Unified Communications - "UC No Evil"

Exchange Back Pressure

2008-03-28T23:18:00.001-07:00

After setting up an Exhange 2007 test environment on a Virtual Machine, I noticed an interesting issue with the routing of mail. Actually no mail routed at all, and the user connected whether it be via Outlook or OWA could not send any emails. No warnings, error messages or NDRs were evident to the user and the emails would simply remain within their "DRAFTS" folder.

During my investigation on the Exchange Mailbox server. I noticed a warning within the application log for an

EventID 1009 - warning event with the Source and Category Labeled as "MSExchangeMailSubmission". The description of the event was as follows "The Microsoft Exchange Mail Submission Service is currently unable to contact any Hub Transport Server in the local Active Directory Site. The servers may be too busy to accept new connections at this time".

After discover of the warning on the Mailbox Server I investigated the Hub Transport application log and discovered a warning EventID 15002, Source MSExchangeTransport, Category: ResourceManager. Although a warning this targeted the source of the problem, "Resources". More indepth look at the warning displayed the following information:

The resource pressure is constant at High. Statistics: Queue database and disk space ("C:\Program Files\Microsoft\Exchange Server\TransportRoles\data\Queue\mail.que") = 67% [High] [Normal=62% MediumHigh=64% High=66%] Queue database logging disk space ("C:\Program Files\Microsoft\Exchange Server\TransportRoles\data\Queue\") = 67% [Normal] [Normal=91% MediumHigh=93% High=95%] Version buckets = 1 [Normal] [Normal=40 MediumHigh=60 High=100] Private bytes = 19% [Normal] [Normal=71% MediumHigh=73% High=75%] Physical memory load = 83% [limit is 94% to start dehydrating messages.] Inbound mail submission from other Hub Transport servers, the Internet, the Pickup directory, the Replay directory, and the Mailbox server, if it is on a Hub Transport server, has stopped.Loading of e-mail from the queuing database, if available, continues.

Granted servers were not down and services were up and running; however mail was still not flowing. So I decided to do some research and I found a technet article that references this thing called "Back Pressure" for Exchange 2007. Basically Back Pressure is a resource monitoring feature built into Exchange 2007 Hub and Edge Transport server roles, which affects message delivery depending upon the current state of system resources available.

On a Hub or Edge Server the following three levels of system resource utilization are used:

Normal The resource is not overused. The server accepts new connections and messages.
Medium The resource is slightly overused. Back pressure is applied to the server in a limited manner. Mail from senders in the authoritative domain can flow. However, the server rejects new connections and messages from other sources.
High The resource is severely overused. Full back pressure is applied. All message flow stops, and the server rejects all new connections and messages.

All configuration options for back pressure are available in the EdgeTransport.exe.config application configuration file that is located in the C:\Program Files\Microsoft\Exchange Server\Bin directory. The EdgeTransport.exe.config file is an XML application configuration file that is associated with the EdgeTransport.exe file. EdgeTransport.exe and MSExchangeTransport.exe are the executable files that are used by the Microsoft Exchange Transport service. This service runs on every Hub Transport server or Edge Transport server. Changes that are saved to the EdgeTransport.exe.config file are applied after the Microsoft Exchange Transport service is restarted.

So in order to get my messages flowing referenced the warning EventID 15002 description and modified the "High" level values so that the calculation of my available resources would not exceed this value. Granted, you can increase the available resources (i.e. diskspace) by adding resources, however in my case this was a VM so I decided to go risky route and increase the EdgeTransport.exe.config file values to prove the concept.

In my case I modified the following line entry "PercentDatabaseDiskSpaceUsedHighThreshold" and increased it from 80 to 95.

Once I modified, saved the file and restarted the Transport service, messages were flowing out of the client "Draft" folders. Then I noticed that mail flow seized again, so I resorted to creating another drive/volume for messaging QUEUE and Logs then changed the Queue and Logs location. Of which can ALSO be performed by modifying the EdgeTransport.exe.config file. How to Change the Messaging Queues can be referenced HERE. Once I allocated enough space for the messaging queues, messages were flowing and Exchange was happy.

Reference Back Pressure
Reference Changing Messaging Queues

KB References

2008-03-19T09:22:00.001-07:00

This post will provide Knowledge Base references.

Describes that you may receive a "[0xC3EC7840]" error message in the OCS 2007 setup log... When you use the Create/Upgrade Enterprise Edition Pool Setup program to create a Microsoft Office Communications Server 2007 enterprise pool ...

http://support.microsoft.com/kb/911787/en-us

Address Book Chaos

2008-03-16T16:52:00.001-07:00

The following article will detail procedures for resolving common Address Book configuration issues.

Service Unavailable Issues
Address Book authentication issues
Address Book download errors

Service Unavailable Issue

Address Book access could be a direct result of a stopped IIS service on the ABS host. Checking for a service outage is performed from a browser and IIS Manager console.

Check that services are online:

Open IIS Manger and navigate to the web site hosting "ABS" virtual directory.
Check that the service for the web site is running. If it is not then start up the web site and refresh to verify the service stays online.
Next navigate to the "ABS" virtual directory, and open "Properties".
Under the "Virtual Directory" tab, look to see which application pool the virtual directory is using. (Default is LSGroupExpAppPool)
Click cancel to close the properties window
Navigate to the "Application Pools" directory within IIS.
Check the LSGroupExpAppPool (or whichever application pool was listed in step 4) and verify the service is running. If it is not, open the Properties of the Application Pool and select the "Identity" tab.
Verify that Configurable is selected and the Username and Password fields have values. Common issue here is that the Username is populated; however the password field is blank. This is usually a result of changed password for the service account listed. (Recommendation would be to make sure the service account listed is set within Active Directory as "Password Never Expires".
If the password is blank, enter the password for the account and start up the service.
Verify service stays online. Even if the password is blank or incorrect the service may start however the next time the ABS service is accessed the application pools will disable itself.
To test... Within IIS manager navigate to the ABS\ Int\Files directory and log down one of the address book service file names. This filename will be appended to the URL entered in the following step.
Open a browser and enter the URL to the address book server along with the full path the ABS file logged in the previous step. Example: Https://absserver.company.ad/abs/int/handler/F-0a2e3d.lsabs
If the Identity configured above is correct and password is valid then you will get prompt for the downloading of the file. It it was configured incorrectly you will receive the "Service Unavailable" page (listed below).

Address Book Authentication Issues

Authentication issues could range from multiple credential prompts for Address Book access, Synchronization errors, download failures, etc. The following procedures have resolved majority of the Address Book issues I have encountered

Sample images of common ABS issues:

Multiple Credential Prompts (MOC)
Synchronization errors (MOC)

Note: If you are experiencing Address Book issues ONLY on Windows VISTA machines and the XP or 2000 fine. Refer to my other article Address Book Download Issues (Vista machines).

Lets get started:

When starting Office Communicator, it will sign the user in but then present you with the following prompt to download the address book. Normally there is no prompt (Integrated Windows Authentication) and Communicator downloads the address book seamlessly.

When Office Communicator signs in it receives a referral from the OCS 2007 frontend to the address book URL. The default is a HTTPS URL which requires a valid certificate assigned to IIS. Before you begin troubleshooting, verify the Address Book URL that your clients are attempting to connect to.

Note: This document focuses solely on resolving issues related to Internal Address Book service connection issues. External connection issues to the Address Book service extend beyond this document, because many other factors can come into play (i.e. Reverse Proxy, Connectivity, Firewalls, etc.)

Check Internal Address Book URL and Output Location

Note: This example is retrieving the address book url for an Enterprise Pool deployment.

Open the Office Communication Server 2007 console and navigate the Enterprise Pool. You can see the address book URL and share location in the status page for the pool . Share Location is where the full and delta Address Book files are stored which MOC client downloads.

Address Book URL

https://adhc-01.contoso.com/abs/int/handler

Verify permissions to the Address Book Files

Verify the security configuration of the UNC path specified. Ensure that RTCUniversalGuestAccessGroup has the following permissions:

Share level: Read
NTFS level: Read & Execute, List Folder Contents, and Read.

After verifying the permissions on the share, review the IIS settings for the virtual directory. Below is an example of the structure for Abs. The Files virtual directory should be referring to the UNC path in its properties.
After permissions are verified, run a query or lookup the membership to the RTCUniversalGuestAccessGroup. Log the membership to the group, as they will be referenced in the following section.

Verify the "Connect As" Account to the Address Book Files directory.

Ensure that we have set the correct account that will be used to access the UNC share in the virtual directory properties as in the example below.

Referencing the same directory above "ABS\Int\Files", select Properties > Virtual Directory tab.
Click the Connect As button.
Verify that the account listed is a member to the RTCUniversalGuestAccessGroup. If another group was used in the previous section verify the "connect as" account is a member of that group.

Verify the Authentication Settings for the ABS Virtual Directory

Now that you have the actual location clients are attempting to access for Address Book downloads, open IIS manager and verify the Authentication Setting for that site.

Open IIS Manager and navigate to the Web Site (ex. default website) hosting ABS virtual directory.
Right click on the ABS virtual directory and select Properties.
Click Directory Security tab and click Authentication and Access Control button.
Check which authentication settings. (Internal ABS access would normally be set to Integrated Windows Authentication). We are going to assume that Integrated Authentication is selected. Continue to step 5.
Integrated Windows Authentication will use Kerberos as the primary method of authentication, and in order for this to work the Service Principal Name (SPN) must be configured correctly for the url clients access otherwise authentication issues will exist.

Check Service Principal Name (SPN) is registered correctly

To complete this test, you must have the Office Communication Server 2007 Resource kit is installed. The tool used to check the SPN registration is the CheckSPN.vbs script.

Kerberos authentication is not possible for services without properly set Service Principal Names (SPNs). SPNs are unique identifiers for services running on servers. Each service that uses Kerberos authentication needs to have an SPN set for it so that clients can identify the service on the network. It is registered in Active Directory under a user account as an attribute called Service-Principal-Name. The SPN is assigned to the account under which the service the SPN identifies is running. Any service can look up the SPN for another service. When a service wants to authenticate to another service, it uses that service’s SPN to differentiate it from other services running on that computer.

In general, only one SPN should be set for each service. Multiple SPNs can cause clients to connect to the wrong system or the ticket may be encrypted with the wrong key.

Note: Common configuration problems are the use of a virtual FQDN listed for the certificate subject name (ex. ocspool.company.com) and/or SPN is registered with multiple user accounts. Kerberos will choke when the name listed on the certificate is not an actual machine name within Active Directory and SPN is registered with multiple user accounts.

For this test you will first run the Checkspn.vbs tool against the name listed onthe ABS site's certificate subject name.

!!! The recommended configuration is one where the Subject Name on the certificate and the machine hosting ABS are one in the same. Most common configuration no,no is to use the same certificate used for the enterprise pool. This is a virtual machine name and kerberos will fail.

Open a command prompt and navigate to where the CheckSPN.vbs file is located (default directory: C:\Program Files\Microsoft Office Communications Server 2007\ResKit)
Run the checkspn script: /abs/int/handler">/abs/int/handler">/abs/int/handler">/abs/int/handler">/abs/int/handler">http://<serverFQDN>/abs/int/handler

> cscript checkspn.vbs /check /s:<serverFQDN>
Verify that you receive "SUCCESS" results. If you receive an error, reference the Office Communication Server 2007 Resource Kit Readme file for steps to resolve. This document will be located within the same directory as Checkspn.vbs.

In Addition to check modify SPNs you may have to use the SETSPN utility provide with the Windows 2Kx Support Tools. For how to use this tool reference the following site(s).

Service Logon Failures due to incorrectly set SPNs: http://technet2.microsoft.com/windowsserver/en/library/579246c8-2e32-4282-bce7-3209d1ea8bf11033.mspx?mfr=true

Below is an example of an incorrectly registered SPN. This error was generated because the name listed is a virtual name and not an actual machine name registered in AD. The following error was resolved by assigning the certificate Subject Name the name of the actual machine FQDN hosting ABS and changing the Address Book URL listed with OCS 2007 console. To change Address Book URL location, proceed to the next section.

IMPORTANT!

Typically the ABS location, Meeting Content download location, and distribution list expansion virtual directories fall under the same Web Site, which in turn use the same certificate. If for whatever reason the ABS URL Location is change, the meeting content download and distribution list expansion URL locations must also be modified to function properly.

Change ABS URL Location(s)

Reasons for changing the ABS URL:

Resolving SPN issues
Moving ABS location to another server
Incorrect URL entered during installation of OCS 2007

Note: ABS URL changes cannot be changed within the OCS console. They have to be modified through WMI (wbemtest.exe).

Logon to the Standard Edition or Enterprise Pool server with an account that is a member of the RTCUniversalServerAdmins group.
From a command prompt run wbemtest.exe
In the Windows Management Instrumentation tester window and click Connect
In the Connect dialog box, in Namespace, type root\cimv2, and then click Connect
In the Windows Management Instrumentation Tester dialog box, click Query button
Enter the following query
1. Standard Edition Server: In the Query dialog box, type the query, such as:
  
  Select * from MSFT_SIPAddressBookSetting where backend="(local)\\rtc"”
2. Enterprise Pool: In the Query dialog box, type the query, such as:
  
  Select * from MSFT_SIPAddressBookSetting where backend = ”BackendServerName\\DatabaseInstanceName”.
In the query results box double-click the results.
Select value you wish to edit. Example(ExternalURL), and then click Edit Property.
In the Property Editor dialog box, click to select the NOT NULL option.
In the Value box, type the external Web Farm URL in the following format, and then click Save Property and Save.
https://externalURL.domain.com/abs/Ext/Handler
Click Save Object and then click Close.
Click Exit.

IMPORTANT!

If the Address Book URL has been changed you most likely will have to modify the Meeting Content Download URL, and Distribution List Expansion URLs. To do this reference the following section.

Change WMI Setting for Meeting Content and Meeting Content Metadata folders

Logon to the Standard Edition or Enterprise Pool server with an account that is a member of the RTCUniversalServerAdmins group
From a command prompt run wbemtest.exe
In the Windows Management Instrumentation tester window and click Connect.
In the Connect dialog box, in Namespace, type root\cimv2, and then click Connect
In the Windows Management Instrumentation Tester dialog box, click Query button.
Enter the following query
- Standard Edition Server: In the Query dialog box, type the query, such as:
  
  Select * from MSFT_SIPDataMCUCapabilitySetting where Backend = “(local)file://///rtc”
- Enterprise Pool: In the Query dialog box, type the query, such as:
  
  Select * from MSFT_SIPDataMCUCapabilitySetting where Backend = ”BackendServerName\\DatabaseInstanceName”.
  
  Example (If default instance): Select * from MSFT_SIPDataMCUCapabilitySetting where Backend = "SQLServer"
  Note: When entering the sql statement make sure to have a carriage return following the command.
In the Query dialog box, click Apply.
In the Query Result dialog box, double-click MSFT_SIPDataMCUCapabilitySetting
In the Properties box select the property that you wish to change (i.e. MeetingMetadataLocation and MeetingContentLocation), edit the values and enter the correct UNC path and save property.
Click Save Object, and then click Close.
Click Exit

Change WMI Setting for Distribution List Expansion

Logon to the Standard Edition or Enterprise Pool server with an account that is a member of the RTCUniversalServerAdmins group.
From a command prompt run wbemtest.exe
In the Windows Management Instrumentation tester window and click Connect
In the Connect dialog box, in Namespace, type root\cimv2, and then click Connect
In the Windows Management Instrumentation Tester dialog box, click Query button
Enter the following query
1. Standard Edition Server: In the Query dialog box, type the query, such as:
  
  Select * from MSFT_SIPGroupExpansionSetting where backend="(local)\\rtc"”
2. Enterprise Pool: In the Query dialog box, type the query, such as:
  
  Select * from MSFT_SIPGroupExpansionSetting where backend = ”BackendServerName\\DatabaseInstanceName”.
In the query results box double-click the results.
Select value you wish to edit. Example(ExternalDLExpansionWebURL), and then click Edit Property.
In the Property Editor dialog box, click to select the NOT NULL option.
In the Value box, type the external Web Farm URL in the following format, and then click Save Property and Save. https://externalURL.domain.com/abs/Ext/Handler
Click Save Object and then click Close.

Address Book Download Issues (Vista machines)

2008-03-12T12:17:00.001-07:00

Let me see if this sounds familiar... Address Book service is configured correctly, and my Windows 2000/XP machines have no problem downloading the address, BUT my Windows Vista machines do. Below is a brief explanation of steps you can take to resolve the issues for Vista machines without tearing apart your server hosting ABS.

The OC client will inherit the proxy server configuration that is used by IE and cache the Abs/Ext/f-0901e.lsabs at the proxy and locally on the Windows client. The OC client configuration for automatic DNS lookup and manual TLS configuration can render different results in the HTTP URL that is used for accessing the ABS virtual folders. So there can be several different items that come into play that may cause issue with the creation or update of the galcontact.db file on the OC client.

The galcontacts.db file is located at %userprofile%\Local Settings\Application data\Microsoft\Communicator folder. Signing out of OC 2007 and moving or deleting this file then signing back into OC 2007 should import a new lsdabs file and a new galcontact.db should be created. For the Windows 2000/XP machines the GalContacts.db file will be present. Below are some steps to help resolve the address book download issue for Vista machines.

Procedure

Note: You could dive in further and start a network capture from the Vista machine while it signs however for simplicity lets just walk through these steps to see if they fix the issue.

Make sure this symptom is the same on all of your Vista clients.
Flush DNS by using ipconfig /flushdns on the client.
Verify within IE that 'Check for server certificate revocation* is disabled. To do this go to IE > Advanced > Security section > Check for sever certificate revocation*. Deselect the check box.
Now close Internet Explorer, close Communicator (Completely -- signout and close application)
Start Communicator| Signin
If your not presented with an error or the warning stating an issue accessing the Address Book, go to the %userprofile%\Local Settings\Application data\Microsoft\Communicator and verify that a GalContacts.db file exists. If it does exist, GREAT! Your done. If not then continue with the rest of the procedure.
Within IE add the Address Book URL that users will download the AB files. IE > Internet Options > Security > Trusted Sites > Add the URL to trusted sites (ex. https://absserver.company.com)
Repeat steps 4-6
If you still cannot download the address book try, move to step 10.
Verify that User Access Control is Off on the and then repeat steps 4-6.

OCS - Changing Component UNCs, URLs, etc.

2008-03-11T15:03:00.001-07:00

How To Change OCS 2007 Meeting, ABS, Distribution Expansion… URLs and UNC paths

Let me see if this sounds familiar. You decide to configure or reconfigure the UNC paths or URLs for Meeting download location, ABS, Distribution List expansion urls…. However you cannot edit these fields within the GUI. So what now? Well this is where the wbemtest.exe tool comes into play.

This article will provide the procedure for changing the Meeting Content and Metadata UNC paths. The procedure for changing other settings such as URLs for these resources will be similar with respect to using wbemtest.exe however other provisions will have to follow for IIS modifications.

The location for the meeting content folder and the meeting metadata folder are specified during setup and cannot be changed using Office Communications Server 2007. However, those locations can be changed after Office Communications Server is deployed by using the manual steps described in the following sections.

Manually changing the folder location for meeting content and metadata requires completing the following four steps:

1. Creating and configuring the file folders and file shares for meeting content and metadata.

2. Changing WMI settings for meeting content and meeting content metadata folders.

3. Changing the IIS virtual directory to the presentation folder.

4. Restarting the Communications Server Web Conferencing service.

Note: First stop the Web Conferencing service before performing the following steps

To Configure shares for meeting content and metadata

1. If not already created, create the shares for meeting content .

Content Share: \\ServerName\Content

· Standard Edition: Permissions for folders (<contentShare> > Properties > Security)

User Group	Access Permissions
RTC Component Local Group	Read/Write
Users (Local Group)	Read-Only

· Enterprise Edition: Permissions for folders (<ContentShare> > Properties > Security)

User Group	Access Permissions
RTCUniversalGuestAccessGroup	Read Read and Execute List Folder Contents
RTCComponentUniversalServices	Read Read and Execute Modify Write

Metadata Share: \\ServerName\Metadata

· Standard Edition: Permissions for folders (<MetadataShare> > Properties > Security)

User Group	Access Permissions
RTC Component Local Group	Read/Write

· Enterprise Edition: Permissions for folders (<MetadataShare> > Properties > Security)

User Group	Access Permissions
RTCComponentUniversalServices	Read Read and Execute Modify Write

Change WMI Setting for Meeting Content and Meeting Content Metadata folders

1. Logon to the Standard Edition or Enterprise Pool server with an account that is a member of the RTCUniversalServerAdmins group

2. From a command prompt run wbemtest.exe

3. In the Windows Management Instrumentation tester window and click Connect.

4. In the Connect dialog box, in Namespace, type root\cimv2, and then click Connect

5. In the Windows Management Instrumentation Tester dialog box, click Query button.

6. Enter the following query

a. Standard Edition Server:
In the Query dialog box, type the query, such as:

Select * from MSFT_SIPDataMCUCapabilitySetting where Backend = “(local)file://///rtc”

b. Enterprise Pool:
In the Query dialog box, type the query, such as:

Select * from MSFT_SIPDataMCUCapabilitySetting where Backend = ”BackendServerName\\DatabaseInstanceName”.

Example (If default instance): Select * from MSFT_SIPDataMCUCapabilitySetting where Backend = "SQLServer"

Note: When entering the sql statement make sure to have a carriage return following the command.

7. In the Query dialog box, click Apply.

8. In the Query Result dialog box, double-click MSFT_SIPDataMCUCapabilitySetting

9. In the Properties box select the property that you wish to change (i.e. MeetingMetadataLocation and MeetingContentLocation), edit the values and enter the correct UNC path and save property.

10. Click Save Object, and then click Close.

11. Click Exit

Change WMI Setting for Distribution List Expansion

1. Logon to the Standard Edition or Enterprise Pool server with an account that is a member of the RTCUniversalServerAdmins group.

2. From a command prompt run wbemtest.exe

3. In the Windows Management Instrumentation tester window and click Connect

4. In the Connect dialog box, in Namespace, type root\cimv2, and then click Connect

5. In the Windows Management Instrumentation Tester dialog box, click Query button

Enter the following query

a. Standard Edition Server:
In the Query dialog box, type the query, such as:

Select * from MSFT_SIPGroupExpansionSetting where backend="(local)\\rtc"”

b. Enterprise Pool:
In the Query dialog box, type the query, such as:

Select * from MSFT_SIPGroupExpansionSetting where backend = ”BackendServerName\\DatabaseInstanceName”.

7. In the query results box double-click the results.

8. Select value you wish to edit. Example(ExternalDLExpansionWebURL), and then click Edit Property.

9. In the Property Editor dialog box, click to select the NOT NULL option.

10. In the Value box, type the external Web Farm URL in the following format, and then click Save Property and Save.
https://externalURL.domain.com/abs/Ext/Handler

11. Click Save Object and then click Close.

Change WMI Setting for Address Book Service URL

1. Logon to the Standard Edition or Enterprise Pool server with an account that is a member of the RTCUniversalServerAdmins group.

2. From a command prompt run wbemtest.exe

3. In the Windows Management Instrumentation tester window and click Connect

4. In the Connect dialog box, in Namespace, type root\cimv2, and then click Connect

5. In the Windows Management Instrumentation Tester dialog box, click Query button

Enter the following query

a. Standard Edition Server:
In the Query dialog box, type the query, such as:

Select * from MSFT_SIPAddressBookSetting where backend="(local)\\rtc"”

b. Enterprise Pool:
In the Query dialog box, type the query, such as:

Select * from MSFT_SIPAddressBookSetting where backend = ”BackendServerName\\DatabaseInstanceName”.

7. In the query results box double-click the results.

8. Select value you wish to edit. Example(ExternalURL), and then click Edit Property.

9. In the Property Editor dialog box, click to select the NOT NULL option.

10. In the Value box, type the external Web Farm URL in the following format, and then click Save Property and Save.
https://externalURL.domain.com/abs/Ext/Handler

11. Click Save Object and then click Close.

12. Click Exit.

To change the IIS virtual directory to the presentation folder

1. Log on to a server with Web Components installed as a member of the Administrators group or a group with equivalent user rights.

2. Open IIS Manager. Click Start, point to All Programs, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.

3. Expand the computer name, expand Web Sites, expand Default Web Site, expand Etc, expand Place, expand Null, right-click FileTree, and then click Properties

4. On the Virtual Directory tab, do one of the following:

· If the content for this resource is on the local computer, click A directory located on this computer, and then type the path to the meeting content folder that you created in the Local path box.

If the content for this resource is not on the local computer, click A share located on another computer, and then type the path to the meeting content folder that you created in the Network directory box

MSMXL installation error.

2008-02-13T12:50:00.000-08:00

While performing the "Add Server to Pool" operation during installation of OCS 2007 on an x64-bit platform with 64-bit Windows 2003 R2 you receive the following install error:

"MSXML6.0 Package Not supported on Processor Type"

more..info
Error Message 0xC3EC796A MSI installation was unsuccessful. Install MSXML Parser Error. The Error appears, when the system tries to install msxml6.0 with the message, MSXML6.0 package not supported on processor type.

While one would think that there must be fix for this, I later discovered that Office Communications Server 2007 will not install onto a 64-bit OS. Microsoft's UC SWAT team stated that Office Communication Server 2007 can only be installed on 32-bit Operating System, which of course can be installed onto a x32 or x64 machine. If you look within Microsoft's planning documentation there was mention of supported configurations; however 64-bit OS configurartions were not explicit. They have published an updated OCS support document, but of course for those of you who have been involved with deploying OCS for a while now, probably would not have gone back to verify anything as changed. Unless of course something like my particular issue surfaces... You live you learn I guess.. Below is a published list of supported configurations.

Supported configurations:

Supported Operating Systems for Enterprise Edition Office Communications Server 2007 Enterprise Edition requires one of the following operating systems. All operating systems are 32-bit editions.
• Windows Server 2003 R2 Standard Edition
• Windows Server 2003 R2 Enterprise Edition (recommended)
• Windows Server 2003 R2 Datacenter Edition
• Windows Server 2003 Service Pack 1 Standard Edition
• Windows Server 2003 Service Pack 1 Enterprise Edition
• Windows Server 2003 Service Pack 1 Datacenter Edition

Supported Operating Systems for Back End Database Server Office Communications Server 2007, Back-End Database, requires one of the following operating systems. All operating systems are 32-bit versions.
• Windows Server 2003 R2 Standard Edition (recommended)
• Windows Server 2003 R2 Enterprise Edition
• Windows Server 2003 R2 Datacenter Edition
• Windows Server 2003 Service Pack 1 Standard Edition
• Windows Server 2003 Service Pack 1 Enterprise Edition
• Windows Server 2003 Service Pack 1 Datacenter Edition

Supported Operating Systems for Communicator Web Access The following software must be installed on the computer on which you will be installing Communicator Web Access:
• Windows Server 2003 R2 or Windows Server 2003 SP1
• Windows Installer 3 (included in Windows Server 2003 SP1)
• IIS 6.0
• .NET Framework 2.0, including ASP.NET 2.0So until the next release plan for 32-bit OSs for all the server roles except for Backend Database server.

Creating Custom AD Attributes

2008-02-10T10:47:00.000-08:00

This post will detail the procedure for the creation of custom Active Directory attributes and extending the schema.

Note: Whenever possible it is recommended to use default attributes within Active Directory.

Before create the attributes for the organization will have to obtain a Root OID from an ISO Name Registration Authority.

To request and OID namespace: http://www.iana.org/cgi-bin/enterprise.pl
Entire list of Enterprise Numbers can be located on this site. Check to see if your company is listed within the list :http://www.iana.org/assignments/enterprise-numbers . The root that IANA uses is listed at the top of the page (1.3.6.1.4.1). At the beginning of each company entry within the list is a "Branch" ID. (ex. Microsoft is 311) This branch ID is to be appended to the end of the IANA root id, (Ex. 1.3.5.1.4.1.311) which makes up the company's OID namespace.

Format To use: (IANA root ID)(BranchID)(ApplicationID)
Example: 1.3.6.1.4.1.311.2.1
Note: The application ID above "2" and last octet digit "1" is determined by you. Make sure to document all the OIDs you generate for easy reference.

After you have your OID, then you can begin creating your custom attributes. Below is the procedure to do this.

Log on to the Domain Controller serving the Schema Master FSMO role (Finding Schema Master: Command: netdom query fsmo /domain:)
Resolve any outstanding replication issues: repadmin /replsummary /bydst /bysrc /sort:delta
Back up the system state on the Schema Master.
Disable outbound replication on the Schema Master:repadmin /options +DISABLE_OUTBOUND_REPL
Perform the extension; Open Schema Admins (Windows support

Availability Service

2008-02-10T10:43:00.000-08:00

What is the Availability Service ?
Availability Service is a Web Service that is responsible for providing free/busy information to the Outlook 2007 client and OWA 2007. Ofcourse, since Availability Service(AS) is part of the Exchange 2007 Programming Interface, it will be available as a public web service to allow third-party tools to integrate with it and as a programming interface for interested developers.

The schema for the availability service can be found at:https:///ews/services.wsdl

Free/Busy Retrieval Method

more info to post.................

Unified Messaging

2008-02-10T10:42:00.002-08:00

The unified messaging server role contains a number of "global" objects. This page is meant to be the anchor for topics that relate to these organization-wide objects and settings, such as UM Dial Plans, UM IP Gateways, UM Mailbox Policies, and UM Auto Attendants.

UM Dial Plans (Content Needed)
UM IP Gateways (Content Needed)
UM Mailbox Policies (Content Needed)
UM Auto Attendants (Content Needed)
UM and OCS Interop (Content Needed)

EMS -CmdLets

2008-02-10T10:42:00.001-08:00

Exchange Management Shell - CmdLets

INSTALLATION:

Verify Organization information

Get-ExchangeOrganization
Get-ExchangeOrg –info

Verify Exchange Configuration

Get-ExchangeConfig

Verify Server Configuration

Get-ExchangeServer

Autodiscover
Verify AutoDiscover is configured properly:
Test-OutlookWebServices -identity:rskalitzky@ensynch.com

HUB TRANSPORT

CLIENT ACCESS:

OWA:

To get listing of vdirs on a server:
ESM> get-owavirtualdirectory -server qa-exch7-m
ail01 -domainController qa-exc7-dc01.ex.ensynch.ad

To get list of OWA vdir on a server:
ESM> get-owavirtualdirectory -identity "qa-exch7-mail01\owa (default web site)"

MAILBOXES:

Mailbox Access:
Providing permissions to users’ mailboxes is easy with the Exchange Management Shell.

Send on behalf to:
ESM> set-mailbox "Joe Contoso" -GrantSendOnBehalfTo "Jim Fabrikam"

Send-As (send as someone else):
ESM> add-adpermission "Joe Contoso" -extendedrights Send-As -user contoso\fabrikam

Full mailbox access:
ESM>add-mailboxpermission "Joe Contoso" -accessRights FullAccess -user contoso\fabrikam

All Mailboxes and their access:
You can use get-mailboxpermission to see what rights are on a set of mailboxes... in fact, we can finally see who has rights on who's mailboxes in bulk. The commands are fully pipelineable:
ESM>get-mailbox -server myserver get-mailboxpermission

UNIFIED MESSAGING:

EDGE TRANSPORT:

CERTIFICATES:

Recovering Messaging Databases

2008-02-10T10:40:00.003-08:00

Methods for recovering a database:

- Recover using Recovery Storage Group (RSG)
- Recover using Database Portability
- Recover using Dial-Tone Recovery

Recover data using RSG:

1. Use Exchange Database Recovery Management tool for creatingthe RSG.
2. Restore data using back to the RSG (Note: You don’t need to select an RSG to restore to.. If one exists, it is automatically used.)

Recover using Database Portability:
You can use the database portability feature in Exchange Server 2007 to recover a mailbox database when there is a server failure or a hard disk failure.

You can use this option when a Mailbox server fails, but the storage group and database files are available on hard disk or on a backup tape.

You can also implement database portability when the hard disk storing the database fails on one server, and the hard disk cannot be replaced. You can restore the database from the backup data on another Mailbox server.

By using database portability in Exchange Server 2007, you can move a mailbox database from one Mailbox server and mount it on another server. To mount the database on the new server, you do not need to modify the database or configure the server. However, you can mount the database only on a server in the same Exchange Server organization.

To recover a messaging database by using database portability:

1. First create a new database on an alternate server. The new database must have the same name as the database you are recovering. You can either create a new storage group or create the destination database in an existing storage group on the server. Then, configure the database so that you can overwrite it with the backup data.

2. You can now restore the backup copy of the database from the failed server and mount the database on the new server.

3. Finally, you need to modify the user accounts to refer to the new database by using an Exchange Management Shell command.
This command obtains a list of all mailboxes in the restored database and passes it to the Move-Mailbox cmdlet.

Get-MailboxStatistics -database Move-Mailbox -configurationOnly -target

4. When users try to access their mailboxes by using Microsoft Office Outlook 2007, they will be automatically redirected to the new server. However, you need to manually configure clients such as Microsoft Office Outlook 2003 and earlier versions to refer to the new Mailbox server. Outlook Web Access users are also automatically redirected to the new server.

Recover using Dial-Tone:
You can use dial-tone recovery to provide users with immediate access to their mailboxes and e-mail services even before you restore data to their mailboxes. To do this, create an empty mailbox database to replace the missing or corrupted mailbox database. By using dial-tone recovery, you can ensure that users experience minimum disruption of services after the failure of a database or a server.
Benefits of Using Dial-Tone Recovery
By implementing dial-tone recovery, you can ensure that users in your organization can access their e-mail messages and begin working much faster compared to a standard restore. When you perform a standard restore, users cannot access e-mail services until you restore the database completely. A standard restore can take several hours if the database is very large, and external users may start receiving non-delivery reports (NDRs).
Using Alternate Servers
If there is a server failure instead of a database failure, you can perform dial-tone recovery on an alternate server by using the database portability features of Exchange Server 2007. You also need to modify the user accounts to refer to the new database location.
Recovering Historical Data
After dial-tone recovery is complete, you can restore the data from backup to an RSG and then merge the mailbox contents in the recovered database with the contents in the dial-tone database. All the user mailboxes will now have all of their historical information as well as the received and sent messages since the implementation of dial-tone recovery

Procedure:

On another server create a new Storage Group and Create new Database.Note: Use the SAME NAME as the database you'll recover.
Open Exchange Mgmt Shell and modify the user accounts to refer to the new database by using an Exchange Management Shell command.
This command obtains a list of all mailboxes in the restored database and passes it to the Move-Mailbox cmdlet.Get-MailboxStatistics -database
Move-Mailbox -configurationOnly -target
This will give the users access to their mailboxes, while you prepare to merge backup data from and RSG to the new mailbox database.
Use the Exchange Database Recovery Management tool to create a RSG and restore data to the RSG (Refer to Recover using RSG prior section).
After db is restored from backup, use Exchange Database Recovery Management tool to merge data from RSG to the new database.
Manage Recovery Storage Group > Merge copy mailbox contents > Gather Merge Information
At the Select Merge Options > Perform pre-merge tasks
Select mailboxes to copy or merge and Perform Merge Actions

Exchange Message Flow

2008-02-10T10:28:00.000-08:00

Exploring Message Flow:

Microsoft Exchange Server 2007 supports various types of message flow. In an organization that deploys Exchange Server 2007, messages flow within a single Active Directory site or between multiple Active Directory sites. A Hub Transport server manages message flow in an organization by using various components in Exchange Server 2007. You can control the message flow among various servers and between the servers over the Internet by using SMTP Send and Receive connectors.

Types of Message Flow:

Inbound: In an inbound message flow, an Exchange Server 2007 organization receives an e-mail message over the Internet. A Hub Transport server or a gateway server, such as an Edge Transport server, accepts the message over the Internet and then routes the message to an internal Exchange Server 2007 server.
Outbound: In an outbound message flow, an internal Exchange Server 2007 server sends an e-mail message from within the organization over the Internet. A Hub Transport server processes and identifies the message as an outbound e-mail message. The Hub Transport server then sends the message over the Internet either directly or by using a gateway server such as the Edge Transport server
Local: In a local message flow, a Hub Transport server processes an e-mail message received by Exchange Server 2007 and then sends it to a mailbox in the same Active Directory site. Even if an organization has a single Mailbox server, all e-mail messages are routed through the Hub Transport server as part of the delivery process. Therefore, all Exchange Server 2007 organizations use local message flow
Remote: In a remote message flow, a Hub Transport server processes an e-mail message received by Exchange Server 2007 and then sends the message to a mailbox in a different Active Directory site. Remote message flow takes place only if an organization has multiple Active Directory sites with Mailbox servers. Typically, small organizations and large organizations with centralized Mailbox servers in a single data center do not use remote message flow.

Components Used in Message Flow:

Message transport in Microsoft Exchange Server 2007 involves the interaction of various components :

Microsoft Exchange Mail Submission service:

The Microsoft Exchange Mail Submission service is a notification service that runs on Mailbox server roles in Exchange Server 2007.

When a message becomes available for retrieval in the Outbox folder of a sender, the Microsoft Exchange Mail Submission service notifies a Hub Transport server in the local Active Directory site. If there are multiple Hub Transport servers in the site, the Microsoft Exchange Mail Submission service evenly distributes notifications among all the available Hub Transport servers.

When the Microsoft Exchange Transport service starts on each Edge Transport server or Hub Transport server, the categorizer creates the local submission queue.
Store driver: The store driver on the Hub Transport server role retrieves the message, which is in MAPI format, from the sender’s Outbox folder and converts it to the Summary-Transport Neutral Encapsulation Format (S/TNEF).

S/TNEF is a type of Transport-Neutral Encapsulation Format (TNEF), which has no plain text part and is in eight–bit binary format. The store driver then submits the message to the submission queue and moves the message from the Outbox to the Sent Items folder.
Submission queue: Messages can also enter the submission queue on a Hub Transport server from an SMTP Receive connector or from the Pickup directory. The submission queue stores all messages on disk until the categorizer processes them.
Categorizer: The categorizer processes the messages one at a time and always selects the oldest message in the submission queue first. On an Edge Transport server, the categorizer verifies the recipient SMTP address of an inbound message and places it directly in the delivery queue.

The message is then routed to a Hub Transport server. On a Hub Transport server, the categorizer processes all inbound messages based on the information about the intended recipients. The categorizer makes copies of messages that have multiple recipients, determines routing paths, converts content format, and applies organizational message policies.

After the categorizer processes the message, the message is removed from the submission queue.

SMTP Connectors:

You need an SMTP connector to route messages between two Active Directory sites or between two Active Directory sites over the Internet. However, you do not need SMTP connectors to route messages within an Active Directory site. You can use an SMTP connector to route messages between Hub Transport servers and Edge Transport servers or between the Hub Transport servers over the Internet. Each Hub Transport server and Edge Transport server can have SMTP connectors to send or receive messages.

To manage the message flow in your organization, you can use the default configuration of the SMTP connectors that is provided by Exchange Server 2007. Based on the requirements of your organization, you can also configure the properties of SMTP connectors. You can specify the source IP addresses that should send or receive messages. You can also specify the maximum size of messages and configure permissions. In addition, you can enable protocol logging on an SMTP connector to identify the problems in the message flow.

Types of SMTP Connectors:

Send: A computer that runs Exchange Server 2007 requires an SMTP Send connector to send any SMTP e-mail message. You need SMTP Send connectors to send an e-mail message to any SMTP server over the Internet or to any SMTP servers in your organization. By default, SMTP Send connectors are not configured on a Hub Transport server. However, SMTP Send connectors are dynamically created in the server memory to communicate with other Hub Transport servers on other sites. You cannot configure these dynamically created SMTP Send connectors or view them by using the management tools in Exchange Server 2007.

When you create an SMTP Send connector, you must configure it with a Domain Name System (DNS) address space, which is used to identify the messages that are processed by the SMTP Send connector. For example, if you configure an SMTP Send connector with the contoso.com DNS address space, all messages with a destination address in the contoso.com domain will be processed by that SMTP Send connector. After you configure the DNS address space, you can configure the SMTP Send connector to deliver messages by looking up the mail exchanger (MX) records in DNS or to forward messages to a smart host.
Receive: A computer that runs Exchange Server 2007 requires an SMTP Receive connector to accept any SMTP connection. An SMTP Receive connector enables a Hub Transport Server or an Edge Transport server to receive e-mail messages from other SMTP servers. These SMTP servers can include servers on the Internet, other Exchange Server 2007 Hub Transport servers, or Edge Transport servers.

You can configure multiple SMTP Receive connectors with different parameters on a single Exchange Server 2007 server. Small-to-medium-size organizations may use only the two default SMTP Receive connectors. Large organizations may need multiple SMTP Receive connectors on a single server or on multiple servers. The default SMTP connectors manage the message transport within the same Active Directory forest. Therefore, you do not need to create SMTP Receive connectors to route e-mail messages between Hub Transport server in the same Active Directory forest.

You must configure each SMTP Receive connector with: A port number on which the connector will receive connections. The local IP addresses that the SMTP Receive connector will use for incoming connections. A remote IP range that can send e-mail message to the SMTP Receive connector. The combination of these three properties must be unique for every SMTP Receive connector in your organization

SMTP Default Configuration:

By default, the following SMTP Receive connectors are created on each Hub Transport server:

The Client Receive Connector that receives connections from SMTP clients, such as Microsoft Office Outlook Express
The Default Receive Connector that receives connections from other SMTP servers by default

The default configuration for the two connectors is similar, but with one important difference: the Client Receive Connector is configured on port 587 rather than port 25. This is because the Internet Engineering Task Force (IETF) working group process in Request for Comment (RFC) 2476 has proposed that port 587 should be used only for message submission from e-mail clients that require message relay.

Message Flow Scenarios:

Single Site: Message flow within a single site begins when you submit a message to the message store on an Exchange Server 2007 Mailbox server.

When you use Microsoft Office Outlook, the message is written in MAPI format and then sent to your Outbox folder. The Microsoft Exchange Mail Submission service detects that a message is available in the Outbox folder and notifies the store driver on an available Hub Transport server.

The store driver connects to your Outbox folder by using MAPI and retrieves the message from the Mailbox server. The store driver also places the message in the submission queue on the Hub Transport server, and moves the message from the Outbox folder to the Sent Items folder.

The categorizer processes the message in the submission queue. If a message is intended for a Mailbox server role in the same Active Directory site, the categorizer places the message in a local delivery queue.

The store driver then delivers the message to the Mailbox server role by using MAPI.
Multiple Sites:
In a multiple-site message flow, after a message is retrieved and delivered to the Hub Transport server, the Hub Transport server searches the Active Directory to determine the mailbox location of the recipient. Then, the Hub Transport server determines the lowest cost route to the destination site by using the Active Directory site link information.

If Hub sites have not been configured in the route to the destination site, the message is directly delivered to a Hub Transport server in the destination site. This is called Direct Relay Routing.

The Hub Transport server of the destination site then delivers the message to the Mailbox server in that site. If a message has to be delivered to recipients in multiple sites, the message is delivered to a Hub Transport server in each site. If a message has to be delivered to recipients through the Internet, the Hub Transport server routes the message to an Edge Transport server.

The Edge Transport server delivers the message to the appropriate Internet e-mail server, which in turn delivers the message to the recipient. In the absence of an Edge Transport server, the Hub Transport server delivers the message to an appropriate third-party Internet e-mail server by using an SMTP Send connector.
Disrupted:
A message flow is disrupted if no Hub Transport server is available in the destination site. In such a situation, the message is routed to the closest Hub Transport server along the most optimal route. This is referred to as Queuing Messages at the Point of Failure.

The closest Hub Transport server then delivers the message when a Hub Transport server in the destination site becomes available. If a message has to be delivered to recipients at multiple sites, a copy of the message is delivered directly to the recipients at each site.

However, if destination Hub Transport servers are not available, then the source Hub Transport server delays making copies of the message for each recipient and sends a single message that is queued for delivery at the Hub Transport server that is closest to the destination sites.

When the destination sites become available, the queued message is sent to each site with a recipient. This is referred to as Delayed Fan-Out Routing.

Exchange Back Pressure

2008-02-10T10:21:00.000-08:00

Normal The resource is not overused. The server accepts new connections and messages.
Medium The resource is slightly overused. Back pressure is applied to the server in a limited manner. Mail from senders in the authoritative domain can flow. However, the server rejects new connections and messages from other sources.
High The resource is severely overused. Full back pressure is applied. All message flow stops, and the server rejects all new connections and messages.

OCS - Bandwidth & Topology Calculator

2008-02-08T07:42:00.000-08:00

Resource will be available shortly...

Latest Version of Communicator Mobile 2007 does not connect

2008-02-01T21:13:00.000-08:00

Ok, you have setup Office Communication Server 2007, MOC client connections work internally and externally; however now it comes to Communicator Mobile 2007 connectivity testing and the damn thing does not want to connect. Standard message presented upon sign-in is that your version of Communicator Mobile needs to be updated! What? "I just downloaded the most recent version, and there are no other hotfixes!" No need to worry this is merely the default "Client Version Filter" settings causing you grief. For some reason Microsoft decided to block versions of Office Communicator Mobile that are less than or equal to (<=) 2.0.6021.*. At the time of this post, the most recent version of Communicator Mobile is/was 2.0.387.*. Nice! Below is the procedure to modify the filter to get your version of CM connected.

Note: The OCS 2007 Admin Guide lists the COMO filter in the same manner as above (which makes sense) to be used for CM; however changing this filter did not do the trick. The key was to change the CPE filter to the filter listed above. After that was changed and services restarted, CM connected..

Step 1. Open Your Standard of Enterprise Pool

Step 2. Open your Client Version Filter (Option in your pool configuration.

Step 3. Change the CPE value to 2.0.387.* >= Allow and COMO value to 2.0.387.*

Step 4. Stop all started services

Step 5. Start all stopped services

Step 6. Connect to your Access Edge Server search your ClientVersionFilterConfig.exe
(C:\Program Files\Common Files\Microsoft Office Communications Server 2007)

Step 7. Change the CPE value to 2.0.387.* >= Allow and COMO value to 2.0.387.*

Step 8. Stop all started services (on your Access Edge Server)

Step 9. Start all stopped services ((on your Access Edge Server)

Step 10. Reconnect again and it should work.

OCS 2007 - Authentication Issues [0xC2FC200D]

2007-12-14T08:50:00.000-08:00

Office Communication Server 2007: Authentication/Logon Issue
Failure [0xc3fc200D]

It is common to run across communication and authentication issues when deploying OCS. One of the tricks is trying to determine the root of problem. Failure codes and results are not always self explanatory and let’s just face it OCS 2007 being a new product does not have a whole lot of available support resources yet. This article addresses an authentication problem that generally stumps many implementers. The validation wizard usually picks up on this issue; however it does not scream out “here is the problem” fix me. Generally the results make no mention of a little thing called Server Principal Name (SPN), which is truly the underlying problem. The image below displays a typical authentication error during validation, that is a direct result of an incorrectly registered SPN for the Office Communication Server (Standard or Enterprise). The sections below will provide a brief explanation of the issue as well as troubleshooting and remediation of the problem.

Issue:
Failure [0xC3FC200D] One or more errors detected

Explanation:Registration failure upon authentication is attributed to the Server Principal Name (SPN). The Kerberos protocol authentication that is used by the Office Communications Server service for client authentication requires the proper configuration of service principal names (SPNs) within the Active Directory® Domain Services. The SPN is a string that identifies the service (Office Communications Server) that a client wants to access.
For proper operation of the Kerberos authentication, the SPN of the Office Communications Server must be registered in Active Directory under the name of the user account where the service runs, typically RTCService. If the SPN of the server is registered in multiple accounts, Kerberos authentication does not operate properly.

Solution:

To verify SPN is set correctly:
1. Install the OCSResourceKit for Office Communication Server 2007

OCS Resource Kit.
2. Open a command prompt and change directories to the OCS Resource kit directory.
3. The reskit contains the “CheckSPN” script that can be used to validate the SPN for the OCS Enterprise or Standard edition server.
4. First run the tool to find all SPNs registered under a specific user account. The default user account, where the Office Communications Server service runs, is RTCService.

>Cscript Checkspn.vbs /List /u:RTCService

Sample Error: ERROR: The SPN for is registered incorrectly

5. Next run a check to see whether the SPN for a specific Office Communications Server Standard Edition or Enterprise Edition server is registered under one account. The server is identified by its FQDN (fully qualified domain name). If there is more than one registration, the script prints the user accounts that have this SPN registered. This mode is useful for detecting that the servers SPN has been registered under multiple accounts. If this is the case, the duplicate SPNs must be deleted until there is exactly one account under which the SPN is registered. Having the same SPN registered under multiple accounts causes Kerberos protocol authentication to fail on the client.

>Cscript checkspn.vbs /check /s:ocsserver.contoso.com

If multiple entries are returned, an ERROR will be returned and that the SPN is registered incorrectly. To correct the duplicate account must be deleted.
6. Deletes the SPN for a specified Standard Edition server or Enterprise Edition server from a specified user account. This mode is useful for cleaning up duplicate SPNs

>checkspn.vbs /del /s: /u:

7. Once you think you have the SPN set correctly, rerun the scripts in step 4 and 5 to verify SPN.
8. Next rerun the Validation tool and verify authentication is working properly for Kerberos and NTLM.
9. Now you can test connectivity and functionality using Communicator client.

OCS - Server Requirements

2007-09-21T13:46:00.000-07:00

Server Platform Requirements

Hardware for Standard Edition and Enterprise Edition Servers
Hardware requirements vary according to server role, configuration, and storage requirements. This topic summarizes the requirements for the following server configurations. Server roles not listed in this section are addressed in subsequent sections for the following server configurations.

Standard Edition Server configured as one of the following:

Front End Server, Web Conferencing Server, and A/V Conferencing Server
Director
Archiving and CDR Server
Edge Server (one or more of the supported edge server roles)

Enterprise Edition Server configured as one of the following:

Consolidated Enterprise Edition Server (Front-End Server, Web Conferencing Server, A/V Conferencing Server, and IIS collocated on server)
Front End Server in expanded configuration (conferencing servers and IIS installed on separate computers)
Web Conferencing Server in the expanded configuration
IIS Server in the expanded configuration
Archiving and CDR Server

Small or medium-sized Back-End Database server

CPU: Dual processor 3.2 GHz with HT
Disk: 2 x 18 GB
Plus 2 x 36 GB for collocated SE Server
15K rpm SCSI
Cache: 1 MB
Memory: 2 GB
Network: GBit NIC

Hardware for A/V Conferencing Servers and A/V Edge Servers
The following hardware requirements are required for A/V Conferencing Servers in an expanded pool configuration and all standalone A/V Edge Servers.

CPU: Dual processor, dual core 3.0 GHz
Disk : 2 x 18 GB 15K rpm SCSI
Cache: 1 MB
Memory: 4 GB
Network: GBit NIC (for A/V Conferencing Server)
2 × GBit NIC (for A/V Edge Server)

Hardware for Large Back-End Database for an Enterprise Pool
The only exception to this recommendation is for an Enterprise Edition Server deployed as a large Back-End Database server. For this role, the recommended hardware is as follows:

CPU: Quad processor, dual-core 3.0 GHz with HT
Disk: 2 × 18 GB
External Ultra 320 SCSI Array
4 × 36 GB (RAID 1 + 0)
Cache: 1 MB
Memory: 32 GB
Network: GBit NIC

Hardware for Mediation Server

CPU: Dual processor 3.2 GHz with HT for up to 120 concurrent calls
Dual processor, dual core 3.0 GHz for more than 120 concurrent calls
Disk: 1 × 30 GB 15K rpm SCSI
Cache: 1 MB
Memory: 2 GB
Network: 2 × GBit NIC

Operating System

The minimum and recommended operating system platform requirements for all Office Communications Server 2007 server roles are as follows:
Minimum: Microsoft Windows Server® 2003 SP1.
Recommended: 32-bit Windows Server 2003 R2.
OCS Server Roles will only install on 32-bit Windows 2003 operating systems. 64-bit OS is not supported. Microsoft's documentation is incorrect. Verified by Microsoft UC SWAT Team

Supported Operating Systems for Enterprise Edition Office Communications Server 2007 Enterprise Edition requires one of the following operating systems. All operating systems are 32-bit editions.
• Windows Server 2003 R2 Standard Edition
• Windows Server 2003 R2 Enterprise Edition (recommended)
• Windows Server 2003 R2 Datacenter Edition
• Windows Server 2003 Service Pack 1 Standard Edition
• Windows Server 2003 Service Pack 1 Enterprise Edition
• Windows Server 2003 Service Pack 1 Datacenter Edition

Supported Operating Systems for Back End Database Server Office Communications Server 2007, Back-End Database, requires one of the following operating systems. All operating systems are 32-bit versions.
• Windows Server 2003 R2 Standard Edition (recommended)
• Windows Server 2003 R2 Enterprise Edition
• Windows Server 2003 R2 Datacenter Edition
• Windows Server 2003 Service Pack 1 Standard Edition
• Windows Server 2003 Service Pack 1 Enterprise Edition
• Windows Server 2003 Service Pack 1 Datacenter Edition

Supported Operating Systems for Communicator Web Access The following software must be installed on the computer on which you will be installing Communicator Web Access:
• Windows Server 2003 R2 or Windows Server 2003 SP1
• Windows Installer 3 (included in Windows Server 2003 SP1)
• IIS 6.0
• .NET Framework 2.0, including ASP.NET 2.0

Active Directory
For all servers requiring Active Directory® Domain Services, the minimum supported configuration is the Microsoft Windows® 2000 SP4 operating system in Windows 2000 Native Mode.

SQL Server
For all servers requiring SQL Server, the minimum and recommended versions are as follows:
Minimum: SQL Server 2000 SP4 or SQL Server 2005, SP1 (32-bit or 64-bit versions of SQL Server SP1 or later are supported)
Recommended: SQL Server 2005, SP2

IIS
For all servers running IIS, the required version is 6.0.

.NET Framework
Office Communications Server 2007 requires .NET framework 2.0.

Supported Clients
The supported clients for Office Communications Server 2007 Public Beta are as follows:

Required: A version of Microsoft Office Communicator
Minimum: Office Communicator 2005 for IM and legacy presence.
Recommended: Office Communicator 2007 for IM, group IM, multimode conferencing, and enhanced presence.
Required: Microsoft Office Live Meeting 2007 client for meetings.
Required: the Conferencing Add-In for Microsoft Office Outlook for scheduling meetings.
Optional: Communicator Web Access for Office Communications Server 2007 for IM and enhanced presence.

2007-09-21T13:43:00.000-07:00

Below is a high-level deployment path for Enterprise Voice using Exchange 2007 and Office Communication Server 2007.

Protocols - OCS Web Conferencing

2007-09-21T13:40:00.000-07:00

Conference Protocols

Office Communications Server 2007 multimedia conferencing uses a variety of protocols for signaling, conference management, data collaboration, multimedia, and communication among conference components.

SIP (Session Initiation Protocol). An IETF (Internet Engineering Task Force) standard signaling protocol for initiating, managing, and terminating sessions between one or more participants, including Internet telephone calls, multimedia distribution, and multimedia conference sessions.

HTTP (Hypertext Transfer Protocol). A standard Internet protocol that in Office Communications Server 2007 is for communication between the Focus and conferencing servers, downloading Address Book Server updates to clients, and downloading meeting content to users.
C3P (Centralized Conference Control Protocol). A custom protocol for communicating conference creation and control commands from clients to Office Communications Server 2007. C3P commands are carried as XML in SIP SERVICE or INFO messages.

PSOM (Persistent Shared Object Model). A custom protocol for transporting Web conferencing content.

SRTP (Secure Real-Time Transport Protocol). An IETF standard protocol that is used in Office Communications Server 2007 for securely transporting audio and video content to various media devices.

RTCP (Real-Time Control Protocol). An IETF standard protocol used in conjunction with SRTP to convey information about the signal quality of an audio-video conferencing session to various media devices.

Certificates - Unified Communications Certificate Packages

2007-09-21T13:25:00.000-07:00

Many issues with certificates in Exchange 2007 out there…. This page will provide helpful information regarding certificates…

ENTRUST (3rd party) has put together a Unified Communications certificates package!!!

Entrust Unified Communications Certificates provide greater flexibility to support powerful new communications products like Microsoft Exchange Server 2007 and Microsoft Office Communications Server 2007, without sacrificing security controls.
Pasted from <http://www.entrust.net/ssl-certificates/unified-communications.htm>
Entrust allows you to specify up to ten SAN in each "Unified Communications" certificate request.

Best Practices for Domain Names for a Client Access Server
When you create a certificate or certificate request for a Client Access server, the set of domain names that you should include in the request are as follows:
Local or NetBIOS name of the server, for example, owa1
All the accepted domain names for the organization, for example, contoso.com
The fully qualified domain name for the server, for example, owa1.contoso.com
The Autodiscover domain name for the domain, for example, Autodiscover.contoso.com
The load-balance identity of the server if you are using one, for example, owa.contoso.com

Pasted from <http://technet.microsoft.com/en-us/library/72048bc1-6d01-4279-8d21-4282b86b522c.aspx>

Wildcard Character Domain Names
Wildcard character domain names are a special type of domain name that represents multiple sub-domains. Wildcard character domain names can simplify certificates because a single wildcard domain name represents all the sub-domains for that domain. They are represented by an asterisk character ( * ) at the DNS node. For example, *.contoso.com represents contoso.com and all the sub-domains for contoso.com. When you use a wildcard character to create a certificate or a certificate request for all accepted domains, you can simplify the request significantly

Pasted from <http://technet.microsoft.com/en-us/library/72048bc1-6d01-4279-8d21-4282b86b522c.aspx>

OCS - Web Conferencing!

2007-09-21T13:23:00.000-07:00

Hope to put some cool data in here after resolving my issue with OCS 2007 and external Web Conferencing......