OCS StandardEditionDeployment

Microsoft Office
Communications
Server 2007
Standard Edition
(Public Beta) and
Microsoft Office
Communicator 2007
Deployment Guide
Published: March 2007
This document supports a preliminary release of a software product that may be changed substantially prior to final commercial release.
This document is provided for informational purposes only and Microsoft makes no warranties, either express or implied, in this document.
Information in this document, including URL and other Internet Web site references, is subject to change without notice. The entire risk of
the use or the results from the use of this document remains with the user. Unless otherwise noted, the companies, organizations, products,
domain names, e-mail addresses, logos, people, places, and events depicted in examples herein are fictitious. No association with any real
company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying
with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document
may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical,
photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation.
Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this
document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give
you any license to these patents, trademarks, copyrights, or other intellectual property.
 2007 Microsoft Corporation. All rights reserved.
Microsoft, MS-DOS, Windows, Windows Server, Windows Vista, Active Directory, Internet Explorer, Outlook, PowerPoint, and SQL
Server are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries.
All other trademarks are property of their respective owners.

Contents
Contents............................................................. ..............................3
Introduction..................................................................................... ..1
Overview of Office Communications Server 2007 Standard Edition. .1
Infrastructure Requirements and Prerequisites.................................2
Overview of Standard Edition Deployment................................... .....5
Step 1: Prepare Active Directory Schema, Forest, and Domain.........5
Step 2 Deploy Standard Edition Server.............................................6
2.1 Configure DNS for your Standard Edition Server....................6
2.2 Deploy Office Communications Server Standard Edition......11
2.3 Configure Standard Edition Server.......................................12
2.4 Configure Certificates.................................................... .......14
2.4 Enable A/V and Web Conferencing.......................................17
2.5 Start the Services........................................................ .........20
2.6 Validate Your Server Configuration.......................................21
Step 3 Create and Enable Users............................................. .........22
3.1 Create and Enable Users for Office Communications Server 22
3.2 Wait for User Replication to Complete..................................23
3.3 Enable Enhanced Presence..................................................23
3.4 Configure Users.......................................................... ..........24
Step 4 Deploy the Office Communicator Client...............................25
4.1 Deploy Communicator................................................... .......26
4.2 Configure Client Logon....................................... ..................26
4.3 Test Office Communications Server Configuration for Office
Communicator......................................................................... ...26
Step 5 Deploy the Live Meeting 2007 Client...................................28
5.1 Deploy the Live Meeting Client......................................... ....28
5.2 Deploy the Outlook Add-in...................................................29
5.3 Customize Meeting Invitations.............................................30
5.4 Set Up a Test Meeting...................................................... .....32
Validation and Troubleshooting Hints..............................................33
Appendix A: LCSCmd..................................................................... ..34
Appendix B: Configuring a Standalone Certification Authority........35
Appendix C: Certificate Request Scenarios.....................................36
Appendix D Optimizing Your Network Interface Card for High A/V Traffic 40
Introduction
This document describes the high-level steps necessary to deploy Microsoft® Office
Communications Server 2007 Standard Edition (Public Beta).
Important
If you are migrating from Live Communications Server 2005
with Service Pack 1, see the Migrating to Office
Communications Server 2007 guide. If you are migrating from
Office Communications Server 2007 Beta 3 to Public Beta, see
the Migrating from Beta 3 to Office Communications Server
2007 Public Beta guide.
Overview of Office Communications

Server 2007 Standard Edition
Office Communications Server offers a Standard Edition and an Enterprise Edition.
• Standard Edition is designed for use in small or medium-sized organizations. Standard
Edition is also recommended for organizations that do not require Enterprise Edition
performance, scalability, and high-availability.
• Enterprise Edition is designed for large-scale deployments that are typical of large
organizations. In an Enterprise Edition deployment, multiple Office Communications Server
Enterprise Edition servers are deployed as a pool behind a load balancer. Servers in the pool
share a central Microsoft SQL Server™ database that stores user data.
Office Communications Server Standard Edition Server
Components
In Office Communications Server Standard Edition, the following components run on a single
physical computer:
• Local Microsoft SQL Server™ 2005 Express Edition with Service Pack 2 (SP2) database
• Front-end server component that houses instant messaging, presence, telephony
conferencing servers, and all essential user services operations.
• Web Conferencing Server (formerly called the Data MCU) component that enables on-
premise conferencing.
• A/V Conferencing Server (formerly called the A/V MCU) component that enables two users
(using Microsoft Office Communicator 2007) or more (using the Microsoft Office Live
Meeting 2007 client) to share audio and video streams in a peer-to-peer fashion.
• Web Components Server that enables users to upload presentations and other data that is
used by the Web Conferencing Server.
2 Microsoft Office Communications Server 2007 (Public Beta) Standard Edition and
Communicator 2007 Deployment Guide
Infrastructure Requirements and

Prerequisites
Software Infrastructure Requirements
Before you deploy Office Communications Server Standard Edition, you need to have the
following:
• Microsoft Windows Server® 2003 operating system with Service Pack 1 (SP1) or R2
• SQL Server 2005 Express Edition with Service Pack 2 (SP2)
Note
SQL Server 2005 Express Edition with SP2 is installed
automatically on the Standard Edition server if you do not
already have it installed. SQL Server databases are not
supported on NTFS or FAT compressed volumes. For this
reason, ensure that you do not install Standard Edition server
on a compressed drive. For more information, see
http://support.microsoft.com/kb/231347.
• MSXML 6.0 Parser, which is installed automatically on the Standard Edition Server if you
do not already have it installed.
• Active Directory® Domain Services in Microsoft Windows Server® 2003 native mode in all
domains where you plan to deploy Office Communications Server or host Office
Communications Server users.
Note
Installation of Office Communications Server is not supported
on the same computer that is an Active Directory global
catalog (GC) server or a domain controller (DC).
• Domain Name Service (DNS)

• Certificate Authority (CA) - Enterprise (recommended), standalone, or public CA. If you are
deploying in a lab environment and do not have a CA deployed, see Appendix B for
instructions on setting up a standalone CA.
• Microsoft Internet Information Services (IIS) 6.0, including Active Server Pages
components, installed on any computer where you will install Standard Edition Server.
Note
After you install IIS, go to the Microsoft Windows® Update
Web site to check for updates.
Microsoft Office Communications Server 2007 (Public Beta) Standard Edition and Communicator
2007 Deployment Guide 3
• If you plan to archive IM traffic or use call detail recording (CDR), install the Archiving and
CDR Server according to the Microsoft Office Communications Server 2007 Public Beta
Archiving Deployment Quick Start.
Hardware Requirements
To deploy Standard Edition Server, your server computer must meet the following minimum
hardware requirements:
• PC with dual processor 3.2 GHz or faster with hyperthreading
• 2 × 36 gigabytes (GB) of available hard disk space
• 1 MB cache
• 2 GB of RAM
• 1 gigabit per second (Gb/s) network adapter
For an in-depth discussion of the hardware options, refer to the Microsoft Office Communications
Server 2007 Planning Guide.
Windows Service Dependencies
We recommend that you disable the Windows services that are not required on the computers
where you install Office Communications Server. The following table describes the Windows
services that Office Communications Server requires. You can safely disable all other services.
Office Communications Server Service Dependencies
Office Communications Server Windows Service Dependencies
Service Name
Office Communications Server HTTP SSL (HTTP, IIS Admin Service,
Front-End (RTCSRV) Remote Procedure Call, Security
Accounts Manager)
Windows Management Instrumentation
(Event Log and Remote Procedure Call)
Driver Extensions
Audio/Video Conferencing Remote Procedure Call, Security
(RTCAVMCU) Accounts Manager)
Office Communications Server IM HTTP SSL (HTTP, IIS Admin Service,
Conferencing (RTCIMMCU) Remote Procedure Call, Security
Accounts Manager)
Telephony Conferencing Remote Procedure Call, Security
(RTCACPMCU) Accounts Manager)
Office Communications Server Web HTTP SSL (HTTP, IIS Admin Service,
Conferencing (RTCDATAMCU) Remote Procedure Call, Security
Accounts Manager)
(Remote Procedure Call)
Office Communications Server Message Queuing (Message Queuing
Archiving and CDR (RTCLOG) access control, NT LM Security Support
Provider, Remote Procedure Call,
RMCAST (Pgm) Protocol Driver, TCP/IP
Protocol Driver, IPSEC Driver, Security
Accounts Manager)
Office Communications Server A/V Windows Management Instrumentation
Authentication (RTCMRAUTH) (Event Log and Remote Procedure Call)
Office Communications Server A/V Office Communications Server A/V
Access Edge (RTCMEDIARELAY) Authentication
Office Communications Server Windows Management Instrumentation
Access Edge (RTCSRV) (Event Log and Remote Procedure Call)
Driver Extensions
Office Communications Server Web Windows Management Instrumentation
Conferencing Access Edge (Event Log and Remote Procedure Call)
(RTCDATAPROXY)
Office Communications Server Windows Management Instrumentation
Mediation (RTCMEDSRV) (Remote Procedure Call)
Planning Requirements
Before you begin deployment, you need to determine the best deployment path for your
organization. For details, see the Microsoft Office Communications Server 2007 Planning Guide.
Storage Requirements
Consider storage needs for archiving files if you plan to install the Archiving and CDR Server as
described in the Microsoft Office Communications Server 2007 Public Beta Archiving
Deployment Quick Start.
Audio/Video Requirements
The following section summarizes some key requirements for audio/video in an Office
Communications Server deployment:
• We recommend that A/V Conferencing Servers and A/V Edge Servers are deployed on 1GB
Ethernet LAN.
• We recommend that you run the Quality of Server scheduler on each A/V Conferencing
Server or A/V Conferencing Edge Server to monitor audio and video traffic flow across the
network.
• If you anticipate a high volume of audio/video traffic or experience packet loss after you
deploy, use Appendix D “Optimizing Your Network Interface Card” to optimize A/V traffic
flow.
Overview of Standard Edition

Deployment
When you deploy Office Communications Server Standard Edition, you will perform the
following major tasks:
• Prepare Active Directory
• Configure DNS
• Install a Standard Edition Server
• Configure the Standard Edition Server
• Configure Certificates
• Enable A/V and Web Conferencing (optional)
• Enable Enhanced Presence (optional)
• Start the Services
• Validate the Server Configuration
The following sections describe these steps in detail.
Step 1: Prepare Active Directory

Schema, Forest, and Domain
Before you deploy Office Communications Server, you must prepare the Active Directory®
Domain Services. Active Directory preparation includes schema preparation, forest preparation,
and domain preparation. Active Directory preparation happens in an initial deployment, but is not
repeated when you add servers or pools to a deployment. For Active Directory preparation
instructions, see the Microsoft Office Communications Server 2007 Public Beta Active Directory
Guide.
For information about delegating Office Communications Server setup or administration, also see
the Microsoft Office Communications Server 2007 Public Beta Active Directory Guide.
Step 2 Deploy Standard Edition

Server
When you deploy Standard Edition Server, you install all the server components on one physical
computer. You also configure the DNS that enables servers and clients to automatically locate
one another.
2.1 Configure DNS for your Standard Edition

Server
When you deploy Standard Edition Server, Setup creates Active Directory objects and settings
for the server and the SQL Server Express Edition database that is used by the server to store user
data and configuration settings. These Active Directory settings include the server FQDN, which
is composed of the server name and the FQDN of the domain in which the server is deployed.
When you configure client connectivity, this FQDN is registered in DNS.
This section describes the DNS records that you are required to configure and those that you can
optionally configure.
At a minimum, you are required to configure the following DNS records:
• An A record that matches the FQDN of your Standard Edition Server in the internal
DNS to the IP address of the server
Example DNS A Records Required
Active SIP Domain Server FQDN DNS Record(s)
Directory
Domain
Contoso.co contosotest.com server.contoso.com An A record for
m server.contoso.com that
resolves to the IP address
of the server
Contoso.co Contoso.com SEserver.contoso.com An A record for
m SEserver.contoso.com
that resolves to the IP
address of the server
Note
The name of the SIP domain that is served by the Standard
Edition Server can be, but does not have to be, the same as
name of the Active Directory domain. If the SIP domain is
different from the Active Directory domain, create an A record
with the server FQDN that resolves to the IP address of the
server, as shown in the previous examples.
• An A record that matches the IP address of the server to the host name in the internal
URL for Web Conferencing functionality. This A record is required only if during setup
the URL host name is changed from the default (the server FQDN).
Example DNS Records Required for Internal URLs
URL Host Name Server FQDN DNS Record(s)
SEserver.contoso.com SEserver.contoso.c None if you have already created an
om A record for SEserver.contoso.com
that resolves to the IP address of
the server
Meetings.internal.cont SEserver.contoso.c An A record for
oso.com om meetings.internal.contoso.com that
resolves to the IP address of the
server
• An external A record that matches the IP address of the reverse proxy in the perimeter
network to the host name in the external URL for Web Conferencing functionality (as
described in the Microsoft Office Communications Server 2007 Edge Server Deployment
Guide)
Example DNS Record Required for External URLs
URL Host Name Server FQDN DNS Record(s)
Meetings.external.con SEserver.contoso.c An A record for
toso.net om meetings.external.contoso.net that
resolves to the IP address of the
reverse proxy in the perimeter
network of Office Communications
Server edge servers
If clients will manually sign in to Office Communications Server, you do not need to configure
any other DNS records; however, if you plan to enable DNS lookup for clients to automatically
sign in to Office Communications Server, you also need to configure the following DNS records:
• A DNS SRV record for each SIP domain that is served by a Standard Edition Server
• An A record for each SIP domain that is served by a Standard Edition Server
Example DNS Records Required for Automatic Client Logon with
Multiple SIP Domains
SIP Domain DNS A Record DNS SRV Record
Contoso.com An A record for the An SRV record for the
contoso.com domain that contoso.com domain that
resolves to the Standard points to the matching A
Edition Server record
Contosoretail.com An A record for the An SRV record for the
contosoretail.com domain contosoretail.com domain
that resolves to the Standard that points to the matching A
Contosobank.com An A record for the An SRV record for the
contosobank.com domain contosobank.com domain
that resolves to the Standard that points to the matching A
Note
By default, queries for DNS records adhere to strict domain
name matching between the domain in the user name and
that in the SRV record. If you prefer client DNS queries to use
suffix matching instead, you can configure the
DisableStrictDNSNaming group policy.
Client DNS Queries

During DNS lookup, SRV records are queried in the following order:
1. _sipinternaltls._tcp.domain - for internal TLS connections
2. _sipinternal._tcp.domain - for internal TCP connections (performed only if TCP is allowed)
3. _sip._tls.domain - for external TLS connections
4. _sip._tcp.domain - for external TCP connections
If any query succeeds, the client uses the SRV record that is returned and does not continue
querying for any other SRV records.
After the SRV record is returned, a query is performed for the DNS A record for the host name
that is returned by the SRV record. If no records are found during the DNS SRV query, the client
performs an explicit lookup of sip.domain. If the explicit lookup does not produce results, the
client performs a lookup for sipinternal.domain. If the client does not find sipinternal.domain, it
performs a lookup for sipexternal.domain.
If your DNS infrastructure prohibits configuration of these DNS records, you can manually edit
the client registry to point to the appropriate home server. For more information about editing the
client registry and configuring policy settings for the client, refer to Microsoft Office
Communicator 2007 Planning and Deployment Guide.
Create and Verify DNS SRV and A Records for Client Automatic
Sign-In
You must create DNS SRV records in your internal DNS for every SIP domain. The procedure
assumes that your internal DNS has zones for your SIP user domains.
To create a DNS SRV record

1. On the DNS server, click Start, click Control Panel, click Administrative Tools, and then
click DNS.
2. In the console tree for your SIP domain, expand Forward Lookup Zones, and then right-
click the SIP domain in which your Office Communications Server will be installed.
3. Click Other New Records.
4. In Select a resource record type, click Service Location (SRV), and then click Create
Record.
5. Click Service, and then type _sipinternaltls.
6. Click Protocol, and then type _tcp.
7. Click Port Number, and then type 5061.
8. Click Host offering this service, and then type the FQDN of the Standard Edition Server.
9. Click OK.
10. Click Done.
11. After you have created the DNS SRV record, create a DNS A for each server FQDN and
URL FQDN that is not the same as the server FQDN.
To create a DNS A record
1. Click Start, click Control Panel, click Administrative Tools, and then click DNS.
2. In the console tree for your domain, expand Forward Lookup Zones, and then right-click
the domain in which your Office Communications Server will be installed.
3. Click New Host (A).
4. Click Name (uses parent domain name if blank), and then type the name of the Standard
Edition server.
5. Click IP Address, and then enter the IP address of your server. Click Add Host, and then
click OK.
6. Do one of the following:
• If you have created all the A records that you need as described earlier in this document
in “Configure DNS for Your Pool,” skip to the next step.
• To create an additional A record, repeat steps 4 and 5.
7. When you are finished creating all the A records that you need, click Done.
To verify that the required records have been created successfully, wait for DNS replication (if
you have just added the records), and then verify that the records were created as described in the
next procedure.
To verify the creation of a DNS SRV record
Note
For illustrative purposes, the following steps use example.com
as the domain portion of the SIP URI namespace. When
executing these steps, use your actual SIP domain name
instead.
1. Log on to a client computer in the domain.

2. Click Start, and then click Run. In the Open box, type cmd, and then click OK.
3. At the command prompt, type nslookup, and then press ENTER.
4. Type set type=srv, and then press ENTER.
5. Type _sipinternaltls._tcp.example.com, and then press ENTER. The output displayed for
the TLS record is as follows:
Server: <dns server>.corp.example.com
Address: <IP address of DNS server>
Non-authoritative answer:
_sipinternaltls._tcp.example.com SRV service location:
priority = 0
weight = 0
port = 5061
svr hostname = servername.example.com
servername.example.com internet address = <IP address of Standard
Edition server>
6. When you are finished, at the command prompt, type exit, and then press ENTER.
After you configure the DNS records, verify that the FQDN of the Standard Edition Server can
be resolved by DNS.
To verify that the FQDN of the Standard Edition Server can be resolved
1. On a client computer in the domain, click Start, and then click Run.
2. In the Open box, type cmd, and then click OK.
3. At the command prompt, type ping <FQDN of the Standard Edition server>, and then
press ENTER.
4. Verify that you receive a response similar to the following, where the IP address returned is
the IP address of your Standard Edition server.
Reply from 172.27.176.117: bytes=32 time<1ms TTL=127
2.2 Deploy Office Communications Server

Standard Edition
Use the following procedure to deploy Office Communications Server Standard Edition. Before
you deploy the server, ensure that IIS is installed as described earlier in this document in
“Infrastructure Requirements and Prerequisites.” Setup automatically installs Microsoft SQL
Server 2005 Express Edition with SP2, MSXML 6.0 Parser, and the Microsoft .NET Framework
2.0. You do not need to install them separately.
To deploy Office Communications Server Standard Edition
1. Log on the server where you want to install Standard Edition Server as a member of the
DomainAdmins and the RTCUniversalServerAdmins groups.
2. Insert the Microsoft Office Communications Server 2007 CD. The Deployment Tool will
start automatically. If you are installing from a network share, go to the \I386 folder, and
then double-click Setup.exe.
3. Click Deploy Standard Edition Server.
4. At Deploy Server, click Run.
5. On the Welcome to the Deploy Server Wizard page, click Next.
• To accept the default location where the files will be installed, click Next.
• To install the files at another location, click Browse, browse to the location where you
want the files to be installed, and then click Next.
6. On the Location for Server Files page, do one of the following:
7. On the Main Service Account for Standard Edition Server page, enter a new or existing
service account to use to run the core Office Communications Server service on this server,
and then enter the password. The default account is RTCService. For a new account, ensure
that you use a strong password that meets your organization’s Active Directory password
requirements. When you are finished, click Next to continue.
WARNING
When you create a new account, activation may fail until the
account has been replicated in Active Directory. If this
happens, wait until the account has been replicated, and then
try again.
8. On the Component Service Account for this Standard Edition Server page, enter a new
or existing service account to use to run the A/V Conferencing Server and Web Conferencing
Server components on this server, and then enter the password. The default account is
RTCComponentService. For a new account, ensure that you use a strong password that
meets your organization’s Active Directory password requirements. When you are finished,
click Next to continue.
9. On the Web Farm FQDNs page, do one or more of the following:
• Verify that Internal web farm FQDN displays your server FQDN. This URL is used by
internal users for client download of Web conference content and distribution group
expansion.
• To enable external access to Web conferences, under External web farm FQDN
(optional), enter the external FQDN of the reverse proxy. This URL is used by external
users for client download of conference content and distribution group expansion. You
can configure the reverse proxy. For details, see the Microsoft Office Communications
Server 2007 Public Beta Edge Server Quick Start.
10. When you are finished, click Next.
11. On the Location for Database Files page, accept the default directories for user database
and transaction log files, and then click Next.
Note
Setup automatically detects the best location for the files. If
possible, place each database and transaction log file on a
separate physical disk to improve performance. Do not place
these files on the system disk or page file.
12. On the Ready to Deploy Standard Edition Server page, review the settings you specified.
When you are satisfied with them, click Next to deploy Standard Edition Server.
13. When the wizard has completed, verify that the View the log when you click ‘Finish’ check
box is selected, and then click Finish.
14. In the log file, verify that <Success> appears under the Execution Result column. Look for
<Success> Execution Result at the end of each task. Close the log window when you finish.
2.3 Configure Standard Edition Server

After you have deployed your Standard Edition Server, you can use the Configure Server
Wizard to configure the SIP domains used in your organization.
Note
In Office Communications Server 2007, the Address Book
Server is configured automatically. For information about
changing Address Book Server settings, see the Microsoft
Office Communications Server 2007 Public Beta
Administration Guide
To configure Office Communications Server Standard Edition

1. In the deployment tool, click Deploy Standard Edition Server.
2. At Configure Server, click Run.
3. On the Welcome to the Configure Pool/Server Wizard page, click Next.
4. On the Server or Pool to Configure page, select the server from the drop-down list, and
then click Next.
5. On the SIP domains page, verify that your SIP domain appears in the list box. If it does not,
click the SIP domains in your environment box, type your SIP domain, and then click
Add. Repeat these steps for all other SIP domains that the Standard Edition Server will
support. When you are finished, click Next.
6. On the Client Logon Settings page, do one of the following:
• If the Communicator and Live Meeting clients in your organization will use DNS to
locate the pool, click Some or all clients will use DNS SRV records for automatic
logon.
If this server or pool will also be used as a Director for automatic logon and will not host
users, then select the Use this server or pool as a Director for automatic logon check
box.
• If the Communicator clients in your organization will not use DNS to logon to the pool
and you plan to manually configure clients to connect to the pool, click Clients will be
manually configured for logon.
8. On the SIP Domains for Automatic Logon page, do one of the following:
• If in the previous step you selected Some or all clients will use DNS SRV records for
automatic logon, select the check box for the domains that will be supported by the
server for automatic sign-in, and then click Next.
• If, in the previous step, you selected Clients will be manually configured for logon,
skip to the next step.
9. On the External User Access Configuration page, do one of the following:
• If you have deployed your edge servers and configured all necessary settings as
described in the Microsoft Office Communications Server 2007 Edge Server Quick Start
Guide, click Configure for external user access now. Refer to the edge server
document for details on completing this wizard.
• If you have not deployed any edge servers, click Do not configure for external user
access now.
• If, in the previous step, you selected Configure for external user access now, refer to
the Microsoft Office Communications Server Edge Server Quick Start Guide for details
on completing the wizard.
• If, in the previous step, you selected Do not configure for external user access now,
skip to the next step.
12. On the Ready to Configure Server or Pool page, review the settings that you specified, and
then click Next to configure the Standard Edition Server.
13. When the files have been installed and the wizard has completed, verify that the View the
log when you click ‘Finish’ check box is selected, and then click Finish.
<Success> Execution Result at the end of each task to verify Standard Edition Server
configuration completed successfully. Close the log window when you finish.
Additional SIP server, domain, and forest settings can be configured by using the instructions in
the Microsoft Office Communications Server 2007 Public Beta Archiving Deployment Quick
Start or the Microsoft Office Communications Server 2007 Public Beta Edge Server Quick Start.
Procedures for configuring SIP user settings are in the “Configure Users” section of this
document.
2.4 Configure Certificates

Office Communications Server requires certificates on each Standard Edition Server in order to
use MTLS (TLS with mutual authentication). All Office Communications Servers use MTLS to
communicate with one another. If you do not configure MTLS on each server, users may be able
to log in to Office Communications Server and view other users’ presence, but IM
communication will not work.
Each client will also need to trust the certificate that the server is using in order to connect to the
server by using TLS. You can use the Certificates Wizard on a Standard Edition Server to do the
following:
• Request, create, and assign a new Web certificate with enhanced key usage for server
authentication.
• Assign an existing certificate.
You can use the same certificate for the Web Components Server, but the certificate for the Web
Components Server must be assigned separately in IIS. You cannot use the Certificates Wizard
to the assign the certificate to the Web Components Server. Instead, the certificate must be
manually assigned.
Note
For more information about certificate request scenarios, see
Appendix C.
To configure a new certificate

1. Log on to your Standard Edition Server as a member of the Administrators group.
then double-click setup.exe.
4. At Configure Certificate, click Run.
5. On the Welcome to the Communications Certificate Wizard page, click Next.
6. On the Available certificate tasks page, click Create a new certificate, and then click
Next.
7. On the Delayed or Immediate Request page, click Send the request immediately to an
online certification authority, and then click Next.
8. On the Name and Security Settings page, do the following:
• Under Name, enter a meaningful name for the certificate that this server will use for
Office Communications Server communications.
• Under Bit length, select the bit length that you want to use for encryption. A higher bit
length is more secure, but it can degrade performance.
• Clear the Mark cert as exportable check box.
10. On the Organization Information page, type or select the name of your organization and
organizational unit, and then click Next.
11. On the Your Server’s Subject Name page, do the following:
• In Subject Name, verify that the server FQDN is displayed.
• Optionally, click Subject Alternate Name, and then type the alternate name(s) that
identify the server during authentication.
Note
There are several scenarios that require you to configure a
certificate Subject Alternate Name:
• If your SIP domain is different from the Active Directory
domain, add the FQDN of the SIP domain as the Subject
Alternate Name.
• If the internal FQDN that you plan to use for the Web
Components Server is different from the external FQDN
and you plan to configure the reverse proxy in the
perimeter network for tunneling, add the external FQDN
as the Subject Alternate Name.
• To include the local computer name on the list of alternate names that identify the server
during authentication, select the Automatically add local machine name to the
Subject Alt Name check box.
13. On the Geographical Information page, enter the Country/Region, State/Province, and
City/Locality. Do not use abbreviations. When you are finished, click Next.
14. On the Choose a Certification Authority page, select your certification authority (CA)
from the dropdown list or type the name of your CA in the Certification Authority box. If
you type an external CA name, a dialog box appears. Type the user name and password for
the external CA, and then click OK. When you are finished, click Next.
15. On the Request Summary page, review the settings that you specified, and then click Next.
16. On the Certificates Wizard completed successfully page, click Assign.
17. A dialog box displays informing you that the settings were applied successfully. Click OK.
18. Click Finish.
To configure an existing certificate
1. Log on to the Standard Edition Server using as a member of the Administrators group.
then double-click Setup.exe.
4. At Configure Certificate, click Run.
5. On the Welcome to the Communications Certificate Wizard page, click Next.
6. On the Available certificate tasks page, click Assign an existing certificate, and then click
Next.
7. On the Available Certificates page, click the certificate that you want to assign to the server,
and then click Next.
8. On the Available certificate assignments page, do the following:
• To assign the certificate to all the server components on the local computer, select the
Default Server Certificate check box.
• To assign the certificate to a specific transport and port, select the check box that
corresponds to the desired transport, port, and listening address combination. If you
have more than one Office Communications Server in your environment, you must
select the check box to assign a certificate, which may be different from the one that you
use as the default server certificate, to the MTLS listening address.
Note
If (Have certificate) is displayed next to any of the entries
on the Available certificates assignments page, a
certificate is already configured. If you proceed, the certificate
you choose will be used instead of the one that is already
configured.

10. On the Configure the certificate settings of your Server page, review the certificate
assignments, and then click Next to assign the certificate.
11. Click Finish.
Assign the Web Components Server (IIS) Certificate
Assign the certificate to the Web Components Server by using the Internet Information Services
(IIS) Manager.
To assign the certificate to the Web Components Server (IIS)
1. Log on to the server as a member of the Administrators group.
2. Click Start, click Control Panel, click Administrative Tools, and then click Computer
Management.
3. Expand the Services and Applications node, and then expand the Internet Information
Services (IIS) Manager node.
4. Expand the Web Sites node, right-click Default Web Site, and then click Properties.
5. Click the Directory Security tab.
6. Under Secure communications, click Server Certificate.
7. On the Welcome to the Web Server Certificate Wizard page, click Next.
8. Click Assign an existing certificate, and then click Next.
9. Select the certificate that you requested using the Certificates Wizard, assuming the
certificate matches the name of the Web Components Server or pool, and then click Next.
10. On the SSL Port page, verify that port 443 will be used for SSL, and then click Next.
11. Review the certificate details, and then click Next to assign the certificate.
12. Click Finish to exit.
13. Click OK to close the Default Web Site Properties page.
2.4 Enable A/V and Web Conferencing

Note
Instant messaging and presence are enabled by default when
you deploy Office Communications Server. If you want to
support only instant messaging and presence features, you
can skip this task and continue to the next deployment task.
In Office Communications Server, conferencing enables Office Communications Server users to

organize and invite other users to on premise Web conferences. Use global properties to enable
conferencing and to configure conferencing settings.
Global meeting policies define the features that your users can access in the Web conferences that
they organize. By default, all users are configured to use the default meeting policy. The default
meeting policy prevents users from organizing the following types of Web conferences:
• Conferences that are external and include external users as participants
• Conferences that use video
Meeting policies apply to users when they organize conferences, but not when they attend
conferences.
Every meeting policy lists the same features, which are shown in Table 1, but the features can be
configured differently for each meeting policy.
Table 1. Policy settings for Web conferences
Policy setting Description
Policy name A name that you specify. We recommend that the
name describe the purpose of the policy.
Maximum meeting The maximum number of participants that an
size organizer’s conference can admit. An
organization can invite more participants than
the maximum meeting size, but after attendance
reaches the maximum meeting size, no one else
is permitted to join the conference.
Enable Web Enables conferencing using Office
conferencing Communications Server.
Use native format When selected, when a presenter makes a slide
for PPT files deck active, then each attendee’s Microsoft
Office Live Meeting 2007 client automatically
downloads the Microsoft Office PowerPoint®
presentation in its native format as well as the
converted portable network graphics (PNG) files.
If cleared, when a presenter makes a slide deck
active, each Live Meeting 2007 client
automatically downloads only the converted PNG
files.
By default, native PowerPoint format (.ppt) is
used. When a user uploads PowerPoint content, it
is converted to .png files that the server renders.
PNG files are similar to bitmaps. If you do not use
native PowerPoint format, the original source is
unavailable and cannot be changed. Attendees
also cannot see any active content or animation.
Preventing native format increases security
because the original source is unavailable and
cannot be modified.
Furthermore, when Use native format for PPT
files is selected, the PowerPoint data is available
only for the duration of the conference.
Policy setting Description
Enable program If selected, presenters in a Web conference can
and desktop share applications or an entire desktop with other
sharing participants. The presenter can allow all
participants with Active Directory accounts to
take control of the organizer’s desktop or a
program that is running on the desktop.
Under Select settings for non-Active
Directory users, you can select the sharing
settings that apply to federated and anonymous
users. The following options are available:
1. Never allow control of shared programs or
desktop
2. Allow control of shared programs
3. Allow control of shared programs and
desktop
Color depth The range of colors that will be used to display
slides and other conference content.
Allow presenter to If selected, presenters in a Web conference can
record meetings record the conference data, audio, and video for
later viewing.
Presenter can allow If selected, presenters can allow conference
attendees to attendees to record conferences locally for later
record meetings personal viewing.
Enable IP audio Enables audio conferencing (Enterprise Voice)
over TCP (Transport Control Protocol).
Enable IP video Enables audio and video conferencing over TCP
(Transport Control Protocol).
To configure A/V and Web conferencing

1. Click Start, click Control Panel, click Administrative Tools, and then click Office
Communications Server 2007.
2. Right-click the Forest node, click Properties, and then click Global Properties.
3. Click Meetings, and then do one of the following:
• To allow the selected users to organize Web conferences that include anonymous
participants, click Anonymous participants, and then click Allow users to invite
anonymous participants.
• To prevent the selected users from organizing Web conferences that include anonymous
participants, click Anonymous participants, and then click Disallow users from
inviting anonymous participants.
• To allow only some users to organize Web conferences that include anonymous
participants, click Anonymous participants, and then click Enforce per user. Ensure
that you follow the procedures in “Configure Users,” later in this document, to enable or
disable this feature for individual users.
Important
By default, all users are allowed to organize Web conferences
that include anonymous participants.
4. In the Policy Definition list, click the name of a policy, and then click Edit.
5. In the Edit Policy dialog box, select the Enable Web conferencing check box. Change any
or all of the settings shown in Table 1, and then click OK.
6. Click Apply.
7. After you finish editing the features that are enabled by each policy, decide which policy to
apply to Web conferences organized by users. Do one of the following:
• To apply the same policy to all users, click Global policy, and then click the name of
the policy that defines the features you want to enable for all users.
• To apply different policies to different users, click Global policy, and then click Use per
user policy. Ensure that you follow the procedures in the “Configure Users” section of
this document to configure the meeting policy for individual users.
8. When you are finished, click OK.
For more information about administering Web conferencing features, refer to the Microsoft
Office Communications Server 2007 Public Beta Administrator Guide.
If you expect heavy audio/video traffic in your environment, you can optimize your network
interface card settings to accommodate this volume. See Appendix D in this document for more
information.
2.5 Start the Services

Confirm that the Active Directory changes have replicated before you start the services. For more
information about the Active Directory changes that occur when you deploy Office
Communications Server, see the “Active Directory Schema Extensions” section of the Office
Communications Server 2007 Public Beta Active Directory Guide.
To start the services
2. At Start Services, click Run.
3. On the Welcome to the Start Services Wizard page, click Next.
4. Click Next again to start the services.
5. When the wizard has completed, verify that the View the log when you click ‘Finish’ check
<Success> Execution Result at the end of each task to verify each service on the Standard
Edition Server started successfully. Close the log window when you finish.
Note
If a service does not respond to the wizard in a timely fashion,
the log file will show that a service did not start successfully. If
the log file shows that one or more services failed to start, run
the Start Services Wizard again.
2.6 Validate Your Server Configuration

After you deploy the server and configure the certificates, verify that the server is correctly
configured.
To validate your server configuration
1. Log on to a server in your domain as a member of the RTCUniversalServerAdmins group.
2. In the deployment tool, at Validate Server Functionality, click Run.
3. On the Welcome to the Communications Validation wizard page, click Next.
4. On the Select validation steps page, select what you want to validate by doing the
following:
• To validate that the Office Communications Server is configured correctly, select the
Validate Local Server Configuration check box.
• To verify that the Office Communications Server has connectivity to the back-end
database, the Web Conferencing Server, and the A/V Conferencing Server, select the
Validate Connectivity check box.
• Clear the Validate SIP Logon (1-Party) and IM (2-Party) check box.
Note This option determines whether your enabled users can log
on. You can rerun the Validation Wizard and select this task
after you have created and enabled users for Office
Communications Server.

6. When the wizard completes, verify that the View the log when you click ‘Finish’ check box
is selected, and then click Finish.
<Success> Execution Result at the end of each task. Close the log window when you finish.
You can perform additional validation of server functionality by using the steps described in
“Validation and Troubleshooting Hints” later in this document.
Step 3 Create and Enable Users

After you have deployed and configured your Standard Edition Server, you must create users and
then enable them for the Office Communications Server features that you want them to use.
3.1 Create and Enable Users for Office

Communications Server
The following procedures are required to create user accounts in Active Directory and to add
these users to the Standard Edition Server. Office Communications Server periodically requests
and stores user information from Active Directory.
To create user accounts
1. Log on as a member of the DomainAdmins group to your Standard Edition Server or
another server in the same Active Directory domain that has the Office Communications
Server administration tools installed.
2. Click Start, and the click Run. In the Open box, type dsa.msc, and then click OK.
3. Expand your SIP domain, right-click the Users container or another container where you
want to create your users, click New, and then click User.
4. Complete the New Object - User wizard.
After you create users in Active Directory, enable the users so that they can connect to Office
Communications Server.
To enable users for Office Communications Server
1. Right-click the new user or users whom you want to enable for Office Communications
Server, and then click Enable users for Communications.
2. On the Welcome to the Enable Users Wizard page, click Next.
3. On the Select a Pool page, select the Standard Edition Server from the list, and then click
Next.
4. On the Specify Sign-in Name page, specify how to generate the SIP address by doing one of
the following:
• To generate the SIP address from the user’s e-mail address, click Use user’s e-mail
address. Select this option only if you have configured an e-mail address for your users.
• To generate the SIP address from the user’s principal name, click Use
userPrincipalName.
• To generate the SIP address using the user’s full name, click Use the format: <first
name>.<lastname>@, and then select the Office Communications Server domain.
• To generate the SIP address using the user’s SAM account, click Use the format:
<SAMAccountName>@, and then select the Office Communications Server domain.
6. Verify that the user or users were enabled successfully, and then click Finish.
8. Expand the forest node and the pool node, and then click Users.
9. Confirm that the users you successfully enabled for Office Communications Server are
listed.
Refer to Microsoft Exchange Server documentation to create a mailbox for the users to receive
Web conference invites.
3.2 Wait for User Replication to Complete

Before you try to test or verify any end user functionality, verify that the changes you made to
enable users have been replicated by the Office Communications Server User Replicator.
Replication has succeeded when you see event ID 30024 in the event log.
3.3 Enable Enhanced Presence

Office Communications Server provides the infrastructure to enable client applications to publish
and subscribe to extended, or enhanced, presence information. The enhanced presence
infrastructure includes categories and containers. Categories are collections of presence
information, such as status, location, or calendar state. Containers are logical buckets into which
clients publish instances of various categories of presence information.
Important
If you enable enhanced presence for a user and the user signs
in to Office Communications Server by using the Office
Communicator 2007 client, the user account is converted to
use enhanced presence. The user will then no longer be able
to sign in to Live Communications Server 2005 with SP1 and
cannot use any previous version of Communicator to sign in.
This means that the user will also not be able to sign in by
using Communicator Web Access or Communicator Mobile.
To enable enhanced presence for a single user

2. In the console tree, expand Communications Standard Edition Servers.
3. Expand the pool that contains the user you want to enable for enhanced presence, and then
click Users.
4. In the details pane, right-click the user, and then Properties.
5. In the Properties dialog box, click Configure.
6. In the User Options dialog box, select the Enable enhanced presence check box.
7. When the enabling enhanced presence message is displayed, read the information, and then
click Yes to complete the enabling of enhanced presence for the user.
You can enable enhanced presence for multiple users as part of the configuration process
described in the following section.
3.4 Configure Users

Procedures to configure global meeting settings are included in the “Configure A/V and Web
Conferencing” section of this document. All other user configuration settings are described in this
section. Ensure that the global settings for desired features are such that they can be configured
for individual users.
To configure users for Office Communications Server
2. Expand the Forest node and the Pool node, and then click Users.
3. Right-click the user or users that you want to configure, and then click Configure users.
4. On the Welcome to the Configure Users Wizard page, click Next.
5. Select the check boxes for the features that you want to configure for the selected user or
users: Federation, Remote access, Public IM, Enhanced Presence, Archive internal
messages, and Archive federated messages, and then select the option that indicates
whether or not you want to enable that feature for the users that you want to configure:
Enable or Disable. When you are finished, click Next.
Note
If you want to configure archiving, ensure that you have
deployed the Archiving and CDR Server according to the
procedures in the Microsoft Office Communications Server
2007 Public Beta Archiving Deployment Quick Start.

• If, on the Meetings tab of global properties, you set the Anonymous participants
setting to Allow users to invite anonymous participants or Disallow users from
inviting anonymous participants, click Next.
• If, on the Meetings tab of global properties, you set the Anonymous participants
setting to Enforce per user, then select the Organize meetings with anonymous
participants check box, and then click Allow or Disallow. When you are finished, click
Next.
7. Do one or more of the following:
Note
By default, all users are allowed to organize Web conferences
that include anonymous participants.
• If, on the Meetings tab of global properties, you set the Global policy setting to a
specific policy, click Next.
• If, on the Meetings tab of global properties, you set the Global policy setting to Use per
user policy, then select the Change meeting policy check box. In the Select a meeting
policy for the users list, click the name of the policy you want to apply to the select
user(s). When you are finished, click Next.
8. Do one or more of the following:
• To enable Enterprise Voice and configure the Enterprise Voice policy that will be applied
to the selected users, select the Change Voice Settings check box, and then select the
Enable Voice check box. In the Select a Voice policy for the users list, click the name
of the policy you want to apply to the selected users, and then click Next.
• To view the Enterprise Voice features that are enabled by an Enterprise Voice policy
before you apply the policy, select the Change Voice Settings check box, and then
select the Enable Voice check box. In the Select a Voice policy for the users list, click
the name of the policy you want to view, and then click View. Click OK to close the
Add or Edit Policy dialog box. Choose a policy from the list, and then click Next.
• If the global setting for Enterprise Voice policy is not set to Use per user policy, you
cannot change the Enterprise Voice policy for the selected users. Click Next to continue.
For more information about Enterprise Voice
policies, see the Microsoft Office Communications
Server 2007 (Public Beta)Enterprise Voice Planning
and Deployment Guide.
Note
In order to configure a particular Enterprise Voice setting for a
specific user, the corresponding setting under the forest’s
Enterprise Voice Properties must be configured to allow
enforcement on a per user basis.
9. Verify the status of each user configuration operation, and then click Finish to close.
Step 4 Deploy the Office

Communicator Client
Install and configure Microsoft Office Communicator 2007 on each client in your organization.
Users of Communicator 2005 can still sign in after they are hosted on an Office Communications
Server, but there are important considerations if you choose to have users running both
Communicator 2005 and 2007 in your environment. See the Office Communications Server 2007
Planning Guide and the Migrating to Communications Server 2007 guide for more details.
4.1 Deploy Communicator

After you download the Communicator.msi file, you can deploy Office Communicator in two
ways:
• For users who are a member of the Administrators group on their own computer, let them
download Communicator and install it themselves.
• Distribute Communicator by deploying the Windows Installer package (.msi) as you would
any other .msi file.
To install Communicator
1. Download Communicator.msi, and then double-click it.
2. On the Welcome to Microsoft Office Communicator 2007 Setup page, click Next.
3. Review the license agreement, and then click I accept the terms in the License Agreement
if you agree to the terms of installation. (Required to continue installation.) Click Next to
continue.
4. On the Configure Microsoft Office Communicator 2007 page, accept the default directory
or click Browse and browse to another directory. When you are finished, click Next.
5. When the wizard has completed, click Finish.
4.2 Configure Client Logon

After the DNS records have been configured, you can configure client computers to
automatically connect to the Standard Edition Server. Use the following procedure on each client
to enable your users to connect to Office Communications Server.
To configure automatic connectivity for Office Communicator clients
1. Open Microsoft Office Communicator.
2. Click Tools, and then click Options.
3. On the Personal tab, click Advanced, and then click Automatic Configuration.
4. Click OK, and then click OK again.
4.3 Test Office Communications Server

Configuration for Office Communicator
To test the Office Communications Server configuration for Office Communicator, you can use
the Validation Wizard. You can also test the Office Communications Server configuration for
Communicator by signing in to Office Communicator on two computers by using two different
accounts that you have created on the server and then sending messages from one client to the
other.
To test Office Communications Server configuration for Office
Communicator clients using the Validation Wizard
1. Log on to a server in your domain as a member of the RTCUniversalServerAdmins group.
3. At Validate Server Functionality, click Run.
4. On the Welcome to the Communications Validation Wizard page, click Next.
5. To verify that enabled users can log on, select the Validate SIP Logon (1-Party) and IM (2-
Party) check box.
6. On the User Account page, enter a user name, sign-in name, and password of a test user or
another user enabled for Office Communications Server.
7. In Server or Pool, select the server where the user is hosted. When you are finished, click
Next.
8. On the Second user account page, enter a user name, sign-in name, and password of another
test user (another user enabled for SIP). This account will be used with the first account you
specified to test IM functionality between two users.
9. In Server or Pool, select the server where the user is hosted. When you are finished, click
Next.
10. If you have configured federation or public IM connectivity, on the Option to validate
federation or public IM cloud page, click Test between internal user and federated
partner users, and then type the SIP URI of a federated user account with which you want
to test this functionality. Otherwise, clear the check box.
11. Click Next.
12. When the wizard completes, verify that the View the log file when you click ‘Finish’ check
<Success> Execution Result at the end of each task to verify that the server was added
successfully to the Standard Edition Server. Close the log window when you finish.
To sign in and test Communicator
1. Log on to a client computer as a member of the Administrators group.
2. Click Start, click Programs, and then click Microsoft Office Communicator 2007.
3. Click your name, click Options, and then click the Personal tab.
4. Click Sign-in name, and then enter your SIP account.
• If you configured automatic sign-in, click OK.
• If you did not configure automatic sign-in, click Advanced, and then click Configure
settings. To test access to the server from inside your organization, click Internal
Server name or IP address, and then type the internal Enterprise pool FQDN or IP
address. To test access to the server from outside your organization, click External
Server name or IP address, and then type the external Enterprise pool FQDN or IP
address. Then, click TCP if you configured the server so that clients can connect by
using TCP or click TLS if you configured the server so that clients can connect only by
using TLS. When you are finished, click OK, and then click OK again.
6. Click Sign in.
7. In Sign-In Account, click Sign-in name, and then click OK.
8. Repeat steps 1 through 7 on a second client computer.
9. On the first computer, click Type a name or phone number, and type the full SIP URI of
the account that is logged in on the second computer.
10. In the results list, double-click the name of the user logged in on the second computer.
11. Type a message, and then press ENTER.
12. On the second computer, verify that the message was received, and then type a message and
press ENTER.
13. On the first computer, verify that the message was received.
Step 5 Deploy the Live Meeting 2007

Client
Web conferences require the Microsoft Office Live Meeting 2007 client. For detailed information
regarding Live Meeting 2007 client deployment, see Deploying the Microsoft Office Live
Meeting 2007 (Public Beta) Client with Office Communications Server 2007.
5.1 Deploy the Live Meeting Client

You can deploy the Microsoft Office Live Meeting 2007 client in the following ways:
• Distribute the Live Meeting client by using the client Windows Installer package (.msi file),
and then distributing it as you would any other .msi file.
• Have end users download the Live Meeting client. (A user must be a member of the
Administrators group to install the client.)
Distributing the Meeting Client to Client Computers

To deploy the Live Meeting client, download and run the installer package by using your
organization’s preferred deployment method, for example, Systems Management Server (SMS),
an Active Directory Group Policy, a scripted deployment, or any third-party software that
supports .msi-based deployment.
Supporting End User Downloads of the Live Meeting Client
Installer File
By default, Web conference invitations will connect users to the Microsoft Download Center to
download the current version of the Live Meeting client installer file.
Note
If you are using Microsoft Windows XP Service Pack 2 (SP2),
the information bar on the Windows Internet Explorer®
Internet browser can be configured to display when potentially
dangerous actions on a Web page have been blocked, such as
attempts to install software on the computer.
When the installer for the Live Meeting client attempts to run,
the information bar can show that the attempt was blocked.
You must click the information bar to permit the installation to
succeed, or you can click the link to install on the Web page, if
it is there.
To install the Live Meeting 2007 client

1. Log on to a client computer in the domain as a member of the Administrators group.
2. In a Web conference invitation, click the link to download the Live Meeting client, or
download LMConsole_en_us.msi, and then double-click it.
3. If you are prompted to run the Setup program from the server or to download it to your
computer, click Run.
4. If you are prompted with a confirmation message that indicates the name of the setup
program file and the name of the software publisher, verify that the file is from Microsoft,
and then click Run.
The Live Meeting client will be installed without requiring additional input. When the installer is
finished, its window disappears.
5.2 Deploy the Outlook Add-in

The Outlook Add-in is required for users to schedule Web conferences by using the Microsoft
Office Outlook® messaging and collaboration client. After you deploy the Live Meeting client,
deploy the Outlook add-in using the Outlook add-in Windows Installer file (.msi), and then
distributing it as you would any other .msi file.
Note
Microsoft Office Outlook must already be installed on the
computer where you install the Outlook add-in.
To deploy the Live Meeting 2007 Outlook add-in

1. Download LMAddinPack.msi, and then double-click it.
2. Click Run.
3. On the Microsoft Office Live Meeting Add-in Pack page, click Next to begin installation.
4. When the wizard has completed, click Finish.
You must restart Outlook to use the add-in.
5.3 Customize Meeting Invitations

In Web conference invitations, you can customize the following:
• The support page URLs (internal and external)
• The organization name that appears in the URLs
In Web conference invitations, there is a link for users to download and install the Live Meeting
2007 client. The client download URL is hosted by Microsoft.
Meeting invitations also include a link to a support page. By default, the support page is hosted
by Microsoft, but you can host your own support page on server running the Web Components
Server or on your own Web server.
To host the Live Meeting 2007 client support page using the Web
Components Server
1. Log on to the Office Communications Server running the Web Components Server.
2. Click Start, click Control Panel, click Administrative Tools, and then click Computer
Management.
3. Expand the Services and Applications node, and then expand the Internet Information
Services (IIS) Manager node.
4. Expand the Web Sites node, expand the Default Web Site node, and then click Conf.
5. In the details pane, verify the value of the Path for Int and Ext.
6. Create a Web page (in static HTML format) that provides support information to users of the
Live Meeting 2007 client.
7. Copy the Web page that you created to the folders named in step 5.
Note
After you copy the Live Meeting 2007 client support page to
the appropriate locations, verify the following:
• The URL that internal users will use to view the client
support page works inside the corporate network only.
• The URL that external users will use to view the client
support page works from outside the corporate network.
9. Expand the forest node, right-click the pool node, click Properties, and then click Web
Component Properties.
10. Click the Meeting Invites tab.
11. Under Help desk URL, click Internal, and then type the URL that internal users will use to
view the client support page.
12. Click External, and then type the URL that external users will use to view the client support
page.
13. When you are finished, click Apply, and then click OK.
To host the Live Meeting 2007 client support page on a Web server
1. Log on to the Office Communications Server where you want to host the Live Meeting 2007
client support page.
2. Create a Web page (in any format) that provides support information to users of the Live
Meeting 2007 client.
3. Copy the Web page to a Web folder under the default IIS Wwwroot directory that internal
users will access and to a folder that external users will access. For example, if you copy an
HTML Web page to “C:\Inetpub\wwwroot\meetings\support\int”, the default URL will be
https://<FQDN of the Standard Edition Server>/meetings/support/int/<filename>.html.
Note
After you copy the installer file to the appropriate locations,
verify the following:
• The URL that internal users will use to download the file
works inside the corporate network only.
• The URL that external users will use to download the file
works from outside the corporate network.
5. Expand the forest node, right-click the pool node, click Properties, and then click Web
6. Click the Meeting Invites tab.
7. Under Help desk URL, click Internal, and then type the URL that internal users will use to
view the client support page.
8. Click External, and then type the URL that external users will use to view the client support
page.
9. When you are finished, click Apply, and then click OK.
You can also change the name of the organization that appears in the links in the Web conference
e-mail invitation.
To change the organization name in Web conference invitations
2. Expand the Forest node, right-click the Pool node, click Properties, and then click Web
3. On the General tab, click Organization, and then type the name of your organization.
4. Click OK to close the Properties page.
5.4 Set Up a Test Meeting

After you install the Live Meeting client and the add-in, you can test the Office Communications
Server configuration for Live Meeting by setting up a test conference.
To set up a test conference
1. Open Microsoft Office Outlook.
2. In the Microsoft Office Live Meeting dialog box that indicates the add-in was successfully
installed, click OK.
3. Close Outlook, and then restart it to initialize the add-in.
4. On the Conferencing menu, Configure Providers.
5. In the User Accounts dialog box, click Sign-in name, and then type your SIP account.
6. Click Test Connection.
• If the Microsoft Office Live Meeting dialog box appears because the client is able to
successfully establish a connection to the server, click OK, and then skip to step 10 to
continue.
• If the Error - Microsoft Office Live Meeting dialog box appears because the client is
unable to establish a connection to the server, click OK, and then click Advanced.
8. Select the Use these servers check box, and then do one of the following:
• To test access to the server from inside your organization, click Internal Server name
or IP address, and then type the internal Enterprise pool FQDN or IP address. Then,
click TCP if you configured the server so that clients can connect using TCP, or click
TLS if you configured the server so that clients can connect using only TLS.
• To test access to the server from outside your organization, click External Server name
or IP address, and then type the external Enterprise pool FQDN or IP address. Then,
click TCP if you configured the server so that clients can connect using TCP, or click
TLS if you configured the server so that clients can connect using only TLS.
9. Select the Use the following user name and password check box. Click User name and
type your domain and user name in the following format: domain\username. Click
Password, and then type your domain password. When you are finished, click OK.
10. Click OK to close the User Accounts dialog box.
11. In Outlook, click Schedule a Live Meeting in the toolbar.
12. In the e-mail template, click To, and then type the e-mail address of another user that is
enabled for Office Communications Server. Click Subject, type a name for the conference,
and then click Send.
13. When the recipient gets the e-mail for the scheduled Live Meeting, open the e-mail on both
clients, and then click the Join the meeting link.
14. The Live Meeting client appears.
Note
If the Live Meeting client is not already installed and
configured on the second client, steps 4 through 10 of client
configuration may be required on the second computer.
15. If required, on both computers, click Meeting ID, and then enter the meeting ID that is
specified in the e-mail. Click Entry Code, type the entry code specified in the e-mail, and
then click Join.
16. When in the Web conference, click the Attendees list and verify that both users are listed.
17. Test other Web conferencing features by using the instructions in the Microsoft Office Live
Meeting 2007 (Public Beta) Getting Started Guide.
Validation and Troubleshooting Hints

ISSUE: Problems signing in with the client To troubleshoot user sign-in issues,
use the Validation Wizard option to test SIP logon. You can also check the following:
• Ensure that the user is actually enabled and configured properly in the Active Directory
Users and Computers snap-in under RTC properties.
• Check for event codes 30021 or 30027 in the Office Communications Server event log.
• Ensure that all users’ SIP Domains (at least the suffix) are reflected in the global settings SIP
Domain list.
• Ensure that all users’ SIP Domains (at least the suffix) are reflected in the global settings SIP
Domain list
• Client computer trusts the Certificate Authority
• Server certificate is configured and is valid for client automatic sign-in (assuming you are
not using manual sign-in). The certificate must match the domain suffix of the end-user’s SIP
URI.
• Office Communications Server Standard Edition service is running.
• Server has permission on the database. Check the SQL database by using SQL Query
Analyzer to ensure that the RTC Server Local Group is a member of the “Server Role” on
the RTC (static) database.
ISSUE: Problems starting the services
At times, the Start Services Wizard reports that there are failures starting the services if one or
more services do not respond in a timely fashion. This can happen even when all services have
started successfully. You can check the application event log to verify the services that have been
started. You can also rerun the Start Services Wizard to verify the results.
ISSUE: Problems using the Web Components Server • If the user receives
an “unauthorized 401” error, verify that the user is enabled for Web conferences in Active
Directory Users and Computers RTC properties.
• If the user receives an error that the server is unreachable, verify that the IIS server is
running. Also verify that the Front End Server on which the Web Components Server is
running has a valid service account and that the Standard Edition Server Front-End service is
enabled and running by using the Service Control Manager.
ISSUE: Client stops responding when joining a conference The certificate on
the server may not be configured correctly. Check the event logs on the client and the server for
events that mention certificate-related issues.
ISSUE: Problems archiving Stop and restart Office Communications Server. Sign out
and then sign in again using Office Communicator, and then try to send an instant message.
Check the Archiving and CDR Server again to see if it is archiving messages.
ISSUE: When attempting to join a Web conference, error message “Conference
join operation was unsuccessful” displays
Web conferencing is disabled by global settings. In order for a user to start or join a Web
conference, Web conferencing must be enabled either globally or for the individual user.
Appendix A: LCSCmd
This section provides sample usage of workarounds that are available during setup only by using
the LCSCmd command-line setup option.
To prepare Active Directory for Communications Server using LCSCmd
1. Log on to the domain controller as a member of the SchemaAdmins group.
2. Insert the Microsoft Office Communications Server 2007 CD.
3. Click Start, and then click Run. In the Open box, type cmd, and then click OK.
4. At the command prompt, type the following, and then press ENTER:
<path\Setup\i386\>LCSCmd.exe /forest[:{forest FQDN}] /action:schemaprep
[/ldf:{location of ldf file}]
5. Type the following, and then press ENTER:
<path\Setup\i386\>LCSCmd.exe /forest[:{forest FQDN}] /action:forestprep
[/global:{Configuration | System}] [/groupdomain:{domain to create universal
groups in}]
6. Type the following, and then press ENTER:
<path\Setup\i386\>LCSCmd.exe /domain[:{domain FQDN}] /action:domainprep
[/pdc:{DNS name of primary domain controller}]
Command-Line Setup Workaround Options
unregSPN - gives you the option to unregister and then reregister the SPN for the service
account that is used to activate the server component.
The unregSPN command-line setup option can be used when you do one of the following:
• Activate the SE server
• Activate the Web Components Server
Example for activation of Standard Edition Server:
<path\Setup\i386\>LCSCmd.exe /server[:{server FQDN}] /action:Activate /role:SE
[/UnRegSpn]
Appendix B: Configuring a
Standalone Certification Authority
Use the following procedure to set up a Microsoft Windows Server 2003 standalone root CA.
To set up a certificate server
1. Log on to your CA server as a member of the DomainAdmins group.
2. Insert the Microsoft Windows Server 2003 CD.
3. Click Start, point to Settings, and then click Control Panel.
4. Double-click Add or Remove Programs.
5. Click Add/Remove Windows Components.
6. Click Application Server, and then click Internet Information Services (IIS).
7. Complete the installation.
8. Click Add/Remove Windows Components.
9. Select the Certificate Services box, and then click Next.
10. Click Standalone root CA, and then click Next.
11. Type the name of the CA root. This name can be a friendly name for the CA root in the forest
root.
12. Change the Time duration to the number of years you plan to use this certificate.
13. Click Next to begin installation.
14. When prompted to stop IIS, click Yes.
15. When prompted with a message about Active Server Pages, click Yes.
16. Click Finish.
Appendix C: Certificate Request

Scenarios
Important
Refer to the certificate instructions in the Microsoft Office
Communications Server 2007 Public Beta Edge Server
Deployment Guide to configure certificates on the Edge
Server.
Use the examples in this section of various server FQDN and URL FQDNs scenarios to help
determine the certificate or certificates that you need to request from your Certification Authority
(CA).
Scenario 1. No External User Support

If you are not supporting external users of any kind, then refer to the following table for the type
of certificates to request:
Example Certificate Requests
Certificatio Standard Edition Internal URL FQDN Certificate(s) to Request
n Authority Server FQDN
(CA) Type
Enterprise, SE01.contoso.co SE01.contoso.com Single certificate for
standalone m Standard Edition Server
, or public and IIS, with a single set
of credentials
Enterprise, SE01.contoso.co Meetings.contoso.co Separate certificates for
standalone m m Standard Edition Server
, or public and IIS, each with its own
credentials
Scenario 2. External User Support

If you are supporting external users, refer to the following table for the type of certificates to
request:
Certificatio Standard Internal URL External URL FQDN Certificate(s) to
n Authority Edition Server FQDN Request
(CA) Type FQDN
Enterprise, SE01.contoso. SE01.contoso.co Meetings.contoso.co Single certificate for
standalone com m m Standard Edition
, or public Server and IIS, using a
single set of
credentials
Enterprise, SE01.contoso. Meetings.contoso. Meetings.external.con Separate certificates
standalone com com toso.net for Standard Edition
, or public Server and IIS, each
with its own
credentials
Trusted SE01.contoso. Meetings.contoso. Meetings.contoso.co One certificate for IIS
Windows com com m using the URL FQDN
public CA credential and one
certificate for
Standard Edition
Server using the
Standard Edition
Server FQDN
If the certificate
private key is marked
as exportable, you
may be able to use a
single certificate for
internal IIS and for the
ISA reverse proxy.
Scenario 3. Support Client Automatic Sign-In

This scenario assumes that you want clients to use automatic sign-in. If so, then refer to the
following table for the additional requirements for the certificate requests:
Standard Edition User SIP URIs Additional Certificate Requirements
Server FQDN
SE01.contoso.co *@contoso.com None; refer to Scenario 2.
m
SE01.contoso.co *@contosoretail.com, Server certificates will need additional
m *@contosobank.com alternate credentials to provide a suffix
match with your users’ SIP domains; Use
the FQDN of the Standard Edition Server
as the Common Name (CN) of the server
certificate, but include domains with
suffixes that match the SIP user domains
in the Subject Alternate Name (SAN).
Scenario 4. Generate an Offline Request (for a Public CA)
This section describes the procedures for requesting a certificate from a Public CA. If you need to
generate an offline request or are using a public CA, use the following set of instructions to
request and process the certificate.
To request the certificate
17. On the server on which you have installed Office Communications Server, click Start, click
Programs, click Administrative Tools, and then click Office Communications Server
2007.
18. In the snap-in, expand the nodes until you reach the Standard Edition Server that you
installed.
19. Right-click the server name, and then click Certificates.
20. On the Welcome to the Configure Certificate Wizard page, click Next.
21. On the Available Certificate Tasks page, click Create a new certificate, and then click
Next.
22. Select Prepare the request now, but send it later, and then click Next.
23. Click Name, and then type the name for the new certificate. For example, you can use the
server name as the certificate name.
24. Clear the Mark cert as exportable check box, and then click Next.
25. Click Organization, and then type your organization name.
26. Click Organizational unit, type the name of your department, and then click Next.
27. Click Subject name, and then type the FQDN of the server.
28. Select the Automatically add local computer name check box, and then click Next.
29. Select your Country/Region, State/Province, and City/Locality, and then click Next.
30. Click Browse, choose a location, enter a File name (with a .txt extension) for the certificate
request, and then click Save.
31. Verify the path and file name of the certificate request file in the File name box, and then
click Next.
32. Review the request information, and then click Next.
33. Click Finish.
Repeat these steps on the other front-end server(s).
Issuing the Certificate Request
If you are an administrator on the Certificate Authority, use these steps to issue the certificate
after you have generated the request. If you are not an administrator on the Certification
Authority, use the instructions in the following section, “Submitting an Offline Request to a
Public CA,” instead.
To issue a certificate
1. Click Start, and then click Run. In the Open box, type mmc, and then click OK.
2. In the File menu, click Add/Remove Snap-in.
3. Click Add, click Certification Authority, and then click Add.
4. Click Another computer, and then click Browse.
5. Choose your CA, and then click OK.
6. Click Finish.
7. Click Close.
8. Click OK.
9. In the snap-in, expand the Certification Authority node.
10. Right-click your CA, click All Tasks, and then click Submit new request.
11. In the Open Request File dialog box, navigate to and click the certificate request (.txt) file
that you created using the wizard, and then click Open.
12. In the Save Certificate dialog box, enter a File name (with an X.509 extension, .cer, .crt, or
.der) for the certificate, and then click Save.
13. Close the CA snap-in.
Repeat these steps on the servers in the pool for which you generated an offline certificate request.
Submitting an Offline Request to a Public CA
If you are not an administrator on the Certification Authority or if you use a public CA, after you
have generated the certificate request, access the public CA site to submit the request. Depending
on the CA, the process will vary, but you generally need to supply your organizational and
contact information.
If prompted, choose the following options:
• Microsoft as the server platform
• IIS as the Version
• Web Server as the certificate usage type
• PKCS7 as the response format
When the public CA has verified your information, you will receive an e-mail that contains the
text required for the certificate.
Process the Pending Certificate Request
After you submit the certificate request, verify that the certificate was downloaded correctly and
has been bound to the local computer store.
To process the certificate from the Public CA
1. On the server on which you have installed Office Communications Server, click Start, click
Programs, click Administrative Tools, and then click Office Communications Server
2007.
2. In the snap-in, expand the nodes until you reach the Standard Edition Server that you
installed.
3. Right-click the Office Communications Server, and then click Certificates.
4. On the Welcome to the Configure Certificate Wizard page, click Next.
5. Click Process the pending request and install the certificate, and then click Next.
6. In Path and file name, do one of the following:
• Enter the location and file name of the .cer file issued to you by the CA, and then click
Next.
• Click Browse. Locate the certificate issued to you by the CA, and then click Open.
7. Verify the certificate location and filename in the Path and file name box, and then click
Next. The certificate is installed to the local computer store.
8. Click View Certificate to view the details of the certificate, and then close the certificate.
9. Click Finish.
Appendix D Optimizing Your Network

Interface Card for High A/V Traffic
For many deployments, you can use the default settings on your network interface. However, in
the following situations, you should optimize for A/V traffic flow by increasing receive and
transmit buffers settings to three times their default value on your network interface cards:
• If you anticipate audio and video traffic on any particular A/V Conferencing Server or A/V
Edge Server to exceed 200-250Mbps
• If your servers experience packet loss on the network
Note
The following procedure provides steps to change these
settings on a typical network interface card. The procedure
will vary depending on your manufacturer.
To change your network interface card settings

1. Log on to the computer running A/V Conferencing Server or A/V Edge Server with local
administrator permissions.
2. Right-click Computer Manager, and then click Manage.
3. In the console pane, click Device Manager.
4. In the details pane, expand Network adaptors
5. Right-click your network interface card, and then click Properties.
6. Click the Advanced tab.
7. Under Settings, click Performance Options.
8. Under Settings, click Receive Descriptors.
9. In Value, change the value to three times the default value, and then click OK
10. Under Settings, click Transmit Descriptors.
11. In Value, change the value to three times the default value, and then click OK.

OCS StandardEditionDeployment

Uploaded by

Document Information

Original Description:

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

OCS StandardEditionDeployment

Uploaded by

Copyright:

Available Formats

Microsoft Office

 2007 Microsoft Corporation. All rights reserved.

All other trademarks are property of their respective owners.

Overview of Office Communications

Infrastructure Requirements and

• Domain Name Service (DNS)

Overview of Standard Edition

Step 1: Prepare Active Directory

Step 2 Deploy Standard Edition

2.1 Configure DNS for your Standard Edition

Client DNS Queries

To create a DNS SRV record

1. Log on to a client computer in the domain.

2.2 Deploy Office Communications Server

2.3 Configure Standard Edition Server

To configure Office Communications Server Standard Edition

2.4 Configure Certificates

To configure a new certificate

9. When you are finished, click Next.

2.4 Enable A/V and Web Conferencing

In Office Communications Server, conferencing enables Office Communications Server users to

To configure A/V and Web conferencing

2.5 Start the Services

2.6 Validate Your Server Configuration

5. When you are finished, click Next.

Step 3 Create and Enable Users

3.1 Create and Enable Users for Office

3.2 Wait for User Replication to Complete

3.3 Enable Enhanced Presence

To enable enhanced presence for a single user

3.4 Configure Users

6. Do one of the following:

Step 4 Deploy the Office

4.1 Deploy Communicator

4.2 Configure Client Logon

4.3 Test Office Communications Server

Step 5 Deploy the Live Meeting 2007

5.1 Deploy the Live Meeting Client

Distributing the Meeting Client to Client Computers

To install the Live Meeting 2007 client

5.2 Deploy the Outlook Add-in

To deploy the Live Meeting 2007 Outlook add-in

5.3 Customize Meeting Invitations

5.4 Set Up a Test Meeting

Validation and Troubleshooting Hints

Appendix C: Certificate Request

Scenario 1. No External User Support

Scenario 2. External User Support

Scenario 3. Support Client Automatic Sign-In

Appendix D Optimizing Your Network

To change your network interface card settings

You might also like