Over the last couple years I've picked up a lot of tips and tricks with OCS. I constantly find myself having this conversation:
"oh, you need to do <insert tip here>?
"Where's that documented?"
"It's not"
"oh"I thought I'd take a few minutes to share some common tips and tricks. They are especially helpful for those of you looking to deploy OCS for the first time. This is part one of a multi-part series.
SRV records are important, mmkay?
Office Communicator 2007 uses DNS SRV records to find the OCS server by default. Sure, you can set the login to manual, TLS and enter the server FQDN, but that’s not nearly as elegant as making it just work. You’ll need an SRV record for each SIP domain you support in the format _sipinternaltls._tcp.<domain.com>. By default, OCS uses port 5061 for TLS but check your implementation to ensure it hasn’t been changed. You’ll need to create a second set of SRV records if you allow TCP.
It’s all about certificates
Certificates are the heart of a good OCS implementation. You can use an internal CA for interserver MTLS and internal clients, but a public CA certificate is desirable for external and federated access. Most public CAs now support SANs (subject alternative names) to allow for multiple SIP domains. It’s important to map out your certificate needs well in advance of deployment. More info here
I installed OCS, what else do I need?
Presence – Out of the box, Office Communicator doesn’t sync presence with Outlook/Exchange. You have to download Hotfix 926776 for the integration to work. Without it OC won’t automatically show “busy” when you have a meeting scheduled which is a very nice feature. If you don’t have the hotfix you’ll also see an Outlook integration error in the Office Communicator top bar.
Web Conferencing – The Web Conferencing role is installed by default in an OCS Standard Edition deployment however there’s no built-in way to connect to it. OCS Conferencing doesn’t support the same web-only LiveMeeting as the LiveMeeting service. You’ll need to download the Office Live Meeting client here.
Communicator Web Access – Oh, you want Communicator Web Access too? This is a two part process. First, you’ll need to deploy the CWA server role. If you deploy it on the same server as OCS SE you’ll need to choose a different ip/port combination for the virtual server (often 8443). You’ll also need to install the Communicator Web Access client on any systems that want to use this instead of the standard Office Communicator Client.
Access levels are fun and easy
Many people overlook the power of setting access levels for contacts in Office Communicator. This allows you to filter who can bother you, when, and under what circumstances. I give people on my team more freedom than some of my friends/clients/etc. Most people seem to throw everyone in the same “barrel” but it’s pretty easy to give a little organization to access levels and drastically increase the value of Office Communicator as a business tool.
The Leader in Network Knowledge
Integration
Alex,
Nice post, however the outlook integration part is not completely clear to me. I have some integration issues which I cannot seem to fix. You mention a hotfix being necessary. Where do I have to install the hotfix? On the client, OCS server, Exchange server?
I keep getting a login box (communicator services sign in) asking for credentials to retrieve calendar data from outlook and I cannot get past this, no mather what I enter. After cancelling this login I see an exchange connection error in the top bar.
Leon
Leon, I'm not sure if this
Leon, I'm not sure if this is the issue you are having, but you need to apply Hotfix 936864 on the client side for outlook integration. It seems like you might have another issue. If you are running exchange 2007 have you ensured the free/busy URL is accessible from the client and the OCS server?
Free/bussy
Alex,
I have stumbled across the hotfix you mention, and it is installed on the client. I'm not sure about the free/bussy URL so I'm going to check that. Thanks for your help. If I manage to solve this problem I will let you know. It seems a lot of people encounter this problem but I haven't found any real solution yet.
You may be experiencing
You may be experiencing the issue in KB928874.
Otherwise, here is some info from Dave Szabo's blog on the free/busy integration:
Free/Busy lookup was not working from Outlook
When tried to look up other user's F/B information, Outlook showed me a grey line (no information) for them. Enabled Outlook logging and the following error message was logged to the log file:
2007/08/27 14:29:57.431: Getting ASURL
2007/08/27 14:30:10.589: Failed to get ASURL. Error 8004010F
Checked with MfcMapi that the SCHEDULE+ FREE BUSY folder was accessible and it was populated with every mailbox. Then, asked some more clever guys and they told me that in order for F/B to work, AutoDiscovery also has to work. I could check how AutoDiscovery works by holding the Ctrl key and right-clicking on the Outlook icon in the system tray area and selecting the "Test E-mail Autoconfiguration" menu. From the dialog, I cleared the Guessmart and Secure Guessmart checkboxes, typed the email address and password of the current user and ran the test. It turns out that I needed another DNS entry with a name of autodiscover.yourCompany.com. Outlook then calls this host on SSL and tries to retrieve a file called autodiscover.xml to retrieve AutoDiscovery information. You can check if this request works: https://autodiscover.yourCompany.com/autodiscovery.xml - if it does, then try again and OOF will work now.
The story continues
Alex,
Thanks again for your input. Regarding the first option, the users are not migrated from EX2003 and/or notes, so that should not be the issue. The second option has already been tested. The auto discovery seems to be working OK. Managed to shake of the error for a couple of hours but then it came back. There was a faulty DNS suffix on the client. After correcting this the error dissapeared but came back later. I also found a kerberos event on the client. This seems to be related to the old Exchange server which I suspect is not reliable. I am in the progress of configuring a new Exchange server. Both the old and the new Exchange server are 2007 and were not upgraded from 2003 but clean install. I am planning on configuring the new Exchange 2007 server and removing the old one because I suspect it is the cause of a couple of problems. Will keep you posted ;-)
No problem Leon. Sounds like
No problem Leon. Sounds like you may have some "garbage" in AD from either your old Exchange server or possibly some other stuff. OCS is fairly sensitive to a enjoying a clean AD environment. Good luck!
Fixed
Alex,
I finaly managed to get communicator working properly. It seems the first Exchange server was the cause of the problems. After installing a new Exchange 2007 server and removing the old one, communicator started working without errors. A couple of things i have learned:
-do not install Exchange and OCS on the same server
-if you did, you probably have a problem since integrated authentication does not work when you have Exchange and OCS on the same server, even after you remove OCS
-update your windows and outlook (office update) and apply the necessary patches to gett communicator working properly and without errors
-install proper certificates on Exchange and OCS in stead of the self supplied certificates
Thanks for your help!
Leon
Re: Fixed
Leon,
I'm glad to hear you're back up and running. Internal CAs can be valuable for a lot of installations but they really preclude federation and hence PIC, and in some cases external IM entirely. Thanks for the continued feedback. I'm sure others will learn from your experience!
-Alex