Office Communications Server 2007 (non-R2) Install Notes

2011-02-06 Initial Post

Here are some notes that I made based on my experience  setting up my OCS test environment recently. I didn't use the R2 version because the client I work at doesn't use that version.

OCS version: Office Communications Server 2007 (non-R2) Enterprise Edition

Back-end database: Server 2005 Enterprise Edition SP3 with a dedicated instance for OCS

Server OS: Windows Server 2003 R2 SP2

AD version: Windows Server 2003 R2 SP2 Active Directory

I read several chapters of “How to Cheat at Administering Office Communications Server 2007” and was not able to successfully install OCS based on the instructions it provided. Some issues were due to incompatibilities with SQL Server 2005 SP3 (I don’t think SP3 was out when the book was written) and others were just missing information or unclear instructions from the author. The best thing to do is to read “OCS 2007 Enterprise Edition Deployment Guide” (there’s also a Word doc version available). Below are the 12 high-level steps from the guide, with my notes.

When you deploy Office Communications Server Enterprise Edition in a consolidated configuration, you perform the following major tasks:

1.      Prepare Active Directory

a.     Forest and domain must be at Windows Server 2003 functional levels.

b.    Schema prep, forest prep, and domain prep must be run (similar to Exchange).

c.     The OCS Deployment Wizard walks you through these steps.

d.    You’ll see several new universal security groups in the default Users container that have names beginning with “RTC.” RTC stands for Real Time Communications. There are also many settings and utilities with the letters “LCS” in them. This is because OCS’ predecessor is Live Communications Server, hence the LCS name. There are also OCS-related AD user attributes prefixed with “msRTC,” such as msRTCSIP-OriginatorSID.

2.       Install SQL Server

3.       Configure a Load Balancer

a.     Not necessary if using a single front end server. I wonder if there’s a free load balancer that I could install on a VM? Anyway, for testing, a LB isn’t necessary.

4.       Configure DNS

a.     The OCS Deployment Wizard does not do this for you. You need to add the DNS records manually.

b.    At a minimum you need an A record for the pool ( and an SRV record for that points to the pool's FQDN, port 5061. I've seen some references mentioning an A record for (with the same IP address as the pool's FQDN), but I installed my OCS without that and it works fine. It wouldn't hurt to put it in, but it's not necessary. If you decide to create that record, make sure it’s an A record (not a CNAME pointing to the pool FQDN).

c.     Note that OCS defaults to MTLS/TLS for all client connections. For Office Communicator (IM), it's MTLS on port 5061. For Web Conferencing (Live Meeting), it's TLS on port 8057.

d.    If you eventually put in edge servers, the external ports used by remote, anonymous, and federated users will be different. It can be confusing because port 5061 is used for internal IM but on the edge it's used for federated IM. See Ports Required by Office Communications Server for more info.

5.       Create a Pool

a.     The deployment guide states, “If you have access to the Back-End Database server [SQL server], we recommend that you create and configure the pool there.” If you don’t do that, you can create the pool from another server, but that server must have at least Microsoft SQL Server 2005 Backwards Compatibility Components installed (the file name is SQLServer2005_BC.msi for the x86 version). Use the SP2 version of this component because there’s an issue with the SP3 version and OCS. If you use the SP3 version, you’ll get the “An error occurred during pool backend detection: Pool backend discovery failed. Failed to open SQL database.“ error as documented in this MS KB.

b.    If you're installing on a named (separate) instance of SQL Server, you need to either have SQL Server Browser service running or assign the instance a static port and include the instance's port number in the connection string, e.g., CHH-MSSQL-01,47000. If the server had SQL Browser running, you’d be able to use an instance name, e.g., CHH-MSSQL-01\MSSQLOCS. It looks like there's some security by obscurity by not running SQL Server Browser because it also won't make the SQL server instances browseable. The default instance's port is TCP 1433 and named instances have dynamically assigned ports. SQL Browser keeps track of resolving instance names to their correct ports, which is why the client can't specify the instance name if SQL Browser isn't running.

c.     The account you’re using must be a member of Domain Admins (and RTCUniversalServerAdmins if not run from the SQL server) and have permission to create and modify SQL databases. The guide also notes that you must use a 32-bit computer to create the pool if your have a 64-bit SQL server.

d.    Whichever computer you run the OCS Deployment Wizard on (the deployment wizard—not the actual OCS install) must have MS Visual C++ 2005 SP1 Redistributable. You’ll get a prompt before the wizard starts and it can install that if not present.

e.     I personally would not use the default name of “pool1.” That just looks odd. A “pool” for what? I changed mine to “ocspool” since that makes more sense to people who might not know that OCS uses pools. And who knows, there might other applications that also use the term “pool," so this will avoid any confusion.

f.     This step will connect to the SQL server that you had already set up and automatically create these three database: rtc (persistent user database), rtcconfig (OCS configuration), and rtcdyn (transient user database). You do not get any option to name the database or change any other database settings. See this MS article for details on the database and file share storage requirements. Also see this MS article for details on how to manage the databases.

g.    You need to have already created the shares for meeting content and metadata (and optionally meeting archive) and address book file store. For production, I would advise using a DFS or NAS CIFS share where the underlying file server name isn’t hardcoded in the UNC. That would make changing the path unnecessary if a file server is decommissioned, for example. Do not change any permission on those shares until this step is completed. The wizard will add the appropriate share and NTFS permissions. You can go in afterwards and remove the Everyone group from the share permissions.

6.       Configure the Pool

a.     Use the same suggestions as when creating the pool.

7.       Add an Enterprise Edition Server to the Pool

a.     You must install IIS --> Word Wide Web Service on the OCS server. Towards the end of this step I got an error with the OCS Deployment Wizard and it froze, so I rebooted. After rebooting several times and trying to run the wizard again, it kept crashing and giving me a Deploy.exe application error. I then installed all Microsoft Update critical updates as of 2011-01-29 and after reboot I was able to run through the wizard with no errors.

8.       Configure a Certificate

a.     I created my own enterprise root CA on my DC before this step. The CA was automatically detected and I was able to select it and submit the certificate request online. Also, the root CA was automatically added to Certificates - Current User --> Trusted Root Certification Authorities --> Certificates for all my domain-joined computers. That makes sense since it’s a root CA in the AD domain.

9.       Enable Audio/Video and Web Conferencing (optional)

a.     These components are installed by default, but not enabled for any users.

10.    Enable Enhanced Presence (optional)

a.     This step isn’t necessary if you’re doing a fresh install. Basically what happens is that ALL new users who are enabled for OCS 2007 will automatically be enabled for enhanced presence—it’s not an option. The only time that you’d need to consider enhanced presence is during migrations from LCS 2005.

11.    Start the Services

a.     Nothing special here. As long as you set everything up correctly up to this point, the OCS services should start up fine.

12.    Validate the Server Configuration

a.     I skipped this part and instead installed Office Communicator on two clients to confirm that they were able to IM and join a conference.

b.    Web conferencing is installed by default on OCS, but users are not enabled for it by default. You need to enable this feature in an OCS policy or on a per-user basis.

c.     The Office Communicator 2007 R2 client is not free, but you can get a trial version. It came with my TechNet subscription, so I had a full copy.

d.    The Live Meeting 2007 client is required for participation in an OCS Web conference. It’s a free download. Note that the Live Meeting client can also be used to attend Web conferences hosted on Microsoft’s Live Meeting hosted service. With OCS, Live Meeting is used for what’s known as “on-premise” Web conferencing which is hosted by an on-premise OCS Web Conferencing server. Users might refer to these Web conferences as “Live Meetings” or “Web meetings.” I don’t know why MS got fancy and named the service “Web Conferencing” instead of “Web Meeting” because even in their own documentation they refer to the “conferences” as “meetings.”

The Conferencing Add-in for Outlook (Live Meeting) is not required, but it allows you to create Web conferences with Outlook’s calendaring/scheduling feature. This is a free download also.

Leave a Reply