Microsoft Office Communications Server 2007 Standard Edition (Public Beta) and Microsoft Office Communicator 2007 Deployment Guide Published: March 2007
This document supports a preliminary release of a software product that may be changed substantially prior to final commercial release. This document is provided for informational purposes only and Microsoft makes no warranties, either express or implied, in this document. Information in this document, including URL and other Internet Web site references, is subject to change without notice. The entire risk of the use or the results from the use of this document remains with the user. Unless otherwise noted, the companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted in examples herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property.
2007 Microsoft Corporation. All rights reserved.
Microsoft, MS-DOS, Windows, Windows Server, Windows Vista, Active Directory, Internet Explorer, Outlook, PowerPoint, and SQL Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
All other trademarks are property of their respective owners.
Contents Contents............................................................. ..............................3 Introduction..................................................................................... ..1 Overview of Office Communications Server 2007 Standard Edition. .1 Infrastructure Requirements and Prerequisites.................................2 Overview of Standard Edition Deployment................................... .....5 Step 1: Prepare Active Directory Schema, Forest, and Domain.........5 Step 2 Deploy Standard Edition Server.............................................6 2.1 Configure DNS for your Standard Edition Server....................6 2.2 Deploy Office Communications Server Standard Edition......11 2.3 Configure Standard Edition Server.......................................12 2.4 Configure Certificates.................................................... .......14 2.4 Enable A/V and Web Conferencing.......................................17 2.5 Start the Services........................................................ .........20 2.6 Validate Your Server Configuration.......................................21 Step 3 Create and Enable Users............................................. .........22 3.1 Create and Enable Users for Office Communications Server 22 3.2 Wait for User Replication to Complete..................................23 3.3 Enable Enhanced Presence..................................................23 3.4 Configure Users.......................................................... ..........24 Step 4 Deploy the Office Communicator Client...............................25 4.1 Deploy Communicator................................................... .......26 4.2 Configure Client Logon....................................... ..................26 4.3 Test Office Communications Server Configuration for Office Communicator......................................................................... ...26 Step 5 Deploy the Live Meeting 2007 Client...................................28 5.1 Deploy the Live Meeting Client......................................... ....28 5.2 Deploy the Outlook Add-in...................................................29 5.3 Customize Meeting Invitations.............................................30 5.4 Set Up a Test Meeting...................................................... .....32 Validation and Troubleshooting Hints..............................................33 Appendix A: LCSCmd..................................................................... ..34 Appendix B: Configuring a Standalone Certification Authority........35 Appendix C: Certificate Request Scenarios.....................................36 Appendix D Optimizing Your Network Interface Card for High A/V Traffic 40
Introduction This document describes the high-level steps necessary to deploy Microsoft® Office Communications Server 2007 Standard Edition (Public Beta).
Important If you are migrating from Live Communications Server 2005 with Service Pack 1, see the Migrating to Office Communications Server 2007 guide. If you are migrating from Office Communications Server 2007 Beta 3 to Public Beta, see the Migrating from Beta 3 to Office Communications Server 2007 Public Beta guide.
Overview of Office Communications Server 2007 Standard Edition Office Communications Server offers a Standard Edition and an Enterprise Edition. •
Standard Edition is designed for use in small or medium-sized organizations. Standard Edition is also recommended for organizations that do not require Enterprise Edition performance, scalability, and high-availability.
•
Enterprise Edition is designed for large-scale deployments that are typical of large organizations. In an Enterprise Edition deployment, multiple Office Communications Server Enterprise Edition servers are deployed as a pool behind a load balancer. Servers in the pool share a central Microsoft SQL Server™ database that stores user data.
Office Communications Server Standard Edition Server Components In Office Communications Server Standard Edition, the following components run on a single physical computer: •
Local Microsoft SQL Server™ 2005 Express Edition with Service Pack 2 (SP2) database
•
Front-end server component that houses instant messaging, presence, telephony conferencing servers, and all essential user services operations.
•
Web Conferencing Server (formerly called the Data MCU) component that enables onpremise conferencing.
•
A/V Conferencing Server (formerly called the A/V MCU) component that enables two users (using Microsoft Office Communicator 2007) or more (using the Microsoft Office Live Meeting 2007 client) to share audio and video streams in a peer-to-peer fashion.
•
Web Components Server that enables users to upload presentations and other data that is used by the Web Conferencing Server.
2 Microsoft Office Communications Server 2007 (Public Beta) Standard Edition and Communicator 2007 Deployment Guide
Infrastructure Requirements and Prerequisites Software Infrastructure Requirements Before you deploy Office Communications Server Standard Edition, you need to have the following: •
Microsoft Windows Server® 2003 operating system with Service Pack 1 (SP1) or R2
•
SQL Server 2005 Express Edition with Service Pack 2 (SP2)
Note SQL Server 2005 Express Edition with SP2 is installed automatically on the Standard Edition server if you do not already have it installed. SQL Server databases are not supported on NTFS or FAT compressed volumes. For this reason, ensure that you do not install Standard Edition server on a compressed drive. For more information, see http://support.microsoft.com/kb/231347.
•
MSXML 6.0 Parser, which is installed automatically on the Standard Edition Server if you do not already have it installed.
•
Active Directory® Domain Services in Microsoft Windows Server® 2003 native mode in all domains where you plan to deploy Office Communications Server or host Office Communications Server users.
Note Installation of Office Communications Server is not supported on the same computer that is an Active Directory global catalog (GC) server or a domain controller (DC).
•
Domain Name Service (DNS)
•
Certificate Authority (CA) - Enterprise (recommended), standalone, or public CA. If you are deploying in a lab environment and do not have a CA deployed, see Appendix B for instructions on setting up a standalone CA.
•
Microsoft Internet Information Services (IIS) 6.0, including Active Server Pages components, installed on any computer where you will install Standard Edition Server.
Note After you install IIS, go to the Microsoft Windows® Update Web site to check for updates.
Microsoft Office Communications Server 2007 (Public Beta) Standard Edition and Communicator 2007 Deployment Guide 3
•
If you plan to archive IM traffic or use call detail recording (CDR), install the Archiving and CDR Server according to the Microsoft Office Communications Server 2007 Public Beta Archiving Deployment Quick Start.
Hardware Requirements To deploy Standard Edition Server, your server computer must meet the following minimum hardware requirements: •
PC with dual processor 3.2 GHz or faster with hyperthreading
•
2 × 36 gigabytes (GB) of available hard disk space
•
1 MB cache
•
2 GB of RAM
•
1 gigabit per second (Gb/s) network adapter
For an in-depth discussion of the hardware options, refer to the Microsoft Office Communications Server 2007 Planning Guide.
Windows Service Dependencies We recommend that you disable the Windows services that are not required on the computers where you install Office Communications Server. The following table describes the Windows services that Office Communications Server requires. You can safely disable all other services. Office Communications Server Service Dependencies Office Communications Server Service Name
Windows Service Dependencies
Office Communications Server Front-End (RTCSRV)
HTTP SSL (HTTP, IIS Admin Service, Remote Procedure Call, Security Accounts Manager) Windows Management Instrumentation (Event Log and Remote Procedure Call) Windows Management Instrumentation Driver Extensions
Office Communications Server Audio/Video Conferencing (RTCAVMCU)
HTTP SSL (HTTP, IIS Admin Service, Remote Procedure Call, Security Accounts Manager) Windows Management Instrumentation (Event Log and Remote Procedure Call)
Office Communications Server IM Conferencing (RTCIMMCU)
HTTP SSL (HTTP, IIS Admin Service, Remote Procedure Call, Security Accounts Manager) Windows Management Instrumentation (Event Log and Remote Procedure Call)
Office Communications Server Telephony Conferencing (RTCACPMCU)
HTTP SSL (HTTP, IIS Admin Service, Remote Procedure Call, Security Accounts Manager)
4 Microsoft Office Communications Server 2007 (Public Beta) Standard Edition and Communicator 2007 Deployment Guide
Windows Management Instrumentation (Event Log and Remote Procedure Call) Office Communications Server Web Conferencing (RTCDATAMCU)
HTTP SSL (HTTP, IIS Admin Service, Remote Procedure Call, Security Accounts Manager) Windows Management Instrumentation (Remote Procedure Call)
Office Communications Server Archiving and CDR (RTCLOG)
Message Queuing (Message Queuing access control, NT LM Security Support Provider, Remote Procedure Call, RMCAST (Pgm) Protocol Driver, TCP/IP Protocol Driver, IPSEC Driver, Security Accounts Manager)
Office Communications Server A/V Authentication (RTCMRAUTH)
Windows Management Instrumentation (Event Log and Remote Procedure Call)
Office Communications Server A/V Access Edge (RTCMEDIARELAY)
Office Communications Server A/V Authentication Windows Management Instrumentation (Event Log and Remote Procedure Call)
Office Communications Server Access Edge (RTCSRV)
Windows Management Instrumentation (Event Log and Remote Procedure Call) Windows Management Instrumentation Driver Extensions
Office Communications Server Web Conferencing Access Edge (RTCDATAPROXY)
Windows Management Instrumentation (Event Log and Remote Procedure Call)
Office Communications Server Mediation (RTCMEDSRV)
Windows Management Instrumentation (Remote Procedure Call)
Planning Requirements Before you begin deployment, you need to determine the best deployment path for your organization. For details, see the Microsoft Office Communications Server 2007 Planning Guide.
Storage Requirements Consider storage needs for archiving files if you plan to install the Archiving and CDR Server as described in the Microsoft Office Communications Server 2007 Public Beta Archiving Deployment Quick Start.
Audio/Video Requirements The following section summarizes some key requirements for audio/video in an Office Communications Server deployment: •
We recommend that A/V Conferencing Servers and A/V Edge Servers are deployed on 1GB Ethernet LAN.
Microsoft Office Communications Server 2007 (Public Beta) Standard Edition and Communicator 2007 Deployment Guide 5
•
We recommend that you run the Quality of Server scheduler on each A/V Conferencing Server or A/V Conferencing Edge Server to monitor audio and video traffic flow across the network.
•
If you anticipate a high volume of audio/video traffic or experience packet loss after you deploy, use Appendix D “Optimizing Your Network Interface Card” to optimize A/V traffic flow.
Overview of Standard Edition Deployment When you deploy Office Communications Server Standard Edition, you will perform the following major tasks: •
Prepare Active Directory
•
Configure DNS
•
Install a Standard Edition Server
•
Configure the Standard Edition Server
•
Configure Certificates
•
Enable A/V and Web Conferencing (optional)
•
Enable Enhanced Presence (optional)
•
Start the Services
•
Validate the Server Configuration
The following sections describe these steps in detail.
Step 1: Prepare Active Directory Schema, Forest, and Domain Before you deploy Office Communications Server, you must prepare the Active Directory® Domain Services. Active Directory preparation includes schema preparation, forest preparation, and domain preparation. Active Directory preparation happens in an initial deployment, but is not repeated when you add servers or pools to a deployment. For Active Directory preparation instructions, see the Microsoft Office Communications Server 2007 Public Beta Active Directory Guide. For information about delegating Office Communications Server setup or administration, also see the Microsoft Office Communications Server 2007 Public Beta Active Directory Guide.
6 Microsoft Office Communications Server 2007 (Public Beta) Standard Edition and Communicator 2007 Deployment Guide
Step 2 Deploy Standard Edition Server When you deploy Standard Edition Server, you install all the server components on one physical computer. You also configure the DNS that enables servers and clients to automatically locate one another.
2.1 Configure DNS for your Standard Edition Server When you deploy Standard Edition Server, Setup creates Active Directory objects and settings for the server and the SQL Server Express Edition database that is used by the server to store user data and configuration settings. These Active Directory settings include the server FQDN, which is composed of the server name and the FQDN of the domain in which the server is deployed. When you configure client connectivity, this FQDN is registered in DNS. This section describes the DNS records that you are required to configure and those that you can optionally configure. At a minimum, you are required to configure the following DNS records: •
An A record that matches the FQDN of your Standard Edition Server in the internal DNS to the IP address of the server
Example DNS A Records Required Active Directory Domain
SIP Domain
Server FQDN
DNS Record(s)
Contoso.co m
contosotest.com
server.contoso.com
An A record for server.contoso.com that resolves to the IP address of the server
Contoso.co m
Contoso.com
SEserver.contoso.com
An A record for SEserver.contoso.com that resolves to the IP address of the server
Microsoft Office Communications Server 2007 (Public Beta) Standard Edition and Communicator 2007 Deployment Guide 7
Note The name of the SIP domain that is served by the Standard Edition Server can be, but does not have to be, the same as name of the Active Directory domain. If the SIP domain is different from the Active Directory domain, create an A record with the server FQDN that resolves to the IP address of the server, as shown in the previous examples.
•
An A record that matches the IP address of the server to the host name in the internal URL for Web Conferencing functionality. This A record is required only if during setup the URL host name is changed from the default (the server FQDN).
Example DNS Records Required for Internal URLs URL Host Name
Server FQDN
DNS Record(s)
SEserver.contoso.com
SEserver.contoso.c om
None if you have already created an A record for SEserver.contoso.com that resolves to the IP address of the server
Meetings.internal.cont oso.com
SEserver.contoso.c om
An A record for meetings.internal.contoso.com that resolves to the IP address of the server
•
An external A record that matches the IP address of the reverse proxy in the perimeter network to the host name in the external URL for Web Conferencing functionality (as described in the Microsoft Office Communications Server 2007 Edge Server Deployment Guide)
Example DNS Record Required for External URLs URL Host Name
Server FQDN
DNS Record(s)
Meetings.external.con toso.net
SEserver.contoso.c om
An A record for meetings.external.contoso.net that resolves to the IP address of the reverse proxy in the perimeter network of Office Communications Server edge servers
If clients will manually sign in to Office Communications Server, you do not need to configure any other DNS records; however, if you plan to enable DNS lookup for clients to automatically sign in to Office Communications Server, you also need to configure the following DNS records: •
A DNS SRV record for each SIP domain that is served by a Standard Edition Server
•
An A record for each SIP domain that is served by a Standard Edition Server
8 Microsoft Office Communications Server 2007 (Public Beta) Standard Edition and Communicator 2007 Deployment Guide
Example DNS Records Required for Automatic Client Logon with Multiple SIP Domains SIP Domain
DNS A Record
DNS SRV Record
Contoso.com
An A record for the contoso.com domain that resolves to the Standard Edition Server
An SRV record for the contoso.com domain that points to the matching A record
Contosoretail.com
An A record for the contosoretail.com domain that resolves to the Standard Edition Server
An SRV record for the contosoretail.com domain that points to the matching A record
Contosobank.com
An A record for the contosobank.com domain that resolves to the Standard Edition Server
An SRV record for the contosobank.com domain that points to the matching A record
Note By default, queries for DNS records adhere to strict domain name matching between the domain in the user name and that in the SRV record. If you prefer client DNS queries to use suffix matching instead, you can configure the DisableStrictDNSNaming group policy.
Client DNS Queries During DNS lookup, SRV records are queried in the following order: 1. _sipinternaltls._tcp.domain - for internal TLS connections 2. _sipinternal._tcp.domain - for internal TCP connections (performed only if TCP is allowed) 3. _sip._tls.domain - for external TLS connections 4. _sip._tcp.domain - for external TCP connections If any query succeeds, the client uses the SRV record that is returned and does not continue querying for any other SRV records. After the SRV record is returned, a query is performed for the DNS A record for the host name that is returned by the SRV record. If no records are found during the DNS SRV query, the client performs an explicit lookup of sip.domain. If the explicit lookup does not produce results, the client performs a lookup for sipinternal.domain. If the client does not find sipinternal.domain, it performs a lookup for sipexternal.domain. If your DNS infrastructure prohibits configuration of these DNS records, you can manually edit the client registry to point to the appropriate home server. For more information about editing the client registry and configuring policy settings for the client, refer to Microsoft Office Communicator 2007 Planning and Deployment Guide.
Microsoft Office Communications Server 2007 (Public Beta) Standard Edition and Communicator 2007 Deployment Guide 9
Create and Verify DNS SRV and A Records for Client Automatic Sign-In
You must create DNS SRV records in your internal DNS for every SIP domain. The procedure assumes that your internal DNS has zones for your SIP user domains.
To create a DNS SRV record 1. On the DNS server, click Start, click Control Panel, click Administrative Tools, and then click DNS. 2. In the console tree for your SIP domain, expand Forward Lookup Zones, and then rightclick the SIP domain in which your Office Communications Server will be installed. 3. Click Other New Records. 4. In Select a resource record type, click Service Location (SRV), and then click Create Record. 5. Click Service, and then type _sipinternaltls. 6. Click Protocol, and then type _tcp. 7. Click Port Number, and then type 5061. 8. Click Host offering this service, and then type the FQDN of the Standard Edition Server. 9. Click OK. 10. Click Done. 11. After you have created the DNS SRV record, create a DNS A for each server FQDN and URL FQDN that is not the same as the server FQDN.
To create a DNS A record 1. Click Start, click Control Panel, click Administrative Tools, and then click DNS. 2. In the console tree for your domain, expand Forward Lookup Zones, and then right-click the domain in which your Office Communications Server will be installed. 3. Click New Host (A). 4. Click Name (uses parent domain name if blank), and then type the name of the Standard Edition server. 5. Click IP Address, and then enter the IP address of your server. Click Add Host, and then click OK. 6. Do one of the following: •
If you have created all the A records that you need as described earlier in this document in “Configure DNS for Your Pool,” skip to the next step.
•
To create an additional A record, repeat steps 4 and 5.
7. When you are finished creating all the A records that you need, click Done.
10 Microsoft Office Communications Server 2007 (Public Beta) Standard Edition and Communicator 2007 Deployment Guide
To verify that the required records have been created successfully, wait for DNS replication (if you have just added the records), and then verify that the records were created as described in the next procedure.
To verify the creation of a DNS SRV record Note For illustrative purposes, the following steps use example.com as the domain portion of the SIP URI namespace. When executing these steps, use your actual SIP domain name instead.
1. Log on to a client computer in the domain. 2. Click Start, and then click Run. In the Open box, type cmd, and then click OK. 3. At the command prompt, type nslookup, and then press ENTER. 4. Type set type=srv, and then press ENTER. 5. Type _sipinternaltls._tcp.example.com, and then press ENTER. The output displayed for the TLS record is as follows: Server: .corp.example.com Address: Non-authoritative answer: _sipinternaltls._tcp.example.com SRV service location: priority = 0 weight = 0 port = 5061 svr hostname = servername.example.com servername.example.com internet address =
6. When you are finished, at the command prompt, type exit, and then press ENTER. After you configure the DNS records, verify that the FQDN of the Standard Edition Server can be resolved by DNS.
To verify that the FQDN of the Standard Edition Server can be resolved 1. On a client computer in the domain, click Start, and then click Run. 2. In the Open box, type cmd, and then click OK. 3. At the command prompt, type ping , and then press ENTER. 4. Verify that you receive a response similar to the following, where the IP address returned is the IP address of your Standard Edition server. Reply Reply Reply Reply
from from from from
172.27.176.117: 172.27.176.117: 172.27.176.117: 172.27.176.117:
bytes=32 bytes=32 bytes=32 bytes=32
time<1ms time<1ms time<1ms time<1ms
TTL=127 TTL=127 TTL=127 TTL=127
Microsoft Office Communications Server 2007 (Public Beta) Standard Edition and Communicator 2007 Deployment Guide 11
2.2 Deploy Office Communications Server Standard Edition Use the following procedure to deploy Office Communications Server Standard Edition. Before you deploy the server, ensure that IIS is installed as described earlier in this document in “Infrastructure Requirements and Prerequisites.” Setup automatically installs Microsoft SQL Server 2005 Express Edition with SP2, MSXML 6.0 Parser, and the Microsoft .NET Framework 2.0. You do not need to install them separately.
To deploy Office Communications Server Standard Edition 1. Log on the server where you want to install Standard Edition Server as a member of the DomainAdmins and the RTCUniversalServerAdmins groups. 2. Insert the Microsoft Office Communications Server 2007 CD. The Deployment Tool will start automatically. If you are installing from a network share, go to the \I386 folder, and then double-click Setup.exe. 3. Click Deploy Standard Edition Server. 4. At Deploy Server, click Run. 5. On the Welcome to the Deploy Server Wizard page, click Next. •
To accept the default location where the files will be installed, click Next.
•
To install the files at another location, click Browse, browse to the location where you want the files to be installed, and then click Next.
6. On the Location for Server Files page, do one of the following: 7. On the Main Service Account for Standard Edition Server page, enter a new or existing service account to use to run the core Office Communications Server service on this server, and then enter the password. The default account is RTCService. For a new account, ensure that you use a strong password that meets your organization’s Active Directory password requirements. When you are finished, click Next to continue.
WARNING When you create a new account, activation may fail until the account has been replicated in Active Directory. If this happens, wait until the account has been replicated, and then try again.
8. On the Component Service Account for this Standard Edition Server page, enter a new or existing service account to use to run the A/V Conferencing Server and Web Conferencing Server components on this server, and then enter the password. The default account is RTCComponentService. For a new account, ensure that you use a strong password that meets your organization’s Active Directory password requirements. When you are finished, click Next to continue. 9. On the Web Farm FQDNs page, do one or more of the following:
12 Microsoft Office Communications Server 2007 (Public Beta) Standard Edition and Communicator 2007 Deployment Guide
•
Verify that Internal web farm FQDN displays your server FQDN. This URL is used by internal users for client download of Web conference content and distribution group expansion.
•
To enable external access to Web conferences, under External web farm FQDN (optional), enter the external FQDN of the reverse proxy. This URL is used by external users for client download of conference content and distribution group expansion. You can configure the reverse proxy. For details, see the Microsoft Office Communications Server 2007 Public Beta Edge Server Quick Start.
10. When you are finished, click Next. 11. On the Location for Database Files page, accept the default directories for user database and transaction log files, and then click Next.
Note Setup automatically detects the best location for the files. If possible, place each database and transaction log file on a separate physical disk to improve performance. Do not place these files on the system disk or page file.
12. On the Ready to Deploy Standard Edition Server page, review the settings you specified. When you are satisfied with them, click Next to deploy Standard Edition Server. 13. When the wizard has completed, verify that the View the log when you click ‘Finish’ check box is selected, and then click Finish. 14. In the log file, verify that <Success> appears under the Execution Result column. Look for <Success> Execution Result at the end of each task. Close the log window when you finish.
2.3 Configure Standard Edition Server After you have deployed your Standard Edition Server, you can use the Configure Server Wizard to configure the SIP domains used in your organization.
Note In Office Communications Server 2007, the Address Book Server is configured automatically. For information about changing Address Book Server settings, see the Microsoft Office Communications Server 2007 Public Beta Administration Guide
To configure Office Communications Server Standard Edition 1. In the deployment tool, click Deploy Standard Edition Server. 2. At Configure Server, click Run.
Microsoft Office Communications Server 2007 (Public Beta) Standard Edition and Communicator 2007 Deployment Guide 13
3. On the Welcome to the Configure Pool/Server Wizard page, click Next. 4. On the Server or Pool to Configure page, select the server from the drop-down list, and then click Next. 5. On the SIP domains page, verify that your SIP domain appears in the list box. If it does not, click the SIP domains in your environment box, type your SIP domain, and then click Add. Repeat these steps for all other SIP domains that the Standard Edition Server will support. When you are finished, click Next. 6. On the Client Logon Settings page, do one of the following: •
If the Communicator and Live Meeting clients in your organization will use DNS to locate the pool, click Some or all clients will use DNS SRV records for automatic logon. If this server or pool will also be used as a Director for automatic logon and will not host users, then select the Use this server or pool as a Director for automatic logon check box.
•
If the Communicator clients in your organization will not use DNS to logon to the pool and you plan to manually configure clients to connect to the pool, click Clients will be manually configured for logon.
7. When you are finished, click Next. 8. On the SIP Domains for Automatic Logon page, do one of the following: •
If in the previous step you selected Some or all clients will use DNS SRV records for automatic logon, select the check box for the domains that will be supported by the server for automatic sign-in, and then click Next.
•
If, in the previous step, you selected Clients will be manually configured for logon, skip to the next step.
9. On the External User Access Configuration page, do one of the following: •
If you have deployed your edge servers and configured all necessary settings as described in the Microsoft Office Communications Server 2007 Edge Server Quick Start Guide, click Configure for external user access now. Refer to the edge server document for details on completing this wizard.
•
If you have not deployed any edge servers, click Do not configure for external user access now.
10. When you are finished, click Next. 11. Do one of the following: •
If, in the previous step, you selected Configure for external user access now, refer to the Microsoft Office Communications Server Edge Server Quick Start Guide for details on completing the wizard.
•
If, in the previous step, you selected Do not configure for external user access now, skip to the next step.
14 Microsoft Office Communications Server 2007 (Public Beta) Standard Edition and Communicator 2007 Deployment Guide
12. On the Ready to Configure Server or Pool page, review the settings that you specified, and then click Next to configure the Standard Edition Server. 13. When the files have been installed and the wizard has completed, verify that the View the log when you click ‘Finish’ check box is selected, and then click Finish. 14. In the log file, verify that <Success> appears under the Execution Result column. Look for <Success> Execution Result at the end of each task to verify Standard Edition Server configuration completed successfully. Close the log window when you finish. Additional SIP server, domain, and forest settings can be configured by using the instructions in the Microsoft Office Communications Server 2007 Public Beta Archiving Deployment Quick Start or the Microsoft Office Communications Server 2007 Public Beta Edge Server Quick Start. Procedures for configuring SIP user settings are in the “Configure Users” section of this document.
2.4 Configure Certificates Office Communications Server requires certificates on each Standard Edition Server in order to use MTLS (TLS with mutual authentication). All Office Communications Servers use MTLS to communicate with one another. If you do not configure MTLS on each server, users may be able to log in to Office Communications Server and view other users’ presence, but IM communication will not work. Each client will also need to trust the certificate that the server is using in order to connect to the server by using TLS. You can use the Certificates Wizard on a Standard Edition Server to do the following: •
Request, create, and assign a new Web certificate with enhanced key usage for server authentication.
•
Assign an existing certificate.
You can use the same certificate for the Web Components Server, but the certificate for the Web Components Server must be assigned separately in IIS. You cannot use the Certificates Wizard to the assign the certificate to the Web Components Server. Instead, the certificate must be manually assigned.
Note For more information about certificate request scenarios, see Appendix C.
To configure a new certificate 1. Log on to your Standard Edition Server as a member of the Administrators group. 2. Insert the Microsoft Office Communications Server 2007 CD. The Deployment Tool will start automatically. If you are installing from a network share, go to the \I386 folder, and then double-click setup.exe.
Microsoft Office Communications Server 2007 (Public Beta) Standard Edition and Communicator 2007 Deployment Guide 15
3. Click Deploy Standard Edition Server. 4. At Configure Certificate, click Run. 5. On the Welcome to the Communications Certificate Wizard page, click Next. 6. On the Available certificate tasks page, click Create a new certificate, and then click Next. 7. On the Delayed or Immediate Request page, click Send the request immediately to an online certification authority, and then click Next. 8. On the Name and Security Settings page, do the following: •
Under Name, enter a meaningful name for the certificate that this server will use for Office Communications Server communications.
•
Under Bit length, select the bit length that you want to use for encryption. A higher bit length is more secure, but it can degrade performance.
•
Clear the Mark cert as exportable check box.
9. When you are finished, click Next. 10. On the Organization Information page, type or select the name of your organization and organizational unit, and then click Next. 11. On the Your Server’s Subject Name page, do the following: •
In Subject Name, verify that the server FQDN is displayed.
•
Optionally, click Subject Alternate Name, and then type the alternate name(s) that identify the server during authentication.
Note There are several scenarios that require you to configure a certificate Subject Alternate Name:
•
•
If your SIP domain is different from the Active Directory domain, add the FQDN of the SIP domain as the Subject Alternate Name.
•
If the internal FQDN that you plan to use for the Web Components Server is different from the external FQDN and you plan to configure the reverse proxy in the perimeter network for tunneling, add the external FQDN as the Subject Alternate Name.
To include the local computer name on the list of alternate names that identify the server during authentication, select the Automatically add local machine name to the Subject Alt Name check box.
12. When you are finished, click Next. 13. On the Geographical Information page, enter the Country/Region, State/Province, and City/Locality. Do not use abbreviations. When you are finished, click Next.
16 Microsoft Office Communications Server 2007 (Public Beta) Standard Edition and Communicator 2007 Deployment Guide
14. On the Choose a Certification Authority page, select your certification authority (CA) from the dropdown list or type the name of your CA in the Certification Authority box. If you type an external CA name, a dialog box appears. Type the user name and password for the external CA, and then click OK. When you are finished, click Next. 15. On the Request Summary page, review the settings that you specified, and then click Next. 16. On the Certificates Wizard completed successfully page, click Assign. 17. A dialog box displays informing you that the settings were applied successfully. Click OK. 18. Click Finish.
To configure an existing certificate 1. Log on to the Standard Edition Server using as a member of the Administrators group. 2. Insert the Microsoft Office Communications Server 2007 CD. The Deployment Tool will start automatically. If you are installing from a network share, go to the \I386 folder, and then double-click Setup.exe. 3. Click Deploy Standard Edition Server. 4. At Configure Certificate, click Run. 5. On the Welcome to the Communications Certificate Wizard page, click Next. 6. On the Available certificate tasks page, click Assign an existing certificate, and then click Next. 7. On the Available Certificates page, click the certificate that you want to assign to the server, and then click Next. 8. On the Available certificate assignments page, do the following: •
To assign the certificate to all the server components on the local computer, select the Default Server Certificate check box.
•
To assign the certificate to a specific transport and port, select the check box that corresponds to the desired transport, port, and listening address combination. If you have more than one Office Communications Server in your environment, you must select the check box to assign a certificate, which may be different from the one that you use as the default server certificate, to the MTLS listening address.
Note If (Have certificate) is displayed next to any of the entries on the Available certificates assignments page, a certificate is already configured. If you proceed, the certificate you choose will be used instead of the one that is already configured.
9. When you are finished, click Next. 10. On the Configure the certificate settings of your Server page, review the certificate assignments, and then click Next to assign the certificate.
Microsoft Office Communications Server 2007 (Public Beta) Standard Edition and Communicator 2007 Deployment Guide 17
11. Click Finish.
Assign the Web Components Server (IIS) Certificate Assign the certificate to the Web Components Server by using the Internet Information Services (IIS) Manager.
To assign the certificate to the Web Components Server (IIS) 1. Log on to the server as a member of the Administrators group. 2. Click Start, click Control Panel, click Administrative Tools, and then click Computer Management. 3. Expand the Services and Applications node, and then expand the Internet Information Services (IIS) Manager node. 4. Expand the Web Sites node, right-click Default Web Site, and then click Properties. 5. Click the Directory Security tab. 6. Under Secure communications, click Server Certificate. 7. On the Welcome to the Web Server Certificate Wizard page, click Next. 8. Click Assign an existing certificate, and then click Next. 9. Select the certificate that you requested using the Certificates Wizard, assuming the certificate matches the name of the Web Components Server or pool, and then click Next. 10. On the SSL Port page, verify that port 443 will be used for SSL, and then click Next. 11. Review the certificate details, and then click Next to assign the certificate. 12. Click Finish to exit. 13. Click OK to close the Default Web Site Properties page.
2.4 Enable A/V and Web Conferencing Note Instant messaging and presence are enabled by default when you deploy Office Communications Server. If you want to support only instant messaging and presence features, you can skip this task and continue to the next deployment task.
In Office Communications Server, conferencing enables Office Communications Server users to organize and invite other users to on premise Web conferences. Use global properties to enable conferencing and to configure conferencing settings. Global meeting policies define the features that your users can access in the Web conferences that they organize. By default, all users are configured to use the default meeting policy. The default meeting policy prevents users from organizing the following types of Web conferences: •
Conferences that are external and include external users as participants
18 Microsoft Office Communications Server 2007 (Public Beta) Standard Edition and Communicator 2007 Deployment Guide
•
Conferences that use video
Meeting policies apply to users when they organize conferences, but not when they attend conferences. Every meeting policy lists the same features, which are shown in Table 1, but the features can be configured differently for each meeting policy. Table 1. Policy settings for Web conferences Policy setting
Description
Policy name
A name that you specify. We recommend that the name describe the purpose of the policy.
Maximum meeting size
The maximum number of participants that an organizer’s conference can admit. An organization can invite more participants than the maximum meeting size, but after attendance reaches the maximum meeting size, no one else is permitted to join the conference.
Enable Web conferencing
Enables conferencing using Office Communications Server.
Use native format for PPT files
When selected, when a presenter makes a slide deck active, then each attendee’s Microsoft Office Live Meeting 2007 client automatically downloads the Microsoft Office PowerPoint® presentation in its native format as well as the converted portable network graphics (PNG) files. If cleared, when a presenter makes a slide deck active, each Live Meeting 2007 client automatically downloads only the converted PNG files. By default, native PowerPoint format (.ppt) is used. When a user uploads PowerPoint content, it is converted to .png files that the server renders. PNG files are similar to bitmaps. If you do not use native PowerPoint format, the original source is unavailable and cannot be changed. Attendees also cannot see any active content or animation. Preventing native format increases security because the original source is unavailable and cannot be modified. Furthermore, when Use native format for PPT files is selected, the PowerPoint data is available only for the duration of the conference.
Microsoft Office Communications Server 2007 (Public Beta) Standard Edition and Communicator 2007 Deployment Guide 19
Policy setting
Description
Enable program and desktop sharing
If selected, presenters in a Web conference can share applications or an entire desktop with other participants. The presenter can allow all participants with Active Directory accounts to take control of the organizer’s desktop or a program that is running on the desktop. Under Select settings for non-Active Directory users, you can select the sharing settings that apply to federated and anonymous users. The following options are available: 1. Never allow control of shared programs or desktop 2. Allow control of shared programs 3. Allow control of shared programs and desktop
Color depth
The range of colors that will be used to display slides and other conference content.
Allow presenter to record meetings
If selected, presenters in a Web conference can record the conference data, audio, and video for later viewing.
Presenter can allow attendees to record meetings
If selected, presenters can allow conference attendees to record conferences locally for later personal viewing.
Enable IP audio
Enables audio conferencing (Enterprise Voice) over TCP (Transport Control Protocol).
Enable IP video
Enables audio and video conferencing over TCP (Transport Control Protocol).
To configure A/V and Web conferencing 1. Click Start, click Control Panel, click Administrative Tools, and then click Office Communications Server 2007. 2. Right-click the Forest node, click Properties, and then click Global Properties. 3. Click Meetings, and then do one of the following: •
To allow the selected users to organize Web conferences that include anonymous participants, click Anonymous participants, and then click Allow users to invite anonymous participants.
20 Microsoft Office Communications Server 2007 (Public Beta) Standard Edition and Communicator 2007 Deployment Guide
•
To prevent the selected users from organizing Web conferences that include anonymous participants, click Anonymous participants, and then click Disallow users from inviting anonymous participants.
•
To allow only some users to organize Web conferences that include anonymous participants, click Anonymous participants, and then click Enforce per user. Ensure that you follow the procedures in “Configure Users,” later in this document, to enable or disable this feature for individual users.
Important By default, all users are allowed to organize Web conferences that include anonymous participants.
4. In the Policy Definition list, click the name of a policy, and then click Edit. 5. In the Edit Policy dialog box, select the Enable Web conferencing check box. Change any or all of the settings shown in Table 1, and then click OK. 6. Click Apply. 7. After you finish editing the features that are enabled by each policy, decide which policy to apply to Web conferences organized by users. Do one of the following: •
To apply the same policy to all users, click Global policy, and then click the name of the policy that defines the features you want to enable for all users.
•
To apply different policies to different users, click Global policy, and then click Use per user policy. Ensure that you follow the procedures in the “Configure Users” section of this document to configure the meeting policy for individual users.
8. When you are finished, click OK. For more information about administering Web conferencing features, refer to the Microsoft Office Communications Server 2007 Public Beta Administrator Guide. If you expect heavy audio/video traffic in your environment, you can optimize your network interface card settings to accommodate this volume. See Appendix D in this document for more information.
2.5 Start the Services Confirm that the Active Directory changes have replicated before you start the services. For more information about the Active Directory changes that occur when you deploy Office Communications Server, see the “Active Directory Schema Extensions” section of the Office Communications Server 2007 Public Beta Active Directory Guide.
To start the services 1. In the deployment tool, click Deploy Standard Edition Server. 2. At Start Services, click Run. 3. On the Welcome to the Start Services Wizard page, click Next.
Microsoft Office Communications Server 2007 (Public Beta) Standard Edition and Communicator 2007 Deployment Guide 21
4. Click Next again to start the services. 5. When the wizard has completed, verify that the View the log when you click ‘Finish’ check box is selected, and then click Finish. 6. In the log file, verify that <Success> appears under the Execution Result column. Look for <Success> Execution Result at the end of each task to verify each service on the Standard Edition Server started successfully. Close the log window when you finish.
Note If a service does not respond to the wizard in a timely fashion, the log file will show that a service did not start successfully. If the log file shows that one or more services failed to start, run the Start Services Wizard again.
2.6 Validate Your Server Configuration After you deploy the server and configure the certificates, verify that the server is correctly configured.
To validate your server configuration 1. Log on to a server in your domain as a member of the RTCUniversalServerAdmins group. 2. In the deployment tool, at Validate Server Functionality, click Run. 3. On the Welcome to the Communications Validation wizard page, click Next. 4. On the Select validation steps page, select what you want to validate by doing the following: •
To validate that the Office Communications Server is configured correctly, select the Validate Local Server Configuration check box.
•
To verify that the Office Communications Server has connectivity to the back-end database, the Web Conferencing Server, and the A/V Conferencing Server, select the Validate Connectivity check box.
•
Clear the Validate SIP Logon (1-Party) and IM (2-Party) check box.
Note
This option determines whether your enabled users can log on. You can rerun the Validation Wizard and select this task after you have created and enabled users for Office Communications Server.
5. When you are finished, click Next. 6. When the wizard completes, verify that the View the log when you click ‘Finish’ check box is selected, and then click Finish. 7. In the log file, verify that <Success> appears under the Execution Result column. Look for <Success> Execution Result at the end of each task. Close the log window when you finish.
22 Microsoft Office Communications Server 2007 (Public Beta) Standard Edition and Communicator 2007 Deployment Guide
You can perform additional validation of server functionality by using the steps described in “Validation and Troubleshooting Hints” later in this document.
Step 3 Create and Enable Users After you have deployed and configured your Standard Edition Server, you must create users and then enable them for the Office Communications Server features that you want them to use.
3.1 Create and Enable Users for Office Communications Server The following procedures are required to create user accounts in Active Directory and to add these users to the Standard Edition Server. Office Communications Server periodically requests and stores user information from Active Directory.
To create user accounts 1. Log on as a member of the DomainAdmins group to your Standard Edition Server or another server in the same Active Directory domain that has the Office Communications Server administration tools installed. 2. Click Start, and the click Run. In the Open box, type dsa.msc, and then click OK. 3. Expand your SIP domain, right-click the Users container or another container where you want to create your users, click New, and then click User. 4. Complete the New Object - User wizard. After you create users in Active Directory, enable the users so that they can connect to Office Communications Server.
To enable users for Office Communications Server 1. Right-click the new user or users whom you want to enable for Office Communications Server, and then click Enable users for Communications. 2. On the Welcome to the Enable Users Wizard page, click Next. 3. On the Select a Pool page, select the Standard Edition Server from the list, and then click Next. 4. On the Specify Sign-in Name page, specify how to generate the SIP address by doing one of the following: •
To generate the SIP address from the user’s e-mail address, click Use user’s e-mail address. Select this option only if you have configured an e-mail address for your users.
•
To generate the SIP address from the user’s principal name, click Use userPrincipalName.
•
To generate the SIP address using the user’s full name, click Use the format: .@, and then select the Office Communications Server domain.
Microsoft Office Communications Server 2007 (Public Beta) Standard Edition and Communicator 2007 Deployment Guide 23
•
To generate the SIP address using the user’s SAM account, click Use the format: <SAMAccountName>@, and then select the Office Communications Server domain.
5. When you are finished, click Next. 6. Verify that the user or users were enabled successfully, and then click Finish. 7. Click Start, click Control Panel, click Administrative Tools, and then click Office Communications Server 2007. 8. Expand the forest node and the pool node, and then click Users. 9. Confirm that the users you successfully enabled for Office Communications Server are listed. Refer to Microsoft Exchange Server documentation to create a mailbox for the users to receive Web conference invites.
3.2 Wait for User Replication to Complete Before you try to test or verify any end user functionality, verify that the changes you made to enable users have been replicated by the Office Communications Server User Replicator. Replication has succeeded when you see event ID 30024 in the event log.
3.3 Enable Enhanced Presence Office Communications Server provides the infrastructure to enable client applications to publish and subscribe to extended, or enhanced, presence information. The enhanced presence infrastructure includes categories and containers. Categories are collections of presence information, such as status, location, or calendar state. Containers are logical buckets into which clients publish instances of various categories of presence information.
Important If you enable enhanced presence for a user and the user signs in to Office Communications Server by using the Office Communicator 2007 client, the user account is converted to use enhanced presence. The user will then no longer be able to sign in to Live Communications Server 2005 with SP1 and cannot use any previous version of Communicator to sign in. This means that the user will also not be able to sign in by using Communicator Web Access or Communicator Mobile.
To enable enhanced presence for a single user 1. Click Start, click Control Panel, click Administrative Tools, and then click Office Communications Server 2007. 2. In the console tree, expand Communications Standard Edition Servers. 3. Expand the pool that contains the user you want to enable for enhanced presence, and then click Users. 4. In the details pane, right-click the user, and then Properties.
24 Microsoft Office Communications Server 2007 (Public Beta) Standard Edition and Communicator 2007 Deployment Guide
5. In the Properties dialog box, click Configure. 6. In the User Options dialog box, select the Enable enhanced presence check box. 7. When the enabling enhanced presence message is displayed, read the information, and then click Yes to complete the enabling of enhanced presence for the user. You can enable enhanced presence for multiple users as part of the configuration process described in the following section.
3.4 Configure Users Procedures to configure global meeting settings are included in the “Configure A/V and Web Conferencing” section of this document. All other user configuration settings are described in this section. Ensure that the global settings for desired features are such that they can be configured for individual users.
To configure users for Office Communications Server 1. Click Start, click Control Panel, click Administrative Tools, and then click Office Communications Server 2007. 2. Expand the Forest node and the Pool node, and then click Users. 3. Right-click the user or users that you want to configure, and then click Configure users. 4. On the Welcome to the Configure Users Wizard page, click Next. 5. Select the check boxes for the features that you want to configure for the selected user or users: Federation, Remote access, Public IM, Enhanced Presence, Archive internal messages, and Archive federated messages, and then select the option that indicates whether or not you want to enable that feature for the users that you want to configure: Enable or Disable. When you are finished, click Next.
Note If you want to configure archiving, ensure that you have deployed the Archiving and CDR Server according to the procedures in the Microsoft Office Communications Server 2007 Public Beta Archiving Deployment Quick Start.
6. Do one of the following: •
If, on the Meetings tab of global properties, you set the Anonymous participants setting to Allow users to invite anonymous participants or Disallow users from inviting anonymous participants, click Next.
•
If, on the Meetings tab of global properties, you set the Anonymous participants setting to Enforce per user, then select the Organize meetings with anonymous participants check box, and then click Allow or Disallow. When you are finished, click Next.
7. Do one or more of the following:
Note
By default, all users are allowed to organize Web conferences that include anonymous participants.
Microsoft Office Communications Server 2007 (Public Beta) Standard Edition and Communicator 2007 Deployment Guide 25
•
If, on the Meetings tab of global properties, you set the Global policy setting to a specific policy, click Next.
•
If, on the Meetings tab of global properties, you set the Global policy setting to Use per user policy, then select the Change meeting policy check box. In the Select a meeting policy for the users list, click the name of the policy you want to apply to the select user(s). When you are finished, click Next.
8. Do one or more of the following: •
To enable Enterprise Voice and configure the Enterprise Voice policy that will be applied to the selected users, select the Change Voice Settings check box, and then select the Enable Voice check box. In the Select a Voice policy for the users list, click the name of the policy you want to apply to the selected users, and then click Next.
•
To view the Enterprise Voice features that are enabled by an Enterprise Voice policy before you apply the policy, select the Change Voice Settings check box, and then select the Enable Voice check box. In the Select a Voice policy for the users list, click the name of the policy you want to view, and then click View. Click OK to close the Add or Edit Policy dialog box. Choose a policy from the list, and then click Next.
•
If the global setting for Enterprise Voice policy is not set to Use per user policy, you cannot change the Enterprise Voice policy for the selected users. Click Next to continue. For more information about Enterprise Voice policies, see the Microsoft Office Communications Server 2007 (Public Beta)Enterprise Voice Planning and Deployment Guide.
Note In order to configure a particular Enterprise Voice setting for a specific user, the corresponding setting under the forest’s Enterprise Voice Properties must be configured to allow enforcement on a per user basis.
9. Verify the status of each user configuration operation, and then click Finish to close.
Step 4 Deploy the Office Communicator Client Install and configure Microsoft Office Communicator 2007 on each client in your organization. Users of Communicator 2005 can still sign in after they are hosted on an Office Communications Server, but there are important considerations if you choose to have users running both Communicator 2005 and 2007 in your environment. See the Office Communications Server 2007 Planning Guide and the Migrating to Communications Server 2007 guide for more details.
26 Microsoft Office Communications Server 2007 (Public Beta) Standard Edition and Communicator 2007 Deployment Guide
4.1 Deploy Communicator After you download the Communicator.msi file, you can deploy Office Communicator in two ways: •
For users who are a member of the Administrators group on their own computer, let them download Communicator and install it themselves.
•
Distribute Communicator by deploying the Windows Installer package (.msi) as you would any other .msi file.
To install Communicator 1. Download Communicator.msi, and then double-click it. 2. On the Welcome to Microsoft Office Communicator 2007 Setup page, click Next. 3. Review the license agreement, and then click I accept the terms in the License Agreement if you agree to the terms of installation. (Required to continue installation.) Click Next to continue. 4. On the Configure Microsoft Office Communicator 2007 page, accept the default directory or click Browse and browse to another directory. When you are finished, click Next. 5. When the wizard has completed, click Finish.
4.2 Configure Client Logon After the DNS records have been configured, you can configure client computers to automatically connect to the Standard Edition Server. Use the following procedure on each client to enable your users to connect to Office Communications Server.
To configure automatic connectivity for Office Communicator clients 1. Open Microsoft Office Communicator. 2. Click Tools, and then click Options. 3. On the Personal tab, click Advanced, and then click Automatic Configuration. 4. Click OK, and then click OK again.
4.3 Test Office Communications Server Configuration for Office Communicator To test the Office Communications Server configuration for Office Communicator, you can use the Validation Wizard. You can also test the Office Communications Server configuration for Communicator by signing in to Office Communicator on two computers by using two different accounts that you have created on the server and then sending messages from one client to the other.
To test Office Communications Server configuration for Office Communicator clients using the Validation Wizard
Microsoft Office Communications Server 2007 (Public Beta) Standard Edition and Communicator 2007 Deployment Guide 27
1. Log on to a server in your domain as a member of the RTCUniversalServerAdmins group. 2. In the deployment tool, click Deploy Standard Edition Server. 3. At Validate Server Functionality, click Run. 4. On the Welcome to the Communications Validation Wizard page, click Next. 5. To verify that enabled users can log on, select the Validate SIP Logon (1-Party) and IM (2Party) check box. 6. On the User Account page, enter a user name, sign-in name, and password of a test user or another user enabled for Office Communications Server. 7. In Server or Pool, select the server where the user is hosted. When you are finished, click Next. 8. On the Second user account page, enter a user name, sign-in name, and password of another test user (another user enabled for SIP). This account will be used with the first account you specified to test IM functionality between two users. 9. In Server or Pool, select the server where the user is hosted. When you are finished, click Next. 10. If you have configured federation or public IM connectivity, on the Option to validate federation or public IM cloud page, click Test between internal user and federated partner users, and then type the SIP URI of a federated user account with which you want to test this functionality. Otherwise, clear the check box. 11. Click Next. 12. When the wizard completes, verify that the View the log file when you click ‘Finish’ check box is selected, and then click Finish. 13. In the log file, verify that <Success> appears under the Execution Result column. Look for <Success> Execution Result at the end of each task to verify that the server was added successfully to the Standard Edition Server. Close the log window when you finish.
To sign in and test Communicator 1. Log on to a client computer as a member of the Administrators group. 2. Click Start, click Programs, and then click Microsoft Office Communicator 2007. 3. Click your name, click Options, and then click the Personal tab. 4. Click Sign-in name, and then enter your SIP account. 5. Do one of the following: •
If you configured automatic sign-in, click OK.
28 Microsoft Office Communications Server 2007 (Public Beta) Standard Edition and Communicator 2007 Deployment Guide
•
If you did not configure automatic sign-in, click Advanced, and then click Configure settings. To test access to the server from inside your organization, click Internal Server name or IP address, and then type the internal Enterprise pool FQDN or IP address. To test access to the server from outside your organization, click External Server name or IP address, and then type the external Enterprise pool FQDN or IP address. Then, click TCP if you configured the server so that clients can connect by using TCP or click TLS if you configured the server so that clients can connect only by using TLS. When you are finished, click OK, and then click OK again.
6. Click Sign in. 7. In Sign-In Account, click Sign-in name, and then click OK. 8. Repeat steps 1 through 7 on a second client computer. 9. On the first computer, click Type a name or phone number, and type the full SIP URI of the account that is logged in on the second computer. 10. In the results list, double-click the name of the user logged in on the second computer. 11. Type a message, and then press ENTER. 12. On the second computer, verify that the message was received, and then type a message and press ENTER. 13. On the first computer, verify that the message was received.
Step 5 Deploy the Live Meeting 2007 Client Web conferences require the Microsoft Office Live Meeting 2007 client. For detailed information regarding Live Meeting 2007 client deployment, see Deploying the Microsoft Office Live Meeting 2007 (Public Beta) Client with Office Communications Server 2007.
5.1 Deploy the Live Meeting Client You can deploy the Microsoft Office Live Meeting 2007 client in the following ways: •
Distribute the Live Meeting client by using the client Windows Installer package (.msi file), and then distributing it as you would any other .msi file.
•
Have end users download the Live Meeting client. (A user must be a member of the Administrators group to install the client.)
Distributing the Meeting Client to Client Computers To deploy the Live Meeting client, download and run the installer package by using your organization’s preferred deployment method, for example, Systems Management Server (SMS), an Active Directory Group Policy, a scripted deployment, or any third-party software that supports .msi-based deployment.
Microsoft Office Communications Server 2007 (Public Beta) Standard Edition and Communicator 2007 Deployment Guide 29
Supporting End User Downloads of the Live Meeting Client Installer File
By default, Web conference invitations will connect users to the Microsoft Download Center to download the current version of the Live Meeting client installer file.
Note If you are using Microsoft Windows XP Service Pack 2 (SP2), the information bar on the Windows Internet Explorer® Internet browser can be configured to display when potentially dangerous actions on a Web page have been blocked, such as attempts to install software on the computer. When the installer for the Live Meeting client attempts to run, the information bar can show that the attempt was blocked. You must click the information bar to permit the installation to succeed, or you can click the link to install on the Web page, if it is there.
To install the Live Meeting 2007 client 1. Log on to a client computer in the domain as a member of the Administrators group. 2. In a Web conference invitation, click the link to download the Live Meeting client, or download LMConsole_en_us.msi, and then double-click it. 3. If you are prompted to run the Setup program from the server or to download it to your computer, click Run. 4. If you are prompted with a confirmation message that indicates the name of the setup program file and the name of the software publisher, verify that the file is from Microsoft, and then click Run. The Live Meeting client will be installed without requiring additional input. When the installer is finished, its window disappears.
5.2 Deploy the Outlook Add-in The Outlook Add-in is required for users to schedule Web conferences by using the Microsoft Office Outlook® messaging and collaboration client. After you deploy the Live Meeting client, deploy the Outlook add-in using the Outlook add-in Windows Installer file (.msi), and then distributing it as you would any other .msi file.
Note Microsoft Office Outlook must already be installed on the computer where you install the Outlook add-in.
To deploy the Live Meeting 2007 Outlook add-in 1. Download LMAddinPack.msi, and then double-click it.
30 Microsoft Office Communications Server 2007 (Public Beta) Standard Edition and Communicator 2007 Deployment Guide
2. Click Run. 3. On the Microsoft Office Live Meeting Add-in Pack page, click Next to begin installation. 4. When the wizard has completed, click Finish. You must restart Outlook to use the add-in.
5.3 Customize Meeting Invitations In Web conference invitations, you can customize the following: •
The support page URLs (internal and external)
•
The organization name that appears in the URLs
In Web conference invitations, there is a link for users to download and install the Live Meeting 2007 client. The client download URL is hosted by Microsoft. Meeting invitations also include a link to a support page. By default, the support page is hosted by Microsoft, but you can host your own support page on server running the Web Components Server or on your own Web server.
To host the Live Meeting 2007 client support page using the Web Components Server 1. Log on to the Office Communications Server running the Web Components Server. 2. Click Start, click Control Panel, click Administrative Tools, and then click Computer Management. 3. Expand the Services and Applications node, and then expand the Internet Information Services (IIS) Manager node. 4. Expand the Web Sites node, expand the Default Web Site node, and then click Conf. 5. In the details pane, verify the value of the Path for Int and Ext. 6. Create a Web page (in static HTML format) that provides support information to users of the Live Meeting 2007 client. 7. Copy the Web page that you created to the folders named in step 5.
Note After you copy the Live Meeting 2007 client support page to the appropriate locations, verify the following: •
The URL that internal users will use to view the client support page works inside the corporate network only.
•
The URL that external users will use to view the client support page works from outside the corporate network.
8. Click Start, click Control Panel, click Administrative Tools, and then click Office Communications Server 2007.
Microsoft Office Communications Server 2007 (Public Beta) Standard Edition and Communicator 2007 Deployment Guide 31
9. Expand the forest node, right-click the pool node, click Properties, and then click Web Component Properties. 10. Click the Meeting Invites tab. 11. Under Help desk URL, click Internal, and then type the URL that internal users will use to view the client support page. 12. Click External, and then type the URL that external users will use to view the client support page. 13. When you are finished, click Apply, and then click OK.
To host the Live Meeting 2007 client support page on a Web server 1. Log on to the Office Communications Server where you want to host the Live Meeting 2007 client support page. 2. Create a Web page (in any format) that provides support information to users of the Live Meeting 2007 client. 3. Copy the Web page to a Web folder under the default IIS Wwwroot directory that internal users will access and to a folder that external users will access. For example, if you copy an HTML Web page to “C:\Inetpub\wwwroot\meetings\support\int”, the default URL will be https:///meetings/support/int/.html.
Note After you copy the installer file to the appropriate locations, verify the following: •
The URL that internal users will use to download the file works inside the corporate network only.
•
The URL that external users will use to download the file works from outside the corporate network.
4. Click Start, click Control Panel, click Administrative Tools, and then click Office Communications Server 2007. 5. Expand the forest node, right-click the pool node, click Properties, and then click Web Component Properties. 6. Click the Meeting Invites tab. 7. Under Help desk URL, click Internal, and then type the URL that internal users will use to view the client support page. 8.
Click External, and then type the URL that external users will use to view the client support page.
9. When you are finished, click Apply, and then click OK. You can also change the name of the organization that appears in the links in the Web conference e-mail invitation.
To change the organization name in Web conference invitations
32 Microsoft Office Communications Server 2007 (Public Beta) Standard Edition and Communicator 2007 Deployment Guide
1. Click Start, click Control Panel, click Administrative Tools, and then click Office Communications Server 2007. 2. Expand the Forest node, right-click the Pool node, click Properties, and then click Web Component Properties. 3. On the General tab, click Organization, and then type the name of your organization. 4. Click OK to close the Properties page.
5.4 Set Up a Test Meeting After you install the Live Meeting client and the add-in, you can test the Office Communications Server configuration for Live Meeting by setting up a test conference.
To set up a test conference 1. Open Microsoft Office Outlook. 2. In the Microsoft Office Live Meeting dialog box that indicates the add-in was successfully installed, click OK. 3. Close Outlook, and then restart it to initialize the add-in. 4. On the Conferencing menu, Configure Providers. 5. In the User Accounts dialog box, click Sign-in name, and then type your SIP account. 6. Click Test Connection. 7. Do one of the following: •
If the Microsoft Office Live Meeting dialog box appears because the client is able to successfully establish a connection to the server, click OK, and then skip to step 10 to continue.
•
If the Error - Microsoft Office Live Meeting dialog box appears because the client is unable to establish a connection to the server, click OK, and then click Advanced.
8. Select the Use these servers check box, and then do one of the following: •
To test access to the server from inside your organization, click Internal Server name or IP address, and then type the internal Enterprise pool FQDN or IP address. Then, click TCP if you configured the server so that clients can connect using TCP, or click TLS if you configured the server so that clients can connect using only TLS.
•
To test access to the server from outside your organization, click External Server name or IP address, and then type the external Enterprise pool FQDN or IP address. Then, click TCP if you configured the server so that clients can connect using TCP, or click TLS if you configured the server so that clients can connect using only TLS.
9. Select the Use the following user name and password check box. Click User name and type your domain and user name in the following format: domain\username. Click Password, and then type your domain password. When you are finished, click OK. 10. Click OK to close the User Accounts dialog box.
Microsoft Office Communications Server 2007 (Public Beta) Standard Edition and Communicator 2007 Deployment Guide 33
11. In Outlook, click Schedule a Live Meeting in the toolbar. 12. In the e-mail template, click To, and then type the e-mail address of another user that is enabled for Office Communications Server. Click Subject, type a name for the conference, and then click Send. 13. When the recipient gets the e-mail for the scheduled Live Meeting, open the e-mail on both clients, and then click the Join the meeting link. 14. The Live Meeting client appears.
Note If the Live Meeting client is not already installed and configured on the second client, steps 4 through 10 of client configuration may be required on the second computer.
15. If required, on both computers, click Meeting ID, and then enter the meeting ID that is specified in the e-mail. Click Entry Code, type the entry code specified in the e-mail, and then click Join. 16. When in the Web conference, click the Attendees list and verify that both users are listed. 17. Test other Web conferencing features by using the instructions in the Microsoft Office Live Meeting 2007 (Public Beta) Getting Started Guide.
Validation and Troubleshooting Hints ISSUE: Problems signing in with the client To troubleshoot user sign-in issues, use the Validation Wizard option to test SIP logon. You can also check the following: •
Ensure that the user is actually enabled and configured properly in the Active Directory Users and Computers snap-in under RTC properties. •
Check for event codes 30021 or 30027 in the Office Communications Server event log.
•
Ensure that all users’ SIP Domains (at least the suffix) are reflected in the global settings SIP Domain list.
•
Ensure that all users’ SIP Domains (at least the suffix) are reflected in the global settings SIP Domain list
•
Client computer trusts the Certificate Authority
•
Server certificate is configured and is valid for client automatic sign-in (assuming you are not using manual sign-in). The certificate must match the domain suffix of the end-user’s SIP URI.
•
Office Communications Server Standard Edition service is running.
•
Server has permission on the database. Check the SQL database by using SQL Query Analyzer to ensure that the RTC Server Local Group is a member of the “Server Role” on the RTC (static) database.
ISSUE: Problems starting the services
34 Microsoft Office Communications Server 2007 (Public Beta) Standard Edition and Communicator 2007 Deployment Guide
At times, the Start Services Wizard reports that there are failures starting the services if one or more services do not respond in a timely fashion. This can happen even when all services have started successfully. You can check the application event log to verify the services that have been started. You can also rerun the Start Services Wizard to verify the results. ISSUE: Problems using the Web Components Server • If the user receives an “unauthorized 401” error, verify that the user is enabled for Web conferences in Active Directory Users and Computers RTC properties. •
If the user receives an error that the server is unreachable, verify that the IIS server is running. Also verify that the Front End Server on which the Web Components Server is running has a valid service account and that the Standard Edition Server Front-End service is enabled and running by using the Service Control Manager.
ISSUE: Client stops responding when joining a conference The certificate on the server may not be configured correctly. Check the event logs on the client and the server for events that mention certificate-related issues. ISSUE: Problems archiving Stop and restart Office Communications Server. Sign out and then sign in again using Office Communicator, and then try to send an instant message. Check the Archiving and CDR Server again to see if it is archiving messages. ISSUE: When attempting to join a Web conference, error message “Conference join operation was unsuccessful” displays Web conferencing is disabled by global settings. In order for a user to start or join a Web conference, Web conferencing must be enabled either globally or for the individual user.
Appendix A: LCSCmd This section provides sample usage of workarounds that are available during setup only by using the LCSCmd command-line setup option.
To prepare Active Directory for Communications Server using LCSCmd 1. Log on to the domain controller as a member of the SchemaAdmins group. 2. Insert the Microsoft Office Communications Server 2007 CD. 3. Click Start, and then click Run. In the Open box, type cmd, and then click OK. 4. At the command prompt, type the following, and then press ENTER: <path\Setup\i386\>LCSCmd.exe /forest[:{forest FQDN}] /action:schemaprep [/ldf:{location of ldf file}]
5. Type the following, and then press ENTER: <path\Setup\i386\>LCSCmd.exe /forest[:{forest FQDN}] /action:forestprep [/global:{Configuration | System}] [/groupdomain:{domain to create universal groups in}]
6. Type the following, and then press ENTER: <path\Setup\i386\>LCSCmd.exe /domain[:{domain FQDN}] /action:domainprep [/pdc:{DNS name of primary domain controller}]
Microsoft Office Communications Server 2007 (Public Beta) Standard Edition and Communicator 2007 Deployment Guide 35
Command-Line Setup Workaround Options
unregSPN - gives you the option to unregister and then reregister the SPN for the service account that is used to activate the server component. The unregSPN command-line setup option can be used when you do one of the following: •
Activate the SE server
•
Activate the Web Components Server
Example for activation of Standard Edition Server: <path\Setup\i386\>LCSCmd.exe /server[:{server FQDN}] /action:Activate /role:SE [/UnRegSpn]
Appendix B: Configuring a Standalone Certification Authority Use the following procedure to set up a Microsoft Windows Server 2003 standalone root CA.
To set up a certificate server 1. Log on to your CA server as a member of the DomainAdmins group. 2. Insert the Microsoft Windows Server 2003 CD. 3. Click Start, point to Settings, and then click Control Panel. 4. Double-click Add or Remove Programs. 5. Click Add/Remove Windows Components. 6. Click Application Server, and then click Internet Information Services (IIS). 7. Complete the installation. 8. Click Add/Remove Windows Components. 9. Select the Certificate Services box, and then click Next. 10. Click Standalone root CA, and then click Next. 11. Type the name of the CA root. This name can be a friendly name for the CA root in the forest root. 12. Change the Time duration to the number of years you plan to use this certificate. 13. Click Next to begin installation. 14. When prompted to stop IIS, click Yes. 15. When prompted with a message about Active Server Pages, click Yes. 16. Click Finish.
36 Microsoft Office Communications Server 2007 (Public Beta) Standard Edition and Communicator 2007 Deployment Guide
Appendix C: Certificate Request Scenarios Important Refer to the certificate instructions in the Microsoft Office Communications Server 2007 Public Beta Edge Server Deployment Guide to configure certificates on the Edge Server.
Use the examples in this section of various server FQDN and URL FQDNs scenarios to help determine the certificate or certificates that you need to request from your Certification Authority (CA).
Scenario 1. No External User Support If you are not supporting external users of any kind, then refer to the following table for the type of certificates to request: Example Certificate Requests Certificatio n Authority (CA) Type
Standard Edition Server FQDN
Internal URL FQDN
Certificate(s) to Request
Enterprise, standalone , or public
SE01.contoso.co m
SE01.contoso.com
Single certificate for Standard Edition Server and IIS, with a single set of credentials
Enterprise, standalone , or public
SE01.contoso.co m
Meetings.contoso.co m
Separate certificates for Standard Edition Server and IIS, each with its own credentials
Scenario 2. External User Support If you are supporting external users, refer to the following table for the type of certificates to request: Example Certificate Requests Certificatio n Authority (CA) Type
Standard Edition Server FQDN
Enterprise, standalone , or public
SE01.contoso. com
Internal URL FQDN SE01.contoso.co m
External URL FQDN
Meetings.contoso.co m
Certificate(s) to Request Single certificate for Standard Edition Server and IIS, using a single set of
Microsoft Office Communications Server 2007 (Public Beta) Standard Edition and Communicator 2007 Deployment Guide 37
credentials Enterprise, standalone , or public
SE01.contoso. com
Meetings.contoso. com
Meetings.external.con toso.net
Separate certificates for Standard Edition Server and IIS, each with its own credentials
Trusted Windows public CA
SE01.contoso. com
Meetings.contoso. com
Meetings.contoso.co m
One certificate for IIS using the URL FQDN credential and one certificate for Standard Edition Server using the Standard Edition Server FQDN If the certificate private key is marked as exportable, you may be able to use a single certificate for internal IIS and for the ISA reverse proxy.
Scenario 3. Support Client Automatic Sign-In This scenario assumes that you want clients to use automatic sign-in. If so, then refer to the following table for the additional requirements for the certificate requests: Example Certificate Requests Standard Edition Server FQDN
User SIP URIs
Additional Certificate Requirements
SE01.contoso.co m
*@contoso.com
None; refer to Scenario 2.
SE01.contoso.co m
*@contosoretail.com, *@contosobank.com
Server certificates will need additional alternate credentials to provide a suffix match with your users’ SIP domains; Use the FQDN of the Standard Edition Server as the Common Name (CN) of the server certificate, but include domains with suffixes that match the SIP user domains in the Subject Alternate Name (SAN).
38 Microsoft Office Communications Server 2007 (Public Beta) Standard Edition and Communicator 2007 Deployment Guide
Scenario 4. Generate an Offline Request (for a Public CA)
This section describes the procedures for requesting a certificate from a Public CA. If you need to generate an offline request or are using a public CA, use the following set of instructions to request and process the certificate.
To request the certificate 17. On the server on which you have installed Office Communications Server, click Start, click Programs, click Administrative Tools, and then click Office Communications Server 2007. 18. In the snap-in, expand the nodes until you reach the Standard Edition Server that you installed. 19. Right-click the server name, and then click Certificates. 20. On the Welcome to the Configure Certificate Wizard page, click Next. 21. On the Available Certificate Tasks page, click Create a new certificate, and then click Next. 22. Select Prepare the request now, but send it later, and then click Next. 23. Click Name, and then type the name for the new certificate. For example, you can use the server name as the certificate name. 24. Clear the Mark cert as exportable check box, and then click Next. 25. Click Organization, and then type your organization name. 26. Click Organizational unit, type the name of your department, and then click Next. 27. Click Subject name, and then type the FQDN of the server. 28. Select the Automatically add local computer name check box, and then click Next. 29. Select your Country/Region, State/Province, and City/Locality, and then click Next. 30. Click Browse, choose a location, enter a File name (with a .txt extension) for the certificate request, and then click Save. 31. Verify the path and file name of the certificate request file in the File name box, and then click Next. 32. Review the request information, and then click Next. 33. Click Finish. Repeat these steps on the other front-end server(s).
Issuing the Certificate Request If you are an administrator on the Certificate Authority, use these steps to issue the certificate after you have generated the request. If you are not an administrator on the Certification Authority, use the instructions in the following section, “Submitting an Offline Request to a Public CA,” instead.
To issue a certificate 1. Click Start, and then click Run. In the Open box, type mmc, and then click OK.
Microsoft Office Communications Server 2007 (Public Beta) Standard Edition and Communicator 2007 Deployment Guide 39
2. In the File menu, click Add/Remove Snap-in. 3. Click Add, click Certification Authority, and then click Add. 4. Click Another computer, and then click Browse. 5. Choose your CA, and then click OK. 6. Click Finish. 7. Click Close. 8. Click OK. 9. In the snap-in, expand the Certification Authority node. 10. Right-click your CA, click All Tasks, and then click Submit new request. 11. In the Open Request File dialog box, navigate to and click the certificate request (.txt) file that you created using the wizard, and then click Open. 12. In the Save Certificate dialog box, enter a File name (with an X.509 extension, .cer, .crt, or .der) for the certificate, and then click Save. 13. Close the CA snap-in. Repeat these steps on the servers in the pool for which you generated an offline certificate request.
Submitting an Offline Request to a Public CA If you are not an administrator on the Certification Authority or if you use a public CA, after you have generated the certificate request, access the public CA site to submit the request. Depending on the CA, the process will vary, but you generally need to supply your organizational and contact information. If prompted, choose the following options: •
Microsoft as the server platform
•
IIS as the Version
•
Web Server as the certificate usage type
•
PKCS7 as the response format
When the public CA has verified your information, you will receive an e-mail that contains the text required for the certificate.
Process the Pending Certificate Request After you submit the certificate request, verify that the certificate was downloaded correctly and has been bound to the local computer store.
To process the certificate from the Public CA 1. On the server on which you have installed Office Communications Server, click Start, click Programs, click Administrative Tools, and then click Office Communications Server 2007. 2. In the snap-in, expand the nodes until you reach the Standard Edition Server that you installed.
40 Microsoft Office Communications Server 2007 (Public Beta) Standard Edition and Communicator 2007 Deployment Guide
3. Right-click the Office Communications Server, and then click Certificates. 4. On the Welcome to the Configure Certificate Wizard page, click Next. 5. Click Process the pending request and install the certificate, and then click Next. 6. In Path and file name, do one of the following: •
Enter the location and file name of the .cer file issued to you by the CA, and then click Next.
•
Click Browse. Locate the certificate issued to you by the CA, and then click Open.
7. Verify the certificate location and filename in the Path and file name box, and then click Next. The certificate is installed to the local computer store. 8. Click View Certificate to view the details of the certificate, and then close the certificate. 9. Click Finish.
Appendix D Optimizing Your Network Interface Card for High A/V Traffic For many deployments, you can use the default settings on your network interface. However, in the following situations, you should optimize for A/V traffic flow by increasing receive and transmit buffers settings to three times their default value on your network interface cards: •
If you anticipate audio and video traffic on any particular A/V Conferencing Server or A/V Edge Server to exceed 200-250Mbps
•
If your servers experience packet loss on the network
Note The following procedure provides steps to change these settings on a typical network interface card. The procedure will vary depending on your manufacturer.
To change your network interface card settings 1. Log on to the computer running A/V Conferencing Server or A/V Edge Server with local administrator permissions. 2. Right-click Computer Manager, and then click Manage. 3. In the console pane, click Device Manager. 4. In the details pane, expand Network adaptors 5. Right-click your network interface card, and then click Properties. 6. Click the Advanced tab. 7. Under Settings, click Performance Options. 8. Under Settings, click Receive Descriptors.
Microsoft Office Communications Server 2007 (Public Beta) Standard Edition and Communicator 2007 Deployment Guide 41
9. In Value, change the value to three times the default value, and then click OK 10. Under Settings, click Transmit Descriptors. 11. In Value, change the value to three times the default value, and then click OK.