Thursday, January 22, 2009

Communcator Web Access (error 0-1-492)

I recently had the pleasure of working with a senior Microsoft escalation engineer who helped us resolve this error message and thought it would be helpful to share my experiences with how it was resolved.

Apparently there is a bug with CWA and Windows 2008 where the Service Principal Name (SPN) isn't created for the FQDN of your CWA site. The result is the following error when you attempt to sign in with integrated Windows authentication:

Cannot sign in because your computer clock is not set correctly or your
account is invalid (error code: 0-1-492)

When I created our 'internal' and 'external' CWA web sites on our web server I set up two IP addresses so that each site could have a unique IP with the same certificate bound to it. We use the same FQDN for both the internal and external CWA site (i.e. ISA Server 2006 is used to direct external clients to the IP bound to the external CWA site and vice versa. The key difference is that the internal site uses both forms-based authentication as well as Windows authentication.

The Windows authentication site will fail with the error if your site is running on Windows 2008 Server while the other site will work just fine. We limped along for a while by setting the IP address of the internal site to be the external site until this fix came along.


You need to add an SPN matching the FQDN of your internal site ( to the user account you assigned in AD for CWA.

  1. Open ADSIEDIT and navigate to the OU where your CWA service account is stored.
  2. Locate the CWA service account (mine is called 'CWAService') and right-click then choose Properties.
  3. Turn on the checkbox to 'Show only attributes that have values' and scroll down to an entry called 'servicePrincipalName'.
  4. Click the Edit button.
  5. Type in the SPN using the following format (http/). For example, if your site is called "" then type in "http/". NOTE: Do NOT type http://.
  6. Click OK and you're done!

Depending on your topology and the location if your web server to a DC, replication may need to occur.


Wednesday, January 21, 2009

Exchange Voice Mail for iPhone users

A great co-worker of mine found this PowerShell command which allows you to change the codec for voicemail on each user rather than the entire dial plan.

set-UMMailbox useralias -CallAnsweringAudioCodec GSM/PCM/WMA

I haven't tested which codec works for sure (yet) but I seem to recall GSM does and its a nice manageable size.


Saturday, January 17, 2009

Removing the plus "+" sign from a SIP INVITE in OCS R2

Recently I was asked to help get our Cisco Call Manager environment connected to our OCS environment since we have both Cisco and Microsoft phones in the company and we wanted to have 4digit dialing between the two environments.

Well now that OCS R2 has the ability to remove the + sign from outgoing SIP INVITE commands via WMI, I thought I would share with you the process for making this happen.

  1. Click on the START menu and click Run
  2. Type 'wbemtest' and click OK
  3. Click the Connect button and make sure it says 'root\cimv2' then click Connect
  4. Click the Enum Classes button and click OK (don't type in anything into the text box)
  5. Scroll down until you see 'MSFT_SIPMediationServerConfigSetting' then double-click it
  6. Click the Instances button then double-click the single object (this looks very similar to the previous screen)
  7. Scroll down to the bottom and double-click on 'RemovePlusFromRequestURI'
  8. Type in 'TRUE' and click Save Property
  9. Click the Save Object button then the Close button
  10. Restart your Mediation Server service

Now when you make outbound calls you can trace the SIP messages and should see your e.164 numbers without a + sign.