leedesmond’s blog

E-mail messages sent from a Office Communicator 2007 R2-based client to an XMPP client (and vice versa) may end up in an incorrect format. This can be caused by the use of extended alphabets or any double-byte character set (DBCS) language.

To address this issue, apply the update package KB977187 (Xmpptgw.msp 6907.58) on the Microsoft Office Communications Server 2007 R2 eXtensible Messaging and Presence Protocol (XMPP) Gateway. This works on both the Standard and Enterprise Editions.

Technorati tags: LCS/OCS, OCS 2007 R2

No Comments »

Copying a user’s objectSID from the user forest to msRTCSIP-OriginatorSID in the resource forest enables pass-through authentication to MOC for automatic sign-in of the former to the OCS 2007 R2 back-end (hosted in the resource forest).

With this configuration in place, you will no longer be able to sign-in using the password assigned to the user object in the resource forest. This happens whether the latter is disabled or not.

To fix this, undo the copy by clearing the msRTCSIP-OriginatorSID attribute. Doing so will require the user (in the user forest) to provide a sign-in address, user name and password (all from resource forest) everytime s/he intends to consume any OCS 2007 R2 services.

Technorati tags: LCS/OCS, OCS 2007 R2

No Comments »

The “Multiple Forests, Resource Forest”* is one of several supported topologies in Active Directory. This requires the setting up of a separate resource forest hosting enterprise applications - such as Exchange 2007/2010 and OCS 2007 R2 - with disabled user accounts or contacts matching logon-enabled users in the user forests. Changes and impact to the latter are minimal, and account provisioning / management can be automated with tools such as Identity Lifecycle Manager 2007 FP1 (ILM).

If you deploy certificates on OCS 2007 R2 server roles (in the resource forest) from CAs that are not listed in the Trusted Root Certification Authorities on the local machine (in the user forest), the now infamous message is likely to surface and remain unresolved even after the certificate has been added to the correct certificate store.

————————–
Office Communicator
————————–
There was a problem verifying the certificate from the server. Please contact your system administrator.
————————–
OK
————————–

The error may persist even after you specify the IP address of the user’s home (R2 front-end) server. The trick is to enable DNS resolution for the resource forest in the user forest via DNS forwarders or stub zones from where the user is running MOC R2. This enables the sign-in address** (the user account/contact SIP domain) to correctly resolve to the account with matching FQDN in the resource forest. Subsequently, it is business as usual to specify the resource_forest\user_account and password for a successful sign in to OCS 2007 R2.

* multiple forests in a resource forest topology
** user account in the resource forest does not necessarily be disabled (possible security risk)

Reference:
Office Communications Server Resource - User Forest Topology

Technorati tags: LCS/OCS, OCS 2007 R2

No Comments »

At TechEd 2009 Berlin earlier this week, the announcement was made on the official release and General Availability (GA) of Exchange Server 2010. You can watch a replay of the keynote covering the Virtual Launch Experience. You are also invited to pay a visit to the new Exchange product website and Tech Center.

Exchange 2010 Deployment Assistant - a brand new tool designed to simplify the deployment experience with on-premises instructions tailored to the client’s environment that are generated based on answers to a series of questions. The initial version covers upgrading from Exchange 2003 with more to come. Check it out here to learn more.

Did you know …

• Exchange was the first Microsoft product to enable full management capabilities within PowerShell?
• Exchange ActiveSync is the defacto standard in push email and is now licensed by Apple, Google, IBM, Nokia, Cisco - and many others?
• Exchange 2010 is the first e-mail solution to provide Mail Tips that notify users before sending potentially damaging e-mails or simply embarrassing emails?
• because Exchange is built on Active Directory, you can now create a delegated admin model that is aligned with your directory structure?
• Microsoft Research built the speech recognition technology in Exchange 2010 that enables the new Exchange voice mail preview speech-to-text capability?

Technorati tags: Exchange Server, PowerShell

No Comments »

Check out the latest Nov 2009 updates released for the different Office Communications Server 2007 R2 server roles as described in KB968802. This applies to both the Standard and Enterprise Editions.

A very important and welcome addition to assist the patch management process is the “Cumulative Server Update Installer” (ServerUpdateInstaller.exe) delivered as part of this release. Instead of having to determine and manually applying the relevant patches to the various R2 server roles, this tool relieves the administrator from those tedious chores by applying all updates for the appropriate server role in just one click. You can also use this tool on the command line with the switches /silent, /forcereboot and /extractall.

If not already present, you shoud also apply the update* for the Office Communications Server 2007 R2 Back-end Database (KB969834).

Download for the updates (.msp), executable (.exe) and installer (.msi) can be obtained here.

MS09-056: Vulnerabilities in CryptoAPI could allow spoofing
This security bulletin (KB974571) has been updated with a Known Issues section and FIX for OCS 2007 R2/ RTM, LCS 2005 / SP1 and Office Communicator 2007 / 2005. This resolves the incidents marked by logs similar to the following:

The evaluation period for Microsoft Office Communications Server 2007 R2 has expired. Please upgrade from the evaluation version to the full released version of the product.

and/or

The service is shutting down due to an internal error.
Error Code: C3E93C23 (SIPPROXY_E_INVALID_INSTALLATION_DATA)
Cause: Check the previous entries in the event log for the failure reason.

* OCS2009-DBUpgrade.msi

See also:
Updates Resource Center for Office Communications Server 2007 R2 and Clients (link)

Keywords: patch, hotfix, update, rollup package, moc, ocs, r2, lcs

Technorati tags: LCS/OCS, OCS 2007 R2

1 Comment »

Die Anzahl der Anmeldung steigt sich sehr schnell auf. Mit weniger als einem Monat wird der 1. Microsoft Evolution Day am 3. Dez. 2009 (Di.) stattfinden. In Zusammenarbeit mit Digicomp sind Microsoft Most Valuable Professional (MVP), Microsoft Certified Trainer (MCT) und Fachleute dabei, Tips and Tricks von der Praxis rund um den aktuellen Technologien und Neuigkeiten von Windows 7 / Server 2008 R2, Exchange 2010, Office Communications Server 2007 R2, SharePoint 2010 bis Office 2010 mit Ihnen einzutauchen.

Meiner Vortrag auf Englisch ist von 15:00 bis 16:45 Uhr mit dem Thema:

OCS 2007 R2: Deployment, Management and Migration Best Practices

One of the most daunting tasks in building an Office Communications Server 2007 R2 infrastructure is around digital certificates. Deployed extensively throughout for server-to-server and server-to-client communications for authentication and encryption of signaling and media protocols, a thorough understanding of this often misunderstood subject will save you time and lots of frustrations. Part II of this session dives into the administration, deployment and migration best practices from the field with a look at what all this really means to the UC administrator like yourself.

Lassen Sie sich diese Gelegenheit nicht entgehen. Mehr Informationen und Anmeldung finden Sie hier.

Der 1. Microsoft Evolution Day - Powered by MVP and MCT Community, and supported by Digicomp and Swiss IT Pro User Group.

Technorati tags: Community/User Group, Events

No Comments »

Managing public folders in Exchange Server 2007 SP1 still requires the use of PowerShell cmdlets snap-in exposed in the Exchange Management Shell. This practical example illustrates how to resolve common issues around public folder access rights.

Scenario A: Outlook shows public folder as “Access Denied”(you do not have permissions to …)

[PS] C:\Windows\System32>Get-PublicFolderClientPermission -Identity “\folder\sharedItems” | fl

Identity : \folder\sharedItems
User : Default
AccessRights : {FolderVisible}

Identity : \folder\sharedItems
User : Anonymous
AccessRights : {FolderVisible}

Identity : \folder\sharedItems
User : swissitpro.ch/OU1/pic
AccessRights : {CreateItems, EditOwnedItems, EditAllItems, FolderContact, FolderVisible}

Identity : \folder\sharedItems
User : swissitpro.ch/group/it/grpitadmin
AccessRights : {Owner}

Identity : \folder\sharedItems
User : swissitpro.ch/OU1/groupOfPFUsers
AccessRights : {Author}

Removing existing access rights and then assigning the Person-In-Charge (PIC) the Author role with pre-defined access rights solved the problem:

[PS] C:\Windows\System32>Remove-PublicFolderClientPermission -Identity “\folder\sharedItems” -user “pic” -accessrights CreateItems, EditOwnedItems, EditAllItems, FolderContact, FolderVisible

Confirm
Are you sure you want to perform this action?
Removing Public Folder Permission on “\folder\sharedItems” for User “pic”, Access Rights “‘CreateItems’, ‘EditOwnedItems’, ‘EditAllItems’, ‘FolderContact’, ‘FolderVisible’”.
[Y] Yes  [A] Yes to All  [N] No  [L] No to All  [S] Suspend  [?] Help
(default is “Y”): y

[PS] C:\Windows\System32>Add-PublicFolderClientPermission -Identity “\folder\sharedItems” -AccessRights author -User “pic”

Identity                   User                       AccessRights
——–                   —-                       ————
\folder\sharedItems       swissitpro.ch/OU1/pic …      {Author}

Adding the access rights of FolderContact simply identifies the account as the administrative contact for the public folder:

[PS] C:\Windows\System32>Add-PublicFolderClientPermission -Identity “\folder\sharedItems” -AccessRights FolderContact -User “pic”

The state of the public folder access rights for user pic now reads:

[PS] C:\Windows\System32>Get-PublicFolderClientPermission -Identity “\folder\sharedItems” | fl

…

Identity : \folder\sharedItems
User : swissitpro.ch/OU1/pic
AccessRights : {ReadItems, CreateItems, EditOwnedItems, DeleteOwnedItems, FolderContact, FolderVisible}

…

Scenario B: Person-In-Charge cannot modify items created by others

So far, the modifications grant the pic user access rights to peruse the public folder, create, modify and delete objects owned by him/her only. S/he is not able to carry out his/her duties as PIC to administer items created by others in the same location.

To fix this, add the missing access rights with the end result as shown:

[PS] C:\Windows\System32>Add-PublicFolderClientPermission -Identity “\folder\sharedItems” -AccessRights EditAllItems,DeleteAllItems -User “pic”

[PS] C:\Windows\System32>Get-PublicFolderClientPermission -Identity “\folder\sharedItems” | fl

…

Identity : \folder\sharedItems
User : swissitpro.ch/OU1/pic
AccessRights : {ReadItems, CreateItems, EditOwnedItems, DeleteOwnedItems, EditAllItems, DeleteAllItems, FolderContact, FolderVisible}

Technorati tags: Exchange Server, PowerShell

No Comments »

Shipped as part of Windows 7 and Windows Server 2008 R2, PowerShell 2.0 has recently been released for Windows XP SP3 / Vista SP1 and SP2 / Server 2003 SP2 and 2008 SP2 on supported x86 or x64 editions.

Known as Windows Management Framework, it consists of:

- Windows Remote Management (WinRM) 2.0
- Windows PowerShell 2.0
- Background Intelligent Transfer Service (BITS) 4.0

Do not hesitate further. Find out more and download this must-have IT Pro Administrator’s tool set here (KB968929).

Technorati tags: PowerShell

No Comments »