Tuesday, October 23, 2007

e-office deployed OCS for almost 2500 users


e-office deployed an OCS environment for almost 2500 users worldwide!

The last two days i've been working on a customer deployment of OCS2007RTM and Communicator Web Access 2007. It's a very nice project because it also integrates with Microsoft Office SharePoint Server 2007 EE.


Within a short time period we need to demo OCS and also show the presence states within MOSS2007. The corporate portal also needs automatic sign-in for OCS while the user is logging on to the portal with Windows Integrated Authentication. So this is a very cool project and of course for me because it's an technical adventure ;-)  

For you a short wrap-up how we drill down this project:

1. Make an design document together with your customer to discuss how and who preps the Schema, Forest and corresponding domains. While talking to our customer we only need to prep 1 domain.

2. Make an output document how the customer or yourself can see how the preparation steps need to processed. Make sure this document is present when preps are performed.

3. Demo the steps in ADS (what you see is what you get!). Within the world of a customer it's very difficult to convince them that preparing the Schema is not a very scary procedure. So show it to your customer by making 2 virtuals (1DC and 1OCS Server) and demo the steps by using the LCScmd.exe command line tool.

4. Perform the preps (Schema, Forest and Domain) within a weekend (when it goes wrong you have probably the most time available to restore your AD) hopefully not of course ;-)

5. Deploy your server products. In my case OCS2007Std Edition + Communicator Web Access 2007 and MOC2007.

When installing OCS we had some technical issues but we solved that.

Tip 1.

Case (issue):

When installing OCS with an UNC-space you will get an error: Error 0x80004005 (Unspecified Error) while executing command CScript.exe > See local Temp. Within the logfile you will see an error message: The call to SRSetRestorePoint API failed. And within the OCS Deployment Tool you get an error message: No such interface (0x80004002)


Install OCS from the installation CD. When you copy the contents of the entire CD to a local hard drive it's sometimes can happen that there is a space within the UNC-path. OCS will crash when installing from a local folder when there is a space between the UNC-path. Example d:\install\ocs 2007\setup etc. Make sure it becomes: d:\install\ocs2007\setup.

Tip 2.

Case (issue):

When installing OCS makes sure that your online Certification Authority is available. Before installing and assigning certificates make sure the CA Administrator is available for issuing your CA request. Otherwise it will cost lots of time and money. An Enterprise Root Certification Authority is the recommended configuration. My opinion is that this is true but third party certificates also work within OCS. You need to make sure that while requesting a certificate also the private key can be exported. OCS needs certificates which contain the private key.



Carlos said...


I am studying OCS2007 for future implementations in projects of my enterprise.
At the moment I have installed OCS2007 Standard Edition plus Office Communicator in a pair of terminals together with Office Live Meeting 2007.

By now I am stuck in a pair of issues. First I am working in deploying the Communicator Web Access but I cannot find any info about creating the MTLS and HTTP certificates in my certification authority.

Secondly I am having problems connected to the Office Live Meeting Service Portal, which returns a Server error when accessing the portal.

Any recommendations?
Good luck with your project!

Joachim Farla (MCSE2003) said...

Hi Carlos,

tenx for your question. For CWA you need two separate certificates.

1 certificate for offloading your CWA Login Page (HTTPS) and 1 certificate for server to server encryption (MTLS - Mutual Transport Layer Security. This the server to server communication between the CWA server and the Standard of Enterprise Pool. To get it work while working with public certificates request your SSL certificate from you're IIS installation on the CWA server (IIS is a basic component of you CWA installation) make sure the private key is exported before sending the request file to you're CA provider (authority). When you are using an internal CA authority, request the certificate through the CWA deployment UI. Make sure this certificate is also exported with the private key.

You're second question is not very clear for me. Can you give me more information? -Joachim