Sunday, December 21, 2008

Microsoft Office Communications Server 2007 R2 install/removal


I recently attempted to remove RC code from a semi-production server this weekend and noticed I was getting errors from the 'Web Components' and 'Core' installation bits. The errors indicated there was a permission issue which wasn't much help.

Eventually I figured out that UAC in Windows 2008 was preventing me from removing OCS and I quickly turned it off on all my servers. This raised another issue though....

When attempting to install and activate the various OCS R2 components afterward I noticed the pre-requisite checker had indicated items such as 'Prepare Active Directory' where listed as 'Complete' however no checkmark appeared next to the words like it normally does. It was also greyed out.

The fix took a few minutes to figure out but at the root of this issue is the fact that the OCS setup page is an HTA (application) and Microsoft's Internet Explorer Enhanced Security was getting in the way. After disabling this feature I was able to continue installing the RTM code for OCS R2 :)

Hope this helps someone else out there!



Monday, November 10, 2008

You can't call UM users on a different dial plan --NOT!

Well its been a few weeks of troubleshooting and help from Microsoft PSS but I think I've finally figured out how UM handles calls on both DTMF and voice activated auto attendants.

Our client's setup is a MITEL 3300 which is connected to both OCS and Exchange UM using two distinct paths. All inbound calls are supposed to route to the Exchange server which has a simple auto attendant set up to direct calls off to extensions local and remote to the MITEL as well as OCS. Since we were concerned about a single T1 between the voice gateway and the MITEL being used up for both OCS calls and auto attendant calls, a SIP trunk was created.

We quickly had an issue with voice activated dialing where you would say the person's name but the call would go directly to voice mail. A SIP trace from Exchange UM revealed ZERO packets leaving the server. This was quite odd since keying in the DTMF codes for the extension worked fine. The calls to Microsoft were originally met with "you can't call between dial plans" to which I responded......"um, WHAT???". If you could imagine a fully deployed UM environment with multiple geographic locations all with different dial plans (for language purposes) on the same is on....

The fix was simple but finding out how UM initiates a voice activated call wasn't. Since a SIP trace wasn't possible, it was up to Microsoft to provide some insight. Even with the help from Microsoft it wasn't until we dug around testing various accounts that I noticed some of them produced different results.

After opening my own test account I noticed the General tab of my account properties didn't have a "telephone" number was blank. I entered my extension number and it worked the first time! I had made a grave mistake assuming the UM server was pulling my TEL URI field from OCS on the name match when I used the auto attendant. As a matter of fact the UM server explicitly uses this field for calling the user.

Now that we have that one fixed we're off to deploying phones and finishing the call tree for UM!

Wednesday, October 22, 2008

Tanjay phone firmware -version 2009

Just a quick update on what's coming with the new Tanjay phones:
  • Full integration with the PC via USB (existing port)
  • When a call is made on the Tanjay, the MOC client will also show that you're in a call. Call control from the MOC client affects the Tanjay and vice versa. This means that if you put a call on hold with the PC, it will do the same for the phone. Also when you lock/unlock your PC, the Tanjay does as well.
  • Redial!!! We now have a redial button on the screen.......finally!
  • The icons for the contacts show you quickly which type of call (PSTN or Communicator) that will be made if you click to call via the touch screen. This was a big complaint for many people who expected to to a PC call by clicking and assuming the phone would be "intelligent" enough to make sure the call went out via the cheapest method possible.
  • ...and much more to come!

Monday, October 20, 2008

Office Communications Server 2007 R2: Communicator Attendant

The following video demonstrates the new Communicator Attendant feature in OCS 2007 R2. The video shows how the new console will allow call queuing and handling of many incoming phone calls from both internal and PSTN-based users.

What I find most impressive is how they've thought of every angle in terms of how the caller and callee know about where the call is going and where it came from. By adding presence information, Microsoft has improved the overall experience for the person handling the call.

Video provided by Microsoft. More available at

Thursday, October 16, 2008

Microsoft Office Communications Server 2007 R2

Well it has been publicly released.....well maybe not yet....but Microsoft has given us a glimpse into the next version of their next version of OCS 2007.

Highlights of OCS 2007 R2:
  • All server roles will be based on 64-bit code meaning you will be able to scale to more users and more roles per server with less hardware.
  • Conference bridge capability! This will allow an internal or remote user to call an OCS conference bridge resulting in a substantial cost savings. To expand on this more, Microsoft has done a fantastic job of making the experience easy to use and seamless to the end user.
  • A new version of the MOC client will allow application (and desktop) sharing which is similar to MSN Messenger today. This is a welcome feature as the previous version required you to install the Live Meeting 2007 client to share apps/etc.
  • Support for Mac/Linux via web interface
  • A completely new feature is the ability to set up and participate in "Persistent Group Chat" sessions. These seem somewhat similar to IRC-style chat sessions where you can invite others and collaborate in a persistent real-time chat environment. This could be perfect for those "SWAT" teams that get called together in critical situations to solve a production issue (both IT and non-IT staff). The chat sessions are searchable and can be filtered as well.
  • For those people who manage incoming calls such as administrative assistants a new "Attendant Console" gives the power of call routing, managing conferences, and setting up workflows for high volume call environments.
  • Direct "SIP Trunking" is a long awaited feature which eliminates the need for a physical voice gateway. In my blog I talk about using a similar SIP trunk connection for my software PBX and OCS but this is officially supported now. Apparently there won't be a method for authentication so the SIP trunks would typically be for organizations who have a dedicated MPLS link to a telco. This opens up new possibilities for branch survivability in that you could route traffic through an ISP in case a site VPN link went down.
  • A long awaited feature is the ability to define "hunt groups" and set basic call routing features for a collection of users. This is called a "Response Group" in OCS 2007 R2. This feature is similar in nature to an ACD in a legacy PBX. Basic features should include Music on Hold, ring-no-answer to voice mail (Exchange UM/etc), and call routing/escalation. I've heard they have included the same Microsoft Speech Server engine in Exchange UM into OCS R2.
  • If you're a Nokia, Motorola, or Blackberry user you may now be in luck when it comes to the Office Communicator Mobile client. Support for these phone manufacturers is coming with a new "single number reach" feature. More on this to come...

So that's it for now....there is even more to come but I can't say much other than this!



Moving the OCS database

I couldn't have written it any better:

Tuesday, October 7, 2008

And now for something completely different....

I've enjoyed listening to Metallica for many years now but stopped some time after high school (in 1992). I wasn't alone and most of my friends agreed the new self titled album was rubbish....well most of it was. The next decade was dissapointment over and over again until only just recently.

Fast forward to the fall of 2008 and the guys from Metallica along with Rick Rubin have put together a masterpiece. Death Magnetic is as close to the 'real' Metallica we've all grown to love.

Maybe it was the death of the hair metal bands of the late 80's and early 90's that caused them to re-think their format but someone smarter than me knows for sure. All I know today is that this latest album freakin' rocks.

So far my favorite track has to be All Nightmare Long.

Saturday, September 20, 2008

OCS Update Server

Just a quick post about quick links for using the OCS update server (i always forget them):

Management Console:

The Management Console is used for posting updates to phones such as the Tanjay and RoundTable.

UC Update Server Site:

This site can be used to check logs of test devices defined on the Management Console link (above).

OCS document for deploying Update Server: &

Well its about time I wrote about my experiences with as a software based PBX and as an online SIP provider.

First off, I can't say enough about the support from pbxnsip so far! I was new to the VoIP world when I started investigating options for my lab environment where I wanted to build out something more than an IM and web conferencing solution. After working through many of the issues with my OCS Edge servers, I finally had an environment I could prove out all my scenarios and began looking for a software PBX.

Going back some time though, I had started with the "3CX" free PBX software as it seemed to have some ability to talk to things like Exchange 2007 Unified Messaging (even though you needed to buy a license to get it to work). My trouble soon began when I tried making outbound calls and realized 3CX couldn't handle e.164 phone numbers prefixed with a plus sign "+". I posted my concerns along with others on the forum and wasn't able to get much assistance other than a few pointed questions as to why we would want to implement OCS and digs on how Microsoft's SIP implementation is non-standard, etc. etc.

Somewhere along the way I found a post about pbxnsip and their work with Microsoft Office Communications Server. I quickly checked the compatibility guide for IP-PBX's and noticed they were already listed on the Exchange 2007 UM site:

So this was good news!

Even though they're not on the tekVizion list of certified PBX's for OCS --yet, this was a viable option. Thanks as well to their wiki page on the subject:

So this is what I needed to get all the software bits in place, now it was time to find a SIP trunk provider. I asked around and did some digging online and found which I think is based in Miami, FL, USA. They were able to provide me a DID based in Edmonton, Alberta, Canada and their rates were decent. So far I've been happy with their service even though the odd time I call my DID I get a busy signal....but not to bad for a lab environment.

For those of you who are looking for an alternative to, check out as they seem to have slightly better prices and have a more "trusting" web presence.


SNOM OCS Edition...

SNOM OCS Edition firmware (Contact

I recently purchased two SNOM VoIP phones, a 320 dual line display and a 370 hi-res LCD unit. My goal is to connect them in various configurations to my software based PBX solution (pbxnsip) and my Microsoft Office Communications Server 2007 lab environment.

Tim Koehler of SNOM in Germay was kind enough to respond to my request for their latest firmware which supports OCS. The firmware update allows registration, SRTP, and directory lookup from Active Directory along with basic presence information.

Both phones use similar firmware and support the same basic features:

  • Create a call from OCS to SNOM or SNOM to OCS
  • Call transfer (attended/unattended/blind)
  • Hold/Unhold
  • TLS Encryption
  • Basic Presence (in a call/available)

The instructions on how to configure the phones are quite good however they are missing one or two steps (

Step 4 shows the setting "Register HTTP Contact:" as "Off" however the instructions don't specifically indicate to make this setting. My firmware on both phones had this set to "On" which resulted in an error when registering "Invalid Contact Information".

Also, when the phone attempted to register using the IP or FQDN as suggested (i.e.;transport=tls), it would fail with the error "Registration Failed". When searching event viewer logs on the OCS server I found several error messages such as:

A significant number of invalid certificates have been provided by remote IP
address when attempting to establish an MTLS peer. There have been
10 such failures in the last 20 minutes.
Certificate Names associated with
this peer were
snom VoIP Phone
The serial number of this certificate
The issuer of this certificate is snom VoIP Phone
The specific
failure types and their counts are identified below.
Instance count - Failure
10 800B0109

So for some reason the phone is attempting to use MTLS to connect to the OCS server. To resolve this I created a new inbound connection object on my front-end server. I set it to use the same IP, port 5066, and TLS as the transport. I then configured the registration parameter in the phone to: ";transport=tls" and it worked!

So now the phones can be registered with OCS. I can call back and forth between MOC, Tanjay, and SNOM without issue.

In order for presence information to be conveyed I had to set the "Report Machine State" value to "On". Now when I pick up the handset the presence shows "In a call".

This solution isn't without significant issues though and deploying these units as is would be impossible in just about every environment.

So here are the current issues:

1. When I call in from the PSTN my DID goes to my Exchange UM server where the Auto Attendant picks up the call. I type in the extension of my now-signed-in SNOM phone (+8021) and it rings! I pick up the phone and NO AUDIO comes through.

I can call from OCS to OCS (SNOM) and it works great.
I can call from OCS (SNOM) to OCS and it works great.
I can call from OCS to my Exchange UM AA and transfer to the OCS (SNOM) and it works great.
I can call from OCS (SNOM) to PSTN and it works great.

!!UPDATE!! You need to change the dial plan in Exchange UM to "SIP Secured" for this to work.

2. When I place a call on hold using the OCS (SNOM) unit, the other party shows the call being held. When I pick up the call again it drops the call. I've tried this many different ways and think this is a genuine bug.

!!UPDATE!! This appears to be resolved with the above fix ("SIP Secured" setting).

3. When I try to call my Exchange UM AA from my OCS (SNOM) unit, I get an error "unsupported media type" on the phone and Exchange produces an error:

'The SDP media description received from the remote SIP peer could not
be parsed.'

!!UPDATE!! You need to change the dial plan in Exchange UM to "SIP Secured" for this to work. Also, change the "RTP Encryption" setting to "off" in the user registration, RTP settings.

4. I'm not 100% sure how to bring up the directory but I've found that hitting the "0" key once or twice usually works. I've programmed the Directory button to do this for me so I suppose its working

That's all I have for now...I'll post again as I find out more.


Tuesday, August 26, 2008

Wild goose chase with Windows 2008

So I'm trying to add a Windows 2008 DC which has been a domain member for a few months and I keep getting the error:

Missing DNS SRV record "_ldap._tcp.dc.domainname"

I searched for it in DNS and even ran an NSLOOKUP....which lead me to my discovery....

My NSLOOKUP was defaulting to a server called "::1". After changing it in the command line I noticed I was able to find the SRV record. As it turns out IPv6 is enabled and set to "automatically obtain address". This causes the primary client DNS to be "::1" if you don't have IPv6 set up in your network.

By unchecking IPv6 in the network properties the IPv4 DNS IP's took affect and POW!!! It worked.

I chased this one down and ran in circles for a while before figuring it out. :S

Tuesday, August 12, 2008

Microsoft Office Communications Server 2007 R2

...still waiting for the OCS R2 beta. Lots of great things to come. Can't say much other than I like what I hear so far....

Stay tuned!

Friday, July 11, 2008

Building your own OCS lab with a SIP trunk :)

I've been working late nights and weekends getting a proof of concept lab environment up and running with OCS.

My lab setup is as follows:

1 DID from
1 VM running
1 VM running OCS Mediation Server
1 VM running OCS Enterprise /w collocated Archiving server
1 VM running SQL Server 2005 Standard
1 VM running Exchange 2007 with all roles including UM

My goals were as follows:
  • Call out using the OCS client to a local or long distance number through the software PBX and out through inphonex.
  • Be able to call into my DID and have the Exchange 2007 auto attendent answer and transfer the call to my OCS client.
  • Call my Exchange mailbox from a land line through the inphonex/pbxnsip/ocs infrastructure.
  • Perform dual ring, call forward, and conference calls using the OCS client as the softphone.

So far I've accomplished all my goals with this software. Everything runs great on the few VM's and I'm very happy with pbxnsip so far!

Monday, April 28, 2008

Configure Mac OSX wi-fi for PEAP


For those of you who have tried to get your Mac OS to connect to a wi-fi network using PEAP I've included step-by-step instructions on how to do so...

  • Open System Preferences then Network
  • Click the Advanced button then click the 802.1x tab
  • Make sure 802.1x login is enabled and click the enable button if it isn't
  • Click the drop-down list box to reveal your wireless network then click the PEAP checkbox
  • Click the AirPort tab then the + sign
  • Type the Network Name (SSID) and choose 802.1x WEP as the security method
  • Type your domain user name and password (if using a domain password) in the format of "DOMAIN\Username"
  • Leave the 802.1x list box at Automatic and click OK


Jason Shave

Thursday, April 10, 2008

Symantec Endpoint Protection (SEP) -clients disconnect from server


Yesterday I spent an agonizing 4 hours on the phone with Symantec. I followed up with another 2 hours today with a resolution to my issue.

The issue was that SEP clients would receive updates from the server at first install but then disconnect a few seconds later. No LiveUpdtes or "Policy" updates would be delivered to the clients and every attempt to make them connect failed.

One of the symptoms was when you open the SEP client and click troubleshooting, it would show the server as "offline". Another was when you view the system log it would display a message saying "disconnected from server".

To resolve this, the Symantec support technican suggested a re-install of SEP 11. I had originally installed the first release then updated to MR1 with no luck but he suggested I set the database password to only 2 characters.

PRESTO!!! It worked.....

For clients already deployed I had to run the command: "smc -stop" then copy in a new SyLink.xml file overwriting the original. Then a "smc -start command to get things rolling again...

MR2 is due for release any day now and I hope they have this as a fix. Having a 2 character database password is an obvious concern.

Anyway, hope this helps some of you out there!



Wednesday, March 19, 2008

Outlook 2007 clients complain about certificate on Exchange 2007

When you replace your built-in certificate on Microsoft Exchange Server 2007 (CAS role), your Outlook 2007 clients will produce a certificate warning message.

This is because the certificate doesn't match the name in the Exchange Server's CAS config...

The following Microsoft article describes this issue in detail and the steps to resolve it:


You can type them in as follows:

Set-ClientAccessServer -Identity CAS_Server_Name -AutodiscoverServiceInternalUri

Set-WebServicesVirtualDirectory -Identity "CAS_Server_Name\EWS (Default Web Site)" -InternalUrl

Set-OABVirtualDirectory -Identity "CAS_Server_name\oab (Default Web Site)" -InternalUrl

Set-UMVirtualDirectory -Identity "CAS_Server_Name\unifiedmessaging (Default Web Site)" -InternalUrl


Sunday, March 9, 2008

Windows Server 2008 GPO settings on 2003/XP


I was testing out the new feature of mapping drive letters and setting environment variables with Windows Server 2008 GPO's and found the following items are required for this to work on Windows Server 2003 and XP systems:

Windows Server 2003 Client Side Extensions for Windows Server 2003:

Windows XP Client Side Extensions for Windows XP:

NOTE: These updates can be integrated in to Windows source files by specifying the executable name with a /integrate: switch. You can also silently install the package using the /quiet mode setup switch.

...and here is a brilliant post on more detail:


p.s. I wish they made an MSI :(

Your first Windows Server 2008 domain controller

Well now that we have the RTM release of Windows Server 2008 in all its glory, its time to sit down and figure out the quirks...

After the setup of standard edition completed I wanted to make the system a domain controller.
First off, be sure to set a static IP for your IPv4 protocol. Once you're done this you will see a notification that some adaptors are still using DHCP. But wait, I set a static IP already?? You can safely ignore this message and continue since IPv6 is now enabled by default and is configured to obtain an address automatically!

Install the Active Directory Domain Services role through Server Manager. Once complete, expand the Roles section of Server Manager and select Active Directory Domain Services. You will notice a link indicating you need to make the server a Domain Controller by running dcpromo.exe. But first....

Load the ISO or Windows Server 2008 CD on an existing Windows Server 2003 system. Open a command prompt and type the following two commands one after the other:

\sources\adprep\adprep.exe /forstPrep

\sources\adprep\adprep.exe /domainPrep

The first command will take some time to run as it updates the AD Schema so you can add your Windows Server 2008 DC.

Next, Begin your DCPROMO.EXE process on the Windows Server 2008 system. During the
process you may see the following message:

A delegation for this DNS server cannot be created because the authoritative parent zone cannot be found or it does not run Windows DNS server. If you are integrating with an existing DNS infrastructure, you should manually create a delegation to this DNS server in the parent zone to ensure reliable name resolution from outside the domain Otherwise, no action is required.

Now I've had my domain set up for quite some time and I feel I completely understand DNS and how it works. The above warning message doesn't make much sense to me so if any of you know, please post away! The rest of the setup should complete without issue and presto! You now have a Win2k8 DC!


Friday, February 15, 2008

Installing Windows Server 2008 Roles on a Core install


Just a quick post on how to install the various roles on a Windows Server 2008 core installation:

Installing the server roles:
  • start /w ocsetup DHCPServerCore
  • start /w ocsetup FRS-Infrastructure
  • start /w ocsetup DFSN-Server
  • start /w ocsetup DFSR-Infrastructure-ServerEdition
  • start /w ocsetup DNS-Server-Core-Role

Installing NFS Services:

  • start /w ocsetup ServerForNFS-Base and then start /w ocsetup ClientForNFS-Base

Installing Single Instance Storage:

  • start /w ocsetup SIS

Installing the Active Directory server role:
Active Directory has to be installed by using an Unattended Answer file. This is because it requires certain settings to be set up during the install.

  • Dcpromo /unattend:Unattendfile

Configure a Windows Server 2008 Core Installation

I've been searching the internet for some time looking for information about how to configure Windows Server 2008 basic features. I've run into a few snags though and felt it was time to write about a difinitive guide to configuring a Windows core installation from scratch.

First off, the Windows Server 2008 core installation is a long awaited type of installation offered by Microsoft's new operating system which allows for a very streamlined and low footprint installation of the server OS. With reduced hardware requirements and setup time, this Windows OS installation is an excellent fit for hardware virtualized environments such as VMWare or Virtual Server from Microsoft.

The first thing you need to know is that the server core installation is configure with Windows Firewall turned on and DHCP set to grab an IP automatically. We need to disable this in order to remotely manage the system among other things.

  • netsh firewall set opmode disable

This will allow you to remotely run tools such as DHCP or DNS administrator so you can create scopes or zones, etc.


  • netsh int ipv4 show int
  • netsh int ipv4 set address name="Local Area Connection" source=static address= mask= gateway=

This will list the interfaces available so you can find the "name" which we use in the second statement that sets the IP address, subnet mask, and default gateway.


  • netdom renamecomputer %computername% /NewName:


  • netdom join %computername% /domain: /userd:\username> /password:

For even more great commands scroll to the end of this excellent Microsoft article:


Jason Shave