Tuesday, January 25, 2011

How to allow domain users to connect to Lync 2010 or OCS 2007 fromClients running on non-domain computers

I had a situation in our company where we have exceptional few users who got Domain credentials but they are working on Computers that are not joined to the domain.

However these computers run over the LAN or WAN, can communicate with the internal DNS and got the certificate chain of the CA imported to them and they use DOMAIN\UID and password credentials to login to mail , MOSS and everything is working fine.

When I installed the OCS 2007 R2 client on their machines and tried to login with the same behavior as mail using DOMAIN\UID, I was not able to log in and I received the below event log warning:

"Communicator was unable to authenticate because an authenticating authority was not reachable.”

Resolution:

The server may be asking for Kerberos authentication and Communicator is not able to find the Kerberos Domain Controller in order to generate credentials and authenticate.  The network administrator will need to change the configuration on the server to utilize only NTLM authentication before Communicator can login from this location properly, or connectivity will need to be made available to an authenticating authority"

Also as for testing I removed the OCS 2007 R2 client and installed the new Lync RC client on the same machine, I know it is not supported scenario but I was just testing it. Now the user was able to login but it disconnects after 10 seconds then reconnects again , it keep in this loop. I also found the same warning in the event log.

I know why this is happening and I know it would have been solved from the beginning if i forced the OCS to use NTLM only rather than Kerberos but this was not something i can force.

So in the end the Solution was this problem was simple:

Ensure that the users when singing in to communicator 2007 or Lync 2010 to include the ".local" in the domain.local\username part of the authentication and not DOMAIN\username.

Communicator for Mac 2011 Deployment Guide

Features Available:

  • Calendar based presence.
  • Presence in other Office for Mac applications.
  • Outlook Out of office messages in Mac Communicator.
  • Invite multiple people to conference.
  • Join conf: meetings from an outlook Invite.
  • Enterprise Voice supported.
  • OCS 2007 R2 support (OCS 2007 RTM is not).

Not available:

  • Access Level for Contacts.
  • Call forwarding.
  • Receiving calls on mobile devices.
  • Voicemail access from Mac Communicator.
  • Scheduling of conferences in Outlook.
  • Desktop sharing.
  • No mention of Live Meeting.

I am extremely pleased with the progress the Mac Communicator team has made.

I expect the user experience with Lync to fill in some of the holes above with the Reach client. Finally, the Mac user can join the rest of the Unified Communications fun!

Here is the link to the Mac Communicator Deployment Guide. Enjoy!

Lync 2010 Collocated Mediation Server vs. Dedicated Mediation Server

Learn why we should collocate or not collocate Mediation Servers with Front End Servers in Microsoft Lync Server 2010 via http://www.shudnow.net/2010/10/10/lync-2010-collocated-mediation-server-vs-dedicated-mediation-server/

Publishing Lync Server 2010 Simple URLs and Web Components with Forefront TMG 2010

Good post published by Randy Wintle writing about publishing Lync Server 2010 simple URLs with TMG

http://ucmadeeasy.wordpress.com/2010/09/24/publishing-lync-server-2010-rc-simple-urls-and-web-components-with-forefront-tmg-2010/

PowerShell Script to create new user, enable for Exchange, UM and LyncServer

RANDY WINTLE created this PowerShell as a sample of how to create new user, enable for Exchange, UM and Lync Server.

There are a couple good takeaways from this script, it remotes into Exchange 2010 and Lync Server 2010 PowerShell sessions, so nothing except PowerShell 2.0 is required on the client side, which is standard with Windows 7. It also shows how you can simultaneously use Exchange and Lync PowerShell commands in the same script to get things done.

This was developed specifically for your internal needs; you will probably have to add/remove variables and requirements:

http://cid-389bd51b03b1f8f9.office.live.com/embedicon.aspx/Public/UserSetupScriptGeneric.ps1

Mike Stacy writes “ Side-by-side error when running DHCPUtil.exe withLync Server 2010”

http://mikestacy.typepad.com/mike-stacys-blog/2010/11/side-by-side-error-when-running-dhcputilexe-with-lync-server-2010.html

In trying to run DHCPUtil.exe from your Windows Server 2008 x64 DHCP server with the appropriate command line parameters in order to configure DHCP for Lync Server, you may run across the following error:

The application has failed to start because its side-by-side configuration is incorrect. Please see the application event log or use the command-line sxstrace.exe tool for more detail.

Reviewing the app log reveals the following:



Solution:  Install vcredist_x64.exe from the Lync Server media and run DHCPUtil.exe again.

Step by Step Lync and Exchange UM Integration

http://blog.schertz.name/2010/11/lync-and-exchange-um-integration/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+jschertz+(Jeff+Schertz)

Also in case you faced Integration problems, please check this URL

http://blog.schertz.name/2010/11/lync-calls-to-exchange-auto-attendant-fail/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+jschertz+(Jeff+Schertz)

Using DHCPUtil for Lync Phone Edition DHCP Server Configuration

http://www.confusedamused.com/notebook/using-dhcputil-for-lync-phone-edition-dhcp-server-configuration/

Sunday, January 2, 2011

Lync 2010 vs OCS 2007 R2 vs OCS 2007 R1 Client Supportability Matrix

If you have been reading Jeff’s Post http://blog.schertz.name/2010/09/lync-client-unsupported-ocs/ then you will know that Lync Client is not supported with OCS, for further details I have prepared this Table to list the supported clients against servers:

How to update Lync Server Configuration from CMS after topology Change

Aifter updating the topology in the topology builder I found that setup instructed me to run the setup again and run the step “setup or Remove Lync Server Components” to update the local server configuration from the CMS.

Looks like I found a way to update the local configuration from the CMS which is using the cmdlet: enable-cscomputer, of course you can use get-cscomputer and pipe it to enable-cscomputer.

This will allow you to rapidly update your servers local configuration if you have large amount of servers.

Upgrade Lync 2010 EVAL to volume license version

To upgrade from the EVAL to the VL version from lync simply follow those steps:

After they secure access to volume bits through a legitimate channel – ie. VL site:

On every machine which has EVAL version of Server.MSI installed:
  1. run “msiexec.exe /fvomus server.msi EVALTOFULL=1 /qb (Note: the server.msi is from Volume media)
  2. run PS cmdlet “enable-cscomputer”

Integrating OCS 2007, Cisco Call manager, Tandberg MCU 4200 all together

I have to say that all of you will like this topic a lot, I have been doing a lot of work in the previous 2 months to mount my new infrastructure in my new company, and one of the challenges that I had is to provide a centralized conferencing and unified communication solution.

The challenge that I had is providing UC service across different sites (I had many), Audio conferencing, Video conferencing, Web conferencing , Telephony conferencing , Voice mail and all of nice stuff all together; well it wasn’t an easy task.

When I came to my company I found CCM 4.3 mounted already and in place, so I had to work it out with OCS 2007, we decided to have a HW video conferencing solution and not relying on the round table since it is not available in the middle east yet so we investigated Cisco/Polycom and Tandberg and we chose Tandberg.

At the early time I wasn’t involved yet in the vendor selection for the video conferencing, so I was working in choosing a telephony conferencing solution, knowing that OCS R2 will provide that module for me made it much harder to choose between Alcatel, Cisco and Nortel.

When Tandberg solution mounted in our HQ and was in place in 3 of our sites I found that it is amazingly works with OCS 2007 and Cisco Call Manager, so I decided to integrate them together which worked so perfectly after, I will share my experience with you across several configuration notes, solution design posts and Finally showing you how an End to End solution will be implemented between the 3 island and connecting them together.

Now will walk through how to install and configure Tandberg Video conferencing, Codian MCU 4200 and OCS 2007 along with CCM support to provide end to end unified communication experience, in the first part I made a small introduction about the subject in this part I will describe the End to End experience and going to the basic configuration of the MCU 4200.

What do you want exactly, this is a so hard to answer, especially in the UC field, all of the vendors as well as partners are introducing end to end UC solutions, so what to chose and where to place is the hardest question.

What do you want, let us talk about that part a little bit, what do you want from UC, what you can achieve, to tell you the truth, you can do almost anything, from launching you mail/voicemail/IM end point from your mobile phone, until mounting you desktop phone from your PC or mobile, do FMC, bypass toll charges, doing audio/video/web conferencing and mixing all of them together, now you can place calls to PSTN network over GSM using E1 modules that carries SIM cards, typically anything.

So where to go, it is up to you, your budget, organization and how you do work internally, some companies work with other parties externally WW so they might need web conferencing, or you might have international branches where they want to minimize their phone bill, so ultimately there are no best fit for you, you have to note that when you ask consultants to do assessment for your organization because vendors will start talking and talking but you need to decide what you need exactly.

Let us go back to my solution, let me give you a brief about the architecture:
  • And E1 connection from my service provider that hosts 100 extension over ISDN.
  • One Cisco Voice gateway.
  • 2 Cisco Call Manager (publisher/subscriber).
  • 1 Codian MCU 4200 V2.3
  • 5 Tandberg Endpoints in site1
  • 1 Tandberg conferencing unit in each branch office.
In this part I will walk into configuring the MCU 4200, step by step:

On the OCS create a normal user, you don’t need to create and email, you can give him an email address and enable OCS 2007 for him, don’t login with OC to the user as this will remove the LCS 2005 attributes from the user and MCU will lose its presence.

After giving the IP of the MCU, and configuring the initial configuration like system name…etc follow the below steps:
  • From the settings page go to the SIP pane.
  • Enter the SIP address and the SIP proxy address for the MCU; this will be dialed from the OCS clients to join the Conf.



Note that in version 2.3.1.8 you cannot use the authentication since the firmware support basic auth, you need to upgrade to version 2.4 to support NTLM, I upgraded to 2.4 but it didn’t work so I rolled back and I work with Tandberg support on it.
  • To overcome the auth, issue you need to add the IP of the MCU in OCS server in the authorized hosts tab and you need to mark it tread as authenticated.
  • Once finished you will note that registered mark appears as above.
  • Now you can add the MCU in your buddy list and you can dial it, once dialed you will be prompted for the conf. ID enter it and you can see/hear the conf.
I have tried to register the MXP 75, but it looks that the firmware 6.3 has a bug in registering the GRUU, so I will acquire the latest MXP firmware (v7).

And now the final part of this article, we will talk about configuring the CCM/Tandberg to work all together, this will let you leverage the conferencing capability from any phone anywhere, it is cool and very important and I found that most of the Tandberg customers don’t know about it.

To make it works, make sure to do the following steps at the 4200 MCU:
  • From the Gateway menu, add a new gateway, type in the IP of the Cisco Call manager, and you are done.
From the Cisco Call manager, follow the below steps:
  • Add the MCU as a gateway.
  • From the routing plans, add a new route pattern, this will match a number (for example 1000) and route this pattern using the gateway you just configured.
Using the above if a user internally calls 1000, he will be prompted with the Codian MCU auto attendant, the 1000 extension should be reachable from the outside using either digits manipulation..Etc so users from the external telephone network can dial that number.

No users in the OCS can add the conference ID as a user and call that user, also call from the phone the MCU and amazingly they can hear users from the Video Conference points and on the OC clients.

Note: I have been working on this for 2 weeks now, I have upgraded my MCU from 2.3 to 2.4, this “as Tandberg” allows me to use NTLM authentication rather than anonymous authentication for MCU registration, but it didn’t work.

For some reason the MCU cannot obtain the GRUU that is returned from the OCS and cannot register itself in OCS, I believe that this is a bug in OCS (as far as I can see) because the OCS is using some SIP extension that has make my life harder before, I am working with Tandberg folks on it now, So keep your MCU at 2.3 until further update.

OCS/E12 and CCM

This is my configuration notes for configuring OCS2007/E12 and Cisco Call manager, I did a test lab and I came up with the following results:
  1. Integration was for simple, configuring the CCM as a GW for the mediation server was very enough to do phone calls.
  2. To do phone to PC call, you will need to configure a SIP trunk and add phone route plan to it.
  3. I did dual forking configuration and it worked, I didn’t find any document that explains how to it in details “If someone has such a guide please send it”, but after little testing I found that enabling enterprise voice with PBX integration and configuring the server URI to be (user@domain.com “Sip Name’), and the Tel URI to be (tel:xxxx “where xxxx is the telephone extension) did the trick for call coming from OCS to user “Note that we will use single extension in this case.
  4. Missed call notification get delivered to the user’s mailbox in the phone to PC, PC to phone, and dual forking.
  5. To do dual forking for calls coming to from phone to PC, we need Cisco unified presence server, this is very new Cisco product, attached the CUPS document “we will try to set this up next week”
  6. User’s phone numbers has to be in E.164 format in AD, redirecting the calls to CCM directly fails in this case because CCM fails to remove the + , so calls need to be forwarded to the Voice gateway first “we need to test that next week”.
  7. To have CCM/OCS integration you will need to have a SIP trunk between the Mediation server GW facing NIC and the CCM, otherwise it will not work (calls will get service unavailable errors).
  8. To have Voice-mail auto redirection (a phone missed called redirected directly to the extension’s Voice mail) you will have to enable caller-ID on the SIP trunk, otherwise the user will get an auto-attendant.
  9. For Auto-attendant feature in Exchange, just create a new auto-attendant as voice enabled, assign an extension and create an Extension routing rule on the CCM to redirect the call to the Exchange feature and it will work.
  10. To do presence integration you will need CUPS in-place, we didn’t have the time to test that.
  11. Feature that has been tested successfully:
  • PC to phone calls.
  • Phone to PC calls.
  • Dual forking (from calls coming from OC).
  • Multi-group conferencing (OC – Phone – phone).
  • Voice mail and missed call notification.
  • Call forwarding to phone, PC and VM.
  • OVA.

Notes from the field configuring and installing OCS and MP114

Here is a nice tip for MP114 configuration and implementation:

OCS is installed in Site1, MP114 installed in site2.

This decision was taken to test the functionality of MP-114 across multiple sites, and then MP-114 will be moved to Site1.

Configuring the OCS consists of the following steps:

  • Install Mediation server.
  • Configure the mediation server and add MP-114 as PSTN GW.
  • Configure default location profile, normalization rules for all of BMW sites, external call, and mobile calls.
  • Enable users for enterprise voice:

♦ Add telephone number, mobile number and work number in user's properties in AD in E.164 format (+XXXXX)

♦ Enable PBX integration and add the Tel: URI
  1. Currently each user has to have separate extension for phone numbers and OCS number (to call the user fro phone to communicator), this is because dual forking is not currently available (simultaneous ringing on phone and OC), this will be available in the second quarter of 2008, for example to dial user x on phone call from OC he has to have extension 14000 (which is configured in the Tel: URI) and to call him from OC to phone he has extension 4000 (which is configured in the phone properties.
♦ Synchronize the Database with the new numbers:

  1. C:\Program Files\Microsoft Office Communications Server 2007\Server\Core>ABServer.exe –regenUR to synchronize the users from AD to OCS DB.
  2. C:\Program Files\Microsoft Office Communications Server 2007\Server\Core>ABServer.exe –synchnow to synchronize the address book with the users DB.
  • Configure the MP-114.

♦ The current PBX (HIPATH 5000) doesn't understand the phone numbers in E.164 format, when we dial 4000 the normalization rule translate the number to +4000 format, this number is not understandable by the PBX, we use the protocol management > manipulation Table in the MP-114 GW to manipulate the destination number to remove the + (by stripping 2 numbers and adding the dial plan identifier) (attached the INI file for final MP-114 configuration).

  • Test the calls from OC to PSTN, PBX.
  • Calls are successfully done in local sites, across the sites (OC > GW > Local PBX > remote Site PBX), and thus we need single GW and single Mediation server for the implementation.