is _xmpp-server._tcp.contoso.com. This SRV record is used for TCP Dialback. 
The basic idea behind TCP Dialback is that a receiving server does not accept XMPP traffic from a sending server until it has “called back” the sending server. This is accomplished with the _xmpp-server SRV record.
 Think about it this way: When the Contoso XMPP Gateway attempts to connect to the Jabber server, it first needs to locate it. This is performed by resolving the DNS SRV record for _xmpp-server._tcp.jabber.contoso.com. DNS returns the A record associated with this SRV record, in this case, jabber.contoso.com. The XMPP Gateway then proceeds to connect the Jabber server who’s FQDN is jabber.contoso.com. Then the Jabber server must “call back” the XMPP Gateway by looking at the domain of the request, which in our example is contoso.com, and then performing a DNS lookup for the SRV record, _xmpp-server._tcp.contoso.com. This will resolve to the XMPP Gateway (xmpp interface) from where the request originated.
In Figure 2, you will find the same image as shown in Figure 1, but this time it shows the DNS SRV records. Only the _xmpp-server SRV records are required for TCP Dialback.
Figure 2   XMPP Topology with SRV Records
Office Communications 2007 R2 Edge Configuration 
Edge Server configuration is fairly simple. The process is the same as adding another federated partner.  You can use enhanced federation if you have the SRV records created for that domain. In our example, jabber.contoso.com, we will need a record of _sipfederationtls._tcp.jabber.contoso.com that points to the SIP interface of the XMPP Gateway. Again this can be done with manual configuration as well.
Figure 3   Edge Server Allow List
In Figure 3, I used manual configuration. The Edge Server must be able to resolve sip-xmpp.jabber.contoso.com to the SIP Interface of the XMPP Gateway. If you do not have any DNS in the network perimeter, you can add an entry in the local host file of the Edge Server for this record.
Example of local host file:
sip-xmpp.jabber.contoso.com            172.16.10.253
OCS XMPP Gateway Configuration
I am not going to walk you through the process of installing the XMPP Gateway. However, I will spend some time on how to configure the gateway. Install the XMPP Gateway on a Windows 2008 or Windows 2003 x64 workgroup server in the network perimeter. The XMPP Gateway requires only a single NIC (network interface card). Your SIP and XMPP interfaces can share a single IP address. You can use multiple IP addresses if you want to, but it is not required for the XMPP Gateway configuration.
Figure 4   XMPP Gateway Server IP Configuration
Configuring the XMPP Gateway IP address is different. This is done in a configuration file. Everything else we will do will be from the XMPP Gateway MMC. This configuration file can be located on the server running the XMPP Gateway, in the following directory.
I am using the IP address assigned to the XMPP Gateway in the TGWConsoleGUI.dll.config file for the SIP XMPP Interface:
“%ProgramFiles%\Microsoft Office Communications Server 2007 R2\XMPP Gateway\TGWConsoleGUI.dll.config”
Figure 5   XMPP Gateway IP Configuration File
There is one issue that you should watch out for: the DNS suffix of the server. The FQDN of the server should be the same as the certificate assigned to the SIP interface of the XMTP Gateway.
Figure 6   DNS Suffix
If you skip the step shown in Figure 6, you will see the following TLS failures between the Edge Server and the XMPP Gateway. 
TL_ERROR(TF_SECURITY) [0]085C.0AA4::08/24/2009-19:39:02.063.0000b52f (SIPStack,SIPAdminLog::WriteSecurityEvent:SIPAdminLog.cpp(413))$$begin_record LogType: security Text: Message cannot be routed because the peer's certificate does not contain a matching FQDN Result-Code: 0xc3e93d67 SIPPROXY_E_ROUTING_MSG_CERT_MISMATCH Connection-ID: 0x700 Peer-IP: 172.16.10.253:5061 Peer: sip-xmpp.jabber.contoso.com:5061 SIP-Start-Line: INFO sip:sip-xmpp:5061 SIP/2.0 SIP-Call-ID: 00783283efb94bd6bb9a4dcd80c5a2ba SIP-CSeq: 2 INFO Data: Peer certificate with name [sip-xmpp.jabber.contoso.com] does not contain any expected FQDN(s): sip-xmpp $$end_record
Here’s what happens:  When the XMTP Gateway responds with a 200 OK to our INVITE, it populates a Contact header of the XMPP Gateway FQDN. You will encounter two separate issues. First, you will be unable to resolve “sip-xmpp”. Second, if you can resolve the host name, you will see the above error, because the host name is not on the certificate assigned to the SIP interface.
Now that the DNS suffix is updated and IP addresses are assigned to the XMPP Gateway, we can move on to SIP configuration. Again, this can be done by using SRV records or manual configuration. 
Depending on DNS resolution, this might be easier to do with manual configuration and host files. The XMPP Gateway can support only a single SIP domain per server but is able to support multiple XMPP or Jabber domains. On the SIP configuration screen, you will specify the SIP domain and the Access Edge FQDN.
 
Figure 7   XMPP SIP Domains
The TLS certificate is fairly simple to set up. We will not be going through how to request a certificate, as we only need a server EKU certificate. This is an internal server, so you do not need to use a public certificate. After the certificate has been requested and installed on the XMPP Gateway, we can select the certificate that was installed on the TLS Certificate tab.
 
Figure 8   SIP TLS Certificate
Now that the SIP configuration is complete, we can move to the XMPP configuration. The first screen you will see is the Allow List. In most cases, you will not specify the server name and will use the SRV records we discussed and created above.
 
Figure 9   XMPP Allow List
We will now configure a domain for the allow list. Again, we are using TCP Dialback, there is not a password required, and the username is auto populated from the SIP domain that you configured in the previous steps. In my Jabber setup, I am not using TLS, but if you are, you will select the appropriate option for your configuration and assign a certificate to the XMPP interface on the TLS Certificate tab.
We will cover TLS configuration between XMPP Gateway and Jabber XCP 5.4 in another article.
Figure 10   XMPP Domain Configuration
Jabber XCP 5.4 Configuration
We have now configured the XMPP Gateway and Edge Server. The next steps are to configure the server to server (s2s) Jabber XCP 5.4 configuration. There are only two steps to configure. 
From the main Jabber XCP System Controller Page, we will concentrate on the Components section.  First, edit the Connection Manager and add the s2s component.
Figure 11   Jabber XCP Components
In Connection Manager, click Edit. Then, under Connection Manager Configuration, in the Add a new drop-down box, select S2S Command Processor, and then click Go.
Figure 12   Jabber XCP Connect Manager Configuration
On the S2S Command Processor Configuration screen, click Submit. No changes are required to this screen. The default configuration is correct for our example. Make note of the Processor ID for the next step. In my configuration, it is “cm-1_s2scp-1”.
Figure 13   Jabber XCP S2S Command Process Configuration
This returns you to the Connection Manager Configuration screen. Click Submit, and you are returned to the main XCP Main Controller page.
Figure 14   Jabber XCP Components – Save Changes
Click Apply, and then click Restart the System Link. After the system restarts, it will move to the last step. At this point, if you skip the next step, you can add Jabber contacts from the Office Communications Server clients. However, Jabber will be unable to see your presence or participate in any IM conversations. This next step is important to complete the setup. This is what allows the Jabber server to route connections to other servers.
Under the Components section, from the Add a new drop-down box, select Open Port, and then click Go.
Figure 15   Jabber XCP Components – Add OpenPort
You will be prompted to enter the Processor ID that was created during the s2s configuration.
Figure 16   Jabber XCP OpenPort – S2S Processor ID
On this page, you must change Configuration view to Intermediate before continuing. Then add * to Hostnames for this Component, and then click Submit.
Figure 17   Jabber XCP OpenPort Configuration
Again, click Apply, and then click Restart System Link on the Open Port component.
Figure 18   Jabber XCP Components – Save Changes
Adding Jabber Contacts
The last step is for users to add Jabber users to their Contact list in Office Communicator. Ensure that the Office Communicator users are configured for federation, as shown in Figure 19. Otherwise, Office Communicator users will not be able to communicate with external users.
Figure 19   User Configuration Federation
Geoff Clark, Sr. Support Engineer
posted
by
ocsteam |
12 Comments
Filed Under:
OCS R2, XMPP
Thursday, October 01, 2009 2:59 PM
Configuring XMPP Connectivity to Gmail
Important edit October 7- the original post stated Windows 2008 R2. This is incorrect we do not support that version at this time. The correct version should be Windows 2003 or Windows 2008.
Check out the following figure. That's no illusion-it's an Office Communicator user communicating with a Gmail user.
If you can't wait to try this, you have come to the right place. Before you start, ensure that the following requirements are met:
You organization has a properly configured Office Communications Server 2007 R2 environment.
There is a properly configured Edge Server in your Office Communications Server environment.
You have permissions to request a server certificate from a public or private CA.
You have permissions to create DNS SRV and A records on the Internet.
There is a server that is running Windows Server 2008 on which to install the XMPP Gateway in your network perimeter.
The rest of this article assumes that you have an environment running Office Communications Server 2007 R2 complete with an Edge Server (see requirements 1 and 2 in the previous list) that is configured to allow internal users to federate with external domains. You will have to request a certificate for your XMPP Gateway (requirement 3). For Gmail to locate your XMPP Gateway, you will have to create SRV and A records on your public facing DNS (requirement 4). To install the XMPP Gateway, you must have a separate server running Windows Server 2008 (requirement 5).
Figure 1 illustrates the topology of the configuration that you will be setting up. Because the XMPP Gateway connects directly to your Edge Server and the Gmail gateways on the Internet, it should be deployed in the network perimeter. Let's get started!
Figure 1 XMPP Topology
Configure Firewall Rules
To allow the Gmail gateway to communicate with your XMPP Gateway, you must open port 5269 on your external firewall and map incoming and outgoing TCP traffic on that port to your XMPP Gateway FQDN or IP address. Gmail uses port 5269. If you do not configure your firewall to allow incoming traffic on port 5269 to your XMPP Gateway, Gmail users will not be able to send instant messages to Office Communicator users.
Configure XMPP Gateway
Because your XMPP Gateway connects directly to your Edge Server and your Edge Server is located in your network perimeter, your XMPP Gateway also must be located in the network perimeter. It must be accessible to the Gmail gateway. This placement of your XMPP Gateway means that you will have to be mindful of the security implications and take appropriate action to secure your XMPP Gateway.
To configure the XMPP Gateway, do the following:
Set up a server that is running Windows Server 2008. Ensure that the latest security updates are installed. This computer will be referred to as the XMPP Gateway.
Install Office Communications Server 2007 R2 XMPP Gateway software.
Define the FQDNs to the XMPP Gateway.
Configure the domain name on the XMPP Gateway.
Request and install a server certificate in the computer's Personal store for the XMPP Gateway.
Create SRV record and A records for the XMPP Gateway on your public facing DNS server.
Configure the XMPP Gateway.
Step 1: Set Up a Server that Is Running Windows Server 2008
Microsoft requires that the XMPP Gateway be installed on a separate server. Unless you use a separate Active Directory in your network perimeter to manage the servers in your network perimeter, configure this Windows server in a stand-alone workgroup. Under no circumstance should this server be joined to your internal Active Directory domain.
Because this Windows server is in your network perimeter, ensure it is hardened against attack. Reduce the attack surface area by turning off unnecessary services and allowing incoming traffic to the XMPP Gateway only on ports 5061 (used by the Edge Server) and 5269 (used by the Gmail gateways).
Step 2: Install Office Communications Server 2007 R2 XMPP Gateway Software
This article does not cover the installation process in detail because this process is very simple. However, the following are two things to keep in mind:
First, your XMPP Gateway needs only a single network interface (NIC). When I think of a gateway, two NICs automatically come to mind. I had originally configured my Windows server to have two network interfaces, but it is not necessary. You can keep things less complicated by using a single NIC.
Second, after you complete the installation wizard, make sure that you specify the IP address of your network interface in the following file:
"%ProgramFiles%\Microsoft Office Communications Server 2007 R2\XMPP Gateway\TGWConsoleGUI.dll.config"
This is the configuration file used by the XMPP Gateway service. Because Setup does not prompt for this information during installation, it can be easily overlooked. The example shows the contents of the config file. Assuming your XMPP Gateway uses a single network interface, specify the server's IP address as the value for the SipIP and XmppIP fields.
lt;?xml version="1.0" standalone="yes"? gt;
lt;configuration gt;
lt;appSettings gt;
lt;add key= "cultureName" value = "en-US"/ gt;
lt;add key= "SipIP" value= "XXX.XXX.XXX.XXX"/ gt;
lt;add key= "XmppIP" value="XXX.XXX.XXX.XXX"/ gt;
lt;/appSettings gt;
lt;/configuration gt;
In our example, the XMPP Gateway's IP address, 192.168.1.20, is entered in the SipIP and XmppIP fields in the preceding example.
Step 3: Define the FQDNs to the XMPP Gateway
Define the FQDNs for the XMPP Gateway. I recommend using two FQDNs. One of the FQDNs is internal and is used by your Edge Server to connect to your XMPP Gateway. This internal FQDN is not exposed to the Internet and maps to the actual IP address of the XMPP Gateway. This FQDN is used by the Edge Server to validate the XMPP Gateway's server certificate when establishing an MTLS connection. In this example, the internal FQDN is called srv_xmpp.litwareinc.com.
The other FQDN is for external use by the Gmail gateways to locate your XMPP Gateway. This external FQDN is exposed to the Internet and maps to your firewall's public IP address, which you have configured to route TCP traffic for port 5269 to your XMPP Gateway. This external FQDN is called xmpp.litwareinc.com in our example.
You might be wondering why not use a single FQDN instead of two? And you're correct. You can use a single FQDN. If you use a single FQDN, you must use the public FQDN. In this configuration, the Edge Server connects to your XMPP Gateway through the public FQDN. This results in the traffic between your Edge Server and XMPP Gateway going across your external firewall. However, if your firewall does not allow loopbacks, the connection will fail.
Step 4: Configure the Domain Name on the XMPP Gateway
After you define an FQDN for your XMPP Gateway, you must configure the domain name portion of this FQDN on your XMPP Gateway. (This assumes that the server running the XMPP Gateway is configured in a stand-alone Workgroup).
In our example, the internal FQDN of the XMPP Gateway is srv_xmpp.litwareinc.com. The domain name portion of this FQDN is litwareinc.com. You must configure this value in the Primary DNS suffix of this computer field of the XMPP Gateway.
To do this:
Click Start, right-click Computer, and then click Properties.
Under Computer name, domain, and workgroup settings, click Change settings.
On the Computer name tab, click Change.
In the Computer Name/Domain Changes dialog box, click More as shown in Figure 2.
In the Primary DNS suffix of this computer field, enter the domain name.
Figure 2 Configuring computer's DNS suffix
Step 5: Request and Install a Server Certificate in the Computer's Personal Store for the XMPP Gateway
Your XMPP Gateway requires a server certificate to communicate with your Edge Server. This certificate with its corresponding private key must be installed in the local computer's Personal store.
Without a certificate, the authentication will fail and the MTLS connection will be refused. This can often be a source of frustration and can be caused by a variety of reasons such as an untrusted root CA or a mismatch between the XMPP Gateway's FQDN and the certificate's CN in the Subject Name field. If you run into issues, use the ocslogger.exe tool to help you troubleshoot. It's a great tool. If you run into problems, let us know and we'll produce an article on this topic.
Everyone has their favorite way of requesting certificates, so I will not cover all the ways this can be done. However, there are two things to keep in mind: First, make sure the Common Name (CN) of the certificate is identical to the internal FQDN that is assigned to the XMPP Gateway. Second, use at least 2048 encryption strength. For more information, a great resource about certificates for Office Communications Server is the Microsoft Office Communications Server 2007 R2 Documentation: OCS Deploying Certificates.
If your sole purpose for setting up an XMPP Gateway is to connect to Gmail, this certificate will be used only to authenticate to your Edge Server. In this case, you can use a certificate from your private CA. Make sure that your XMPP Gateway trusts the root of your Edge Server's certificate and vice versa.
Step 6: Create SRV and A records for the XMPP Gateway on Your Public Facing DNS Server
For this step, you must publish the external FQDN of your XMPP Gateway so that the Gmail gateways can locate your XMPP Gateway. Remember your XMPP Gateway's external FQDN should be mapped to your external firewall's IP address unless you expose your XMPP Gateway directly on the Internet (not recommended). In our example, the external firewall's IP address is 207.46.197.32.
After you name your XMPP Gateway's external FQDN (we picked xmpp.litwareinc.com for our example), you must create an A record in your public DNS to map this FQDN, lt;server name gt;. lt;domain gt;.com, to your external IP address. In our example, xmpp.litwareinc.com maps to 207.46.197.32.
In addition to creating this A record, you must create an SRV record in the following form:
_xmpp-server._tcp. lt;domain gt;.com
This is the service record locator that is used by Gmail gateways to discover the external FQDN of your XMPP Gateway. Figure 3 shows how to create this SRV record for Litware Inc.
Note The protocol must be set to _tcp, and the port number must be set to 5269. The domain name of both the A record and the SRV record must match your SIP domain.
If you own your own domain names and use godaddy.com, you might recognize Figure 3. The at sign (@) translates to your domain name. This is litwareinc.com in our example.
Figure 3 DNS SRV record for XMPP Gateway
Step 7: Configure the XMPP Gateway
The final step is to configure your XMPP Gateway to connect to your Edge Server and Gmail gateways. On the XMPP Gateway, under Administrative tools, open the Office Communications Server 2007 R2 XMPP Gateway console.
Select the SIP Configuration node (Figure 4). Configure the connection to the Edge Server first by doing the following:
On the Domain tab, specify your domain name in the Domain field. For our example, this is litwareinc.com.
Specify the FQDN of your Edge Server in the Host Name field. In our example, the Edge Server's external FQDN is srv.litwareinc.com. See Figure 4.
Figure 4 SIP Configuration of XMPP Gateway
For the Edge Server to trust your XMPP Gateway, you must configure the certificate that you requested in step 5. To do this:
In the Office Communications Server 2007 R2 XMPP Gateway console, click the TLS Certificate tab (Figure 5).
Click Select Certificate, and then select the certificate that you requested in step 5. If you are unable to find it, you installed the certificate in the wrong certificate store.
Note The certificate's common name must match the XMPP Gateway's FQDN as shown in Figure 5.
Figure 5 TLS Certificate Configuration of XMPP Gateway
3. After you finish the SIP configuration, click the Validate Connection tab to validate your configuration to the Edge Server.
Next, configure the connection to the Gmail gateways by doing the following:
In the left pane, click the XMPP Configuration node (Figure 6).
On the Allow List tab, click Add.
In the Federated XMPP Domain names dialog box, in the Domain Name field, enter gmail.com, and then select TCP Dialback (required) as shown in Figure 6. Click OK.
Figure 6 XMPP Configuration of XMPP Gateway
Because Gmail does not use any authentication or encryption (TLS), no certificate is required to be configured in the TLS Certificate tab. To validate your configuration, click the Validate Connection tab.
Configure the Edge Server
The configuration on the Edge Server is very simple. You just have to add an entry in the Allow list of the Edge Server by doing the following:
1. In the Computer Management console, right-click the Edge Server node, and then click Properties (Figure 7).
Figure 7 Edge Server Configuration
2. On the Allow tab, click Add, and then make the entry to the Allow list.
When you add a new federated partner to the Allow list, the Federated partner domain name must be set to gmail.com, and the Federated partner Access Edge Server field must be set to the internal FQDN of your XMPP Gateway. This instructs your Edge Server to route messages for the domain name, gmail.com, to your XMPP Gateway. Because you do not own the domain name, gmail.com, you must specify the next hop to direct traffic for gmail.com to your XMPP Gateway. The internal FQDN of the XMPP Gateway maps to the private IP address of your XMPP Gateway instead of its public address. If you specify the public FQDN of your XMPP Gateway, your Edge Server will connect to your XMPP Gateway through your external firewall.
If you host a DNS server in your network perimeter, you should create an A record to map the FQDN of your XMPP Gateway to the private IP address of your gateway. If you do not have a private DNS server in your network perimeter, you will have to add an entry in the local hosts file of your Edge Server. To edit the local hosts file, use local administrator's permissions. This hosts file is located in the %windir%\system32\drivers\etc\hosts directory. Use your favorite editor to add the following entry at the end of the file:
lt;private IP address of XMPP Gateway gt; lt;internal FQDN of XMPP Gateway gt;
In our example, this maps to the following entry:
192.168.1.20 srv_xmpp.litwareinc.com
Adding Gmail Contacts
The last step is for users to add Gmail users to their contact list in Office Communicator. Ensure that the Office Communicator users are configured for Federation (Figure 8); otherwise, Office Communicator users will not be able to communicate with external users.
Figure 8 User Configuration for Federation
Conclusion
Configuring your XMPP Gateway to connect to Gmail is pretty painless when you know what to do (of course). Hopefully, this article helped you get on the fast track to making this happen. I did not cover how to request the certificate for the XMPP Gateway in detail or how to troubleshoot connectivity issues. If you experience difficulties and would like help, leave DrRez a request on twitter.com.
Rui Maximo
posted
by
ocsteam |
18 Comments
Filed Under:
OCS R2, XMPP
Thursday, October 01, 2009 12:24 PM
New PIC Licensing and released XMPP Gateway
We are excited to announce changes to the Office Communications Server Public IM Connectivity (PIC) license that provides instant messaging and presence federation to the Windows Live, AOL and Yahoo! public IM networks. Starting October 1, 2009, the following licensing changes will be made: A PIC License will no longer be required for federation with American Online (AOL). #160; Customers qualify for federation with AOL if they have Office Communications Server 2007 R2 Standard CAL or active Software Assurance on their current LCS/OCS license. #160; Customers who want Yahoo! federation will continue to purchase PIC licenses. #160; The price of PIC will be reduced by 50%, effective October 1, 2009, to reflect this change. #160; We are also excited to announce the release of the OCS 2007 R2 XMPP Gateway (http://go.microsoft.com/fwlink/?LinkID=141529). The Gateway provides Presence and two-party IM interoperability with the XMPP based systems of Jabber and Google Talk. The Gateway interoperability has been tested against Jabber CXP Server version 5.4 and the current version of Google Talk. #160; The OCS 2007 R2 XMPP Gateway is supported by Microsoft Support This Gateway is licensed as Additional Software to OCS 2007 R2, meaning that there is no additional license cost associated with deploying the Gateway for OCS 2007 R2 licenses. For more details about these two great announcements you can read the Microsoft Press Pass article with Eric Swift, General Manager of the Unified Communications Group at http://www.microsoft.com/presspass/features/2009/oct09/10-01ucinterop.mspx #160; or in this Channel9 interview with the responsible Product Managers Ashima Singhal and Albert Kooiman http://channel9.msdn.com/posts/jccim/Instant-Messaging-Interoperability-extended-through-XMPP-Jabber/ #160; Recap of June Announcement: In June 2009, we announced a similar change for Windows Live and renamed the OCS PIC license. #160; The LCS PIC license was renamed to Office Communications Server Public IM Connectivity. #160; A PIC License is no longer required for federation with Windows Live. Customers qualify for federation with Windows Live if they have Office Communications Server 2007 R2 Standard CAL or active SA on their current LCS/OCS license. #160; With these changes, customers qualify for IM/P federation with Windows Live and AOL with the Office Communications Server 2007 R2 Standard CAL or OCS 2007/LCS 2005 SP1 Standard CAL with Software Assurance. #160; http://www.microsoft.com/communicationsserver/en/us/public-im-connectivity.aspx We are thrilled about growing the network of users for Office Communications Server. #160;
posted
by
ocsteam |
4 Comments
Filed Under:
PIC, OCS R2
Monday, September 28, 2009 8:42 AM
Updated - PowerShell Script for Retrieving IM from Archiving Database
Following the release of Office Communications Server 2007 Sasa Juratovic posted a PowerShell script #160; to retrieve user IM conversations form the archiving database. #160; (http://communicationsserverteam.com/archive/2008/01/14/69.aspx) With the release of Office Communications Server 2007 R2 there were changes in the archiving database schema allowing the text/html content type for storage of user instant messages. #160; This schema change caused the previous script to only report the first message in a conversation when reporting against an OCS R2 archiving database. #160; An updated script that will account for this additional content type that works for retrieving instant messages from both the OCS 2007 and OCS 2007 R2 archiving database schemas has been posted. The updated script can be found at: http://communicationsserverteam.com/files/555/download.aspx --Nick Smith MCS Senior Consultant
posted
by
ocsteam |
6 Comments
Filed Under:
Powershell, OCS R2
Wednesday, September 23, 2009 10:37 AM
Office Communicator 2007 Phone Edition (OCPE) call logs: 401 http errors
As we all know, in the world of computers we have a binary system. Either something works (1) or it does not (0). And as all of us really know, there is another state, that we all loath, "works sometimes" (1.5).
Recently I ran into a problem with my Office Communicator 2007 Phone Edition (OCPE aka Tanjay) running on Communicator Phone Edition R2, build 3.5.6907.31 with exact such a problem:
While everything else seemed to work without problems, the call logs (missed calls, incoming calls, outgoing calls, waiting voice messages) were only working sometimes. At random points of time - between 20 minutes and not at all - they were updated, however not instantly as they are supposed to (instantly means here, that it can take up to 3 minutes, because this is the poll interval).
We took the usual troubleshooting step, the Office Communicator 2007 Phone Edition (OCPE) logs and the server logs. On the Exchange CAS (Client Access Server), where the Office Communicator 2007 Phone Edition (OCPE) should retrieve the call logs from, we finally found something interesting: we saw there that the Office Communicator 2007 Phone Edition (OCPE) sent requests every 3 minutes and got 401 http errors instead of the call logs.
After some additional hours of troubleshooting and searching for errors, we finally decided to try the newest Office Communicator 2007 Phone Edition (OCPE) build - 3.5.6907.35. Now something wonderful happened: though not described in the knowledge base article for the hotfix (http://support.microsoft.com/default.aspx/kb/972398 ), call logs started to work.
What I have learned from this experience:
· Always use the latest updates (for Office Communicator 2007 Phone Edition (OCPE), the can be found here: http://www.microsoft.com/downloads/details.aspx?displaylang=en amp;FamilyID=565595be-6cf3-4a61-a1e4-12555749ca64 )
· Sometimes a hotfix might fix problems, even if they are not mentioned in the knowledgebase article.
Thomas Binder
posted
by
ocsteam |
4 Comments
Filed Under:
Phone Edition, OCS R2
Friday, September 18, 2009 3:37 PM
OCS 2007 R2 - 32 bit version of PreCallDiagnostic tool
The 32 bit version of the PreCallDiagnostic tool is complete and is now live on the Microsoft Download Center. #160; Customers can now access the download here: http://www.microsoft.com/downloads/details.aspx?FamilyID=f16ab4c2-353f-4c9b-b353-22a656c03c9b. #160; The 64 bit version of PCD shipped as part of the OCS 2007 R2 Resource Kit with Office Communications Server 2007 R2 RTM. #160; The 32 bit version has been pulled out and repackaged on its own in order to help our customers on 32 bit machines. #160; For those of you unfamiliar with the PreCallDiagnostic Tool: The PreCallDiagTool is an application that reports expected audio quality as it relates to the network effect. The tool should be installed on any desktop or laptop PC that suffers from inconsistent network connection quality. The PreCallDiagTool can provide a quick check of the current network conditions and also preserve a history of quality data to let users profile their network performance over time or other conditions. The tool is particularly useful for home/mobile users and users using WIFI access points.
posted
by
ocsteam |
9 Comments
Filed Under:
OCS Tools, OCS R2
Thursday, September 03, 2009 11:34 AM
Released: OCS 2007 R2 Deploying Certificates document
We have released a document that we believe many of you have wanted to see for quiet some time. One document that covers the certificate requirements for Office Communications Server 2007 R2. The OCS 2007 R2 Deploying Certificates.doc can be downloaded as part of the server documentation download page, url here: http://www.microsoft.com/downloads/details.aspx?displaylang=en amp;FamilyID=e9f86f96-aa09-4dca-9088-f64b4f01c703 #160; Here is the Summary for the document: In this document, you will learn about the properties and attributes of certificates when working with Office Communications Server 2007 and Office Communications Server 2007 R2. This document contains a walkthrough of most of the common, and some optional, tasks that you need to perform to realize the full value of the system. All roles that require certificates for deployment and operation are discussed. The properties are presented along with information to describe what they are and how they are used. This document shows you how to request the right certificate with the right parameters to make sure that you are delivering value to your users, rather than just troubleshooting problems. #160; Office Communications Server User Assistance Group
posted
by
ocsteam |
2 Comments
Filed Under:
Certificates, OCS R2
Tuesday, August 25, 2009 10:36 AM
No Missed Call Notification for RGS Calls
When a user is an agent of a Response Group, he will receives voice calls via the Response Group Service. Because calls are not originally targeted at this user in particular, no missed call notification will be generated. This behavior has been designed for two reasons: - If parallel routing is used, an agent, even willing to accept calls, may get a lot of such notifications, such making the "missed call notification" feature less useful. - It may be confusing for informal agents to receive such missed call notifications as their main activity is not to answer RGS calls. Note that conversation entries will be available for RGS calls. Stéphane Cavin
posted
by
ocsteam |
4 Comments
Filed Under:
OCS R2
Thursday, August 20, 2009 6:00 AM
Office Communications Server 2007 R2 - Web Scheduler Now Available for Download
The Office Communications Server 2007 R2 team is happy to announce release of the Web Scheduler as a web download. The Web Scheduler provides a basic scheduling experience. Some of the main features of the Web Scheduler are:
Authentication using Windows credentials
Schedule a Live Meeting or a Conference Call
Verify Names of Enterprise Invitees
Specify Meeting Access Type (Open/Closed/Anonymous), Time, Location, and Message to invitees
View List of Scheduled Conferences
Modify/Delete Scheduled Conferences
For Scheduled Live Meetings, choose between Computer Audio or any third party Audio Conferencing Provider
The Web Scheduler currently does not support scheduling a conference using the "assigned conference ID" (a.k.a. Reservationless Conference ID). Support for this feature is available in the Conferencing Add-in for Microsoft Office Outlook. Conferencing Add-in for Microsoft Office Outlook continues to be the supported client for scheduling Office Communications Server 2007 R2 conferences and offers a more robust and complete experience than the Web Scheduler. Support for the Web Scheduler will be on a best-effort basis in line with our Resource Kit policies.
Compared to the Conferencing Add-In for Microsoft Outlook, the Web Scheduler has the following limitations:
Web Scheduler does not support scheduling recurring conferences.
Web Scheduler lists only conferences that were organized by a specified user. It does not list all conferences that the user is invited to.
Web Scheduler is available only in English.
Meeting invitations that are generated by Web Scheduler meeting do not look the same as those that are generated by the Conferencing Add-In for Microsoft Outlook.
You can download the Web Scheduler from the following location: http://www.microsoft.com/downloads/details.aspx?FamilyID=6d6848ec-e7d6-41f4-82d9-5bed3526fcbd.
posted
by
ocsteam |
3 Comments
Filed Under:
OCS R2
Thursday, August 13, 2009 11:03 AM
Office Communications Server 2007 R2 Group Chat QFE and SDK Complete
More than 8 months in the making, we're pleased to announce that Group Chat QFE1 is released as has the Group Chat SDK. #160; This is a strategically important release, as it provides key features and performance enhancements that elevate OCS Group Chat to an enterprise grade product. #160; This is the culmination of many late nights, tens of thousands of lines of code, several hundred bug fixes, dozens of DCRs, and lots of fire drills. :) Key updates include: . Scale Improvements . Group Chat now supports up to 60,000 concurrent users . Server Resiliency . Support for High Availability and Disaster Recovery . Server Side SDK . Managed APIs to programmatically access all End User and Amin functionality . More integrated client experience . Co-existence with Communicator, including ability to use Group Chat as primary IM client . User colors . Support for custom end user colors . Client Extensibility [Add-in] . Ability to stitch business logic into the flow of chat rooms by serving up URLs inline using Add-in APIs. #160; Congratulations to the entire Group Chat team!
posted
by
ocsteam |
4 Comments
Filed Under:
OCS R2
Tuesday, August 11, 2009 10:00 PM
118 blogs for OCS/UC (and counting)
Looking for information on OCS or UC? The @DrRez Twitter team (http://twitter.com/DrRez) pulled this blog and forum list together and will grow and maintain it over time. If you know of a good blog that focuses on OCS or UC technologies, please leave us a pointer in the comments. They are presented in alphabetical order. We hope that this post will be helpful as you look to see what the community is doing with the technology. lt;Edit: Wednesday Aug 12, see bottom of post gt; (e)Mail Insecurity a new message has arrived A Single Point of Contact Aaron Tiensivu's Blog Active Directory Blog AllTop Screen for Unified Communications Am I Done? Anderson Patricio's Blog Ars Technica Bill amp; Greg's Most Excellent Adventure Brettjo :: Microsoft Exchange Messaging Byron Spurlock's Blog - LCS, OCS, amp; VOIP Insight Chief Architect's Corner Chris and Robin's Technology blog Chris Mayo's Blog - Unified Communications Development Communications and Technology Blog - Tehrani.com DigWin discussUC DMTF Doug Deitterick's Blog Dustin's Tech Notes Eileen's Technology Blog Elan Shudnow's Blog Events Hosted by UCVUG Exchange Genie Exchange: You Had Me at Ehlo Geoff Clark's Blog Glen's Exchange Dev Blog GotSpeech.NET GotUC.NET Greg Anthony Greg Galitzine's VoIP Authority Blog GreyConvergence Hannes Preishuber: On error resume next! Harold Wong's Blog Site Inside OCS Interop In the VoIP Net World Is this thing on? IT-Pro Knowledge James O'Neill's Blog James O'Neill's Blog Tagged OCS James' Space Jane Lewis's Weblog Jens Trier Rasmussen Jithendranath Reddy Jochen Kunert Joe Schurman- Microsoft Voice and UC Joey's space Joe Schurman - Vimeo Johann's Unified Communications Just Another IT Guy! Elan Shudnow's Blog Karsten Palmvig's Blog LCSKid leedesmond's blog Live Communications Server Support Michael's meanderings. Microsoft Unified Communications amp; RTC User Group Microsoft Unified Communications Virtual User Group (UCVSG) Microsoft UK UC Blog Mike Stacy's Blog Mino - The UC Guy Modality Systems msgoodies Network World: Windows Into Silicon Valley No Jitter Weblog Nortel Voice Security OCS Product Documentation Library OC Team blog OCS Exchange Integration Forums OCS Microsoft Case Studies OCSPedia.com OCS Team blog OCS: Capacity Planning amp; Performance Forum (recent threads) OCS: Certificates Forum (recent threads) OCS: Edge Servers Forum (recent threads) OCS: Logging amp; Archiving Forum (recent threads) OCS: Management amp; Dev Tools Forum (recent threads) OCS: Multipoint Control Units (MCU) Forum (recent threads) OCS: OCS Setup amp; Deployment Forum (recent threads) OCS: Security Forum (recent threads) OCS: SQL Database Forum (recent threads) OCS: Telephony Forum (recent threads) OCS: User Replicator amp; Address Book Forum (recent threads) Office Communications Server Team Blog Office Communicator Team Blog Paul's Down-Home Page Peter deHaas.net Petri IT Knowledge PointBridge PointBridge: Jeff Schertz: Posts PointBridge: Matt McGillen: Posts Pro Exchange Ram Ojha's Blog Rick Varvel: Microsoft UC Info OCS 2007 R2 Robbie Roberts Blog OCS, Exchange amp; Technology Rui Silva - UCSpotting Scott Oseychik Servus! Skype subject: exchange Technet Edge TelNet Networks: Spotlight on VoIP The Master Blog The OCS Guy's Blog The Three UC Amigos Tim McMichael Tin Cups and String: The Convergent Microsoft UC Blog UC related Bits - Steven van Houttum Under the Digital Cloud Unified Communications Unified Communications @Microsoft Unified Communications Development Unified Communications For All Unified Communications Group Team Blog Unified Me Unified Communications MindsharpBlogs gt; Russ Kaufmann Unify and Conquer Unify Square Blog Unplug the PBX Vladville Voice of VOIPSA VoIP amp; Gadgets Blog Waveformation DrRez Aug 12: Adding http://unifiedcommunications.nl/blog/ #160; http://unifiedcommunications.mindsharpblogs.com/RussK/default.aspx http://www.networkworld.com/community/blog/8631 http://jschurman.spaces.live.com/ http://www.vimeo.com/jschurman correcting the gotucnet url http://gotuc.net/blogs/gotuc/default.aspx Aug 25 Adding http://blogs.technet.com/greganth/
posted
by
ocsteam |
15 Comments
Thursday, July 16, 2009 10:51 AM
Simultaneous Ringing disabled for Response Group Service Calls
In this post we will explain why it’s important to not ring the user’s additional number for Response Group calls, and how that is accomplished.
The main goal of the Response Group Service is to route calls to individuals. Enabling simultaneous ringing means that a user has set his forwarding settings to ring an additional phone number. Doing so means there is a chance that the call can end up on a voice mail system (for example, the voice mail of the user’s cell phone). It would not make sense to have calls routed from a Response Group to someone’s voice mail. This is the reason why simultaneous ringing is not applied for Response Group calls.
Disabling simultaneous ringing is achieved by setting a special header in the SIP INVITE sent by the service to OCS. OCS will then interpret this header and not apply the forwarding settings of the user.
Note : this also means that all of the user’s call-forwarding settings are not applied. The different forwarding settings can be seen in Figure 1.
Figure 1 Call-Forwarding Settings Dialog
If one of the following is selected:
Ring me and my team-call group Forward to voice mail, a number, or a contact Ring me and my delegates Ring my delegates only OCS won’t honor it for Response Group calls. This means the following :
In case the option "Ring my delegates only" is selected, the user (or their delegates) will never receive any Response Group calls. The "Ring for this many seconds before redirecting" option is ignored. The call will ring as long as configured in the Response Group agent group settings (Agent alert time, see Figure 2.).
Figure 2 Response Group Service - Group's Properties
Stéphane Cavin
posted
by
ocsteam |
6 Comments
Filed Under:
OCS R2
Wednesday, July 01, 2009 7:56 AM
Changes in Office Communications Server Public IM Federation
Federation is an important goal for the Office Communications Server team and we are excited to announce several changes to public IM federation between Office Communications Server and public IM networks, effective July 1, 2009:
· The Live Communications Sever Public IM Connectivity (LCS PIC) license will be renamed Office Communications Server Public IM Connectivity (OCS PIC) license.
· Customers with Office Communications Server 2007 R2 Standard CAL or Office Communications Server 2007/Live Communications Server 2005 SP1 Standard CAL with Software Assurance will no longer require an additional license to federate with Windows Live. (A license will still be required for federation with AOL amp; Yahoo!.)
· With Windows Live federation, customers are able to add Windows Live contacts to their Office Communicator contact list, view presence and send and receive instant messages.
We will continue to work with our partners to enable more options that allow you to communicate seamlessly with customers, partners, friends and family on different networks. For more information on public IM connectivity with Office Communications Server, please go to http://www.microsoft.com/communicationsserver/en/us/public-im-connectivity.aspx
Update July 6, 2010 - In the time since this blog was posted, the content in the link above has been updated to reflect changes for AOL licensing as well.
Unified Communications Group
posted
by
ocsteam |
5 Comments
Wednesday, June 10, 2009 6:22 PM
Updates available for expiration date issue with the evaluation editions of Office Communications Server (OCS) 2007 R2 and Office Communicator (OC) 2007 R2
Microsoft has just released the following Knowledge Base articles (KB972041, KB972042) to address the incorrect calculations of license expiration dates for Office Communications Server (OCS) 2007 R2 and Office Communicator (OC) 2007 R2 Evaluation Edition. The current expiration dates were calculated based on build time, causing the OCS 2007 R2 and OC 2007 R2 Evaluation Edition to expire after June 13, 2009. #160; Microsoft has issued the fixes below to correct the issues. By applying this fix, the expiration date will be updated to one hundred eighty (180) days after the initial installation of OCS R2 or OC R2 Evaluation Edition, as stated in the license terms for these applications. #160; Microsoft encourages its customers to apply necessary updates in their evaluation environment to take full advantage of the evaluation period. #160; To get the updates packages, please go to: Office Communications Server 2007 R2 Office Communicator 2007 R2 Or to get your new evaluation edition, please go to: Office Communications Server 2007 R2 Eval Office Communicator 2007 R2 Eval
posted
by
ocsteam |
4 Comments
Monday, June 08, 2009 3:10 PM
Installing Communicator Mobile (COMO) on Windows Mobile 6.0 /6.1
You Can Download Microsoft Office Communicator Mobile 2007 R2 from the following Link - http://www.microsoft.com/downloads/details.aspx?familyid=BC08CDB7-98E9-47E5-AA63-EB17C2CE4592 amp;displaylang=en (CommunicatorMobile.PPC.msi) or?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /
http://www.microsoft.com/downloads/details.aspx?familyid=93062936-F216-4D97-AA13-105A20454322 amp;displaylang=en (CommunicatorMobile.SP.msi Form Link)
As per the Article (Installing Communicator Mobile for Windows Mobile from a Storage Card Link http://technet.microsoft.com/en-us/library/dd425083(office.13).aspx) you need to have a .CAB file, by default only .MSI is downloadable from the Microsoft Website.
You can install the Communicator Client via ActiveSync Installing Communicator Mobile Using ActiveSync 4.5 Ref Link http://technet.microsoft.com/en-us/library/dd425350(office.13).aspx. You can use CommunicatorMobile.MSI file to install CommunicatorMobile on the Windows Mobile.
However if you would Try to install ActiveSync on the Vista Machine you will getting following error:
?xml:namespace prefix = v ns = "urn:schemas-microsoft-com:vml" /
The only option you are left with is to install the CommunicatorMobile via Cab file. Since there is no direct .cab download for CommunicatorMobile following is the workaround.
Workaround
1. Create a Folder name COMO on the C:\ Drive
2. Download .MSI in the COMO Folder.
3. Open Command Prompt, and Change folder to C:\Como.
4. Run the Following Command.
msiexec /a CommunicatorMobile.msi
5. It will Open Following Wizard..
SPAN
Choose Next Twice and Click Finish.
Go to Path (C:\COMO\COMO\BuiltIn\Microsoft Office Communicator Mobile\Setup), you will find .cab file. Now Browse the Location on you Mobile and install the CommunicatorMobile on Windows Mobile Device.
While Installing you may encounter following Error. Ref Screen Shot (Installation of Communicator.Sp.cab was unsuccessful. The installation file is not intended for the device)
Reason:
From the Microsoft Web Site we can download two .MSI file for Communicator Mobile
1. CommunicatorMobile.SP.msi
2. CommunicatorMobile.PPC.msi
CommunicatorMobile.SP.msi: To install Communicator Mobile on Smart Phone
CommunicatorMobile.PPC.msi: To install Communicator Mobile on Pocket PC
We are getting this error because we are using .MSI file intended for Smart Phone on Pocket PC or vice versa.
Manjeet GargP
posted
by
ocsteam |
6 Comments
Friday, June 05, 2009 8:19 AM
Reverse Number Lookup and Dealing with Legacy PBX
One of our consultants in the UK, Paul Brombley did a write up on a deployment and how they dealt with Reverse Number Lookup for a legacy PBX. He also presented to the team of consultants assisting with customer and partner deployments of R2. http://blogs.technet.com/msukucc/archive/2009/05/21/reverse-number-lookup-and-dealing-with-legacy-pbx.aspx OCS Team
posted
by
ocsteam |
3 Comments
Thursday, June 04, 2009 9:45 AM
Vista SP1 (or SP2) DSCP settings for QoS OC 2007 R2
In order to mark Audio and Video packets for DSCP in OC 2007 R2 – the following steps has to be performed on Vista SP1 and SP2 PCs: 1) #160; #160; #160; Create and update the following key : (32 bit DWORD set to) #160; a. #160; #160; #160; HKEY_LOCAL_MACHINE\Software\Microsoft\RTC\Transport\QoSEnabled b. #160; #160; #160; Set 32 bit Dword to 1 to enable c. #160; #160; #160; Reboot PC – (this will not take effect until rebooted) #160; After the reboot, RTP Media will be marked with the following default values: (which can be changed) 1) #160; #160; #160; Audio calls will be marked with DSCP 40 2) #160; #160; #160; Video will be marked with DSCP 24 These default values can be changed by going to Group Policy and changing the default value show below: Setting SIP TLS packets for specific DSCP markings For customers who also want signaling (SIP TLS) to be marked with unique DSCP values - a group policy will have to be created. (see following steps) 1) #160; #160; #160; Under Group Management Editor – Create New Policy 2) #160; #160; #160; Set Policy Name DSCP value for SIP signaling. #160; We will use DSCP 40 for SIP signaling per RFC 4504. 3) #160; #160; #160; Next add exact program path and name: (c:\Program Files\Microsoft Office Communicator\communicator.exe) #160; 4) #160; #160; #160; Next all (i.e any) IPs will be used as the filter 5) #160; #160; #160; Next select TCP 5061 as the destination port. #160; (SIP TLS uses TCP 5061) #160; #160; 6) #160; #160; #160; Click finish and you are done! #160; This insight into Office Communications Server 2007 R2 was created as part of Martin Isaksen’s #160; participation in the Microsoft Certified Master program. #160; #160; The Microsoft Certified Master Program: The Microsoft Certified Master: Microsoft Office Communications Server 2007 program provides the most in-depth and comprehensive training available today for Office Communications Server 2007. This three-week training program is delivered by recognized experts from Microsoft and Microsoft partner organizations. p
posted
by
ocsteam |
4 Comments
Tuesday, June 02, 2009 11:45 AM
Silverlight Videos of Partner Applications
Learn about new partner applications built on Microsoft Office Communications Server 2007. The Silverlight player features 3 partner applications:?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /
· Schlumberger’s extension of Petrel, a software program for exploration geophysics, with rich collaboration features including presence, IM, audio/video conferencing and application sharing
· POST cti’s Live-PA , a virtual personal-assistant that records calls and takes audio notes, without the need for client machine software and hardware recording equipment. The software operates as a hosted service in the “cloud” or on-premise within the enterprise.
· Aspect’s integration of Active Directory, Exchange and OCS 2007 its call center application to improve companies’ customer service and sales and collections results while reducing costs.
UC Partner Marketing
posted
by
ocsteam |
2 Comments
Filed Under:
OCS R2
Thursday, May 28, 2009 10:30 AM
Help Us Understand Unified Communications Custom Development
There are tens of thousands of people out there developing applications on the Microsoft unified communications developer platform, yet there is little that Microsoft knows about this developer community.?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /
For example, what applications have been developed, what other communications tools besides Microsoft’s Unified Communications, like Microsoft Office Communications Server, Microsoft Office Communicator and Microsoft Exchange have been using, and most importantly, what Microsoft could do to better help the community?
In order to get a better insights Microsoft engaged with Frost and Sullivan, an independent third party, to conduct a Unified Communications Developer survey.
If you are a developer of unified communications applications such as OCS and Communicator, please spare us 15 minutes and fill out this survey:
http://www.globaltestmarket.com/survey/s.phtml?sn=134581 amp;lang=E amp;secid=9f8cbb
When you click the link you will be directed to a secured site hosted by Frost and Sullivan that will allow you to fill out the survey. Please be sure to enable cookies.
Based on the data collected in the survey, we hope to develop a set of activities to provide better assistance to you in building great enterprise solutions on the Microsoft Unified Communications platform. We will keep you posted on such activities via this blog.
NOTE: Frost and Sullivan will keep your individual responses confidential and anonymous.
Thanks for your time!
Albert Kooiman
posted
by
ocsteam |
3 Comments
Filed Under:
Team Bio's
Wednesday, May 13, 2009 8:31 AM
Q amp;A:Virtualization Support for Office Communications Server 2007 R2
Please forgive the posting of the Q A information. While there was nothing confidential it was prepared for discussions with customers.
For additional information regarding virtualization support for Office Communications Server 2007 R2, please contact your local account team.
posted
by
ocsteam |
2 Comments
Filed Under:
OCS, OCS R2
Wednesday, May 13, 2009 8:30 AM
Office Communications Server 2007 R2 Virtualization
We are pleased to announce official support for server virtualization for Office Communications Server 2007 R2.
We are introducing support for both a fully distributed virtualized topology across several hypervisors and for a single server virtualized topology. These topologies are supported on Windows Server 2008 Hyper-V and any Server Virtualization Validation Program (SVVP) certified partner solution (http://www.windowsservercatalog.com/svvp.aspx?svvppage=svvp.htm).
Presence, Instant Messaging (including remote access, federation, and Public IM Connectivity) and Group Chat workloads are supported. The following server roles can be deployed:
· Front-End Servers
· Back-End SQL Server 2008 64 bits
· Group Chat Channel Servers
· Group Chat Compliance Servers
· Edge Access Servers
The virtual machines must be running on Windows Server 2008 64 bits. Archiving Server and Monitoring Server (CDR Only) can be connected to a virtualized Enterprise pool, but they must run on a physical server.
The fully virtualized distributed topology has been tested to handle up to 40,000 users, including 10,000 group chat users.
Virtualization of the other workloads is not supported because of possible quality issues with real-time media. Specifically, voice, video, live meeting and desktop sharing workloads cannot be part of the virtualized deployment. Therefore audio/video/web conferencing servers, audio/video/web edge conferencing servers, dial-in conferencing, Communicator Web Access, enterprise voice, or Remote Call Control may not be deployed as part of the virtualized pool. If any one of these workloads is required, a new pool with physical servers must be deployed for those users. For more information about support for client virtualization technologies, please refer to the official support statement at: http://support.microsoft.com/kb/951152.
In order to plan both their physical and virtualized topologies, customers can use Microsoft® Office Communications Server 2007 R2 Capacity Planning Tool, which can simulate user load for the available workloads. This will help customers validating the hypervisor load and scalability before going to production.
Along with this announcement, a whitepaper detailing the tested architecture, performance, use of the Capacity Planning Tool, and a methodology to select a successful architecture can be found at: http://www.microsoft.com/downloads/details.aspx?FamilyID=0a45d921-3b48-44e4-b42b-19704a2b81b0
Jerome BerniereMay 15 edit: We forgot to recognize a key partner in bringing this solution to you. This testing was completed at the Microsoft Enterprise Engineering Center (EEC). For more information about the EEC visit http://www.microsoft.com/eec or http://blogs.technet.com/eec
posted
by
ocsteam |
10 Comments
Filed Under:
OCS R2
Monday, May 11, 2009 1:22 PM
High vs. Low Fidelity Subscription
Problem Description ?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /
Microsoft Communicator Mobile Edition 2007 R2 has introduced number of performance improvements over its predecessor related to battery power consumption and over the air bandwidth savings. In the following blog post, we’ll look at the concept of low vs. high fidelity subscription and how it helps in saving battery power in mobile devices and saving over the air traffic.
Let’s first look at the problem with traditional event subscription model. Typically, clients subscribe to an ad hoc list of contacts (buddy list) presence information at the server with non-zero expiration value. The message body of a SIP SUBSCRIBE message lists all the contacts user is subscribing to for their presence information. It conveys to the server that client is interesting in keeping up to date with the real time presence state updates of buddies. Whenever a contact’s presence state change is detected as a result of any part of user’s presence state (user devices’ machine state, calendar state, phone state, or user’s manual state) change publication, all the subscribing users get notified of the updated presence state. Essentially, it generates a notification stream from the server to the client, where every SIP NOTIFY message has to be processed by the client and acknowledged by a SIP 200 OK response. SPAN
P
The Communicator Mobile Edition 2007 RTM followed Office Communicator 2007 RTM/R2 running on laptop/desktop logic of subscribing to the full contact list at start up (of course not subscribing to unexpanded distribution groups in a contact list). The following scenarios prompted to look at possible improvements.
· Communicator mobile edition runs on devices with small screens where hardly 10 or less contacts of a user’s long buddy list are visible at an instance
· Over the air bandwidth is costly, especially when users are roaming in a GPRS network, thus notification stream wastes a lot of bandwidth
· When back light goes off (Windows Mobile devices going into idle state), receiving every single NOTIFY causes device wake up, processing of notification, and then going back to sleep again, while user is not really paying attention to the update. It drains much needed battery power at a faster rate
Solution
It’s evident that a better subscription model is needed to fully optimize battery power and bandwidth usage. Communicator Mobile edition 2007 R2 introduced the concept of low vs. high fidelity subscriptions as described below.
· Low fidelity subscription refers to performing a fetch/pull subscription, where a contact’s presence state is pulled from the server on an as needed basis. It doesn’t create a long lived subscription on the server, where server keeps on notifying client with an updated state. In a SIP SUBSCRIBE message a pull or fetch subscription carries an Expires value of 0. In this mode, client keep on pulling every 5 minutes, thus potentially a presence state could become stale up to 5 minutes
· High fidelity subscription refers to a persistent subscription on the server, where a contact’s presence state is continuously synchronized at the client by server sending updated notification whenever contact state is updated. Before expiration of subscription, if user is still logged in, these subscriptions are refreshed with new expiration time
The Communicator Mobile Edition 2007 R2 performs usually low fidelity subscription in most of the scenarios. For example, low fidelity subscription happens for only the visible contacts on the buddy list. To account for a scrolling down/up of a rich buddy list viewing experience, it also subscribes to 3 contacts above and below the currently viewed contacts in the buddy list window. Therefore, it avoids subscribing to a complete buddy list of a user for no good reason and end up wasting bandwidth over the air and processing power on the client.
There’re following scenarios where still high fidelity subscriptions are performed to provide a rich user experience in the Communicator Mobile 2007 R2 client.
· When a user tags a contact, it creates a high fidelity subscription. Thus, user gets a notification whenever tagged contact becomes available, hence providing real time presence information for tagged contacts
· When a user opens a contact card of a contact, it again performs high fidelity subscription
· When a user is in an active conversation with other user(s)
Thus, in above scenarios it makes perfect sense to perform high fidelity subscription for real time presence updates.
When the device goes idle (back light goes off) and user is still signed in to Communicator Mobile Edition 2007 R2, it further optimizes by suspending both low and high fidelity subscriptions, where:
· Client stops fetching/pulling presence state every 5 minutes for low fidelity subscriptions
· All high fidelity subscriptions are terminated at the server, therefore server doesn’t keep on sending updated notifications. Only exception is the tagged subscription, which still receives updated notifications to keep user informed of tagged contact’s availability
Therefore, Communicator Mobile Edition 2007 R2 provides rich user experience at the same time consumes much less battery power and over the air bandwidth.
This insight into Office Communications Server 2007 R2 was created as part of Mohammed Vakil’s participation in the Microsoft Certified Master program.
The Microsoft Certified Master Program: The Microsoft Certified Master: Microsoft Office Communications Server 2007 program provides the most in-depth and comprehensive training available today for Office Communications Server 2007. This three-week training program is delivered by recognized experts from Microsoft and Microsoft partner organizations.
posted
by
ocsteam |
3 Comments
Filed Under:
Microsoft Certified Master
Wednesday, May 06, 2009 9:09 AM
DrRez on Twitter
DrRez on Twitter is the micro-blogging voice of the Microsoft Insider team (programmers, writers, and field consultants) that produced Microsoft Office Communications Server 2007 R2 Resource Kit and Programming for Unified Communications Using Office Communications Server 2007 R2. DrRez aims to build and support the OCS community on Twitter by evangelizing and broadcasting the latest Office Communications Server information and solutions. DrRez
posted
by
ocsteam |
4 Comments
Filed Under:
OCS, OCS R2
Monday, May 04, 2009 10:10 AM
April 2009 Updates for OCS 2007 R2
April provided a substantial number of updates for the R2 server roles and the first place to start is with this KB - http://support.microsoft.com/kb/968802. The plan of record is to have these available on Microsoft Update during the week of May 12. ?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /
UC-RTC Sustained Engineering
posted
by
ocsteam |
3 Comments
Filed Under:
OCS R2
Tuesday, April 28, 2009 3:55 PM
Audio Conferencing in OCS 2007 R2 CWA
There is a new capability in R2 CWA to initiate or join an audio conference. Here’s how it works.?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /
Vivian is logged onto CWA as a remote user. Amy and Hao are on her buddy list – they’re both logged onto Communicator either inside or outside the corporation:
?xml:namespace prefix = v ns = "urn:schemas-microsoft-com:vml" /
Vivian begins with an IM to Amy:
In the resulting IM dialog Vivian has an audio conference option above her presence icon which she now uses to initiate a call. Vivian is using this IM session to add audio, but alternately she could do this via an existing CWA RDP application sharing session:
To join the conference Vivian can choose her published work number or she can type in another phone number. If Vivian enters another phone number, OCS will normalize it according to her location profile and if it maps to a PBX or PSTN user it will dial out to her via the mediation server. If Vivian is also logged on to Tanjay or OC via MPOP she can take the call that way but she must enter a number to initiate the call.
CWA uses the dial out capabilities of the AVMCU to setup this call so it is a little different from a peer-to-peer call. Vivian selects her work number and the AVMCU calls her work phone (‘Conferencing service is calling you …’):
Vivian’s phone rings and OCS sets up a media stream from the AVMCU to Vivian’s work number. If this was a PSTN or PBX number the media would flow through the mediation server. Signaling or control messages for the conference are sent to CWA from Vivian’s front end server where the conference is hosted. CWA converts the SIP signaling into HTTP which is delivered to the browser. Logging on the front end shows shows the conference being setup through the Centralized Conferencing Control Protocol or C3P (‘CONTENT-TYPE: application/cccp+xml’). Specifically we see C3P commands to add a conference and then add Vivian as a user on the AVMCU. The Focus is the conferencing element on the front end server that handles conferencing setup and maintenance – below we see the C3P AddUser command issued to the Focus:
The highlighted items in the trace show in order from the top the conference ID the focus will reference for the duration of this conference – note this will be the same ID for any associated IM (IMMCU) or application sharing (RDPMCU) in this conference. The user-agent tag shows CWA is initiating this dialog, the application/cccp+xml indicates the payload of this SIP INVITE is C3P commands over XML and finally we see the lt;addUser gt; command in the XML body.
Next we see the Focus initiating a call to Vivian at +14255032002:
Vivian now has the first leg of her conference call established so next the Focus initiates a dial-out to Amy:
This invite is to Amy’s sip: URI not a tel: URI. If Amy was also logged in via CWA she could choose to divert the incoming audio invite to a phone number. In this case, Amy is signed onto Communicator and takes the call from her PC:
Vivian and Amy are now on the audio conference together and note Vivian as the conference leader has capabilities to eject Amy from the conference or promote her to leader:
On the CWA server you can also see notifications going through from the Front End and out to Vivian for roster updates; this one is adding Amy as a connected attendee on her roster:
Amy and Vivian’s presence now show ‘In a conference’ since we are making this call happen via conferencing rather than peer-to-peer calling.
It’s easy for Vivian to invite someone else into the conference, here she adds Hao simply by picking him from her buddy list via the Invite control:
Now Vivian, Amy and Hao are on a conference call with both audio/video and IM MCUs servicing the conference. If Vivian or Amy wanted to add application sharing they could easily do this via the application sharing control adjacent to the audio conferencing control.
If you want to take a look at how this works in your environment, use OCS Logger to look at the CWA components on your CWA server as well as the MCUInfra, MCUFactory, SIPStack and S4 components on your Front End server.
This insight into Office Communications Server 2007 R2 was created as part of Andrew Sniderman participation in the Microsoft Certified Master program.
The Microsoft Certified Master Program: The Microsoft Certified Master: Microsoft Office Communications Server 2007 program provides the most in-depth and comprehensive training available today for Office Communications Server 2007. This three-week training program is delivered by recognized experts from Microsoft and Microsoft partner organizations.
posted
by
ocsteam |
4 Comments
Filed Under:
Microsoft Certified Master
Wednesday, April 22, 2009 6:00 PM
How Communicator Uses SDP and ICE To Establish a Media Channel
?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /
This article describes the steps taken by Office Communicator to establish a Communicator call between an OC client sitting on a typical home network, connected to the Internet using a NAT router and another OC client placed on the company's internal network. The user initiating the call will be Alice and the data and logs are collected from Alice's computer.
The main problem when establishing a media connection (audio or video) between Alice and Bob is finding a way media can travel through the intermediate network, without being blocked. This is where SDP, ICE, STUN and TURN come into the picture.P
SDP
Office Communicator uses SDP (Session Description Protocol) to provide initialization parameters for the media stream in an audio or audio/video session. It is a proposed standard published by IETF in several RFCs (e.g. RFC 4566) and completely based on ASCII, which makes it easy to read.
Although SDP helps initializing media flow between two entities, every client is only describing its own view of the connection. If you ever wondered, what side of the media stream the advertised IP addresses in the SDP blob belong to, remember SDP as the "Self Description Protocol".
ICE
The Interactive Connectivity Establishment (ICE) Extensions protocol is used to establish media flow between two endpoints. In typical deployments, NATs or firewalls might exist between the two endpoints that are intended to communicate. NATs and firewalls are deployed to provide private address space and to "secure" the private networks to which the endpoints belong. This type of deployment blocks incoming traffic. If the endpoint advertises its local interface address, the remote endpoint might not be able to reach it. Advertising the address exposed by the NAT or firewall is not as straightforward, because the endpoints would first need to determine the external routable mapping address created by the NAT (NAT-mapped address) for its local interface address. Moreover, NATs and firewalls exhibit differint behavior in the way they create the NAT-mapped addresses. Section 5 of [IETFDRAFT-STUN-02] provides an overview of NAT types.
ICE provides a mechanism to assist media in traversing NATs without requiring the endpoints to be aware of their network topologies. ICE assists by identifying one or more transport addresses, which the two endpoints can potentially use to communicate and ICE determines which transport address is best for both endpoints to use for their media session.
Provisioning Process During OC Sign-in
Before going into the details of call establishment, I want to explain what is happening during the sign-in of Office Communicator, regarding provisioning of OC with A/V Edge server names and credentials. Here is a brief overview of what is happening on the SIP channel, while starting a Communicator sign-in:
After successfully registering, the OC client asks for in-band provisioning information. This is done in a SIP SUBSCRIBE transaction, asking for Content-Type "application/vnd-microsoft-roaming-provisioning-v2+xml" and requesting "ServerConfiguration".
SIP SUBSCRIBE for Content-Type:application/vnd-microsoft-roaming-provisioning-v2+xml
lt;provisioningGroupList gt;
lt;provisioningGroup name="ServerConfiguration"/ gt;
...
lt;/provisioningGroupList
The OCS Frontend server returns the requested server configuration in a big XML blob. The interesting information for us gets enclosed in the "mrasUri" tag:
SIP 200 OK
lt;provisionGroupList gt;
lt;provisionGroup name="ServerConfiguration" gt;
lt;mrasUri gt; sip:avauthentication.contoso.com@contoso.com;gruu;opaque=srvr:MRAS:2jRa2f1gbU lt;/mrasUri gt;
...
lt;/provisionGroup gt;
...
lt;/provisionGroupList gt;
The GRUU in the mrasUri field provides the necessary information on where we can obtain our credentials for the A/V Edge server service. Asking for our credentials is the next step in the provisioning process. You might notice, that Alice requests credentials that are valid for 480 minutes and provide information that she is located on the external network:
SIP SERVICE avauthentication.contoso.com@contoso.com;gruu;opaque=srvr:MRAS:2jRa2f1gbU
lt;request requestID="128584360" version="2.0" to="sip:avauthentication.contoso.com@contoso.com;gruu;opaque=srvr:MRAS:2jRa2f1gbU" from="sip:alice@contoso.com" gt;
lt;credentialsRequest credentialsRequestID="128584360" gt;
lt;identity gt;sip:alice@contoso.com lt;/identity gt;
lt;location gt;internet lt;/location gt;
lt;duration gt;480 lt;/duration gt;
lt;/credentialsRequest gt;
lt;/request gt;
In return, the client gets all necessary information to connect and authenticate against the A/V Edge server for later usage:
SIP 200 OK
lt;response xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" requestID="128584360" version="2.0" serverVersion="2.0" to="sip:avauthentication.contoso.com@contoso.com;gruu;opaque=srvr:MRAS:2jRa2f1gbU" from="sip:alice@contoso.com" reasonPhrase="OK" xmlns="http://schemas.microsoft.com/2006/09/sip/mrasp" gt;
lt;credentialsResponse credentialsRequestID="128584360" gt;
lt;credentials gt;
lt;username gt;AgAAJAFTru4ByZVFx9H5de8Za9IwTrB= lt;/username gt;
lt;password gt;I+hdiU3UffKdZVxy85tHmkTrx1g= lt;/password gt;
lt;duration gt;480 lt;/duration gt;
lt;/credentials gt;
lt;mediaRelayList gt;
lt;mediaRelay gt;
lt;location gt;internet lt;/location gt;
lt;hostName gt;avext.contoso.com lt;/hostName gt;
lt;udpPort gt;3478 lt;/udpPort gt;
lt;tcpPort gt;443 lt;/tcpPort gt;
lt;/mediaRelay gt;
lt;/mediaRelayList gt;
lt;/credentialsResponse gt;
lt;/response gt;
Starting a PC2PC Call by obtaining the Candidate List
When Alice initiates the Communicator call to Bob, before sending out any SIP INVITE, OC needs to determine what possible candidates Alice can send to Bob. This is the time for ICE, STUN and TURN and if you want to see more details on what is happening, you will have to use a network sniffing tool of your choice. Two very popular tools are Network Monitor 3 and Wireshark.
The candidate list includes the local list of IP address and port combinations (host candidates), a list of IP address and port combinations allocated by a NAT device (server reflexive candidates) and a list of TURN server IP address and port combinations (relayed candidates).
Here is a typical sequence of packets you can see while obtaining the candidate list. Please keep in mind that connection testing takes place for several different TCP and UDP port numbers. The testing for TCP and UDP candidates is done in parallel, although the following pictures implies that TCP and UDP tests are done in serial order.
The TURN Allocate Response messages from the A/V Edge server include all information Alice needs to determine whether she is sitting behind a NAT device and what IP/Protocol/Port combination to use for all candidates provided in the subsequent SIP/SDP offer.
Converting the XORMappedAddress Field
Here is an example how information for the TURN Allocate Response gets parsed:
The "MappedAddress" field contains the IP address and port combination of the A/V Edge server interface, Bob can use sending media information to.
The XORMappedAddress field contains information about Alice's IP address and port combination from the A/V Edge server's point of view. This field provides the information Alice needs for detecting a NAT device and what her internal IP address and port gets mapped to on the external side.
In its current version, the Network Monitor parser does not convert the XORMappedAddress field and you might want to manually check the content of that field.
To convert the IP address, you have to XOR it with the 32 most significant bits of the TransactionID field:
Converting the XORMappedAddress IP to a hex view: 0x75895AF6 (117.137.90.246)
XOR with the 32 most significant bits of TransactionID: 0x2112A442
0x549BFEB4
Convert to a human readable format: 84.155.254.180 (NAT-mapped IP address)
Alice's local (private) IP address of 192.168.0.103 gets mapped to 84.155.254.180 through intermediate NAT devices. For the process of obtaining the list of candidates, it does not matter how many NAT devices are between Alice and the A/V Edge server. Only the NAT device closest to the A/V Edge server will be relevant for that process.
To convert the port number, you have to XOR it with the 16 most significant bits of the TransactionID field:
Converting the XORMappedAddress port to a hex view: 0xE263
XOR with the 16 most significant bits of TransactionID: 0x2112
0xC371
Convert to decimal format: 50033 (NAT-mapped port number)
You will see those IP addresses and ports later in the SIP/SDP Offer packet, sent to Bob.
Negotiating the Candidate with Bob
Generally speaking, there is a lot of SIP and candidate testing traffic, before the media channel will be established. Here is a high level overview on what is going on when Alice and Bob are both using Office Communicator 2007 R2 clients. In case of MPOP or legacy clients, the following sequence will differ.
As a first step, Alice will send out a "SIP INVITE", including her list of candidates. With Office Communciator R2, Bob will return his list of candidates in the "SIP 183 SESSION PROGRESS". After Alice received the SDP candidate list from Bob, she will start connection testing and build a matrix with possible media channels to Bob (for more details, please check the "ICE Candidate testing" section). The same process happens on Bob's side. Depending on the priority of the possible candidates, Alice will send a single SDP candidate in a second "SIP INVITE" and, as she is the controlling agent, she will ask Bob to use certain candidates from his list for this media session. Bob now has to double check the proposed candidates from Alice and will accept the candidates in his answer packet ("SIP 200 OK").
As both parties agreed on their IP, protocol and port combinations, they will now create the media channels and media information gets transmitted between both parties. Depending on the intermediate network layout, this might be a direct connection (always preferred) or a relayed connection with the A/V Edge as the data relay.
Where to find SDP information in a SIP Message Flow
The "SIP INVITE" contains an SDP block, also called the SDP Offer and provides the list of all candidates Alice identified in the previous ICE tests.
Depending on what OC client version Bob is using, the SDP Answer information can be found in different places:
- SIP 18x provisional response only for OC 2007 R2, supporting Early Media
- SIP OK valid for all OC client versions
MPOP differences
In case Bob is signed in to more than one OC client, you will see several "SIP 183 SESSION PROGRESS" replies. Those replies differ in the "SIP To" header. For every OC Client, you can identify a different "epid" and "tag" field. In addition to that, every MPOP client sends his list of candidates and candidate testing is done for all of them. As soon as the client receives a media packet on one of the candidates protocol/port combinations, the remaining endpoints will be dropped.
Differences with legacy clients
There is no "SIP 183 SESSION PROGRESS" and "SIP PRACK" transaction with legacy OC clients. Bob returns his candidate list with the "SIP 200 OK" and candidate testing starts after that. This is the reason, why the media channel gets established later with OC 2007 than with OC 2007 R2 and an initial greeting from Bob or Alice might get cut off.
OC 2007 R2 Additions
The candidate lists exchanged between two OC 2007 R2 clients, establishing a call between a remote party (on the Internet) and an internal party (on the corporate network) changed between Office Communicator 2007 and Office Communicator 2007 R2. We changed the SDP section, because we had to solve issues with Multiple Points of Presence (MPOP) that were not covered with the previous version of ICE. In addition, we enhanced support for Early Media and added the new modality for Application Sharing. For more details on what changed for media traversal, please check Alan Shens' post at http://www.unifysquare.com/blog/post/OCS-2007-R2-Whate28099s-new-for-Media-Traversal.aspx.
Starting with OCS 2007 R2, you will see two almost similar parts of SDP information in SIP INVITE requests from the new Office Communicator 2007 R2. There have been changes to the ICE negotiation that cannot be used with older versions of OCS. Therefore Office Communicator has to offer two SDP versions during the initial session setup.
The content for legacy clients using ICEv6 (see IETFDRAFT-ICENAT-06) starts with a section, containing the "Content-Disposition" information of "ms-proxy-2007fallback":
Content-Type: application/sdp
Content-Transfer-Encoding: 7bit
Content-Disposition: session; handling=optional; ms-proxy-2007fallback
The content for the clients using the new ICEv19 (see IETFDRAFT-ICENAT-19) version starts with the following lines and does NOT include the ms-proxy-2007fallback attribute:
Content-Type: application/sdp
Content-Transfer-Encoding: 7bit
Content-Disposition: session; handling=optional
The "ms-proxy-2007fallback" parameter in the "Content-Disposition" header field is used as a hint to the Proxy Server to retry the SIP INVITE with only a single body when a "415 Unsupported Media Type" response is received, indicating the remote User Agent does not accept multipart SDP messages.
You will only see the multipart SDP information in the first SIP INVITE. All subsequent SIP messages containing SDP information will only use the SDP format suitable for the clients involved.
SDP Details
Here is an example for an OC 2007 R2 client running in a private network (behind a NAT device) and using IP 192.168.100.112 on its NIC.
The next lines are from the ICEv6 candidate list:
[---------]:[---------1----------] 2 [-----3------] [4] [-5-] [-------6-----] [-7-]
a=candidate:uuK9Gym3F0zReasv+FyKCM 1 UwaQkvk5hiWgVg UDP 0.850 192.168.100.112 50005
a=candidate:uuK9Gym3F0zReasv+FyKCM 2 UwaQkvk5hiWgVg UDP 0.850 192.168.100.112 50031
a=candidate:9/vLJjcL+aemcsR1AxpVM0 1 6Puckob7qP8GFA TCP 0.190 213.199.141.181 56909
a=candidate:9/vLJjcL+aemcsR1AxpVM0 2 6Puckob7qP8GFA TCP 0.190 213.199.141.181 56909
a=candidate:iHdvoVfXm2i2IPGmfO0xa4 1 UbNAQVuHoEoHVA UDP 0.490 213.199.141.181 52003
a=candidate:iHdvoVfXm2i2IPGmfO0xa4 2 UbNAQVuHoEoHVA UDP 0.490 213.199.141.181 50126
a=candidate:3ECLhrmJtmDK/j3FY4O5Tw 1 c6zoXvSFIqRfcw TCP 0.250 171.231.102.218 50025
a=candidate:3ECLhrmJtmDK/j3FY4O5Tw 2 c6zoXvSFIqRfcw TCP 0.250 171.231.102.218 50025
a=candidate:FKVarEmvn9yEvjD5xahFa0 1 qNTE/3CmryPpGA UDP 0.550 171.231.102.218 50015
a=candidate:FKVarEmvn9yEvjD5xahFa0 2 qNTE/3CmryPpGA UDP 0.550 171.231.102.218 50028
1. This is the hash of a user name
2. This is an indicator for (S)RTP or (S)RTCP
3. This is a hash of the user password
4. The protocol used (UDP or TCP) on this IP and port
5. This is a weight, indicating which of the candidates is preferred over the others. Higher numbers are preferred over lower numbers, in case a connection can be established to this IP, port and protocol combination. Generally speaking, UDP gets preferred over TCP and local candidates are preferred over NATed candidates (STUN), which are preferred over relayed IP addresses (TURN).
6. The IP address the second party can connect to
7. The port number the second party can connect to. If you take a closer look at the port numbers used, you will see, that UDP ports for RTP and RTCP always differ, whereas TCP ports for RTP and RTCP get multiplexed over the same port number.
The following lines are from the ICEv19 candidate list:
[---------]:1 2 [---3--] [----4---] [------5------] [-6-] [---7---] [---------------8---------------]
a=candidate:1 1 UDP 2130706431 192.168.100.112 50036 typ host
a=candidate:1 2 UDP 2130705918 192.168.100.112 50032 typ host
a=candidate:2 1 TCP-PASS 6556159 213.199.141.181 52899 typ relay raddr 213.199.141.181 rport 52899
a=candidate:2 2 TCP-PASS 6556158 213.199.141.181 52899 typ relay raddr 213.199.141.181 rport 52899
a=candidate:3 1 UDP 16648703 213.199.141.181 57309 typ relay raddr 213.199.141.181 rport 57309
a=candidate:3 2 UDP 16648702 213.199.141.181 54054 typ relay raddr 213.199.141.181 rport 54054
a=candidate:4 1 TCP-ACT 7076863 213.199.141.181 52899 typ relay raddr 213.199.141.181 rport 52899
a=candidate:4 2 TCP-ACT 7076350 213.199.141.181 52899 typ relay raddr 213.199.141.181 rport 52899
a=candidate:5 1 TCP-ACT 1684797951 171.231.102.218 50032 typ srflx raddr 192.168.100.112 rport 50032
a=candidate:5 2 TCP-ACT 1684797438 171.231.102.218 50032 typ srflx raddr 192.168.100.112 rport 50032
a=candidate:6 1 UDP 1694234623 171.231.102.218 50033 typ srflx raddr 192.168.100.112 rport 50033
a=candidate:6 2 UDP 1694234110 171.231.102.218 50039 typ srflx raddr 192.168.100.112 rport 50039
1. The first column after "a=candidate" is called foundation. According to draft-ietf-mmusic-ice-19, the foundation is used to optimize ICE performance in the Frozen algorithm.
2. This is the component ID, an indicator for (S)RTP or (S)RTCP
3. This column is describing the protocol used. When the user agents perform address allocations to gather TCP-based candidates, two types of candidates can be obtained. These are active candidates (TCP-ACT) or passive candidates (TCP-PASS). An active candidate is one for which the agent will attempt to open an outbound connection, but will not receive incoming connection requests. A passive candidate is one for which the agent will receive incoming connection attempts, but not attempt a connection.
4. This is the weight used to prioritize single candidates. Higher numbers are preferred over lower numbers, in case a connection can be established to this IP, port and protocol combination. Each candidate for a media stream must have a unique priority (positive integer up to 2^31-1).
5. The IP address the second party can connect to.
6. The port number the second party can connect to. The port for TCP RTP and RTCP gets multiplexed, whereas UDP ports for RTP and RTCP always differ.
7. This is type information, describing the type of "advertised" address.
host This is a local address
relay This is the IP address from a relay (TURN) server
srflx Server reflexive address is the NATed IP address
8. IP address and port combination
ICE Candidate Testing
After Alice received Bob's list of candidates, she will start building candidate pairs. The candidate pairs are ordered, based on their corresponding priorities on both sides. This makes sure that both peers are using the same list of candidate pairs in the same order.
In addition to that, the foundation from SDP Offer and Answer gets used to group pairs with similar network conditions. Candidate pairs must have the same protocol type. Mixing TCP and UDP candidates is not allowed. Candidate pairs with the same foundation are ordered by their priority and all, but the candidate pair with the highest priority is set to frozen state. This is mainly for reducing the number of connectivity tests. If, for instance, the connectivity test for the UDP/(S)RTP host candidate fails, it is most likely that the UDP/(S)RTCP candidate for the host will fail too and we will omit this test. If the connectivity test for a candidate pair succeeds, its state gets set to "Succeeded". All other candidate pairs with the same foundation are unfrozen now and will initiate their "STUN Binding Requests" for connectivity checking.
The connectivity testing for each unfrozen candidate pair will be done through a "STUN Binding Request", sent from the local candidates endpoint to the matching remote candidate. These checks are called ordinary checks. As soon as the peer receives a "STUN Binding Request", it responds with the corresponding "STUN Binding Response" and initiates his own "STUN Binding Request" on the same IP/protocol/port combination. This is called a triggered check.
Alice will serve as controlling agent, as she initiated the call. This means that Alice will be responsible for selecting the final candidates for media flow. Bob, as the called user, serves as controlled agent. Bob is responsible to validate the candidates from the final offer. If his list of candidate pairs does not contain the final candidates, the call must fail. If there is a matching candidate pair, Bob will send a final answer to enable media flow.
Here is an example of how the candidate and remote-candidate attributes might look like in a final offer:
a=candidate:3 1 UDP 16648703 213.199.141.181 57309 typ relay raddr 213.199.141.181 rport 57309
a=candidate:3 2 UDP 16648702 213.199.141.181 54054 typ relay raddr 213.199.141.181 rport 54054
a=remote-candidates:1 213.199.141.81 51721 2 213.199.141.81 58975
I hope this explains some of the details while establishing a media session between clients using SDP and ICE.
This insight into Office Communications Server 2007 R2 was created as part of Bernd Ott’s participation in the Microsoft Certified Master program.
P
The Microsoft Certified Master Program: The Microsoft Certified Master: Microsoft Office Communications Server 2007 program provides the most in-depth and comprehensive training available today for Office Communications Server 2007. This three-week training program is delivered by recognized experts from Microsoft and Microsoft partner organizations.
posted
by
ocsteam |
2 Comments
Filed Under:
Microsoft Certified Master
Thursday, April 16, 2009 2:00 PM
How to install Office Communications Server 2007 R2 to a SQL Server Named Instance using a non default TCP\IP port
The information listed below has been tested using Microsoft SQL Server 2005 and Microsoft SQL Server 2008.?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /
Office Communications Server 2007 Enterprise Edition R2 supports the use of non default TCP\IP port configurations for network access to its pool configuration databases that are located on the backend SQL server instance. Microsoft SQL Server supports three types of configurations for the Instances that it can host. They are:
Default Instance
The Default Instance is the instance that is installed on the SQL Server that will inherit the host name of the server that SQL Server is installed on. There can only be one Default Instance installation per SQL Server. So any instances that are installed before or after the single Default Instance will have to be a SQL Server Named Instance.
Named Instance
A Named Instance can be installed onto a SQL Server at any time. Microsoft SQL Server can support many Named Instances at one time. Named Instances will use whatever meaningful name that they were given during their installation. For specifics on the number of Named Instances the your version of SQL Server can support please query the SQL Server Books Online help tool or visit the Microsoft SQL Server website and search its technical listings.
Default Instance\Named Instance
This SQL Server installation includes an installed Default Instance along with one or more Named Instances that are installed on the Microsoft SQL Server. The Default Instance will inherit the host name of the server that Microsoft SQL Server is installed on, and any Named Instance will use whatever meaningful name that they were given during their installation. For specifics on the number of Named Instances the your version of SQL Server can support please query the SQL Server Books Online help tool or visit the Microsoft SQL Server website and search its technical listings.
The Microsoft SQL Server Default Instance will always use the TCP Port 1433 to listen on with its initial installation. This is the default listening port for the Microsoft SQL Server service when it is installed as a Default Instance. The Default Instance can be configured to listen on a non default TCP\IP port. When configured to listen on a non default TCP\IP port the SQL Server client application will have to specify the non default TCP\IP port in their configuration string e. g. Default Instance,1501. This will allow the SQL Server client application connect to the server that is hosting Microsoft SQL Server by using its host name and specifying the non default TCP\IP port 1501.
The SQL Server Browser service is used by the Microsoft SQL Server to manage the non default port connectivity information for each of the Named Instances that are installed on the Microsoft SQL Server. The Named Instances use a dynamic TCP\IP port configuration by default, but they can have a static non default TCP\IP port configuration manually applied to them. The SQL Server Browser service will manage the TCP\IP port connectivity information for either. Please remember the SQL Server Default Instance does not ever use the SQL Browser service to manage its non default TCP\IP port configuration. The SQL Server Browser service should be enabled to start automatically when a Named Instance is installed on the Microsoft SQL Server. Use the Microsoft SQL Server services.msc to locate the SQL Server Browser service. Make sure that this service is set to start automatically and is started. The SQL Server Bowser service will automatically assign its self to UDP port 1434. Please remember to make sure that UDP port 1434 in unrestricted for bi-directional traffic between the Office Communications Server 2007 Enterprise Edition R2 Pool server and the Microsoft SQL Server back end.
SQL Server Books Online (November 2008)
Using SQL Server Browser
http://msdn.microsoft.com/en-us/library/ms165724(SQL.90).aspx
Listed below are the configuration steps that will allow the Office Communications Server 2007 R2 Enterprise Edition Pool server to access the Microsoft SQL Server Named Instance, Default Instance \ Named Instance configurations. Since the Microsoft SQL Server Default Instance configuration requires the use of a specific configuration string e. g. Default Instance,1501 it is currently not fully applicable with the Office Communications Server 2007 R2 Enterprise Edition Create Pool wizard, so at this time I will not bother to include this non default TCP\IP port configuration for the Microsoft SQL Server Default Instance configuration. For this article I will specify the non default TCP\IP port configuration for the Default Instance\Named Instance Microsoft SQL Server Instance configuration.
The Microsoft SQL Server named instance is installed with the default instance e. g. Default Instance\Named Instance. The steps listed below will also work with the implementation of the Microsoft SQL Server Named Instance configuration.
To begin with you will need to use the SQL Server Configuration Manager on the Microsoft SQL Server that will host the Office Communications Server 2007 R2 Enterprise Edition database collection to make sure that the protocols listed in the Microsoft SQL Server network configuration match each other.
SQL Server Configuration Manager?xml:namespace prefix = v ns = "urn:schemas-microsoft-com:vml" / P
Protocols for SQL Server
Protocols for Named Instance
SQL Native Client Configuration - Client Protocols
Next the TCP/IP static listening port needs to be set on the Named Instance using the SQL Server Configuration Manager on the Microsoft SQL Server.
SQL Server Network ConfigurationP
Highlight the Protocols for Named Instance node and then locate TCP\IP in the Details pane. Open the TCP\IP properties dialog and click on the IP Addresses tab. Three categories will be listed as IP1, IP2 and IPAll. Replace the 0 in the TCP Dynamic Ports entry with a blank space. Then add your chosen TCP port number to the TCP port entry for all 3 categories. For instance, TCP Port 1501 (as per this example).
Click on the OK button and you will be prompted to restart the Default Instance\Named Instance for the changes to take effect. The SQL Server service for each should restart without an error
From a command prompt on the Microsoft SQL Server box use c:\ gt;netstat -ano followed by c:\ gt;tasklist /svc. This will list the active and listening ports / process IDs on the server along with the process ID / service name. The c:\ gt;netstat -ano output should have an entry similar to the one listed below. The SQL Server process for the Named Instance has a process ID of 2401 and is listening on all interfaces on TCP 1501.
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:1501 0.0.0.0:0 LISTENING 2401
The c:\ gt;tasklist /svc entry will back end similar to the one listed above
Image Name PID Services
========================= ==============================================
sqlservr.exe 2401 MSSQL$NamedInstance
Now we can see that the SQL Server service for the Named Instance is listening on the TCP port that we specified earlier. At this point the SQL Server service for the Named Instance is no longer using a dynamic TCP port to listen for SQL server requests from client applications. Please remember that if the Named Instance is hosting other applications besides the Office Communications Server 2007 R2 databases that this update could cause a break in connectivity for the legacy client applications. This operation should be performed on a Microsoft SQL Server Named Instance that is dedicated to just the Office Communications Server 2007 R2 databases. The benefit of using the static TCP port for the SQL Server Named Instance is that it will allow network administrators the flexibility to choose the TCP ports that they would want their SQL Server Instances to use on their network which hosts the Office Communications Server 2007 Enterprise Edition R2 databases. Please make sure that routing or firewall rules on devices that will help route the IP traffic between the Office Communications Server 2007 R2 Enterprise Edition Pool and the Microsoft SQL Server that will host the Office Communications Server 2007 R2 Enterprise Edition back end databases.
How it works
The SQL Server native client library will query the SQL Server Browser service on the Microsoft SQL Server using an ephemeral source UDP port that has a destination of the listening UDP port 1434 on the Microsoft SQL Server box. The SQL Server browser will respond to the query for the Named Instance SQL Server service listening TCP ports with the requested information. The information in the UDP packet is in clear text and can be read using a network capture tool such as Wireshark or Network Monitor.
Testing non default port connectivity
You can install the Microsoft SQL Server workstation tools on the Office Communications Server 2007 R2 Enterprise Edition consolidated server. Though the SQL Server native library is available with the R2 installation of Office Communications Server 2007, the SQL Server workstation tools allow you to use the GUI SQL Server Configuration Manager along with the SQL Server Management Studio. This combination allows you the availability to test the connectivity between the server that will host Office Communications Server 2007 R2 Server and the SQL Server database installations. When testing is complete you can remove the Microsoft SQL Server workstation tools from the Office Communications Server 2007 R2 Pool server.
Now to test your connectivity prior to installing Office Communications Server 2007 R2 Enterprise Edition you will need to install a Network capture tool on to the Office Communications Server 2007 R2 server to back end and open the SQL Server Management Studio. Using the SQL Server 2007 Management Studio you will connect to your Default Instance\Named Instance while taking a network capture to confirm that you are connecting to the Microsoft SQL Server using port TCP 1501 (as per the example).
1. Start the network capture
2. In SQL Server Management Studio choose Connect \ Database Engine from the pull down menu
3. Enter your Default Instance\Named Instance
4. Click on Connect. You will back end able to browse the SQL server system databases in the Object Explorer. You will not back end able to view the contents of the system tables though - they are read only.
5. Stop your network capture and view the TCP traffic to the IP address of the SQL Server. Notice that your designated TCP\IP port is back ending used.
Now you are ready to:
· Create the Office Communications Server 2007 Enterprise Edition R2 pool from the Office Communications Server 2007 R2 server and configure the Pool
· Add the Server to the Pool
· Create and apply the certificates to the Office Communications Server 2007 R2 pool server
· Start the Office Communications Server 2007 Enterprise Edition R2 services
While performing the steps listed above you can take a network capture at each step so you can view the TCP traffic between the non default port on the Microsoft SQL Server backend server and Office Communications Server 2007 R2 Enterprise Edition pool server. This will allow you to confirm that the non default port configuration for the Default Instance\Named Instance is working as expected. Also, if you want you can filter the network capture for the UDP port 1434 traffic. Inspecting these packets will let you see the SQL Server instance TCP port configuration that is passed back to the Office Communications Server 2007 R2 Enterprise Edition server.
Upon completion of the install remember to reboot the Office Communications Server 2007 R2 Enterprise Edition Pool server to make sure that all the services start without an issue.
Mike Adkins
posted
by
ocsteam |
4 Comments
Monday, April 13, 2009 1:15 PM
UPDATE for R2: Where to Store OCS Global Settings?
?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /
This is an update to a post I made about a year ago to help you choose the AD store OCS uses for global settings.
Quick note on terminology
Active Directory has three stores often referred to as Naming Contexts –Schema, Domain and Configuration. The Schema and Configuration Naming Contexts are replicated to every domain controller in the Forest. The Domain Naming Context is replicated only to its Domain Controllers. In OCS documentation we typically refer to the Domain Naming Context as the System container in the root domain and the Configuration Naming Context as the Configuration Partition. Given this you can see that for a single Domain Forest this topic has no relevance to you and you should move on to a more interesting blog post J
LCS stored its configuration in the Domain Naming Context or System Container. OCS 2007 added a choice to use the Configuration Naming Context or Configuration Partition. OCS 2007 R2 defaults to the Configuration Partition. We made this change in R2 to insure your OCS servers always have access to their configuration information and we have provided a script to move from the System container if you would like to do this. This gives you the capability in case you already have installed LCS or OCS configuration in the System container, to move it to the Configuration partition before you install R2.
Here’s an updated decision tree reflecting the R2 default preference of the Configuration Partition:
?xml:namespace prefix = v ns = "urn:schemas-microsoft-com:vml" /
If you’re considering running the migration script to switch from the system container to the configuration partition think about the following:
1. You can only do this before you run any setup activities for R2 (notably Prep Schema)
2. You must stop all OCS and LCS services in the forest for the duration
3. No LCS 2005 SP1 servers can be added to the Forest after the move
4. You’ll need to re-run Prep Forest for OCS to apply permissions
5. You’ll need to re-run Prep Domain for LCS to apply perms
6. You’ll need to wait for Active Directory replication so depending on the size of your Forest and AD convergence time you may sustain a significant outage.
You can download the migration script along with a how-to document here:
http://www.microsoft.com/downloads/details.aspx?FamilyID=23236784-508e-44c9-809d-30ff245928d8 amp;DisplayLang=en
This insight into Office Communications Server 2007 R2 was created as part of Andrew Sniderman participation in the Microsoft Certified Master program.
The Microsoft Certified Master Program: The Microsoft Certified Master: Microsoft Office Communications Server 2007 program provides the most in-depth and comprehensive training available today for Office Communications Server 2007. This three-week training program is delivered by recognized experts from Microsoft and Microsoft partner organizations.
P
posted
by
ocsteam |
2 Comments
Filed Under:
Microsoft Certified Master
Wednesday, April 08, 2009 1:43 PM
Link: Configuring R2 A/V Edge Service for NAT
Rick Varvel, a Microsoft Principal Consultant has just started his blog and his first post is fantastic. Here is the link to his post - http://blogs.technet.com/rickva/archive/2009/04/03/Configuring-A_2F00_V-Edge-Service-for-NAT.aspx OCS Team
posted
by
ocsteam |
2 Comments
Filed Under:
Edge Servers, OCS R2
Wednesday, April 08, 2009 9:15 AM
Office Communicator Configuration Information
Administrators, users and troubleshooters value the possibility in Outlook 2007 to get status about the connections: by holding the ctrl key while right clicking the Outlook icon in the notification area and choosing “Connection Status” (see also http://office.microsoft.com/en-us/outlook/HP010363941033.aspx). ?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /
With the new R2 version of the client, Microsoft introduces a similar dialog for Office Communicator 2007 R2. Hold Ctrl while right clicking the OC 2007 R2 icon in the notification area, choose “Configuration Information…” and it will open the following screen:
The values listed in this screen are retrieved during login by inband provisioning from the server and/or set by group policy. While you could read all this information from the Office Communicator logs and the registry, the dialog presents them in a easy to read manner and might be a good starting point for troubleshooting.
DG URL Internal
The client will use this URL if connected to the internal environment, to connect to the web service that expands distribution groups.
DG URL External
The client will use this URL if connected to the external environment, to connect to the web service that expands distribution groups.
Quality Metrics URI
Quality Metrics will be sent to this Monitoring Server. The client will send it to the Front End it is connected to, where Microsoft Message Queue will send it to the Monitoring Server. Having this entry here basicly tells you, that Monitoring is activated for the pool homing this user.
URL Internal From Server
Internal users will use this URL to download the address book for Office Communicator.
URL External From Server
External users will use this URL to download the address book for Office Communicator.
Voice mail URI
To call the user directly on voice mail, this URI has to be addressed. Having this entry shows also, that the user is enabled for voice mail.
MRAS Server
MRAS is the Media Relay Authetication Service, providing credentials to use the AV Edge Server. Having the information “ENABLED” here, tells us that the client has valid credentials for AV Edge. However, this does not provide information, if the client is also able to access the AV Edge server or if there might be firewalls blocking the connction.
GAL Status
We Can see here, which address was used to download the address book and if the download was successful.
Controlled Phones
This setting shows, if Office Communicator can be coupled with a Tanjay. For more information about theis topic see “Pairing Office Communicator Phone Edition (Tanjay) to Communicator “ in this blog entry: http://communicatorteam.com/archive/2009/01/13/381.aspx
PC to PC AV Encryption
Specifies if RTP traffic between two participants has to be encrypted. The setting can have range from “Require encryption”, over “Do not support encryption” to never encrypted. “Encryption supported” will encrypt the AV traffic, if the communication partner is capable of encryptions. If you still have Office Communicator 2005 clients in your environment, “Encryption supported” should be the setting of your choice as because of different encryption mechanisms in Office Communicator 2005 and Office Communicator 2007 or newer, encrypted calls between these clients will not work.
Focus Factory
The focus factory is responsible for creating conferences for a user. The listed SIP URI will be used, whenever we create a conference.
Line
Line shows the phone number, that is configured for the user.
Line Configured From
“Line configured from” shows, where the line was configured. In this case, the line was configured on the server.
Location Profile
Thelocation profile, the user is assigned to.
MAPI Info
MAPI info tells us, if the client was able to connect to mailbox using MAPI in order to publsih free/busy information and OOF messages.
Inside User Status
Shows if the user is connected to the internal OCS servers (“TRUE”) or through the Edge Server (“FALSE”).
Auto Update Download Started
OCS 2007 R2 provides automatical updates for clients. If there is an update in progress, this line shows us the start of the download.
Auto Update Download Completed
This line tells us, if the update download was completed.
Last Auto Update Request
To determine, when the last auto update request was send, we can leverage this line.
Pairing State
“Paring State” refers to the “Better Together” feature, where a Tanjay phone is connected via USB to the desktop computer, to function as a handset and speakerphone for Office Communicator 2007 R2. Conferences and calls can be managed from the Tanjay as well as from the Office Communicator 2007 R2 client.
Server SIP URI
Server SIP URI tells us, if we are connected through TCP (unencrypted) or TLS (encrypted).
This insight into Office Communications Server 2007 R2 was created as part of Thomas Binder’s participation in the Microsoft Certified Master program.
The Microsoft Certified Master Program: The Microsoft Certified Master: Microsoft Office Communications Server 2007 program provides the most in-depth and comprehensive training available today for Office Communications Server 2007. This three-week training program is delivered by recognized experts from Microsoft and Microsoft partner organizations.
P
posted
by
ocsteam |
3 Comments
Filed Under:
Microsoft Certified Master
Friday, April 03, 2009 9:15 AM
OCS 2007 R2: What’s new for Media Traversal?
?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /
It’s been a while since I wrote this blog on OCS 2007 media traversal. I’ve since left Microsoft to join a UC consulting company, but media traversal is still near and dear to me. This blog describes some of the improvements in media traversal that have been implemented in OCS 2007 R2.
Some things haven’t changed
The overall architecture of media endpoints using ICE and the STUN/TURN capabilities of the A/V Edge server has not changed. Signaling is still protected by TLS encryption, media is still protected by SRTP encryption. STUN/TURN allocations against the A/V Edge are still protected by a digest authentication mechanism whose password rotates every eight hours, and obtaining this allocation password is still protected within a TLS encrypted SIP SERVICE message. That said, a lot of improvements have been made in OCS 2007 R2. Let’s take a look at some of them.
Support of Early Media
In OCS 2007, negotiation of a media path (i.e. ICE connectivity checks) started when the called party answered the call. Specifically, ICE candidates were sent by the caller in the INVITE and by the callee in the 200 OK. This resulted in a slight delay between the called party answering and when media would actually flow. (The one exception to this was outbound calls to PSTN. To support PSTN gateways that started sending audio before the 200OK, the mediation server would actually send ICE candidates in a 180 RINGING in addition to the 200 OK. This enabled a poor man’s version of early media where one-way audio could be transferred from the mediation server to the calling endpoint before the full ICE negotiation occurred, preventing any initial “Hello?” audio from being clipped.)
OCS 2007 R2 endpoints support early media, a feature which enables negotiation of media before the call is accepted by the called party. This addresses the audio clipping issue and enables a number of other scenarios such as playing custom ring back tones to the caller. Practically speaking, this means that ICE must be negotiated before the 200 OK. What you’ll notice is that the called party will send back ICE candidates in a 183 SESSION PROGRESS message. Under the covers, this triggers a full ICE negotiation, enabling the media path to be ready the instant the called party actually answers the call. (Note that the called party still sends candidates in the 200 OK message and a final ICE negotiation still happens, though this rarely results in a switch of the media path.)
If a called user has multiple R2 endpoints register, each will allocate ICE endpoints and negotiate an early media ICE path with the caller. However, as soon as the caller receives an audio packet from one of the dialed endpoints, it will stop listening on the other early media paths. In theory, the media path could switch after the final ICE negotiation occurs with the 200 OK. (e.g. Let’s say an incoming call is set to simulring a user’s OC endpoint and a his cell phone. The cell phone system generates a custom ring back tone, but the user ends up answering on OC.) However, in the vast majority cases, the endpoint that sent early media audio packets will be the same endpoint that actually answers the call and sends the 200 OK.
App Sharing Use of ICE/STUN/TURN
OCS 2007 R2 introduces a new modality called App Sharing, built upon the same RDP protocol used in Terminal Services. Though functionally similar to the desktop sharing feature in Live Meeting, it functions as a totally separate modality outside of a Live Meeting conference. For app sharing sessions involving two OC endpoints, the app sharing media stream flows point to point. For conferences that use app sharing or if a CWA endpoint is involved, the media flows through the new app sharing MCU. In either case, the same ICE/STUN/TURN mechanism used to negotiate an audio and video path is also used to negotiate an app sharing media path…with one key difference. Unlike audio and video, the RDP protocol is not designed to be run over an unreliable transport protocol like UDP. Therefore, the app sharing modality uses ICE/STUN/TURN in a TCP-only mode. One interesting note is that in this TCP-only mode, TCP candidates are actually supported on the endpoint hosts, enabling a point to point TCP media stream. For voice and video, only a point to point UDP stream is possible.
Support of ICE version 19
In OCS 2007 R2, all endpoints support ICE version 19. In actually, OCS 2007 R2 endpoints support both ICE version 19 and the legacy ICE version 6 implemented in OCS 2007. Full treatment of the differences between these two versions is beyond the scope of this blog and probably not something you’ll ever need to know, but let’s look at an SDP fragment from on R2 OC client to get a sense for some of the key differences:
------=_NextPart_000_0149_01C9A22E.BDA43360
Content-Type: application/sdp
Content-Transfer-Encoding: 7bit
Content-Disposition: session; handling=optional; ms-proxy-2007fallback
v=0
o=- 0 0 IN IP4 192.168.5.150
s=session
c=IN IP4 192.168.5.150
b=CT:99980
t=0 0
m=audio 50010 RTP/AVP 114 111 112 115 116 4 8 0 97 13 118 101
k=base64:ROFyvlcWFwsPej5xrWlQj+PFsw9Uyy0OSHoFv62mLTPvXdpnn5XvqcxI556k
a=candidate:Y821qEyRKswvPiFeMBgkQBTTL0vJDm//txizLAGyhKQ 1 o4IBYszjQDYWPTb58I7szQ UDP 0.830 192.168.5.150 50010
a=candidate:Y821qEyRKswvPiFeMBgkQBTTL0vJDm//txizLAGyhKQ 2 o4IBYszjQDYWPTb58I7szQ UDP 0.830 192.168.5.150 50008
a=candidate:VS7Zjeu4CJwh6kMO3xTuwAOhW6gGpoC9NpqEv7S8geA 1 9cJV/DeRmf+hwEws92rRNQ TCP 0.190 64.105.253.213 56653
a=candidate:VS7Zjeu4CJwh6kMO3xTuwAOhW6gGpoC9NpqEv7S8geA 2 9cJV/DeRmf+hwEws92rRNQ TCP 0.190 64.105.253.213 56653
a=candidate:cnsB1P6I85tVDpl/UgjTWRl8rFOYSkXOa8nPvnl2RJU 1 +Mkh11586TV6kN8IpnLVMQ UDP 0.490 64.105.253.213 58140
a=candidate:cnsB1P6I85tVDpl/UgjTWRl8rFOYSkXOa8nPvnl2RJU 2 +Mkh11586TV6kN8IpnLVMQ UDP 0.490 64.105.253.213 55208
a=candidate:/YhjMGvsupfnJrUraPnPUwnSUV3IsMpMLHwZIqW4aQI 1 Fvf+CecTZF6sVN/Svuunrg TCP 0.250 10.0.0.2 50014
a=candidate:/YhjMGvsupfnJrUraPnPUwnSUV3IsMpMLHwZIqW4aQI 2 Fvf+CecTZF6sVN/Svuunrg TCP 0.250 10.0.0.2 50014
a=candidate:VCZf8gadJG6G8Pb3xS7bj/4CVK/P+GeIhuew2tHBy9k 1 DIX0ZzFlrnlzdLGqfqWB0w UDP 0.550 10.0.0.2 50005
a=candidate:VCZf8gadJG6G8Pb3xS7bj/4CVK/P+GeIhuew2tHBy9k 2 DIX0ZzFlrnlzdLGqfqWB0w UDP 0.550 10.0.0.2 50017
a=cryptoscale:1 client AES_CM_128_HMAC_SHA1_80 inline:yEiOl3HA+vbDHvqSmvplV9BGpfg19jSxwjFElAPz|2^31|1:1
a=crypto:2 AES_CM_128_HMAC_SHA1_80 inline:HdnKHORdSJgC/rcYZ1y3uMRbKvybFruyFiD+UkoZ|2^31|1:1
a=maxptime:200
a=rtcp:50008
a=rtpmap:114 x-msrta/16000
a=fmtp:114 bitrate=29000
a=rtpmap:111 SIREN/16000
a=fmtp:111 bitrate=16000
a=rtpmap:112 G7221/16000
a=fmtp:112 bitrate=24000
a=rtpmap:115 x-msrta/8000
a=fmtp:115 bitrate=11800
a=rtpmap:116 AAL2-G726-32/8000
a=rtpmap:4 G723/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:97 RED/8000
a=rtpmap:13 CN/8000
a=rtpmap:118 CN/16000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=encryption:required
------=_NextPart_000_0149_01C9A22E.BDA43360
Content-Type: application/sdp
Content-Transfer-Encoding: 7bit
Content-Disposition: session; handling=optional
v=0
o=- 0 0 IN IP4 192.168.5.150
s=session
c=IN IP4 192.168.5.150
b=CT:99980
t=0 0
m=audio 50003 RTP/AVP 114 111 112 115 116 4 8 0 97 13 118 101
k=base64:ROFyvlcWFwsPej5xrWlQj+PFsw9Uyy0OSHoFv62mLTPvXdpnn5XvqcxI556k
a=ice-ufrag:VXim
a=ice-pwd:OKEB+HhXDUoNP4lrx8AH+syY
a=candidate:1 1 UDP 2130706431 192.168.5.150 50003 typ host
a=candidate:1 2 UDP 2130705918 192.168.5.150 50006 typ host
a=candidate:2 1 TCP-PASS 6556159 64.105.253.213 53119 typ relay raddr 64.105.253.213 rport 53119
a=candidate:2 2 TCP-PASS 6556158 64.105.253.213 53119 typ relay raddr 64.105.253.213 rport 53119
a=candidate:3 1 UDP 16648703 64.105.253.213 54183 typ relay raddr 64.105.253.213 rport 54183
a=candidate:3 2 UDP 16648702 64.105.253.213 51646 typ relay raddr 64.105.253.213 rport 51646
a=candidate:4 1 TCP-ACT 7076863 64.105.253.213 53119 typ relay raddr 64.105.253.213 rport 53119
a=candidate:4 2 TCP-ACT 7076350 64.105.253.213 53119 typ relay raddr 64.105.253.213 rport 53119
a=candidate:5 1 TCP-ACT 1684797951 10.0.0.2 50001 typ srflx raddr 192.168.5.150 rport 50001
a=candidate:5 2 TCP-ACT 1684797438 10.0.0.2 50001 typ srflx raddr 192.168.5.150 rport 50001
a=candidate:6 1 UDP 1694234623 10.0.0.2 50011 typ srflx raddr 192.168.5.150 rport 50011
a=candidate:6 2 UDP 1694234110 10.0.0.2 50009 typ srflx raddr 192.168.5.150 rport 50009
a=cryptoscale:1 client AES_CM_128_HMAC_SHA1_80 inline:yEiOl3HA+vbDHvqSmvplV9BGpfg19jSxwjFElAPz|2^31|1:1
a=crypto:2 AES_CM_128_HMAC_SHA1_80 inline:HdnKHORdSJgC/rcYZ1y3uMRbKvybFruyFiD+UkoZ|2^31|1:1
a=maxptime:200
a=rtcp:50006
a=rtpmap:114 x-msrta/16000
a=fmtp:114 bitrate=29000
a=rtpmap:111 SIREN/16000
a=fmtp:111 bitrate=16000
a=rtpmap:112 G7221/16000
a=fmtp:112 bitrate=24000
a=rtpmap:115 x-msrta/8000
a=fmtp:115 bitrate=11800
a=rtpmap:116 AAL2-G726-32/8000
a=rtpmap:4 G723/8000
a=rtpmap:8 PCMA/8000
a=rtpmap:0 PCMU/8000
a=rtpmap:97 RED/8000
a=rtpmap:13 CN/8000
a=rtpmap:118 CN/16000
a=rtpmap:101 telephone-event/8000
a=fmtp:101 0-16
a=encryption:required
------=_NextPart_000_0149_01C9A22E.BDA43360--
The first thing you notice is that this contains two complete sets of SDP. The first SDP block contains a version 6 ICE candidate list and the second contains one for version 19. You can see “ms-proxy-2007fallback” string identifies which one is the legacy block. This is called a multipart SDP and explains how OCS 2007 R2 endpoints are still able to negotiate media with Exchange 2007 UM and other legacy OCS 2007 endpoints. If the caller is R2, both SDPs are offered and the legacy endpoint responds with a ICE version 6 SDP only. This tells the R2 endpoint to go into legacy mode. If the callee is R2, the offer will contain just a legacy ICE SDP which indicates to the callee that it should only respond with a legacy ICE SDP. Keep in mind that because app sharing is a new feature of OCS 2007 R2, you will never see any app sharing candidate lists or media offer in a legacy SDP block.
You’ll also notice the version 19 candidate list is shorter and more readable. Rather than encoding a unique username/password per candidate, a common one is used for the entire set of candidates. The type of ICE candidate is also encoded, where HOST is a candidate on the endpoint itself, SRFLX (short for Server Reflexive) is a STUN candidate on the NAT, and RELAY a candidate on the A/V Edge. You’ll also notice that TCP candidates are denoted as ACT (Active) or PASS (Passive), indicating whether the candidate will initiate or receive connectivity check requests. In OCS 2007, TCP A/V Edge candidates behave as active and passive, but TCP NAT candidates were passive only. However this was not apparent from looking at the candidate list SDP. Another difference is the priority encoding. ICE version 6 used a three digit decimal to encode the priority and required floating point math to compute the combined priority of a candidate pair. In ICE version 19, the priority is now an integer, which makes the computation less intensive.
Again, the details of the SDP differences between the two ICE versions is not terribly important. Just remember the multipart nature of the SDP and how an R2 endpoint negotiates with legacy ICE endpoints.
Differences in A/V Edge 50,000 port range requirement
In OCS 2007, the external side of the A/V Edge server role required ports 50,000-59,999 to be open for UDP and TCP in the inbound and outbound direction. Although this was a secure solution (see my original blog post), networking administrators perceived this to be a security threat and were very resistant to deploying the A/V Edge role. To mitigate this deployment hurdle, OCS 2007 R2 reduces the requirement to just allowing ports 50,000-59,999 for TCP outbound only. Moreover, the product documentation now states that this outbound TCP port support is only required to support federation with OCS 2007 R2 environment. To support remote users only, opening ports UDP 3478 and TCP 443 is sufficient. (This remote-only mode worked in OCS 2007, but was not officially supported.) What changed in the A/V Edge? Well, the A/V Edge now supports a federation over a “tunneled” link.
Let’s say a R2 OC endpoint within the Contoso company network calls an R2 OC endpoint within the Litware company network. Both endpoints still advertise allocated ports in the 50,000-59,999 range in their candidate lists. Now let’s say connectivity checks are happening and the Contoso R2 A/V Edge receives a UDP STUN connectivity check destined for the Litware A/V Edge. Instead of sending that to the Litware A/V Edge using a source and destination port in the 50,000-59,999 range, the Contoso A/V Edge actually encapsulates this connectivity check in a new TURN tunnel message and sends it to the Litware A/V Edge using a UDP source and destination port of 3478. Keep in mind that the intended source and destination IP/port numbers are passed within this tunnel packet. When the Litware R2 A/V Edge receives this tunnel packet, it unpacks the message, looks at the intended source/destination IP/port info, and treats the packet as if it came to the destination IP/port from the source IP/port.
The idea is that conveying the knowledge of the intended source and destination IP/port for this connectivity check provides the equivalent security as actually sending the connectivity check along that route. This explains why UDP ports in the 50,000-59,999 range are no longer needed. Why is TCP needed in the outbound direction only? In turns out TCP also supports the same tunneling mechanism. However, TCPs connection oriented nature means problems can arise if the listening port is used as the source port when opening a TCP connection. So in the connectivity check example used above, the Contoso A/V Edge opens a TCP connection to port 443 on Litware’s A/V Edge, choosing and ephemeral source port in the 50,000-59,999 port range.
Supporting federation with legacy A/V Edge servers
The example above works for two R2 OCS deployments. What would happen if Litware was still on OCS 2007? Again, both OC endpoints will advertise A/V Edge candidates in the 50,000-59,999 port range. In order for connectivity to succeed, Contoso’s R2 A/V Edge must be able to send a connectivity check to Litware’s A/V Edge and vice versa. To support the former, Contoso doesn’t know that Litware’s A/V Edge is only on OCS 2007, so it tries to send the tunneling connectivity check packet, but Litware’s A/V Edge is legacy, so it drops these packets. Hearing no response, the Contoso A/V Edge will then flip to direct mode where it will send the packet using a source and destination port in the 50,000-59,999 port range. Similarly in the other direction, the Litware A/V Edge has no ability to send a tunneled connectivity check, so it sends directly in the 50,000-59,999 port range as well. The same logic applies to TCP connectivity checks. You can now see why opening the 50,000-59,999 port range for UDP and TCP in the inbound and outbound direction is required to support federation with legacy OCS 2007 A/V Edge deployments.
Port Range Implications
Supporting two versions of Ice in an Invite does have implications on the number of ports allocated at the start of a call. In the SDP snippet above, you’ll notice the version 6 ICE candidates are totally different than the version 18 ICE candidates, meaning two full candidate sets are allocated instead of just one set in OCS 2007. Early media could also have an impact on the number of allocated ports if a called user has multiple points of presence. Each called endpoint will allocate a set of candidates and perform a full ICE negotiation prior to the call being answered. That application sharing uses ICE could also increase the port allocation usage for ICE.
The majority of these ports is short lived and will be de-allocated within 10 seconds of the call being answered. The only ports that remain for the duration of a call are actually used to send and receive media. Nonetheless, this increased port usage at the start of a call could be an issue for enterprises who have narrowed the allowed port range of their endpoints or the reduced number of ports in the A/V Edge’s 50,000 port range. For these reasons, the OCS team recommends the media port range for R2 Office Communicator clients to be at least 40, twice the recommendation provided in OCS 2007.
Conclusion
Although the fundamental architecture of media traversal remains the same in OCS 2007 R2, a number of enhancements have been. Key impacts include: faster negotiation of the media stream through early media ICE negotiations, leveraging ICE/STUN/TURN for new modalities such as application sharing, and easing the port range requirements on the A/V Edge server through a tunneled federation mode. This revised implementation of ICE/STUN/TURN will serve as a great foundation for enabling connectivity of new media scenarios in future versions of the Microsoft Unified Communications product line.
This insight into Office Communications Server 2007 R2 was created as part of Alan Shen’s participation in the Microsoft Certified Master program.
The Microsoft Certified Master Program: The Microsoft Certified Master: Microsoft Office Communications Server 2007 program provides the most in-depth and comprehensive training available today for Office Communications Server 2007. This three-week training program is delivered by recognized experts from Microsoft and Microsoft partner organizations.
P
P
posted
by
ocsteam |
4 Comments
Filed Under:
Microsoft Certified Master
Wednesday, April 01, 2009 1:45 PM
OCS Client Logging Capabilities (MOC)
?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /
The purpose of this entry is to provide information regarding the various types of logging capabilities that exist within the numerous clients accessing the Office Communications Server Infrastructure.
At the very highest level the goal is to provide guidelines to enable both monitoring (using Windows Event logs) and tracing (writing trace statements to log files on the local client). This initial entry will focus exclusively on the Microsoft Office Communicator Client. Future entries will provide a concise reference for client logging for the LiveMeeting Client, Group Chat Client and Conferencing Attendant.
The term “Logging” will be used throughout this document as the umbrella term for instrumentation of service components to support both monitoring the health of the service (primarily real-time) and debugging (diagnosing problems during pilot/production deployment, and by PSS).
For the most part both monitoring and debugging rely on files written to the local hard disk (trace files). Since trace files are useful but not best suited for monitoring, the focus of monitoring functionality has shifted to writing to the Windows Event Log and Performance Monitor whenever possible.
Microsoft Office Communicator 2007 (and R2)
Logging can be enabled from User Interface or directly via the registry.
Enabling Office Communicator Logging (MOC 2007 and R2)
Configure Logging via the Communicator User Interface
Launch Communicator - gt; Options Dialog - gt; General page
?xml:namespace prefix = v ns = "urn:schemas-microsoft-com:vml" /
Place a check in the option called “Turn on logging in Communicator” to enable file tracing for both UCCP and UCClient. This setting enables two types of logging in the local registry described later.
Place a check in the option called “Turn on Windows Event logging for Communicator” to enable Windows Event logging. In addition to Communicator UCCP logs, a Communicator.ETL file is also created for more in depth tracing needs by PSS. Communicator trace files have an extension of .etl, and UCCP trace files have an extension of .uccplog. (Note that Communicator trace files need to be converted to .txt files for analysis which requires a special tool. These files must be sent to PSS for analysis)
As soon as you close the Options dialog, tracing will be enabled.
Enabling Office Communicator 2007 amp; R2 Logging via Group Policy
You can collect detailed troubleshooting information about Communicator 2007/R2 by using the EnableTracing and EnableEventLogging Group Policies.
These policies correspond to the Communicator 2007/R2 dialog box options Turn Logging on in Communicator and Turn on Windows Event Logging for Communicator.
Logging Output
Enabling the Windows Event Logging option will start to log events to the Windows Event Viewer.
The following Event is logged signifying the Event Logging has been enabled for Office Communicator.
Event Type: InformationEvent Source: CommunicatorEvent ID: 12Description: Communicator has enabled event logging.
Enabling the File Logging option in Communicator enables trace file output under %userprofile% \tracing by default.
*Vista users May need to add themselves to "Performance Log Users" group to generate tracing files in Vista. After that, you need to log off and login to take this into effect.
For Vista users, go to User Accounts in Control Panel and add your username to the Performance Log Group.
Configure Logging directly via the Registry
To verify that logging is enabled via the UI, or to configure logging directly using the registry editor, browse to the following Registry Path: HKEY_CURRENT_USER\software\Microsoft\Tracing.
There are two unique file tracing entries being set under these two paths for UCCP and UCClient:
HKCU\Software\Microsoft\Tracing\UCCP\Communicator
HKCU\Software\Microsoft\Tracing\UCClient\Communicator
To enable File Tracing manually, under both file paths, set the EnableFileTracing == 1
When a user de-selects the enable logging option within the UI or to disable logging manually, set the EnableTracing value back to 0 for both keys.
UCCAPI Logging (optional)
Occasionally, you may be instructed by PSS to enable additional logging under the following Registry Path:
HKCU\Software\Microsoft\Tracing\UCCAPI\Communicator
Optional Configuration via the Registry
Within the Registry, there are also configuration options for MaxFiles, MaxFileSize and FileDirectory: MaxFiles – Specifies the Number of unique Files to create
By default, you can configure how many uccp trace files will be created, however for .ETL logging, tracing will be combined into a single Communicator.etl file.
Naming Convention for UCCP Tracing Files
Since it is possible for more than one application to specify the same FileDirectory location (typically %USERPROFILE%\Tracing). This may result in some tracing information being lost and other problems when multiple applications are running simultaneously on the same machine. In order to avoid this, tracing filenames have the syntax AppString-UCCPlatform-x.log where x is an integer between 0 and MaxFiles-1 i.e. (For example, Communicator passes “Communicator” as the initialization string and if you set MaxFiles to 3, the three files generated would be Communicator-UCCAPI-0, Communicator- UCCAPI-1 and Communicator-UCCAPI-2). The File Extension for UCCP logs is .uccapilog
MaxFileSize – Allows specification for Maximum File Size
By default, a default trace file size is configured automatically, but you can modify this parameter if desired.
FileDirectory - File System Location where trace files will be written.
By default, the UCCP and UCCLIENT (.ETL) logs will be written to the \%userprofile%\tracing folder. However, it is possible to change the logging location if desired by modifying the FileDirectory string.
Log File Analysis
The *.uccapilog files can be opened in notepad or snooper.exe (OCS Resource Kit). Snooper will enhance readability of the file by highlighting individual sip conversations, but there may be additional information outside of SIP that may be of interest that requires a text editor.
Communicator .ETL files must be sent to PSS for analysis.
Windows Installer (Setup) Logging
It is also possible to enable logging for Communicator Setup.
This log will include activities of Communicator install, uninstall, repair, upgrade.
To enable Windows Installer Setup logs
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\Installer]
"Logging"="voicewarmup"
"Debug"=dword:00000007
The letters in the Logging value field can be in any order.
Each letter turns on a different logging mode.
Each letter's actual function is as follows for MSI version 1.1:
v - Verbose outputo - Out-of-disk-space messagesi - Status messagesc - Initial UI parameterse - All error messagesw - Non-fatal warningsa - Start up of actionsr - Action-specific recordsm - Out-of-memory or fatal exit informationu - User requestsp - Terminal properties+ - Append to existing file! - Flush each line to the logx - Extra debugging information. The "x" flag is available only on Windows Server 2003 and later operating systems, and on the MSI redistributable version 3.0, and on later versions of the MSI redistributable."*" - Wildcard, log all information except for the v and the x option. To include the v and the x option, specify "/l*vx".
Note: This should be used only for troubleshooting purposes and should not be left on because it will have adverse effects on system performance and disk space. Each time you use the Add/Remove Programs tool in Control Panel, a new Msi*.log file is created.
To collect MSI Setup Log files:
Start - gt; Run - gt; %Temp%
Look for the latest MSI*.log file. (* is the reference number)
This insight into Office Communications Server 2007 R2 was created as part of Kent Tilger’s participation in the Microsoft Certified Master program.
The Microsoft Certified Master Program: The Microsoft Certified Master: Microsoft Office Communications Server 2007 program provides the most in-depth and comprehensive training available today for Office Communications Server 2007. This three-week training program is delivered by recognized experts from Microsoft and Microsoft partner organizations.
P
P
posted
by
ocsteam |
3 Comments
Filed Under:
Communicator 2007 R2
Tuesday, March 24, 2009 6:35 PM
CWA 2007 R2 and Normalization Rules
This post addresses inconsistencies with how Communicator Web Access 2007 R2 (CWA) implements normalization rules in relation to OC and other OCS clients.?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /
OCS 2007 introduced the concept of location profiles and normalization rules to convert phone numbers from one format to another, typically to E.164 formatted numbers with a prefixed ‘+’. A set of normalization rules are assigned to a location profile and within the location profile the rules can be ordered to control which rule will be applied first in case multiple rules can be used for a given phone number.
The concept is shown on the following screenshot from Enterprise Voice Route Helper. The four rules are all configured to handle 4 digit numbers and the ordering defines the result of normalization to be 1111.
CWA allows users to enter phone numbers in a number of places including configuring call forward settings, re-directing audio calls and dialing out. CWA uses the normalization rules defined in the location profile configured on the pool (default location profile) of the user signing in to CWA.
In certain circumstances CWA will not produce the intended normalization of a phone number. The following screenshot illustrates the problem.
Using the normalization rules from earlier OC shows the intended normalization to 1111, but CWA normalizes to 3333. CWA produces 3333 because it is not honoring the defined ordering of the normalization rules in the location profile. Instead CWA will order the normalization rules according to creation time in Active Directory and it will use older rules before newer rules. The creation times of the normalization rules are shown on the following screenshot from a LDP.
So based on when you created the normalization rules and which order you defined you might end up in this situation. What do to about it? Microsoft will change CWA to use the defined ordering in a future version of CWA, but until that is available you will have to use work-arounds.
One work-around is to avoid the normalization in the first place and always use E.164 formatted numbers with a prefixed ‘+’.
If this is not possible you will have to create new copies of the relevant normalization rules and you will have to do it in the intended order. You can do it in the current location profile and then just delete the unwanted rules.
To find out when exactly your normalization rules were created you can use LDP or ADSIedit, but if you are only interested in the sequence they were created in you can use Enterprise Voice Route Helper or the OCS 2007 R2 MMC snap-in. The Copy Phone Number Normalization Rule dialogue box will list the rules by creation time, as can be seen in the following screenshot.
Jens Trier Rasmussen
posted
by
ocsteam |
1 Comments
Wednesday, March 18, 2009 1:25 PM
New BPA rules uploaded covering OCS 2007 and OCS 2007 R2
Today we released new Best Practice Analyzer rules for OCS 2007 and OCS 2007 R2. When launching the BPA, you may select Updates and Check for Updates if you have disabled the option to check upon startup. Please note that this may require that you launch the tool as Administrator. The BPA is an x86 (32-bit) application that can be installed on an OCS 2007 R2 x64 (64-bit) system in WOW mode. ?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /
The new rules contain updates for OCS 2007 (current KB articles, support for running in 2008 AD) as well as new rules for OCS 2007 R2.
Peter Schmatz
posted
by
ocsteam |
2 Comments
Monday, March 16, 2009 4:20 PM
Microsoft Forefront Security for Office Communications Server (FSOCS) RTM Now Available!
FSOCS provides fast and effective protection against IM-based malware for OCS 2007 and OCS 2007 R2 environments by including multiple scanning engines from industry-leading security partners. FSOCS also helps reduce corporate liability by blocking instant messages containing inappropriate content.?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /
This release includes:
· 64bit support
· Support for OCS 2007 R2
· Support for OCS 2007 Enterprise Edition server roles
· Integration with OCS 2007 Access Edge role to protect corporate IM from external public IM threats
· Localization in 11 languages
Like other Forefront server security products, FSOCS provides superior detection of the latest threats when compared to single engine solutions by using our multiple engine scanning technology. FSOCS has also been featured in a few of the OCS R2 virtual launch sessions that you should check out. Lastly, we are making available some new content including a new demo walk though, case studies from Sporton International and Convergent Systems, and a datasheet. Be on the lookout in the next few weeks for our Technet virtual hands on labs!
Secure your OCS deployments and download FSOCS today!
Mike Chan
posted
by
ocsteam |
3 Comments
Monday, March 09, 2009 11:00 AM
Additional Windows Live Messenger PIC/Federation IP Addresses
Notification?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /
In an effort to provide enhanced capacity and service reliance, Windows Live Messenger will soon be adding additional IP addresses used for PIC/Federation traffic. Some organizations have chosen to restrict this type of traffic to specific IP addresses, as referenced in Microsoft KB 897567. With this in mind we want to give you advanced notice of our intended change if you have configured your enterprise network in this manner.
Please ensure your enterprise firewall configuration is updated with the full list of Windows Live Messenger addresses below on or before Friday, May 8, 2009. Windows Live Messenger will NOT enable any of the additional IP addresses until on or after May 9th (Pacific Time) to ensure your services will not be disrupted by this change.
IP address for Windows Live Messenger PIC/Federation:
65.54.227.249
64.4.9.181
64.4.9.245
65.54.52.53
65.54.52.245
For more information please reference Microsoft KB 897567, or for further assistance, please engage Microsoft Customer Support Services via http://support.microsoft.com.
posted
by
ocsteam |
2 Comments
Filed Under:
KB Articles, OCS
Monday, March 02, 2009 11:12 AM
Microsoft Online Goes Global
Today, we are launching Microsoft Online Services in 19 countries worldwide. People in these countries can try Exchange Online, SharePoint Online, and Office Communications Online this month, and next month, these services will be available for purchase. As part of this news, we're announcing the availability of the Deskless Worker option, a super low-cost version of Exchange Online and SharePoint Online for people who only use collaboration tools occasionally. In related news, leading healthcare company GlaxoSmithKline has chosen Microsoft Online Services as their messaging and collaboration platform, replacing Lotus Notes. Check out this video from GSK as well as this guest blog post by GSK's VP of IT Strategy, Ingo Elfering, over on the Online Services blog. GSK is estimating that the move will decrease collaborative tool costs by 30%, as well as improve their ability to collaborate with partners reliably. Check out Microsoft Online Services for more info. Tom Laciano
posted
by
ocsteam |
2 Comments
Filed Under:
Online Services Category
Wednesday, February 25, 2009 1:22 PM
Office Communications Server R2 Launch
Check out the new Virtual launch site of Office Communications Server 2007 R2 at http://www.ocsr2launch.com/. The site is packed with useful and entertaining content for you to explore: ?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /
· Watch the Keynote session hosted by Stephen Elop, President Microsoft Business Division, which focuses on Microsoft’s vision and momentum in enterprise communications space.
· Discover the new product capabilities in the Product Discovery area.
· Visit the Breakout Sessions area to get a deeper understanding of the product.
· Watch customer stories in the Case Studies area to hear firsthand accounts of the momentum.
· Learn about our Sponsors in the Partner Pavilion and see the opportunities for your company.
· Download product, partner and case study collateral through an electronic Backpack.
· Sign up for a 5 Day Trial of Office Communications Server 2007 R2 with no server installation
Avi Sagiv
Technical Product Manager, Unified Communication Group
P
posted
by
ocsteam |
2 Comments
Filed Under:
OCS, OCS R2
Thursday, February 12, 2009 3:20 PM
OCS 2007 R2 MOM/SCOM Pack released
We have released the R2 MOM/SCOM Pack today - http://www.microsoft.com/downloads/details.aspx?FamilyID=0fca3752-76d4-42f3-9241-a663e40c1e2c displaylang=en   Below is the original post when we knew it would be delayed: While working to release the Office Communications Server 2007 R2 MOM (System Center Operations Manager 2007) Pack we encountered a blocking problem where this cannot coexist with the Office Communications Server 2007 MOM Pack. While fixing this issue will be straightforward there is the overhead of repackaging the R2 MOM Pack. With current projects we are projecting this to be completed Q1 CY09.   p Peter Schmatz p
posted
by
ocsteam |
5 Comments
Filed Under:
OCS R2
Monday, February 09, 2009 10:06 AM
OCS 2007 installation with SQL 2005 SP3
There has been a change in SQL 2005 SP3 that can impact the installation of OCS 2007. This does not impact OCS 2007 R2. ?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /
SQL 2005 SP3 has an update that changes a return code that the OCS 2007 install was not designed to handle. If you are having to install a new OCS 2007 pool and are using SQL 2005 SP3 here are two possible work around to complete the install.
1. Install EE pool from a server that has SQL 2005 Sp2 client tool on a different server altogether
2. Uninstall SQL 2005 SP3 Backward compatibility and then install SQL 2005 SP2 BC(SQLServer2005_BC.msi on SQL 2005 Sp3 EE server.
posted
by
ocsteam |
2 Comments
Filed Under:
OCS
Monday, February 09, 2009 9:55 AM
R2 Client Group Policy Documentation
The R2 client policy documentation, in spreadsheet format is now available at ?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /
http://www.microsoft.com/downloads/details.aspx?FamilyID=5d6f4b90-6980-430b-9f97-ffadbc07b7a9 amp;displaylang=en.
This download package contains the Communicator.adm file and a spreadsheet that documents the Group Policy settings for Office Communications Server 2007 R2 clients, including Office Communicator 2007, Office Communications Server 2007 R2 Attendant, and Microsoft Office Communications Server 2007 R2 Group Chat
posted
by
ocsteam |
2 Comments
Filed Under:
Communicator 2007 R2
Monday, February 09, 2009 8:45 AM
Office Communicator 2005 fix required for R2 interop
The December fix for Office Communicator 2005 is the minimum requirement for the OC 2005 client to connect to Office Communications Server R2. Please note that there is also mention of the server side fix for Live Communications Server 2005 SP1 950614. ?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /
Do take time to read future hotfixes as they will state if they replace any prior hotfix.
UC-RTC Sustained Engineering
posted
by
ocsteam |
3 Comments
Filed Under:
LCS 2005, UC-RTC Sustained Engineering, Communicator 2005, OCS R2
Friday, January 30, 2009 11:06 AM
AOL Maintenance February 3 – Impact to PIC
Summary:?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /
February 3, America Online will be performing scheduled maintenance that will impact SIP Access Gateways during the following maintenance window:
Confirmed Maintenance Start time: 2009-02-03 04:00 ET
Projected Maintenance End time: 2009-02-03 06:00 ET
There may be sporadic access service availability and users may experience service disruption.
P
posted
by
ocsteam |
3 Comments
Filed Under:
PIC
Friday, January 23, 2009 2:40 PM
Round Table Reference Information
RTManage.exe is a tool you can use to manually update the Roundtable device without requiring the OCS Software Update Server. Once you download and install the tool, the usage is via the command line. All you need to do is connect the device via a USB cable to your machine and you should be able to update it via this tool.?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /
There are three main types of commands you can use when running the tool:
· Image mode (uses the -img switch) - Used to update the operating system or boot loader or download a new configuration.
· Diagnotsic mode (uses the -diag switch) - used to run diagnostic commands and potentially send diagnostic logs to the update server
· Configuration mode (uses the -cfg switch) - used for a variety of purposes, including resetting the password, setting the device time, and uploading a device configuration to the image update server.
The commands to update the device:
· For the boot loader - rtmanage.exe -m:img -i:EBOOT -f: lt;file path to CPUEBOOT.bin gt; -s: lt;file path to CPPUEBOOT.cat gt;
· For the nk.bin - rtmanage.exe -m:img -i:nk -f: lt;file path to nk.bin gt; -s: lt;file path to nk.cat gt;
There are also XML files you can edit to modify lots of settings for the device such as Room Settings, Network Settings, Time Settings, LCD Display Settings, Telephony Settings, Pre-Programmed Speed Dial information, Software Update Settings, Logging Settings, Power Management Settings, and more. You can apply these settings via the configuration mode switches. See the Roundtable deployment guide for additional details.
Relevant links:
Microsoft® RoundTable™ Management Tool
Microsoft® RoundTable™ Deployment Guide
Microsoft® RoundTable™ Firmware
Additional Roundtable links:
Microsoft® RoundTable™ Manuals
Microsoft® RoundTable™ Users Guide
Microsoft® RoundTable™ Quick Reference Card
Microsoft® RoundTable™ Release Notes
Rob Pittfield
posted
by
ocsteam |
7 Comments
Filed Under:
OCS
Friday, January 23, 2009 10:49 AM
OCS amp; PowerShell Webcast
Let me direct your attention to a post from Dmitry Sotnikov about an OCS and PowerShell Webcast http://dmitrysotnikov.wordpress.com/2009/01/19/ocs-powershell-webcast/ Here is just the first paragraph of his post: The Swiss IT Pro User Group team is holding an Office Communications Server amp; PowerShell meeting on Tuesday February 3, 2009 evening in Zurich and there will be a LiveMeeting webcast for those of us who happen to be far from Geneva lake that day. ... TomL LCSKid
posted
by
ocsteam |
4 Comments
Filed Under:
Powershell, OCS
Friday, January 16, 2009 10:50 AM
Unable to download Address Book - Misconfigured external URL during initial setup
Another reason clients can have problems downloading the OCS Address Book is because the external download URL wasn’t set on initial installation. It’s an optional setting during the initial deployment of OCS 2007 Standard Edition or the Web Components portion of an Expanded Enterprise Edition deployment. This is a likely reason for the issue if the download is only failing for your external users and you have a Reverse Proxy deployed.?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /
To ensure the path is set properly, open the OCS 2007 management console and select the server in a Standard Edition Deployment (or the pool name in an Enterprise Edition Deployment) and then expand the Address Book Server Settings:
If the line that’s called “File share URL for external connections:” is missing an HTTPS URL, this information wasn’t set during the initial deployment of OCS. This must be set for external users to download the Address Book properly. This address must resolve externally to the reverse proxy you have configured.
If you don’t have access to the OCS 2007 Server Management console and want to find out if you have set the appropriate URL for external Address Book downloads, you can enable logging in the communicator client by selecting the “Turn on logging in Communicator” checkbox under Tools - gt; Options and then selecting the General tab.
Once you’ve enabled logging, sign into Office Communicator and then search for the string absExternalServerUrl in the Communicator-uccp log file. The log is located in %userprofile%\tracing\ on the client machine. You can open it in Notepad or download the Snooper tool (part of the OCS 2007 Resource Kit).
Example of this line in the uccp log file:
lt;absExternalServerUrl gt;https://ocswebext.domain.com/Abs/Ext/Handler lt;/absExternalServerUrl gt;
If the information is not set on the OCS pool, this line will not contain a URL:
lt;absExternalServerUrl gt; lt;/absExternalServerUrl gt;
If this information is not set (or set incorrectly), the recommended method to update it is to use the LCSCmd.exe tool to update it - From the link:
To configure the external Web farm FQDN:
1. Log on to the Standard Edition server or Enterprise Edition server in the pool with an account that is a member of RTCUniversalServerAdmins group or has equivalent permissions.
2. Open a command prompt.
3. Navigate to the \Program Files\Common Files\Microsoft Office Communications Server 2007 directory.
4. To set the external URL for the Web farm, type the following command: P
Lcscmd /web /action:updatepoolurls /externalwebfqdn: lt;WebfarmFQDN gt; /poolname: lt;poolname gt;
For example:
Lcscmd /web /action:updatepoolurls /externalwebfqdn:ocswebext.contoso.com /poolname:ocspool
Once you’ve set the URL you should be able to see it in the “File share URL for external connections:” in the OCS 2007 MMC and in the lt;absExternalServerUrl gt; line in the client log file. And hopefully the client will download the Address Book.
Rob Pittfield
posted
by
ocsteam |
4 Comments
Monday, December 29, 2008 1:15 PM
Microsoft Certified Master (MCM) Program for Office Communications Server 2007
With the recent release of the Microsoft Certified Master (MCM) Program for Office Communications Server 2007 and as the Program Manager responsible for its launch this year I wanted to provide a little more information about the program, its focus and what you can expect should you attend one of the forthcoming deliveries or ‘rotations’ as they are termed.?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /
If you follow the activities on the Exchange team blog you may have seen a recent post by Greg Taylor talking about the launch of the MCM Program for Exchange 2007. In this post Greg also gives some good background on the Ranger program in which Master has its roots so I shan’t cover that ground again except to say that with the launch of the MCM Program for OCS 2007 we are creating a training and certification offering for OCS 2007 and OCS 2007 R2 that is fortunate to share the same heritage, goals and high bar that made Ranger the huge success it was.
Who is the program targeted at?
Common to all the Masters series (Exchange, SharePoint, Windows Directory and SQL) the OCS program is not aimed at newcomers to the product. We are targeting those that already have considerable hands on experience with LCS and OCS. This doesn’t mean to say that they have spent time setting environments up in a lab but rather that they have designed and built real world deployments either for their own enterprise or as a consultant for their customers. To help illustrate the sort of experience we are looking for a number of sample applications can be reviewed here. We are targeting the top 1% of the OCS experienced IT Pros so this program really isn’t for everyone.
We appreciate that given the relatively small numbers of deployments of LCS (when compared to products like Exchange) and the short time that OCS has been available the pre-requisites outlined will be challenging to achieve for many but there is method in the madness. By defining some pretty exacting entry requirements I’m trying to ensure your best possible chance of success – so if these requirements put you off applying then the program probably isn’t for you at this time. If however, you feel that you genuinely have what it takes then we’d love to have you sign up.
What do I get for my money?
The first thing that I should announce here is that the first public rotation in March is half price (the January rotation shown on the website is a dry run for the development team, very much an alpha and as such isn’t available externally). That’s right folks – for one time only you get the chance to attend the OCS Master program for half the normal program fee! The rotation in March is a public beta so you can expect that we will still be ironing out some kinks in the program but on the flip side we will still very much be in the program development and review phases and so keen to gather feedback and ideas on how to make the final shape of the program even better.
The next piece of good news is that we are offering the June rotation at a 30% discount off the normal program fee if you apply before February 14th 2009. This amounts to a discount of $5550. See here for more information on the conditions of this offer.
The program is a huge cross group effort within Microsoft and the instruction team that we’re assembling represents some of the very best field, support and product group based knowledge of OCS available today and between them we have developed a comprehensive and technically challenging curriculum that explores the product to an incredible level of detail. There is information here that you just won’t find elsewhere and what is more the individuals delivering the sessions are amongst Microsofts and our Partners most experienced and battle scarred consultants who bring unique, real world perspectives to round out the technical side of the materials. Many of the instructors will be well know to you from their blogging and community efforts.
You’ll get long days of detailed instruction (most days are 8am to 7pm in class), individual and group activities, over 20 hands on activities and a substantial lab environment to enable to you to really drill into scenarios and components that you would either never have the time, infrastructure or teaching support to do otherwise.
Will I learn how to make phones ring?
Up to a point. One of the most important things to understand about the program is that it isn’t all about voice. Voice is of course a core component to the product and as such also to the program and we build on the work that other readiness programs such as Voice Ignite are doing and provide another level of detail to the technology whilst then presenting you with some of the most complex voice designs that the Microsoft field have encountered giving you the opportunity to develop and practice your capabilities on real world designs and in a complex lab environment that includes a complex telephony infrastructure. Yet our goal remains to cover the breadth of the product recognising that customers deploy OCS in different ways for different reasons. Some want instant messaging and presence whilst others are looking to reduce travel costs by deploying conferencing solutions. To reflect this diversity of requirements we cover all the components and modalities in detail.
So what will I learn?
Here is a quick overview of how the three weeks of training are made up.
In week one we first drill into the dependencies of OCS. As a graduate of the Exchange Ranger program I am a strong believer in fundamentals and dependencies. If you don’t understand the protocols, services and infrastructures upon which your solution depends then you can have little hope of being a credible consultant when deployments run into technical difficulties and require a depth of understanding that enables a root cause to be quickly established and rectified or how to understand how infrastructure dependencies impact design decisions. We move onto IM and presence looking in detail at how the heart of OCS works from both a server and a client perspective. Building on this we then drill into conferencing from both detailed technical and architectural perspectives.
Week two is mainly about voice and all that entails. Some of the most exciting sessions here let you explore real world complex voice designs and really get into what it takes to get design and deploy these. We also look at video and video interoperability with other vendors and then what it takes to design and deploy edge infrastructures.
Bringing it all together in week three we look at broader architecture and operational issues such as high availability, disaster recovery, monitoring and capacity planning.
One final area that I felt strongly about including in the curriculum was application integration. One of the strengths of the Microsoft UC platform are the integration possibilities for existing line of business or newly developed custom applications. Where carefully scoped and executed such integrations can drive considerable returns for our customers and it was with this in mind we have ensured you will learn how to identify and, at a high level, architect solutions based on our range of APIs and development environments. Will we turn you into coders? No – that isn’t the aim but we will make sure you understand the ‘art of the possible’ with the tools at your disposal.
Throw all that together with lots of class discussion, white boarding and hands on time and you’ve got a feel for what you’ll be getting.
One other comment – we cover both OCS 2007 and R2 in the instruction although the focus is primarily on R2.
Despite the structure of the curriculum around you there is only one person that is in charge of your learning ‘experience’ – you. We will provide you with the tools, information, environments and training to become the most highly skilled and qualified OCS consultants on the planet but it is entirely down to you as to how much value you derive from these elements at your disposal. You will get as much from the program as you put in in terms of time, effort, attention and sheer determination. Given that you will also be bringing experience of your own you will also be expected to contribute for the benefit of the group. The rotations typically will include people from around the globe who have each faced different challenges and have different experiences that are valuable to share and so working with each other and as a team will ensure your own best possible chances of success.
How do I get the experience necessary?
You need to have the exams listed on the website on your transcript for starters and you really need to be in a delivery role. By this I mean that you are actively engaged in the design and deployment of OCS infrastructures rather than simply supporting an existing deployment. So if this isn’t you today you will probably not be accepted onto the program as we will ask for a resume that illustrates your real world experience and if you don’t have the experience we won’t accept your application. Again, I’m doing my best here to ensure your best possible chance for success rather than being difficult for the sake of it. Getting into programs such as Voice and OCS ignite will certainly help but real hands on experience is key. Also, don’t send me a fictitious resume – if you make it into the program and fail you’ve wasted a lot of your time and money. I really don’t want anyone to be in that position.
What about that Voice Specialisation Exam?
This exam (88-924) is due to be re-released in January 2009. You will need to take and pass this exam as a pre-requisite of attendance for the June 2009 (RTM) rotation. Due to the timing of this exam only being available in January we will not be enforcing it as a pre-requisite for attendance in the March (public beta) rotation.
How will I benefit?
Here I’m going to call out some of the same things that Greg mentioned in his Exchange blog
Training
You are going to get three weeks of the best training on OCS available. Period. That does count for a hell of a lot and will help you build your credibility as a true subject matter expert.
Recognition
You will have a recognised certification which demonstrates that you’ve been trained, tested and found to meet or exceed a bar that ensures you are the best out there. Others can say they’re the best, and who knows they might be, but you’ve got a cert to prove it.
Community
Despite the OCS MCM program being new to the Masters series we already have an awesome and growing community that spans our instructors, the MS field, the UC Product Group and the support side of the organisation. For me this is probably the most critical component of Ranger that we are bringing to Master. The strength of the community of certified individuals and handpicked MS and Partner experts has a unique value all of its own. I’ve seen the Ranger community have a hugely positive impact on Exchange as a product over the years. It is my goal that the OCS Master should do the same for OCS.
Continued Education
In line with the other Masters programs we will have a number of annual training events to enable you to keep up with the latest and greatest. We will also feature sessions with the PMs and others that can bring specific knowledge to bear on different subjects.
What are the tests?
There are four. Three are written and one is lab based. You have to pass all of them to certify.
What if I fail?
Good question – given the depth and breadth of skills required to pass it is entirely possible you will fail the program at the first attempt. If that happens we will work with you to help you understand your weaknesses so that you can work on those and provide mechanisms for retakes of the exams and lab.
Once I’m a Master what’s next?
Wow – you’re keen. Becoming a Master in OCS is a pre-requisite to the forthcoming Microsoft Certified Architect in Office Communications Server 2007 certification. I don’t have a date for you right now on when we’ll be bringing this program on stream but it will most likely be the first half of 2009. I’ll post more information once it’s available.
How will the program evolve?
As we head towards Wave 14 we will be building an upgrade path for Masters that certify on OCS 2007/R2 to enable them keep their certification up to date. I will also be working with the growing Masters community to drive value back into the product and the wider IT Pro community by authoring blog posts based on the lab work and personal assignments they complete during the rotations.
Where do I sign up?
We have seats available in the March and June rotations so if you think ‘It’s time to be a Master’ then sign up here. If you have questions about the program please mail me directly – admac at you-know-where and I’ll do my best to answer them.
by Adrian Maclean
posted
by
ocsteam |
5 Comments
Monday, December 29, 2008 12:40 PM
Update for Office Communicator 2005 (KB949280)
Update for Office Communicator 2005 (KB949280)
Issues that the hotfix rollup package fixes:?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /
960244 After you install Live Meeting 2007 console or Live Meeting 2007 add-in, two new menu options that do not work are added to Office Communicator 2005 Action menu.
960255 After you upgrade Live Meeting Service Conference center to Live Meeting 2007, you can no longer use the Meet Now button in Office Communicator 2005.
960252 Office Communicator 2005 crashes when you try to accept an inbound phone call.
Prerequisites:
You must apply hotfix 950614 on the Live Communications Server 2005 before you apply this hotfix.
posted
by
ocsteam |
3 Comments
Filed Under:
KB Articles
Friday, December 26, 2008 3:48 PM
Update for Office Communicator 2007 (KB957465)
This Office Communicator 2007 (KB957465) update is the minimum requirement for interoperability with OCS 2007 R2.?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /
List of issues fixed in this release:
960423 Office Communicator 2007 cannot display Chinese characters in URLs when the EnableURL registry value is enabled display Chinese character in the URL.when EnableURL =1.
960424 You cannot prevent Office Communicator 2007 from controlling the call forwarding settings.
posted
by
ocsteam |
2 Comments
Wednesday, December 10, 2008 3:18 PM
Troubleshooting QoE Installation for OCS 2007 RTM
Once the QoE Service is installed and associated with a pool and Mediation Server it should start getting statistics. You’ll also need to exit Office Communicator or the Live Meeting clients and sign in again to ensure the changes take place. If you don’t see any data being written to the database there are several things you can check to make sure all is working as expected:
Whenever a device or client logs in, they get information sent down via inband provisioning (in SIP traffic) which makes them aware of a QoE Server:
lt;qosUri gt;sip:QOE.domain.com@domain.com;gruu;opaque=srvr:QoS:h6pN5zNPUUeVKT66Y_obawAA lt;/qosUri gt;
To find this information you can enable logging in Office Communicator by selecting the “Turn on logging in Communicator” checkbox under Tools - gt; Options and then selecting the General tab.
Once you’ve enabled logging, sign into Office Communicator and then search for the string qosUri in the Communicator-uccp log file. The log is located in %userprofile%\tracing\ on the client machine. You can open it in Notepad or download the Snooper tool (part of the OCS 2007 Resource Kit).
Once you see the lt;qosUri gt; you can be sure that the pool you’re logging into is associated with the QoE server listed. If you don’t see that, check your QoE Server and ensure that it’s associated with the pool you expect it to be by either checking the Monitoring Status information for Pool Associations and Mediation Server Associations or running the QoE Monitoring Server Configure Associations Wizard in the QoE MMC.
Once you’ve checked that and all appears well you can check to see if your clients are sending QoE Reports after finishing calls. Whenever a client who is enabled for QoE hangs up a call it sends a QoE Report to the OCS Front End Server via a Service request that looks like this:
?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /
10/03/2008|09:41:53.558 E2C:1038 INFO :: Sending Packet – 192.168.2.1:5061 (From Local Address: 192.168.2.2:55478) 4747 bytes:
10/03/2008|09:41:53.558 E2C:1038 INFO :: SERVICE sip:OCSPool.domain.com@domain.com;gruu;opaque=srvr:QoS:clfJSBfVcUKdlDLYM5Ej9QAA SIP/2.0
Via: SIP/2.0/TLS 192.168.2.2:55478
Max-Forwards: 70
From: lt;sip:joe@domain.com gt;;tag=03d35603d9;epid=c34fae5c3d
To: lt;sip:OCSPool.domain.com@domain.com;gruu;opaque=srvr:QoS:clfJSBfVcUKdlDLYM5Ej9QAA gt;
Call-ID: f590839c3b7042fb89a0a3803e0ead7b
CSeq: 1 SERVICE
Contact: lt;sip:joe@domain.com;opaque=user:epid:-WjXg6bFul6b39g5ZrJ10gAA;gruu gt;
User-Agent: UCCAPI/2.0.6789.0 OC/2.0.6789.0 (Microsoft Office Communicator)
Proxy-Authorization: NTLM qop="auth", realm="SIP Communications Service", opaque="942056C3", targetname="OCSserver.microsoft.com", crand="15dd1df5", cnum="375", response="01000000a00000009ce2b5c67d6b9a06"
Content-Type: application/vq-rtcpxr+xml
Content-Length: 3881
lt;?xml version="1.0"? gt;
lt;VQReportEvent xmlns="ms-rtcp-metrics" gt; lt;VQSessionReport SessionId="e482f6b3e3ca44b4adb7db50383749f9;from-tag=001ef1887e;to-tag=9dbb7915c" gt; lt;Endpoint Name="computer.domain.com"/ gt; lt;DialogInfo CallId="e482f6b3e3ca44b4adb7db50383749f9" FromTag="001ef1887e" ToTag="9dbb7915c" Start="2008-10-03T14:41:46.0654Z" End="2008-10-03T14:41:53.0428Z" gt; lt;FromURI gt;sip:joe@microsoft.com lt;/FromURI gt; lt;ToURI gt;sip:+14692351836@microsoft.com;user=phone lt;/ToURI gt; lt;Caller gt;true lt;/Caller gt; lt;LocalContactURI gt;sip:joe@domain.com;opaque=user:epid:-WjXg6bFul6b39g5ZrJ10gAA;gruu lt;/LocalContactURI gt; lt;RemoteContactURI gt;sip:mediationserver.domain.com@domain.com;gruu;opaque=srvr:MediationServer:NbvuggL1N0i2cpeLZHbjHAAA;grid=ab2be358af684f39a59b534d599bb00c lt;/RemoteContactURI gt; lt;LocalUserAgent gt;UCCAPI/2.0.6789.0 OC/2.0.6789.0 (Microsoft Office Communicator) lt;/LocalUserAgent gt; lt;RemoteUserAgent gt;RTCC/2.0.0.0 MediationServer lt;/RemoteUserAgent gt; lt;/DialogInfo gt; lt;MediaLine Label="main-audio" gt; lt;Description gt; lt;Connectivity gt; lt;Ice gt;DIRECT lt;/Ice gt; lt;IceWarningFlags gt;327680 lt;/IceWarningFlags gt; lt;/Connectivity gt; lt;Security gt;SRTP lt;/Security gt; lt;Offerer gt;true lt;/Offerer gt; lt;Transport gt;UDP lt;/Transport gt; lt;NetworkConnectivityInfo gt; lt;NetworkConnection gt;wired lt;/NetworkConnection gt; lt;LinkSpeed gt;1000000000.000000 lt;/LinkSpeed gt; lt;/NetworkConnectivityInfo gt; lt;LocalAddr gt; lt;IPAddr gt;192.168.2.1 lt;/IPAddr gt; lt;Port gt;50028 lt;/Port gt; lt;Inside gt;true lt;/Inside gt; lt;SubnetMask gt;255.255.255.0 lt;/SubnetMask gt; lt;/LocalAddr gt; lt;RemoteAddr gt; lt;IPAddr gt;192.168.2.3 lt;/IPAddr gt; lt;Port gt;63344 lt;/Port gt; lt;/RemoteAddr gt; lt;CaptureDev gt; lt;Name gt;Microphone (High Definition Audio Device) lt;/Name gt; lt;/CaptureDev gt; lt;RenderDev gt; lt;Name gt;Speakers (High Definition Audio Device) lt;/Name gt; lt;/RenderDev gt; lt;/Description gt; lt;InboundStream Id="1295251570" gt; lt;Network gt; lt;Jitter gt; lt;InterArrival gt;5 lt;/InterArrival gt; lt;InterArrivalMax gt;6 lt;/InterArrivalMax gt; lt;/Jitter gt; lt;PacketLoss gt; lt;LossRate gt;0.004762 lt;/LossRate gt; lt;LossRateMax gt;0.009524 lt;/LossRateMax gt; lt;/PacketLoss gt; lt;BurstGapLoss gt; lt;BurstDensity gt;0 lt;/BurstDensity gt; lt;BurstDuration gt;0 lt;/BurstDuration gt; lt;GapDensity gt;0 lt;/GapDensity gt; lt;GapDuration gt;3360 lt;/GapDuration gt; lt;/BurstGapLoss gt; lt;Utilization gt; lt;Packets gt;234 lt;/Packets gt; lt;/Utilization gt; lt;/Network gt; lt;Payload gt; lt;Audio gt; lt;Signal gt; lt;SignalLevelLoudSpeaker gt;-19 lt;/SignalLevelLoudSpeaker gt; lt;SpeakerGlitchRate gt;0 lt;/SpeakerGlitchRate gt; lt;SpeakerClipRate gt;0 lt;/SpeakerClipRate gt; lt;RxAGCSignalLevel gt;0 lt;/RxAGCSignalLevel gt; lt;RxAGCNoiseLevel gt;0 lt;/RxAGCNoiseLevel gt; lt;/Signal gt; lt;/Audio gt; lt;/Payload gt; lt;QualityEstimates gt; lt;Audio gt; lt;NetworkMOS gt; lt;OverallAvg gt;2.950000 lt;/OverallAvg gt; lt;OverallMin gt;2.950000 lt;/OverallMin gt; lt;DegradationAvg gt;0.000000 lt;/DegradationAvg gt; lt;DegradationMax gt;0.000000 lt;/DegradationMax gt; lt;DegradationJitterAvg gt;0.000000 lt;/DegradationJitterAvg gt; lt;DegradationPacketLossAvg gt;0.000000 lt;/DegradationPacketLossAvg gt; lt;/NetworkMOS gt; lt;/Audio gt; lt;/QualityEstimates gt; lt;/InboundStream gt; lt;OutboundStream Id="2363501468" gt; lt;Network gt; lt;Jitter gt; lt;InterArrival gt;1 lt;/InterArrival gt; lt;InterArrivalMax gt;2 lt;/InterArrivalMax gt; lt;/Jitter gt; lt;PacketLoss gt; lt;LossRate gt;0.000000 lt;/LossRate gt; lt;LossRateMax gt;0.000000 lt;/LossRateMax gt; lt;/PacketLoss gt; lt;Delay gt; lt;RoundTrip gt;92 lt;/RoundTrip gt; lt;RoundTripMax gt;166 lt;/RoundTripMax gt; lt;/Delay gt; lt;Utilization gt; lt;Packets gt;419 lt;/Packets gt; lt;/Utilization gt; lt;/Network gt; lt;Payload gt; lt;Audio gt; lt;PayloadDescription gt;x-msrta lt;/PayloadDescription gt; lt;SampleRate gt;8000 lt;/SampleRate gt; lt;Signal gt; lt;SignalLevel gt;1286 lt;/SignalLevel gt; lt;SpeakerFeedbackMicIn gt;-66 lt;/SpeakerFeedbackMicIn gt; lt;SpeechLevelMicIn gt;-26 lt;/SpeechLevelMicIn gt; lt;SpeechLevelPostProcess gt;-26 lt;/SpeechLevelPostProcess gt; lt;BackGroundNoiseMicIn gt;-72 lt;/BackGroundNoiseMicIn gt; lt;BackGroundNoiseSent gt;-64 lt;/BackGroundNoiseSent gt; lt;LocalSpeechToEcho gt;40 lt;/LocalSpeechToEcho gt; lt;MicGlitchRate gt;0 lt;/MicGlitchRate gt; lt;MicClipRate gt;0 lt;/MicClipRate gt; lt;RxAGCSignalLevel gt;0 lt;/RxAGCSignalLevel gt; lt;RxAGCNoiseLevel gt;0 lt;/RxAGCNoiseLevel gt; lt;/Signal gt; lt;/Audio gt; lt;/Payload gt; lt;QualityEstimates gt; lt;Audio gt; lt;SendListenMOS gt;2.840000 lt;/SendListenMOS gt; lt;SendListenMOSMin gt;2.840000 lt;/SendListenMOSMin gt; lt;/Audio gt; lt;/QualityEstimates gt; lt;/OutboundStream gt; lt;LocalConversationalMOS gt;-21474836.000000 lt;/LocalConversationalMOS gt; lt;/MediaLine gt; lt;/VQSessionReport gt; lt;/VQReportEvent gt;
10/03/2008|09:41:53.558 E2C:1038 INFO :: End of Sending Packet – 192.168.2.1:5061 (From Local Address: 192.168.2.2:55478) 4747 bytes
It’s quite a bit of information. It looks much prettier in the QoE reports on the SQL Server. If you want to know more about the statistics collected, review the Office Communications Server 2007 Quality of Experience (QoE) Monitoring Server Audio and Video Metrics Processing Guide. We’re trying to make sure the data is making it to the QoE Server. If the client is sending this data (which again will be in the communicator uccp log) using Notepad or Snooper then the next place to check will be on the SIPStack log on the OCS Server. In there you should see the server make a SIP MTLS connection to the QoE Server using TCP Port 5061 and forward the request over to the QoE Server. If that’s successful then you’re home free. If it’s not there are a few other things to look at:
· In the QoE Management console select the relevant QoE Server. Click on the Performance Tab in the right pane. Once selected there are a set of default counters that will help you quickly determine if reports are making it to the server. If you’re unsure, try looking at LC:QMS – 00 QoEMonitoringServer and selecting “Total number of metrics reports received”, “Total number of metrics reports accepted” and “Number of rejected metrics reports”. This will tell you if the server is getting any QoE Metrics reports and if the reports are valid.
· If you don’t see any metrics reports making it to the QoE Server you can run a network trace on both the OCS Server and the QoE Server to ensure you’re seeing successful TCP Sessions from the OCS Front End Server to the QoE Server on TCP Port 5061. Beware of firewalls between the machines or on them.
· Ensure the OCS Front End Server and QoE Server both have valid certificates and that they both trust each other’s Certificate Authorities, as the connections between them are using MTLS.
· Check DNS name resolution between the servers.
· Check if the QMS Service is started.
· Check Event viewer to see if there are any errors/warnings raised by QMS.
· If you see the value of performance counter “Total number of metrics reports received”/” Total number of metrics reports accepted” is correct, but there is still no data in database you can check if there is something wrong with the MSMQ or database. Check the following:
· Performance counter “Total number of MSMQ messages sent”. This indicates the number of reports that are written to MSMQ. If this is zero, usually it means there is something wrong with MSMQ. Check the Event Viewer for errors.
· These performance counters: “Total number of message transactions completed”, “Total number of message transactions that failed”, “Total number of reports that were dropped due to database insertion failure”, and “Number of MSMQ messages received with an incorrect type or version”. These counters show if the reports are written to the QoEMetrics database or if the reports are dropped due to errors.
· Finally, ensure the SQL Server is operating correctly and the QoEMetrics database is accessible.
Rob Pitfield
FONT
posted
by
ocsteam |
2 Comments
Friday, December 05, 2008 11:13 PM
PIC: Emergency Maintenance for Yahoo!
From ScottOs' blog - http://blogs.msdn.com/scottos/archive/2008/12/05/office-communicator-clients-cannot-communicate-with-contacts-homed-on-yahoo-messenger-network.aspx #160; Summary: Yahoo! will be undergoing an emergency maintenance from 4:30pm to 4:30am PST. During this period, users will see intermittent presence issues. All other functionality will not be impacted. More Information: After the maintenance window expires, if you find you are still having issues, please first log out amp; then back into your Communicator client. If the issue still reproduces/occurs for you, please restart Edge Front-End services first. Allow me to apologize for this up front; I understand this will require an #8220;emergency service restart change request #8221; for some of you. If all this fails to resolve the PIC issue between your LCS/OCS deployment and Yahoo!, please engage Microsoft Customer Support Services. Premier customers: please leverage your Technical Account Manager to initiate the case creation process. Please be prepared to supply Edge Server logs, remote access via our EasyAssist applications from MSFT, and we will do our best to investigate and resolve this in a timely manner.
posted
by
ocsteam |
2 Comments
Filed Under:
PIC
Wednesday, December 03, 2008 7:33 PM
Update for Office Communications Server 2007 (KB956389)
956389- Description of the update package for Communications Server 2007: November 2008
?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /
Issues that this update package fixes:
This update package fixes the following issues:
958560 (http://support.microsoft.com/kb/958560/ ) When a Communicator 2007 user calls a Conference Auto Attendant access number, the call always uses Mediation Server instead of going to the Conference Auto Attendant directly
958561 (http://support.microsoft.com/kb/958561/ ) Communications Server 2007 R2 remote users cannot make public switched telephone network (PSTN) calls when Communications Server 2007 servers or proxies are in the call path
NOTE: This is a very important InterOP QFE and needs to be installed for proper functioning between OCS 2007 and OCS 2007 R2.P
posted
by
ocsteam |
3 Comments
Filed Under:
KB Articles
Wednesday, December 03, 2008 7:25 PM
Update for Office Communicator Mobile 2007
Update for Office Communicator Mobile 2007 has been released to the web (KB954767).?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /P
954767- Description of the update for Communicator Mobile 2007: November 2008
Issues that this update fixes:
This update fixes the following issues:
954768 (http://support.microsoft.com/kb/954768/ ) Communicator Mobile 2007 suppresses HTTPS certificate errors when it fetches the NOO icon for the federated contacts
954769 (http://support.microsoft.com/kb/954769/ ) You cannot log on to Communicator Mobile 2007 in High security mode
NOTE: This QFE has been released for all the languages.
posted
by
ocsteam |
2 Comments
Filed Under:
KB Articles
Wednesday, December 03, 2008 12:00 PM
Office Communicator Clients cannot communicate with contacts homed on AOL
Scott Oseychik blogged about the AOL update for the root authority and where to get the update for your LCS and OCS Edge Servers.
http://blogs.msdn.com/scottos/archive/2008/12/02/office-communicator-clients-cannot-communicate-with-contacts-homed-on-aol.aspx
I would suggest adding Scott's site to your reading list as his role in escalation services means he's always looking at issues that most of the time result in a bug with a fix.
posted
by
ocsteam |
2 Comments
Filed Under:
PIC
Thursday, November 13, 2008 3:21 PM
Office Communications Server 2007 R2 Launch
Office Communications Server 2007 R2 will launch on February 3rd 2009. We are trying something new this time and will do the launch through a website that mimics a live event. #160; The website will include: keynote, breakout sessions, customers evidence and partners booths. #160; Access to the website will be FREE, so why wait? Sign up for the event now at www.microsoft.com/ocs
posted
by
ocsteam |
3 Comments
Filed Under:
OCS
Tuesday, November 11, 2008 9:07 AM
OCS 2007 Sizing guidelines for SQL
So you are not going to get exactly what you want but the question from Aaron, Elan and Mark was the fact that the guidance to give a customer collocating their Archiving database with their SQL backend for OCS was rather vague. In the OCS Planning Guide on page 85 the discussion of the server details is raised and for Archiving and CDR the amount of memory is 16gb for both CDR and Archiving (IM) but what is the user profile? Well the user profile is published and well hidden, it is in the OCS Planning Tool but guess what isn't documented in there - the archiving numbers. So how do you wade through this as there is no OCS Stress tool? You have to start with the understanding that we create a text matrix and user model that will meet the highest numbers we feel we can get with available hardware on the market and according to the statistics we have from our deployment and our customers participating in beta (TAP) programs. So that means that any number published and not explicitly stated for a Standard Edition deployment or a small deployment will of course be for our large deployments. Today the consolidated Enterprise pool will support 30,000 concurrent users and the expanded Enterprise pool will support 125,000 users. So what does Aaron, Elan and Mark do for their customer - they realize that the 16gb of memory is sufficient to archive at the largest size and they scope this appropriately for their smaller customers. The real key is that collocating will require more physical disk spindles for the logs and databases. The good news - we are still on track to release planning tools for 2007 R2 after RTM. This will allow customers and consultants to create a customer specific user profile and then test it. TomL LCSKid
posted
by
ocsteam |
3 Comments
Filed Under:
OCS Tools, OCS
Tuesday, November 04, 2008 9:38 PM
OC 2007 QFE required for interop with OC 2007 R2
The announcement for Office Communications Server 2007 R2 has been made and you should begin to see more information being blogged as well as posted on the Microsoft site. One thing to have administrators thinking about is interoperability of a mixed topology and this will mean deploying a fix for Communicator 2007. We posted the the October 2008 Update for Communicator but we didn't mention the need for that fix in deployments that are anticipating a mixed client topology. http://communicationsserverteam.com/archive/2008/10/27/311.aspx Tom Laciano - Sr. Program Manager
posted
by
ocsteam |
3 Comments
Filed Under:
OCS
Thursday, October 30, 2008 2:26 PM
Unable to download the Address Book
A common issue we see is clients getting an error stating “Cannot Synchronize Address Book”. It looks like this:
?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /
There are several reasons clients could get this error. One possible reason is the TLS Certificate hasn’t been selected yet in IIS on your OCS 2007 Front End Server (in a Standard Edition Deployment) or on your Web Components Server (in an Enterprise Edition Deployment).
To see if this is the cause, do the following:
· Open the Internet Information Services (IIS) Manager from Administrative Tools.
· Expand the Computer and then Web Sites.
· Right click on Default Website and then click on Properties.
In the Properties box that comes up (shown below), check to see if the SSL port information is blank. If it is, then you likely haven’t installed the certificate required for SSL yet.
This is an action that the OCS installation doesn’t take care of automatically so it happens pretty regularly. To resolve it, select the Directory Security tab and click on the Server Certificate Button:
After you click on the Server Certificate button, follow the Wizard, select Assign an Existing Certificate and assign the certificate used by your OCS Server for client logins. Once you’ve assigned the certificate the SSL port on the Web Site tab should be filled in with port 443.
Sign your clients out of Communicator and then back in and the Address Book should be downloaded successfully.
There are several other reasons this download could fail, and we’re going to try to address them in more posts coming in the future.
Rob Pittfield
posted
by
ocsteam |
5 Comments
Monday, October 27, 2008 11:27 AM
October 2008 Communicator Update
Description of the update for Communicator 2007: October 24, 2008 This update fixes the following issues: 958659 (http://support.microsoft.com/kb/958659/) When you use telephony mode=4, you can only manually set the URI information in Communicator 2007 957793 (http://support.microsoft.com/kb/957793/) A Communicator 2007 client is unusually slow at startup 956734 (http://support.microsoft.com/kb/956734/) The presence status of Communicator 2007 changes to quot;Away quot; for all Terminal Server users when one user locks the desktop on a Windows Server 2008-based computer #160; UC-RTC Sustained Engineering
posted
by
ocsteam |
2 Comments
Filed Under:
UC-RTC Sustained Engineering
Tuesday, October 21, 2008 2:13 PM
OCS Content on TechNet Edge
In light of #160; the OCS R2 public announcement, the OCS Technical Product Management team has recorded a series of videos with the latest additions to the product and the value those bring to the customers. The videos are posted at the TechNet Edge check these out. Week #1: #8220;Office Communications Server 2007 R2 and the new Attendant Console #8221; #160; | Presenter: Jamie Stark #8220; What #8217;s New in Conferencing with Office Communications Server 2007 R2 #8221; | Presenter: Renee Lo Week #2: #8220;What #8217;s New in Office Communicator, Communicator Web Access, and Devices with Office Communications Server 2007 R2 #8221; #160; | Presenters : Huat Chye Lim and Ashima Singhal #8220;Group Chat and Office Communications Server 2007 R2 #8221; #160; | Presenters: Ashima Singhal and Bob Serr Week #3: #8220;What #8217;s New in Mobility and Anywhere Access with Office Communications Server 2007 R2 #8221; #160; | Presenter : Avi Sagiv #8220; What #8217;s New in Administration and Management with Office Communications Server 2007 R2 #8221; #160; | Presenter: Anand Lakshminarayanan
posted
by
ocsteam |
2 Comments
Filed Under:
Communicator Web Access, Conferencing, OCS
Wednesday, October 15, 2008 12:26 PM
Adding new link for Harold Wong - Technet Events
We have added Harold's blog link to the list but do note he has two places where he maintains information. We have also called out some specific links of interest.
?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /
Sean Smith is a customer who deployed OCS 2007: lt;link gt;
Peter Schmatz: lt;link gt;
Ken Ewert: lt;link gt;
The videos can be downloaded from these links:
http://edge.technet.com/Media/Tech-Ed-2008-Interview-with-Sean-Smith-Customer-using-OCS/
http://edge.technet.com/Media/Tech-Ed-2008-Interview-with-Peter-Schmatz-OCS/
http://edge.technet.com/Media/Tech-Ed-2008-Interview-with-Ken-Ewert-OCS/
Harold Wong
TechNet Events
Microsoft Across America
www.technetevents.com/haroldwong
http://blogs.technet.com/haroldwong
posted
by
ocsteam |
2 Comments
Tuesday, September 30, 2008 2:42 PM
Setting up the Cisco Call Manager 4.2.1 for “Direct SIP with IP-PBX”
?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /
In our previous post, we introduced changes in Office Communications Server to enable Direct SIP with IP-PBX such as Cisco Call Manager. In this simple example, we provide a configuration of Direct SIP with Cisco Call Manager 4.2.1.
1) Main assumptions for the example
Here are the main assumptions for this example:
· This is a single site, located in Paris, France (country code 33, local code 1).
· All PSTN calls, incoming and outgoing, from and to Cisco Call Manager and Office Communications Server, use the preexisting PSTN interconnection trunks that are connected to and managed by the Cisco Call Manager. All calls to and from Office Communications Server go across the SIP trunk between Cisco Call Manager and Mediation Server.As discussed before, it is also possible (and eventually more effective, especially at large scale and for example with the use of SIP Trunking to Carrier) to have direct PSTN-out routes from Office Communications Server to the PSTN without going through the Cisco Call Manager. Also, in this example, we do not implement redundant routes between Cisco Call Manager and Office Communications Server; that is of course possible but exceeds the scope of this simple example.
· All users are assigned a unique, externally routable DID from a local range and a unique 4 digits extension that matches their DID’s last 4 digits.
· Specifically all DID for users on both the Cisco Call Manager and Office Communications Server are of the format +3316986xxxx where xxxx is their extension.
· Users on the Cisco Call Manager are accustomed to dialing 4 digits for internal users, and we want to maintain that pattern when they dial out to users on Office Communications Server.
· Users on the Cisco Call Manager need dial 0 as prefix to exit to the PSTN.
· In the first part of this example, the extension range 4xxx to 5xxx is allocated to Office Communications Server; in the advanced section, we will provide a configuration for situations where there are exceptions to the range allocation.We do not assume that all numbers in the range are actually allocated on Office Communications Server; calls to unallocated numbers will be routed by Cisco Call Manager to Office Communications Server which will answer 503 (service unavailable) and reject the call, which will receive a “fast busy” dial tone.
· All other numbers are allocated to the Cisco Call Manager; it is of course possible, but beyond the scope of this example, to create more complex, granular route patterns.
We are also making the following assumptions for the formatting of the FROM and TO fields of calls:
The local PSTN carrier requires the following:
· The FROM field must be formatted as a 9-digit dial string xxxxxxxxx
· The TO field:
o For domestic (i.e. destined to a DID in ?xml:namespace prefix = st1 ns = "urn:schemas:contacts" /France) calls: the TO field must be formatted as a full 10-digit local French number (which is not an E.164 number): 0xxxxxxxxx
o For international calls (i.e. destined to a DID outside of France): the TO field must be formatted as a 00 (the prefix for international dialing in France) followed by the E.164 dial string for the caller, for example 0014255551212
· Please note that this may vary by locale, carrier or even on the basis of the type of trunk used; please check appropriately.
For calls from a Cisco Call Manager extension xxxx to an Office Communications Server extension yyyy sent across the SIP trunk:
· The FROM field is the dial string xxxx
· The TO field is the dial string yyyy.
For calls from the PSTN to an Office Communications Server extension yyyy:
· The FROM field has already been formatted by Cisco Call Manager into a dial string that enables immediate dial back to the PSTN in France:
o For domestic (i.e. originated from a DID in France) calls: the “outside line prefix” 0 followed by the full ten-digit local French number (which is not an E.164 number): 00xxxxxxxxx
o For international calls (i.e. originated from a DID outside of France): the “outside line” prefix 0 followed by 00 (the prefix for international dialing in France) and by the E.164 dial string for the caller, for example 00014255551212
· The TO field is the dial string yyyy.
2) Creating a partition on Cisco Call Manager
First we will create a partition, which we name “OCSIncoming”.
A Cisco Call Manager partition contains a list of route patterns. Partitions facilitate call routing by dividing the route plan into logical subsets that are based on organization, location, and call type. For more information about partitions, please refer to "Partitions and Calling Search Spaces" in the Cisco Call Manager System Guide.
This partition will enable us to apply specific rules (route patterns and translation patterns) specific to the incoming traffic into the Cisco Call Manager from the Mediation Server across the SIP trunk.
?xml:namespace prefix = v ns = "urn:schemas-microsoft-com:vml" /
Note: whether a partition is required or not in a particular environment may depend on the rules required. Please verify with your Cisco Call Manager administrator.
3) Creating a Calling Search Space on Cisco Call Manager
A Cisco Call Manager calling search space is an ordered list of route partitions. Calling search spaces determine which partition(s) (and in which order) are searched when Cisco Call Manager is attempting to complete a call.
In this case, we create a calling search space which we call "OCSIncoming", and to which we assign the "OCSIncoming" partition created above.
4) Setting up Translation Patterns for the Partition on Cisco Call Manager
Next we create translation patterns for the partition. The translation patterns will be used for inbound calls to the Cisco Call Manager from Office Communications Server. Translation patterns manipulate dial strings before routing a call.
The first translation pattern (called [^33]!, which means TO strings that do not start with 33) will handle all calls from Office Communications Server that are destined to an international PSTN number. Note that the translation pattern is assigned to the “OCSIncoming” partition.
For the FROM field: the pattern retains the last 9 digits; therefore it strips the country prefix (which is always 33 in this case) from the E.164 calling party dial string, and presents it to the PSTN in the required format. In this case it transforms 3316986xxxx into 16986xxxx.
For the TO field: the pattern simply adds 000 as a prefix to the called party dial string. For example it transforms 14255551212 into 00014255551212.
The reason it translates dial strings sent by the Mediation Server in a different manner for the TO and the FROM is the need for the TO field to start with the outside line prefix (in this example “0”) to obtain an outside line on the Cisco Call Manager, then the international prefix 00, and then the full E.164 dial string.
The second translation pattern (called 33.xxxxxxxxx, which means TO strings starting with 33 followed by 9 digits) will handle all calls from Office Communications Server that are destined to a domestic PSTN number. Here too the translation pattern is assigned to the “OCSIncoming” partition.
For the FROM field: as for the previous translation pattern, we retain the last 9 digits, stripping the country prefix (which is always 33 in this case) from the E.164 calling party dial string, and presenting it to the PSTN in the required format. In this case it transforms 3316986xxxx into 16986xxxx.
For the TO field: the pattern strips the leading 33 (i.e. the digits prior to the dot) and adds 00 as a prefix to the remaining string. It transforms 33xxxxxxxxx into 00xxxxxxxxx, where the first 0 is the outside line prefix needed to obtain an outside line on the Cisco Call Manager.
The third translation pattern (called 3316986xxxx) will handle all calls from Office Communications Server that are destined to a Cisco Call Manager assigned number. Here again the translation pattern is assigned to the “OCSIncoming” partition. This pattern will be applied to calls where the TO field is of the form 3316986xxxx, rather than the second translation pattern, because it represents a longer match. Cisco Call Manager selects translation patterns from a list on the basis of the longest match.
The translation pattern translates dial strings for calls sent by the Mediation Server where the TO field matches the pattern. It strips all leading digits from TO and FROM fields to retain the last 4 digits of both. Dial strings of the pattern 3316986xxxx will be translated to dial strings of the form xxxx that match the internal Cisco Call Manager dial plan. As can be seen below, this translation will be performed on both the called number and the caller number.
Other translation patterns could be set up if appropriate, for example for normalization of emergency number, but are outside the scope of this example.
5) Provisioning the SIP trunk on Cisco Call Manager
At this time we will set up a SIP trunk on the Cisco Call Manager, and assign the Calling Search Space for incoming traffic we created previously, “OCSIncoming”.
The trunk name in this example is “Trunk_to_OCS”. The Mediation Server’s external edge IP address here is 192.168.0.105. Please note the selection of TCP for transport, and the port selection:
6) Setting up a Route Pattern for the SIP trunk on Cisco Call Manager
Route Patterns are used for outbound calls from Cisco Call Manager to Mediation Server. They define what calls are sent to the SIP trunk based on matching the number in the TO field with a specific pattern. Route Patterns can also perform transformations of the dial strings in both the TO and the FROM field.
We now create a route pattern [4-5]xxx to handle outgoing calls from Cisco Call Manager to Office Communications Server, associated with the “Trunk_to_OCS” SIP trunk. This Route Pattern instructs Cisco Call Manager to route to Mediation Server all calls destined to Office Communicator users (from both the PSTN and Cisco Call Manager users), on the basis of the match of the TO string with the pattern [4-5]xxx. In this case we do not need any transformation of the strings in the TO and the FROM fields.
7) Setting up Office Communications Server for “Direct SIP with IP-PBX”
Setting up Office Communications Server for Direct SIP with IP-PBX involves configuring the Mediation Server; creating a specific Location Profile with a Normalization Rule for the Mediation Server; and defining a Phone Route to route calls to Cisco Call Manager 4.2.1 through the SIP trunk.
Configuring Mediation Server
In this example, the Mediation Server’s outside edge’s IP address is 192.168.0.105, and the Cisco Call Manager’s IP address is 192.168.0.110 (the Cisco Call Manager listens by default on its server IP address).
The Cisco Call Manager’s IP address is inserted in the “PSTN Gateway next hop” section of the “Next Hop Connections” tab in the “Properties” dialog. Please note the selection of the ports, corresponding to the selection made on the SIP trunk.
Note the selection of a default location profile for the Mediation Server (in this example the location profile is called “Paris-LP.mocs2007.fr”). This location profile will be edited later in this configuration process.
Configuring voice routing: modifying Mediation Server default location profile
At this point, we edit the location profile used by the Mediation Server, “Paris-LP.mocs2007.fr”, to include the appropriate normalization rule(s) for the SIP trunk. In this case, we will add/edit the normalization rules “Internal number NR”, “International” and “National”.
Configuring voice routing: creating normalization rules
We now create normalization rules to normalize the dial strings coming across the SIP trunk from Cisco Call Manager into Office Communications Server. In this example we create “Internal number NR”, “International” and “National”.
“Internal number NR” transforms a 4-digit dial string xxxx into an RFC3966 compliant global number +3316986xxxx. The rule will be applied to inbound traffic to Office Communications Server from the Cisco Call Manager. The phone pattern regular expression in this scenario is ^([0-9]{4})$, and the translation pattern regular expression is +3316986$1.
Because of the Route Pattern configuration for the SIP trunk as we set it up above, calls that are passed to Mediation Server must have a TO field that matches the route pattern [4-5]xxx (and as a result the dial string xxxx). Therefore the normalization rule “Internal number NR” will translate the TO field to RFC3966 global numbers that should match Enterprise Voice enable users of Office Communications Server.
In addition, calls that are passed to Mediation Server across the SIP trunk may have a FROM field that matches the dial string xxxx. This will be the case when the calls have been dialed from an extension of the Cisco Call Manager. The normalization rule will also translate that FROM field to an RFC3966 global number, enabling querying against Active Directory for the name and SIP URI of the dialer. When the dialer is a user of Office Communications Server for Instant Messaging and Presence, having their SIP URI enables advanced scenarios; for example the call recipient could redirect the incoming phone call to reply with an Instant Message.
Last, the normalization rule can also used if users dial a 4-digit dial string in Office Communicator. The rule will normalize that dial string into a global number. If that number can be matched against a UC enabled user’s phone number, then it will be associated to a SIP URI and routed within Office Communications Server. If there is no match, the call will be routed to the appropriate external route – in our case to the Cisco Call Manager.
“International” transforms a dial string that starts with 000 into an RFC3966 compliant global number by stripping the 000 and adding a “+”. The rule will be applied to inbound traffic to Office Communications Server from the Cisco Call Manager. The phone pattern regular expression in this scenario is ^000(d\*)$, and the translation pattern regular expression is +$1.
For calls passed by Cisco Call Manager across the SIP trunk, only the FROM field should contain dial strings that start with 000. This will be the case when the calls have been dialed by a PSTN user outside of France, after the Cisco Call Manager has added the prefix 0. The normalization rule will translate that FROM field to an RFC3966 global number for use by Office Communications Server.
“National” transforms a dial string that starts with 00 followed by 9 digits into an RFC3966 compliant global number by stripping the 00 and adding a “+33”. The rule will be applied to inbound traffic to Office Communications Server from the Cisco Call Manager. The phone pattern regular expression in this scenario is ^00(d\{9})$, and the translation pattern regular expression is +33$1.
For calls passed by Cisco Call Manager across the SIP trunk, only the FROM field should contain dial strings that start with 00. This will be the case when the calls have been dialed by a PSTN user in France, after the Cisco Call Manager has added the prefix 0. The normalization rule will translate that FROM field to an RFC3966 global number for use by Office Communications Server.
Advanced case: setting up support for numbers outside of the range
The following steps provide a way to support migrating users from Cisco Call Manager to Office Communications Server without having to change their original extension to a new one taken from the contiguous range of numbers allocated to Office Communications Server. That is a frequent case for VIP or externally facing users whose phone number is broadly known outside of the organization. This can also be used as the general case when no dedicated range has been allocated to Office Communications Server.
This is simply achieved by creating a “Forward All” setting of the extension line (say extension 6668) to a prefixed line, for example 96668; and by creating a new route pattern on the SIP trunk to match strings of the 9xxxx pattern, strip the 9, and redirect to extension 6668 on Office Communications Server.
Setting up the Forward All for the extension
The following steps set up Forward All on the IP Phone line extension 6668 to 96668: the prefix 9 will be used to reroute that extension to Office Communications Server. Note the Forwarded Call Information.
Creating a Route Pattern associated with the prefix
The following steps create a route pattern to reroute all traffic with the 9xxxx pattern (i.e. with the 9 prefix) to the SIP trunk to Office Communications Server. The prefix will be stripped (as indicated by the Called Party Transform Mask) and the call redirected to extension 6668 on Office Communications Server.
Conclusion
In this post we have shown a simple example of setting up Direct SIP with IP-PBX, between Office Communications Server and Cisco Call Manager 4.2.1. As always, your specific situation may vary, and we recommend checking for updated information, as well as thorough lab testing, prior to production deployment.
Acknowledgment
We would like to acknowledge the contributions of our friend ?xml:namespace prefix = st2 ns = "urn:schemas-microsoft-com:office:smarttags" /Rui Maximo, who has greatly helped us in preparing these two blog posts. The content of these posts is excerpted from the upcoming 2nd edition of the Resource Kit book, effort that Rui is leading. The 2nd edition will of course reflect the next release of Office Communications Server. We highly recommend it!
P
Francois Doremieux, Jerome Bernierest1:GivenName
posted
by
ocsteam |
8 Comments
Filed Under:
Voice, SIP, OCS
Friday, September 26, 2008 4:57 PM
Direct SIP with IP-PBX in Office Communications Server 2007
What’s changing??xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /
With the hotfixes released in August 2008, Microsoft is significantly improving the capability for Office Communications Server 2007 to exchange calls with SIP-based IP-PBX, in particular from Cisco. As a consequence, Microsoft now supports OCS deployments in Direct SIP with IP-PBX between Office Communications Server and specific versions of Cisco Call Manager.
This change gives administrators the possibility to set up Office Communications Server so that it can directly interoperate with IP-PBX using E.164 globally routable telephone numbers without RFC3966’s mandated “+” prefix. Additionally, Office Communications Server will now be able to interoperate with IP-PBX within a private dialing plan, exchanging locally routable private numbers.
What is Direct SIP with IP-PBX?
Direct SIP is the documented and supported way in which Microsoft Office Communications Server exchanges voice calls with third-party on-premise devices such as SIP/PSTN gateways and IP-PBX. In Direct SIP, an Office Communications Server’s Mediation Server is directly connected to a SIP/PSTN gateway or an IP-PBX. Microsoft provides the Unified Communications Open Interoperability Program (OIP) for the qualification of third-party solutions for interoperability with Microsoft Office Communications Server. Under the OIP, Direct SIP is based upon common industry standards (SIP over TCP, RTP, G.711…). Direct SIP with a SIP/PSTN gateway enables Office Communications Server to exchange calls directly with the PSTN, as well as with virtually any TDM PBX, and (via back to back SIP/PSTN gateways) with virtually any IP-PBX.
Direct SIP with IP-PBX is a variation in which the calls are exchanged over IP between the Mediation Server and an IP-PBX, without the use of back to back IP/PSTN gateways (i.e. in IP all the way, without transcoding between IP and TDM). That is done across an IP to IP connection between the two systems (a connection which most IP-PBX vendors generically call a “SIP trunk”) over which the two systems will converse in a standard manner (SIP over TCP, RTP, G.711…) as specified in the OIP’s Direct SIP specifications.
Why did Microsoft not support Direct SIP with IP-PBX until now?
Microsoft actually had built that capability from the start both into the product and into the OIP, in a standard-based way, and was ready to support Direct SIP with IP-PBX that qualified in the OIP. However, testing showed that few if any IP-PBX were capable of meeting the standards-based specifications for Direct SIP interoperability and OIP qualification.
Specifically, Office Communications Server conforms to RFC3966. RFC3966 defines the taxonomy and syntax for phone numbers that is mandated by the SIP standard. While Office Communications Server is RFC3966 compliant, many of the most commonly deployed IP-PBX in the market today are not. If two voice systems from different vendors do not format phone numbers the same way, Direct SIP interoperability will not work. Lack of RFC3966 compliance is the primary technical reason why those IP-PBX could not qualify for Direct SIP in the OIP.
Note: throughout Microsoft documentation, you may find references to “E.164 numbers” to describe numbers such as +14255551212 (i.e. a globally routable phone number with a leading “+”).ITU’s E.164 is a global scheme for normalizing globally routable numbers (and is used in particular for international numbering on the PSTN and increasingly on mobile phone networks). While not incorrect, the use of the term E.164 to designate those numbers can lead to confusion because E.164 does not mandate the leading “+” (as traditional phones and PBX do not have a way to input, transmit or process a “+”).Most IP-PBX can understand E.164 numbers but only do so when those numbers are expressed without the “+”, as dial strings. Typically, such IP-PBX do not support the “+” in the REQUEST and TO header fields of a SIP message. They may tolerate the “+” in the FROM header field of a SIP message, but generally are not able to process it: numbers with a “+” in the FROM field cannot be dialed back to Office Communications Server from the IP-PBX.Numbers such as +14255551212 are actually “RFC3966 compliant global numbers”. RFC3966 defines the tel: URI scheme that is used by SIP. For globally routable phone numbers, RFC3966 is based upon E.164, which it clarifies by requiring the leading “+”. It also adds support for non-globally routable numbers (also called local or private numbers) that are not defined in E.164. RFC3966 requires a “Phone-Context” in the tel: URI; the “Phone-Context” removes any ambiguity as to which system or network entity the local number refers to, and may enable to translate/normalize between local and global numbers.
How can I use Direct SIP with IP-PBX on Office Communications Server 2007?
The changes are accessible to users of Microsoft Communications Server 2007 via update packages as described in the following Microsoft Knowledge Base articles: http://support.microsoft.com/kb/952783/; http://support.microsoft.com/kb/952780/; http://support.microsoft.com/kb/953659/; http://support.microsoft.com/kb/957707 (Updating last url with October client update that includes prior fix).
The updates need to be installed to the RTM (6362.0) version or to previously updated installations and are available for both Office Communications Server Enterprise and Standard Edition.
For the following servers:
· Standard Edition Server
· Enterprise Edition Server – Front End
· Proxy Server
· ?xml:namespace prefix = st2 ns = "urn:schemas-microsoft-com:office:smarttags" /?xml:namespace prefix = st1 ns = "urn:schemas:contacts" /Director Server
· Edge Server
· Forwarding Proxy
apply Server.msp to each server. No server reboot is required.
For the Mediation Server role: apply both MediationServer.msp and UCMARedist.msp to the Mediation Servers that will be connected to the IP-PBX; a service restart will be required after applying UCMARedist.msp.
For Office Communicator 2007: apply Communicator.msp.
After the updates, a configuration file is required on Office Communications Server 2007 to enable the changes. The configuration file, called “MediationServerSvc.exe.config”, needs to be located in the Mediation Server directory where the “MediationServerSvc.exe” file is installed. By default that directory would be C:\Program Files\Microsoft Office Communications Server 2007\Mediation Server.
Here is a sample configuration file where the value of “RemovePlusFromRequestURI” has been changed from the default of “NO” to “YES”:
lt;?xml version="1.0" encoding="utf-8" ? gt; lt;configuration gt; lt;appSettings gt; lt;add key="RemovePlusFromRequestURI" value="YES" / gt; lt;/appSettings gt; lt;/configuration gt;
One this is completed, restart the Mediation Server.
Note: this configuration file is also used to turn Transport Layer Security (TLS) on or off in the Mediation Server existing functionality. Therefore, the file may already exist on a particular Mediation Server computer. By default, if the file does not exist or does not have the GatewayTLS setting, TLS is turned off.
With which IP-PBX does Microsoft currently support Direct SIP?
Simultaneously with the changes, Microsoft announced that it had successfully tested the following IP-PBX against the test matrix that is part of the OIP requirements for Direct SIP:
IP-PBX Vendor
Product
Versions tested
Cisco
Call Manager 6.1
6.1.1.3000-2
Cisco
Call Manager 5.1
5.1.3.1000-125.1.3.3000-5
Cisco
Call Manager 4.2
4.2(3)sr3a
Microsoft now supports OCS interoperating in Direct SIP with the above IP-PBX from Cisco. While not tested, other versions of Call Manager at or above the 5.x level are expected to comply.
Besides Cisco Call Manager, Alcatel, Avaya, NEC, Nortel, Siemens and several other vendors do not support RFC3966 in their most common releases. The changes in Office Communications Server should facilitate the qualification of these vendors’ IP-PBX in the OIP. We highly recommend you validate in your own environment prior to making a final topology decision.
Note: some earlier versions of Cisco Call Manager (in particular 4.1) have comparatively older versions of SIP which had not yet been tested at the date of writing. Also, IP-PBX vendors may occasionally have slightly different implementations of the more arcane aspects of SIP. That may become apparent in some rare, complex call flows outside of the scope of OIP qualification testing.
How do the changes work?
These changes enable interoperating with an IP-PBX using Direct SIP with IP-PBX, across an IP connection between the Mediation Server and the IP-PBX. This IP connection is typically called a “SIP trunk” on the IP-PBX side, and we will use that generic term hereafter.
For example, here is a schematic description of the environment with a Cisco Call Manager 5.1. Note the use of a Media Termination Point (MTP) on the Call Manager, where the media from the SIP trunk is terminated. MTP may or may not be required depending on the specific versions of Call Manager and Cisco devices used. For details on the use of the MTP please refer to Cisco’s documentation.
While this is not a requirement, we are assuming in this chart and in most of the explanations below that all PSTN interconnectivity is handled by the IP-PBX. Calls from the PSTN to Office Communications Server Enterprise Voice users will first be presented to the IP-PBX which will then pass them onto Office Communications Server across the SIP trunk. That is the most common deployment case for pilots or small scale deployments; for larger deployments it may be preferable for each system to handle its own PSTN interconnection directly, and reserve the Direct SIP interconnection to the exchange of calls between users of the two systems.
The changes are targeted at facilitating interoperability with an IP-PBX that, in its SIP messages across the SIP trunk, presents and receives dial strings. These dial strings might be E.164 numbers without a “+”, or any other set of dial strings such as extensions.
Because of the requirements for the SIP messages across the SIP trunk to not include the “+”, appropriate dial strings need to be used by the Office Communications Server Mediation Server when interacting with the IP-PBX. However the core internal logic of Office Communications Server with respect to phone numbers has to be preserved, in order to not disrupt a range of typical Office Communications Server scenarios such as publishing contact information within the presence document. Therefore the Mediation Server will play a critical role in this scenario.
The changes introduce the capability for Office Communications Server to normalize the FROM header so that a non-RFC3966 representation of an E.164 number (i.e. an E.164 number without a “+”) is converted to an RFC3966 conforming global number and is placed in the “P-Asserted-Identity” (PAI) header field. The PAI header enables the user lookup functionality in Office Communicator. If the normalization process does not result in a global number, Office Communications Server will add a Phone-Context value of "enterprise” in the PAI header. Additionally, Office Communications Server bypasses the server normalization logic if the REQUEST URI header already contains a Phone-Context value of "enterprise."
In summary, when the value of “RemovePlusFromRequestURI” is set to “YES”:
For outgoing calls (calls from the Mediation Server to the IP-PBX):
· The conversion from RFC3966 conforming numbers to dial strings (that can be interpreted by the IP-PBX) happens after the outbound routing logic of Office Communications Server is complete; that enables to maintain that logic unchanged
· The Mediation Server will strip the “+” from the REQUEST and the FROM fields in any outgoing INVITE (resulting in dial strings that can be interpreted by the IP-PBX)
· Since the Mediation Server copies the value in the REQUEST URI to the TO URI in the INVITE it sends to the IP-PBX, this effectively means that the “+” is stripped from the TO URI as well, and that the TO URI is presented to the IP-PBX in a dial string format it can interpret.
· After these steps, all dial strings are presented to the IP-PBX across the SIP trunk in a format the IP-PBX can interpret.
For incoming calls (calls from the IP-PBX to the Mediation Server):
· The preexisting normalization rule capabilities in Office Communications Server are sufficient to normalize the TO field and route the call correctly
· The FROM field and the REQUEST field also require a normalization rule that will insert a “+” (the rule may be more complex and manipulate digits as well)
· If the above normalization does not result in a global number, the Mediation Server will set the “Phone-Context” in the FROM field to “enterprise”
· Office Communications Server will then set the correct “P-Asserted Identity” (PAI) value, allowing the contact model to work accurately with Office Communicator 2007.
Additionally, in environments where phone numbers in the Active Directory are entered as dial strings representing E.164 numbers without a “+”, these numbers will be converted to RFC3966 compliant global numbers, represented as TEL URI by the Address Book Service. The Address Book normalization rules will be used to convert these numbers into RFC3966 compliant numbers. Office Communications Server users in such scenarios will always have the “RTCSIP-Line” parameter configured with an RFC3966 compliant TEL URI.
As mentioned previously, those changes are not applied by default by just running the updates for Office Communications Server 2007. Administrators must also perform configuration steps and add the appropriate normalization rules. Configuration is also required on the IP-PBX side to set up the SIP trunk, as well as to normalize numbers as necessary.
How do I set up Direct SIP with an IP-PBX?
To setup the Direct SIP with IP-PBX interoperability, we must first understand the dial plan and normalization rules on the IP-PBX side, and make decisions on the number range allocation between Office Communications Server and the IP-PBX. The next step is to provision and configure the SIP trunk from the IP-PBX to the Mediation Server. Last, we will setup Office Communications Server, starting with Mediation Server and adding the appropriate location profile(s) and normalization rule(s).
Dial plan and normalization rules on the IP-PBX side
Enterprises’ dial plans vary broadly. Therefore each implementation will be somewhat unique, and the examples given here are not meant to cover every case.
Small or medium size enterprises (especially single-site ones) typically will have a pre-existing internal dial plan based on short dialing extensions (generally 3 to 5 digits). Users are accustomed to dialing the short extensions to reach internal users and to dialing a prefix (such as 9 or 0) prior to dialing numbers external to the enterprise.
To reach an internal user from the PSTN, outside callers have to dial a DID (Direct Inward Dialing) number, which is a publicly routable number corresponding to the extension of the user to reach. The IP-PBX will already be configured with the appropriate transformation rules to convert the DID requested to the corresponding extension, generally by striping the appropriate number of leading digits, and placing the result in the TO field. For example a DID of 14257771234 would be converted to the extension 1234.
This conversion however is only applied to the TO field (aka Called ID or called number) of the call. The FROM field (aka Caller ID or caller number) is commonly either left unchanged from what the operator provided, or transformed into a dial string that enables simple callback to the original caller. For example, for an IP-PBX located in the United States, a US Caller ID of 14259991234 may be converted to 914259991234, and a French Caller ID of 33169861234 may be converted to 901133169861234, where 9 is the prefix for external dialing on the IP-PBX and 011 the carrier mandated international dialing prefix in the US. It can take a large number of rules on the IP-PBX to cover all possible cases, and those rules vary based on what numbering format the operator will present and require.
Larger enterprises that use extensions generally need either much longer extensions (sometimes as long as 6 or 7 digits) or internal prefixes for site to site dialing. This situation creates a risk of overlap, where a dial string received as Caller ID could be identical to a dial string representing an internal route or user. For that reason, large enterprises almost always implement Caller ID transformation rules such as the ones described above (the exception is large enterprises that use E.164 numbering internally instead of extensions).
This of course determines the format in which the IP-PBX will pass TO and FROM dial strings to Office Communications Server and what normalization rules will be required on Office Communications Server. In most cases, it should be expected that the IP-PBX will present to Mediation Server the following:
For calls from an IP-PBX user to an Office Communications Server user:
· The FROM field is a dial string representing an extension xxxx on the IP-PBX
· The TO field is a dial string representing an extension yyyy on Office Communications Server.
For calls from the PSTN to an Office Communications Server user:
· The FROM field is a dial string representing the caller number as presented by the carrier, and transformed by the IP-PBX as described above, starting with well defined patterns such as 91 or 9011 in the United States
· The TO field is a dial string representing an extension yyyy on Office Communications Server, because the DID that was initially presented by the carrier was converted by the IP-PBX.
Therefore Office Communications Server should be provisioned with the appropriate normalization rules in particular to handle the various dial strings formats in the FROM field.
Conversely, in virtually all cases it should be expected that the Mediation Server will present the following to the IP-PBX:
· Both the TO and the FROM fields are dial strings representing full E.164 global numbers without a “+”.
Therefore the IP-PBX should be provisioned with the appropriate translation rules to transform these strings into the appropriate formats for the IP-PBX and the PSTN.
DID/extension range allocation
The simplest case for number range allocation is where specific ranges are dedicated to one or the other system. For example, in a four-digit extension plan, all extensions of the pattern 4xxx or 5xxx would be assigned to Office Communications Server and all other extensions would be assigned to the IP-PBX. Where possible, allocating ranges is preferable in order to simplify provisioning of users and routing patterns.
There are cases where simply allocating ranges is not possible. This can be because no unused range is available, or because users must retain their original DID as they migrate to Office Communications Server Enterprise Voice. In the case where all PSTN interconnectivity is handled by the IP-PBX as explained above, not allocating ranges does not change the way in which Office Communications Server is set up; all adjustments will have to be made on the IP-PBX. Typically that involves redirecting each DID from the IP-PBX to Office Communications Server. In our example hereafter we will show how that can be achieved.
Conclusion
In this post we have explained what Direct SIP with IP-PBX means, and how the recently announced changes to Microsoft Office Communications Server will make it easier. In our next blog post, we will provide an example of setting up Direct SIP with IP-PBX.
Francois Doremieux, Jerome Berniere
posted
by
ocsteam |
4 Comments
Filed Under:
Voice, SIP
Friday, September 19, 2008 1:20 PM
What a difference 3 years makes
In early 2007, Cisco was touting their three year lead on Microsoft in UC. #160; Now, Cisco seems to have decided they were running in the wrong direction - and perhaps even in the wrong race. In the last month, Cisco has added two new software pieces to their UC puzzle and are now playing catch up to companies like Microsoft and Nortel who have long seen that the path to UC was in powerful, well-integrated software, not wires. #160; Cisco #8217;s offering is the definition of #8220;un-unified #8221; communications. With more than 40 products, their solution is a patchwork of technologies and networking. The risk for customers is that a patchwork system is slower to roll out, harder to train users, and more expensive to manage and maintain over the long term. By contrast, software-based unified communications is just that: #8220;unified. #8221; #160; It provides customers with the power of one #8211; one infrastructure and one user experience that simplifies and speeds deployment and adoption, and it interoperates more easily with existing systems. Businesses save costs with software-powered UC #8211; an all-important consideration in today #8217;s financial climate. Our customers tell us that our system slashes their overall telephony costs by 30 to 60 percent, with their long distance charges reduced by up to 76 percent, and almost one-third sliced off their mobile telephony overhead. #160; Those are some pretty compelling economics. #160; We shipped Microsoft #8217;s UC platform in Office Communications Server and Exchange Server 12 months ago, and today, more than half of Fortune 500 companies are using the technology. Now, we #8217;re moving on to the next phase in delivering on our unified communications vision, and we #8217;ll be sharing more about that early next week and at VoiceCon Amsterdam in October. #160; You #8217;ll see how we #8217;re extending OCS telephony beyond remote and mobile workers, delivering more robust collaboration capabilities, better integrating mobile phones into a complete UC solution, and delivering innovations that unlock the power of what industry analysts call #8216;communications-enabled business processes #8217; and what I call #8216;jet fuel for business processes #8217;. Gurdeep Singh Pall - Corporate Vice President, Unified Communications Group
posted
by
ocsteam |
2 Comments
Filed Under:
OCS
Thursday, September 04, 2008 10:54 AM
Running Communicator Mobile on a Virtual Machine
If you just want to try Communicator Mobile 2.0 without installing it on your Windows Mobile device, you can use a device emulator running on your desktop computer (or even running the emulator in a Virtual PC on your desktop machine J).
This guide will instruct you, how to install all required components and also includes all download links. It was tested on a physical Windows Vista SP1 32-Bit and 64-Bit, Virtual Windows Vista SP1 32-Bit and Virtual Windows XP SP3 32 Bit.
To set up a virtual Mobile environment, you will have to install the following components:
· Virtual PC 2007
· Active Sync
· Microsoft Device Emulator 3.0
· Windows Mobile 6.1 Emulator Images
· Communicator Mobile 2.0
Of course, you can also use older version of Windows Mobile (Communicator Mobile is supported on Windows Mobile 5, Windows Mobile 6 and Windows Mobile 6.1), but this might also be a good opportunity to test the latest Windows Mobile release.
If you want to develop software for Windows Mobile, you should also install Visual Studio. The free Visual Studio 2008 Express is available at http://www.microsoft.com/express/default.aspx
Virtual PC 2007
For the emulator to get Internet connectivity over TCP/IP – independent of ActiveSync – the Virtual Machine Network (VMNet) Driver is required. While the VMNet Driver used to be a dedicated download, the only way to install it now, is to install Virtual PC 2007.
http://www.microsoft.com/downloads/details.aspx?familyid=28C97D22-6EB8-4A09-A7F7-F6C7A1F000B5 amp;displaylang=en
Install Active Sync
In order to connect a mobile with your PC you will have to install ActiveSync. If ActiveSync is already installed, you can skip this step. Depending on your operating system, you will have to install either ActiveSync 4.5 (Windows XP) or Windows Mobile Device Center (Windows Vista). For Windows Vista a 32 and 64 Bit version are available.
Windows XP
ActiveSync 4.5 – https://www.microsoft.com/windowsmobile/activesync/activesync45.mspx
Windows Vista
1. Windows Mobile Device Center – https://www.microsoft.com/windowsmobile/devicecenter.mspx
2. Start Window Mobile Device center
3. Accept License terms
Install Microsoft Device Emulator 3.0
Next step is the installation of Microsoft Device Emulator 3.0 to run virtual mobile devices.
https://www.microsoft.com/downloads/details.aspx?FamilyID=a6f6adaf-12e3-4b2f-a394-356e2c2fb114 amp;DisplayLang=en
Install Windows Mobile 6.1 Emulator Images
After having the Microsoft Device Emulator 3.0 installed, you also need an operating system for your virtual devices. Communicator Mobile 2.0 is supported on Windows Mobile 5, Windows Mobile 6 and Windows Mobile 6.1. For this guide, Windows Mobile 6.1 was used in the USA version (Windows Mobile 6.1 Professional Images (USA).msi)
https://www.microsoft.com/downloads/details.aspx?familyid=3D6F581E-C093-4B15-AB0C-A2CE5BFFDB47 amp;displaylang=en
Install Windows Mobile 6.1 Emulator Images again
To get the device running, you will have to execute the installer again. Choose “repair” as the option. You might get the following error message, which can be ignored.
Change the connection settings
Now you need to change the connection settings, so that your Computer is able to establish a connection to your mobile using DMA. This slightly differs depending on your operating system.
Windows XP
Right click Active Sync in Taskbar gt; gt; Connection Settings gt; gt; Allow connections to one of the following gt; gt; DMA
Windows Vista
Start gt; gt; Control Panel gt; gt; Windows Mobile Device Center gt; gt; Change Connection Settings gt; gt; Allow Connections using the following gt; gt; DMA
Start Virtual Device
Time has come to start the Device:
Start gt; gt; Programs gt; gt; Windows Mobile 6 SDK gt; gt; Standalone Emulator Images gt; gt; US English gt; gt; WM 6.1 Professional
Start Device Emulator Manager
After starting the device, you need to start the Device Emulator Manager:
Start gt; gt; Programs gt; gt; Windows Mobile 6 SDK gt; gt; Tools gt; gt; Device Emulator Manager
Connect Virtual Device
To establish a connection between your computer and the mobile, right click the device and select “cradle” in the Device Emulator Manager. If you start the Virtual Device before the Device Emulator Manager, you might not see your virtual mobile in the list. Just click Refresh to make it appear.
The device will be now connected to your computer and a sync partnership will be established.
Troubleshooting hint: If the sync center does not connect to your device, disable the option “Allow connections to one of the following”, close the dialog, and enable it again with the setting DMA.
Install Communicator Mobile 2.0
Having the device up and running and connected to your PC, you can have to install Communicator Mobile 2.0. Run the Installer on the host computer (not on the emulated mobile).
http://www.microsoft.com/downloads/details.aspx?FamilyId=2EEA3E24-F216-4887-92B0-F37D942E26E0 amp;displaylang=en
Start CoMo
Now, after having everything installed, you are ready to start Communicator and sign in. Do not forget to provide your credentials and configure the server settings.
Troubleshoot hint: On my virtual Windows Vista, I was not able to connect to the Internet from my Virtual Phone until I changed the connection Settings to Automatic (in Windows Mobile Device Center gt; gt; Mobile Device Settings gt; gt; more gt; gt; Connection Settings gt; gt; This computer is connected to: gt; gt; Automatic).
Thomas Binder Services/ Consultant
posted
by
ocsteam |
5 Comments
Friday, August 29, 2008 9:02 AM
Office Communications Server 2007 Edge Planning Tool
The Edge Planning Tool for Office Communications Server 2007 is a tool that takes a user through a set of interview questions regarding the proposed or current edge server deployment. The tool interviews users about their perimeter network settings as well as some questions regarding their internal deployment. http://www.microsoft.com/downloads/details.aspx?FamilyID=149e5dd5-eaae-46b6-afba-01c31e88a275 amp;displaylang=en Based on the answers to these questions and Microsoft Office Communications Server 2007 best practices, the tool generates a set of 6 reports.  The first report is a best practices report. This report compares the user’s answers to Office Communications Server 2007 best practices and using a stoplight based UI, shows the users whether they are in line with the best practices or not. The UI consists of a banner that is either green or red with a blurb of text underneath stating why it is a best practice. The report also lists the common pitfalls and errors that users have been known to make – so users of the tool can read them and ensure that they don’t fall in the same traps. The next report that is created is the OCS Admin report. This report is generated for the OCS Administrators as it has all of the configuration settings in one report. This report is broken down into 5 sections: Edge Report, Reverse Proxy Report, Next Hop Report, Edge Server Configuration Documentation and Internal Director/Pool Configuration Documentation. The first sections of the report are table based reports that have the settings for each of these servers. The reports have information on the FQDNs, IPs, Firewall Rules, Certificate and DNS settings. The last two sections of the report consist of documentation that is taken from various Office Communications Server 2007 resources. The documentation is modified to include the actually settings. For example in the current documentation it says: “In the Next Hop Network Address textbox, enter the FQDN of your Director or Pool”, the custom documentation report would say this: “In the Next Hop Network Address textbox, enter the FQDN of your Director or Pool (director.contoso.com)”. On top of the customized settings, these sections also provide screenshots of where you would apply the settings with captions under the screenshots stating exactly what settings to set. The next 4 reports were designed to be handed off to the various teams in your organization: Certificate, Firewall, DNS and Custom Documentation. These reports are stripped down versions of the OCS Admin report. The main point behind this is that it saves the OCS Admin from having to get the necessary data that needs to be provided to the various teams. The configuration settings that are provided in the reports should be used to setup the edge servers in your organization. This tool does not pull any information from your servers nor does it apply any of the settings. It should only be used to generate configuration settings. Known Issues: Configuration Only This tool only provides configuration settings. It does not apply the settings nor does it query your system to find the settings. The output is solely based on a user’s input. Topologies Currently the tool only supports the Consolidated, Single-Site and Scaled Single-Site topologies. The tool does not support the Remote Site Edge Topology (either scaled or un-scaled). In order to get around this, users should use Single-Site or Scaled Single-Site to configure your primary Edge data center. Cannot Modify Entries Currently the tool only supports loading an XML file to go directly to the final report. Currently there is no support for loading an XML file and being able to modify any of the entries. Only View Output Reports in Web Browser Users cannot print or save the output reports through the tool itself - the reports must be viewed in a Web Browser in order to print or save. CWA There is currently no support for CWA. Certificate Wizard and Edge Configuration Wizard The Edge Planning Tool does not have any way to integrate with Certificate Wizard or Edge Configuration Wizard. Miru Gunarajah
posted
by
ocsteam |
2 Comments
Filed Under:
Edge Servers
Friday, August 29, 2008 9:01 AM
Next release of OCS to support 64 Bit OS (x64)
As a part of the broad initiative across Microsoft to support 64 bit versions across many of its product lines, the next release of OCS will support 64-bit operating systems only. This decision will help meet customer demand and is a natural progression of the product that aligns with the same approach taken by the Exchange team (with Exchange 2007) and the SharePoint team (with SharePoint 2007) to support 64 bit operating systems only. For the next release of OCS, Microsoft will support deployments on 64 bit operating systems - Windows Server 2003 x64 (R2) and Windows Server 2008 x64.  Consolidate deployments Based on customer feedback, Microsoft’s goal with the next release of OCS is to simplify deployments by reducing the number of servers needed for deployment. Customers are also telling us they are pushing the limits of existing hardware with their “mission critical” communications solutions. The x64 Advantage By leveraging x64 hardware, we are able to use inexpensive memory to support more concurrent processing of real-time media streams (audio, video, conferences) on smaller number of servers. With the change to x64, we can simplify and consolidate OCS deployments while supporting additional capabilities in the 64-bit server hardware is broadly available in the market today and is offered by major hardware vendors. The benefits of adopting 64 bit hardware are not limited to high scale OCS customers. Guidance for OCS 2007 customers The majority of server hardware being sold today is x64-based and many businesses are already enjoying its advantages and will not need to purchase new hardware to deploy the next release of OCS. Customers who are using 32-bit hardware systems to run OCS 2007 will need to upgrade to x64 systems to install and run the next release of OCS. The OCS team is continuing work on the next release and we look forward to sharing more details as soon as we can…stay tuned! Peter Schmatz
posted
by
ocsteam |
9 Comments
Filed Under:
OCS
Wednesday, August 27, 2008 8:22 PM
A New Path?
Today Cisco announced the acquisition of PostPath, an e-mail offering. #160; #160; In a blog post by the VP of their Collaboration Software Group, Cisco has stated that this is part of their #8220;cloud-based collaboration platform #8221;. This acquisition is interesting on a few fronts. 1) It #8217;s a remarkable reversal. #160; Just a year ago, Cisco #8217;s Chief Technology Officer, Joe Burton was decrying #8220;the rapidly declining importance of email #8221; (Is Your PC Just a Paperweight #8211; August 8, 2007), and a year later, the company is writing a $220mm check for email technology. 2) Microsoft has long held that e-mail is a critical component of unified communications, and that is what we #8217;ve delivered from day one. #160; Competitors are waking up to the fact that you can #8217;t really deliver UC without email and are trying to catch up. #160; We have a 15 year head start with Exchange Server, which today runs seamlessly with conferencing, instant messaging, voice, and Office applications for millions of customers. 3) Cloud computing is having far-reaching effects, but some companies continue to present their customers with a Sophie #8217;s choice when it comes to their product portfolio. #160; Cisco seems to be doing the same here #8211; Saas/WebEx or on-premise/UC. #160; You can #8217;t have both, so choose one. #160; #160; #160; Microsoft #8217;s S+S Services approach is unique and provides customers with the flexibility to choose a solution that best fits their organizational needs, combining the best software and services. #160; This is the direction that companies such as Coca-Cola Enterprises, Ingersoll Rand, and others are choosing with Exchange and Exchange Online. The #8216;unified #8217; part of #8216;unified communications #8217; carries particular importance for me, and that is why we take such pains to ensure that our products #8211; such as Exchange and Office Communications Server #8211; work well together #8211; and with the other software applications and telephony systems our customers are already using. #160; Today #8217;s acquisition is a fascinating change in direction, and it also seems to be a big endorsement of the path we #8217;ve been taking for several years now. Kim Akers, General Manager, UCG
posted
by
ocsteam |
2 Comments
Monday, August 25, 2008 5:06 PM
OCS Best Practices Analyzer for Vista SP1 x64
Finally, the OCS Best Practices analyzer has been updated such that I can run it on my Vista SP1 x64 machine. Virtual PC is nice with the drag and drop functionality of the shared clipboard but having to run a machine just to check a BPA was a real annoyance. http://www.microsoft.com/downloads/details.aspx?FamilyId=1B90993C-072A-4C84-B385-B76D23B2F27C amp;displaylang=en Update August 26 -Turns out in order to get an update successfully you have to launch the BPA using the run as administrator option. TomL LCSKid
posted
by
ocsteam |
2 Comments
Tuesday, August 19, 2008 5:00 PM
Survey: Daily tasks and Feature organization
lt;August 26 update - removing survey url and contact email. gt;
As the OCS development team is hardening the next version of OCS, the planning team is looking ahead to the version which will follow. In this version we’d like to take a step back and verify what are the core everyday challenges and perspectives of those of you who use our product. To do this we have created a survey to capture information about your daily needs and your thoughts on how you would like the features in OCS to be organized. We are looking to collect input from all of you and would greatly appreciate hearing your input.
Please use this link to access the survey and share your perspectives with the team lt;survey url removed gt;. This survey will be available until 8/25.
The survey should take about 15 minutes to fill out. Please send any feedback about the survey to lt;email address removed gt;
posted
by
ocsteam |
2 Comments
Filed Under:
Survey
Tuesday, August 12, 2008 5:00 PM
July 2008 Communicator 2007 update
The July 2008 update for Communicator 2007 has been released - http://support.microsoft.com/?kbid=954439 NOTE: This update replaces the following update: 951662 (http://support.microsoft.com/kb/951662/) Description of the update for Communicator 2007: April 30, 2008 UC-RTC Sustained Engineering
posted
by
ocsteam |
6 Comments
Filed Under:
UC-RTC Sustained Engineering
Monday, August 11, 2008 4:12 PM
The Unified Communications Hosted Trial, sponsored by Microsoft amp; Unisys
Unisys recently put out a press release announcing the UC Hosted Trial, and I wanted to give some additional behind-the-scenes information on what we’re doing here. This is a system managed by Unisys that lets Microsoft and Unisys field sales sign up our customers for a trial of Microsoft’s unified communications technologies, including Microsoft Exchange Server 2007 and Microsoft Office Communications Server 2007. We’ve been using the trial both internally and externally for several months now, and it’s gotten some great feedback and customer usage – nearly 800 30-day accounts have been created. In this post, I’m going to talk about what the trial is in a bit more detail and how it all works.
The UC hosted trial is designed to give customers the ability to experience firsthand the power of Microsoft’s UC products without having to download or install a trial version of the server software in a lab environment. All the end-user features available from Exchange Server 2007 and Office Communications Server 2007 that we could possibly offer are available in the trial. Participants in the trial use Outlook 2007 for mail, calendaring and unified messaging and Office Communicator 2007 for instant messaging, web conferencing, and voice calling, with everything working against Microsoft software running in Unisys’ Reston, VA datacenter. Participants can have up to 20 accounts on the trial and the trial lasts for 30 days.
All this is made possible through the great remote access capabilities of Exchange Server and Office Communications Server. Both products fully enable users connecting remotely from the server infrastructure. In a typical company, this may be people working from home or on the road. We use the same elements in the hosted trial, as without them we would either have our total user pool be limited to those working in the Unisys data center or all participants would need VPN access – neither are particularly compelling options for a trial designed to be both easy to use and worldwide in scope. Unisys has ‘edge’ components for Exchange and Office Communications Server deployed in their data center’s DMZ, and that allows anyone with an account to connect up from anywhere in the world. Even better, when companies deploy Microsoft’s UC products, they’ll have the same great remote experience – it just works, on the LAN at corporate or on the Wi-Fi network from your hotel in Taipei.
Moving on with the deployment, Unisys has these systems running on their ES-7000 line of servers, with one cell dedicated to Exchange, one to Office Communications Server, and others to the variety of ancillary products (SharePoint Server, System Management Server, Reporting, etc.) that are use for other services, administration and maintenance. The solution is conservatively sized for about 5,000 concurrent users, and essentially we’re way over-provisioned on the hardware front – the Unisys servers are designed for scale and it handles the workloads like a champ. And of course, reliability hasn’t been an issue for us at all.
What really matters though is how this translates into the trial participant experience. This begins with provisioning, or when a Microsoft or Unisys sales person creates the accounts on the hosted trial using a web form. The sales person enters in the names of the participants and optionally their work phone numbers, or uploads a simple spreadsheet with the same information. A custom workflow process developed by Unisys then kicks off and creates all the user accounts, their mailboxes and their settings for Office Communicator. This single process to create a user in our “faux enterprise” is one of the great benefits of Microsoft’s UC products for real enterprises as well. One can quickly link Exchange and Office Communications Server with other business processes such that automating the creation of a user’s communications resources is linked right into Active Directory and can be automated along with account creation. So no more waiting to get a new employees phone turned on!
The provisioning for our trial also creates a “sandbox” in Active Directory, ensuring that while there are many trials going on in the server at once, participants can only see accounts created for their company. Because Office Communications Server 2007 doesn’t support multi-tenant hosting capability, this required some pretty fancy Active Directory footwork - once again a statement to the power of the platform, but more so to Unisys’ excellent custom coding work.
So now that there are accounts provisioned on the trial, the Microsoft or Unisys sponsor gets an email from the provisioning system with all the account information for the newly created users. The sponsor just forwards those mails to the participants who then download and install the client software - Outlook 2007 and Office Communicator 2007, both of which are available in 120 day trial downloads. After signing in, they get a fully functional messaging and communications environment. They can send email, instant message, make voice and video calls, collaborate and much more….
Connectivity to the phone system is one part of the trial that we’re quite proud of because it lends a lot to the experience. In the trial we offer inbound calling to trial users using Exchange Unified Messaging’s Auto-Attendant feature – by dialing a single number you can reach anyone in the trial just by speaking their name. Then for US-based customers, we also have enabled making outbound phone calls to any phone number in the US. This is done using SIP-PSTN Gateways from Quintum Technologies LLC, a subsidiary of Network Equipment Technologies – their press release on the hosted trial can be found here. Since the Quintum Tenor gateways are qualified in the Microsoft Open Interoperability Program, it was a snap to plug them into PRI lines from the carrier serving the data center and connect the gateway into the OCS deployment. In addition, voice quality is consistently great – whether listening to messages over Exchange UM or forwarding calls to your cell phone.
So now the participants are up and running on the trial and doing things like using Exchange Server’s smart calendaring capabilities to schedule conference calls on Office Communications Server. The Microsoft or Unisys sponsor can now communicate with them in a totally different way – using Federation. The Hosted UC Trial is federated with our corporate deployments of Office Communications Server, so sponsors can add their trial participants to their Office Communicator “buddy list”, see when they are online, and communicate with them using an encrypted connection through the internet. Even better, these calls use the same great sounding wideband audio codec as internal calls, and can include video as well. So now an audio-only conference call that used to be run on a bridge can now include IM, video and web collaboration.
While we certainly are happy that the trial shows off our products quite well, this really highlights the great work our partners do. The expertise at Unisys and Quintum made this trial possible, building on our UC platform and turning it into a great solution - just like our hundreds of UC amp; voice partners do every day for deployments worldwide.
So if you have had any interest in Exchange Server 2007 or Office Communications Server 2007 but the issues of finding lab space, hardware or time to install the server software has prevented you from checking it out, then definitely ask your Microsoft or Unisys sales person about the Hosted UC Trial. In less than a day, you and your colleagues can experience all the great end-user features that Microsoft’s unified communications products have to offer. And once you do, use that federated link to send me an IM or make a video call and let me know what we can do to make the trial better! I’m at sip:jastark@microsoft.com
Jamie StarkSr. Technical Product ManagerMicrosoft Unified Communications
posted
by
ocsteam |
2 Comments
Friday, August 08, 2008 3:00 PM
Update for Communicator 2007 Phone Edition July 2008
Update for Communicator 2007 Phone Edition - July 2008 (KB952693) has been released to the Microsoft download center. http://www.microsoft.com/downloads/details.aspx?FamilyID=eeb1b339-df7e-486f-a47a-23d7ed8be6fd amp;DisplayLang=en Description of the Communicator 2007 Phone Edition update: July 2008 http://support.microsoft.com/?kbid=952693 Note: #160; Released for English as well as all the other localized languages (Dutch, French, German, Italian, Japanese, Korean and Spanish) UC-RTC Sustained Engineering
posted
by
ocsteam |
3 Comments
Filed Under:
UC-RTC Sustained Engineering
Tuesday, July 29, 2008 5:00 PM
Determining Health and Wellness of an OCS Deployment - Web Conferencing and MCUs
Determining Health and Wellness of an OCS Deployment #8211; Web Conferencing and MCUs Multi-point Control Units for Web Conferencing and Audio amp; Video.. How do IT Admins determine if these servers are staying healthy? As I explained in my previous blog in order to implement a comprehensive monitoring plan, the real trick is how to tell proactively when MCU server health is starting to decay. MCUs can be collocated on OCS 2007 Standard Edition servers and most large Enterprise Edition customer deployments have several dedicated Audio/Video MCUs, Data Conferencing MCUs and may have IMMCU services running on multiple Frontend servers which I #8217;ve already covered in the post for IM and Presence. What new information am I covering here? In addition to listing a good mix of Performance Monitor counters as recommended by the product team below, I #8217;m covering new ground by identifying certain Microsoft Operations Manager thresholds to watch for as MCU health degrades to know exactly when to take remedial actions. Also below are a set of perf counters for A/V and Web Conferencing MCU server roles, some with thresholds that if reached, should trigger action on the part of an Administrator. The resource utilization, user load and server health counters below are directly applicable to Web Conferencing and A/V MCU functionality. As I said in Part 1, IT Admins will need to run resource utilization and user load baseline tests first to determine what is #8220;normal #8221; for their specific deployments. Then once baseline numbers are known for each server role, they #8217;d add applicable health monitoring counters to the overall monitoring scheme and proceed from there. #8220;Snooping #8221; on your MCUs can be very helpful to enhance a complete strategic monitoring plan. I was surprised to find out you can run the Snooper tool in the OCS 2007 Resource Kit to perform a diagnostic report on MCUs to determine the state of server health and to identify diagnostic events. Among other useful things it does, Snooper can be used for error analysis. Information can be retrieved about all MCUs in the deployment and a complete diagnostic overview can be obtained. The MCU Health report can be particularly useful because including showing ID, media type, URL and heartbeat status, this report also shows server statistics that can be used to determine MCU load using of number of assigned conferences per MCU and number of connected participants. Snooper #8217;s a great tool but it #8217;s always a good idea to first review event logs and the MMC overviews for all MCUs for clues before starting an in-depth troubleshooting investigation using tools like Snooper. Figure 1: Screenshot of Snooper UI From the #8216;Reports #8217; menu select, #8216;Conferencing and Presence Reports #8217; and then from the #8216;Report #8217; drop down list (as below) select, #8216;MCU Health #8217;. Recommended baseline counters to test and monitor resource utilization: Processor; % Processor Time (_Total) [should operate at less than 80% during peak load] (run on each MCU) Network Interface; Bytes Total/sec ([your NIC]) [should operate at less than 80% capacity of the NIC] (run on each MCU) *Memory; Pages/sec (---) (run on each MCU) *Process; % Processor Time (DataMCUSvc) *Process; % Processor Time (AVMCUSvc) *Process; Private Bytes (DataMCUSvc) ([peak]) *Process; Private Bytes (AVMCUSvc) ([peak]) #183; Physical Disk counters are not applicable to MCU functionality #183; Pages/sec indicates total #8220;pressure #8221; on the server #8217;s available memory #183; No documented baseline rules for individual process or memory utilization #183; Network Interface example: 100Mbit/sec NIC should be lt;80%x12.5Mbytes/sec ~ lt;10Mbytes/sec #160; Recommended baseline counters to test and monitor user load: Audio/Video and Web Conferencing MCU: (monitor on each MCU) AVMCU #8211; 00 - Operations; AVMCU #8211; 000 #8211; Number of Conferences ---- AVMCU #8211; 00 - Operations; AVMCU #8211; 001 #8211; Number of Users ---- LC:DATAMCU #8211; 00 #8211; DataMCU Conferences; DATAMCU #8211; 000 #8211; Conferences ---- LC:DATAMCU #8211; 00 #8211; DataMCU Conferences; DATAMCU #8211; 002 #8211; Connected Users ---- LC:SipEps #8211; 01 #8211; SipEps Transactions; SipEps #8211; 002 #8211; Incoming Transactions Processed ---- LC:SipEps #8211; 01 #8211; SipEps Transactions; SipEps #8211; 003 #8211; Incoming Transactions Processed/sec ---- #160; Recommended counters to monitor for server health: Audio/Video Conferencing MCU: (monitor on the AV MCU) MEDIA #8211; 00 - Operations; MEDIA #8211; 000 #8211; Global Health ---- MEDIA #8211; 00 - Operations; MEDIA #8211; 001 #8211; TCP disconnects because remote out of sync ---- MEDIA #8211; 00 - Operations; MEDIA #8211; 002 #8211; Relay allocation failures ---- MEDIA #8211; 00 - Operations; MEDIA #8211; 003 #8211; Number of packets dropped by Secure RTP/sec ---- MEDIA #8211; 01 - Planning; MEDIA #8211; 003 #8211; Number of conferences with NORMAL health ---- MEDIA #8211; 01 - Planning; MEDIA #8211; 004 #8211; Number of conferences with OVERLOADED health ---- MEDIA #8211; 01 - Planning; MEDIA #8211; 005 #8211; Number of packets dropped in flow control ---- MEDIA #8211; 01 - Planning; MEDIA #8211; 006 #8211; Number of failed end to end connectivity checks ---- MEDIA #8211; 02 - Informational; MEDIA #8211; 006 #8211; Average time spent in processing audio packets ---- MEDIA #8211; 02 - Informational; MEDIA #8211; 009 #8211; Conference process rate ---- AVMCU #8211; 04 #8211; MCU Health and Performance; AVMCU #8211; 003 #8211; Thread Pool Health State ---- AVMCU #8211; 04 #8211; MCU Health and Performance; AVMCU #8211; 005 #8211; MCU Health State ---- Web Conferencing MCU: (monitor on the Data MCU) LC:DATAMCU #8211; 02 #8211; MCU Health and Performance; DATAMCU #8211; 002 #8211; Thread Pool Load ---- LC:DATAMCU #8211; 02 #8211; MCU Health and Performance; DATAMCU #8211; 003 #8211; Thread Pool Health State ---- LC:DATAMCU #8211; 02 #8211; MCU Health and Performance; DATAMCU #8211; 005 #8211; MCU Health State ---- LC:DATAMCU #8211; 02 #8211; MCU Health and Performance; DATAMCU #8211; 006 #8211; MCU Draining State ---- Peers/HTTPS Transport/Focus Factory/Focus: (monitor on the Frontend servers) LC:SIP #8211; 01 - Peers; SIP - 024 #8211; Flow-controlled Connections Dropped (_Total) LC:SIP #8211; 01 - Peers; SIP - 025 #8211; Average Flow-Control Delay (_Total) LC:USrv #8211; 20 #8211; Https Transport; USrv #8211; 002 #8211; Number of failed connection attempts ---- LC:USrv #8211; 20 #8211; Https Transport; USrv #8211; 003 #8211; Number of failed connection attempts / Sec ---- LC:USrv #8211; 20 #8211; Https Transport; USrv #8211; 015 #8211; Number of outgoing requests that timed out ---- LC:USrv #8211; 20 #8211; Https Transport; USrv #8211; 016 #8211; Number of outgoing requests that timed out / Sec ---- LC:USrv #8211; 22 #8211; Conference Focus Factory; USrv #8211; 000 #8211; Add Conference requests ---- LC:USrv #8211; 22 #8211; Conference Focus Factory; USrv #8211; 007 #8211; Add Conference requests succeeded ---- LC:USrv #8211; 23 #8211; Conference Control; USrv #8211; 018 #8211; Local C3P success responses ---- LC:USrv #8211; 23 #8211; Conference Control; USrv #8211; 019 #8211; Local C3P pending responses ---- LC:USrv #8211; 25 #8211; Conference Mcu Allocator; USrv #8211; 009 #8211; Factory Unreachable Failures ---- LC:USrv #8211; 25 #8211; Conference Mcu Allocator; USrv #8211; 010 #8211; Factory Calls Timed-Out ---- LC:USrv #8211; 25 #8211; Conference Mcu Allocator; USrv #8211; 016 #8211; Create Conference Mcu Unreachable Failures ---- LC:USrv #8211; 25 #8211; Conference Mcu Allocator; USrv #8211; 017 #8211; Create Conference Requests Timed-Out ---- OCS 2007 MOM Pack thresholds from the documentation: AVMCU - 000 - Number of Conferences [t1] (Warning) (Threshold) (The number of active conferences on the A/V Conferencing Server) Numeric Threshold Rule triggered when the sampled value is greater than 5001 Causes: The number of active conferences has far exceeded the expected usage and new conferences cannot be created. Resolutions: If this high number of active conferences persists then the service should be restarted and logging enabled to identify if the rate of conference creation is in line with expected usage. AVMCU - 004 - Total Picture Freeze/Fast Update Request Sent (Sample) Numeric Threshold Rule triggered when the sampled value is greater than 1 The current health of the MCU. 0 = Normal. 1 = Loaded. 2 = Full. 3 = Unavailable. Causes: MCU is overloaded. Resolutions: This could happen if too many conferences are assigned to this MCU. (Sample Intervals for all performance counters listed above is: 15 minutes) DATAMCU - 041 - Session queues state (Warning) (Threshold) (The state of the session queues) Numeric Threshold Rule triggered when the sampled value is greater than 2 Causes: Data MCU is over loaded. Resolutions: This should be a temporary condition. If this condition persists, please provision more Data MCU machines to handle the load. DATAMCU - 041 - Session queues state (Sample) (The state of the session queues) Numeric Threshold Rule triggered when the sampled value is greater than 1 Causes: MCU is overloaded. Resolutions: This could happen if too many conferences are assigned to this MCU. (Sample Intervals for all performance counters listed above is: 15 minutes) USrv - 004 - Outstanding C3P transactions (Sample) (Per-second rate of CCCP requests sent to MCU that timed out) Numeric Threshold Rule triggered when the changes in values over 2 samples is greater than 100 Causes: This can happen if the Server and/or one or more MCU(s) in the Pool are overloaded. This can also happen due to Load Balancer and Network connectivity issues. Resolutions: This might be a temporary condition. If the problem persists, please ensure that hardware and software requirements of the Pool meet the usage characteristics and that the network is functioning correctly. USrv - 004 - Notifications in processing (Sample) (The average time [in milliseconds] taken to complete a MCU factory call) Numeric Threshold Rule triggered when the sampled value is greater than 5000 Causes: The Mcu factory might be busy and may not respond immediately. Resolutions: This might be a temporary condition. If the problem persists please ensure that the hardware and software requirements meet the user usage characteristics. USrv - 011 - Factory Call Latency (msec) (Error) (Threshold) (The average time [in milliseconds] taken to complete a MCU factory call) Causes: The Mcu factory might be busy and may not respond immediately. Resolutions: This might be a temporary condition. If the problem persists please ensure that the hardware and software requirements meet the user usage characteristics. USrv - 011 - Factory Call Latency (msec) (Sample) (The average time [in milliseconds] taken to complete a create conference call) Numeric Threshold Rule triggered when the sampled value is greater than 5000 Causes: The Mcu or Backend might be busy and may not respond immediately. Resolutions: This might be a temporary condition. If the problem persists please ensure that the hardware and software requirements meet the user usage characteristics. USrv - 013 - Average Outgoing Queue Delay (ms) (Sample) ( Number of C3P transactions currently in processing) Numeric Threshold Rule triggered when the changes in values over 2 samples is greater than 1000 Causes: This can typically happen if the Server and/or one or more MCU(s) in the Pool are overloaded. Resolutions: This might be a temporary condition. If the problem persists, please ensure that hardware and software requirements of the Pool meet the usage characteristics USrv - 019 - Create Conference Latency (msec) (Error) (Threshold) (The average time [in milliseconds] taken to complete a create conference call) Causes: The Mcu or Backend might be busy and may not respond immediately. Resolutions: This might be a temporary condition. If the problem persists please ensure that the hardware and software requirements meet the user usage characteristics. USrv - 019 - Create Conference Latency (msec) (Sample) (The average time [in milliseconds] taken to complete a full Mcu allocation request) Numeric Threshold Rule triggered when the sampled value is greater than 10000 Causes: The Mcu factory or Mcu or Backend might be busy and may not respond immediately. Resolutions: This might be a temporary condition. If the problem persists please ensure that the hardware and software requirements meet the user usage characteristics. USrv - 021 - Allocation Latency (msec) (Error) (Threshold) (The average time [in milliseconds] taken to complete a full Mcu allocation request) Causes: The Mcu factory or Mcu or Backend might be busy and may not respond immediately. Resolutions: This might be a temporary condition. If the problem persists please ensure that the hardware and software requirements meet the user usage characteristics. USrv - 029 - Transactions Timed-Out / sec (Warning) (Threshold) (Per-second rate of requests sent to MCU that timed out) Causes: This can happen if the Server and/or one or more MCU(s) in the Pool are overloaded. This can also happen due to Load Balancer and Network connectivity issues. Resolutions: This might be a temporary condition. If the problem persists, please ensure that hardware and software requirements of the Pool meet the usage characteristics and that the network is functioning correctly. (Sample Intervals for all performance counters listed above is: 15 minutes) MCU Health is monitored internally by the Pool itself so unhealthy or overloaded MCUs will not be used. In OCS 2007 the #8216;MCU Factory #8217; component running on the Frontends is responsible for monitoring MCU #8220;health status #8221; and supplying the best available MCU for use during conference creation, whether it is for audio/video conferencing or web conferencing. When an MCU service starts up, it begins sending #8220;health notifications #8221; every 15 seconds to the #8216;MCU Factory #8217; to advertise its ability to take on new conferences or not. So the #8216;MCU Factory #8217; actually keeps a dynamic list of available MCU #8217;s for the corresponding modality (A/V, Data Conferencing) for use in servicing requests and chooses between available MCUs when Conferences are created. When a request comes in, the actual selection criteria for an MCU is based partly on the overall health of the MCU. (e.g. Normal= healthy; Loaded=marginal; Unavailable=maximum reached or server down) But selecting an MCU is not based solely on its health but randomness is introduced into the selection algorithm to minimize the risk of repeated selection of a single MCU to host most of the conferences. TechNet resources and whitepapers with more information on MCUs: #183; TechNet Virtual Lab: Deploying and Configuring Microsoft Office Communications Server 2007 More detailed information on the proper deployment of Web Conferencing and Audio/Video MCUs. #183; TechNet Labcast On-Demand: Configuring and Using Conferencing in Microsoft Office Communications Server 2007 More detailed information on configuration, usage and administration of Web Conferencing. #183; TechNet Webcast: Implementing Instant Messaging/Presence and Conferencing in Microsoft Office Communications Server 2007 (Level 200) More in-depth information on the proper deployment of Web Conferencing and Audio/Video MCUs. #183; TechNet Virtual Training On-Demand: Module 3- Configuring and Using Conferencing in Microsoft Office Communications Server 2007 More detailed information on Conferencing configuration and usage. #183; Designing for Adoption: Real-Time Audio in the Real World, Media Technologies for VoIP Applications Detailed design document for real-time audio in OCS 2007 Voice deployments. For an in-depth resource on Office Communications Server 2007, including detailed troubleshooting tips, refer to the Office Communications Server 2007 Resource Kit, especially Chapter 13: #8220;Monitoring, #8221; available from MS Press at: http://www.microsoft.com/MSPress/books/10482.aspx.] Stu Osborn. Stu prepared the content for this post prior to transferring to Unify2
posted
by
ocsteam |
4 Comments
Filed Under:
Setup amp; Deployment
Thursday, July 24, 2008 5:01 PM
Determining Health and Wellness of an OCS Deployment - IM and Presence
Determining Health and Wellness of an OCS Deployment #8211; IM and Presence As an IT Admin, how do you know when end user experience will start to suffer and which Performance Monitor counters should you be monitoring to ensure your users continue to have a quality experience? Also, how would you predict degradation of user experience proactively? My colleague Pauline already has an excellent UC blog on this subject. Great stuff... She concentrates on the Front end server role and its interaction with the pool #8217;s SQL Back end server. But there are hundreds and hundreds of separate Performance Monitor counters for Office Communications Server 2007 and most deployments include several other server roles besides Front end and Back end. Current guidance on this subject from the product team includes: administration guides, deployment guides, planning guides, technical reference guides and the like.. But what am I offering new here? Well, this blog has new information about how to determine server health. In addition to listing Perfmon counters as recommended by the product team, I identify certain thresholds so you can see when health is degrading and exactly when to take action! I also recommend a three-pronged approach to this task by #8220;polling #8221;, #8220;monitoring #8221; and taking #8220;remedial actions #8221;. Below are the recommended perf counters with thresholds that should trigger action on the part of an Administrator. The resource utilization, user load and server health counters below are directly applicable to IM/Presence functionality. But you as an IT Admin will need to run resource utilization and user load baseline tests during medium load first to determine what is #8220;normal #8221; for your deployment. Then once you have your baseline numbers, you can add health monitoring counters to your overall monitoring scheme and go from there. Recommended baseline counters to test and monitor resource utilization: Processor; % Processor Time (_Total) [should operate at less than 80% during peak load] Process; % Processor Time (RtcSrv) Process; % Processor Time (IMMcuSvc) Memory; Pages/sec --- Network Interface; Bytes Total/sec ([your NIC]) [should operate at less than 80% capacity of the NIC] (No baseline rules for individual process or memory utilization) Pages/sec - indicates total #8220;pressure #8221; on the server #8217;s available memory Network Interface example: 100Mbit/sec NIC should be lt;80%x12.5Mbytes/sec ~ lt;10Mbytes/sec Recommended baseline counters to test and monitor user load: LC:SIP #8211; 01 - Peers; SIP - 028 - Incoming Requests/sec (_Total) LC:SIP - 01 #8211; Peers; SIP #8211; 001 #8211; TLS Connections Active (_Total) LC:SIP #8211; 01 #8211; Peers; SIP #8211; 000 #8211; Connections Active (_Total) [should be less than 15,000 connections per Front end] LC:SIP #8211; 02 #8211; Protocol; SIP - 001 - Incoming Messages/sec ---- LC:ImMcu #8211; 00 - IMMcuSvc Conferences; IMMCU #8211; 000 - Active Conferences ---- LC:ImMcu #8211; 00 - IMMcuSvc Conferences; IMMCU #8211; 001 #8211; Connected Users ---- LC:USrv #8211; 00 #8211; DBStore; Usrv #8211; 002 #8211; Queue Latency (msec) [healthy is less than 100 msec] (server health decreases as latency increases to 12 sec when server throttling begins) LC:USrv #8211; 00 #8211; DBStore; Usrv #8211; 004 #8211; Sproc (Stored Procedure) Latency (msec) [healthy is less than 100 msec] (server health decreases as latency increases to 12 sec when server throttling begins) Queue Latency=the time a request spent in the queue to the Back end server Sproc Latency= the time it took the Back end server to process the request Recommended counters to monitor for server health: (These counters will indicate negative trends as well as overall server health) LC:SIP #8211; 01 - Peers; SIP - 024 #8211; Flow-controlled Connections Dropped (_Total) LC:SIP #8211; 01 - Peers; SIP - 025 #8211; Average Flow-Control Delay (_Total) LC:SIP #8211; 07 #8211; Load Management; SIP #8211; 000 #8211; Average Holding Time For Incoming Messages ---- LC:ImMcu #8211; 02 #8211; MCU Health And Performance; IMMCU #8211; 005 #8211; MCU Health State ---- LC:USrv #8211; 20 #8211; Https Transport; USrv #8211; 002 #8211; Number of failed connection attempts ---- LC:USrv #8211; 20 #8211; Https Transport; USrv #8211; 002 #8211; Number of failed connection attempts / Sec ---- OCS 2007 MOM Pack thresholds from the documentation: IMMCU - 020 - Throttled Sip Connections (Sample) (number of connections at which new SIP requests are refused) Sample Interval is 15 minutes. The current health of the MCU. 0 = Normal. 1 = Loaded. 2 = Full. 3 = Unavailable. Causes: MCU is overloaded, backend server is slow to respond, net problem Resolutions: This could happen if too many conferences are assigned to this MCU. [should be no more than 500 maximum sessions per MCU] (Normal= healthy; Loaded=marginal; Unavailable=maximum reached) IMMCU - 020 - Throttled Sip Connections (Warning) (Error) (number of throttled Sip connections total) Sample Interval is 15 minutes Numeric Threshold Rule triggered when the sampled value is greater than 10. Causes: Peer is not processing requests in a timely fashion. Resolutions: This can happen if the peer machine is overloaded. ( #8220;Peer #8221;=connected servers or adjacent Front end servers or MCUs in the same EE Pool #8211; the same set of counters apply) There are three phases of determining overall deployment health and wellness in a strategic monitoring plan: Phase I: Start by polling your environment #183; Run OCS Best Practice Analyzer (BPA) to perform a comprehensive inventory of servers and server-side settings. Among other things, BPA will flag incorrect settings and unsupported collocation of server roles and will even tell you if all the required hot fixes are installed, per server role. #183; After performing your server inventory, compare your topology to recommended guidelines by using the Planning Tool for Office Communications Server 2007. This new tool can be very useful if used as a companion with the OCS Planning Guide. It #8217;s an OCS deployment planning tool that uses a wizard to ask questions and then shows a graphical representation of the recommended topology based on profiles originated from the PG (5,000 users; 5-30K; 30-50K; 50-125K) using the recommended hardware. #183; Review OCS Setup logs and OCS Application logs upon first run of the servers just after setup completes. Make a point of checking Application Logs regularly. But also make it a routine practice to check, #8220;Show Logs #8221; after OCS setup finishes. HTML-based hierarchical logs can then be expanded to show errors and the resulting cascading effect on the services. #183; Run Validation Wizards for each server role as they are deployed to diagnose issues upon first run and to review informational and error messages relating to missing configurations or services not started. Those expandable HTML-based logs are very useful and handy to trace down exactly what #8217;s wrong. #183; Plan to repeat these on a rotating schedule: 1. BPA #8211; run every month; update BPA every week 2. Planning Tool #8211; run for major topology changes 3. Application logs #8211; check logs on all servers every day 4. Validation wizards #8211; run for every new server deployed Phase II: Follow a comprehensive plan to monitor your environment #183; Think about downtime optimization and use proactive thinking to catch and fix issues before they interrupt the services. Use Microsoft Operations Manager (MOM) 2005. You can install the OCS 2007 MOM Pack to monitor and create alerts and implement thresholds that trigger those alerts while monitoring an operation over time, using reporting to graph out weekly, monthly and seasonal usage! IT Admins worth their salt have already determined baselines for average usage and peak usage periods to ensure there is enough server headroom remaining during predictable usage spikes and they constantly update this information. #183; Consider using Performance Monitor or MOM Alerts set to page IT Administrators. MOM calls attention to critical events that require administrator intervention. MOM offers info about root causes and suggests solutions from its knowledge database. Guarding SQL against over-usage of CPU, Disk, and Memory and understanding when to add a Front end server is critical to being proactive as your user base grows. #183; Use the Admin tools. OCS has some good out-of-the-box tools for monitoring servers. In the status pane of the Microsoft Management Console, you #8217;ll see status for #8216;General Settings #8217;, an Event Log tab and some of the recommended Performance Monitor counters already loaded up. #183; Employ SQL Performance Dashboard to monitor SQL. That veteran team has worked long and hard developing this tool. For the Back end server, it #8217;s likely to boil down to over-using the resources of the machine (disk, CPU or memory) and with all the information out there about SQL Server and which performance monitor counters to watch, you can likely solve any over usage problem if you know what to look for. #183; Use Archiving and Call Detail Records to capture data for all sessions on your servers. Then use this information to monitor usage across your entire environment, including usage of specific functionalities, duration of specific sessions and per-user usage of specific features. Then you will understand how your end-users are making use of which OCS features and when. Using Archiving/CDR, you can capture details about how many users are sending IM to whom, when and how often. This will provide more insight about baseline usage of your deployment, not only for IM and multi-party IM but for other functionalities too. Determine usage spikes by analyzing the reports. Phase III: Take quick and decisive remedial actions #183; Take the proper steps to remedy the most common OCS issues seen because of decaying health of the servers before services are interrupted. Being PROACTIVE is really what you want but if you have to be REACTIVE, you want to strike at the heart of the developing issue. Take advantage of the OCS 2007 Resource Kit and its great set of troubleshooting tools to react properly. #183; Develop an action plan using the OCS Administration Guide and follow it consistently. Even better, change it over time as your user base grows and usage changes. Train and encourage users to gather and upload their logs. For troubleshooting an OCS Director, ask the user to manually populate their server logon with the pool FQDN to rule out operator error or other client issues. Once you #8217;ve confirmed there are no issues logging in directly to the pool, have the user set the logon back to automatic and gather Communicator logs. Generally, those logs are enough to find out what #8217;s happening without going server side. #183; OCS Logger is the tool to do server-side logging. It is documented in the Admin Guide. Network Monitor is also a very useful tool. Armed with both server-side and client side traces, you #8217;ll know what #8217;s up and more importantly, what #8217;s down! #183; Consider adding another Front end server in an expanded topology as thresholds are approached during peak load, but realize there will be declining return on hardware investment especially in a consolidated topology. Adding another server will definitely help, but scaling will not be linear. So would a new Front end facilitate an additional 5000 active users? It #8217;s not out of the question that another server will spread the load, but it #8217;s a false expectation to assume that you can facilitate another 15-20,000 active users every time another Front end is added. TechNet resources on Troubleshooting IM and Presence issues: #183; TechNet Labcast On-Demand: Configuring and Using Conferencing in Microsoft Office Communications Server 2007 More detailed information on proper configuration of OCS 2007 #183; TechNet Virtual Lab: Using the Management and Troubleshooting Tools in Office Communications Server 2007 More detailed information on troubleshooting and administration of OCS 2007 #183; TechNet Virtual Training On-Demand: Module 4- Using the Management and Troubleshooting Tools in Office Communications Server 2007 More detailed information on using the Validation Wizard in OCS 2007 #183; Microsoft Office Communications Server 2007 Administration Guide More detailed information on the administration of OCS 2007 #183; Office Communications Server 2007 Technical Reference Guide More detailed technical overview of server architecture and new features of OCS 2007 For an in-depth resource on Office Communications Server 2007, including detailed troubleshooting tips, refer to the Office Communications Server 2007 Resource Kit, especially Chapter 13: #8220;Monitoring, #8221; available from MS Press at: http://www.microsoft.com/MSPress/books/10482.aspx. Stu Osborn. Stu prepared the content for this post prior to transferring to Unify2
posted
by
ocsteam |
4 Comments
Filed Under:
Setup amp; Deployment
Tuesday, July 22, 2008 5:00 PM
Microsoft Office Communicator 2007 Phone Edition Status Codes
This information is also cross-posted at http://www.ucblogs.net/blogs/ocs On the About screen you'll see: #160; #160; #160; #160; #160; #160; #160; #160; #160; #160; Last Update Status: (0x####/0x#####) The two hexadecimal numeric codes are for the benefit of debugging an issue when the Phone Edition can't contact the Update Server. The normal state is (0x00/0). If the Phone Edition can't update, the user will read these codes to the Administrator. The first field is a WinInet error code. An error here would indicate a problem contacting the server. The list of possible values can be found at: http://support.microsoft.com/kb/193625 The commonly occurring values are #160; #160; Code #160; #160; #160; #160; #160; #160; #160; Error Message and Description #160; #160; ----- #160; #160; #160; #160; #160; #160; ----------------------------- #160; #160; 12002 #160; #160; #160; #160; #160; #160; ERROR_INTERNET_TIMEOUT #160; #160; (0x2ee2) #160; #160; #160; The request has timed out. #160; #160; 12005 #160; #160; #160; #160; #160; #160; ERROR_INTERNET_INVALID_URL #160; #160; (0x2ee5) #160; #160; #160; The URL is invalid. #160; #160; 12007 #160; #160; #160; #160; #160; #160; ERROR_INTERNET_NAME_NOT_RESOLVED #160; #160; (0x2ee7) #160; #160; #160; The server name could not be resolved. #160; #160; 12028 #160; #160; #160; #160; #160; #160; ERROR_INTERNET_ITEM_NOT_FOUND #160; #160; (0x2efc) #160; #160; #160; The requested item could not be located. #160; #160; 12029 #160; #160; #160; #160; #160; #160; ERROR_INTERNET_CANNOT_CONNECT #160; #160; (0x2efd) #160; #160; #160; The attempt to connect to the server failed. #160; #160; 12030 #160; #160; #160; #160; #160; #160; ERROR_INTERNET_CONNECTION_ABORTED #160; #160; (0x2efe) #160; #160; #160; The connection with the server has been terminated. #160; #160; 12031 #160; #160; #160; #160; #160; #160; ERROR_INTERNET_CONNECTION_RESET #160; #160; (0x2eff) #160; #160; #160; The connection with the server has been reset. The second field is an HTTP status code: An error here would indicate that the server was contacted, but failed to handle our request. The list of possible values can be found at: http://www.w3.org/Protocols/rfc2616/rfc2616-sec10.html The commonly occurring values are 10.4.2 401 Unauthorized The request requires user authentication. The response MUST include a WWW-Authenticate header field (section 14.47) containing a challenge applicable to the requested resource. The client MAY repeat the request with a suitable Authorization header field (section 14.8). If the request already included Authorization credentials, then the 401 response indicates that authorization has been refused for those credentials. If the 401 response contains the same challenge as the prior response, and the user agent has already attempted authentication at least once, then the user SHOULD be presented the entity that was given in the response, since that entity might include relevant diagnostic information. HTTP access authentication is explained in quot;HTTP Authentication: Basic and Digest Access Authentication quot; [43]. 10.4.4 403 Forbidden The server understood the request, but is refusing to fulfill it. Authorization will not help and the request SHOULD NOT be repeated. If the request method was not HEAD and the server wishes to make public why the request has not been fulfilled, it SHOULD describe the reason for the refusal in the entity. If the server does not wish to make this information available to the client, the status code 404 (Not Found) can be used instead. 10.4.5 404 Not Found The server has not found anything matching the Request-URI. No indication is given of whether the condition is temporary or permanent. The 410 (Gone) status code SHOULD be used if the server knows, through some internally configurable mechanism, that an old resource is permanently unavailable and has no forwarding address. This status code is commonly used when the server does not wish to reveal exactly why the request has been refused, or when no other response is applicable. 10.5.1 500 Internal Server Error The server encountered an unexpected condition which prevented it from fulfilling the request. 10.5.2 501 Not Implemented The server does not support the functionality required to fulfill the request. This is the appropriate response when the server does not recognize the request method and is not capable of supporting it for any resource. 10.5.3 502 Bad Gateway The server, while acting as a gateway or proxy, received an invalid response from the upstream server it accessed in attempting to fulfill the request. 10.5.4 503 Service Unavailable The server is currently unable to handle the request due to a temporary overloading or maintenance of the server. The implication is that this is a temporary condition which will be alleviated after some delay. If known, the length of the delay MAY be indicated in a Retry-After header. If no Retry-After is given, the client SHOULD handle the response as it would for a 500 response. #160; #160; #160; #160; #160; Note: The existence of the 503 status code does not imply that a #160; #160; #160; #160; #160; server must use it when becoming overloaded. Some servers may wish #160; #160; #160; #160; #160; to simply refuse the connection.
posted
by
ocsteam |
3 Comments
Filed Under:
Phone Edition
Monday, July 21, 2008 1:15 PM
June 2008 Sustained Engineering Updates
Below are the articles for released updates during the month of June 2008 952579 #160; Description of the Windows-based Live Meeting 2007 client update package: June 4, 2008 952578 #160; Description of the update for the Live Meeting Conferencing Add-in for Outlook: June 4, 2008 950559 #160; Description of the update for the Unified Communications Client API SDK 953907 #160; Description of the update package for Communications Server 2007: June 2008 UC-RTC Sustained Engineering
posted
by
ocsteam |
4 Comments
Filed Under:
UC-RTC Sustained Engineering
Tuesday, July 08, 2008 9:49 AM
Update for Resource Kit Tool ABSConfig.exe
Microsoft Resource Kits are typically released as-is and do not receive fixes but every once in a while you encounter a problem that prevents one from even using the tool at all and so the ABS Configuration Tool receives an update for two problems. This is the Knowledge Base article that documents the problems and fixes along with the process to obtain the fix - http://support.microsoft.com/Default.aspx?kbid=954749 The resource kit can be found with our other tools and resources on Microsoft Technet here - http://technet.microsoft.com/en-us/office/bb676081.aspx The description of the tool from the OCS Resource Kit Tools Readme - ABS Configuration Tool is a graphical user interface application that enables administrators to configure AD attributes and WMI settings, related to ABS. The primary scenarios for the tool are: To enable administrators to map attributes in the AD to the attributes for Office Communicator. To enable administrators to specify the list of attributes to be included in the ABS files. To enable administrators to configure WMI settings and thereby all common tasks related to ABS files. UC-RTC Sustained Engineering
posted
by
ocsteam |
2 Comments
Friday, May 23, 2008 5:15 PM
To UDP, or not to UDP, that is the question…
Generically, SIP can use (at least) 3 types of transport. Office Communications Server supports TCP and TLS, with the latter being the default (actually, TLS runs on TCP).
Various interactions with some partners and customers of late of have posed the question: "Why doesn’t OCS support SIP over UDP?" Their belief is that UDP is the ‘lowest common denominator’ SIP transport that is supported by "everyone" and that, by not supporting it, OCS is out of step with the mainstream of SIP implementation and interoperability.
Let’s evaluate that proposition on its merits.FONT
Why doesn’t OCS support UDP?FONT
There are three issues with UDPFONT:P
1) It is not encrypted, so you can’t ensure end to end security of SIP messages. There is no shortage of opinions on the security, or the lack thereof, of SIP (e.g. Cert® AdvisoryFONT, ). As a text based protocol that is human readable (if ‘readable’ is the right word…it is not exactly prose…) there are privacy/security issuesFONT of sending SIP ‘in clear’. Furthermore, UDP allows for easier spoofing of packets since connection state doesn’t need to be maintained (remember Slammer?....UDP). This is why OCS customers are stronglyU recommended to accept TLSFONT over TCPFONT as the default SIP transport within the OCS network.P
2) UDP has a fundamental flaw for large SIP messages: the size of the UDP datagram is limited to 1500 bytes, so a SIP message larger than that will be broken into two or more packets. The application layer (client or server) can receive the fragments out of order or a fragment could be lost (see 3 below). Since OCS SIP messages tend to contain various XMLFONT bodies, machine generated unique IDs (e.g. GRUUFONTs), ICEFONT candidate attributes, (etc.) they will normally span multiple packets.P
3) UDP is a "fire and forget" protocol: this is to say that the transport layer does not consider lost or delayed packets. The onus of tracking messages for which no response has been received (and the generation of new requests) is left to the application layer: this leaves the application (the client or the server) vulnerable to overload situations. In bad network conditions, the best case scenario is a call setup delay. The worst case scenario is that the SIP network can reach a tipping point where the session timers are tripping for every transaction because the network elements are busy generating, or responding to, "retries" – a so-called "retry stormFONT".P
A commercially deployable enterprise communications solution must, at the very least, be secure, reliable and scalable. UDP presents challenges in all of these areas and the SIP RFCs (see below) allow us to choose from alternative SIP transports. Within the OCS network we use TLS, and at the edge of the network we can interoperate over TCP.
Why do people object to TCP or TLS as a SIP transport?FONT
The fundamental objection to SIP over TCP or TLS is that it they are computationally expensive relative to UDP. There are several parameters at the transport, session and application layers that affect transaction performance:
· Stateful vs. StatelessP
· Authentication vs. no AuthenticationP
· Encryption vs. no EncryptionP
An IBM Research article "Evaluating SIP Proxy Server PerformanceFONT" examined, among other things, the impact of the choice of SIP transport protocol on SIP transaction throughput. The authors found clear evidence that stateless UDP with no authentication (and therefore no encryption) has, by far, the highest throughput. However, this modality is completely incompatible with a reliable and secure commercial communications service. Stateful transaction processing with authentication yielded a 43% transaction degradation when using TCP compared with UDP. However, the authors were using an open source proxy server and brought to light various performance issues that were implementation specific.P
An IEEE Article "SIP Security Issues: The SIP Authentication Procedure and its Processing LoadFONT" further examines the security and authentication overhead issue and found only a 5.5% overhead to TCP vs. UDP. Their summary includes the comment:P
Another interesting finding is that the TCP processing introduces a small increase [in processing overhead] with respect to UDP and that the additional increase due to TLS is almost negligible.
Therefore, if you compare UDP to TCP and TLS in a commercially deployable solution, it is hard to defend the argument that the overhead of TCP and TLS outweigh the reliability and security advantages that they provide.
The debate regarding whether or not TCP is inefficient/expensive has been going on for many years. An IEEE Landmark Article "An Analysis of TCP Processing OverheadFONT" published in June 1989 disproves the notion that TCP (by then a 15 year old protocol) is an inefficient protocol. The fact that it is still in use nearly 20 years later suggests that the authors were correct and that current anti-TCP sentiment is based upon "techno-urban legend", rather than scientific analysis.P
Is UDP more standardU than TCP or TLS?FONT
There is a belief among certain constituencies that UDP is "more standard" than TCP or TLS.
From a historical perspective, the original SIP spec, RFC 2543FONT (published in March 1999), states:P
User agents SHOULD implement both UDP and TCP transport. Proxy, registrar, and redirect servers MUST implement both UDP and TCP transport.
Note that equal priority was given to TCP and UDP. If you take a look at the current SIP spec, RFC 3261FONT (published in June 2002), you will see in section 18 the following statements related to SIP transport:P
All SIP elements MUST implement UDP and TCP. SIP elements MAY implement other protocols.
Making TCP mandatory for the UA is a substantial change from RFC 2543. It has arisen out of the need to handle larger messages, which MUST use TCP, as discussed below. Thus, even if an element never sends large messages, it may receive one and needs to be able to handle them.
While it is true that OCS does not comply with RFC 3261 by not offering or accepting UDP, the assumption that all SIP messages will exceed the UDP datagram size limit provides an implied waiver on this requirement. Furthermore, TCP is the base transport for TLS, which we strongly recommend for security reasons; note that TLS does not run on UDP. Therefore, the conjunction of the security, fragmentation and reliability/scalability issues has lead us to the conclusion that UDP is not a useful transport for the transmission of SIP messages.
Is UDP the preferred SIP transport?FONT
In order to verify the notion that SIP over UDP is supported by everyone, and yet TCP/TLS is supported by no-one, let’s examine the SIP offerings of the (overwhelming) majority market share vendors:
VendorBP
UDPBP
TCPBP
TLSBP
ReferenceBP
MicrosoftP
NP
YP
YP
http://download.microsoft.com/download/d/b/6/db641148-427b-41d3-9f20-7ffbddaf65b8/OCS_VoIP_Guide.docP
CiscoP
YP
YP
YP
http://www.cisco.com/en/US/docs/ios/12_4t/12_4t11/FeatTLS.html#wp1092137FONT P
IBMP
NP
YP
YP
http://download.boulder.ibm.com/ibmdl/pub/software/dw/lotus/sametime-sip.pdfP
NortelP
YP
YP
YP
http://www142.nortelnetworks.com/techdocs/CS1K_5_0/pdf/NN43001-564_01.05_NRS.pdfP
AvayaP
YP
YP
YP
http://www.avaya.com/gcm/master-usa/en-us/products/offers/sip_enablement_services.htm amp;View=ProdTechSpec
Alcatel-LucentP
YP
YP
NP
http://www1.alcatel-lucent.com/doctypes/articlepaperlibrary/pdf/ATR2002Q4/T0212-SIP_Technology-EN.pdf
SiemensP
YP
YP
YP
http://www.enterprise-communications.siemens.com/Products/Phones%20Clients/Desktop%20Phones/~/media/6DAA007008EB4A5CA0212A6D12A49770.ashx
AudioCodesP
YP
YP
YP
http://www.audiocodes.com/objects/sbc/nCite_4000.pdf
NextpointP
YP
YP
YP
http://www.nextpointnetworks.com/files/NextPoint_SBC_USLTR_2008_hirez.pdf
P
Acme PacketP
YP
YP
YP
http://www.acmepacket.com/html/page.asp?PageID={06E4AEBC-24E2-46CC-BA95-7C74288FA45B}FONT P
CovergenceP
YP
YP
YP
http://www.covergence.com/stuff/contentmgr/files/4adf40f79f81482fff714c46d8e06832/misc/ssesb.pdfPP
Based on this small, but statistically significant sample – there is a strong argument that TCP is actually the lowest common denominator SIP transport. Certainly, the notion that vendors do not support, and customers can not deploy, SIP over TCP is thoroughly debunked.
ConclusionFONT
We have examined the myth that UDP is the best choice SIP transport:
· We have evaluated whether or not UDP is a good protocol for a commercially reliable, secure and scalable communications serviceP
· We have examined the evidence that TCP, with stateful transaction processing and authentication, is significantly less performant than UDPP
· We have determined whether there is any basis for a bias towards UDP in the SIP standardsP
· We have also examined the support of UDP, TCP and TLS in the majority of enterprise and service provider SIP deploymentsP
As Adam and Jamie say on the Discovery Channel’s ‘Mythbusters’: I think we are ready to make a call on this myth….and it is definitely ‘bustedU’.
Russell Bennett
Lead Program Manager
posted
by
ocsteam |
12 Comments
Filed Under:
SIP
Friday, May 23, 2008 7:06 AM
Recent Yahoo! and MSN (Windows Live) Public IM Connectivity changes
Recently, there have been some server changes made by two of our Public IM Connectivity partners Yahoo! Inc. and MSN (Windows Live). These changes will affect only those Microsoft Office Communications Server 2007 and Microsoft Office Live Communications Server 2005 customers whose external firewalls accept traffic on TCP port 5061 only from known IP addresses.
On May 22, 2008, Yahoo! Inc. moved their servers that provide instant messaging (IM) federation with Microsoft Office Communications Server 2007 and with Microsoft Office Live Communications Server 2005. As a result, The fully qualified domain names (FQDNs) and IP addresses for the Yahoo! gateway servers have changed. However, Yahoo! will not change the name of the service provider for instant messaging, which is configured in Microsoft Office Live Communications Server 2005 Access Proxy and Microsoft Office Communications Server 2007 Access Edge Server. This name will remain lcsap.msg.yahoo.com.
Meanwhile, MSN (Windows Live) has also changed the IP address for its LCS and OCS gateway. The name of the service provider for instant messaging will also remain the same, which is federation.messenger.msn.com.
As documented in the documentation for Live Communications Server 2005 SP1 and for Office Communications Server 2007, the recommended firewall configuration when federating with public IM providers is to allow any IP address to connect to port 5061 on the Access Proxy. However, certain enterprises prefer to enforce stricter firewall rules and restrict incoming connections to specific IP addresses. For those customers, the IP addresses that are used by the public IM networks need to be specifically allowed on the enterprise firewall. The following lists contain the new IP addresses that are currently used by each service provider:
IP address that is used by MSN (Windows Live)• 65.54.227.249
IP addresses that are used by Yahoo!• 76.13.22.8 • 76.13.22.9 • 76.13.22.10 • 76.13.22.11 • 98.136.47.8 • 98.136.47.9 • 98.136.47.10 • 98.136.47.11 IP addresses that are used by AOL (unchanged)• 64.12.162.248 • 205.188.153.55 For further information about the Yahoo! Change, please refer to the following Microsoft KB article:
http://support.microsoft.com/kb/952209
For other Known issues that occur with public IM connectivity, please refer to the following Microsoft KB article:
http://support.microsoft.com/kb/897567
Hao YanSr. Program Manager
posted
by
ocsteam |
3 Comments
Filed Under:
Federation amp; PIC
Wednesday, May 21, 2008 11:25 AM
Simplifying Enhanced Presence
What is Enhanced Presence?
OCS 2007 allows its client applications to publish and subscribe to Enhanced Presence information. The enhanced presence infrastructure includes categories and containers. State, note, contact information, or calendar data (e.g. Free/Busy) are examples of categories. Containers are logical buckets into which the clients publish the categories of presence information.
A user can control what presence information other users see. For example, if userA@fabrikam.com places userB@fabrikam.com in his Public container, userB can see only userA's name, e-mail address, and basic contact information. If userA places userB in his Personal container, userB can see detailed information like additional phone numbers, location etc.
OCS 2007 notifies watchers of presence changes for the container they have permission to access. OCS 2007 supports this functionality through the use of Access Control Lists (ACLs) that map a user’s contacts into Containers. Each end user can configure their ACLs via the “Access Level” or “Access Levels Management” view in the Office Communicator client. ACL’s can define the set of users which can access a container based on a number of different criteria:
URI list (e.g. “userA@fabrikam.com”)
Domain List (e.g.“fabrikam.com”)
Same Enterprise
Federated Users
Public Cloud Users
 Enhance Presence Feature SetThe main features of the enhanced presence model are as follows: • Enhanced presence status• Automatic sensing of activity• Access levels• Interruption management• Multiple points of presence (MPOP)• Extensible presence status• Integration with Office applications
To enable enhanced presence for a single user
1. Click Start, click Control Panel, click Administrative Tools, and then click Office Communications Server 2007.2. In the console tree, expand Communications Enterprise Edition Pools.3. Expand the pool that contains the user you want to enable for enhanced presence, and then click Users.4. In the details pane, right-click the user, and then Properties.5. In the Properties dialog box, click Configure.6. In the User Options dialog box, select the Enable enhanced presence check box.7. When the enabling enhanced presence message is displayed, read the information, and then click Yes to complete the enabling of enhanced presence for the user.
 
What happens when a user is enabled for enhanced presence?
After you have enabled your users for enhanced presence, deploy Office Communicator 2007 to all client computers for these users. After a user is enabled for enhanced presence, the user can no longer sign in to previous versions of Office Communicator, Communicator Web Access, or Communicator Mobile.
Note: When you do enable Enhanced Presence on the user object following the migration, the user is still able to sign-in using legacy clients. When the EH aware client signs-in, the database information is upgraded to include EH information. From this point forward, the legacy client does not function.
Any user created in OCS 2007 pool\server already has enhanced presence enabled and cannot be changed.
An example of user activity category publication in Enhanced Presence
 For more information regarding Enhanced Presence, please see: http://communicatorteam.com/archive/2008/03/06/103.aspx Important links:OCS Enhanced Presence Model: http://www.microsoft.com/downloads/details.aspx?FamilyID=df0ba247-3884-43c7-a1e1-791d64b8bfa8 amp;displaylang=enOCS Resource kit: http://www.microsoft.com/MSPress/books/10482.aspxP
Ram Ojha
Support Engineer
posted
by
ocsteam |
3 Comments
Filed Under:
Setup amp; Deployment
Tuesday, May 20, 2008 9:54 AM
'SIP Trunking' in Office Communications Server
In the Office Communications Group (OCG) white paper “Integrating Telephony with Office Communications Server 2007” we stated that “SIP Trunking” was out of scope for that release but was “under consideration” for future releases. We are always reluctant to commit features to releases in advance of the official release announcement; however it is reasonable to say that the process of consideration is underway.
OCS 2007 Voice Connectivity
In Office Communications Server 2007 (OCS) there are 3 modes of voice calling:
1. OCS point to point: User A calls User B – call is VoIP end to end.
· The endpoint could be Office Communicator (OC) or an IP phone (e.g. Polycom CX700)
· Users could be either inside the network or roaming
· Applies equally to multi-modal communications (i.e. IM, Video, Collaboration)
2.OCS Federation-a User in domain A calls a User in domain B - the call is VoIP end to end over the public internet.
· Federated calls still carry the same capabilities as point to point calls described above – roaming, video, etc.
3. PSTN to OC: a telephony user (PSTN, mobile, PBX) calls an OC user (or vice versa).P
· OCS Co-existence – PBX phone and OC are integrated via “dual-forking” mechanism between PBX and OCS, such as Nortel’s Converged Office
· OCS Stand-alone – OC accesses telephony via integration using the PBX or a Media Gateway
· Remote Call Control – OC applies 3rd Party Call Control to a PBX phone
As previously stated, direct interoperability via SIP/RTP with Telephony Service Providers: aka “SIP Trunking” is not supported in OCS 2007.
What is “SIP Trunking”?
What do we mean by “SIP Trunking”? OCG’s definition was laid out in the white paper referenced above. The very fact that we needed to define it shows that there are many interpretations of this term. To further complicate matters, OCG is not the only Microsoft Business Unit engaged in offering this feature – the ResponsePoint group (see: http://www.microsoft.com/responsepoint/default.aspx) is also shipping a SIP Trunk feature in their product and that has a slightly different technical specification to the one we are considering.
Jonathan Rosenberg has formally defined a “SIP Trunk” here: (http://tools.ietf.org/id/draft-rosenberg-sipping-siptrunk-00.txt ) in at least 4 different guises (and who am I to dispute that ?) However, as a vendor of equipment that at some time in the future will support this function, it is incumbent on OCG to define what that function might be.
For Microsoft OCG, “SIP Trunking” is the use of SIP and RTP to pass telephony traffic from the enterprise network edge to a network service provider over an IP connection (i.e. without traversing TDM or circuit networks). For cases where OCS is connecting to a Gateway or IP-PBX, as we qualify through the Unified Communications Open Interoperability Program (http://technet.microsoft.com/UCOIP), we use the term “Direct SIP”
Why SIP Trunking?
The value proposition of SIP Trunking for an OCS customer is:
1. Not having to deploy, maintain, and operate IP-PSTN gateways on-premise either regionally or at remote offices
2. Consolidation of data/voice networks (recurring costs)
3. Reduction of call degradation by reducing the number of conversions of the call from IP to TDM (and back): note that most calls today are carried on a long distance network over IP transports.
The benefit of providing a SIP Trunking feature for Microsoft OCG is:
· In the short term, offering OCS customers the choice of how to connect to the PSTN
· The long term value of SIP Trunking is ultimately about creating a roadmap of federated multi-media communications via managed networks
The value proposition of SIP Trunking for Telephony Service Provider is to bring new value to their IP customers and to define a services-based UC value-proposition. IP-centric service providers, on the other hand, are hoping to access a new channel for their services.
Is SIP Trunking defined in a standard?
A technical recommendation for “IP PBX / Service Provider Interoperability” was created by the SIPconnect technical working group of the SIP Forum in 2006. In many ways, this was a useful document, but it has not been broadly supported by equipment vendors or the network service providers. Indeed, the actual uptake of SIP Trunking services has lagged far behind the apparent demand for such a service: the voice traffic traversing a SIP Trunk is currently a tiny proportion of total global trunked traffic.
In an attempt to address the adoption issue, the SIP Forum has launched a new initiative to revise the SIPconnect specification. The Board of the SIP Forum recognized that Microsoft, as a leading vendor of unified communications solutions, could be a positive proponent of this effort. In parallel, we realized that the number of service providers (wireline, IP and mobile) around the world was significantly greater than the number of PBX vendors. We also came to realize that a minority of these Service Providers were currently offering SIP Trunking, and those who did were not necessarily compliant with the SIP RFCs. Thus, the easiest way for us to address the issue of there being no defacto standard was to work with the SIP Forum to help define a standard that all vendors and service providers can support.
The natural outcome of this mutual realization was that, at the invitation of the Board of the SIP Forum, Microsoft OCG has submitted a base specification for SIPconnect 1.1 (see: http://www.sipforum.org/component/option,com_docman/task,cat_view/gid,45/Itemid,75/ ) and, at the time of writing, the document has been downloaded 300 times. As of May 7th, the Technical Working Group has started work on the effort, lead by Rich Shockey of Neustar. The timelines for completion have not been finalized, but we hope that a final draft of SIPconnect 1.1 will be ready by the end of the year.
Russell Bennett
Lead Program Manager
posted
by
ocsteam |
5 Comments
Filed Under:
SIP
Friday, May 16, 2008 10:45 AM
Video Conferencing for Masses vs. Personal Telepresence
This week, Cisco introduced its personal telepresence technology to the world and announced their entry into the “market for in-person virtual communications with new endpoints for the personal office and large group meetings”.
It is great to see Cisco endorsing and supporting video conferencing for the masses, something we have long felt was critical for organizations to see real benefits. But I think there are some serious limitations to the approach they have taken.
Budget and environmental impact are just a numbers game at the end of the day. There are 100’s of information workers for every executive in the world, and the impact of any technology you can give to executives will be amplified if you can do it for everyone. To see these benefits, technology must be affordable and accessible to the masses.
High end telepresence units, costing businesses $300,000 a piece before network upgrades and annual maintenance, are out of reach for all but a privileged few in the organization. If you had that kind of telepresence system for every 50 information workers in world (an expected ratio of workers to meeting rooms), it would cost more than the GDP of Spain! But while we at Microsoft were out announcing plans for a $300 high def camera that would revolutionize the accessibility of high quality video conferencing for everyone, Cisco is announcing a stripped down version of its flagship telepresence product selling for $34,000 per unit.
I just don’t believe you get mass adoption when the price point evokes the question “should I buy this or the helicopter?”. The market is limited to literally a few hundred units. Units like the Polycom HDX 4000, for example, have been around for years at a fraction of the price. Stephen Lawson at IDG sums it up well when he says “The System 500 is not the consumer device Cisco envisions, which former Chief Development Officer Charlie Giancarlo last year predicted could be sold within two to three years for about US $1,000.”
In contrast, Microsoft RoundTable sells for $3,000-$4,000 and has already built up over 700 customers and thousands of units sold after launching in October 2007. For the price of two personal telepresence units which would enable two executives to talk to one another, customers can buy 20+ RoundTables, enabling a much larger number of people in remote offices to communicate and collaborate more effectively, while reducing travel costs.
I also don’t get the argument about personal telepresence “shortening sales cycles” or to “improve productivity”? Most information workers spend a significant portion of their time collaborating using applications and yet telepresence systems don’t have an easy way to share applications with others. Sales people are often out visiting customers or on the road and more and more workers are working from home these days, but they can’t lug around a 400 pound telepresence unit with them to stay connected. While the world is moving towards integrated collaboration and mobility, personal telepresence seems to be focused on very expensive video conferencing as the one trick pony.
At Microsoft, we have really focused on building video conferencing into common applications and user experiences to make business processes more engaging. Integration into tools such as Live Meeting and Communicator, which are compatible with many third-party audio and video devices, make it easy to use video conferencing for face to face conversation, multimedia document collaboration or telework.
Finally, to make a communication tool useful and impactful, you have to make it interoperate with common legacy equipment. This includes colleagues on Tandberg or Polycom systems, which account for over 75% of the installed base of video conferencing today. Or federated customers and partners for example. The lack of interoperability makes the system an isolated island in a customers’ broader environment. If you are going to go for a telepresence solution, you should consider systems that interop with broader installed base, such the Tandberg Experia or the Polycom RPX for example.
It’s great to see that Cisco has joined the tide of video conferencing for the masses but clearly there is a long way to go beforeGiancarlo’s vision is realized.
Moz Hussian
Director of Product Management
posted
by
ocsteam |
4 Comments
Filed Under:
Video Conferencing
Friday, April 18, 2008 11:23 AM
Where to store OCS Global Settings?
The Prep Forest step requires a decision on the location for OCS Global Settings – you can choose to store these in the System container in the root domain (default and recommended) or the Configuration partition which is replicated Forest-wide.
Refer to the OCS AD guide for addition detail on Active Directory Global Settings and Objects.
http://technet.microsoft.com/en-us/library/bb803604.aspx
Factors to consider for storing OCS Global Settings:
1. Do you have LCS? If you do, the configuration partition option selection will be grayed out - choose the domain partition. If you have server or MMC performance problems related to access to the root domain, follow the Tip below to move to the configuration partition.
Tip
If LCS/OCS is running into issues because of poor root connectivity – this typically shows up in poor MMC performance and errors in LCS/OCS server event logs – you can remove LCS/OCS from the forest and then rerun Prep Forest choosing the configuration partition. To remove LCS, first deactivate and remove all LCS and OCS servers, remove Prep Domain configuration (use the DomainUnPrep Action with LCSCmd.exe) and remove Prep Forest configuration (use the ForestUnPrep Action with LCSCmd.exe).
2. Do you have a mature Exchange implementation? If you do, you are already replicating Exchange configuration settings Forest-wide so adding OCS configuration will not significantly impact your network – choose the configuration partition.
3. Do you have a Distributed Forest with Domains or Sites where you will deploy OCS servers (all roles - Front End, Mediation server, etc. - except edge servers which are not domain joined) that do not have a reliable and fast connection to a root domain DC? If so, choose the configuration partition.
4. Do you have an empty root (a root domain that does not host users or servers) in your Forest? If so, you can run into issues deploying OCS servers in child domains at a site without reliable and fast connectivity to a root domain controller. This is similar to #3 above – choose the configuration partition.
5. Is this a Greenfield installation? If this is a new installation without LCS, Exchange or a complex Forest, then go with the default and recommended root domain naming context storage as this will reduce AD replication traffic on your network. If you have a distributed deployment with sites/domains that now or in the future will house OCS servers without good and fast connectivity to at least one root domain DC/GC, you are in the same situation as #3 or #4 - choose the configuration partition.
The following decision tree can be used as general guidance within the above context:
Andrew Sniderman
- Architect, Microsoft Consulting Services
posted
by
ocsteam |
4 Comments
Filed Under:
Setup amp; Deployment
Tuesday, March 25, 2008 3:52 PM
Information on A/V Edge Ports and Public IP Addresses
lt;Update July 22 -
"Designing Your Perimeter Network for Office Communications Server 2007 White Paper“ (http://www.microsoft.com/downloadS/details.aspx?familyid=E4A8D703-E41A-47D9-B9DD-2799F894AF92 amp;displaylang=en) gt;
The A/V edge server enables users to participate in audio and video connections from outside the corporate network, such as a point to point call, a conference, leaving a voicemail with Exchange UM, or making a PSTN call. Contoso has deployed the A/V Edge server with two NICs in the perimeter network. The external firewall separates the edge server from the Internet and the internal firewall separates the server from the corporate network. In order for the A/V Edge server to function correctly, the internal firewall must allow traffic to UDP 3478, TCP 443, and TCP 5062 (A/V authentication port). And the external firewall must allow bi-directional traffic to the following ports: UDP 3478, TCP 443, UDP 50,000-59,999, and TCP 50,000-59,999. No NATing behavior is allowed on either firewall. The external IP address must be publicly routable and the internal IP address must be routable from within the corporate network. The ports on the external edge tend to undergo greater scrutiny because they involve more ports open to the internet. This sidebar first explains why are there are so many publicly addressable ports and then how these ports are secured from an attack. Why the A/V Edge has so many ports
Needing UDP ports
UDP connections are more resilient to packet loss than TCP. When a UDP packet is lost, the transport delivers subsequent packets without delay. When a TCP packet is lost, the transport holds all subsequent packets because TCP inherently must provide a reliable stream of data. This results in increased audio latency as we wait for the lost packet to retransmit and the rest of the TCP stream to "catch up". Needing TCP ports Although UDP is a more efficient transport, some clients can only reach the internet via TCP, typically due to a corporate firewall policy. OCS also supports a TCP media transport in case a UDP path is not available. At the start of each call or conference, the two endpoints use the IETF's ICE protocol to dynamically choose the optimal media path available. This protocol prefers direct media paths over those that go through a media relay, and UDP paths over TCP paths. Needing the port range at 50,000 The A/V Edge server is an implementation of the IETF's STUN protocol with TURN relay extensions. The standard requires this port range because it cannot assume the remote party has access to the same media relay server. Phone calls often traverse company boundaries, such as a federated VOIP call in OCS2007. Calls to standalone SIP devices are another example that one could envision as VOIP technology continues to evolve. The federated company cannot access the local company's A/V Edge server via UDP3478/TCP443. The 50,000 port range allows media to traverse in a federated call. It is a port range instead of a multiplexed port to enable efficient relaying of RTP packets. A multiplexed port would require increased packet inspection and lowered efficiency of the server. As you will see below, the port range also increases the security of the A/V Edge Server.
Needing a publicly routable IP address on the external interface The external A/V Edge requires a publicly routable IP address for several reasons. First, the A/V Edge server implements the STUN protocol, a mechanism whereby the A/V Edge server reflects back the IP address it saw from a user's home router. This home router IP address is used to enable the use of efficient media paths using the ICE protocol and is also needed to ensure proper IP permissions are set on the A/V Edge servers 50,000 port range. If the A/V Edge external address was behind a NATed IP, the A/V edge server would return that address instead of the address of the home router, leading to less efficient (sometimes broken) media paths and permission issues on the 50,000 port range. A second reason for publicly routable IPs is to support UDP load balancing. For real time audio/video traffic, UDP is the preferred protocol to transfer RTP packets. However, UDP is a stateless protocol, so some load balancers distribute UDP packets to the servers without any context for the current session. To mitigate this, the A/V edge server returns its external IP address on the first UDP packet of a media session, and OC or the Meeting Console client sends subsequent UDP traffic directly to that IP address instead of through the load balancer. In order for this mechanism to work, the external IP must be publicly routable. Note that supporting a publicly routable IP address on the external edge does not preclude a company from using a firewall. To the contrary, Microsoft recommends that all externally facing servers be protected with a firewall provided that firewall does not NAT the IP address.
Needing a routable IP address on the internal interface For the same reason of needing to support UDP media across load balancers, the A/V edge server returns its internal IP address on the first UDP packet of a media session, and OC or the Meeting Console client sends subsequent UDP traffic directly to that IP address instead of through the load balancer. That is the reason why the internal IP address needs to be routable from the corporate network. And to be specific, this internal IP address needs to be routable by client endpoints (OC/Meeting Console) as well as server endpoints (Mediation Server/AVMCU/ExchangeUM), given that OCS 2007 supports media point to point and via a conference.
Understanding the technology is not enough, though. Like most corporations, Contoso's IT department is composed of emerging technology and network security engineers. Deploying the technology described above will only happen if it passes a security review. The following section discusses security aspects, first providing a summary of the mechanisms in place along with a more detailed description afterward.
Security Overview Security of A/V Edge Server Auth Port TCP5062 (internal edge only) OCS front end servers must provide a validly signed certificate whose subject name matches the FQDN of that server. (The OCS front end server performs the same check against the A/V Edge Server's certificate.)
The OCS front end server FQDN must be on a trusted list of the A/V Edge Server. (The OCS front end server performs the same check against the A/V Edge Server FQDN.) All SIP signaling is protected with 128-bit TLS encryption.
Security of UDP3478/TCP443(internal and external edges) Port allocation is protected by 128-bit digest challenge authentication, using a computer generated password that rotates every 8 hours.
A sequence number and random nonce are used to deter replay attacks.
Media relay packaged messages (UDP3478/TCP443) is protected with a 128-bit HMAC signature. Security of UDP/TCP 50,000-59,999 (external edge only) Ports are allocated randomly within that range per call. An attacker needs to predict which port is active and complete an attack before the call ends. Incoming traffic is filtered according to the IP addresses of the other endpoint's candidates. Even if an attack finds a port in use, it must also spoof the correct IP address. These two examples actually make the port range more secure. If all traffic was multiplexed through one port, it would accept traffic from IP addresses of all remote endpoints. Security of end to end media Media packets are protected with end to end SRTP, preventing any eavesdropping or packet injection.
The key used to encrypt and decrypt the media stream is passed over the TLS secured signaling channel.
Details of Security
Security of A/V Edge Server Auth Port TCP5062(internal edge only) When a user logs in to OC or joins a meeting, it first acquires a username/password token from the media relay by sending a SIP SERVICE message over the TLS secured signaling channel. The last leg of this signaling path is a TCP connection from the user's OCS front end server to the A/V authentication port of the A/V Edge server. This connection is only accepted on the internal facing IP address of the A/V Edge Server. Before accepting the SIP SERVICE request, a TLS connection must be set up where both sides validate the following: 1) Other server provides a certificate signed by a trusted authority, 2) the certificate's subject name matches the FQDN of that server, and 3) that server's FQDN matches one of the servers on a local trusted server list. (In fact, all servers in the OCS system perform this series of checks before allowing any communication to or from another OCS server.) If all three checks pass, the TLS connection is established and the SIP SERVICE command carried to the A/V Edge Server, which responds with a 200OK containing the computer generated username/password token.
Security of UDP3478 and TCP443 (internal and external edges) The A/V Edge Server is an enterprise managed resource, so restricting access to authorized users is important for security and resource considerations. Communication on the UDP3478 and TCP443 ports is only allowed for clients that belong to the corporation managing that A/V Edge Server. A client uses these two ports to allocate UDP and TCP ports within the 50,000 port range for the remote party to connect to. Using the computer generated username/password obtained via the SIP SERVICE request, the client performs digest authentication against the A/V edge server to actually allocate the ports. An initial allocate request is sent from the client and responded with a nonce challenge message from the A/V Edge Server. The client sends a second allocate containing the username and an HMAC hash of the username and nonce. A sequence number mechanism is also in place to prevent replay attacks. The server calculates the expected HMAC based on its own knowledge of the username and password. If the HMAC values match, the allocate procedure is carried out, otherwise the packet is dropped. This same HMAC mechanism is also applied to subsequent messages within this call session. The lifetime of this username/password value is a maximum of 8 hours, at which time the client will reacquire a new username/password for subsequent calls. Security of UDP/TCP 50,000-59,999 (external edge only) The question arises, Are 10,000 ports less secure than a couple well known ports? One might think so, but actually the answer is no. From an attacker's standpoint, each of those 10,000 ports behaves exactly the same. The more pertinent question is: How secure is each of those 10,000 ports? One consideration is that allocations in this range are chosen randomly. At any given time, it is likely that many of these ports are not even listening for packets. (Contrast that with a well known port that an attacker can focus on.) The security mechanism in place on each port is to filter traffic for only those packets that originate from the remote endpoint's IP address. This IP address is communicated over the TLS secured signaling channel, and packets from any other IP addresses are dropped by the A/V edge server. In this situation, having a range of ports actually improves security. Since a random port allocation happens for each call, this design forces the attacker to 1) deduce an active port, 2) break the TLS signaling channel, and 3) spoof the remote user's IP address ll in the span of a single call. Can this port range be reduced? Yes, but doing so limits A/V Edge scale in peak conditions, and does not increase security. A reduced port range should factor no less than 6 UDP/TCP ports per user in a peak load condition. Can this port range be eliminated altogether for companies that do not require audio/video federation? Unfortunately, this scenario has not been tested and is currently an unsupported configuration. Security of end to end media OCS clients perform signaling to the server using 128-bit TLS encryption with validation that the server certificate has a matching FQDN and is signed by trusted authority. This same mechanism is used by e-commerce sites. To secure the media channel, OCS uses the IETF's SRTP protocol. The mechanism carries out a 128-bit key exchange over the secure signaling channel which the two endpoints then use to encrypt and decrypt the media stream via 128-bit AES. Even if an attacker can perform a man in the middle attack of the media path, no eavesdropping or false packet injection is possible.
Understanding the design features and security mechanisms of the A/V Edge Server will enable a meaningful discussion between the IT engineers deploying OCS and the security team protecting the corporate network.
-Alan Shen, Senior Program Manager
posted
by
ocsteam |
6 Comments
Filed Under:
Edge Servers
Tuesday, March 18, 2008 12:16 PM
Microsoft Announces Global Strategic Alliance with Aspect Software
Today, at VoiceCon 2008, we announced a global strategic alliance with Aspect Software to bring unified communications and software-powered voice to the contact center. Under terms of the multi-year, global alliance, Aspect will integrate its .NET-based contact center suite, Aspect Unified IP, with Office Communications Server. Over the next several years, Aspect will increase this interoperability and integration to deliver its next-generation contact center solution built on Office Communications Server’s voice call processing and unified communications capabilities. This new solution will be Aspect’s lead offering to both new and existing customers. Aspect will also build a professional services practice to help customers deploy, customize, and manage Microsoft’s unified communications software in the contact center – and throughout the enterprise. As part of the relationship, Microsoft is also making an equity investment in Aspect to accelerate development and adoption of the new offerings. This announcement provides strong validation and momentum for Microsoft’s software-powered voice and unified communications platform. We’re excited about the opportunity to work with them, and bring them into our partner ecosystem.
As customers make UC platform decisions – including voice – we know that they are increasingly looking for end-to-end technology and services capabilities in all parts of their organizations, including the contact center. Our joint roadmap with Aspect’s Unified IP and Unified Command and Control platforms, and Microsoft UC (including OCS), will give customers a compelling alternative to PBX- centric models. Contact centers have some of the most demanding voice and communications requirements, and there’s a huge focus on metrics and ROI. This is a place where we believe there is great value for software-powered voice and seamless communications (voice, IM, presence, email).
We are seeing a growing number of enterprises and contact centers who will deploy the Microsoft UC platform and this is a key priority for us in this partnership. As a result, as part of our announcement, Aspect is creating a new arm in their professional services group focused on Microsoft’s unified communications platform. While this agreement will start in the contact center, it will extend to the enterprise communications needs more broadly through Aspect’s professional services arm. By later this year, Aspect will have services professionals inside and outside North America - fully trained on the Microsoft UC platform including OCS (IM, Presence, and Voice) and Exchange 2007, and specializing in architectural design, implementation and integration. Aspect’s software today is already used in more than 3,000 companies in over 55 countries, and through this professional services component of our alliance, Aspect will be equipped to help these companies deploy unified communications across their organizations for contact center agents, information workers, mobile and teleworkers, and all other areas of the enterprise for software-powered voice, conferencing, IM, and presence.
Enterprise adoption of OCS is going strong. More than 35% of the Fortune 500 have licensed OCS, and this portion of our Aspect alliance is sure to accelerate this adoption and the transformation of the voice industry away from the network PBX and towards software-powered voice.
Zig Serafin
General Manager
Microsoft Unified Communications Group
posted
by
ocsteam |
2 Comments
Filed Under:
Voice
Friday, March 14, 2008 11:02 AM
INTERACT 2008
If you see yourself as a leader in the world of unified communications, I invite you to join me and my team at INTERACT 2008 as we look at how communications have evolved and how these industry changes position you for exciting new opportunities.
INTERACT 2008 is our exclusive event focused on building community among technology professionals, specifically, those who are evaluating and deploying Microsoft’s Unified Communications products. It will be held on April 8-10 in San Diego, California and will provide ample opportunities for attendees to network with one another. More than fifty members of our product engineering teams will be there for interactive technical sessions, birds of feather sessions, and social events at what we’re calling “PubWorld”. I’ll be there talking about what we’re seeing in the new world of communications technology and I’d like to hear what you are seeing and hear your feedback on our products.
If you see yourself as a leader in bringing Unified Communications technologies to your organization and taking your career to the next level, I’d encourage you to come.
Register today and use this special code [OCS08].
Be among the first 5 people to register, I will buy either your ITForum 2009 or TechEd 2009 registration pass.
See you in sunny San Diego!
Gurdeep
Register today! http://www.interact08.com/ with code OCS08
posted
by
ocsteam |
4 Comments
Filed Under:
Events
Friday, March 07, 2008 2:18 PM
Planning Tool for Office Communications Server 2007
The planning tool provides you prescriptive guidance to get you started with planning your Office Communications Server 2007 topology. The tool asks you a series of interview questions about the features that you are interested in, as well as information about your organization. Based on the answers you provide, the planning tool draws out a recommended topology based on Microsoft’s Office Communications Server 2007 User Model that has been tested. The planning tool also provides customized links to the appropriate documentation to help you plan and deploy your topology.
You can download the Planning Tool for Office Communications Server 2007 at http://www.microsoft.com/downloads/details.aspx?FamilyID=06793661-cd69-4490-bb4b-e97dd271209d amp;displaylang=enP
Remco Stroeken
Senior Product Manager
posted
by
ocsteam |
17 Comments
Filed Under:
OCS Tools
Thursday, March 06, 2008 1:10 PM
Microsoft Online Services announcement
P
On March 3 at the SharePoint Conference in Seattle, Bill Gates announced that Microsoft will offer Microsoft Online Services to businesses of all sizes. Microsoft Online Services include Exchange Online, SharePoint Online, Office Live Meeting, and Exchange Hosted Filtering. These are enterprise-class software delivered as a subscription service, hosted by Microsoft and sold with partners.
For more information about the announcement, click through to the Press Pass article on the Microsoft site: http://www.microsoft.com/presspass/press/2008/mar08/03-02AllSizeBusinessesPR.mspx
For more information on Microsoft Online Services, visit: http://www.microsoft.com/online.
Paul Englis
Product Manager
posted
by
ocsteam |
4 Comments
Filed Under:
Online Services Category
Wednesday, March 05, 2008 7:45 PM
How to Install a Trusted Root CA certificate on OSX Leopard for use with Messenger for Macintosh.
Add private certificate to the x509 Anchors keychain
1. Open keychain access application.
a. Use finder and find the HDD/Applications/Utilities/Keychain Access.app file and start the application.
2. Add the X509 Anchors to the view, it is not in the view by default.
a. File menub. Add keychain
i. Open HDD/System/Library/Keychains/X509Anchorsii. Caution not to use the HDD/Library/Keychain the file is not there.
3. Import the certificate into the X509 Anchors
a. Highlight X509 Anchors
Import the Root Certificate or Chainb. Choose File- gt;Import Items
c. Browse to find your Root CA certificates files you need to add then choose open.
d. Password prompt for root access
e. Pop up asking if you want to trust the certificate
f. Click Always Trust
Michael Wagner
Support Escalation Engineer
posted
by
ocsteam |
5 Comments
Filed Under:
Messenger for Mac
Tuesday, March 04, 2008 12:51 PM
Soliciting Office Communications Server 2007 Resource Kit Feedback
If you’ve read or begun to read the Microsoft Office Communications Server 2007 Resource Kit book, thank you!
Now, we want to hear from you. Let us know the good, the bad, and the ugly. J Send us your constructive criticism so that we can address your information needs in the second edition of this book. Tell us (the authors) what you like and dislike. What vital information is missing or confusing?
NOTE To correct specific incorrect information in the current Resource Kit book, send your feedback directly to MSPress, rkinput@microsoft.com, where corrections will be made.
We want to hear back from you! As a thank you, we will recognize your contribution in the foreword of the next edition of this book. Please use the form below to submit your feedback.
Thank you!
posted
by
ocsteam |
13 Comments
Filed Under:
Training
Thursday, February 28, 2008 3:32 PM
Uploading of a .cab file to Update Server WSS site fails with an HttpException and the message Request timed out.
Sometimes, when you upload a new .cab file for Microsoft Office Communicator 2007 Phone Edition or Microsoft RoundTable using the OCS 2007 Software Update Service Management Console Upload Software feature, the upload fails with an HttpException and the message Request timed out in the event log. The actual exception might vary, but the real reason is typically lack of resources on the WSS server. The resources lacking might be memory or CPU or a combination of both. You typically get the exception because the upload of the .cab times out. If you run into this try to add resources, i.e. more memory or more CPU capacity. If that is not possible here are a couple of tips you can use to increase the various time-outs.
On the server running the OCS 2007 Software Update Service Management Console you can edit the web.config file found in C:\Program Files\Microsoft Office Communications Server 2007\Web Components\UC Device Updates\Management Console. The web.config file controls the .NET requests the Management Console is using to talk to the WSS server. The web.config is per default read protected, so you have to make it writeable before editing it. In the file is a XML section called httpRuntime. This is the section you can tune. HttpRuntime is described here http://msdn2.microsoft.com/en-us/library/e1f13641(VS.71).aspx. In my test environment I'm using the following settings lt;httpRuntime maxRequestLength="900000" executionTimeout="300" appRequestQueueLimit="30"/ gt;. This mean that the client will time-out after 300 seconds or 5 minutes.
Now you have changed the client time-out, but you typically also need to change the server side time-out on the WSS server. This is done by tuning the IIS time-out setting. The default is 120 seconds, but you can increase that by using the instructions in http://support.microsoft.com/default.aspx/kb/925083. On my test system I use 300 seconds. After changing the time-out stop and restart the web site hosting WSS.
Update 21-JAN-08: The above tuning is not the complete fix. The code itself is using other timeouts. We are investigating this and will report back.
Update 28-FEB-08: Please install the build released today http://www.microsoft.com/downloads/details.aspx?displaylang=en amp;FamilyID=889c542e-8b09-46c2-bd86-671c21668830. It should fix the issue with .cab upload error.
Jens Trier Rasmussen
-PRINCIPAL CONSULTANT II
posted
by
ocsteam |
3 Comments
Filed Under:
Setup amp; Deployment
Wednesday, February 06, 2008 11:44 PM
Office Communications Server 2007 Visio Stencils
Are you creating new diagrams or architecture drawings for your OCS rollouts? If so, take advantage of the new OCS 2007 Visio stencils. The icons in the stencil include all OCS 2007 components. They also include various individual functions that you can use to create your own new icons. The icons and your new icons can be added easily to the stencil.
http://www.microsoft.com/downloads/details.aspx?FamilyID=543705f6-d02a-436e-8b34-5c796550022a amp;displaylang=en
Remember to visit the OCS TechCenter to for more great information on all the UC products.
- Kevin Engman
OCS Community Manager
posted
by
ocsteam |
7 Comments
Filed Under:
IT Pro/Dev Documentation
Friday, January 25, 2008 2:40 PM
Office Communications Server 2007 Technical Resource
Microsoft Press just released the definitive reference for how to deploy, configure, and troubleshoot Microsoft® Office Communications Server 2007. This resource comes complete with expert insights direct from the Microsoft Office Communications Server Team. This official Microsoft RESOURCE KIT delivers insights by in the field expert consultants with in-depth technical guidance on architecture, deployment, security, administration, performance tuning, and troubleshooting Office Communications Server 2007. You’ll also discover the essential information for working with VOIP and phone integration features. In addition, you get more than 150 timesaving PowerShell scripts, tools, and other job aids for automating administration, plus a fully searchable version of the entire RESOURCE KIT book.
Here’s a short excerpt from Part VI: Technical Reference, Chapter 19.
P
To order the book, see http://www.microsoft.com/MSPress/books/10482.aspx
Rui Maximo
Sr Technical Writer
posted
by
ocsteam |
3 Comments
Filed Under:
Team Bio's, OCS Tools, IT Pro/Dev Documentation
Friday, January 18, 2008 12:00 PM
OCS support for shared SQL Server
For organizations that want to consolidate multiple SQL instances on the same physical server, this configuration is now supported for Live Communications Server 2005 SP1 and Office Communications Server 2007. Both of these products make use of SQL Server. Previously, Microsoft recommended that Live Communications Server 2005 SP1 and Office Communications Server 2007 use SQL Server on a separate dedicated physical server. As of this announcement, the database used in the Enterprise pool, the Archiving and CDR Server or the QoE (Quality of Experience) Monitoring Server can now share the same SQL Server with other application databases and remain a supported configuration by Microsoft Customer Support Services.
This level of support does not imply that installing LCS or OCS server roles on the SQL Server is supported. Installing LCS and OCS server roles collocated on the same physical server running SQL Server remains unsupported. The physical server must be dedicated to running only SQL Server.
The server running the Back-End Database can host other SQL applications, as long as they are hosted in different SQL instances; the SQL Server instance that hosts the Office Communications Server Back-End Database must be dedicated.
If you are going to run other SQL applications on the same server as your Back-End Database, keep the following in mind:
· The Back-End Database must have separate dedicated physical drives for its databases and transaction logs.
· The server must have enough RAM to cache the entire instance being using for Office Communications Server.
· With this configuration, diagnosing performance issues will be more difficult.
· This configuration is supported, but not recommended.
To track the performance of the SQL instance used by the enterprise pool front-end servers, monitor the following performance counters:
· LC:USrv – 00 – DBStore\Usrv – 002 – Queue Latency (msec)
· LC:USrv – 00 – DBStore\Usrv – 0 04– Sproc Latency (msec)
For more details on how to monitor and interpret these counters, see the article “How can I tell if my server is healthy in less than 10 counters?” by Pauline Batthish: http://communicationsserverteam.com/archive/2007/09/10/9.aspx
For an in-depth resource on Office Communications Server 2007 with detailed troubleshooting tips, refer to the Office Communications Server 2007 Resource Kit book available at Amazon, Barnes amp; Noble, and Quantum Books: http://www.microsoft.com/MSPress/books/10482.aspx
FONT
- Rui Maximo
Senior Technical Writer
posted
by
ocsteam |
16 Comments
Filed Under:
Setup amp; Deployment, Archiving
Thursday, January 17, 2008 3:21 PM
Common Certificate Issues with Live Communication Server 2005
As certificates have become common in deploying of Live Communication Server 2005 I put together a list of common issues one can experience with certificates and LCS 2005.
My certificate has expired. How should I replace it?
When a certificate expires on the LCS 2005 frontend system(s) you will notice that users are not able to login anymore with TLS. If LCS 2005 Enterprise Edition is deployed the nodes will be unable to communicate with each other using MTLS. This will cause messages to be undelivered between servers. Usually the certificate is replaced before this causes a bad day for administrators however I have noticed that many times the certificate is not being replaced successfully.
In order to replace the certificate successfully a new one should be issued to the same FQDN (fully qualified name) as the server or the pool name (in the case of Enterprise Edition). If using Enterprise Edition it should also have a subject alternative name listing both the pool and the FQDN of the server. The intended purpose (Enhanced Key Usage) of the certificate should have “Server Authentication (1.3.6.1.5.5.7.3.1)”. In addition to “Server Authentication” I would recommend also requesting a certificate with the intended purpose of “Client Authentication (1.3.6.1.5.5.7.3.2)” as this is required by some public IM servers. The “Client Authentication, Server Authentication” certificate needs to be installed on the Access Proxy external interface.
To install the certificate, you need to determine if the certificate has a 2-tier certificate chain. Most issued certificates use 2-tier chains for security purposes today. When viewing the certificate the “Certificate Path” tab will determine whether any issues exist by displaying a red X. This is a simple check that will use any method to validate whether the complete chain exists. It is best to ensure that all tiers of the chain are installed in the appropriate stores. For example the Intermediate tier should be installed into the “Intermediate Certification Authority”, and the root tier should be installed into the “Trusted Root Certification Authority”. If they already exist the expiry date should be validated along with the serial number to ensure they are matching.
Once installed successfully into the Local Computer stores the certificate can be assigned to the LCS 2005 server. To successfully assign the certificate, open the LCS 2005 server properties. The “Security” tab will specify the default certificate used for MTLS communication. In addition to updating the certificate on the “Security” tab any certificate assigned to the listener on the “General” tab needs to be updated. For example, the “General” tab may list the bindings 5060 and 5061 (TLS). The 5061 (TLS) binding will require a certificate and this is independent of the certificate on the “Security” tab. In my troubleshooting I have seen the certificate changed on the “Security” tab followed by deletion of the prior expired certificate. If the expired certificate is deleted but still assigned to the TLS binding on the “General” tab, the LCS server will fail to start looking for the missing certificate.
Communicator Mobile clients
When deploying Communicator mobile and using private certificates the mobile clients will require the trusted root and any other certificates in the certificate chain to be installed on the mobile device. The recommended practice is to assign a publicly issued certificate on the access proxy external interface since it will not require deploying certificates to the mobile clients. In my troubleshooting I have come across mobile clients being unable to connect to the Access Proxy due to 2-tier certificate chains (both public and privately issued). In many cases (especially privately issued certificates) both the trusted root and any intermediate authorities will need to be installed on the mobile device. In most mobile devices the trusted root and intermediate certificates may be installed in the same default store since they will not have separate stores for these certificates. If other clients can successfully connect remotely you may want to try to setting the DisableCRLCheck registry value on the mobile client. This value will disable the validation of the server certificate thereby not requiring any trusted root or intermediate certificates to be installed on the mobile device. The Microsoft Office Communicator Mobile Planning and Deployment Guide can be an excellent resource in deploying mobile clients.
Microsoft Office Communicator Mobile Planning and Deployment Guide
http://www.microsoft.com/downloads/details.aspx?familyid=7877b140-e76a-47f9-8866-bce5dec024ed amp;displaylang=en
Public IM connectivity
Setting up Public IM connectivity (PIC) with certificates is very similar to that of enabling remote access. As stated prior the certificate will require both “Client Authentication” and “Server Authentication” as some public providers require “Client Authentication”. The certificate is required to be publicly issued and should be installed using the same procedure as I’ve outlined above. The important step here is to make sure that all the tiers of the certificate are in the proper stores and that they are not expired. The LCS 2005 Access Proxy will look for all the tiers in the chain and provide these during MTLS negotiation. If they are not found the receiving party may not be able to validate the certificate. A simple network trace can tell you if you are having certificate problems. For example, after the 3-way handshake in TCP communication there will be approximately 5-10 packets exchanged for MTLS setup. These 5-10 packets should be assumed to be certificate exchange. If followed by a packet with the reset flag set the negotiation is assumed to have failed.
Other Certificate Issues
Certificates can be responsible for many intermittent communication problems in LCS 2005. The use of machine names that do not match the certificate “Subject” is not recommended. When deploying certificates it is best to deploy a certificate matching the FQDN of the machine when possible. Machines that are not part of the domain should have the primary domain suffix added via the “Computer Name Changes” dialog box in System Properties. If matching the certificate is not possible the certificate should have the “Subject Alternative Name” field filled to list all alternative names including the true FQDN of the machine.
- David Lebar
Escalation Support Engineer
posted
by
ocsteam |
3 Comments
Filed Under:
LCS 2005, Certificates
Monday, January 14, 2008 1:05 PM
Powershell Script for Retriving IM from Archving Database
September 28 2009 Update: For those looking for the most recent script for use with R2, see this post for details - http://communicationsserverteam.com/archive/2009/09/28/584.aspx
When customers deploy Office Communications Server 2007 Archiving they quickly request tools or sample queries to retrieve their data. The Office Communications Server 2007 Resource Kit includes the ArchivingCDR Reporter tool. This reporting tool has built-in SQL queries to retrieve and view information from the Archiving and Call Detail Records (CDR) Backend. The tool enables the user to view Office Communications Server 2007 usage reports based on the Archiving and CDR tables.
?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /
A member of our team worked on a sample* using PowerShell technology to gather all IMs for a given user or all IMs between two users. The result is output to console and a local im.xml file. The script will support the following message types:
text/plain
text/x-msmsgsinvite
text/rtf
To use the tool, you will need to download the zip file (updated to handle special characters on April 17, 2008 (Updated and tested by our Austrian peer Thomas Binder) and extract all files to one common directory and run ps1script. Please note the tool has the following dependencies:
PowerShell v1
NET 2.0 Framework
To make XLS to HTML transformation you would need MSXML 4.0 Service Pack 2 (Microsoft XML Core Services) MSXML.exe is currently part of the ZIP but it should be the same as Command Line Transformation Utility (msxsl.exe)
The first two items are mandatory; the third is nice to have as it will create an HTML page for the XML output. P
July 2008 update from Thomas Binder:
Details: As recommended in one of the commentary postings, I replaced the line
Add-Content -Path $LocalPath -Value ' lt;?xml version="1.0" encoding="UTF-16"? gt;'
With:
Add-Content -Path $LocalPath -Value ' lt;?xml version="1.0" encoding="ISO-8859-2"? gt;'
- Thomas Laciano
Sr. Program Manager, Unified Communications Group
- Sasa Juratovic
Program Manager II, Unified Communications Group
* This is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified in the Terms of Use (http://www.microsoft.com/info/cpyright.htm)
FONT
posted
by
ocsteam |
31 Comments
Filed Under:
OCS Tools, Powershell
Attachment(s): Get-ArchivingData-July-2008.zip
Friday, January 11, 2008 12:37 AM
Unified Communications Group at the Office Developer Conference 2008
Are you an avid developer? Do you want to learn how to expand the power of the Unified Communications with the wide array of API’s and SDK’s that are available? If so, please take the time to register and attend ODC 2008.
Besides Bill Gates delivering the Opening Keynote, you can learn about UC Development options at the following keynote and breakout sessions:
Executive Keynote
Gurdeep Singh Pall - CVP, Microsoft Unified Communications Group
Breakout Sessions:
Unified Communications: Under the hood of Office Communications Server and Exchange Server.
Anywhere Information Access with OCS Speech Server 2007.
Business Process Communications with UCMA.
Embedding Contextual Collaboration with the Communicator 2007 API.
Building Contextual Collaboration Clients for Web and Enterprise Portals.
Building Enterprise Mashups with Exchange Web Services.
Programming Conferencing Solutions with the Live Meeting Service XML API.
Event Overview
ODC 2008 is the premier event for Microsoft Office developers, bringing together architects, developers, industry technical experts, Microsoft insiders, and key partners in a public forum to redefine what it means to be focused on 2007 Microsoft® Office system development.
For more information please visit http://www.odc2008.com and don’t forget to check out the ODC 2008 Blog for what’s happening on a daily basis
- Kevin Engman
OCS Community Manger
posted
by
ocsteam |
2 Comments
Filed Under:
Developer Tools, Events
Friday, January 04, 2008 8:42 AM
Uploading Handouts in LiveMeeting 2007 console fails
Handouts in the LiveMeeting 2007 console are a way to transfer files to members of a meeting.
When the user attempts to upload a file to handout he will get the error Upload Failed.
If you check the Pwconsoledebug.log you will find the following error. This log is use to troubleshoot LiveMeeting 2007 and is on by default. It is located in %temp% directory on the client.
You will see the following error in the Pwconsole Log.
MC] 17:36:50:963 GMT [PID 2416] [THREAD 5044] [D] FileTransferProgressDialog::OnInit[MC] 17:36:51:119 GMT [PID 2416] [THREAD 5044] [D] BlobManagerC::cRejectUpload[MC] 17:36:51:119 GMT [PID 2416] [THREAD 5044] [D] BlobManagerC::threadAndServerDone[MC] 17:36:52:525 GMT [PID 2416] [THREAD 5044] [D] FileTransferProgressDialog::OnDestroy
On the server side you would use the OCSLogger tool to log data from DataMCU component. We got the error below on the server side.
TL_ERROR(TF_COMPONENT) [1]04DC.08C8::12/13/2007-22:47:37.647.000003cc (DataMCU,Logger.error:254.idx(78))( 49296756 )class placeware.apps.blobparts.BlobManagerS=BlobManagerS::sRequestUploadBlob - block all files
Resolution:
Bring up the OCS 2007 MMC
Right click the Pool
Click Application Properties
Click Intelligent IM Filter
Click File Transfer Filter Tab
Remove the Block all file Extension setting and Click OK
Restart Frontend Service
You can get more information on the Intelligent IM Filter in the OCS 2007 Administration Guide.
http://www.microsoft.com/downloads/details.aspx?FamilyId=CB7DC2DE-4504-484E-9229-BD8614BE0633 amp;displaylang=en
- Louis Hardy
Support Escalation Engineer
posted
by
ocsteam |
1 Comments
Filed Under:
Conferencing
Wednesday, January 02, 2008 8:46 AM
Helper Button for Phone Number Normalization
The first thing I do when I’m talking to customers is tell them about the Helper button on the Normalization rule creation screen as shown below:
It takes you here: http://office.microsoft.com/en-us/help/HP102218261033.aspx
There are enough sample rules on that page to get through 99% of the questions I’ve been asked about creating the Phone patterns (numbers you expect the client to dial) and Translation patterns (what you want to change the number to be).
Once you have the Phone pattern and Translation pattern set, try typing in the number you expect users to dial into the Sample dialed number to see if it translates in an expected manner. The Translated number should hopefully show the number the way you expect it to come out.
The steps above along with the Microsoft Office Communications Server 2007 Enterprise Voice Planning and Deployment guide , the Enterprise Voice Route Helper tool (part of the OCS 2007 Resource Kit), and the Enterprise Voice Route Helper User’s Guide have given me all the answers I’ve needed to get to customers up and going with creating Normalization rules.
- Rob Pittfield
Support Escalation Engineer
posted
by
ocsteam |
3 Comments
Filed Under:
Voice, Setup amp; Deployment
Thursday, December 20, 2007 12:25 PM
Configuring LCS 2005 w/ SP1 for Multiple Domains
Overview?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" /
Automatic configuration allows Communicator to find and connect to the appropriate LCS server without manually entering a server name into its settings. Communicator has special requirements for DNS and certificates to make this work properly. This bulletin details those requirements. Manual configuration or using GPOs does not apply to this topic.
Why all the fuss? You might be asking yourself that question. Basically, it boils down to how Office Communicator locates and connects to an LCS server or pool. In simplest terms, Office Communicator is designed to make sure it connects to a server in the same domain as its logon ID or SIP URI. If my logon id is chanb@consolidatedmessenger.com then Communicator expects to be able to logon to a server with a Full Qualified Domain Name (FQDN) in the same domain; ex. Lcspool01.consolidatedmessenger.com.
So, you need to have DNS service records for each domain you are supporting and those service records need to point to FQDNs with matching domains. This holds true for internal clients and external clients. Below we take a look at both.
Supporting Internal Clients
To illustrate the requirements we will use a sample customer situation. Consolidated Messenger is a large organization, requiring an Enterprise Pool. Notice that the Pool name differs from the computer FQDN. For an Enterprise Edition deployment we require a hardware load balancer using a Virtual IP (VIP) address for the Pool name. Here are the basic settings:
Hosting Domain – na.consolidatedmesssenger.com
LCS Computer FQDN – server1.na.consolidatedmessenger.com
LCS Pool Name - Lcspool.na.consolidatedmessenger.com
LCS Pool IP address – 192.168.1.100
LCS Computer IP address – 192.168.1.101
Supported SIP Domains
Na.consolidatedmessenger.com (default inherited from AD)
Adataum.com
AlpineSkiHouse.com
Contoso.com
Fabrikam.com
Litwareinc.com
WingTipToys.com
NOTE: For this scenario the “hosting” domain (Consolidated Messenger) is not used for IM. This is common as the AD domain is inherited but not used for IM.
DNS Records (Internal)
Split DNS configuration is a requirement for automatic configuration. Simply put, split DNS means you have two DNS zones for one domain name. One DNS zone exists on internal DNS servers and provides name resolution only for internal clients. Another DNS zone exists on external DNS servers to service external clients.
Split DNS is required so that users can use the same sign-on name in Communicator and have their correct logon server resolved inside and outside the network.
The following SRV records need to be created. Note that these records must be created in the DNS database of the servers authoritative for the particular zone.
Service Records (SRV)
Host (A)
IP Address
_sipinternaltls._tcp.Adataum.com
Lcspool.Adataum.com
192.168.1.100
_sipinternaltls._tcp.AlpineSkiHouse.com
Lcspool.AlpineSkiHouse.com
192.168.1.100
_sipinternaltls._tcp.Contoso.com
Lcspool.Contoso.com
192.168.1.100
_sipinternaltls._tcp.Fabrikam.com
Lcspool.Fabrikam.com
192.168.1.100
_sipinternaltls._tcp.Litwareinc.com
Lcspool.Litwareinc.com
192.168.1.100
_sipinternaltls._tcp.WingTipToys.com
Lcspool.WingTipToys.com
192.168.1.100
Certificate Configuration (?xml:namespace prefix = st1 ns = "urn:schemas-microsoft-com:office:smarttags" /Enterprise Pool)
To support multiple domains for encrypted communications we require that all front-ends in the Pool be configured with a certificate. The certificate must match the FQDN returned by any DNS SRV query. Therefore, the certificate must contain multiple entries. We call these SANs (Subject Alternate Name) and the certificate must include the FQDN of the pool and one entry for each supported SIP domain.
Subject Name
Lcspool.na.consolidatedmessenger.com
Subject Alternate Name
Lcspool.na.consolidatedmessenger.com
Lcspool.Adataum.com
Lcspool.AlpineSkiHouse.com
Lcspool.Contoso.com
Lcspool.Fabrikam.com
Lcspool.Litwareinc.com
Lcspool.WingTipToys.com
NOTE: When Subject Alternate Name is used, include the Subject Name in the list of SANs.
Supporting External Clients
The key thing to remember about supporting external clients is that the same rules apply. You must account for every domain that a user might be logging on to and you must have certificate configuration to match.
Certificate Configuration (Access Proxy)
An Access Proxy defines two interfaces; a private interface connecting to the internal LCS environment and a public interface that is used by remote clients and Federation partners. Each interface must be configured with a certificate. In our example we are assuming the Access Proxy will use a unique certificate for each interface.
Private Interface Certificate
- Subject Name - lcsAP01.na.consolidatedmessenger.com
To match a common configuration seen by Microsoft Support, make this match the computer FQDN. Note: the access proxy is installed in a workgroup configuration and as such may not be configured with a complete FQDN.
Private Interface Subject Alternate Name
- Not needed
Any internal server connecting to the AP will be connecting directly to the FQDN associated with the Private interface and there are no client to AP connections therefore no SANs will be used.
Public Interface Subject Name
- Match the Enhanced Federation Domain(sip.adataum.com)*
Public Interface Subject Alternate Name
sip.Adataum.com
sip.AlpineSkiHouse.com
sip.Contoso.com
sip.Fabrikam.com
sip.Litwareinc.com
sip.WingTipToys.com
Because Communicator clients will be connecting to the AP directly on the Public interface, the certificate must include a SAN entry matching any domain a user might be using for logon.
* Enhanced Federation does NOT support multiple domains. Customers with multiple domains will have to choose the 1 domain they want for Enhanced Federation. In our example we use Adatum.com.
DNS Records (External)
Service Records (SRV)
Host (A)
IP Address
_sip._tls.Adataum.com
sip.Adataum.com
10.0.0.100
_sip._tls.AlpineSkiHouse.com
sip.AlpineSkiHouse.com
10.0.0.100
_sip._tls.Contoso.com
sip.Contoso.com
10.0.0.100
_sip._tls.Fabrikam.com
sip.Fabrikam.com
10.0.0.100
_sip._tls.Litwareinc.com
sip.Litwareinc.com
10.0.0.100
_sip._tls.WingTipToys.com
sip.WingTipToys.com
10.0.0.100
Additional Reading
Rather than provide an extensive list of documentation, we are keeping the documentation to a minimum set of docs relevant to this topic.
Live Communications Server 2005 Document: Planning Guide
Live Communications Server 2005 Document: Configuring Certificates
Live Communications Server 2005 Document: Deploying Access Proxy and Director
Office Communicator 2005: Microsoft Office Communicator 2005 Planning and Deployment Guide
- ?xml:namespace prefix = st2 ns = "urn:schemas-microsoft-com:office:smarttags" /?xml:namespace prefix = st1 ns = "urn:schemas:contacts" /Thomas LacianoP
Support Escalation Engineer
- Chandler Bootchk
Sr. Technology Solution Professionalo:pSPANP
posted
by
ocsteam |
4 Comments
Filed Under:
Setup amp; Deployment, SIP, LCS 2005, Certificates
Thursday, December 20, 2007 9:03 AM
Office Communications Server 2007 KB Articles for November
Here are the most recent OCS-related KB articles published - enjoy!
http://support.microsoft.com/?kbid=943392Error message when you try to send an instant message in Communications Server 2007: "The following message was not delivered to lt;recipient gt;"11/14/2007Windows NTOffice Comm Svr Ent 2007 ENEN-US
http://support.microsoft.com/?kbid=943631Error message when you try to view the events on the Event Log tab of the Communications Server 2007 MMC snap-in: "retrieving data failed"11/14/2007Windows NTOffice Comm Svr Ent 2007 ENEN-US
http://support.microsoft.com/?kbid=943880You may receive an access violation error message in the APIEM.DLL!WPP_SF_qSS call when you run a stack trace on a computer that is running Communications Server 200711/6/2007Windows NTOffice Comm Svr Ent 2007 ENEN-US
http://support.microsoft.com/?kbid=942872Description of the Communications Server 2007 update package: November 2, 200711/6/2007Windows NTOffice Comm Svr Ent 2007 ENEN-US
- Michael Platts
Support Escalation Engineer
posted
by
ocsteam |
2 Comments
Filed Under:
KB Articles
Thursday, December 20, 2007 2:13 AM
Software: The medium to greater business value with communications
(Moving this post to the OCS Blog from the old Blog site)
We frequently talk about the communications industry being at a crossroads, and when I look at the lineup of keynote speakers at next week’s VoiceCon 2007 – all software companies – it’s apparent where we are headed.
But what does it mean that voice communications is becoming software based?
Given the brief history of computing it is easy to appreciate an analog that many of us have personally observed. I recall nostalgically the days of the dedicated Brother word processors – they kind of looked like typewriters but were digital and had the LCD displays. Technology had provided us with a better replacement for typewriters. Personal computers and word processing software took that basic input application and added a whole lot of value on top of it – people could store, view, edit multiple documents, share, put rights management, add pictures, and even search across all documents. Thus software, in its many forms has enabled powerful revolutions like the paper-less office, user generated content (blogs, wikis), and more. The value proposition has expanded from the original efficient input of information to information at your fingertips and the potential for further transformation is even greater today. In this case software innovation created the value – of course it allowed you to still type as you did on your typewriter but it did so much more. It would be hard to imagine a world without software and personal computers and how they power people’s lives, businesses, our society.
Now let’s come back to communications: Telephony systems are like typewriters – we need them, we use them, they serve us diligently. VoIP basically allowed legacy Telephony systems to be transformed into dedicated Word Processors – single function, providing a few more capabilities than their predecessors, not integrated into the rest of the tools an information worker and businesses need. Here again, software is ready to transform communications into a world where a whole lot of innovation and value is unleashed. Long held notions like only voice mode, presence-less or blind dialing, separate directories, no integration with everyday applications and business tools, are ready to be shattered thru the software transformation. The value will shift from talking to someone at a different location to communications fueling business productivity holistically.
I hope the picture of what software brings to communications is getting clearer. A question one might ask is: what about the network? Isn’t communications a network thing as claimed by some vendors?
First of all it is important to highlight the value of the network. The network enables packets to get from point A to point B. It is the plumbing that enables connectivity between applications running between endpoints. The network is a very, very important utility. But it is just that. Business value is created thru software that runs on the endpoints. An analogy might help here too: when billions of people use the internet everyday – what is bringing them there? Is it the software applications like MySpace, Windows Live Messenger, and YouTube or is it the fascination with the network?
I look forward to discussing this further with you next week in San Francisco. See you there.
- Gurdeep Singh PallCorporate Vice President – Unified Communications Group
posted
by
ocsteam |
2 Comments
Filed Under:
Voice
Monday, December 17, 2007 11:40 AM
OCS 2007 - Continuous prompts for Address Book download
I've now run into this issue a few times where after deploying Office Communications Server 2007 Enterprise Edition that the Office Communicator client is unable to download the address book from the IIS server. Below are some troubleshooting steps that I used to determine the cause and steps you can try to resolve this issue.
When starting Office Communicator, it will sign the user in but then present you with the following prompt to download the address book. Normally there is no prompt and Communicator downloads the address book seamlessly. This prompt will not accept any credentials so you must click cancel to stop the address book download.
After clicking cancel you then see in Office Communicator that the address book failed to download.
Let's begin troubleshooting this issue by discussing what is required to download the address book. When Office Communicator signs in it receives a referral from the OCS 2007 frontend to the address book URL. The default is a HTTPS URL which requires a valid certificate assigned to IIS. You can see the address book URL in the status page of the Front End server:
If there is a valid certificate assigned on the IIS box we should be able to access the default website. Using the example above, https://pool02.domain.local should bring up the default under construction page. If you are not able to access the URL and bring up the under constuction page you will want to check your Internet Explorer proxy settings. Setting an exception for any local domains would be best (ie. *.domain.local).
If the browser is able to access the under construction page using SSL, you can then try to download the address book files manually. Using the above example try to download one of the address book files, https://pool02.domain.local/Abs/Int/Handler/F-0993.dabs. This should prompt you once, then allow you to download the file. If Internet Explorer prompts continuously you are likely having an authentication problem. The default setting for the virtual directory is to use Integrated authentication. This will use Kerberos as a primary method of authentication. To rule out Kerberos as an issue, you can try changing the virtual directory to use Basic authentication and specify the domain name in the Default domain textbox. Since we are using SSL the username and password are secured.
At this point you need to determine why Kerberos is failing. First change the setting back to Integrated Windows Authentication. Once this is completed unselect Require secure channel (SSL) on the virtual directory in Secure communications on the Directory Security tab:
You will now be able to get a network trace of the issue. Connect to the same URL as before without SSL encryption so we can see the failure (ex. http://pool02.domain.local/Abs/Int/Handler/F0993.dabs). When prompted enter valid credentials and stop the network trace. Below is an example of what you might find in the network trace:
In the above example we see that Kerberos is failing with a KRB_AP_ERR_MODIFIED. This error is indicating that the Kerberos ticket was modified or is not what the server was expecting. The issue is that it should not be using Kerberos as the name pool02.domain.local is only virtual and should not by default have a service principal name (SPN). In this case the SPN was registered and when the Kerberos ticket request went to the domain controller the client was issued a ticket. The issue was resolved by using SETSPN.EXE to remove the additional service principal name from the computer account. You may also have to dump active directory using LDIFDE (ldifde -f output.txt -d "dc=domain,dc=local") to find the service principal name. You can then search the output.txt file for the SPN.
If you are not having any authentication issues as illustrated above but still fail to download the address book, review the security configuration of the UNC path specified. Ensure that RTCUniversalGuestAccessGroup has the following permissions:
Share level: Read
NTFS level: Read amp; Execute, List Folder Contents, and Read.
After verifying the permissions on the share, review the IIS settings for the virtual directory. Below is an example of the structure for Abs. The Files virtual directory should be referring to the UNC path in its properties.
Ensure that we have set the correct account that will be used to access the UNC share in the virtual directory properties as in the example below:
I hope the above troubleshooting steps are useful in resolving any address book download issues you may have. Many of the above steps can be helpful in troubleshooting other similar issues.
- David Lebar
Network Support Engineer - OCS
posted
by
ocsteam |
22 Comments
Filed Under:
ABS
Tuesday, December 11, 2007 3:19 PM
Joining OCS Edge Servers to an Internal Domain.
All OCS Edge servers have been designed to have no dependency on membership of an AD Domain. Therefore OCS edge servers can be run either as servers in a workgroup, or as members of a domain.
Edge server deployment guide recommends :
“Deploy edge servers in a workgroup rather than a domain. Doing so simplifies installation and keeps the Active Directory® Domain Services out of the perimeter network. Locating Active Directory in the perimeter network can present a significant security risk.”
This follows the ‘Best practice’ not to join servers in a perimeter network to an internal domain or forest. On the other hand the traditional rigid model of a tightly cordoned DMZ is being replaced by a per server or service risk analysis that leads to a security implementation that is specifically tailored to that server and the risks associated with an outage or other type of intrusion.
Note that the service accounts and administrative that are used on the OCS Edge servers are intended to be machine local accounts, and that that will further reducing the chance of intrusion.
Advantaged and disadvantages
When considering membership of the internal xxx.contoso.com domains a number of benefits and disadvantages are:
Some advantages of Members servers in a perimeter zone
Limited local SAM database on each servers
Less password maintenance
Generally leads to better passwords and better password maintenance
only a few accounts with very long very complex passwords can be used. (as they will not be used during normal operation.)
Patch management can be done via same mechanisms as other internal serversThis is a very limited advantage as generally speaking Perimeter servers , including OCS Edge servers should be under a different update regime or policy than internal servers
Smart-card logon for server management is possible.
Some disadvantages of Members servers in a perimeter zone.
Need additional procedures and security pre-cautions to make sure non-DMZ personnel cannot access DMZ servers
Need to open more ports in the inner firewall compared to non-domain members
It is harder to separate hostile traffic from a defaced server as all servers will frequently connect to the internal Domain Controllers.
Technical Limitations
With regards to domain membership of OCS Edge server there are no limitations to the functions of any of the OCS Edge servers.
Windows server 2008 Read Only Domain controllers.
At this time the use of Windows Server 2008 RODC in combination with OCS Edge servers is not supported by either Product Group. At this time it will require the OCS Edge servers to be in a different AD Site that is not served by Windows Server 2008 RODC’s.
Other options
Implementation of a Perimeter forest
Use of a separate Perimeter forest is considered an added benefit as that will allow policies to be applied uniformly across multiple servers, rather than have a server by server configuration. In a sense a Perimeter forest combines the management benefits of a Domain with the Isolation benefits of Workgroup servers.
The main drawback is that it will require significant effort to create and maintain such a forest and the required infrastructure services.In addition the creation of a Perimeter forest that would be out of scope for the OCS project
Patch management of workgroup servers.
Technically it is possible to use the current patch management infrastructure to manage workgroup servers. However that will most likely require changes to existing operation procedures and the creation of additional procedures to handle these specific cases.
Again the implementation of such a patch management infrastructure would be out of scope for the OCS project.
Conclusion
Microsoft will support OCS Edge servers in a deployment model where they are joined to the Contoso internal domain.
To assure secure operation of the system the additional risk should be balanced with addition security measures, some of which are already be in place in the Contoso perimeter network and in the OCS architecture and design for Contoso.
Make sure the patch management process is well implemented for all OCS Edge servers.This should include an option to deploy security updates with priority to systems in the Perimeter network
Scan the systems for intrusion or use a more holistic intrusion detection system
Implement OCS Directors servers in the internal Contoso network to place an additional authentication layer between the Edge servers and the OCS Pool Servers
Use machine local service accounts with complex passwords.
Store and maintain the edge server configuration of all Edge servers in a secure location to facilitate a correct and rapid rebuild process in case of suspicious activity.
- Jos Verlinde
Senior Consultant, MCS
posted
by
ocsteam |
2 Comments
Filed Under:
Edge Servers
Friday, December 07, 2007 9:28 PM
More Office Communications Server 2007 Documentation
Here are some quick descriptions to some other helpful docs in the OCS Library that will help with your Office Communications Server 2007 deployments.
Technical Reference
This document provides in-depth technical information on the components, protocol and architecture of Office Communications Server.
http://www.microsoft.com/downloads/details.aspx?FamilyId=959CB709-D81E-4DDE-821F-0411DFCFC073 amp;displaylang=en
Security Guide:
The security guide provide guidelines for assessing and managing security risks to your Office Communications Server 2007 deployment.
http://www.microsoft.com/downloads/details.aspx?FamilyId=2D1EA693-25E0-43D9-8C5C-0822EF83955A amp;displaylang=en
Supportability Guide:
The purpose of the Microsoft Office Communications Server 2007 Supportability Guide is to provide a central, high-level reference for supported Office Communications Server 2007 topologies and configurations. It is also intended to answer frequently asked questions. This document identifies supported topologies, configurations, and scenarios described in detail in the existing deployment and planning documentation.
http://www.microsoft.com/downloads/details.aspx?FamilyId=F8CC9B59-225F-425D-BD3A-E506396C6207 amp;displaylang=en
- Patricia Anderson
Content Publishing Manager - OCSP
posted
by
ocsteam |
6 Comments
Filed Under:
IT Pro/Dev Documentation
Wednesday, November 28, 2007 8:59 PM
What is the OCS Document Roadmap?
After you locate the Microsoft Office Communications Server 2007 Documentation Roadmap, you won’t want to be without it. It is an incredibly helpful, one-stop roadmap to all Office Communications Server, Office Communicator, and Live Meeting documentation that you may need—without endless searching or reading through every available document to determine what it contains. Here are some of the useful views into the documentation that the roadmap provides:
List of all available guides
What each guide contains
What to read for a quick overview
What to read for a lab deployment
What to read for a production environment
What to read before deploying
What to read when you are ready to deploy
Where to find information on specific topics
You can get the print-ready roadmap at http://www.microsoft.com/downloads/details.aspx?familyid=3fe6fee9-2342-4726-af48-11b57d1fc9e7 amp;displaylang=en. In addition, the roadmap will be available online at TechNet in the near future.
You can also view the entire Office Communications Server 2007 documentation set online at http://technet.microsoft.com/en-us/library/bb676082.aspx.
- Patricia Anderson
Content Publishing Manager - OCS
P
posted
by
ocsteam |
3 Comments
Filed Under:
IT Pro/Dev Documentation
Monday, November 26, 2007 9:38 AM
Unified Communications API Roadmap
Are you confused by which API to use when you are creating applications for your organization? If so, you need to check out this post by Mark Parker over on the OC Team Blog http://communicatorteam.com/archive/2007/11/26/34.aspx
- Kevin Engman
OCS Community Lead
posted
by
ocsteam |
1 Comments
Filed Under:
IT Pro/Dev Documentation
Tuesday, November 20, 2007 2:30 PM
OCS 2007 Best Practices Analyzer
Do you have questions about what the best practice might be for your Microsoft Office Communications Server 2007 environment? If so, then you need to checkout the Microsoft Office Communications Server 2007 Best Practices Analyzer Tool. This is a diagnostic tool that gathers configuration information from a and determines whether your OCS 2007 configuration is set according to Microsoft best practices.
Go to http://www.microsoft.com/downloads/details.aspx?FamilyId=1B90993C-072A-4C84-B385-B76D23B2F27C amp;displaylang=en to read what OCS 2007 Best Practices Analyzer is all about as well as to download the tool itself. TIP: For more information about the tool, e.g. prerequisites for running the tool, read our help (CHM) file once you install the tool.
We hope you find this tool useful!
- Sasa Juratovic
Program Manager - OCSSPANP
posted
by
ocsteam |
3 Comments
Filed Under:
OCS Tools
Monday, November 12, 2007 11:39 AM
New Communicator Web Access Server Role
If you've just started to learn about the new server roles that are a part of the Microsoft Office Communciations Server 2007 release, a great post for you to see is over on the Communicator Team Blog by Rui Maximo.
http://communicatorteam.com/archive/2007/11/12/27.aspx
Of course you can find lots of helpful documentation on Office Communications Server 2007 on our TechCenter page http://technet.microsoft.com/en-us/office/bb267356.aspx
-Kevin Engman
OCS Community Lead
posted
by
ocsteam |
1 Comments
Filed Under:
Communicator Web Access
Tuesday, November 06, 2007 3:42 PM
New Office Communications Server 2007 e-learning now available, plus Free chapters from Resource Kit book
Learn how to take advantage of the enhanced e-learning collection on enterprise capabilities provided by Office Communications Server 2007, and get a richer experience using virtual labs designed for the final product version.
http://go.microsoft.com/?linkid=7667746
Note: You may also want to mention the free downloadable sample chapters from the Microsoft Office Communications Server 2007 Resource Kit: http://go.microsoft.com/?linkid=7675616
- Kevin Engman
OCS Community Lead
posted
by
ocsteam |
3 Comments
Filed Under:
Training
Wednesday, October 31, 2007 5:31 PM
Quality of Experience Monitoring Server RTM’s
Earlier this week, Office Communications Server 2007 Quality of Experience Monitoring Server (QMS for short) released to manufacturing. As we were conceiving Office Communications Server 2007, we were looking at ways to give IT manager an improved and simplified management experience. I knew that we didn’t want to use the quality management methods favored by many of the vendors which required administrators to put sniffers in the network and that we had some great technology in our endpoints which would tell you everything you need to know about the quality of every call and conference. Unlike traditional approaches to voice quality which start and end at the quality of the network, QMS represents a whole new way of thinking about voice quality. The QMS is a pure software-based solution that monitors voice quality using all the information collected by the endpoints, MOS (mean opinion score), loss, jitter, delay, device quality and over a dozen other parameters that are used to determine quality. All this great data allows administrators to not only monitor the quality of the calls but also gives them the ability to slice and dice call data to diagnose issues at their source. QMS works with the other tools IT already knows and uses like Access, Excel or SQL for reporting and slicing and dicing data, and System Center Operations Manager for alerting and monitoring.
Customers can download the QMS free of charge starting today, here.
- Warren Barkley
Principle Program Manager, OCS
posted
by
ocsteam |
2 Comments
Filed Under:
QMS
Tuesday, October 16, 2007 6:13 PM
Partners Rally around Microsoft Unified Communications Software
More than 50 partners joined Microsoft to announce new products and services built on Microsoft’s unified communications platform. Between sessions, I decided to visit the partner pavilion to speak to a few of these partners.
I stopped by the Unisys booth to learn more about their offerings. James Smith, Director at Unisys, told me that Unisys is a worldwide information technology services and solutions company. They provide consulting, systems integration, outsourcing, and infrastructure services. They provide several services that will help customers tremendously, including:
Unified Messaging: We help you consolidate and integrate disparate e-mail and voice mail systems into a single global messaging infrastructure, based on Microsoft® Exchange Server 2007 and Voice over IP (VoIP).
Unified Communication: Integrate instant messaging, real-time videoconferencing, click-to-dial and directory services, and create “presence”-aware applications by leveraging the power of Microsoft® Office Communications Server and Microsoft® Office Communicator Client.
Collaboration: Consolidate and integrate shared virtual workspaces to facilitate real-time collaboration from any location, and implement enterprise content management, e-forms and workflow, based on Microsoft Office SharePoint® Server 2007.
Overall, their solution provides substantial value to customers, whether customers need assistance deploying the solution in house, fully outsourced, or hybrid managed.
I also spoke to Paul Nichols, Director at Dimension Data, to learn more about their offering. Dimension Data is a global IT solutions and services provider. He told me about how their technology and expertise can help companies integrate Microsoft Office Communications Server 2007 with Cisco communications and networking technologies. They definitely have some cool technology.
If you have the time, I recommend stopping by the partner pavilion in the main auditorium. These are just two of the great partners you can learn more about. The partner pavilion is open until 7 tonight.
- Moz Hussain
Director, Office Communications Server
posted
by
ocsteam |
1 Comments
Tuesday, October 16, 2007 5:30 PM
Implications for the next revolution in communications
Immediately following the keynote, I headed over to the luminary panel session. Jeff Raikes moderated the panel discussion with experts from various disciplines and points of view, including Charles M. Firestone, Dr. Marianne Broadbent, Professor Benjamin F. Jones, and Derek Woodgate.
Each panelist brought their own unique perspective to the panel. For instance, Charles Firestone, Executive Director at the Aspen Institute, is a recognized expert on communications policy and trends and the societal impact of communications and information technologies. Dr. Marianne Broadbent, Executive Advisor at Communications and Society, is a specialist in leadership assessment and executive capabilities. Benjamin F. Jones, Professor at the Kellogg School of Management, is an expert on the impact of communications technology. Derek Woodgate, President of The Futures Lab, is a practicing futurist.
Jeff kicked off the session by discussing how the information age created the knowledge economy, which helped accelerate globalization. He then turned to how the next revolution is taking place in communications, where the rise of Internet Protocol is enabling the unification of modes that existed previously in separate silos—telephone, voice mail, e-mail, instant messaging, multimedia conferencing and others are becoming seamless and context-relevant across networks and devices. The panel focused on the implications of this revolution for individuals, companies, societies, nation-states, governments, institutions, etc.
Jeff began his questioning by asking the panel for their thoughts on what type of impact the communication revolution would have on the world. Charles responded by stating that there would be three major effects, including personal empowerment, which allows the individual to pull down what they need and leverage it for greater effectiveness, collective intelligence, allowing people to gather the wisdom of crowds, and total mobility. The combination of these three will connect human capital in ways that were previously not possible. He also noted that geography would no longer define what your opportunities are.
Benjamin followed Charles by noting that the communications revolution provides substantial opportunities for countries to more easily benefit from their comparative advantages. Organizations will readily be able to connect to knowledge workers throughout the world, for whatever skills and expertise they need.
Jeff then asked Marianne how business leaders should anticipate how the next generation of the work force expects to work. Marianne responded that business leaders should embrace it and see it as a great opportunity. She also noted that organizations that fully utilize the experiences and expertise of people in their organizations relating to IT, they have the chance to innovate how they run their businesses.
Jeff also asked whether we believe the change in communications will be like the main frame to the PC in significance. The panelists agreed that we are jumping into a new world. Comments included that there is an increasing demand for this type of collaboration. Derek mentioned that higher impact work comes from larger teams and communications technology is increasingly important to allow larger teams to work together effectively.
Audience questions covered several topics. One in particular sparked my interest. One attendee asked whether we have to wait for the installed base before using these technologies. Jeff responded that these communications technologies allow people to use the software and infrastructure they already have. The installed base is already there – 500 million people already use Office. These are simply additional capabilities on top of what customers are using.
Overall, this session provided a very insightful discussion around the next revolution in communications. Attending this session really solidified for me how exciting this space is and how communication and collaborative technology are impacting the world.
- Moz Hussain
Director, Office Communications Server
posted
by
ocsteam |
2 Comments
Tuesday, October 16, 2007 4:04 PM
A New Way to Communicate Starts Today
In the large tent outside the venue this morning, I had the chance to eat breakfast with several of our customers. We talked all about the current state of communications. They described how the communications world is split in two -- they communicate on the telephone and they communicate on the computer. They emphasized that both are essential, but the split between the two forms of communications oftentimes causes challenges, from communications overload to increasing costs to manage separate networks.
This short conversation mirrored what we have been hearing from many of our customers. I was tempted to tell them all about unified communications at that moment, but then decided it would be best to leave it to Bill Gates and Jeff Raikes.
In the main auditorium, the lights dimmed promptly at 9:15 AM, indicating the start of the keynote. The lights suddenly started flashing, music blared, and smoke appeared near the stage. A musician appeared on stage playing a Gibson guitar (signed by both Bill Gates and Jeff Raikes) with Microsoft unified communications imagery plastered on it. A video started playing on the center and side screens displaying images of strands. The launching products (Office Communications Server 2007, Office Communicator 2007, Exchange Server 2007 SP1, Office Live Meeting, and RoundTable) were interspersed throughout the video. As the video ended, the strands came together, signifying that the time to unify your communications is now.
Bill Gates then took the stage to share his thoughts on the future of communications and to usher in a new wave of enterprise VoIP and unified communications software and services. Bill started by describing how the power of software would transform communications. In the past, when you picked a PBX vendor, that was it. If you wanted to move a single phone, it would cost $700 and require at least a week worth of lead-time. Bill said, “People just accepted this as the way it was.”
Bill continued by saying we are starting to see a revolutionary change from the vertical to the horizontal. You can now take a digital service and put it next to a PBX to take advantage of presence and other benefits of your PBX. In the longer term, though, Bill envisions that the PBX will eventually disappear, and we will have 100% of our communications based on software. Bill aptly stated that, “This is as profound as the shift from the typewriter to the PC.”
Jeff Raikes came on stage next and started by stating that users waste 37 minutes a day making calls to people who are not there. Jeff said that this “adds up to 30 hours a year.” Additionally, the average information worker receives almost 100 messages per day in up to seven different places. This inundation of messages is overwhelming for the end users and costly for the IT departments to manage.
With innovations in networks and software, it is possible to reduce these issues by unifying the ways people communicate into a consistent software-based experience. That is what we are delivering with Office Communications Server 2007, Office Communicator 2007, Office Live Meeting, Microsoft Roundtable, and a service pack update to Exchange Server 2007.
A few other points stuck out from Jeff’s speech:
More than 200,000 people are already using the new products we’re launching
Forrester Research recently completed a study on our early adopters, which concludes that the average company can realize a 500% ROI in three years.
Global Crossing found that systems with embedded UC improved employee response times by 80%.
More than 50 partners are announcing new products and services that build on our unified communications products
Eric Swift really brought home what both Bill and Jeff said by demonstrating the launching products. I participated in the demo as one of the meeting participants. It was great to be a part of one of Bill’s last Microsoft speeches.
If you were unable to attend the keynote, you can view the streaming video: 100K | 300K | 750K. I would also encourage you to read Bill Gates’ executive email to customers, which outlines his vision for software-powered communications technologies.
- Moz Hussain
Director, Office Communications Server
posted
by
ocsteam |
1 Comments
Tuesday, October 16, 2007 2:31 PM
Page Software - Microsoft Unified Communications Launch Edition
I spoke recently at our UC Launch event in Paris, along with M. Antoine Plantier, who has been an early adopter of our UC products at Renault. In his speech Antoine used a French phrase -- page blanche -- to describe our voice solution. His thesis was that we had started our voice thinking with a blank page, which would turn out to be a key differentiator -- it allowed us to focus entirely on meeting today’s communications needs, and to be intentional about which pieces of telephony came forward and which did not. Contrast this approach to another player who entered the telephony space about 8 years ago and has spent the last 8 years trying to replicate PBX features instead of innovating. Our fresh approach allowed us to innovate above and beyond the PBX feature set with powerful capabilities, like Presence, which can significantly improve the communications experience and increase productivity.
Perhaps most importantly it allowed us to break free of the legacy-bound, idiosyncratic model that has kept telephony completely isolated from the computing revolution happening all around it in the enterprise. The telephony industry in the ‘90s and early part of this decade was quite excited about programmable interfaces like TSAPI, JTAPI and (mea culpa) TAPI. The reality was that these programmable interfaces (APIs) were only known to and understood by the telephony community. The broader developer community -- tens of millions of them -- were unaware and/or uninterested in them. These APIs looked different, were overly complex and had arcane objects/semantics that reflected the complexity of the PBXs they wrapped. These APIs did not seduce, inspire or even help ease developers into using them. A few software application vendors actually managed to build on top of these APIs, but their adoption remained low and in niche, albeit important, scenarios like contact centers. It is easy to assert, in retrospect, that these APIs never stood a chance in the broad software playing field.
Coming back to the page blanche theme: while I appreciate Antoine’s point of view and accept the compliment, I would like to apply the page metaphor slightly differently than Antoine did. We did not start with a blank page. We borrowed a page from a book very familiar to us at Microsoft -- the book of software. In the same way business processes are being “translated” into software inside enterprises (I use the word translated intentionally instead of transliterated because a lot of design and rethinking goes into this mapping process) we rethought how communications should be approached with software. Our approach naturally allowed us to build something that is as programmable as anything else in software today (classes for databases, presentation, networking, files, etc.) A developer doesn’t find our approach different or intimidating or mired in the complexity of the past. This is why Microsoft Office, SAP, Dassault, Reuters Messaging, enterprise applications like the ones at Global Crossing, and many, many more software applications in the works can integrate so easily with our platform. The promise of communications-enabled business processes can only be fulfilled thru mainstream software platforms and developer tools. So instead of page blanche I would like to call our approach: Logiciel appliqué aux telecommunications or Page Logiciel for short, or just Page Software.
For another perspective on the power of our Page Software approach, read Gartner’s Magic Quadrant for Unified Communications, 2007 (Gartner, August 20, 2007). This Gartner Magic Quadrant by Bern Elliot evaluates leading vendors in the unified communications market. Gartner positions Microsoft in the Leaders quadrant. According to Gartner, “The Leaders quadrant contains vendors selling comprehensive and integrated UC solutions that directly, or with well-defined partnerships, address the full range of market needs.”
I would also like the take this opportunity to thank M. Plantier and our more than 150 customers and partners who participated in our early adopter program over the last year and have already deployed Office Communications Server 2007: their partnership has been invaluable in defining this product and its successors to come.
- Gurdeep Singh Pall
Corporate Vice President, Unified Communications Group
posted
by
ocsteam |
1 Comments
Tuesday, October 16, 2007 2:20 PM
Getting Ready for Kick Off for the Unified Communications Launch Event
I am here at the Bill Graham Civic Auditorium right across the street from the San Francisco City Hall. This location, which has a eclectic history of once being the home of the NBA’s San Francisco Warriors, the site of the 1920 Democratic National Convention, and numerous concerts by artists such as the Grateful Dead, Elvis Presley, Snoop Dogg, and others, will be the site tomorrow of Microsoft’s launch of the next generation of unified communications products and services. Everyone tells me it’s going to rain, so the huge white tent in front of the building will make for a great welcome to guests.
Event preparations have been underway all weekend. The setup crews have been working hard to ensure everything is ready for the arrival of thousands of attendees. The session speakers have been diligently rehearsing their material, and we wrapped up the night with Bill Gates and Jeff Raikes running through their material. They look like they’ve done it a few times before and are ready to get things going in style J It’s strange to think this might be the last time Jeff and Bill present together like this before Bill retires next summer. Most of the team is now at a reception for our partners, who share the stage with us tomorrow in so many ways and are a huge part of the story.
This event is the culmination of well over a year’s work at Microsoft. Back in June 2006, we first put a stake in the ground by announcing that Microsoft would be betting in a big way on unified communications. Since then we have developed, tested and deployed products in over a hundred customer accounts, we have lined up a fantastic partner ecosystem and we have ignited the thought leadership and energy in the industry. Tomorrows event is the culmination of all that. Office Communications Server 2007, Office Communicator 2007, Exchange Server 2007 SP1, Office Live Meeting, and RoundTable will be showcased to the world.
You can already sense a high level of excitement and anticipation, especially for the keynote. Tomorrow morning at 9:15 AM Pacific Time, Bill Gates and Jeff Raikes will deliver a joint keynote address to thousands of onsite attendees along with viewers around the globe via simulcast.
Everything is looking good to go. If you are fortunate enough to attend, you are in for a treat. If not, I would highly recommend watching the simulcast.
- Moz Hussain
Director, Office Communications Server
posted
by
ocsteam |
1 Comments
Wednesday, September 19, 2007 12:41 AM
Microsoft Unified Communications Launch
Join Bill Gates and Jeff Raikes as they kickoff the worldwide Unified Communications Launch 2007 in San Francisco on October 16, 2007. This free, day-long event includes a keynote with demos, a series of technical sessions, the Unified Communications Starter Kit (kit includes a FREE copy of the full version of Office Communications Server Standard Edition and Office Communicator 2007, a value of over $500) and a partner pavilion. See how Microsoft solutions will help streamline communications between people and organization regardless of medium, platform, device or location.
Click here to register and use the following registration code: UCLTBL18
- Kevin Engman
UC Community Manager
posted
by
ocsteam |
4 Comments
Monday, September 10, 2007 5:33 PM
How can I tell if my server is healthy in less than 10 counters?
Edit July 2009 - This post was written for OCS 2007, while you may use with R2 it is possible that you find items that do not exist or do not provide data due to product updates. One of the most common questions I am asked is “How do I know my server is healthy?” How can you tell if your server performance is adequate? #160; There are some a few key counters that are good indicators of overall health from the front end server. #160; This is by no means a comprehensive list and is not meant to identify root cause. #160; These counters will give you the ability to do a quick check on you server health. I recommend verifying these counters on each of the servers in the pool. It’s important to understand what these counter values are when your server is healthy. #160; A baseline is crucial to understanding what changed when the user experience is degraded. #160; The first counter to check on your front end server is the Processor\% Processor Time . #160; This should be less than 80%. If it is higher, then you need to determine if you have more users connected than usual or if there has been some other change that may result in higher load. #160; The front end server can indicate problems that may be due to bottlenecks elsewhere in the system. This means it is the best place to start when looking at overall system health. #160; Two of the first counters I always check are: LC:USrv – 00 – DBStore\Usrv – 002 – Queue Latency (msec)and LC:USrv – 00 – DBStore\Usrv – 0 04– Sproc Latency (msec). #160; The queue latency counter represents the time a request spent in the queue to the backend and the sproc latency represents the time it took for the backend to process the request. #160; If for any reason (disk/memory/network/Processor, etc) the backend is in trouble the queue latency counter will be high. It can also be high if there is high network latency between the front end and the back end. #160;Now, the next question is “how high is too high?” #160;Well, at 12 seconds the front end servers will start throttling requests to the backend. #160;This means they will start returning “Server too busy errors” (503) to the client. #160; I expect a healthy server to have lt;100msec DBStore queue latencies at steady state, but during times where the server has just come online #160;and users are all logging in at the same time that counter can be quite high and you may even see it hit multiple seconds. #160; The servers will be quite loaded after services are restarted. #160; Performing maintenance during off hours will help mitigate the performance impact as users will not all be competing to get back in at the same time. #160; Also, if you load balancer is configured for the least number of connections, and one of the front end servers is restarted, then all users that attempt to reconnect will be pointed to that server since it will have less connections than the other servers in the pool. #160; Therefore it may be overloaded while the other servers in the pool are fine. #160; If the LC:USrv – 00 – DBStore\Usrv – 002 – Queue Latency (msec) or the LC:USrv – 00 – DBStore\Usrv – 0 04– Sproc Latency (msec) counters are high, the most likely bottleneck is the SQL backend. #160; Is the CPU too high ( gt;80%) on your SQL server? Is the disk latency high? In an ideal world you have enough RAM to have the entire RTC and RTCDYN databases in memory, then, the only reason the server would be accessing the disk is to write to the log files and flush to the databases. #160; Our tests have shown that 12GB of RAM is sufficient for 100K user deployments. This is based on the assumption that the RTC and RTCDYN databases size total lt;12GB. #160; If your databases are larger than that then you may find you need more memory. You can tell if you need more RAM by looking at the MSSQL Buffer Manager\Page life expectancy, a value less than 3600 indicates memory pressure. Also, you should see little to no reads on your DB drive if you have enough memory as SQL should only be writing to the database. #160; Let’s get back to the front end. There is another throttling mechanism in the front end server, the DBStore latency throttling only kicks in if the latency to the SQL server is high, this throttling will kick in if the processing time on the front end is high. #160;One example of a cause that can result in this type of throttling is if the front end server is CPU bound. The way it works is if the average processing time (LC:SIP - 07 - Load Management\SIP - 000 - Average Holding Time For Incoming #160; Messages) on the server is in excess of 6 seconds then the server goes into throttling mode and only allows one outstanding transaction per client connection. Once the processing time drops down to 3 seconds then the server drops out of throttling mode and allows up to 20 outstanding transactions per client connection. #160; Whenever the number of transactions on a specific connection exceeds the threshold above, the connection is marked as flow controlled and the server does not post any receives on it and the LC:SIP – 01 – Peers\Flow Controlled Connections counter is incremented. #160; If a connection stays in a flow controlled state for more than one minute then the server closes it. #160; It does so lazily, when it has a chance to check the connection it determines if it was throttled for too long and closes it if it has been more than one minute. #160; #160;So, now you know about the 2 throttling mechanisms. #160; There is one counter that summarizes what, if any, throttling the server is doing. #160; It is LC:SIP – 04 – Responses object\ SIP – 051 – Local 503 Responses/sec . The term “Local” in the above counter means locally generated responses. #160; The 503 code corresponds to server unavailable. #160; You should not be seeing any 503s on a healthy server at steady state. #160; Again, during ramp up, after a server is just brought online, you may see some 503s. But as all the users get back in, and the server returns to a stable state there should not be anymore 503s. #160; The LC:SIP – 04 – Responses \SIP – 053 – Local 504 Responses/sec counter indicates connectivity issues with other servers. #160; It can indicate failures to connect or delays. #160; If you are seeing 504s one more counter that is good to check is the LC:SIP – 01 – Peers\SIP – 017 - Sends Outstanding counter. This counter indicates the number of requests and responses that are queued outbound, which means if this counter is high then the problem is probably not on this server. This counter can be high if there are network latency issues. #160; It could also be a problem with the local NIC but is more likely to be due to a problem on a remote server. #160; I have seen this counter be high on a director server when the pool it is attempting to contact is overloaded. #160; The key with this counter is to look at the instances, not just the total. #160; That will help you isolate the target. #160; #160; For more technical information and resources for evaluating, deploying and maintaining Office Communications Server 2007, please visit our TechCenter. #160; - Pauline Batthish #160; Software Design Engineer Tester
posted
by
ocsteam |
6 Comments
Wednesday, August 29, 2007 8:30 PM
Parlano Joins Microsoft UCG Family
Some great news today -- we’ve announced that Microsoft will acquire Chicago-based Parlano, makers of leading group chat application, MindAlign, adding new capabilities to Office Communications Server and Office Communicator. We’re excited about the opportunity that this acquisition lends and believe Parlano’s group chat technology will help Microsoft deliver the industry’s most complete presence and instant messaging solution. Perhaps even more significant than their leading technology is their talented team who are expected to join us here in Redmond.
The Parlano acquisition enables Microsoft to offer a more complete UC product suite that includes group chat – sometimes called “persistent chat” – along with email, unified messaging, voice, conferencing, presence and instant messaging. One aspect that is very exciting to us is their novel approach to topic collaboration. Parlano provides the ability to structure a namespace for topic based collaboration, so users can find the topics of communication quickly and easily. Currently, the model supports text based communication but we foresee extending this model to encompass all forms of communication (i.e. audio, video, data, etc.). We’ve already been working closely with Parlano, and when the deal closes, Microsoft will further integrate their technologies with ours, to deliver a unified solution as part of future versions of Office Communications Server and Office Communicator. In the interim, customers will get group chat functionality with the Standard OCS client access license. Current MindAlign customers, many of whom use LCS 2005 today, will continue to receive product support and a simplified migration path to unified communications. We believe this is a natural transition - here’s how we’re already working with them.
The deal is expected to be completed in the fourth quarter of 2007. Following the closing of the acquisition, members of the Parlano team are expected to join the unified communications group at Microsoft. I look forward to welcoming them all personally!
Stay tuned for more information in the coming months.
- Shaun Pierce
General Manager, Unified Communications Group
posted
by
ocsteam |
3 Comments
Tuesday, August 28, 2007 8:12 PM
FREE Microsoft Office Communications Server 2007 Resource Kit Preview Chapters
Free Microsoft Office Communications Server 2007 Resource Kit Preview Chapters Download your preview chapters from Microsoft Office Communications Server 2007 Resource Kit, the definitive resource for deploying and administering Office Communications Server (OCS) 2007. Direct from the OCS Team, this reference will deliver in-depth technical guidance and expertise—plus tools, scripts, and more on CD. The preview chapters are uncorrected manuscript, for early preview, are subject to change prior to release, and are are provided without any express, statutory, or implied warranties. The preview chapters available to download are:
Chapter 3: Infrastructure and Security Considerations
Chapter 4: Basic IM and Presence Scenario
Chapter 9: Remote Call Control Scenario
For more information and to purchase the book, go to http://www.microsoft.com/MSPress/books/10482.aspx About the Authors Jeremy Buch: Jeremy was a Senior Development Lead for the Microsoft Office Communications Server SIP protocol stack and developed conferencing, network protocols and secure federation technology for over 8 years. Jeremy changed roles in 2006 and is currently working for Microsoft Virtual Earth in Boulder, Colorado as a senior development lead for 3D Urban Modeling. Jochen Kunert: Jochen has extensive experience in integrating VoIP software applications into existing enterprise telephone environments. He is now a senior program manager in the Office Communications Server Customer Experience Team in Redmond, Washington. Rui Maximo: Rui is a lead program manager in the Unified Communications Group. He has worked on various aspects of Live Communications Server 2003, 2005, SP1 and Office Communications Server 2007 from migration, topologies, Active Directory schema extensions, management to VoIP and Communicator Web Access. With 11 years of experience at Microsoft, Rui has worked in diverse roles and various products (NT 4.0 Option Pack, Windows 2000, Windows XP, Smartphone 2002, Pocket PC 2002, MIIS 2002).
Click here to download the free Microsoft Office Communications Server 2007 Resource Kit preview chapters.
posted
by
ocsteam |
5 Comments
Saturday, July 28, 2007 2:27 AM
Microsoft Office Communications Server 2007 Releases to Manufacturing
Some great news today from the Communications Server and Communicator Product Groups that OCS 2007 and OC 2007 have released to manufacturing (RTM).
More information on this release will follow, but we wanted to let you know that we have reached this milestone.
- Kevin Engman, UC Community Manager
posted
by
adminocst |
7 Comments
Friday, July 27, 2007 3:26 AM
Coming Soon!
Big News!
posted
by
adminocst |
11 Comments
News
This is provided "AS IS" with no warranties, and confers no rights. Use of included script samples are subject to the terms specified in the Terms of Use.
Poll:
MSFT Product Team Blogs
Exchange - You had me at EHLO
SharePoint Team Blog
IE Team Blog
The Official SBS Blog
MVP Blogs, Forums and Sites
Russ Kirk - GreyConvergence
UC at DigWin.com
Paul's Down-Home Page
Thierry Deman
Vlad Mazek
Daniel Petri
GotSpeech.NET
John Lamb – Modality Systems
Devin Ganger
Joe Schurman
Marshall Harrison – the gotspeech guy
Brian Tirch
Thomas Lee
Lasse Pettersson's Blog
Enabling Technologies Blog
Dennis Lundtoft Thomsen
Other UC Blogs
LCSKid
Jens UC Blog
Eileen's Technology Blog
Unified Communications and more about Microsoft
Jane Lewis Weblog
James O'Neill's Blog
Jochen Kunert
Harold Wong
UCspotting
Microsoft Certified Master Team
Microsoft UC Sites
NextHop
LCS on TechNet
LCS Technical Docs - Office Online
LCS Partners Site
OCS TechCenter
Community
unified communications Blogspot
SharePoint Discussions
CS:MPRegion

数据更新时间

正在更新   

常用工具

桌面软件: MyIP网站信息状态条  WebShot网页快照  SiteMapMaker网站地图生成 
网站信息: Alexa排名查询  PageRank查询/真假PR鉴别/PR劫持检测  外链检查  搜索引擎收录  搜索引擎反向链接  域名注册查询 
网页编辑: 颜色代码选择器  Html特殊符号 
网站调试: 蜘蛛抓取模拟  网站Header信息  网页源代码查看 
代码转换: 火星文查询  繁体/简体转换  Html/js代码转换  Html/UBB代码转换 
友情连接: CodeForge免费源码 CodeForge.com PCFans IT资讯 Ngnix Lighttpd GPhone中国    更多... (PR<5自动转内页)
网站地图: 1 2 3 4 5 6 7 8 9 10 20 30 40 50 60 70 80 90 100 110 120 130 140 150 160 170 180 190 200 250 300 350 400 450 500
免责声明 | 联系我们 | 交换友情链接 | 广告位招商QQ: 1967659002
© 2009 MyIP.cn Dev by MYIP Elapsed:106.852ms 黑ICP备09072263号