Friday, August 28, 2009

Whitepaper on Deploying Certificates in OCS 2007 and OCS 2007 R2

One of the areas where the learning curve for OCS has been very steep is in the area of certificates. This has partly been due to lack of a single coherent OCS related certificate documentation and the fact that using certificates with SSL and TLS are two different species.

Rick Kingslan, with the help of a series of excellent people, has now created a whitepaper called “Deploying Certificates in Office Communications Server 2007 and Office Communications Server 2007 R2”. This whitepaper includes links to learning resources for the basics of certificates/PKI, but more importantly very specific OCS 2007 / R2 deployment information (and command lines) and it is certainly worth a read (95 pages of good technical info).

Friday, August 21, 2009

Should I try a VoIP call using this (Wireless/Hotel?) network ?

The OCS 2007 R2 Reskit provides a Pre-Call Network Diagnostic Tool that can be used for both continuous monitoring from e.g. a machine that has recurring voice quality problems or just as a one time check of that home/hotel/conference wireless network before making a call.

After installation of the OCS 2007 R2 ResKit tool go to %ProgramFiles%\Microsoft Office Communications Server 2007 R2\Reskit\PreCallDiagTool and launch PCDSetup.exe (Or copy the directory to a shared network drive).

UPDATEd Find 32 bit version here and 64 bit version here.

The tool willl require .NET Framework 3.5 Sp1 and will prompt the user to install it.

After installation start PreCallDiagnostics with elevated privileges (note - this may only be required the first time) and insert your SIP URI.


Note that the tool can be started on Windows startup and that it does keep a log over time of network connection quality.

After restarting click “Start media network monitoring” and you will see this screen (After collecting data for a while)


After tool has established connectivity with your R2 Media Relay server it will display 1-4 “bars” of quality in the main window.

It will give you important information like the Network MOS, Packet Loss Rate and not least Jitter and will continue monitoring until stopped. It uses very little bandwidth (approx 5 kbps) and CPU resources.

This is a nice little troubleshooting tool both for personal use and for use at customers where a Monitoring server isn’t readily available.

Thursday, August 20, 2009

R2 Edge Servers on WS08 and Update Root Certificates issue

We have encountered an issue with R2 Edge and the Windows Server 2008 feature called “Update Root Certificates feature” which is enabled by default (and apparently not used by R2). Below is a detailed description of the problem provided by my colleague Lars Sørensen from Inceptio A/S.

First a little update on on the “Update Root Certificates feature” in Windows Server 2008

The feature is designed to automatically check the list of trusted authorities on the Windows Update Web site when this check is needed by an application on the server. Specifically, if the application is presented with a certificate issued by a certification authority in a PKI that is not directly trusted, the Update Root Certificates feature will contact the Windows Update Web site to see if Microsoft has added the certificate of the root CA to its list of trusted root certificates. If the CA has been added to the Microsoft list of trusted authorities, its certificate will automatically be added to the set of trusted root certificates on the server.

Why am I telling you this, well recently I did an Office Communications Server 2007 R2 implementation with the Edge role. The certificates on the external interfaces on the Edge server is from Digicert, which are member of the Microsoft root certificate program KB931125.

Everything is working fine, except for federation. So I did a little troubleshooting and found out that the reason for the federation not working was a certificate issue, not on the customer installation, but on the federated partners Edge server. In this case our own Edge server. In the Event Log I found the following errors :

clip_image002 clip_image004

So I checked the Certificate Store on our Edge server and could conclude that the root certificate for Digicert wasn’t there. I downloaded and installed the root certificate from and tested the federation again, and the federation between the customer Edge server and our Edge server was now working as expected.

So why wasn’t the root certificate for Digicert downloaded by the “Update Root Certificates feature”. So I deleted the root certificate from Digicert from our Edge server and did a test from This is a link where you can test the browser for the root certificate.


When doing this test the following appears in the Event Log as expected.

clip_image008 clip_image010

This confirms that the Update Root Certificates feature has downloaded and installed the Digicert root certificate from Windows Update. To make sure that the Digicert certificate I used on the customers edge server,  was working correctly, I created a web site and assigned the Digicert certificate to that web site. Created a host entry on our own Edge server, that pointed to that website, and then tried to access this web site to see if the root certificate for Digicert was downloaded, and it was.

So far my conclusion is, it seems that the Office Communications Server 2007 R2 Edge role doesn’t trigger the Update Root Certificates feature to download the root certificate.

All testing has been done on Windows Server 2008 SP2 and fully updated from Windows Update, and OCS 2007 R2 also fully updated from Windows Update. I don’t know if the problem also occur on Windows Server 2003.

If anyone has seen similar issues please leave your comments here.

Updates to Communicator Mobile available

Just in case you haven’t seen then there is a new update for Communicator Mobile that include some nice new features (Including support for WM 6.5).

Furthermore there is now support not logging on when using roaming networks(Which is nice when you’re in the US and Roaming data costs 12$/MB !!).

 image image

Find the update at (Directly from your mobile) at the Download Center and/or read more about the feautres at the Communicator team blog Communicator Mobile Just Got Better.

Tandberg / OCS integration suddenly not working?

Just a quick note. If you have problems with your Tandberg not working then it may be caused by security update in KB968389. This update provides a new feature called “Extended Protection for Authentication” and when installed (and enabled) it breaks Tandberg functionality.

Current “solution” is to disable the Extended Protection for Authentication, but I will get back with an updated/elaborated posting if a solution is found.

Tuesday, August 18, 2009

Microsoft Exchange 2010 RC RTW’ed

and the link is now working ;-) There are a lot of interesting features in this product. I especially like the enhanced OCS integration (Including those Outlook 2010 introduces) and of course the language support (Now supporting Danish).

Anyway here is the link for the download !

Sunday, August 16, 2009

OCS 2007 R2 Web Scheduler RTW’ed

The OCS 2007 R2 Web Scheduler that was originally going to be part of the R2 ResKit has now been Released To Web and can be found here.

This is good news for those of us who are running 64-bit Office 2010 as the Live Meeting add-in doesn’t support 64-bit yet :-|

Here’s a snippet from the download page -

Web Scheduler is a 64-bit tool for Microsoft Office Communications Server 2007 R2. It provides a Web-based alternative to the add-in for the Microsoft Outlook messaging and collaboration client for the purpose of scheduling a meeting using Office Communications Server 2007 R2. It also provides a browser-based conference management experience that includes operations such as:

  • Scheduling a new Live Meeting conference or conference call.
  • Viewing and modifying details of an existing conference.
  • Listing all existing user schedules of a Microsoft Office conference.
  • Deleting an existing conference.
  • Sending an e-mail invitation to conference participants by using a configured SMTP mail server.
  • Joining an existing conference.

Happy installing !