Hello,

 

I was working on an OCS 2007 R2 implementation the other day and ran into a funny issue Live Meeting over the Edge Server.  Internally Live Meeting worked perfectly, but over the edge I was unable to connect to the meeting as a domain user or non-domain user.  I naturally checked all the entries on the edge server and in the enterprise pool to see if I mis-typed something, or had forgotten to complete an area.  Everything under web components looked good.  I then found this article, which solved the problem straight-away.

 

 

Nate

There is a great extension to STSADM that was developed that makes the process of exporting a subsite to the root of a site collection easier.  Here is a link to that utility and guide for using it:

 

I was working on a P2V when it failed and became stuck in a "creating... failed" status.  After trying all the GUI and PowerShell commands I found the following blog entry that gave me the solution.  http://blogs.technet.com/scvmm/archive/2009/04/30/fixing-an-incomplete-vm-that-s-stuck-in-the-creating-state.aspx

 

 

I encountered a problem installing SQL Management Studio Express on Windows Server 2008.  The issue presented odd symptoms, as during the installation all appeared to go well, except at the end the installation failed with an error.  The error I received was "Product: Microsoft SQL Server Management Studio Express -- The installer has encountered an unexpected error installing this package. This may indicate a problem with this package. The error code is 29506. The arguments are: C:\Program Files\Microsoft SQL Server\\90\SDK". 

 

 

 

 

I recommend extending the AD schema prior to the installation of SCCM.  The "extadsch.exe" tool is located in the BIN directory (\SMSSETUP\BIN\I386).  Executing it will extend the schema and log the results to the file "extadsch.log".  Prior to extending the schem I always do the following:

 

1.  Validate a good backup of all AD domain controllers exists

2.  Validate all domain controllers are replicating properly.  I will typically force replication to prove it.

3.  Validate the user account can extend the schema.

 

A guide from Microsoft is available here:

 

 

Make sure you check the log!  A failed SCCM schema extension installation operation will produce something like this:

 

<06-12-2009 09:30:39> Modifying Active Directory Schema - with SMS extensions.
<06-12-2009 09:30:39> DS Root:CN=Schema,CN=Configuration,DC=domain,DC=domain
<06-12-2009 09:30:39> Failed to create attribute cn=MS-SMS-Site-Code.  Error code = 5.
<06-12-2009 09:30:39> Failed to create attribute cn=mS-SMS-Assignment-Site-Code.  Error code = 5.
<06-12-2009 09:30:39> Failed to create attribute cn=MS-SMS-Site-Boundaries.  Error code = 5.
<06-12-2009 09:30:39> Failed to create attribute cn=MS-SMS-Roaming-Boundaries.  Error code = 5.
<06-12-2009 09:30:39> Failed to create attribute cn=MS-SMS-Default-MP.  Error code = 5.
<06-12-2009 09:30:39> Failed to create attribute cn=mS-SMS-Device-Management-Point.  Error code = 5.
<06-12-2009 09:30:39> Failed to create attribute cn=MS-SMS-MP-Name.  Error code = 5.
<06-12-2009 09:30:39> Failed to create attribute cn=MS-SMS-MP-Address.  Error code = 5.
<06-12-2009 09:30:39> Failed to create attribute cn=mS-SMS-Health-State.  Error code = 5.
<06-12-2009 09:30:39> Failed to create attribute cn=mS-SMS-Source-Forest.  Error code = 5.
<06-12-2009 09:30:39> Failed to create attribute cn=MS-SMS-Ranged-IP-Low.  Error code = 5.
<06-12-2009 09:30:39> Failed to create attribute cn=MS-SMS-Ranged-IP-High.  Error code = 5.
<06-12-2009 09:30:39> Failed to create attribute cn=mS-SMS-Version.  Error code = 5.
<06-12-2009 09:30:39> Failed to create attribute cn=mS-SMS-Capabilities.  Error code = 5.
<06-12-2009 09:30:39> Failed to create class cn=MS-SMS-Management-Point.  Error code = 8202.
<06-12-2009 09:30:39> Failed to create class cn=MS-SMS-Server-Locator-Point.  Error code = 8202.
<06-12-2009 09:30:39> Failed to create class cn=MS-SMS-Site.  Error code = 8202.
<06-12-2009 09:30:39> Failed to create class cn=MS-SMS-Roaming-Boundary-Range.  Error code = 8202.
<06-12-2009 09:30:39> Failed to extend the Active Directory schema.  Your Windows NT logon ID does not have the necessary privileges to extend the Active Directory schema.

 

A successful one looks like:

 

 

<06-12-2009 09:44:33> Modifying Active Directory Schema - with SMS extensions.

<06-12-2009 09:44:33> DS Root:CN=Schema,CN=Configuration,DC=domain,DC=domain

<06-12-2009 09:44:33> Attribute cn=MS-SMS-Site-Code already exists.

<06-12-2009 09:44:33> Attribute cn=mS-SMS-Assignment-Site-Code already exists.

<06-12-2009 09:44:33> Attribute cn=MS-SMS-Site-Boundaries already exists.

<06-12-2009 09:44:33> Attribute cn=MS-SMS-Roaming-Boundaries already exists.

<06-12-2009 09:44:33> Attribute cn=MS-SMS-Default-MP already exists.

<06-12-2009 09:44:33> Attribute cn=mS-SMS-Device-Management-Point already exists.

<06-12-2009 09:44:33> Attribute cn=MS-SMS-MP-Name already exists.

<06-12-2009 09:44:33> Attribute cn=MS-SMS-MP-Address already exists.

<06-12-2009 09:44:33> Defined attribute cn=mS-SMS-Health-State.

<06-12-2009 09:44:34> Defined attribute cn=mS-SMS-Source-Forest.

<06-12-2009 09:44:34> Attribute cn=MS-SMS-Ranged-IP-Low already exists.

<06-12-2009 09:44:34> Attribute cn=MS-SMS-Ranged-IP-High already exists.

<06-12-2009 09:44:34> Defined attribute cn=mS-SMS-Version.

<06-12-2009 09:44:34> Defined attribute cn=mS-SMS-Capabilities.

<06-12-2009 09:44:34> Class cn=MS-SMS-Management-Point already exists.

<06-12-2009 09:44:34> Located LDAP://cn=MS-SMS-Management-Point,CN=Schema,CN=Configuration,DC=domain,DC=domain

<06-12-2009 09:44:35> Successfully updated class LDAP://cn=MS-SMS-Management-Point,CN=Schema,CN=Configuration,DC=domain,DC=domain.

<06-12-2009 09:44:35> Class cn=MS-SMS-Server-Locator-Point already exists.

<06-12-2009 09:44:35> Located LDAP://cn=MS-SMS-Server-Locator-Point,CN=Schema,CN=Configuration,DC=domain,DC=domain

<06-12-2009 09:44:35> Successfully updated class CN=Schema,CN=Configuration,DC=domain,DC=domain.

<06-12-2009 09:44:35> Class cn=MS-SMS-Site already exists.

<06-12-2009 09:44:35> Located LDAP://cn=MS-SMS-Site,CN=Schema,CN=Configuration,DC=domain,DC=domain

<06-12-2009 09:44:35> Successfully updated class LDAP://cn=MS-SMS-Site,CN=Schema,CN=Configuration,DC=domain,DC=domain.

<06-12-2009 09:44:35> Class cn=MS-SMS-Roaming-Boundary-Range already exists.

<06-12-2009 09:44:35> Located LDAP://cn=MS-SMS-Roaming-Boundary-Range,CN=Schema,CN=Configuration,DC=domain,DC=domain

<06-12-2009 09:44:35> Successfully updated class LDAP://cn=MS-SMS-Roaming-Boundary-Range,CN=Schema,CN=Configuration,DC=domain,DC=domain.

<06-12-2009 09:44:36> Successfully extended the Active Directory schema.

 

<06-12-2009 09:44:36> Please refer to the SMS documentation for instructions on the manual

<06-12-2009 09:44:36> configuration of access rights in active directory which may still

<06-12-2009 09:44:36> need to be performed.  (Although the AD schema has now be extended,

<06-12-2009 09:44:36> AD must be configured to allow each SMS Site security rights to

<06-12-2009 09:44:36> publish in each of their domains.)

 

 

 

 

I have been doing a lot of installs of System Center Configuration Manager (SCCM) on Windows Server 2008 and have run into prerequisite checker issues that didn't come up prior.  One of those is WebDav, which in IIS 7.x needs to be installed manually, as it isn't included out-of-box.  The actual error is "Web-based Distributed Authoring and Versioning (WebDAV) is required for the management point and distribution point site system roles. If you have selected to install a site role requiring WebDAV, and it is not installed, this rule will fail."

 

 In order to install WebDav for SCCM or SharePoint, I've used the following guide, which has worked well.

 

 

This is also relevant for SharePoint implementations on Windows Server 2008 where WebDav is required.

 

The site above also has the other preqrequisites like BITS described as well.

 

 

I was installing SQL 2005 on Windows Server 2008 for an SCCM installation and I ran into some pre-requisite errors.  For those trying to be as granular as possible in the installation of IIS, here is the site at Microsoft that indicates the required components in IIS 7.x for SQL 2005.

 

 

 

Exchange 2010 will be introducing existing an exciting new feature called Database Availability Groups, which can provide high availability capabilities to even two server implementations of Exchange.  This is a great enhancement on the CCR and SCR capabilities found in Exchange 2007.  Check out the video of the technology here:

 

 

Hello,

 

I ran into this issue today when troubleshooting an Exchange 2003 system that was having problems with a site that had forms based authentication enabled on the IIS site.

 

The mailbox server [exchange server name] does not allow "Negotiate" authentication to its [exchange] virtual directory. Exchange ActiveSync can only access the server using this authentication scheme. For information about how to configure Exchange virtual directory settings, see Microsoft Knowledge Base article 817379, "Exchange ActiveSync and Outlook Mobile Access errors occur when SSL or forms-based authentication is required for Exchange Server 2003" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=817379). For information about how to properly configure IIS to support Kerberos and NTLM authentication, see Microsoft Knowledge Base article 215383, "How To Configure IIS to Support Both Kerberos and NTLM Authentication" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=215383). This issue may occur after installing Windows SharePoint Services on a server running Exchange Server 2003. For information about how to properly configure a server to run both Windows SharePoint Services and Exchange Server 2003, see Microsoft Knowledge Base article 823265, "You receive a "Page not found" error message when you use Outlook Web Access (OWA) to browse the Exchange Server 2003 client after you install Windows SharePoint Services" (http://go.microsoft.com/fwlink/?linkid=3052&kbid=823265).

For more information, see Help and Support Center at

 Set Description: The mailbox server [%1] does not allow "Negotiate" authentication to its [%2] virtual directory. Exchange ActiveSync can only access the server using this authentication scheme.

 http://support.microsoft.com/kb/215383/

The following was the resolution path:

NTAuthenticationProviders metabase property:

cscript adsutil.vbs get w3svc/WebSite/root/NTAuthenticationProviders

 

cscript adsutil.vbs set w3svc/WebSite/root/NTAuthenticationProviders "Negotiate,NTLM"

 

Disabled Forms in Exchange System Manager on the HTTP site

 

iisreset on Exchange Server

 

Enabled Forms in Exchange System Manager on the HTTP site

 

iisreset on Exchange Server

 

Hello,

 

I ran into a very interesting issue in a SharePoint install where it seemed that I could not connect to the SQL database when I accessed the "User Profiles and Properties" within the Shared Services provider.  Initially I suspected a SQL issue or network issue, but later found it to be several items. 

 

I found this blog, indicating a resolution:

 

Here is the overview of the article above:

 

1.  Applied .NET Framework 3.5 SP1=> Reboot

2.  Recreated SSL certificate using IIS 6.0 resource kit

3.  Reset the index server

4.  Reset IIS and search

5.  Install patch:  http://blogs.technet.com/damodar/archive/2009/04/05/error-while-setting-up-user-profiles-and-properties.aspx

6.  Reset IIS and search

 

Nathan Lasnoski

 

 

Mary-Jo Foley is reporting the RTM of Office Communications Server 2007 R2.  See her post for more details:

 

Nate

 

Microsoft has posted some very interesting videos of Office Communications Server 2007 R2 on Tech Net Edge. 

 

Here is a list of the videos:

 

Office Communications Server 2007 Call Attendant:

http://edge.technet.com/Media/OCS-and-the-new-Attendant/

 

Office Communications Server 2007 Conferencing:

http://edge.technet.com/Media/Whatrsquos-New-in-Conferencing-with-Office-Communications-Server-2007-R2/

 

Hello,

 

Here are some interesting technical assistance items for Office Communications Server 2007:

 

Base Documentation:

http://technet.microsoft.com/en-us/library/bb736218.aspx

 

Address Book Commands:

 

Replication of Active Directory attributes to address book:

"abserver - regenUR"

 

Syncronization of Office Communications Server address book to communicator clients:

"abserver -syncNow"

 

Dump of address book input file:

"abserver -dumpFile"

 

To manually update the address book files on the communicator client after next logon, you can delete the "galcontacts.db"

 

Migration of Users from Live Communications Server 2005 to Office Communications Server 2007:

 

Migrate users from LCS 2005 to OCS 2007:

 

• The best way to migrate users from one environment to the other is the "Move Users Wizard".  The wizard allows you to take an existing LCS 2005 user and move it to OCS 2007.  After the migration, use the "Configure Users Wizard" to enable presence capabilities.

 

Copy user data from LCS 2005 to OCS 2007:

"dbimpexp.exe"

 

Enhanced Presence vs. Standard Presence:

 

• If a user is configured for "Enhanced Presence" they can only use the Office Communicator 2007 client once migrated.  This is because enhanced presence enables the user for additional features only available in Office Communicator 2007.  The "standard presence" users can use either client during the migration.

 

Deployment Models

 

Office Communications Server 2007 Enterprise Edition in Consolidated Pool:

 

• The consolidated model provides high availability to the OCS implementation.  The servers each have multiple roles, allowing the servers to provide hot failover capabilities.

 

Office Communications Server 2007 Enterprise Edition in Expanded Pool:

 

• The expanded model requires a dedicated server for each role, providing higher performance.  To achieve high availability in an expanded pool, additional servers are required to serve those roles individually.

 

Office Communications Server 2007 Standard Edition:

 

• The standard edition deployment model is a single server implementation that does not support high availability.  It is inexpensive to implement but has limited scalability (typically 5,000 or less).

 

Certificate Requirements

 

The Office Communications Server product is now very dependant on certificates to facilitate communication between the different OCS components.  This usually necessitates an internal Active Directory Certificate Services implementation, though certain edge roles will typically require a trusted third party certificate.  The certificates for web servers is SSL, the certificates for authentication are MTLS (Mutual Transport Layer Security).

 

Front End:

 

The front end certificate must have a subject name of the external DNS address of the server.  The certificate must also include subject alternative names for the alternative domains of the environment.  To obtain an external certificate that supports subject alternative names, I'd suggest Entrust.net

 

Edge Server Components

 

The following are the edge server roles:

 

• Access Edge Server:  This is the single access point for remote / edge connections.
• A/V Edge Server:  This role provides for external audio and video conferencing.
• Web Conferencing Edge Server:  This role provides for Live Meeting collaboration with external clients.
• Director Server:  The director server role ensures that users are directed from the access edge server to their correct enterprise pool.

 

Communicator Web Access

 

The communicator web access product provides access to messaging capabilities entirely through an Internet browser.  The authentication can be configured for Windows Integrated or Forms Based.  For Mac OX or Firefox, you need to use forms based authentication, rather than Windows Integrated Authentication.

 

Office Communications Server Active Directory Prep

 

The four components of the Active Directory prep are:

 

• Prep Schema

 

The prep schema command creates the Active Directory classes and attributes that will be used by OCS.

 

• Prep Forest

 

The prep forest command creates the Active Directory container and objects for the Office Communications Server organizational settings and creates the standard groups used by the application.  

 

• Prep Domain

 

The prep domain command modifies the group permissions in a selected Active Directory to the requirements of Office Communications Server.

 

• DomainAdd to Forest Root

 

 

Configuring Custom Presence

 

The configuration of custom presence in Office Communicator requires two main modifications.  They are:

 

• The configuration of a custom presence XML file.  There are templates for configuring this here:

 

http://blogs.technet.com/toml/archive/2007/11/30/oc-custom-presence-states.aspx

 

• The registry must be modified with the "CustomStateURL" entry, which contains the XML file. 

 

http://technet.microsoft.com/en-us/library/bb963925.aspx

 

 

Key Ports

 

Here is an overview of the various key port requirements:

 

• TCP 8057 supports client PSOM connections from the Web Conferencing Server
• TCP 443 supports clients connecting to edge servers using an encrypted channel
• TCP 5060 supports internal SIP communications between servers
• TCP 5061 supports internal SIP communications between servers, as well as external SIP
• UDP 3478 supports inbound and outbound media connections at the edge

 

Voice Location Profiles and Voice Policy:

 

The practical usage of location profiles typically demands the following:

 

There can only be one voice policy per location.

 

To enable failover in the event of a mediation server failure, you can create a primary and secondary phone usage record

 

Required Settings on PBX Gateway to Communication with Mediation Server

 

The following settings are required on the gateway:

 

• SIP over TCP:  Microsoft Office Communications Server doesn't support SIP over UDP
• Configuration of IP address and FQDN
• TCP 5060 for Mediation Server communication
• Normalized E.164 numbers all around

 

Testing and Monitoring Tools

 

• OCSLogger.exe is a tool user to capture and analyze OCS logs.
• Window Management Instrumentation Tester (WBEMTest) is a tool used to modify WMI settings for OCS.

 

Settings Export

 

The LCSCMD application will allow you to execute various maintenance and prep commands.  To export the configuration to a backup server, use the "LCSCMD.exe /config" command.

 

OCS Platform Requirements

 

To see information about the recommended hardware requirements for OCS go to the following link:

http://technet.microsoft.com/en-us/library/bb870392.aspx

 

Archiving and CDR

 

To select the name of the server you will use for archiving, see the following:

http://technet.microsoft.com/en-us/library/bb905919.aspx

 

Message Queuing Requirements

 

The Archiving and CDR functions of Office Communications Server require message queuing to be installed.  The requirement is that all servers requiring archiving have it installed, as well as the archiving target sever.   More information:

http://technet.microsoft.com/en-us/library/bb894580.aspx

 

Nathan Lasnoski

Hello,

 

In Exchange 2007 the GUI management console no longer includes the mailbox  sizes by default.  This is a drawback, as it used to provide an easy tool for administrators to see mailbox sizes "at a glance".  To gain similar functionality, you can use PowerShell to list the mailboxes associated with a mailbox server, sorted by mailbox size.  The following is the PowerShell command:

 

Get-MailboxStatistics -Server ServerName | Sort-Object -Property TotalItemSize | Format-Table DisplayName, TotalItemSize

 

Nathan Lasnoski

 

Hello,

 

Are you trying to find out the version of Sharepoint that you're running?  Here are the major ones that I have come to know during my client engagements:

 

MOSS 2007 and WSS 3.0 RTM: 12.0.0.45.18

MOSS 2007 SP1 and WSS 3.0 SP1:  12.0.0.6219

MOSS 2007 SP1 and WSS 3.0 SP1 w/ Cumulative Updates:  12.0.0.6327

 

It will state this in the central administration console and you can also see it in Add / Remove Programs.

 

For an excellent exhaustive list, check out Penny Coventry's blog, which has these plus many more:

http://www.mindsharpblogs.com/penny/articles/481.aspx

 

Nathan Lasnoski

 

Hello,

 

Microsoft publically released information about OCS 2007 R2 features at VoiceCon today.  Here are some of the key items that were referenced:

 

Collaboration:

 

• Dial-in Audio Conferencing:

 

You can now eliminate external conferencing solutions using an on-premise conferencing bridge associated with the Office Communications Server.  This is a significant upgrade from prior, where Live Meetings couldn't integrate with the PSTN without Microsoft's hosted product.

 

• Desktop Sharing:

 

You can now share your desktop with another individual through the a web interface.  In the initial release we had to use the Live Meeting console, which was a little overboard to do remote desktop sharing.  It's nice they're expanding that feature set in the R2 release.

 

• Persistent Group Chat:

 

You can now have "longer running" group chat conversations, almost like a message board.  I can see this being a great tool for long running topical discussions, rather than using chains of emails.

 

Voice and Video Features:

 

• Attendant Console:

 

This feature set allows users to have more control over their own, or delegated communications endpoints.  This will integrate workflow and allow for individuals like personal assistants to control incoming calls.  This will allow OCS to compete more head on with telephony features with these sophisticated features.

 

• SIP Trunking

 

This feature allows OCS 2007 R2 to peer with an external Internet telephony service provider without the need for a traditional handoff and gateway.  This feature will significantly improve the flexibility of OCS implementations and certainly reduce cost.  I see a great value in eliminating the two connections from your ISP (voice and data) and in some cases, receiving only data service. 

 

• Response Group

 

This feature allows users to configure incoming call rules which route calls to groups of individual s under a defined workflow scheme.  This would be very helpful in a call center, providing routing and queuing. 

 

• Communicator Mobile

 

The team has invested in providing additional support for phone platforms with "single number reach" through communicator mobile.  The features include products like Nokia S40, Motorolla RAZR, Blackberry, and Windows Mobile.  Considering how powerful messaging can be on a mobile phone, the expansion of support is a nice thing to see.

 

• Video Quality

 

The new release will support HD video from certain cameras, allowing for extremely high quality video conferencing for specialized uses.

 

The other note, which already knew already, is that OCS 2007 R2 will be 64 bit only.

 

The source for these details is the following:

http://blogs.technet.com/brettjo/archive/2008/10/14/ocs-2007-r2.aspx

 

No Jitter:

http://www.nojitter.com/blog/archives/2008/10/microsoft_ocs_2.html

 

Microsoft Press Pass:

http://www.microsoft.com/presspass/press/2008/oct08/10-14OCSR2PR.mspx

 

Nathan Lasnoski

 

Hello,

 

Anyone planning on using Hyper-V in conjunction with failover clustering (and you should) needs to make sure they apply this patch.   The changes significantly improve the virtual machine user experience through the failover clustering console.

 

http://support.microsoft.com/kb/951308

 

Nathan Lasnoski

 

Hello,

 

Here is a big note for all you SCVMM beta users who are trying to link up ISOs to virtual machines.  I was trying to associate a ISO with a new virtual machine by linking and ran into an error.  The problem was that Hyper-V virtual machines do not natively support linking of ISOs, so you will have to choose the option to have the ISO copied to the host system during its build, which is fine.

 

Nathan Lasnoski

 

Hello,

 

In working on recent Hyper-V builds I've found that special consideration needs to be made for the storage array the Hyper-V cluster is connected to.  In the instance of HP EVO SANs, I found that I encountered the error "does not support persistent reservation" when using the Windows Server 2008 cluster preparation wizard.  The error prevents the preparation of the disks that will be used by the initial cluster.  I found that the fix was relatively simple.  We needed to change the disk type to "Microsoft Windows LH".  This then allowed the Windows Server 2008 cluster to use and move the disk from host to host. 

 

Thank you,

 

Nathan Lasnoski

 

Hello,

 

I've been spending  a lot of time lately on content migrations and I've found a tool that has been extremely useful to  me.  Initially when doing migrations (import / export) I'd find myself using the following stsadm tools regularly:

 

stsadm.exe -o export -url https://site -includeusersecurity -nofilecompression -filename f:\backup

 

stsadm.exe -o import -url https://site -includeusersecurity -nofilecompression -filename f:\backup

 

Then, I stumbled on the content deployment wizard, which removes some of the automation, but replaces the stsadm commands with a nice GUI.  I've found it paticularly nice for training the occasional administrator:

 

http://www.sharepointnutsandbolts.com/2007/12/introducing-sharepoint-content.html

 

It's a free download, so I'd definitely check it out.

 

Nathan Lasnoski