I see this come up a lot when doing OCS Health Checks. Part of the Health Check is looking at information from DBAnalyze. If you get the following error, more than likely the account you're trying to use doesn't have the necessary rights to the SQL databases:
There was an error communicating with the database:
The object 'Resource' does not exist in database 'rtc' or is invalid for this operation.
In order for DBAnalyze to connect to the databases and gather the required information, the account that you are running DBAnalyze as needs to be db_owner on all of the RTC databases.
I get a lot of questions on how to enable hyperlinks in Communicator or how to remove the underscore '_' from the beginning of hyperlinks in Communicator. There are a couple of options available to control the way hyperlinks appear in IM conversations in Communicator. In this post I will describe the 4 options available for configuring hyperlinks in OCS.
Option #1 - Block instant messages that contain hyperlinks
By selecting the Block instant messages that contain hyperlinks option under the Intelligent Instant Message Filter (right-click on the pool > Filtering Tools > Intelligent Instant Message Filter), the sender of the hyperlink will get the following error message:
The following message was not delivered to <user>. More details (ID:309)
Option #2 - Allow instant messages that contain hyperlinks, but convert the links to plain text. Enter the notice that you want to insert at the beginning of each message containing hyperlinks.
By selecting the Allow instant messages that contain hyperlinks, but convert the links to plain text. Enter the notice that you want to insert at the beginning of each message containing hyperlinks. option under the Intelligent Instant Message Filter, the recipient of the hyperlink will receive the hyperlink, but it will be in plain text, and there will be an underscore in front of it. You can also see that the warning text is also included with the hyperlink. This options work if you want to allow people to send hyperlinks, but not make them clickable. The only issue is the underscore. When copying the link, you need to make sure not to copy it as well. This is where Option #3 is useful.
Option #3 - Allow instant messages that contain hyperlinks. Enter the warning you want to insert at the beginning of each instant message containing hyperlinks.
By selecting the Allow instant messages that contain hyperlinks. Enter the warning you want to insert at the beginning of each instant message containing hyperlinks. option under the Intelligent Instant Message Filter, the recipient of the hyperlink will receive the hyperlink, the hyperlink will still be in plain text, but there will not be an underscore in front of it. You can still include a warning message to include with the hyperlink. At first glance, you would think that this option would allow users to click on the hyperlink, but that's not the case. If you really want to allow clickable hyperlinks in Communicator, you need to combine this option with Option #4.
Option #4 - Allow instant messages that contain hyperlinks. Enter the warning you want to insert at the beginning of each instant message containing hyperlinks. (with clickable hyperlinks)
In order to get clickable hyperlinks in Communicator you need to follow Option #3 above, as well as deploy the Allow hyperlinks in instant messages Communicator Group Policy setting. This setting will change the follow registry key, if you configure the group policy under the users container:
HKEY_CURRENT_USER\Software\Policies\Microsoft\Communicator\
EnableURL=1
Now when a user gets a hyperlink in an IM conversation, the link is clickable.
You can use this tool to automatically install the latest patches for each component. To use, run ServerUpdateInstaller.exe with elevated permissions. I would recommend creating a folder and put ServerUpdateInstaller.exe in there, as it extracts each of the individual patches to the same place as the .exe. The GUI then lists what updates are and aren't installed. Click on the install updates button to install the latest updates. KB968802 (http://support.microsoft.com/kb/968802) has details on how to run via command line.
You can download ServerUpdateInstaller.exe here: http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=b3b02475-150c-41fa-844a-c10a517040f4
This question comes up when talking about the OCS hosted Live Meetings when customers are trying to decide how much space to allocate to the Web Conferencing shares.
There is an article on TechNet that talks about the recommended space to allocate per meeting, the maximum size of documents per meeting, as well as how to modify the size limits. I have included the table below:
|
Value |
Description |
PowerPoint Documents, Word Documents, Multimedia, or Snapshot Slides |
Handout Slides |
|
File size |
The size of a file must not exceed this value. |
50 MB |
25 MB |
|
Total size |
The total size of all files in a conference must not exceed this value. |
100 MB |
100 MB |
|
Number of files |
The total number of files in a conference must not exceed this value. |
8052 |
30000 |
You can read the whole article here: http://technet.microsoft.com/en-us/library/dd572518(office.13).aspx
Update - Please see the "Known issues that affect this security update" section in KB974571 (http://support.microsoft.com/kb/974571/) for information on resolving this issue.
<Removed rest of post, as the above KB article contains all relevant information>
I ran into this problem recently. I was doing a migration from LCS 2005 SP1 to OCS 2007 R2 and as part of the R2 prep we were moving the global settings to the Configuration Partition. We followed the steps outlined in this TechNet article (http://technet.microsoft.com/en-us/library/dd819962(office.13).aspx), and while trying to complete Step #7, we ran into a small issue. When trying to start the LCS service, so that we could test, we got the error listed below:
Windows could not start the Live Communications Server on Local Computer. For more information, review the System Event Log. If this is a non-Microsoft service, contact the service vendor, and refer to service-specific error code -2147016694.
Looking in the Application Event Log, we got Event IDs 16417 and 12299.
Checking the System Event Log, we got Event ID 7024.
The service can't start up because the rights aren't being applied to the new container structure in the Configuration Partition. If you check the Security tab for the RTC Service container in ADSI Edit, you see the following:
The RTC groups that need rights aren't being added. There are 2 ways to fix this issue. The first options is to grant the RTCDomainUserAdmins, RTCDomainServerAdmins, and RTCHSDomainServices groups permissions to the Services (or RTC Service) container. I've included a report of the permission both before moving the global settings as well as after moving the global settings to the Configuration Partition. A copy of the permissions is also attached to this post, since some of the report is cut off the screen. The second option is a little more risky. In my lab I was able to successfully get the permissions to apply if I re-ran the DomainPrep step AFTER completing Step #8, which is removing the RTC Service container in the System container. This is risky because you could switch back to using the System container if you absolutely had to. You can mitigate this risk by making sure that you have a recent backup of Active Directory. You should also be able to get the services started by using Option #1, but you will more than likely be granting more permissions than necessary. After re-running DomainPrep, the permissions were applied to the Services container in the Configuration Partition and I could start the LCS service.
Before Moving the Global Settings (CN=Microsoft,CN=System,DC=test,DC=domain,DC=com)
Access list:
Effective Permissions on this object are:
Allow TEST\Domain Admins FULL CONTROL
Allow NT AUTHORITY\SYSTEM FULL CONTROL
Allow NT AUTHORITY\Authenticated Users SPECIAL ACCESS
READ PERMISSONS
LIST CONTENTS
READ PROPERTY
LIST OBJECT
Allow BUILTIN\Administrators SPECIAL ACCESS <Inherited from parent>
DELETE
READ PERMISSONS
WRITE PERMISSIONS
CHANGE OWNERSHIP
CREATE CHILD
LIST CONTENTS
WRITE SELF
WRITE PROPERTY
READ PROPERTY
LIST OBJECT
CONTROL ACCESS
Allow TEST\Enterprise Admins FULL CONTROL <Inherited from parent>
Allow BUILTIN\Pre-Windows 2000 Compatible Access SPECIAL ACCESS <Inherited from parent>
LIST CONTENTS
Permissions inherited to subobjects are:
Inherited to all subobjects
Allow NT AUTHORITY\Authenticated Users SPECIAL ACCESS
READ PERMISSONS
LIST CONTENTS
READ PROPERTY
LIST OBJECT
Allow BUILTIN\Administrators SPECIAL ACCESS <Inherited from parent>
DELETE
READ PERMISSONS
WRITE PERMISSIONS
CHANGE OWNERSHIP
CREATE CHILD
LIST CONTENTS
WRITE SELF
WRITE PROPERTY
READ PROPERTY
LIST OBJECT
CONTROL ACCESS
Allow TEST\Enterprise Admins FULL CONTROL <Inherited from parent>
Allow BUILTIN\Pre-Windows 2000 Compatible Access SPECIAL ACCESS <Inherited from parent>
LIST CONTENTS
Inherited to computer
Allow NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS SPECIAL ACCESS for tokenGroups <Inherited from parent>
READ PROPERTY
Inherited to group
Allow NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS SPECIAL ACCESS for tokenGroups <Inherited from parent>
READ PROPERTY
Inherited to user
Allow NT AUTHORITY\ENTERPRISE DOMAIN CONTROLLERS SPECIAL ACCESS for tokenGroups <Inherited from parent>
READ PROPERTY
Inherited to inetOrgPerson
Allow BUILTIN\Pre-Windows 2000 Compatible Access SPECIAL ACCESS <Inherited from parent>
READ PERMISSONS
LIST CONTENTS
READ PROPERTY
LIST OBJECT
Allow BUILTIN\Pre-Windows 2000 Compatible Access SPECIAL ACCESS for Logon Information <Inherited from parent>
READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access SPECIAL ACCESS for Account Restrictions <Inherited from parent>
READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access SPECIAL ACCESS for Group Membership <Inherited from parent>
READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access SPECIAL ACCESS for General Information <Inherited from parent>
READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access SPECIAL ACCESS for Remote Access Information <Inherited from parent>
READ PROPERTY
Inherited to user
Allow BUILTIN\Pre-Windows 2000 Compatible Access SPECIAL ACCESS <Inherited from parent>
READ PERMISSONS
LIST CONTENTS
READ PROPERTY
LIST OBJECT
Inherited to group
Allow BUILTIN\Pre-Windows 2000 Compatible Access SPECIAL ACCESS <Inherited from parent>
READ PERMISSONS
LIST CONTENTS
READ PROPERTY
LIST OBJECT
Inherited to user
Allow BUILTIN\Pre-Windows 2000 Compatible Access SPECIAL ACCESS for Logon Information <Inherited from parent>
READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access SPECIAL ACCESS for Account Restrictions <Inherited from parent>
READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access SPECIAL ACCESS for Group Membership <Inherited from parent>
READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access SPECIAL ACCESS for General Information <Inherited from parent>
READ PROPERTY
Allow BUILTIN\Pre-Windows 2000 Compatible Access SPECIAL ACCESS for Remote Access Information <Inherited from parent>
READ PROPERTY
Allow NT AUTHORITY\Authenticated Users SPECIAL ACCESS for RTCUserSearchPropertySet <Inherited from parent>
READ PROPERTY
Allow TEST\RTCDomainUserAdmins SPECIAL ACCESS for Public Information <Inherited from parent>
DELETE
WRITE PROPERTY
READ PROPERTY
Allow TEST\RTCDomainUserAdmins SPECIAL ACCESS for RTCUserSearchPropertySet <Inherited from parent>
DELETE
WRITE PROPERTY
READ PROPERTY
Allow TEST\RTCDomainUserAdmins SPECIAL ACCESS for RTCPropertySet <Inherited from parent>
DELETE
WRITE PROPERTY
READ PROPERTY
Allow TEST\RTCDomainServerAdmins SPECIAL ACCESS for RTCPropertySet <Inherited from parent>
DELETE
WRITE PROPERTY
READ PROPERTY
Allow TEST\RTCHSDomainServices SPECIAL ACCESS for RTCUserSearchPropertySet <Inherited from parent>
READ PROPERTY
Allow TEST\RTCHSDomainServices SPECIAL ACCESS for RTCPropertySet <Inherited from parent>
READ PROPERTY
Inherited to msRTCSIP-GlobalContainer
Allow TEST\RTCDomainUserAdmins SPECIAL ACCESS
LIST CONTENTS
READ PROPERTY
Inherited to msRTCSIP-PoolService
Allow TEST\RTCDomainUserAdmins SPECIAL ACCESS
READ PROPERTY
Inherited to msRTCSIP-Pools
Allow TEST\RTCDomainUserAdmins SPECIAL ACCESS
LIST CONTENTS
READ PROPERTY
Inherited to container
Allow TEST\RTCDomainUserAdmins SPECIAL ACCESS
LIST CONTENTS
READ PROPERTY
Inherited to msRTCSIP-Pool
Allow TEST\RTCDomainUserAdmins SPECIAL ACCESS
LIST CONTENTS
READ PROPERTY
Inherited to msRTCSIP-Service
Allow TEST\RTCDomainUserAdmins SPECIAL ACCESS
LIST CONTENTS
READ PROPERTY
Inherited to msRTCSIP-ArchivingServer
Allow TEST\RTCDomainServerAdmins SPECIAL ACCESS
WRITE PROPERTY
READ PROPERTY
DELETE TREE
Inherited to msRTCSIP-EdgeProxy
Allow TEST\RTCDomainServerAdmins SPECIAL ACCESS
WRITE PROPERTY
READ PROPERTY
DELETE TREE
Inherited to msRTCSIP-PoolService
Allow TEST\RTCDomainServerAdmins SPECIAL ACCESS
LIST CONTENTS
WRITE PROPERTY
READ PROPERTY
Inherited to container
Allow TEST\RTCDomainServerAdmins SPECIAL ACCESS
CREATE CHILD
DELETE CHILD
LIST CONTENTS
WRITE PROPERTY
READ PROPERTY
DELETE TREE
Inherited to msRTCSIP-Pool
Allow TEST\RTCDomainServerAdmins SPECIAL ACCESS
CREATE CHILD
DELETE CHILD
LIST CONTENTS
WRITE PROPERTY
READ PROPERTY
DELETE TREE
Inherited to msRTCSIP-Pools
Allow TEST\RTCDomainServerAdmins SPECIAL ACCESS
CREATE CHILD
DELETE CHILD
LIST CONTENTS
WRITE PROPERTY
READ PROPERTY
DELETE TREE
Inherited to msRTCSIP-TrustedServer
Allow TEST\RTCDomainServerAdmins SPECIAL ACCESS
WRITE PROPERTY
READ PROPERTY
DELETE TREE
Inherited to msRTCSIP-Domain
Allow TEST\RTCDomainServerAdmins SPECIAL ACCESS
WRITE PROPERTY
READ PROPERTY
DELETE TREE
Inherited to msRTCSIP-GlobalContainer
Allow TEST\RTCDomainServerAdmins SPECIAL ACCESS
CREATE CHILD
DELETE CHILD
LIST CONTENTS
WRITE PROPERTY
READ PROPERTY
Inherited to msRTCSIP-Service
Allow TEST\RTCDomainServerAdmins SPECIAL ACCESS
LIST CONTENTS
READ PROPERTY
Inherited to msRTCSIP-ArchivingServer
Allow TEST\RTCHSDomainServices SPECIAL ACCESS
READ PROPERTY
Inherited to msRTCSIP-EdgeProxy
Allow TEST\RTCHSDomainServices SPECIAL ACCESS
READ PROPERTY
Inherited to msRTCSIP-PoolService
Allow TEST\RTCHSDomainServices SPECIAL ACCESS
READ PROPERTY
Inherited to container
Allow TEST\RTCHSDomainServices SPECIAL ACCESS
LIST CONTENTS
READ PROPERTY
Inherited to msRTCSIP-Pool
Allow TEST\RTCHSDomainServices SPECIAL ACCESS
LIST CONTENTS
READ PROPERTY
Inherited to msRTCSIP-Pools
Allow TEST\RTCHSDomainServices SPECIAL ACCESS
LIST CONTENTS
READ PROPERTY
Inherited to msRTCSIP-TrustedServer
Allow TEST\RTCHSDomainServices SPECIAL ACCESS
READ PROPERTY
Inherited to msRTCSIP-Domain
Allow TEST\RTCHSDomainServices SPECIAL ACCESS
READ PROPERTY
Inherited to msRTCSIP-GlobalContainer
Allow TEST\RTCHSDomainServices SPECIAL ACCESS
LIST CONTENTS
READ PROPERTY
Inherited to msRTCSIP-Service
Allow TEST\RTCHSDomainServices SPECIAL ACCESS
LIST CONTENTS
READ PROPERTY
After Moving the Global Settings (CN=Services,CN=Configuration,DC=test,DC=domain,DC=com)
Access list:
Effective Permissions on this object are:
Allow NT AUTHORITY\Authenticated Users SPECIAL ACCESS
READ PERMISSONS
LIST CONTENTS
READ PROPERTY
LIST OBJECT
Allow TEST\Enterprise Admins SPECIAL ACCESS
READ PERMISSONS
WRITE PERMISSIONS
CHANGE OWNERSHIP
CREATE CHILD
LIST CONTENTS
WRITE SELF
WRITE PROPERTY
READ PROPERTY
LIST OBJECT
CONTROL ACCESS
Allow NT AUTHORITY\SYSTEM FULL CONTROL
Allow TEST\Enterprise Admins FULL CONTROL <Inherited from parent>
Allow TEST\Domain Admins SPECIAL ACCESS <Inherited from parent>
DELETE
READ PERMISSONS
WRITE PERMISSIONS
CHANGE OWNERSHIP
CREATE CHILD
LIST CONTENTS
WRITE SELF
WRITE PROPERTY
READ PROPERTY
LIST OBJECT
CONTROL ACCESS
Permissions inherited to subobjects are:
Inherited to all subobjects
Allow NT AUTHORITY\Authenticated Users SPECIAL ACCESS
READ PERMISSONS
LIST CONTENTS
READ PROPERTY
LIST OBJECT
Allow TEST\Enterprise Admins FULL CONTROL <Inherited from parent>
Allow TEST\Domain Admins SPECIAL ACCESS <Inherited from parent>
DELETE
READ PERMISSONS
WRITE PERMISSIONS
CHANGE OWNERSHIP
CREATE CHILD
LIST CONTENTS
WRITE SELF
WRITE PROPERTY
READ PROPERTY
LIST OBJECT
CONTROL ACCESS
Inherited to msRTCSIP-GlobalContainer
Allow TEST\RTCDomainUserAdmins SPECIAL ACCESS
LIST CONTENTS
READ PROPERTY
Inherited to msRTCSIP-PoolService
Allow TEST\RTCDomainUserAdmins SPECIAL ACCESS
READ PROPERTY
Inherited to msRTCSIP-Pools
Allow TEST\RTCDomainUserAdmins SPECIAL ACCESS
LIST CONTENTS
READ PROPERTY
Inherited to container
Allow TEST\RTCDomainUserAdmins SPECIAL ACCESS
LIST CONTENTS
READ PROPERTY
Inherited to msRTCSIP-Pool
Allow TEST\RTCDomainUserAdmins SPECIAL ACCESS
LIST CONTENTS
READ PROPERTY
Inherited to msRTCSIP-Service
Allow TEST\RTCDomainUserAdmins SPECIAL ACCESS
LIST CONTENTS
READ PROPERTY
Inherited to msRTCSIP-ArchivingServer
Allow TEST\RTCDomainServerAdmins SPECIAL ACCESS
WRITE PROPERTY
READ PROPERTY
DELETE TREE
Inherited to msRTCSIP-EdgeProxy
Allow TEST\RTCDomainServerAdmins SPECIAL ACCESS
WRITE PROPERTY
READ PROPERTY
DELETE TREE
Inherited to msRTCSIP-PoolService
Allow TEST\RTCDomainServerAdmins SPECIAL ACCESS
LIST CONTENTS
WRITE PROPERTY
READ PROPERTY
Inherited to container
Allow TEST\RTCDomainServerAdmins SPECIAL ACCESS
CREATE CHILD
DELETE CHILD
LIST CONTENTS
WRITE PROPERTY
READ PROPERTY
DELETE TREE
Inherited to msRTCSIP-Pool
Allow TEST\RTCDomainServerAdmins SPECIAL ACCESS
CREATE CHILD
DELETE CHILD
LIST CONTENTS
WRITE PROPERTY
READ PROPERTY
DELETE TREE
Inherited to msRTCSIP-Pools
Allow TEST\RTCDomainServerAdmins SPECIAL ACCESS
CREATE CHILD
DELETE CHILD
LIST CONTENTS
WRITE PROPERTY
READ PROPERTY
DELETE TREE
Inherited to msRTCSIP-TrustedServer
Allow TEST\RTCDomainServerAdmins SPECIAL ACCESS
WRITE PROPERTY
READ PROPERTY
DELETE TREE
Inherited to msRTCSIP-Domain
Allow TEST\RTCDomainServerAdmins SPECIAL ACCESS
WRITE PROPERTY
READ PROPERTY
DELETE TREE
Inherited to msRTCSIP-GlobalContainer
Allow TEST\RTCDomainServerAdmins SPECIAL ACCESS
CREATE CHILD
DELETE CHILD
LIST CONTENTS
WRITE PROPERTY
READ PROPERTY
Inherited to msRTCSIP-Service
Allow TEST\RTCDomainServerAdmins SPECIAL ACCESS
LIST CONTENTS
READ PROPERTY
Inherited to msRTCSIP-ArchivingServer
Allow TEST\RTCHSDomainServices SPECIAL ACCESS
READ PROPERTY
Inherited to msRTCSIP-EdgeProxy
Allow TEST\RTCHSDomainServices SPECIAL ACCESS
READ PROPERTY
Inherited to msRTCSIP-PoolService
Allow TEST\RTCHSDomainServices SPECIAL ACCESS
READ PROPERTY
Inherited to container
Allow TEST\RTCHSDomainServices SPECIAL ACCESS
LIST CONTENTS
READ PROPERTY
Inherited to msRTCSIP-Pool
Allow TEST\RTCHSDomainServices SPECIAL ACCESS
LIST CONTENTS
READ PROPERTY
Inherited to msRTCSIP-Pools
Allow TEST\RTCHSDomainServices SPECIAL ACCESS
LIST CONTENTS
READ PROPERTY
Inherited to msRTCSIP-TrustedServer
Allow TEST\RTCHSDomainServices SPECIAL ACCESS
READ PROPERTY
Inherited to msRTCSIP-Domain
Allow TEST\RTCHSDomainServices SPECIAL ACCESS
READ PROPERTY
Inherited to msRTCSIP-GlobalContainer
Allow TEST\RTCHSDomainServices SPECIAL ACCESS
LIST CONTENTS
READ PROPERTY
Inherited to msRTCSIP-Service
Allow TEST\RTCHSDomainServices SPECIAL ACCESS
LIST CONTENTS
READ PROPERTY
I ran into a couple of issues getting the file upload feature to work in Group Chat. I followed all of the documentation found on TechNet (http://technet.microsoft.com/en-us/library/dd441213(office.13).aspx), which unfortunately leaves out some important steps. Below is a list of the issues that I ran into and the resolutions:
Issue #1
When trying to upload a file in Group Chat, I got the following error:
A file transfer error occurred. Unable to connect to the remote server
I checked to make sure that all of the Group Chat services were running, and I noticed that the Web Service was stopped.
Continuing to look through the configuration options, I saw that the URL for the Web Services started with https, but I didn't remember adding the certificate to IIS, so I checked and sure enough, the only binding was for http. I added another binding for https.
Once I did that, refreshing the Group Chat Server Configuration application, the Web Service was running. Issue #1 resolved!
Issue #2
I tried uploading another file and got the following error message:
A file transfer error occurred. Server was unable to process request. ---> [121] Sql error: opening a connection
---> Login failed for user 'NT AUTHORITY\ANONYMOUS LOGON'.
This was interesting because I was sure that I changed IIS to use the channel service account for anonymous access. I checked and it wasn't set to the channel service account, so I changed it and restarted IIS. This step is documented here: http://technet.microsoft.com/en-us/library/dd441213(office.13).aspx. Issue #2 resolved!
Issue #3
I again tried uploading another file and got the following error:
A file transfer error occurred. Server error.
This one was difficult to track down. The file would start to upload, but then error out. The error message doesn't give you much to go on. I had a feeling that file permission were going to be an issue, so I started looking at the shares that I created. I noticed that in the share for the Web Service, the file was sucessfully uploaded to the UploadTemp directory, but it wasn't being moved to the directory for the chat room. My issue ended up being caused by the fact that I had the Compliance Server role setup and I didn't have the proper permission on the compliance share. This was causing the upload to fail because the channel service account didn't have rights to copy the file to the compliance share. Below is a list of the permissions needed for both shares:
Share Permissions for the Compliance Share
Channel Service Account - Read, Change
Compliance Service Account - Read
NTFS Permissions for the Compliance Share
Channel Service Account - Modify
Compliance Service Account - Read, List Folder Contents
Share Permissions for the Web Service Share
Channel Service Account - Read, Change
NTFS Permissions for the Web Service Share
Channel Service Account - Modify
After making sure that the shares had the correct permission, I was finally able to successfully upload a file. Issue #3 resolved!
From the PressPass announcement:
Microsoft is changing its public instant messaging connectivity (PIC) license requirements for Office Communications Server connectivity to the Windows Live and AOL public IM networks. Now, customers with Office Communications Server 2007 R2 Standard CAL (or equivalent Software Assurance rights) will no longer require an additional license to connect with the millions of people who use Windows Live and AOL for instant messaging and presence. This change took place in July for Windows Live, and is scheduled for AOL in October 2009.
You can read the rest of the PressPass announcement here: http://www.microsoft.com/presspass/features/2009/oct09/10-01ucinterop.mspx
Overview
The eXtensible Messaging and Presence Protocol (XMPP) Gateway for Office Communications Server allows Office Communications Server users to communicate with users who use an XMPP-based IM and presence provider such as Google Talk and Jabber. Once the gateway is deployed in an Office Communications Server environment, users hosted on Office Communications Server can do the following:
- Add or delete users on an XMPP environment as contacts
- Communicate with users on XMPP environment through one-on-one IM conversations.
You can download the software and documentation here: http://www.microsoft.com/downloads/details.aspx?FamilyID=aa560bfe-9960-473a-bfb8-53bff678cec4&displaylang=en
A common issue that occurs in a multi-domain forest, is that most of the time, not all of your domains contain users that are going to be SIP-enabled. Unfortunately, when User Replicator runs, it tries to connect to all domains in the forest to search for users. This causes the following error:
There's a couple solutions to this issue. First, is you look at KB938290 (http://support.microsoft.com/kb/938290), it says that you can safely ignore the error. This is true, User Replicator will continue to work just fine. Personally, I'm not one to just ignore errors in the event log, so there are 2 ways to get rid of this error. The first would be to run domain prep in the domains listed in the error. This will grant the User Replicator the rights it needs to query AD in that domain. This works great, and a lot of people choose this option. But, some people only want to grant the minimum number of rights possible, so running domain prep isn't an option. For those people, you can configure User Replicator to only search specified domains.
To specify a list of domains to search, you will need to make the change in WMI.
First you need to go to Start > Run > wbemtest
Click Connect
For the namespace, enter: root\cimv2
Click Connect
Next, click on Query.
Enter the above query and click on Apply.
Double-click on the returned value.
Scroll down until you find the "UserDomainList" property.
To edit the properties, click on Edit Property. Click on Not NULL, and enter the new domains that you want to search. In this example, I chose to only search my two child domains, so I entered the following:
"DC=childdomain1,DC=rootdomain,DC=com","DC=childdomain2,DC=rootdomain,DC=com"
When you are done, make sure to click on Save Property and Save Object.
Now the next time that User Replicator runs, it will only search the domains that you specified.
There are a couple of ways to verify if the OCS schema prep completed successfully. The quickest way is to run the following LCSCmd after running the prep schema step:
LCSCmd.exe /forest /action:CheckSchemaPrepState
If the report shows everything as successful, you can feel confident that everything completed properly. But, if you want to go that extra step, you can look in ADSIedit.
In ADSIedit, under the Schema Container, look for the ms-RTC-SIP-SchemaVersion. Opening the properties, look for the "RangeUpper" attribute. Check the list before for the correct value for your environment:
LCS 2005 - 1006
OCS 2007 R1 - 1007
OCS 2007 R2 - 1008
If you see the correct value for your environment, you can be sure that schema prep completed successfully.
I get asked a lot if there's an .adm template for Live Meeting and where to download it. You can download it here: http://support.microsoft.com/kb/948741.
It's actually a KB article that used to track interest in the template, so feel free to download it multiple times! :)
Background
Microsoft headsets and webcams currently launch Windows Live Messenger when the Call button is pressed. The goal of the Call Button Integration Support Update is to enable a Group Policy setting that will change that will launch Microsoft Office Communication using the Windows Live Call button.
Installation Instructions
Use the following .ADM file snippet to set the Group Policy:
CLASS MACHINE
CATEGORY !!MSHW
POLICY !!EnableMOCIntegration
KEYNAME "Software\Policies\Microsoft\Hardware"
EXPLAIN !!EnableMOCIntegrationExplain
VALUENAME "EnableMOCIntegration"
VALUEON NUMERIC 1
VALUEOFF NUMERIC 0
END POLICY
END CATEGORY
[strings]
MSHW="Microsoft Hardware"
EnableMOCIntegration="EnableMOCIntegration"
EnableMOCIntegrationExplain="Enables MOC Integration"
; Online Help Strings
ADM_TITLE="Group Policy settings for Microsoft Hardware"
COMPUTER="Computer Configuration"
COMPUTER_EXPLAIN="Contains settings that may only be used to configure Computers."
SUPPORTEDON="Requirements:"
The entire article can be found here: http://www.microsoft.com/hardware/digitalcommunication/officecommunicator/default.aspx
I had a customer run across this issue recently. When trying to use LCSCmd to configure delegated setup, you would get the following error:
LCSCmd.exe /Domain[:<domain FQDN>] /Action:CreateDelegation /Delegation:SetupAdmin /TrusteeGroup:<name of the universal group that you will delegate to> /TrusteeDomain:<FQDN of the domain where the trustee group resides> /ServiceAccount:<RTC service account name> /ComponentServiceAccount:<RTC component service account name> /ComputerOU:<DN of the OU or container where the computer objects that will run Office Communications Server reside>
Microsoft Office Communications Server 2007 R2 Deployment Command Console
Copyright (c) Microsoft Corporation. All rights reserved.
Missing required argument
/PoolName Specifies the name of the pool.
ERROR (0xC3EC7941): Missing one or more required command line arguments.
Type lcscmd /? for help using this command.
The solution to this issue is an easy one. In order for the command to complete successfully you need to add "/PoolName:" with no value specified.
This question comes up a lot, especially when installing on Windows 2008...What IIS role services do I need to install?
The answer is pretty simple for Windows 2003. You need to only install the following IIS services:
- ASP.NET
- World Wide Web Service
But the answer is a little more complex for Windows 2008. Unfortunately when installing on Windows 2008, you need to configure IIS to run in IIS 6.0 compatibility mode. If you are installing the front-end role, you need to install all of the following IIS services:
- Web Server
- Common HTTP Features
- Static Content
- Default Document
- Directory Browsing
- HTTP Errors
- Application Development
- ASP.NET
- .NET Extensibility
- ISAPI Extensions
- ISAPI Filters
- Health and Diagnostics
- HTTP Logging
- Request Monitor
- Security
- Windows Authentication
- Request Filtering
- Performance
- Static Content Compression
- Management Tools
- IIS Management Console
- IIS 6 Management Compatibility
- IIS 6 Metabase Management Compatibility
- IIS 6 WMI Compatibility
- IIS 6 Scripting Tools
- IIS 6 Management Console
If you are installing the Communicator Web Access (CWA) role, you need to install all of the following IIS services:
- Web Server
- Common HTTP Features
- Static Content
- Default Document
- Directory Browsing
- HTTP Errors
- HTTP Redirection
- Application Development
- ASP.NET
- .NET Extensibility
- ISAPI Extensions
- ISAPI Filters
- Health and Diagnostics
- HTTP Logging
- Logging Tools
- Request Monitor
- Tracing
- Security
- Basic Authentication
- Windows Authentication
- Request Filtering
- Performance
- Static Content Compression
- Management Tools
- IIS Management Console
- IIS Management Scripts and Tools
- IIS Management Compatibility
- IIS 6 Metabase Compatibility
- IIS 6 WMI Compatibility
Take a look at the following TechNet articles for more information:
http://technet.microsoft.com/en-us/library/dd637116(office.13).aspx
http://technet.microsoft.com/en-us/library/dd425175(office.13).aspx
