Like every other big product from Microsoft that we need to control mass of clients, we need the easiest Central management available. Because you install your Office Communication Server I come from a point that you already works with GPO before. Like Active Directory in OCS we also have the ability to use GPO for a central management to execute many tasks with lots of benefits you can take from it(Just think how much time you save when you work with 1000 clients or more….).
The Group Policy can be used in many different ways; at first you can deploy all your clients the Communicaitor.msi with easy GPO configuration, you also can maintain OCS client’s application with another GPO, We need to remember that we can deploy GPO on both Users or Computers (Depending on your company policy).
I can talk about Group Policy without seeing the end of this …so I will make my life much easier and direct you to Microsoft website so you can be the best you can…
http://technet.microsoft.com/en-us/windowsserver/grouppolicy/default.aspx
OCS2007 – Group Policy Features
Here I will give few examples on what you can do with your GPO settings so please look the best features for your Local Environment (All settings taken from Microsoft site!):
| Policy Name | Definition |
| AutoDiscoveryRetryInterval | Set time interval to retry a failed automatic connection to the server. |
| CalendarStatePublicationInterval | Frequency of updates to presence from Outlook Calendar. |
| CallLogAutoArchivingPolicy | Controls saving of call logs to the Outlook Conversation History folder. |
| ConfiguredServerCheckValues | List of additional servers for logging on. |
| CustomStateURL | Configure up to four custom presence states. |
| DGRefreshPeriod | Interval for updating distribution groups from the address book. |
| DGUrlExternal | External address book location. |
| DGUrlInternal | Internal address book location. |
| DisableAVConferencing | Supersedes DisableVideo. (See also DisablePC2PCVideo.) |
| DisableCalendarPresence | Disables the loading of free or busy data from the Outlook messaging and collaboration client, and prevents this data from being published. (Replaces DisableCalendarState.) |
| DisableConversationWindowTabs | Disable display of custom Conversation window extensions. |
| DisableDataConferencing | (Replaces DisableCollaborationApps.) |
| DisableEmailComparisonCheck
|
Disable comparison of SMTP address with Outlook user profile. |
| DisableFederatedPromptDisplayName | Show the sign-in name or SIP address of federated contacts. |
| DisableFreeBusyInfo
|
Controls display of free or busy status from Outlook. |
| DisableHttpConnect
|
Disable the HTTP connection fallback option. |
| DisableICE | Affects the ability to establish voice or video calls behind a firewall or Network Address Translation (NAT) layer. |
| DisableMeetingSubjectAndLocation | Prevents Communicator from publishing the subject and location information of a meeting. This value is not used if DisableCalendarPresence is set, or if the Update my status based on calendar data option on the Personal tab is not set. |
| DisableOneNote12Integration | Shows or hides the OneNote 2007 command in the Conversation window. |
| DisableOnlineContextualSearch | Removes the Find Previous Conversations command and disables display of the previous conversations. |
| DisablePC2PCVideo | Disables peer-to-peer video calls. Supersedes DisableVideo. (See also DisableAVConferencing.) |
| DisablePICPromptDisplayName | Controls the display of the sign-in name or SIP address of public internet connectivity (PIC) contacts. |
| DisableRTFIM | Disables rich text in instant messages. |
| DisableServerCheck | Controls the sign-in check for server name and version. |
| DisableSimultaneousRinging | Disables the Unified Communications Enterprise Voice feature Simultaneously Ring an Additional Number. |
| EnableAppearOffline | Users can choose Appear Offline from the Presence menu. |
| EnableEventLogging | Turns on logging of certain errors to the Windows Event log, and disables the user interface for this feature. |
| EnableSQMData | (Replaces CEIP.) Enables the Customer Improvement Program option and disables the user interface for this feature. |
| EnableStrictDNSNaming | (Replaces DisableStrictDNSNaming.) Controls how Communicator interacts with SIP servers that have non-standard FQDNs. |
| EnableTracing | Creates a log for troubleshooting signaling failures, and disables the user interface for this feature. |
| ExUMEnabled | Identify user account as enabled for voice mail. |
| IMAutoArchivingPolicy | Controls archiving of instant messages to the Outlook 2007 Conversation History folder, and disables the user interface for this feature. |
| LocationProfile | Configures a user’s default location profile. |
| MapiPollInterval | Frequency of loading calendar data from MAPI. |
| MRASServerURI | Location of the Media Relay Access server. |
| msRTCLine | Line information for Unified Communications Enterprise Voice. |
| NotificationsForNewSubscribers | Controls notifications received when a user is added to another user’s contact list, and disables the user interface for this feature. |
| TelephonyMode | Configures telephony for Communicator 2007. |
| VoicemailURI | Location of custom voice mail server. |
| WebServicePollInterval | Frequency of loading calendar data from the Web services provider. |
OCS2007 – Clients Deployment Using GPO
Here I want to give you all the steps you need to do when you want to use Group Policy to deploy the Office Communicator 2007 Client. You always need to remember that with GPO we can be more predictive in much less time needed if we chose not to use the GPO in our local environment. I will explain the process with few easy steps but you need to remember that you cannot precede the next step until you finish the provios one.
Step 1: Configure Installation access
Before we start the GPO configuration we firs need to chose the place we going to put the GPO for clients access, we also need to share this folder with the NTFS Permissions configuration. For all users need to access the .MSI file all we need to do is to Enable the “Read” permission, and for the admin (You…)Give full access so you can control all the folder specification.
- First download from Microsoft the following Packages :
- Ocs Communicator 2007(Also download the patch provided).
- Also download the Live Meeting 2007
- Outlook 2007 Conferencing Add-in Pack (This provides you a new tab at your Outlook like we show in the article above).
- After you download all packages you need to set the UNC path of the files to be directed to the shred folder. To execute this operation please follow :
Run “msiexec /a communicator.msi TARGETDIR=<UNC path to shared folder>”
Example: msiexec /a communicator.msi TARGETDIR=\\FileServer\CommuiClient
After you set the UNC path proceed to the “Patch” for the open .MSI files:
Run “msiexec /p communicator.msp /a <UNC path to shared folder>\communicator.msi”
For example:
msiexec /p communicator.msp /a \\ FileServer \ CommuiClient \communicator.msi
- If you do exactly the way I show you should see New folders in the sheered folder and .MSI file :
- PFiles folder.
- communicator.msi
- System32 Folder.
- Unpack the .msi files from LMSetup.exe and ConfAddins_Setup.exe into the sheered folder.
- Change directories to the .MSI file :
Run “LMSetup.exe –out <folder path>” and “ConfAddins_Setup.exe –out <folder path>”
folder path – Please chose a folder you will know where you put her because if not you can use the wrong file!
Copy the extracted LMConsole.msi and LMAddinPack.msi to the root of your shared network folder. (\\FileServer\CommuiClient):
Step 2: Configuring the Group Policy
Now we need to create a new GPO so we can deploy the .MSI files, its east to manage just follow the next easy steps:
- Log-on to your management console server (If you don’t have one it’s good time to create it! Reduce the tasks you need to perform from the Domain-Controller).
- Now open Administrative Tools and open your GPO Management Console
Note!
You can get access faster if you open your Command line and type “gpmc.msc”.
- After you see your console open, Expand Forest and chose your Domains.
- Now you need to choose on witch Organization Unit you want to apply the new policy.
- Right-click the OU and select “Create and Link a GPO Here”. Enter a name for your GPO.
- Right-click the newly created GPO and select Edit. This will open the Group Policy Object Editor.
- Now you need to chose the way you want to deploy the policy (Users or Computers):
- Workstations – Software Settings under Computer Configuration.
- Users – expand Software Settings under User Configuration.
- Right-click Software Installation and choose New Package. In the Open dialog box, enter the UNC path of your shared folder (\\FileServer\CommuiClient) and click Open. Now you need to Choose the Communicator.msi file and Open it.
- In the Deploy Software dialog box, choose Assigned and click OK.
10. Click on Software Installation in the GPO. In the right pane, right-click on Microsoft Office Communicator 2007 and select Properties.
11. Select the Deployment tab on User Configuration , check the “Install this application at logon” box and change the “Installation user interface options” to Basic.
12. Repeat steps 6 – 11 on the other .MSI files LMConsole.msi and LMAddin.msi.
To achieve the full benefits from your OCS environment you need to give the users the ability to hear one another and enable them to communicate from your external network. To do so log in to you Office Communication Server 2007 a run the Setup.exe located in the server folder under the I386 folder.
Key Benefits:
1. Work with TLS encryption with a unique port (5060) to reduce attacks.
2. Connecting clients that are outside the network to internal ICE.
Prerequisites (you have more I only give you the ones we don’t already configure):
1. At least media Gateway available for deployment.
2. You cannot have NAT or FIREWALL between the Mediation Server and the Media gateway.
3. Additional Server to install the Mediation Server (You cannot install the Mediation server in the same server running the OCS).
After the GUI will Pop-Up you should chose to “Deploy Other Server Roles”,
In the next screen you arrive you need to choose “Deploy Mediation Server”
Mediation Server
This role enables you to use Voice capabilities in your environment using IP/PSTN gateways and OCS services.
Now after you chose, to install this role you will arrive to 4 steps you need to accomplish:
Step1: Install files for Mediation Server
Here you only need to press the “Install Button”.
Step2: Activate Mediation Server
After you press the “Run” a new wizard will open,
In the credentials section use the same account you used when install the OCS, Next.
In this step new attributes will be written in you Active Directory.
Step3: Configure Mediation Server – here you don’t need to do anything, simply pass to step 4.
Step4: Configure Certificate – Because we work with Security issues we need to set another certificate used by the Mediation Server.
Let’s configure!!
1. Run and Next afterwards.
2. Create a NEW certificate.
3. Chose the Send the Request…..options (The first one!).
4. Next all the ways with the same configuration you configures when you create the first certificate.
Note!
You can see the Certificate on your Certificate Authority Server under “Issued Certificates”.
First you need to have two different clients with outlook 2007 configured on their machines , check co
Environment connectivity to the exchange and the coactivity between the two users.
You need to verify it on those two because before you deploy the OCS and all is features to clients you must first create all the tests you can create to get the best configuration on your production enviorment.
Step 1: Enabling users on the OCS2007
On the OCS server or on your DC open command line:
Type: dsa.msc
Now you need to see you Active Directory open, all you need to do now is to choose the organization unit with the user you want to add and Right click on the OU and chose “Enable Users for communication Server”.
A wizard will open and we need to configure it:
- Next.
- Select Server or Pool – here you will see the default server name, just verify and click, next.
- Specify Sign-IN Name – here we need to set the way users will connect to the OCS - as you will see you can set the E-mail account of users or Lastname+First name it doesn’t matter just chose the correct policy you want .
- Enable Operation Status – Here you can verify the users SIP creation, you will see both Success and Failures regarded the SIP creation.
Note!
You can see the users you just add in the OCS console:
Open OCS Mmc ->Expand the Forest -> Open Users.
This step is recommended by Microsoft But you can pass this step while configuring Exchange2007 Cluster Continues Replication. If you still want to work by the book and follow Microsoft recommendations just do the following steps .
What is MaxDumpsterSizePerStorageGroup.?
Well first you need to know what you need to configure, so the Transport Dumpster have few Parameters that give you the ability to set the size of the Transport Dumpster Queue based on single Storage Group .in this section you can set the size with 1.25 times from the Maximum massage send in your Exchange 2007 environment .
Example :
If you approve users to send E-mail with the size of 1MB you need to configure the MaxDumpsterSizePerStorageGroup parameter with a value of 1.25 MB.
Another parameter you can get control on the time massage remain in the Transport Dumpster Queue . The parameter we want to set is MaxDumpsterTime the time you want to configure need to be as follow : if you want that users massages remain in the Queue for 2 days you should set the parameter to be 02:00:00:00 (2 days).
You also need to remember that when you use the Transport Dumpster you also need to set additional Disk Space on the HUB server for containing the Transport Dumpster Queues .
If you want to set the Transport dumpster with the above configuration you should open Exchange 2007 command shell and type the following syntax :
Set-TransportConfig -MaxDumpsterSizePerStorageGroup 2MB -MaxDumpsterTime 02.00:00:00
Note!
To check the configuration type Get-TransportConfig and you should get all the Parameters you configured with the values they have .
Well if you gone this far you should be in good condition, and tell you the truth all the Hard stuff is behind us and now you should work with the Exchange2007 GUI and it’s much more easier.
Remember that we need to install the Exchange 2007 on both Nodes, Node1 will be used as the Active and Node2 will be the Passive .
Setting up the Active node
Log-in to Node1 with Domain Admins permeations and brows to the Exchange 2007 directory (I hope that you already copy the Exchange directory on both nodes for easy access)and run the “Setup.exe” to start the Exchange2007 wizard.
Now you should see the Wizard on your screen ,follow the following steps :
Step 1: Install.NET frameworks 2.0 -> don’t break your head and simply install it .
Step 2: Install the MMC console -> read step 1.
Step 3:Install Microsoft Command Shell(MSH) -> If you gone this far you should be able to handle it yourself .
Step 4: Install Microsoft Exchange -> Finally!!! You may said , here we going to install the Active copy in our CCR environment, a new wizard will open with the following configuration :
Error Reporting -> Click YES and press next (Believe me it will save you a lot of time in case you have future problems in your environment).
Installation Type -> Chose the “Custom” options because we need to install unique role ,Next.
Server Role Selection -> here you should choose “Active Clustered Mailbox Role”, next.
Cluster Settings-> here we have some additional configuration we need to choose
Select Cluster Type :
Chose CCR (First option).
Clustered Mailbox Server Name :
The name you specify here will be the name that your Outlook clients will need to specify when they set their mailboxes .
Clustered Mailbox Server IP Address :
Here you need to give a Unique(Exclude this address if you using DHCP server ) IP address from your Public Segment
Path:
Keep the default path .
Setting up the Passive node
Well it’s easy all you need to do is to connect to Node2 and perform the same steps as we did in the Active Node . The only thing you need to do different is to choose passive and not active when the Cluster Wizard become online .
First before we can precede you first need to understand what the hell is Majority Node…? Well first you need to download the following update from Microsoft and install it “MS KB 921181” after you install it you can get the ability to use File Share Witness that use outside your Cluster (you can share files that kelps outside the cluster we build between Node1 and Node2).this KB require in our situation because we use the HUB server when we create the Cluster.
Configuring the File Share Witness:
First you need to know that Microsoft recommends creating the share on the Exchange2007 that’s olds the HUB role in your Active Directory (and off course the same AD that you going to deploy the Cluster).
Log on to your Exchange 2007 that’s holds the HUB role and create new folder (no matter where you create it BUT Use drive with space!)Called “MS_FSQ_XCH07CLUSTER” (You can set another name if you like).
Now we need to set the Shares and Permeations on this folder:
- Create share on this folder (Share the folder with the default name don’t change it!).
- Give permeations to the Domain administrator or the Cluster user we created in the last steps (or not…test environment…)…
Note!
The permeations need to be Full Control.
Setting up the folder on Node1
Here we need to set the attribute on the server to point the folder we create one step before pay attention:
Log-on to Node1 and open Command Line, Type:
Cluster res “Majority Node Set” /priv MNSFileShare=\\ServerName\Folder name(MS_FSQ_XCH07CLUSTER)
Now after you set the syntax as I explain you will get an error massage says “ The properties where started but not all changes will take effect until the next time the resources is brought online “
That’s o.k. all we need to do is to force the changes we just configure and look how it simple to do :
All we need to do is first move the Cluster Group to the other node. Why..?
Because when the cluster moves the group the group going to be in offline state and after the transfer she will come back to be in online mode.
Syntax(Command Line) :
Cluster Group “cluster group” /move
After you press ENTER the cluster moves the group into NODE2!
Confirm Configuration:
Now you need to check the new settings you just configure , so it’s very simple to do .
On the command line Type the following syntax :
Cluster res “majority Node Set” /priv
Now you need to see a list of resources with their values, all we need is the first resource configured with the share folder we set on proviso steps .
If you have installed s Server 2003 Enterprise with Service Pack 1 on the node, you need to download the Microsoft .NET Framework Version 2.0 Redistributable Package (x86), since it’s only a standard Windows component .
After we configured our Cluster we now need to install Exchange 2007 in Active and Passive Nodes, before we can do it we must first install the needed Windows Components on Node1 and Node2:
Open Control Panel -> Add\Remove Programs –Windows Components.
Now navigate and install the following components:
Install IIS with the following components:
- WWWS – World Wide Web Service.
- Enable Network COM+ access.
- Internet Information Services.
Before we begin I want to speak about the environment that I use before choosing the CCR option on production environment.
My test environment created on Esxi servers so you can gees that I’m talking about Virtualization here but that will be discus on another post …
Here we have the Full configuration:
- I created my Domain-Controller in a new Forest, This DC run the DNS role and Active Directory.
Server Name: DC2003
IP_ 192.168.12.100
OS: Server 2003 standard 32-Bit
- Exchange 2007 contain all the roles(Not the Edge role!) with SP1
Server Name: XCH2007
IP_192.168.12.88.
OS: Server 2003 standard 32-Bit
Exchange Server 2007 32-Bit
- Node 1 – this node will function as the Active Node in our CCR environment.
Server Name: Node1
IP_192.168.12.200
OS: Server 2003 Enterprise 32-Bit
Exchange Server 2007 32-Bit
- Node 2 – this node will function as the Passive Node in our CCR environment.
Server Name: Node2
IP_192.168.12.201
OS: Server 2003 Enterprise 32-Bit
Exchange Server 2007 32-Bit
- I install one XP system just to check the CCR configuration after we finish configured it on our environment.
Now I will start to explain about the building of the CCR cluster Step by Step to help you understand every step of the way so follow carefully it’s not as heard as its look.
In this chapter I will give you all the knowledge you need to know how create the cluster in your organization.
Note!
Before you proceed you need to remember that you need to create the cluster with Domain admin credentials.
Log-in to your first node (node1) and open the Cluster Wizard with 2 options:
Start -> Administrative Tools ->Cluster Administrator
Or you can use the command line with the following syntax:
Start -> Run -> an Type: Cluster.exe /create /wizard
Now you start to work with the Cluster Wizard so pay attention by following those easy steps:
Figure 1: in the first figure you need to create a new cluster so chose “Create New Cluster”
Figure 2: Click Next.
Figure 3: Create name and Domain
Domain: here you need to insert your domain name
For example: Planning.Local
Cluster Name: you can choose every name that you want.
For Example: PlanningClustering
Note!
The name that you provide here is NOT the name that your users will connect!
Figure 4: Select Computer
Here you need to specify the firs Node in your architecture, in our case we simply add NODE1.
Figure 5: Analyzing Configuration
Let the wizard do its stuff until you can proceed, pay attention that you will get two errors in the last two options, please ignore them it’s o.k.
The explanation you may ask is that we configured our CCR replication topology based on Mailbox server that not configured to share the same disks subsystems.
Figure 6: IP Address
Here you need to give an IP address that enabled you to access using the Cluster Management Tools.
In our case we can give the following IP address
192.168.12.144
Figure 7: Cluster Service Account
Here you can specify new account you that handle your Cluster Environment, but as you will learn simply add your Domain Administrator Credentials.
Figure 8: Proposed Cluster Configuration
Here you can see the entire configuration that we create until now .But you also need to make the next step:
Chose “Quorum” and chose “Majority Node Set”
After you chose it the Cluster Wizard will start configuring the cluster Services and Resources.
Figure 9: Finish!
Now you have your cluster environment and we can proceed to the next step that help us adding NODE2 to the Cluster we just created.
Adding NODE2 to the Cluster:
Open your new cluster:
Start -> Administrative Tools -> Cluster….
After the cluster administration lunch follow the next step to add Node2:
Click on your cluster name to expand the tree,
Select New -> Node
A new wizard will open that help you proceed, so let’s work it out:
Figure 1: Next
Figure 2: Select computers
Here we need to add the next machine that will be the second node, in our case we need to chows “Node2” and Next.
Figure 3: Analyzing Configuration
Here the wizard will determined the Cluster configuration, simply wait till it finishes and then click next.
Figure 4: Cluster Service Account
Simply add the same credentials you add when configuring Node1 (Domain Administrator in our case).
Figure 5: Proposed Cluster Configuration
Here you can see the entire configuration that we create until now.
All done now you can tell your manager you finish creating the first part of the project and she can deliver the big money in the next salary.
As I explain before we create two servers that will be configured as our NODES, now we need to set another LAN card to create backup for the first LAN card the NODE already have. It’s not hard to configure so please follow and execute:
Note!
I will explain how to set the NIC’S on node1 and when you do it please notice that you need to do it also on node2!!!!
Open you’re Network Connection and add another NIC, now you need to name them as you wish but remember that it’s very important to understand the configuration because we need to set priority on them.
I called the PUBLIC and PRIVETE:
Public – This is our Default NIC and will be use for External communication (set with default getaway).
Private – This is our additional NIC and will be use with another segment for internal communication use only!
Now we need to set the priority of the Nics:
Go to Advanced -> Advanced Settings-> now you must set the public NIC to be first on the binding order.
Note!
- Public.
- Private.
- Remote Access Connection.
Note!
If you already installed Exchange2007 Service Pack 1” you can skip the following step
Go to the private NIC and disabled the “File and Printer Sharing for Microsoft Networks”.
Now let’s set the Nics Static addresses:
Node1 Public Nic:
IP address : 192.168.12.200
Subnet : 255.255.255.0
Default gateway : 192.168.12.254
Dns Server : 192.168.12.100
Node1 Private Nic:
IP address : 192.168.11.2
Subnet : 255.255.255.0
Default gateway : None!!!!
Dns Server : None!!!!
After we finish to configure the static ip’s its time to set the additional settings:
Advanced -> Dns Tab -> Now all you need to do is to UNMARK two features:
- Register these connections addresses in DNS.
- Use this connection’s DNS suffix.
Advanced -> Wins Tab and set the following:
- Unmark “Enable LMHOST lookup.
- Chose “Disable NetBIOS over TCP/IP.
Node2 Public Nic:
IP address : 192.168.12.201
Subnet : 255.255.255.0
Default gateway : 192.168.12.254
Dns Server : 192.168.12.100
Node2 Private Nic:
IP address : 192.168.11.4
Subnet : 255.255.255.0
Default gateway : None!!!!
Dns Server : None!!!!
After we finish to configure the static ip’s its time to set the additional settings:
Advanced -> Dns Tab -> Now all you need to do is to UNMARK two features:
- Register these connections addresses in DNS.
- Use this connection’s DNS suffix.
Advanced -> Wins Tab and set the following:
- Unmark “Enable LMHOST lookup.
- Chose “Disable NetBIOS over TCP/IP.
Note!
We configures the Private network to communicate between the two nods using bits, when the bits stops the nodes know one of the fails and take is services.
All set. If you follow all the above and test your configuration (Pings and stuff) you can proceed to the next step.