Custom OCS Edge Server Snap-In

One of the more obnoxious pieces of OCS is the fact that there isn’t a dedicated MMC snap-in for the Edge Servers, but instead you have to open the entire Computer Management console. The method below will let you create a simple MMC that only opens the OCS Edge server parts.

  1. I know this seems like a long-winded way to open Computer Management, but we need the full MMC window to save the custom snap-in, so go to Start | Run, type in mmc and press OK.
  2. Go to File | Add/Remove Snap-In and press Add.
  3. Choose Computer Management and press Add, Finish, Close and OK.
  4. Expand Computer Management | Services and Applications, right-click on Microsoft Office Communications Server 2007 and choose New window from here.
  5. Now you should have a window with the root as your OCS controls. Click on File | Options.
  6. Click the Change Icon button and then browse to C:\Program Files\Common Files\Microsoft Office Communications Server 2007\RTCMMCR2.dll and press OK.
  7. You should now have a few options for icons. My preference is the first one that matches up with the icon for internal servers. 
  8. You can also rename the console to something friendlier, like Office Communications Server 2007. I’d also suggesting change the console mode to User mode – full access to keep the console from opening in author mode each time.
  9. Click on File | Save As… and save your custom MMC somewhere safe, say, C:\Documents and Settings\Administrator\My Documents.
  10. Personally, I find it dumb to have a shortcut in Administrative Tools that doesn’t work, so I like to replace the one OCS installs. Right-click on the existing OCS 2007 shortcut in Programs | Administrative Tools and choose Properties.
  11. Change the target for the shortcut to wherever you saved your custom MMC. Mine was at C:\Documents and Settings\Administrator\My Documents\OCS Edge.msc.
  12. You should be all set now. Opening the Office Communications Server 2007 shortcut will now open a usable snap-in.

LCS 2005 & Messenger for the Mac on Leopard

One of the changes with OS X 10.5 Leopard is the lack of the X509Anchors keychain being installed by default. The problem this creates is that a lot of Microsoft applications for the Mac depend on this keychain for their certificate authentication. They check the X509 keychain for a certificate and when it doesn’t exist, they fail to authenticate. The annoying part here is that the application doesn’t even have appropriate error messages included. Instead of something logical like the "the certificate is not valid or trusted" the user gets an error that their sign-in name or password is incorrect. Fortunately there’s a workaround and you can add this keychain back to make it functional again.

  1. Open Keychain Access (Using Spotlight to search for it is probably easiest)
  2. Click File > Add Keychain
  3. Browse to Machintosh HD | System | Library | Keychains and select the X509Anchors keychain. Press Open.
  4. Now select the X509 keychain in the Keychain Access window and drag all of the certificates you need onto this window. You should be prompted for your admin credentials.
  5. Now you’ll see a window asking which keychain you want to install the certificates to. Choose X509Anchors and press OK.
  6. Once your certificates are installed, try signing in again. This time it should succeed!

Communicator 2007 Custom Presence Tool

Yesterday afternoon I was tinkering with the custom states you can define within Office Communicator 2007 and found actually creating the custom states obnoxiously difficult for an end-user. In an effort to remedy that problem I whipped up an application I’m going to call the Communicator 2007 Custom Presence Tool. Let’s call it a beta version for now, just to be trendy.

It provides a GUI interface for users to select their custom availability and a status note to go along with the availability. The tool creates the XML file and updates the CustomStates registry value with the location of the XML file.

A few screenshots to demonstrate the functionality:



Here’s a basic rundown of what happens:

  • Upon startup, the tool tries to read the value of HKCU\SOFTWARE\Policies\Communicator\CustomStates.
  • If the value exists, it loads the XML file location that is specified.
  • If the value doesn’t exist, the user is prompted for a location to save the XML file. It defaults to %AppData%\Microsoft\Communicator\CustomPresence.xml. I chose that location to accommodate roaming profiles.
  • At this point the user is presented with a blank sheet (or filled if the XML file existed) of their custom availabilities and status notes that they can fill out.
  • Once Save is pressed the registry value is updated to reflect the location of the XML file.

It seems to work fine for my purposes in a lab environment, but by no means am I a programmer so I would thoroughly test this tool out on some non-production machines before you try implementing this. I’d also love any kind of feedback, so please let me know what you think. I’m positive there are some issues I haven’t found yet so feel free to point them out.

Download Communicator 2007 Custom Presence Tool

Requirements: Microsoft .NET Framework 2.0

CWA 2007 HTTP to HTTPS Redirect

So you want to redirect any client HTTP requests for OWA to the HTTPS version? Easy enough. For our external clients this is fairly simple because you can simply have ISA do the hard work. For the internal clients, which I’ll show here, it requires a little more work.

So open up the IIS snap-in. By default CWA creates web sites outside of the Default Web Site, which makes this process easy for us. All we have to do is redirect requests to the default web site to the CWA one.

  1. Right-click the Default Web Site and choose Properties.
  2. Click the Home Directory tab.
  3. Under "The content for this resource should come from" choose A redirection to a URL.
  4. Enter the redirect URL, in my case, and press OK. iis1

Now that should work well if you have a dedicated CWA server and nothing else clogging up your Default Web Site. But what if another application is already there? The method above won’t work so hot in that case. As a workaround we need to create another virtual web site that will redirect our clients to the appropriate page.

  1. Right-click the Web Sites node and choose New | Website.
  2. Click Next to start the wizard and enter CWA Redirect as the description. Press Next.
  3. Leave Port 80 as the port and enter the hostname for your CWA site, in my case. Press Next.
  4. For the path you can use the default IIS contents so just browse or enter C:\Inetpub\wwwroot. Make sure anonymous access is checked. Press Next.
  5. Accept the default access permissions by pressing Next and then click Finish.
  6. Now, just follow the steps above that I outlined for the Default Web Site, but do it instead for the CWA Redirect website you just created.
  7. When all is said and done, your IIS websites should look like this: iis2

Now you can browse to and IIS will pick up the host-header, point your client at the CWA Redirect website, which immediately redirects the request to

Prettier Chat Logs for OCS

The OCS team posted a PowerShell commandlet today that lets you pull out conversations between users and output to an HTML file. I’ll try it out soon, but it has to be much better than the current method of writing your own SQL queries and retrieving some ugly looking code. Here’s the link:

Update: I stood up an Archiving and CDR this afternoon and gave this commandlet a shot. Much better than digging through SQL logs and trying to parse out an actual conversation. Here’s a screenshot of the resulting HTML page:


I’ll probably tweak the script myself (left-justified text) a bit, but it’s a solid improvement over what we had before.

Communicator Web Access Loopback Issues

On the same subject as the previous post, I ran into some more issues with the integrated authentication on CWA. It worked from any PC except for the CWA server itself. If I tried to sign in from the CWA box I’d get the endless Windows authentication dialogs and it would eventually fail. The solution? Follow method 2 from this KB:;EN-US;896861

I created the BackConnectionHostNames multi-string in HKLM\SYSTEM\CurrentControlSet\Control\Lsa\MSV1_0 with a value of, my internal CWA host name, restarted IIS and was able to login successfully.

Communicator Web Access Integrated Authentication

This morning I set about adding a Communicator Web Access (CWA) server to my lab and had a small issue with the integrated Windows authentication piece. Basically, I’d click the sign in button and get a Windows authentication dialog instead of being signed into CWA. Even with valid credentials my login would fail and I’d see an error "Cannot sign in. The password or sign-in address may be incorrect. Make sure that your sign-address matches your user account and try again."


Turns out there a few steps you need to take to make this work:

  1. Open Internet Explorer.
  2. Click Tools | Options.
  3. Click the Security tab.
  4. Click on Local intranet and press the Sites button.
  5. Uncheck the box Automatically detect intranet network and press the Advanced button.
  6. Type in the URL for your CWA website, in my case it was and press Add, Close and then OK.
  7. Click the Custom level button.
  8. Scroll all the way to the bottom and ensure Automatic logon only in Intranet zone is selected and press OK and OK.
  9. Refresh the page, click Sign in once more and you should log in no problem.

Windows Server 2008 Beta Exams

I took the plunge yesterday and registered for the Server 2008 Beta Exams, 71-646 and 71-647. Combined with some tinkering of the Betas and RC’s of Server 2008 and the free Server 2008 eBook I might have a chance of doing alright. I’ve got nothing to lose since the exams are free with the voucher codes. I guess we’ll find out just how well I do in about 2 weeks.

If you’re planning on taking the exams yourself I’d recommend checking the Microsoft Preparation Guides first:

OCS 2007 Message Limits

Yesterday I went looking for what the maximum message size I could send in an IM through OCS 2007 was and I couldn’t find an answer anywhere in the documentation or across the web. So I sat down and did it the old fashioned way – copying and pasting items until I got some errors and I found some pretty interesting results. OCS actually has 2 different limits. One is a limit on the first message you send to a recipient and the second limit applies to subsequent messages, with the first limit being 10% of the second. So what are the limits?

  • Initial Message: 800 characters
  • Subsequent Messages: 8000 characters

Interestingly enough, these limits come from two different places. If you send an initial message of over 800 characters you’ll get a message back in your IM window saying "This message was not delivered to [Username] because it is too large:

If you enter more than 8000 characters you’ll actually get a message back from Office Communicator "The message is too long. Please shorten your message and try sending again.": toolong

I’ve also managed to make Communicator truncate the text I enter if it’s over 8000 characters, but I can’t consistently figure out when it truncates the text and gives me the server-side message as opposed to the Communicator dialog box above that the text is too long.

I think the question more people are asking though is "how can I change these limits?". From what I can tell we’re stuck with the latter limit. If you search around it appears SQL itself is limited to a varchar value of 8000. For all practical purposes, I think the 8000 limit should accommodate most everyone. If it’s bigger than that, it’s probably a candidate for email, not IM. I set about trying to change the initial limit.

First, I looked in the OCS 2007 snap-in, but couldn’t find any options for changing this. Next, I checked out the registry. Nothing there so I fired up ADSIEdit. I found some global config settings in CN=Global Settings,CN=RTC Service,CN=Microsoft,CN=System,DC=ptown,DC=com, but nothing related to a maximum message size.

The only other place I could think of to look was the actual OCS database instance so I opened up SQL Server Management Studio Express to take a look. I did find a table (MSFT_SIPProxySetting) in the rtcconfig database that looked promising with a columns titled MaxBodySizeClientMsg and MaxBodySizeServerMsg. These are also apparently properties in the WMI class:

MaxBodySizeClientMsg was set to 128 and MaxBodySizeServerMsg was at 5000. These values are in KB, not characters. I changed these to 256 and 10000, respectively, restarting the services after each change, but nothing seemed to make a difference. The only thing I can think of is that these values are hard-coded into the OCS and Communicator products. Anyone got any other ideas? Did I miss something?