OCS 2007 Installation – Part 3
Other parts in this series:
This should be a short post, we’ll just be finishing up the installation so you can start some OCS 2007 testing internally. I purposely chose a different internal and external domain like many companies will do so that you can see how you have to use a "split-brain" DNS model. The split part simply means that you need to have a zone defined internally that matches your external SIP domain, which is also likely to be your e-mail domain.
Configure Internal DNS
Open the DNS management tool and expand the Forward Lookup Zones folder.
In the file menu choose Action and then New Zone.
The New Zone Wizard should open. Press Next to continue.
Choose Primary zone and check the box Store the zone in Active Directory. Press Next.
Choose To all DNS servers in the Active Directory forest ptown.com and press Next.
Enter the external domain name, confusedamused.com and press Next.
Choose Allow only secure dynamic updates and press Next.
Press Finish to complete the wizard.
Now click once on the new zone, confusedamused.com, then in the file menu choose Action and then New Host (A).
Enter sip as the hostname, verify that sip.confusedamused.com is the fully qualified domain name (FQDN), enter the IP address of the OCS box, 192.168.0.20, and check the box Create associated (PTR) record. Press Add Host.
Press OK and then Done to exit.
In the file menu click the Action item and choose Other New Records.
Choose Service Location (SRV) and press Create Record.
Enter the service as _sipinternaltls, change the port number to 5061 and enter sip.confusedamused.com as the host offering the service. Leave the defaults for everything else and press OK.
A record for _sipinternaltls should now exist, pointing to sip.confusedamused.com. Close the DNS management console.
The only thing left to do at this point is enable some users to actually sign-in to OCS.
Enable User Accounts
Open the Active Directory Users & Computers snap-in and locate an OU with users.
![clip_image002[5]](http://www.confusedamused.com/wp-content/pictures/2008/03/clip-image00251.jpg)
Select the user accounts and right-click, then choose Enable users for Communications Server.
![clip_image004[5]](http://www.confusedamused.com/wp-content/pictures/2008/03/clip-image00451.jpg)
Note: These options won’t actually be present in ADUC unless you’re using a server that has the OCS 2007 console installed. You might want to install the admin console on any machine you’re planning on managing OCS users from.
The Enable Office Communications Server Users Wizard opens. Press Next.
![clip_image006[5]](http://www.confusedamused.com/wp-content/pictures/2008/03/clip-image00651.jpg)
Select to assign users to the tap-ocs-2k7.ptown.com pool.
![clip_image008[5]](http://www.confusedamused.com/wp-content/pictures/2008/03/clip-image00851.jpg)
Select a format for the user SIP URIs. The firstname.lastname@confusedamused.com format is a good choice. If Exchange is installed in your organization you would probably choose the Use user’s e-mail address option for consistency.
![clip_image010[5]](http://www.confusedamused.com/wp-content/pictures/2008/03/clip-image0105.jpg)
The wizard should succeed and generate the SIP URIs. Press Finish.
![clip_image012[5]](http://www.confusedamused.com/wp-content/pictures/2008/03/clip-image01251.jpg)
Now just install Office Communicator on a client PC and try to sign-in.
Note: If you’re on a domain machine logged in with the account you’re trying to access in OCS all you should need to enter is your SIP URI. If you’re accessing a different account you’ll be prompted for your domain credentials. You can enter them in either format, but remember it’s your internal domain URI in this case. So for example, if you’re logged on to a PC as Roger Daltrey, but you enter mick.jagger@confusedamused.com as your SIP URI you’ll be prompted for your username and password. You could enter the username as either PTOWN\mick.jagger or mick.jagger@ptown.com. I’d recommend the former because giving users two different URIs is likely to be confusing unless your internal and external domain names are the same.
Excellent Guide.. work 100%
Do you have a Edge server Guide ? … i have a problem in the part of certificates.
thanks.
Thanks, it is working fine. It’s working without joined to the domain I tried to export then import my domain certification to my pc under workgroup but it doesn’t work. If there any way to start communicator without joins my pc to our ocs domain
Regards Shadi
Shadi – Yes, you do not have to join the PC to the domain to make it log on, but it will need to trust your root certificate authority. On your PC you need to make sure you put the Root CA certificate in the “Trusted Root Certification Authorities” store of the Computer account, not your personal user account store.
Will you be posting anything on setting up Edge services? Jason
I would love to, but I need to find the time somewhere. I’m sure it’ll happen some day…
Hi TOm,
Thanks for the wonderful post..
But I hv a question..
I read that LCs needs a mediation server…but do we need a mediation server in OCS 2007. If so what is the use of mediation server??
How different is it from Live business Gateway? In the sense..if I install Mediation server, dont I need to install LBG??
Thanks for ur time..
dear all i have the following error when i restart ocs services after adding server to pool
” event id : 7024 The Office Communications Server Archiving and CDR service terminated with service-specific error 2147942405 (0×80070005). “
so please tll me how and where i install achiving &cdr on OCS server or SQL and how i can finish my installtion successuly
thanks
i love you ^^
Hi Tom,
In the eventlog of my OCS2k7r2 client I get this message : “Communicator could not connect securely to server sip.shared.local because the certificate presented by the server did not match the expected hostname (sip.shared.local).”
I setup an internal CA and this CA issued a certificate with sip.shared.local as a part of the Subject Alternative Names (SAN) property of the certificate. It’s all on the LAN. I tried this also with _sipinternal but no success either. Do you have any idea what might causing this ?
Can I not use SAN but should this be the real subject ? Then I m screwed because I want to have more then one domain name in one pool.
BR,
Ronald
Hi,
I followed the installation guide an everything shows up successful but under users in the active directory I am not getting enable user for communication server.
I have 3 DNS servers I checked the primary then the back up and still nothing.
Any advice to make this work?,
Thai
Hi Thai, I’m wondering a little, too, but I documentation you find the hint that you need to install the “admin console” to be able to enable users for OCS. Restart the Setup. There is a link to install the admin tools.