A company in Finland called Humeko Ltd, is now offering a free one month trial for OCS 2007 services for companies. See full announcement here: http://www.humeko.com/news_20071119.htm (in Finnish only, sorry).
What they'll provide is an interesting package for a fairly cheap price: OCS 2007 (Standard) services including IM, Presence and audio/video conferencing for users, 6,95 eur/month/user. Enterprise gives you Web conferencing on top of that (Live Meeting) for 13,95 eur/month/user.
Great to see OCS gaining more ground!
Oftentimes when deploying OCS 2007 to complex environments something doesn't work as expected. Even more often the culprit is either a certificates issue or AD (and thus, often a DNS) issue.
One of my colleagues had problems when connecting Office Communicator to OCS 2007, using Access Edge. Thus the workstation was outside the company's LAN (and AD), and was running Windows Vista with Internet Explorer 7.0. Most companies choose to deploy OCS 2007 with private certificates, i.e. generating their own rather than shelling out the hard-earner dollars to companies like Verisign.
The problem here is that while the workstation is able to connect, you will see a problem with authentication. Debugging this through OCS 2007 Logging Tool (which, I might add, is excellent) it all boils down to certificate problems - the client doesn't have the CRL (Certificate Revocation List), and IE7 always enforces that by default.
Fix? Uncheck "Check for server certificate revocation" -option from IE7 > Tools > Internet Options > Advanced.
..and missing those fancy ADUC (Active Directory Users and Computers) controls for enabling users to your pool? Fear not, just run this to get them visible:
mmc /32 dsa.msc. Yeah, I'm a keyboard junkie amongst other vices, but this was something I really needed to troubleshoot for a sec. It seems every day is a learning day!
I, for one, have been struggling a bit when it comes down to understanding what's happening with OCS 2007 (Office Communications Server 2007, RTM'd some time ago). Having played with LCS 2005 (Live Communications Server 2005) quite a bit, I've been eagerly waiting for the first stabile betas and release candidates of its successor.
Here is my attempt to explain OCS 2007 (Standard Edition) in 10 insights from the field:
10. Can be deployed with SQL Express on the same box - scales a bit poorer but is easier to set up for demo/trial/customer case environments. This is what I use in my daily work
9. Office Communicator 2.0, Office Communicator Mobile 2.0, Microsoft Tanjay/Catalina phones and Communicator Web Access are all good ways of using OCS. Most people will be happy with MOC (Microsoft Office Communicator 2.0), yet one should really take a look at the mobile client for Windows Mobile 5/6 - it's hugely useful when out of the office. Remember to export your cert chain for this to work.
8. It all boils down to two main support vehicles - Active Directory and Certificate Services. Learn these, and use these for debugging (via the excellent OCS Logging Tool running with Powershell)
7. Start your OCS 2007 deployment with the central server (i.e. the first box that's going to host your IM/Presence roles of OCS), and go for the Edge Services last. They are always the hardest to set up, and often require quite a lot of troubleshooting with certificate issues.
6. If possible, avoid using third-party certificates. The process is a hassle, and not really worth the headaches.
5. Need to build a demokit/playground for OCS 2007? Here's my recommendation: Use whatever virtualization solution you prefer (read: Virtual PC 2007), and set up 3 virtual servers:
- Active Directory + Certificate Services -server
- OCS 2007 Standard (all core roles) + Exchange 2007 Unified Messaging
- OCS 2007 Standard (Edge/Mediation/CWA)
In addition use the host as a client for
- Roundtable
- SIP 2.0-phones (such as Cisco, Nokia and Nortel)
- Microsoft Tanjay/Catalina-phones
- Office Communicator
- Outlook 2007 for voice mailbox access
- VoIP Gateway (such as AudioCodes and Dialogic)
Make sure to enable IVT (Intel Virtualisation Technology) if your host supports that, and make that VPC 2007 is configured to use it.
4. Exchange 2007 UM (Unified Messaging) is easy to configure, but has a crappy interface for doing that. Just go out of your comfort zone for a sec, and use the command-line tools to do it. It's worth it.
3. OCS 2007 Guides are essential - Planning Guide is truly good, yet a few topics are not really described in detail, so prepare for some research during deployment
2. Check, doublecheck, triplecheck and have someone else check that your DNS zones and records are properly set up. "whoops, I missed the underscore" is a quite common problem. Oh yeah, Netbios-traffic (port 135/TCP) and AD RPC-traffic (ports 1025, 1026/TCP and UDP) are needed.
1. OCS 2007 is all about infrastructure! the rest is just persistence.
One of the 'perks' at Microsoft is the ability to dogfood things - i.e. installing every piece of alpha, beta, gamma and whatnot version of software that interests you. And then observing if your laptop still boots, or not.
I was asked recently "What's a good antivirus/antispyware software for a small company?". My obvious answer, which came out in 2 seconds, was of course "Forefront products!", but remembering this company had mostly laptops, I chose to recommend/insinuate that Windows Live OneCare 2.0 (http://get.live.com/) might be worth looking at. I've had the habit of skipping most of Microsoft's consumer products because I don't have the need for them personally.
Installation of OneCare 2.0 beta is fairly straightforward - setup -> next -> next -> restart. Since I already had another antivirus on my laptop I disabled that before restarting - just to avoid any additional problems.
After reboot OneCare shows a panel with a risk-factor of "good". Great!
Next, one needs to set up subscription - pay something to get updates. Long story short, I'm not only $49,95 poorer but my subscription doesn't work. It's good that the billing process works, yet I didn't receive the key to actually activate my subscription.
Bypassing this slight annoyance, next I need to connect my OneCare to other PC's in my circle. Obviously since I'm running a beta software I don't need to connect this anywhere - and I couldn't find a way to disable the nagging about connecting this machine URGENTLY to my OneCare circle. No thanks.
Finally, I've got the third urgent (!) message of backing up my PC. Since my subscription is not valid (yet, anyway) I can't use online backup. I do however have a 2 GB memory stick (with a fancy Vista-sticker, which makes it faster) that I tried to use as a backup media. After carefully selecting which files to backup, I get "Unknown error" when trying to schedule or initiate the backup.
I do have protection now, but with 3 red warnings throughout the OneCare console, and "YOU ARE AT RISK" everywhere. I guess I'm still not ready for consumer products.
I just got a note that the following migration tools for Microsoft Office SharePoint Server 2007 (MOSS) and Microsoft SharePoint Portal Server 2003 (SPS) have been released via CodePlex:
Check out the project's homepage at http://www.codeplex.com/SPMigration/.
It's possible to upgrade your existing Release Candidate installation of OCS 2007 to RTM. Alternatively you can do a clean installation (RTM bits here here and Office Communicator bits here). Should you go ahead with upgrade, here's a few tips you should keep in mind:
- Release Candidate upgrades to RTM only if you have the Volume License (VL) bits - and really, the bits, not just the license
- Evaluation (trial) license does not upgrade to MSDN RTM - at least, it's not tested
- Release Candidate does not upgrade to MSDN RTM
I find it almost always easier to start from a clean installation rather than do upgrades, but in certain scenarios it's often necessary to perform a direct in-place upgrade.
Recently I was working with a customer, where we had to deploy Office Communications Server 2007 (Release Candidate at the time) to their production environment. As it turned out when setting up Access Edge-role in their DMZ, remote Office Communicator (MOC) clients couldn't connect to it. At first we thought it was a certificate issue because of all the hassle you have with setting up MTLS, TLS and SSL-certificates to get OCS 2007 fully deployed.
Finally we tried tweaking with the client - by default, MOC is configured to contact OCS via TLS, so it should use port 443/TCP. This is something you can specify on the Access Edge (5061/TCP or 443/TCP) for clients. As it turned out, due to a feature, bug or position of the stars: if the MOC client is unmanaged, you need to manually specify the port in the External Address. Thus, you need to manually specify the port also (the radio button for TLS/TCP is not enough). This is the correct value then: ocs-edge-server.domain.com:443.
I'll keep you posted with additional OCS 2007 tips from the field.
OCS 2007 (Office Communications Server 2007), which was just released to RTM, finally has Live Meeting Conferencing built-in. You can use the Live Meeting client or the web frontend to attend your meetings. Because of the nature of OCS, you can deploy all services internally and expose selected services to external users (even for federated users) through your DMZ.
The challenge here is that when you deploy Live Meeting client centrally through SMS or Active Directory, you would need to specify what is the internal server for LAN users, and what is the external server for roaming users. Actually there's a switch for that in the GPO template but it only affects Office Communicator 2007 client, not Live Meeting.
So here's the fix:
Specify the values in registry:
HKEY_CURRENT_USER\Software\Microsoft\Shared\UcClient\ServerAddressExternal
HKEY_CURRENT_USER\Software\Microsoft\Shared\UcClient\ServerAddressInternal
Leech these to your GPO, and roll it out to your client workstations - works like a toilet in the train (bad Finnish humor, I know)!
I've been waiting ages to get my existing Windows Server 2003 MCSE-certification upgraded to more recent technologies. Now that we have Windows Server 2008 in the horizon it's nice to see that Microsoft Learning has the following exam in beta: Upgrading Your MCSE on Windows Server 2003 to Windows Server 2008, Technology Specialist: http://www.microsoft.com/learning/exams/70-649.mspx
You can get a clearer picture what you need to achieve here: http://www.microsoft.com/learning/mcp/mcse/windowsserver2008/default.mspx. Notice that since Powershell is an integral part with Windows Server 2008, it's time to brushen up those skills from Windows Script Host (WSH) to PS! And don't forget IIS 7.0. Or .NET Framework. Or the new Server Core-roles.
I bumped into this error message with a customer MOSS + Forms Server installation, that had it's key recently upgraded to an enterprise RTM version from a Beta 2 Technical Refresh (B2TR) key. Upon opening InfoPath-forms via Forms Server users would get a "Requested registry access is not allowed" -error.
After playing around a bit with the problem, and using regmon (http://www.microsoft.com/technet/sysinternals/utilities/regmon.mspx), I found out it was a security-related problem with this registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office Server\12.0\OfficeServerPremium
To fix this, I added WSS_WPG and WSS_ADMIN_WPG with the following permissions for those keys:
WSS_WPG (read), WSS_ADMIN_WPG (Full Control)
