Rui Silva - UCspotting

I recently had to upgrade 2 LG-Nortel IP Phone 8540 (aka Tanjay or OCPE) to the latest firmware available: Microsoft Office Communicator 2007 Phone Edition v1.0.522.101.

The device was running version 1.0.199 (1.23) of the software which was still a Beta version and had, of course, some annoying bugs.

So, how do you upgrade one of these babies? You use Microsoft Office Communications Server 2007 Software Update Service, a kind of WSUS specific for UC devices. I'm not going into details about deploying this service, for that please read Microsoft Office Communications Server 2007 Software Update Service Deployment Guide.

After you setup the OCS Update Service, you just need to turn on the device, sign-in and hopefully the device will automatically upgrade (there are a couple of additional steps, like preparing the infrastructure and approving the update, but let's keep it simple for now).

To sign-in, you must provide 3 things:

• SIP Address (user@domain.com)
• User name (DOMAIN\User)
• Password

My problems started here, I couldn't even sign-in, because the device didn't accept the certificate that was issued with my private Enterprise CA (BTW, using private certificates is 100% supported, as long as you publish the Root CA in Active Directory. I blogged about it recently and Jens Trier Rasmussen also has a great post about the subject).

The error message was "Cannot validate server certificate".

Let the troubleshooting begin:

1. Review Communicator Phone Edition Deployment Guide: CHECK!
2. Troubleshoot OCS Update Service: CHECK!
3. Anonymous FTP to the device and download system.clg1: CHECK!

What else could I do? I was about to send the devices to LG Nortel when I tried a different approach: changing the format of the user name at the sign-in window. Do you know what? IT WORKED!

The Solution:

If you have Beta Tanjay devices running version 1.0.199 of Communicator Phone Edition and don't seem to get it working, try to change the user name to one of these formats:

• user@domain.com
• domain.com\user

as opposed of using DOMAIN\user.

I'm now running version 1.0.522.101 that besides some bug fixes, it also supports R2!

Every OCS deployment needs the appropriate clients rolled out to the users. There are 3 client programs that almost every OCS solution must have:

• Office Communicator 2007
• Live Meeting 2007
• Office Communicator Mobile 2007

Since there has been some upgrades and patches to the RTM versions of these programs, I thought I could provide the latest download links to them.

Office Communicator 2007 (v2.0.6362.97)

This program is not free, so first of all you should download it from Microsoft Volume Licensing Services site (assuming you have a volume license agreement).

Next, you should apply the October 2008 hotfix, which will fix some issues (this update is needed in order to interoperate with OCS 2007 R2).

Live Meeting 2007 (v8.0.6362.91)

• Microsoft Office Live Meeting 2007 client - KB957491
• Conferencing Add-in for Microsoft Office Outlook - KB957979

Office Communicator Mobile 2007 (v2.0.467.0)

• Microsoft Office Communicator Mobile (2007 Release) - Communicator Mobile runs on Microsoft Windows Mobile 5.0 or 6.0 software for Pocket PC and smartphone devices.

Microsoft announced this week the next version of Office Communications Server 2007, codename Wave 13, but that will be officially named as Office Communications Server 2007 Release 2 (R2).

New Capabilities on a Strong, Unified Foundation

Key new features of Office Communications Server 2007 R2 include the following:

Next-Generation Collaboration

• Dial-in audioconferencing. Office Communications Server 2007 R2 enables businesses to eliminate costly audioconferencing services with an on-premise audioconferencing bridge that is managed by IT as part of the overall communications infrastructure.
• Desktop sharing. This feature enables users to seamlessly share their desktop, initiate audio communications and collaborate with others outside the organization on PC, Macintosh or Linux platforms through a Web-based interface.
• Persistent group chat. This enables geographically dispersed teams to collaborate with each other by participating in topic-based discussions that persist over time. This application provides users with a list of all available chat rooms and topics, periodically archives discussions in an XML file format that meets compliance regulations, provides tools to search the entire history of discussion on a given topic, and offers filters and alerts to notify someone of new posts or topics on a particular topic.

Enhanced Voice and Mobility

• Attendant console and delegation. This allows receptionists, team secretaries and others to manage calls and conferences on behalf of other users, set up workflows to route calls, and manage higher volumes of incoming communications through a software-based interface.
• Session Initiation Protocol trunking. This feature enables businesses to reduce costs by setting up a direct VoIP connection between an Internet telephony service provider and Office Communicator 2007 without requiring on-premise gateways.
• Response group.A workflow design application manages incoming calls based on user-configured rules (e.g., round-robin, longest idle, simultaneous), providing a simple-to-use basic engine for call treatment, routing and queuing.
• Mobility and single-number reach. This extends Microsoft Office Communicator Mobile functionality to Nokia S40, Motorola RAZR, Blackberry and Windows Mobile platforms, allowing users to communicate using presence, IM and voice as an extension of their PBX from a unified client (Blackberry client does not include Single Number Reach).

New Developer Tools for Business Applications

• APIs and Visual Studio integration. This improves the efficiency of everyday business processes by enabling businesses to build communications-enabled applications and embed communications into business applications.

Other Cool Features

• Music on hold for Attendant and Response Groups.
• Click to call between Communicator and Communicator Phone Edition.
• Expanded presence - now showing unique entries when someone is logged in on the IP phone or Mobile clients exclusively.
• Team Calling: Team-based simultaneous ringing that's configured by users.
• Auto-updates: Administrators can directly push out updates for new versions of Communicator.
• Voice Memos: Sending the call directly to Exchange Unified Messaging.
• A/V Edge requirements: private IP address supported, required ports limited to STUN UDP 3478 and TCP 443.
• High Definition video support (1280 x 720 pixels, 16:9 ratio). Peer to peer sessions will use VGA as the default standard (640 x 480 pixels, 4:3 ratio).

Join Us for Launch

Office Communications Server 2007 R2 will launch in a worldwide online event Feb. 3, 2009. People can register to participate in the launch at http://www.microsoft.com/communicationsserver.

FAQ

Q: What is Microsoft announcing today?
A: We are unveiling OCS 2007 R2, an update to the award-winning OCS 2007. OCS 2007 R2 will deliver a variety of new capabilities including:

• Next-generation collaboration including full-featured audio conferencing to reduce service provider bridge costs and persistent group chat
• New voice features to enhance OCS voice for teams and mobile/remote workers
• New tools to speed business processes by integrating communications within applications

Q: What is Microsoft Office Communications Server 2007 R2?
A: Office Communications Server 2007 R2 delivers streamlined communications for users so they can find and communicate with the right person, right now, from the applications they use most. Without expensive infrastructure and network upgrades, you can deliver streamlined communications, including software-powered VoIP (voice over IP), conferencing, and enterprise instant messaging, while maintaining operational control.

Q: When will Office Communications Server R2 be available?
A: OCS R2 will launch via a worldwide online event on Feb 3, 2009. People can register to participate in the launch at http://www.microsoft.com/communicationsserver/.

• We are seeing tremendous market momentum for Microsoft’s unified communications and collaboration solutions, including Exchange Server, SharePoint Server, and Office Communications Server. Just a year after it launched, OCS 2007 is licensed by more than 50% of Fortune 500 companies.
• The debut of OCS R2 and its new voice features highlights the pace of innovation that is possible with software-powered communications, and it validates that we are on a fast track to a day when software does everything that a network PBX can do, but in a better, more cost effective way.

Q: Is OCS 2007 R2 available in public beta for customers and partners?
A: Due to the compressed development cycle, we don’t have a public beta program for this release. The product will be broadly available for download in February.

Q: Why is this announcement significant?
A: This announcement is significant for two reasons:

1. It is a proof point of the amazing transformation that is happening in enterprise communications. As communications systems, including telephony, move to software, rapid innovation is becoming the norm. OCS 2007 R2, debuting just one year after the launch of OCS 2007, demonstrates this rapid pace of innovation.
2. Seamless communications between offices and employees are imperative for any cutting-edge business to be competitive in today’s global market. Office Communications Server 2007 R2 provides enhanced communications services that allow users to collaborate like never before, offering full-featured audio and video conferencing, enhanced voice capabilities that integrate with existing messaging and telephony structures, and mobile communications technologies that work together to deliver services to remote workers for secure access to important company information.

Related Links

• Microsoft Unveils Microsoft Office Communications Server 2007 Release 2
• European Debut for Microsoft Office Communications Server 2007 Release 2
• OCS 2007 Release 2 details announced today (includes screenshots)
• New Server Roles and Client Features in OCS R2

Videos

• OCS R2 Disclosed at VoiceCon Keynote
• OCS and the new Attendant
• What’s New in Conferencing with Office Communications Server 2007 R2

In my job, I do a lot of UC pilots. Before heading to a potential customer, I usually write a small technical document with the hardware and software requirements.

Over time, I noticed that these pilots are very similar, that's why I decided to write this post. My objective is to list a small Bill of Materials for a UC pilot capable of delivering the following features:

• Enhanced Presence
• Instant Messaging (IM)
• Audio and Video
• Enterprise Voice
• Web Conferencing
• Federation and external access

The image below depicts the reference architecture for a pilot like this:

Finally, here's a table with the recommended Bill of Materials:

The architecture figure shows a single Edge server, because, for simplicity, we use the consolidated edge topology: the Access Edge Server, Web Conferencing Edge Server, and A/V Edge Server are collocated on a single computer.

Since the Edge server is placed on a perimeter network (or DMZ), the firewalls must be configured in order to allow the OCS network traffic. All the required ports are depicted on the next picture (the different Edge roles are shown as separate machines for better understanding, but only one server will be used).

Although Exchange Server 2007 is part of the Microsoft Unified Communications portfolio, it isn't listed here. I intentionally left it out, because usually the Exchange infrastructure is already in place. And after all don't forget, this is just for reference, there isn't such a thing as 2 equal customers with equal business needs.

What are the next steps? The immediate one is to gather the necessary technical information. I strongly recommend the following documents:

• Microsoft Office Communications Server 2007 Technical Overview
• Microsoft Office Communications Server 2007 Standard Edition Deployment Guide
• Microsoft Office Communications Server 2007 Edge Server Deployment Guide
• Microsoft Office Communications Server 2007 Enterprise Voice Planning and Deployment Guide

This pretty much covers the requirements for a successful UC pilot. If you already have all this stuff in place, hey, give me a call and I'll pay you a visit!

Communication between the Communicator Phone Edition and Office Communications Server 2007 is by default encrypted using TLS and SRTP. Therefore the device needs to trust certificates presented by Communications Server 2007 servers. If you're using a well known Public Root CA (see table below), the certificate will automatically be trusted by the device.

If you're using your own private Root CA the device may or may not trust the certificate. Communicator Phone Edition will query AD for objects of category certificationAuthority (CN=Certification Authorities, CN=Public Key Services, CN=Services, CN=Configuration,  DC=<domain>, DC=<tld>). If the query does not return any object or if the objects have empty caCertificate attributes the device will search for AD objects of category pKIEnrollmentService.

If you deployed Windows Certificate Services on a domain member server, that server will probably be already published. If not, to have the Root CA certificate placed in the caCertificate attribute, use the following command:

Jens Trier Rasmussen has a nice blog post about this procedure.

But now imagine that you use a private certificate with a deep certificate path, how would you add the full certificate chain to AD?

I first came up with this problem recently, when I had to use a certificate from Saphety, a Portuguese public Certification Authority. Although Saphety certificates are generally trusted, since they are signed by ValiCert, this particularly long certification path (see figure below) was causing problems when used with Communicator Phone Edition. The symptoms were the same as if the certificate was not trusted.

The solution is to publish the whole certificate chain (both the Root CA and all subordinated CAs) in Active Directory. Here are the detailed steps:

1. Download the full certificate chain (.p7b file) and double click it
2. Expand the file name, select Certificates, right click each certificate on the right pane, select All Tasks and then Export...
   
3. Save each certificate as a .CER file.
   
4. Add the top level CA as a RootCA and all the others as SubCA, using the following commands:
   CertUtil -dsPublish -f www.valicert.com.cer RootCA
   CertUtil -dsPublish -f "RSA Public Root CA v1.cer" SubCA
   CertUtil -dsPublish -f "Saphety CA 01.cer" SubCA
   CertUtil -dsPublish -f "Saphety Server 01.cer" SubCA
   
5. Using ADSIEdit, verify that the objects were added under CN=Certification Authorities (CN=AIA for the Sub CAs), CN=Public Key Services, CN=Services, CN=Configuration,  DC=<domain>, DC=<tld>.
     
   

And that's it. Communicator Phone Edition should now be able to download the certificate from OCS and trust it. For more information, read Microsoft Communicator Phone Edition Deployment Guide.

Unified. Now.

This is the tagline for the Microsoft Unified Communications (UC) offer for FY'09. You may remember other taglines, such as "Unified. Simplified.", which was last year's tagline or "VoIP As You Are", Microsoft's approach to enterprise VoIP.

Each of these taglines represent Microsoft vision for Unified Communications, where presence is the heart of UC and software is the power that leverages complete communications across the applications and devices that people use every day.

As of today, this blog will be dedicated to Microsoft Unified Communications, covering technical aspects of the solution, news and announcements, tools, tips and personal experiences with all the UC products: Office Communications Server, Exchange Server, Office Communicator and Live Meeting.

My name is Rui Silva, I'm a Technology Solution Professional (TSP) - Core UC - at Microsoft and my status is "Available" to contribute for the technical community. Before joining Microsoft I was nominated MVP in Exchange Server for 3 years and I'm also the author of 3 other blogs: http://msmvps.com/blogs/ehlo, http://blogs.msexchange.org/silva and http://ehlo.blogspot.com (Portuguese).

Welcome to my new blog! Feedback is always welcome.