Thursday, March 19, 2009

Case Sensitive Certificates in OCS?

I had a heck of a time getting OCS R2 and Exchange Unified Messaging playing nicely together.  I had set up both environments and I could dial extensions in the OCS environment, but I could not dial the subscriber access number for Exchange UM.

In the event logs on the OCS Front End server I was seeing the following events.

Source: OCS Exchange Unified Messaging Routing

Event ID: 1040

The attempt failed with response code 504: EXUM1.domain.com.
Failure occurrences: 3, since 18/03/2009 11:34:48 AM.
Cause: An attempt to route to an Exchange UM server failed because the UM server was unable to process the request or did not respond within the allotted time.
Resolution:
Check this server is correctly configured to point to the appropriate Exchange UM server. Also check whether the Exchange UM server is up and whether it in turn is also properly configured.

----

Source: OCS Protocol Stack

Event ID: 1001

TLS outgoing connection failures.
Over the past 28 minutes Office Communications Server has experienced TLS outgoing connection failures 3 time(s). The error code of the last failure is 0x80090322 (The target principal name is incorrect.) while trying to connect to the host "EXUM1.domain.com".
Cause: Wrong principal error could happen if the peer presents a certificate whose subject name does not match the peer name. Certificate root not trusted error could happen if the peer certificate was issued by remote CA that is not trusted by the local machine.
Resolution:
For untrusted root errors, ensure that the remote CA certificate chain is installed locally. If you have already installed the remote CA certificate chain, then try rebooting the computer.

----

Source: OCS Exchange Unified Messaging Routing

Event ID: 1040

An attempt to route to an Exchange UM server failed.
The attempt failed with response code 504: EXUM1.domain.com.
Failure occurrences: 4, since 18/03/2009 11:34:48 AM.
Cause: An attempt to route to an Exchange UM server failed because the UM server was unable to process the request or did not respond within the allotted time.
Resolution:
Check this server is correctly configured to point to the appropriate Exchange UM server. Also check whether the Exchange UM server is up and whether it in turn is also properly configured

----

On the Exchange UM server I was just seeing the following event:

Source: MSExchange Unified Messaging

Event ID: 1088

The IP gateway or IP-PBX "OCSSTD1.domain.com" did not respond to a SIP OPTIONS request from the Unified Messaging server. The error code that was returned is "0" and the error text is ":Unable to establish a connection.".

----

This all pointed a certificate problem.  But the certificates were all issued by an internal CA and both servers trusted the Root CA Certificate.  The names in the event log matched the subject names on the certificates, in that they both have the FQDNs of the servers.

I tried reissuing the certificates but the problem persisted. 

Then I noticed something – in a couple of events on the OCS Server it referred to the Exchange Server like this:

The error code of the last failure is 0x80090322 (The target principal name is incorrect.) while trying to connect to the host "EXUM1.domain.com".

But in my case the certificates had the FQDN all in lowercase like this:

exum1.domain.com

Now – it shouldn’t matter but by this stage I was clutching at straws.  So I changed my powershell command and requested a new cert with the servername in uppercase.  After I assigned this certificate to the UM server I restarted the Exchange Unified Messaging service and checked the event logs and low and behold – none of the events were logged.

I tried to make a call to Exchange UM and got a new error – which was progress and will be the subject of another post.  At any rate the certificate issue was resolved.

HowTo: Install a new language pack for Exchange UM

Installing a new language pack for Exchange Unified messaging is pretty easy.  In addition to the default English US there are a number additional language packs on the installation media. 

The following files are in the \UM directory on the media.

  • umlang-de-DE.msi
  • umlang-en-AU.msi
  • umlang-en-GB.msi
  • umlang-es-ES.msi
  • umlang-es-MX.msi
  • umlang-fr-CA.msi
  • umlang-fr-FR.msi
  • umlang-it-IT.msi
  • umlang-ja-JP.msi
  • umlang-ko-KR.msi
  • umlang-nl-NL.msi
  • umlang-pt-BR.msi
  • umlang-sv-SE.msi
  • umlang-zh-CN.msi
  • umlang-zh-TW.msi

Each of these MSI files is a language pack.  These are also available for download from Microsoft.

Once you have your language pack you need to install it onto each Exchange UM server you want the language pack available on.

This is done by running the setup command on the CD.  The command format is:

Setup.com /AddUmLanguagePack:xx-YY /s:<path to language pack>

where xx-YY is the language you want to install, which is in the name of the MSI file.  For example I used the command below to install the Australian English on my Exchange UM server.

clip_image002

Wednesday, March 18, 2009

SydneyUC Meeting – the Good and Bad

The March Sydney UC meeting was a blast.  An absolute roaring success!  As long as you were actually there.  You see we were all hooked up to the Live Meeting well before the scheduled start time.  And then 5 minutes before the start – the Live Meeting session dropped and we could not get back in.  The irony of it all.

Apologies to the people who were unable to attend via Live Meeting.  This is, unfortunately, one of the key challenges with cloud based services.  You are utterly dependant on the cloud actually being available. 

That aside we had a good session.  I gave an overview of the portable OCS R2 lab I have been building.  It has been an interesting experience and I encountered and conquered a few issues along the way. 

Then Jeff Wang from Tandberg gave a great overview of the OCS R2 and Tandberg integration and interoperability story.  It was a great story and Jeff presented it brilliantly.  Scenarios demonstrated included:

  • OCS MOC client to room based system video call
  • Video phone to MOC client call
  • Video call forking to MOC and Video phone
  • Multiparty ad-hoc video including Tandberg and OCS endpoints
  • Scheduled multiparty video calls.

After that Wayne Lee from GN (Jabra) gave a session about Jabra’s background and product range.  Wayne highlighted the benefits of using OCS certified devices and gave a good overview of the devices that Jabra offer today.

Over all it was a great session and we had a good turn out.  We are planning another session in April, so keep an eye on the Sydney UC site, the RSS feed, our Facebook page or the #sydneyuc twitter tag.

Thursday, March 12, 2009

Moving the Transport Dumpster in E2k7 SP1

Chris Goosen has a great post about the Exchange Transport Dumpster and how to move it from its default location.

I won’t repeat it all here – check it out here.

Tuesday, March 10, 2009

March Meeting of Sydney UC

Details of the March Sydney UC meeting are on the Sydney UC blog.

To save a click:

At the March Sydney UC Community meeting TANDBERG will demonstrate how the ubiquitous Microsoft Office Communicator video capability can be easily integrated into an organisations visual communication platforms. Specifically, the group will see how user friendly the TANDBERG-OCS integration is and how it can reduce user training requirements and increase usage and adoption of video to improve workflow and communication.
In addition TANDERG will share our roadmap showing the exciting additional features that are upcoming with the imminent release of Microsoft OCS 2007 R2, and how TANDBERG will integrate into Microsoft OCS R2 further to be one step closer a vision of completely Unified Communications.
Jabra will also be presenting on some of their new UC hardware including the M5390 and Dial 520 OC.

Sydney UC is also on Facebook, become a friend and register for events on our profile page.

Remember that if you can’t physically make the event the session will be available via Live Meeting around the globe.  There is a link for the live meeting on the Facebook event.

Also – if you are using Twitter – keep an eye on the #sydneyuc tag for updates = we’ll be using that as well going forward.