Deploying Exchange Server 2007 and Office Communications Server 2007 R2

[patris1]

کد:

http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/deploying-exchange-server-2007-office-communications-server-2007-r2-part1.html

PART-1

Introduction

There are a lot of questions out there about Exchange Server 2007 and OCS 2007 R2 deployment, in this article series we are going to go over the entire process in order to help you set up both products and make sure that our clients are configured properly. As you may know, Exchange Server 2007 and OCS 2007 R2 use the concept of roles and each product has several roles to deploy, which in turn increases the complexities for the IT administrator. Based on roles, we can start adding complexity and functionalities to the Exchange Server and OCS, such as: archiving, federation with public IM providers (MSN, AOL and Yahoo), add severs in a DMZ to provide external access (OCS) and hygiene for the incoming mail traffic (Exchange).
As you can see, there are plenty of options for using both products, the idea of this article series is to provide some guidance on how to deploy and integrate both products. You may want to use this article series to help you out during your POC (Proof of Concept) or before you start building your environment. At the end of the series, you will be able to visualize the basic steps in order to build your UC (Unified Communications) environment and as a result, your end-users will be way more collaborative through OCS Communicator, Live Meeting and Outlook.
Scenario

We are going to create an environment from scratch in this article series, and we are going to use the scenario shown in the Figure 01. Our Active Directory domain/forest will be called apatricio.local and the public name will be andersonpatricio.org, the public name will be used to associate the e-mail address of all users of our company and also the OCS logon name.

Figure 01
In the table below we can see more details about the environment. As you may have noticed, we are using two Domain Controllers and they are also part of the Global Catalog. Exchange Server and OCS 2007 R2 rely entirely on Active Directory and a single Domain Controller will be the single point of failure in our environment. It is for this reason that I always recommend to use a minimum of 2 (two) domain controllers. Also, Domain Controllers should not be shared with OCS or Exchange Server servers.

Server Name

IP Address

Role

SRV-AD

192.168.100.10

Domain Controller and Global Catalog

SRV-AD02

192.168.100.12

Domain Controller and Global Catalog and Certification Authority

SRV-EX01

192.168.100.15

Exchange Server 2007 SP1

SRV-OCS

192.168.100.20

Office Communications Server 2007 R2
We also know that Exchange Server and OCS may be a critical system and they may require fault tolerance, high availability and disaster recovery solutions. We are going to go over some of these options during the course of this article series. We are going to start simply with a single server for each product and afterwards I am going to demonstrate how we can improve fault tolerance, high availability and disaster recovery solutions to both products.
Before going any further in the technical portion of the deployment, let us take a step back and analyze the current roles of each product and the minimum roles required in our deployment.
Exchange Server roles

Exchange Server 2007 has been out there for a while now and its successor Exchange Server 2010 will use the same architecture (there are some changes but the number of roles have not changed), the role architecture of Exchange Server can be seen in the Figure 02.

Figure 02: Exchange Server 2007 High-level architecture (Courtesy of Microsoft)
Based on the figure above, we can get an idea about the roles and where they are located in a network. Topics for each role with key features and their use are as follows:

• Client Access Server:
  Role responsible for all non-MAPI communication between clients and Exchange Server (OWA, Outlook Anywhere, POP3 and IMAP4). In Exchange Server 2010 it will include MAPI as well.
  
• Edge Transport Server:
  Role responsible to clean up all incoming mail traffic using built-in anti-spam agents. Edge Server cannot share hardware with any of the other roles and it should be placed in a DMZ.
  
• Hub Transport Server:
  Role responsible to route messages within the organization. It can also be configured to receive external e-mail.
• Mailbox Server:
  Is the repository of all data (messages, voice mail, appointments, contacts and etc.). This role is able to host mailbox and public folders. It is the only role that can use cluster to provide high availability and automatic failover, in Exchange Server 2007 it comes in two flavors (SCR and CCR).
  
• Unified Messaging:
  UM role can connect Exchange Server with the PBX systems. This role is able to receive faxes, OVA (Outlook Voice Access), Auto Attendant and Voice Mail systems for an Exchange server organization. UM role also integrates with OCS and allows the Communicator clients to retrieve Voice Mail and OVA features.

Okay, we have 5 (five) roles that can be distributed among different servers but we have just one box in our initial deployment we need to use the minimum required, which is 3 (three) roles: Hub Transport, Mailbox Server and Client Access Server. In order to have an Exchange Server 2007 organization we need at least one of these roles, they can be either in different servers or combined in a single box.
Office Communication Server 2007 roles…

Office Communications Server is also based on roles. In the OCS world, we have more roles available than Exchange, both products together in a large scenario may contain more than 10 roles easily and I am not even talking about high availability at this point.
In Figure 03, we can see a full deployment of OCS 2007 R2 using Load Balancing and all roles. We are going to see in the following articles how we can plan our solution. Do not be scared about the number of roles, most importantly at this point is to understand the architecture of both products and a good lab (this article series will help you on that one too!!) and start simply with a single role and begin adding more roles based on your company’s requirement.

Figure 03: OCS 2007 R2 Consolidated Topology (Courtesy of Microsoft)
Based on the topology above, we could see the OCS roles in consideration of the “bigger picture”. Here is a brief description of each role:

• Front-End Server
  This is the first role that should be installed on your environment; using a Front-End Server your users will be able to be more collaborative using IM (Instant Messaging), Web Conferencing (Live Meeting), Application Sharing, Audio/Video conferencing and so on.
  
• Edge Server
  This role works for external users that want to use OCS outside of the internal network and also to federate service with other public networks such as MSN, AOL and Yahoo.
  
• Director role
  If you remember Front-End and Backend topology on Exchange Server 2003, then this analogy will work for you: The director acts as a Front-End Server on that scenario. Basically, this role does not host any user and it should be used by Edge Server to communicate with the internal servers, then it will route sessions to the proper internal servers or balance the requests among the pool (Enterprise version).
• Monitoring (CDR & QoE)
  This role gathers two types of data: Call Details Record(CDR) and Quality of Experience (QoE). CDR captures usage of IM, file transfers, meetings, AV conferencing and so forth; on the other hand QoE captures data from VoIP and video calls such as: quality of the call, participants, IP addresses, device names and etc.
  
• Archiving Server
  Archive IM conversation for regulatory purposes. The archive can be done at user or pool level.
  
• Group Chat Server
  That is a new role that came with OCS 2007 R2 and allows the creation of persistent groups where members of the group can use online chat rooms and also the content can be persistent which is great for dispersed groups in a global company.
  
• Mediation Server
  This role is located between the UC Infrastructure and another gateway that can be a Media Gateway or a PBX. This role will do all signaling and media between those two environments.
  
• Communicator Web Access (CWA)
  A Communicator web client where non-Microsoft clients are able to join OCS and collaborate with another contacts using a web browser.

Conclusion

In this first article we saw an overview of the Exchange Server and OCS 2007 R2 roles. We also took a look at the lab that is going to be used during this article series. Keep in mind that the objective of this series is to provide help in order to create a UC environment from scratch. In the next article we are going to go over the process of building a basic network infrastructure to support Exchange Server 2007 and OCS 2007 R2.

---

موضوعات مشابه:

• ارور در هنگام نصب Office Communications Server 2007 R2
• What’s New in Office Communications Server 2007 R2
• مشکل با Office Communications Server 2007

---

[patris1]

کد:

http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/deploying-exchange-server-2007-office-communications-server-2007-r2-part2.html

PART-2

OCS Design

As we have seen in the previous part of this series, both Exchange Server and OCS can be deployed in many different ways and using a different number of servers based on the company’s SLA (Service Level Agreements) and solution requirements. OCS 2007 R2 has a tool called Planning Tool for Microsoft Office Communications Server 2007 R2 that recommends topology diagrams and hardware requirements to deploy OCS 2007 R2 based on the information provided by the administrator.
The tool can be found here.
The tool can be run on Windows Server 2008, Windows Vista Service Pack 1 and Windows XP Service Pack 3 operating systems. Please note that.Net Framework 3.5 is also required. The installation is a straight forward process, just accept the default values and you will find an icon entitled Planning tool in All Programs / Microsoft Office Communications Server 2007 R2.
The tool is really useful and easy to work, in the initial page (Figure 1), we have three options: Get Started (to create a new design), Design Sites (go straight to the design phase where you can select the server roles by site) and the last item that is Display where you can load a previous saved topology created by the tool. Let us start the tool from the basics, then we are going to click on Get started.

Figure 1
The second phase of the Planning Tool consists of several questions about functionalities and each question comes with a brief explanation about the future. Here are all the features that will be asked during this phase:

• Audio and Video Conferencing
• Web Conferencing
• Communicator Web Access (CWA)
• Enterprise Voice
• Monitoring
• Archiving
• Unified Communications Applications where we can select these Applications:
  - Response Group Service
  - Conferencing Attendant
  - Conference Announcement Service
  - Outside Voice Control
• Group Chat Server
• Device Update Service
• Federation
• High Availability

The next phase of the Planning Tool is the Site design. We can create more than one and also associate a name, domain, number of users and features of that specific site (all the options selected at this point were based on the questionnaire that we have just answered in the previous section), as shown in Figure 2. For each site configured, the administrator has to answer additional questions, these topics above are the content of those new set of questions:

• Percentage of users for that specific site that will be using Communicator Web Access (CWA) at the same time.
  
• Phone Settings, where we can decide how many users will be enabled for Enterprise voice, average number of calls to a PSTN destination, Network Line, gateway type and mediation server.
  
• External user access, in this section we can define the use of Edge Servers and if they are going to be highly available. Also, if you are deploying more than one site you can use Edge servers from another location.

Figure 2
As soon as you finish entering the site information, the Draw button will appear. You will now be able to see the Global Topology that consists of all your sites and Internet connections. You can double click on any site and the OCS Topology of that site, based on the information provided, will be displayed (as shown in Figure 3). The Actions section is really useful because from there you can print and view the Planning and Deployment steps based on the current environment/topology, also Export to a Visio file.

Figure 3
If you hover the mouse over each server on the topology diagram you will be able to see Hardware and port requirements for that role. Another nice feature of the diagram is the ability to generate an Excel file containing information about hardware profile, and port requirements. In order to generate such a file you must be on the Global Topology view level, if you are not there, just click on View Global Topology and on the menu entitled Actions you will see Export to Excel, the result will be a XML file that can be opened in Excel, as shown in Figure 4.

Figure 4
Exchange 2007 Planning

A nice tool that can be used for the planning stages of Exchange Server 2007 implementation is the System Center Capacity Planner 2007, found at Microsoft’s Download Center. The installation process is pretty straight forward. These are the steps that you can follow to validate your environment:

1. On the Welcome to the System Center Capacity Planner 2007 Setup Wizard page, click on Next
2. On the License Agreement page, if you agree with the license agreement, click on I agree
3. On the Select Installation Folder page, select the folder where you want to install the System Center Capacity Planner 2007, and click on Next
4. On the Confirm Installation page, click on Next to start the installation process
5. On the Installation Complete page, leave the current selection on Start System Center Capacity Planner 2007 and click Close
6. A pop-up will be displayed, click OK
7. On the main page, select Exchange Server 2007 and click on Create a new Capacity Model (Figure 5)

Figure 5

1. Click on Add Mailbox Site and a window will pop up at the bottom. On that page we can add more information about the site, such as the Name of the site, SAN usage, site profile, client profiles and so on (Figure 6). After submitting all the site details, click OK and the current site will add the list on the same page, you can add additional sites that will contain Exchange Server. When done, click Next

Figure 6

1. On the Client-Only Sites step, we can define sites that will have users but not Exchange Servers. Add the information according to your environment specifications and click Next
2. On the Networks step, we can define the internet bandwidth and the bandwidth between sites (if you have defined any additional site in the previous steps). Click Next
3. On the Hardware step, we can select CPU profiles to be used on each Exchange Server role if we are going to use different servers to each role. Select the CPU configuration and click Next
4. On the Application tasks we can select whether we want to have high availability for the Mailbox Server role and other roles. Our initial scenario will be simple with a single server, as shown in Figure 7. When done, click Next

Figure 7

1. On Model Summary page. We will see a summary of our topology and information of each site based on the decision that we have just done. Click on Finish. (Figure 08)

Figure 8
When done modeling the topology, the Model Editor will appear. Here you will be able to see a diagram of the proposed design (Figure 9). By default, all roles are added to the design; we can adjust the proposed design with the requirements. In our example, right click on a server role and then click on Edit Server Role. Once in the properties page we can consolidate the roles. Click on Run Results and if there are no critical issues, the Results Summary page will be displayed. We can now analyze and see possible bottlenecks of the planned solution, as shown in Figure 10.

Figure 9

Figure 10
Disk subsystem is really important for an Exchange Server deployment, the best way to measure the disk requirements is using a spreadsheet called Exchange 2007 Mailbox Server Role Storage Requirements Calculator spreadsheet from MSExchange.org team that can be found here. On the same page, we can find more information on how to use the spreadsheet.
Some vendors offer tools to help size Exchange Servers, you can always ask your vendor or use some of their public available tools. Here are some vendors and their respective Exchange size tools:

• Dell (Exchange Server Advisor)
• HP
• IBM
  
  

Conclusion

In this second article of our series we went over the planning phase for OCS 2007 R2 and Exchange Server 2007. There are different ways to do plan a solution, in this article we saw two Microsoft tools that are available to help you through this process. In the next article we will start building our POC environment from scratch, we will cover AD, DNS, Certificates services and more. Till next time!

[patris1]

کد:

http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/deploying-exchange-server-2007-office-communications-server-2007-r2-part3.html

PART-3

Introduction

So far, we have seen the roles that an OCS/Exchange implementation can have and we also introduced the scenario that we are going to work on throughout this article series. The main goal here is to provide some guidance in order to help you to set up, from scratch, an environment in order to use UC technologies. In this article, we are going to move really quickly through the initial steps required to install both our Domain Controllers. I am also going to add hints about this process and also about some services offered, such as; Certificate Services, Split-DNS configuration, and OS requirements for OCS Server.
If you have forgotten the scenario we have created in this article series (Figure 1), this article will be a bit of a reminder as we will begin to work on the scenario in this article. Because it’s a POC, the Certificate Services will stay on a Domain Controller but in a production environment it should be a machine dedicate for this role.

Figure 1
Installing Domain Controllers…

Both products (Exchange and OCS) rely entirely on AD and DNS, in this section we are going to go over the process to install the first domain controller and the secondary domain controller as well. It’s extremely recommended to have at least two domain controllers up and running to avoid service outages. If you have just one DC and that one fails, you would not be able to use OCS or Exchange even if they are in different machines.
Some hints:

• We have a single domain and a single forest; both Domain Controllers should be configured as Global Catalog
  
• Configure all servers as static IP address
  
• Configure all clients to use both Primary and Secondary DNS pointing out to the Domain Controllers
  
• Before installing the first domain controller, make sure that the Primary DNS server is configured to be its own IP; the same IP should be configured as Primary DNS on the second domain controller as well
  
• After installing the first domain Controller, go to the DNS Server Manager and create a reverse zone based on your IP configuration
  
• Using Active Directory Sites and Services (dssite.msc) associate the IP Address to the site, it is not a requirement when you have a single site, but it is better to do that to be prepared for additional servers that you may have down the road
  
• It is not a requirement but you can change the Active Directory site name to reflect your location using the same Active Directory Sites and Services

All process involved to build the first domain controllers in our environment are described in these steps below:

1. Click on Start, Run and type in DCPromo and click OK.
2. On Welcome to the Active Directory Domain Services Installation Wizard page. Click on Next.
3. On Operating System Compatibility page. We already know about the Windows 2008 security improvement and legacy products (Windows 98, NT and simple SMB implementations) may be affected, click on Next.
4. On Choose a Deployment Configuration page. Select Create a new domain in a new forest and click Next.
5. On Name the forest Root Domain page. Fill out with your FQDN of your new forest, and make sure that you have not added a single name to this field. In our article series we are going to use apatricio.local and click Next.
6. On Set Forest Functional Level page. Select the functional level, because we are creating a new one I would say that you don’t intend to install any legacy OS as Domain Controller, then select Windows Server 2008 from the list and click Next.
7. On Additional Domain Controller Options page. Make sure that DNS server is selected and click Next (Figure 2).

Figure 2

1. A dialog box about DNS Server delegation may pop up, asking if you want to continue. If it does, click on yes.
2. On the Location for Database, Log Files and SYSVOL page. Leave default settings and click Next.
3. On the Directory Services Restore Mode Administrator Password page. Define a password that will be used during the restore mode process and click Next.
4. On Summary page. A summary containing everything that we have selected so far will be listed, click on Next to start the process.
5. On Completion page. Click on Finish and a restart will be required.

Additional Domain Controllers are even easier to deploy, just make sure that your Primary DNS IP address is pointing out to the first Domain Controller that we have just built and follow these steps:

1. Logged on the second server that will be the additional domain controller.
2. Click on Start, Run and type in DCPromo and hit OK.
3. On the Welcome to the Active Directory Domain Services Installation Wizard page. Click on Next
4. On the Operating System compatibility page. Click on Next.
5. On the Choose a Deployment Configuration page. Select Existing Forest and click on Add a domain controller to an existing domain and then click Next (Figure 3).

Figure 3

1. On the Network Credential page. Use the FQDN name that we created on the previous procedure and click on Set… and use the Administrator credential and then click Next (Figure 4).

Figure 4

1. On the Select a Domain page. Select the designated domain from the list, and click on Next.
2. On the Select a Site page. By default the first site name is Default-First-Site-Name, select it from the list and click Next.
3. On the Additional Domain Controller Options page. Select both options: DNS Server and Global Catalog and click Next.
4. On the Location for Database, Log Files and SYSVOL page. Leave default settings and click Next.
5. On the Directory Services Restore Mode Administrator Password page. Define a password that will be used during the restore mode process and click Next.
6. On Summary page. A summary containing everything that we have selected so far will be listed, click on Next to start the process.
7. On Completion page. Click on Finish and a restart will be required.

After bringing two DCs up, now it is time to configure all servers to join our new domain and the client machines. The only requirement is make sure that all servers/workstations are pointing to the DNS servers and then join them to the domain. If you have are not certain about the process to follow, don’t worry, just follow the steps described on this KB article and you will be good:
Domain and Forest Level…

Both products have specific Forest and Domain level requirements to be in place before the deployment, and also some Operating System requirements. We created our environment from scratch and during the DCPromo we were able to define the Forest level. However, in some environments, you need to change the forest level/domain level to support either OCS or Exchange.
The good news is that if you are closer to the latest Forest/Domain levels you are in a good spot. The following table will help you to identify the minimum requirement for each product that you want to deploy.

Product
Forest Level (minimum)
Domain Level (minimum)
Operating System (minimum)
Hardware
Exchange Server 2007
Windows 2000 native
Windows 2000 native
Windows Server 2003 or 2008
X64
OCS 2007 R2
Windows Server 2003
Windows Server 2003
Windows Server 2003 or 2008
X64
Exchange Server 2010
Windows Server 2003
Windows Server 2003
Windows Server 2008
X64
Table 1 Note:
If you have special configurations requirements, the minimum may not be used. For example: If your solution requires Forest-to-Forest delegation in Exchange Server 2007, then the Windows Server 2003 forest level becomes a requirement.
If you have not started a lab from scratch to follow this article series, you may have to raise your forest/domain level. In order to raise either domain or forest level, you can use Active Directory Domain and Trusts. To raise the forest functional level, we just need to right click on the first item on the left and click on Raise Forest functional level as shown in Figure 5, if you want to raise the domain just right click on the desired domain from the list on the left and click on Raise Domain Functional Level.

Figure 5
Conclusion

If you have not had the chance to play with Active Directory before, now is your chance. Active Directory is the base for the majority of Microsoft products and should be understood before adding more services on top of it. In this article we just covered the basics in setting up an environment from scratch and prepare for OCS and Exchange properly.

[patris1]

کد:

http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/deploying-exchange-server-2007-office-communications-server-2007-r2-part4.html

PART-4

Installing Active Directory Certificate Services

Although it is essentially not a requirement, AD CS (Active Directory Certificate Services) helps the certificate management for internal servers. AD CS is the base foundation for PKI (Public Key Infrastructure) which in a production environment must be planned, protected and designed properly. In this article series we are going to install an Enterprise root Certification Authority and this type of CA uses Active Directory to manage certificates. Any machine joined to our domain will recognize the certs issued by our CA. These steps can be followed to deploy AD CS in a Windows Server 2008:

1. Open Server Manager.
2. Click on Roles.
3. Click on Add Roles.
4. On the Before You Begin page, click Next.
5. On the Select Server Roles page. Select Active Directory Certificate Services from the list and click Next(Figure 01).

Figure 1

1. On the Introduction to Active Directory Certificates Services page. Click Next.
2. On the Select Role Services page. Select Certification Authority and Certification Authority Web Enrollment (Figure 02). You are going to receive a prompt asking about required features, as shown in Figure 03, click on Add Required Role Features and then click Next.

Figure 2

Figure 3

1. On the Specify Setup Type page. Select Enterprise option and click Next.
2. On the Specify CA Type page. Select Root CA item and click Next.
3. On the Set up Private Key page. Select Create a new private key item and click Next.
4. On the Configure Cryptography for CA page. Leave the default settings and click Next.
5. On the Configure CA Name page. Time to specify a name for our Certification Authority and this name will be displayed when we try to create an online certificate request during OCS Deployment. The default value is <NetBIOS-name-of-the-domain>-<Server-Name>-CA. Click Next.
6. On the Set Validity Period page. We can specify for how long the certificate issued to this CA will be valid. Bear in mind that the CA only issues certificates if its own certificate is valid. The default value is 5 years. Click Next.
7. On the Configure Certificate Database page. We can define where the CA database and log location will be created, just click Next.
8. On the Web Server (IIS) page. This section was added because we select the Web Enrollment during the CA installation. Click Next.
9. On the Select Role Services page. Leave all default selections and click Next.
10. On the Confirm Installation Selections page. A summary of all settings that we selected so far will be displayed click on Install to start the installation process (Figure 04).

Figure 4

1. On the Installation Results page. We can see the result of the installation process of both roles (Certificate Services and IIS), as shown in Figure 05. At this point we can open http://<Server-Name>/CertSrv and you will be able to see the Microsoft Active Directory Certificate Services page.

Figure 5
Windows Firewall

In our scenario, we are going to take advantage of Windows Firewall which will be on at all times, as shown in Figure 06. It’s really important to keep it on during the Exchange Server and OCS installation process because the setup process will create Firewall exceptions automatically as part of the installation.

Figure 6
DNS Configuration

Well, you should know by now that the core for Unified Communications is the Active Directory and this one relies on DNS. You should also know that Unified Communications technologies use a lot of certificates. We have plenty of different types of certificates out there and tons of different ways to deploy them on your organization. In this article we will keep it simple and we will try to minimize the number of certificates used as much as we can, we are going to use a SAN (Subject Alternative Name) certificate and we are going to configure split DNS in our internal Active Directory.
Split DNS is a simple configuration, where your external DNS name has its own zone internally. Let us say our company external name is AndersonPatricio.org and we have our zone hosted in an external DNS and that zone has a couple of host entries, such as: www, autodiscover and mail. The same company has its internal Active Directory FQDN configured as apatricio.local as well. The split-DNS configuration is really simple, we just need to create andersonpatricio.org zone on our internal DNS servers which means that any query to the domain andersonpatricio.org will be answered by the internal server instead of the external one, and for this reason we must keep track of all hosts entries in the external zone and create them in the internal zone.
First of all, although it is not rocket science, some administrators still do not like to use split DNS configuration in their environment, the key here is to make sure that every time that you update an external record you should update it in your internal DNS too, otherwise you may experience strange scenarios such as external users being able to open the company webpage but not internal ones. The same happens for new services deployed internally. If they are going to be used externally, you should update your external DNS zones. Long story short: make sure that External and Internal DNS zones are matching their records.
In this article we are going to create just the zone, the SRV and special entries required for Office Communicator automatic logon will be covered in a future article where we will cover the Office Communicator logon process of this series. In order to create the external zone, we can follow these steps:

1. Open DNS Manager.
2. Expand <Server-Name>.
3. Right Forward Lookup Zones and click on New Zone…
4. On the Welcome to the New Zone Wizard page. Click Next.
5. On the Zone Type page. Select Primary zone and also check the option Store the zone in Active Directory and click Next (Figure 7).

Figure 7

1. On the Active Directory Zone Replication Scope page. Select the second item To all DNS servers in this domain: <Your-domain-name> and click Next. Selecting this option any new domain controller added down the road will have the same zone information and it does not require any extra administrative effort to replicate the zone among DNS servers.
2. On the Zone Name page. Fill this out with your external domain name, in our scenario it is going to be andersonpatricio.org, which doubles as our external domain, default SIP domain and SMTP address to all users (Figure 8).

Figure 8

1. On the Dynamic Update page. Select Do not allow dynamic updates option and click Next. This zone will be managed by Administrators.
2. On the Completing the New Zone Wizard page. Click on Finish.

Installing Operating Systems Features and roles to support OCS

In order to install OCS 2007 R2 some pre-requisites are required before running the OCS 2007 R2 Deployment Wizard. OCS 2007 R2 requires some Features and Roles in order to do the entire Active Directory Preparation and OCS installation from the OCS server. These are the steps required to install the Features needed for OCS 2007 R2 to run.

1. Open Server Manager.
2. Expand Features.
3. Click on Add Features.
4. Expand Remote Server Administration Tools.
5. Expand Role Administration Tools.
6. Expand Active Directory Domain Services Tools.
7. Select Active Directory Domain Controller Tools.

Also IIS must be installed prior OCS 2007 R2 installation, just start a standard Add Role wizard using Server Manager and make sure that all items shown in the two figures below are selected (Figure 09 and Figure 10).

Figure 9

Figure 10
Conclusion

At the end of the fourth article of this series, we have briefly covered the architecture, planning, and now AD Services deployments to build our environment. Finally, next article we are going to enter in the UC area where we are going to start with Exchange installation and in that article I will give you some hints that can save you some time during the Exchange installation process.

[patris1]

کد:

http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/deploying-exchange-server-2007-office-communications-server-2007-r2-part5.html

PART-5

Introduction

So far, we have introduced the roles and the planning process for the implementation of our main UC products. In the last couple of articles we created the basic services required for UC practice. Now it is time to start building our UC environment. The first piece of the puzzle to tackle is the messaging portion, namely, our well-known Exchange Server. An Exchange Server 2007 article explaining the installation process can already be found here on MSExchange.org alongside a bunch of tips and tricks to perform this process in our Forums and Blogs. In this article I will touch on this subject again but I will also add some of my own tricks and tips, such as disabling IPv6, installing the pre-requisites through XML files on Windows Server 2008 and also automatically update to the latest Rollup Update during the installation process.
Before starting the process, a couple of key points should be validated:

• Make sure that DNS Servers are configured properly and pointing out to the Domain Controller that we installed on the previous article
• Exchange server is a member of the domain that we created in the previous articles of this series.
• Make sure that the operating system is up to date
• Make sure that Windows Firewall is turned on before starting the installation process

Disabling IPV6

Exchange Server 2007 has IPv6 support, however, is not a requirement and we are not going to use it in our current environment so what we are going to do is to disable it. Before we can do this, do not go to the network adapter and uncheck the IPv6 component and think that is enough. The best way to disable IPv6 is by disabling it in the Windows Registry. Some Microsoft KBs, now they are called Microsoft Fix and basically they allow an administrator to download and run a small utility that will carry out the configuration required and described in that MS KB. IPv6 has a Microsoft Fix KB available and it can be found here.
The Microsoft Fix is a pretty straight forward procedure. Just open the file that you have just downloaded and accept the contract agreement and click on Next, and the click Finish (Figure 1). After that, a dialog box will pop up asking for a server restart and because we are not playing in product click on Yes to restart the server. After the restart, run an IPConfig /all command in the command-prompt and you will see that the IPV6 information doesn’t show up anymore.

Figure 1
Preparing the Source Installation Files

It is now time to prepare the Exchange Server 2007 installation. First of all, let us download Exchange Server from Microsoft or copy the content of an Exchange Server 2007 media that you may have to the C:\Ex2k7 folder. Why not install directly from the media? Well, we want to upgrade the Exchange Server 2007 to the latest Rollup Update (RU) during the installation. Exchange Server 2007 has Rollup Updates between Service Pack releases and they are incremental and they start from 1 after each Service Pack release, we can see a picture of the relation between service packs and Rollup Update on Figure 2. Microsoft has a KB article with all the information you will need about RU and Service Packs on Exchange Server 2007. The KB is also the best place to find the latest updates for the product, the KB can be found here.
Note:
Like any other Service Pack, the latest rollup Update has all updates from previous RU versions which means if you install RU 5 for Service Pack 1 all other previous 4 RU released before RU 5 will be included.

Figure 2
Well, at the time of writing this article, the most recent update is Service Pack 1. Therefore, we are going to download Exchange Server 200 SP1 and we are going to check the KB article mentioned earlier to find out how to download the latest Rollup Update for the current service pack. We are also going to download the content to the subfolder Updates of the Exchange Server installation source, as shown in Figure 3. Any update on that folder will be automatically executed after the product installation.

Figure 3
Installing the Pre-requisites

Okay, so far, we download the Exchange Server’s latest release version and also the latest Rollup Update. Now it is time to prepare the Operating System to support Exchange Server 2007. As we saw in our first article, the environment will have a single Exchange Server 2007 box containing the 3 main roles (Mailbox, Client Access Server and Hub Transport). We can go to the Server Manager and start installing from there the required roles, however, there is a better or simpler way to do that, we are going to the following MSExchangeTeam site and download a set of XML files that contain all OS requirements by Exchange Server role. These files can be used with the ServerManagerCMD utility of Windows Server 2008. After extracting the content of the zip file we are going to be presented with the following files, as shown in Figure 4.

Figure 4
The names of the files are self-explanatory, so let us use them to install all prerequisites for Exchange Server 2007. First, let us install the Base which contains the basic requirements for any role. If you receive a prompt that a restart is required after running ServerManagerCMD please do it and continue after restarting the server. These are the following XML files that will be used in our current environment. You can run these following commands from server command-prompt:

1. ServerManagerCMD –ip Exchange-Base.xml
2. ServerManagerCMD –ip Exchange-CAS.xml
3. ServerManagerCMD –ip Exchange-MBX.xml

Installation Process

The installation process is pretty straight forward and we should not have any issues because we have worked on all pre-requisites. You can use these following steps to install the first Exchange Server 2007 and because that is the first one the Organization will be created during this process as well.

1. Log on to the server.
2. Open the folder Ex2k7 and double click on Setup.exe
3. On Exchange Server Setup splash screen, click on Step 4: Install Exchange Server 2007 SP1.
4. On Introduction page. Click on Next.
5. On License agreement page. Read the contract and click on I Accept the terms in the license agreement and click Next.
6. On Error Reporting page. You have the option to choose if you want to send error reports automatically to Microsoft. Click Next.
7. On Installation type page. Click on Custom Exchange Server Installation and click Next.
   
   Note:
   In this scenario we could click on Typical however Custom which shows us all the roles and you should get used to their names and functions.
8. On Server Role Selection page. Select the main roles as shown in figure 05 and click on Next.

Figure 5

1. On Exchange Organization page. Fill out with your organization name and click Next.
2. On Client Settings page. In our article we are a happy company and all clients will be using Outlook 2007/2010 and because of that we can say No and click Next.
   
   Note:
   If you have any Outlook 2003 or Entourage in your environment you need to select Yes.
3. On Readiness Checks page. Validate if all components passed and click on Install. (Figure 06)

Figure 6

1. On the Completion page. You will receive the status of the installation process, and if all components are green you had a successful installation process. Click on Finish. (Figure 7)

Figure 7
Do you remember the Updates folder from the beginning of our article? Time to see if it worked out. Let us check the Program Features under Control Panel and we can see the Update Rollup 9 has been installed during the Setup process, as shown in Figure 8.

Figure 8
During the installation process the Setup also changed the firewall rules of the Windows Firewall component, we can open Windows Firewall with Advanced Security under Administrative Tools and we will see all the Inbound Rules created by the setup process, as shown in Figure 9.

Figure 9
Defining STMP Address

After installing Exchange Server 2007, one of the first things that we need to change in order to continue with our deployment is to create and apply our new domain name space for SMTP addresses. The internal clients joined to our domain will have single sign-on to access all applications, such as Exchange and OCS and we want also to use a single SMTP address between applications. In our scenario we are going to configure the SMTP domainand later on we are going to configure OCS to use the same domain. On Exchange Server 2007 side we can follow these simple steps:

1. Open Exchange Server Management Console.
2. Expand Organization Configuration.
3. Click on Mailbox.
4. Click on Accepted Domain tab.
5. Click on New Accepted Domain link located on the Toolbox Actions.
6. On New Accepted Domain page. Type in a Name and in the Accepted Domain field type in your domain name. (In our article series is AndersonPatricio.org) and select the option Authoritative Domain and click on New (figure 10)and Finish.

Figure 10

1. Now, click on E-mail Address Policies tab.
2. Right click on Default Policy and click on Edit.
3. On Introduction page. Just click Next.
4. On Conditions page. Click Next.
5. On E-mail Addresses page. Click on Add button and on the SMTP E-mail Address window. Let’s configure the format of e-mail address to be FirstName.LastName and also select the domain that we have just created which is our external SMTP address (in our article series andersonpatricio.org), and then click OK. (Figure 11)

Figure 11

1. On E-mail Addresses page. Set the new E-mail Address entry that we have just created as default clicking on Set as Reply, and afterwards remove the Active Directory FQDN address from the list. The final result is going to be a single line, as shown in Figure 12.

Figure 12

1. On Schedule page. Leave default settings and click Next.
2. On Edit E-mail Address Policy page. Click on Edit.
3. The result is going to be any existent user will receive @andersonpatricio.org as default SMTP address and it also applies to any new mailbox after this change.

This procedure will fit perfectly with OCS down the road because all users will have a unique identity to send messages and log on communicator.
Next Step

Exchange Server 2007 requires a lot of extra steps in order to be functional and all of them must be covered during your planning and design process. For the purpose of this article series we just make sure that the Exchange Server 2007 and the SMTP address are being configured, however you can check some of the steps that you may need in order to finish Exchange Server 2007 installation, as follows:

• Installing Exchange Server 2007 – Part 1 by Rodney Buike
  
• Configuring Mail Flow in a Single Exchange Server 2007 by Anderson Patricio
  
• 12 Tips to Optimize an Exchange 2007 Infrastructure (Part 1) by Rui J.M. Silva
  
  

Besides of those articles, there are some items that you should go over before putting an Exchange Server 2007 in production, such as: Antivirus, Backup, Certificates, Anti-spam, Web services, Mailbox maintenance and etc.
Conclusion

In this article we went through the Exchange Serve r2007 installation process. We have not configured the entire Exchange Server, we just configure the minimum requirements to build our proposed environment which is using a single SMTP address for all users and the same domain will be used as SIP domain of our OCS environment.

[patris1]

کد:

http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/deploying-exchange-server-2007-office-communications-server-2007-r2-part6.html

PART-6

Introduction

If you have downloaded the media from MSDN, you are probably given a choice to work with Enterprise and Standard versions from the same media. The Auto play option will open up the file CD_Screen.htm on an Internet Explorer session where you can decide which version you want to install.
In our environment we opted to use the Standard Edition, so, let us click on the Standard Edition link on that page (as shown in Figure 1). As soon as you start the OCS 2007R2 Deployment Wizard, which is the tool that will help you out along the way of the OCS deployment process, a dialog box asking for Microsoft Visual C++ 2008 installation will be displayed, click Yes as shown in Figure 2.

Figure 1

Figure 2
After installing Microsoft Visual C++ 2008 the OCS 2007 R2, the Deployment Wizard will show up (Figure 3). This tool makes it easier to deploy the product because all the steps are presented in a list format, in this article we are going to click on the first link which is Prepare Active Directory.

Figure 3
OCS 2007 R2: Active Directory Preparation Process

The first section of the OCS 2007 R2 Deployment Wizard is the Active Directory preparation. When you click on that link, a new page will be displayed containing all steps that we are going to perform in this article (Figure 4).

Figure 4
The Active Directory Preparation process is a straight forward process and can be performed using the OCS 2007 R2 Deployment Wizard or using the command-line utility LCScmd.exe. In this article series we are going to cover both methods. Basically, the process will prepare the environment in the order shown in Figure 5.

Figure 5
Each Active Directory Preparation phase requires a certain level of permissions in Active Directory, the minimum requirements are shown in the table below.

Step
Minimum Requirements
Schema
Must be member of the Schema Admins group
Forest
Must be member of the Enterprise Admins group in the forest root domain
Domain
Member of either Enterprise Admins group or Domain Admins group
Table 1
If you are not certain that you have enough permissions, just open a command prompt and run net user <Your-User-Name> /domain (Figure 6) and if you are not listed on those groups from the table above, add yourself into those groups and a log off and a log on will be required.

Figure 6
Okay, now it’s time to have some fun, and let us prepare our Active Directory to OCS 2007 R2 in the following sections.
OCS 2007 R2: Schema Preparation

The Schema preparation will add classes and attributes that will be used by OCS Server. These steps below can be performed to prepare the Schema using the OCS 2007 R2 Deployment Wizard.

1. Click on Prepare Active Directory in the Microsoft Office Communications Server 2007 R2 Deployment Wizard
2. Click on Run located on the Step 1: Prep Schema Section
3. In the Welcome to the Schema Preparation Wizard page of the Wizard, click Next
4. In the Directory Location of Schema Files page, leave the default settings, and click Next.If for some reason you have the schema files in a different folder, you select the new folder on this page. Also if you want to see the attributes that will be added to your schema beforehand you can check the file X:\Setup\Amd64\schema.ldf file out, where X: is your OCS 2007 R2 media drive. (Figure 7)

Figure 7

1. In the Ready to Prepare Schema page. Just click Next
2. In the final page, the setup process will warn you if everything went fine and you always have a chance to check the logs selecting the option View the log files when you click Finish and this option will open an Internet Explorer session containing all steps executed during the process and status of each tasks. Click Finish

In order to do the same procedure using command-line, these are the steps required:

1. Open a command-prompt and go to the X:\Setup\adm64 (where X: is the media with your OCS 2007 R2 installation bits)
2. Run the following command:
   LCScmd /Forest /Action:SchemaPrep

We can also use LCScmd utility to validate if the Schema Preparation was done properly, just run the following command and the output will be an html file that can be opened on a web browser.
LCScmd /Forest /Action:CheckSchemaPrepState
OCS 2007 R2: Forest Preparation

The Forest preparation should be run in the root domain of the forest and basically it will create Universal Groups, and global settings. In order to prepare the forest using OCS 2007 R2 Deployment wizard these following steps can be used:

1. Click on Prepare Active Directory in the Microsoft Office Communications Server 2007 R2 Deployment Wizard
2. Click on Run located on the Step 3: Prep Forest Section
3. In the Welcome to the Forest Preparation Wizard page of the Wizard, click Next
4. In the Select Location to Store Global Settings page, we have to decide where the OCS Global Settings will be stored. Microsoft recommendation for OCS 2007 R2 is to store the Global settings in the Configuration partition. Let’s use default settings (Figure 8) and click Next

Figure 8

1. In the Location of Universal Groups page. The domain where the groups created by this process will be created, we have a single domain, so let’s leave the default settings and click Next. (Figure 9)

Figure 9

1. In the SIP domain used for default routing page. Here we can define the SIP domain for the default routing, and by default is the Forest FQDN name. We have already defined our external domain name in our Exchange Recipient policy and here we are going to do the same, let us use only the external name and type in andersonpatricio.org and click Next. (Figure 10)

Figure 10

1. In the Ready to Prepare Forest page. A summary containing what we have seen so far will be displayed, click on Next to start the Forest preparation process
2. In the final page you should receive the same display which is “Forest Preparation Wizard has completed successfully” (Figure 11). Like any other OCS 2007 R2 installation wizard, you can always see the log files selecting the last checkbox. Click on Finish

Figure 11
To prepare the forest using command-line the following syntax is required:

1. Open a command-prompt and go to the X:\Setup\adm64 (where X: is the media with your OCS 2007 R2 installation bits)
2. Run the following command:
   LCScmd /Forest /Action:ForestPrep

In order to validate the procedure that we have just done, just run the command below. During the forest preparation the Universal Groups and global settings are created. We can see the universal groups created during setup in Figure 12.
LCScmd /Forest /Action:CheckForestPrepState

Figure 12
OCS 2007 R2: Domain Preparation

The last step during the OCS 2007 R2 preparation process is the domain preparation Wizard, we have to run Domain preparation in each domain that will contain either OCS Server or OCS enabled users. The process will create Access Control Entries (ACEs) using the Universal Groups created in the previous forest preparation step. These are the steps that can be used to prepare the domain using OCS 2007 R2 Deployment Wizard:

1. Click on Prepare Active Directory in the Microsoft Office Communications Server 2007 R2 Deployment Wizard
2. Click on Run located on the Step 5: Prep Current Domain Section
3. In the Welcome to the Domain Preparation Wizard page, click Next
4. In the Domain Preparation Information page, click Next
5. In the Ready to Prepare Domain page, click Next
6. On the final page, if everything went smoothly, you will receive the “Domain Preparation Wizard has completed successfully” icon. You can now click on Finish, or check the option View the log when you click Finish, to identify which components of this process may have failed.

In order to prepare the current domain using command-line, these following steps can be used:
LCScmd /domain /ActionomainPrep

Note:
If you want to specify a different domain, you can use the switch /domain:<FQDN of the domain>, if you leave blank the current domain will be used.
In order to validate the Domain Preparation process, you can run the following command and check out the file generated by the procedure:
LcsCmd.exe /domain:<FQDN AD domain name> /action:CheckDomainPrepState
Wrapping Up

The OCS 2007 R2 Deployment Wizard does a great job at tracking the tasks that have been finished, and at this point we can see that we finished the Active Directory preparation phase, as shown in Figure 13.
Step 7 of this current page is optional, basically you can delegate Setup and Administration of OCS to different accounts and groups, most of the steps are manual done through LCScmd.exe utility. Let’s click on Back button.

Figure 13
Conclusion

So far so good, we have deployed Active Directory, Certificate Services, and Exchange Server and we have just started the preparation of our Active Directory to support OCS. In the next article we are going to start the OCS Deployment process.

[patris1]

کد:

http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/deploying-exchange-server-2007-office-communications-server-2007-r2-part7.html

PART-7

OCS 2007 R2: Deployment Process

The first section of the OCS 2007 R2 Deployment Wizard is the Active Directory preparation. As soon as we get it sorted, as we did in the previous article, we can then click on Back and the OCS 2007 R2 Deployment Wizard page will look like it does in Figure 1.
Now, it is time to start deploying our first OCS Server, so in order to start the process let us click on Deploy Standard Edition Server.

Figure 1
The OCS 2007 R2 Deployment Wizard also has a step-by-step to deploy the server, as shown in Figure 2. Since we already installed all the pre-requisites for the Operating System, including the Features and Roles required for OCS, our process, from here on, is going to be a straight forward series of tasks.

Figure 2
In this article we are going to cover the first three steps and in the next article we are going to finalize the OCS 2007 R2 deployment.
Deploying the server

The first phase of the deployment process is to install the OCS 2007 R2 bits on the server. These following steps can be used to deploy the OCS server.

1. Let us click on the first Run button located in the Step 1: Deploy Server section to start the process to deploy and configure our OCS Server.
2. You may be prompted to install the Windows Media Format Runtime (Figure 3), if so a restart will be required, click on OK and wait for the installation process for that component and then restart the computer.

Figure 3

1. After restarting, click again on the Run button like we did before and the first page of the Deploy Server Wizard will show up, just click Next.
2. In the License Agreement page. If you agree with the contract, select I accept the terms in the license agreement and click OK.
3. In the Location for Server Files page. We can specify where OCS 2007 R2 server files will be installed, the default value is C:\Program Files\Microsoft Office Communications Server 2007 R2\ and it sounds good for us. Let’s click on Next.
4. In the Application Configuration page. We can decide which applications will be configured in the current server (Figure 04). The process to manage applications can be done afterwards from the console. We are not going to install any application at this point, uncheck all applications and click on Next.
   
   Note:
   Application Configuration is a new feature of OCS 2007 R2, these are a brief summary of each one of the available applications:
   - Conferencing Attendant: Allow PSTN users to join to a conference hosted in OCS
   - Conferencing Announcement Service: This application notifies users in a conferencing, such as: announcing new users or users that are leaving the conference, also notifies them if they have been muted and unmuted
   - Response Group Service: This application is able to answer and distribute calls to a pre-defined available agent
   - Outside Voice Control: Users using Mobile Communicator or Mobile for Java can use this new application as an intermediary to connect their mobile devices and UC endpoints. The mobile becomes an UC endpoint.

Figure 4

1. In the Main Service Account for Standard Edition Server page. We can use an existent account or create a new one. We are going to create a new account and password for the main service account. We are also going to use the name recommended by the installation wizard which is RTCService, as shown in Figure 5.

Figure 5

1. In the Component Service Account for this Standard Edition Server page. Now, we need to create a username and password to the Component Service (Figure 6), let us use the setup recommendation for account name and specify a password, click on Next.

Figure 6

1. In the Web Farm FQDNs page. In this page we can define the address where users will be able to download content meeting and Address book data (Figure 7). We are not going to deploy an external infrastructure at this point, let’s keep just the internal server name and click Next.

Figure 7

1. In the Location for Database Files page. We can specify where the databases used by OCS 2007 will be on the file system (Figure 8). The recommendation is always to separate database and log files in different set of disks. OCS 2007 R2 will use 2 databases (one with the persistent user data containing ACLs, contacts, OCS home server and scheduled conferences; and a second for transient user data, such as endpoints and subscriptions). After deciding the path for the OCS databases, click on Next.

Figure 8

1. In the Ready to Deploy Server page. A summary with all configurations that we have done so far will be displayed, click on Next to start the process.
2. In the final page, if everything went fine for you, the last page will display the Deploy Server Wizard has completed successfully message. Then, just click Finish. If any error occurs during the process the checkbox to view the log files will be checked automatically and then you can analyze the log files to identify the issue.

Configuring Server….

The previous step installed the SQL, configured services accounts and installed the OCS files on the server. Now it’s time to configure the service and define which are going to be the SIP domains, external access and etc. The Configuration process can be done through these following steps:

1. Make sure that the section Step 1: Deploy Server has a Complete flag on it.
2. In the Welcome to the Configure Pool/Server Wizard page. Click on Next.
3. In the Server or Pool to Configure page. Select our current server (in our scenario is SRV-OCS) and click Next, as shown in Figure 9.

Figure 9

1. In the SIP domains page. Here we are going to enter all domains that our future users can use to log on OCS (Figure 10). In our scenario we are a small company and we have a single public domain and we do not want any user trying to log on using the FQDN of the domain.

Figure 10

1. In the Client Logon Settings page. We are going to use automatic logon process to our clients and we are going to designate this server to allow automatic logon requests from our OCS clients, as shown in Figure 11.

Figure 11

1. In the SIP Domains for Automatic Logon page. If you have more than one domain you can decide which one will be supported by the current server for automatic logon (Figure 12). In our scenario, we have just one, let us check it and click on Next.

Figure 12

1. In the External User Access Configuration page. In the current phase of our deployment we are not going to configure external user access at this point, let us select Do not configure for external user access now (Figure 13) and click Next.

Figure 13

1. In the Ready to Configure Server or Pool page. A summary of we have configured so far will be displayed, click on Next.
2. In the final page, we should receive the display Configure Server or Pool Wizard has completed successfully, if so, just click on Finish and let us continue our deployment process (Figure 14).

Figure 14
Certificates

This section may bring up some questions by the administrator and I hope to shed some light on this process. This process impacts the automatic logon process that we are going over in the next articles and if you do not use the certificates properly you may have some issues to download your Address Book, authentication and so on. A good thing about Front-End servers is that they do not require Public Certificates and all certificate needs can be handled internally using a PKI infrastructure (we created that infrastructure in our first articles). In order to request and assign certificate to the OCS Front-End server, these following steps can be followed:

1. In the initial page, just click Next.
2. In the Available Certificate Tasks page. This page contains the main tasks that an OCS Administrator requires to manage certificates, and we can find the same wizard using the OCS 2007 R2 Management Console afterwards. Because we do not have any certificate in place, let us select the option where we are going to use an internal CA. Let’s click on Create a new certificate and click Next, as shown in Figure 15.

Figure 15

1. In the Delayed or Immediate Request page. If the certificate is going to be issued by an internal CA, the first option is when you have an internal PKI however if you are going to send it out to a Public Certification Authority the second option will be required. Click on Next.
2. In the Name and Security Settings page. We need to label the certificate, by default the certificate name is the NetBIOS name of the server, also the option to mark the cert as exportable is selected. Click on Next.
3. In the Organization Information page. Fill this page out using your company’s information and click Next.
4. In the Your Server’s Subject Name page. That’s the most important page of the Certificate Wizard, we need to define all names that will be used by OCS Server, and it will impact the single sign-on process if a proper name is not configured. OCS like Exchange Server supports SAN (Subject Alternative Names), in order to keep it simple, we are going to use the FQDN name of the server as Subject Name and in the SAN we are going to use sip.andersonpatricio.org (Figure 16).The single sign-on process performed by Office Communicator Client requires that certificates and DNS configurations match in order to have an end-user logon without any manual configuration.
   
   Note:
   In the article related to the client configuration we are going over the automatic logon process. So far we configured all users to use the public SIP domain which is the same for Exchange Server, and also created the split-DNS configuration for that domain. In this section we are assigning a certificate for the same domain and down the road we are going to complete the loop with the DNS SRV records.

Figure 16

1. In the Geographical Information page. Fill this page out using your company’s information and click Next.
2. In the Choose a Certification Authority page. Do you remember that long list of steps to build the Enterprise CA? Now, we are starting to put all pieces together. In this section we are going to request to that CA a certificate for our OCS Server. Let us now select an available CA from the list and click on Next, as shown in Figure 17.

Figure 17

1. In the Request Summary page. Review the settings that we have done and to start the process click on Next.
2. In the Assign Certificate Task page. Because we are using our internal CA the certificate request will be processed automatically which means that we can assign it to our server right away. Let us select Assign certificate immediately and then Next, as shown in Figure 18.

Figure 18

1. In the Configure the Certificate(s) of your Server page. A summary of the certificate task that will be performed will be displayed, click Next.
2. In the final page, the result should be the Certificate Wizard completed successfully message. Click on Finish.

Conclusion

In this article we have finished the first three steps for the OCS 2007 R2 Deployment. So far, we have installed, configured, and assigned certificates to the product. In the next article, we are going to play a little bit more with certificates, start the services, learn how to manage OCS users and validate the installation process

[patris1]

کد:

http://www.msexchange.org/articles_tutorials/exchange-server-2007/management-administration/deploying-exchange-server-2007-office-communications-server-2007-r2-part8.html

PART-8

Introduction

In the previous article of this series we started the deployment phase of the OCS 2007 R2. Now, we need to finish up the certificate portion of the deployment, start the services, validate the deployment and at the end we are going to see an overview of how to enable users to use OCS.
Assign The Certificate On IIS

The OCS 2007 R2 Deployment Wizard assigns the certificate to the OCS Server however it does not assign it to the IIS Server and a manual step is required. This step is really important otherwise your Office Communicator clients will not be able to download the Address Book. In order to assign the certificate that we have just created on IIS 7, these steps can be used:

1. Open Internet Information Services (IIS) Manager.
2. Expand <Server Name> item, then expand Sites and click on Default Web Site (Figure 1).
3. In the Toolbox Actions, click on Bindings…

Figure 1

1. In the Site Bindings window. Click on Add... (Figure 2).

Figure 2

1. Change Type to https, make sure that Port is 443 and SSL Certificate is the same cert that we have just created using OCS 2007 R2 Deployment Wizard, as shown in Figure 03.

Figure 3

1. Click OK and Close.

Starting The Services

Now that we have our Certificates in place and configured properly we can finally start the OCS services. In a production environment we should wait a little bit and wait for the Active Directory replication to take place. We can force the replication using Active Directory Site and Services or Replication Monitor, however, in our current environment we have only two Domain Controllers in the same site and the replication should be an issue. In order to start the services, let us go back do the OCS 2007 Deploy Wizard, and click Run at Step 6: Start Services, and follow these steps:

1. In the Welcome to the Start Services Wizard page. Click on Next.
2. In the Start Office Communications Server 2007 R2 Services page. A list of all services that will be started will be listed, as shown in Figure 04. Click on Next.

Figure 4

1. In the final page, probably you are going to receive a message saying Start Services Wizard has failed (Figure 5) but don’t worry just make sure that the View the log when you click Finish is selected and click on Finish.

Figure 5
If you look a little bit closer you will see that all services were started with success however the Office Communications Server Monitoring Agent failed, as shown in Figure 06. In order to enable Monitoring in an OCS environment we need an extra OCS role in place, and also the Message Queuing component installed on the Front-End Server, and because that is not the case of our current environment we can move forward in our deployment process.

Figure 6
Validating the Installation Process

After installing the Front-End Server the OCS 2007 R2 Deployment Wizard there are still a series of tests that can be performed to validate the new server. In order to validate the server installation, just click on Step 6: Validate Server and the entire list of available tests will be displayed (Figure 7).

Figure 7
Besides the several tests listed above, we have also the Step 6: Validate Application Functionality on the same page that will open a new page which has an extra 4 (four) tests designed to be performed against the applications. Remember that we have not installed any application during the setup process.

Figure 8
A common question is; “what if I don’t do the validation during the setup but want to perform these tests afterwards? How can you do that?” It’s a simple task, just right click on your OCS server and click on Validation (left side of Figure 9) or expand Validation underneath Available Tasks column on the right side (same Figure 9).

Figure 9
Installing Administrative Tools

By default, a new OCS 2007 R2 deployment does not install the Administrative Tools which means that your server will be up and running but you cannot enable users for OCS. In order to install the Administrative Tools these steps can be used:

1. Open OCS 2007 R2 Deployment Wizard, and on the first page click on Administrative Tools link on the right side (Figure 10).

Figure 10

1. In the License Agreement page. Click on I accept the terms in the license agreement and click OK.
2. That is all we need, now we can check the new two items that we have under Administrative Tools groups, as shown in Figure 11.

Figure 11
You can do the same process in any machine that you want to manage either Communicator Web Access or OCS, and this process also adds integration with Active Directory Users and Computers, when we have it installed, just right click on a user and you will see the OCS options, as shown in Figure 12.

Figure 12
Managing Users

Now, it is time to start playing with our new environment. At this point we have Exchange Server and OCS up and running and we can start enabling users on both services. There is no right or wrong here where we should be creating our users however creating the users first on Exchange Server and then enabling them for OCS seems to be easier. Why? First of all when you try to enable OCS users the wizard will ask you about the sign-in name which by default is the User’s e-mail address, as shown in Figure 13.

Figure 13
However the user’s e-mail address attribute is not populated by default (Figure 14) but if you enable the user mailbox the e-mail address attribute will be populated by the Reply address of the user as show in Figure 15.

Figure 14

Figure 15
So, if we create the mailbox first, then the e-mail attribute will be populated and the default settings on the OCS Enable user wizard will work without any additional configuration. Now let’s enable an OCS user using the suggested order, these following steps can be followed:

1. Create the new users using either Active Directory or Exchange Management Console, make sure that the user is mailbox enabled.
2. Logged on a Server where you have the OCS Administrative Tools installed.
3. Open Active Directory Users and Computers.
4. Right click on the designated user and click on Enable users for Communications Server…
5. On the Welcome to the Enable Office Communications Server Users Wizard page. Click Next.
6. On the Select Server or Pool page. Select the OCS Server that we have just installed and click Next.
7. On the Specify Sign-in Name page. If you already created the mailbox just leave default settings and click on Next.
8. On the Ready to Enable users page. Click on Next.
9. On the Enable Operation Status page. The user name should be listed on the first box and besides its name the SIP URI. Click on Finish.

After going through the entire process (create user -> enable mailbox -> enable OCS user), then we can check its E-mail Address tab using Exchange Management Console. We will be able to see the SIP address (used by OCS) and the SMTP address (used by Exchange Server), as shown in Figure 16.

Figure 16
Conclusion

In this article we finalized and tested the OCS deployment process. We also saw how to manage OCS Users and a good way to create them when we have Exchange and OCS working together. In the next article we are going to play with the client side of things, mainly; Office Communicator, Live Meeting and Outlook integration