Tuesday, November 30, 2010

Installing OCS 2007 R2 on a Windows Server 2008 R2 64-bit Server

Since I never had the time to document the process of the deployments I did earlier with OCS 2007 R2 on a Windows Server 2008 R2 server, I took last week while I was deploying a new OCS 2007 R2 Edge server as an opportunity to do a few screenshots to show what the install looks like. Note that the following does not go into details and only shows what needs to be done with an Edge server so if you’re deploying another role, please fill in the missing gaps with the official Microsoft KB article (http://support.microsoft.com/kb/982021).

As per the Micorosft KB: http://support.microsoft.com/kb/982021:

Step #1

Install.NET Framework 3.5.1 by using Roles wizard from Server Manager. You can do this by selecting the Windows-based application server role to make sure completeness. This is a manual step. You must have .NET Framework 3.5 SP1 on a Windows Server 2008 R2 operating system before you install a version of Office Communications Server 2007 R2 that only includes .NET Framework 3.5.

image

image

image

Step #2

Install the Desktop Experience Features by using Add Features wizard from Server Manager. This is required for Media format runtime. The name of the media format runtime package depends on the operating system and the Office Communications Server 2007 R2 setup that refers to the Windows Server 2008 or to the Windows Server 2003 Media format runtime installation package.

image

image

image

-------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note: I ran into an issue on my first attempt to install the desktop experience feature with the following error:

Attempt to install Desktop Experience failed. The specified package is not applicable (error value: 0x800F081E).

Attempt to install Ink Support failed. The specified package is not applicable (error value: 0x800F081E).

image

What annoyed me was that the install and uninstall process took upwards to 15 minutes to complete and I was only able to get it to install properly on the 4th try when I uninstalled both the Desktop Experience and Ink and Handwriting Services (I only uninstalled the former on the first 3 tries).

-------------------------------------------------------------------------------------------------------------------------------------------------------------------

image

-------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note: It was also noted on the Microsoft forums that while the Desktop Experience will work, it’s actually not required as you can just install the Window Media Format Runtime with a command.

http://social.technet.microsoft.com/Forums/en-US/ocsplanningdeployment/thread/26975ca1-0c63-4f65-94e4-c4ea6d72d44f

Steve Lessard [MSFT] clip_image001clip_image001[1]clip_image001[2]clip_image001[3]clip_image001[4]

Installing Desktop Experience will work, but it is not required. Windows Media Format Runtime is the real requirement. NOTE: the command for installing Windows Media Format Runtime changes with each release of Windows. I've highlighted the subtle change in the command so you can better see how the command has changed between these two releases of Windows Server...

For Windows Server 2008 the command is:

pkgmgr.exe /ip /m:"%windir%\servicing\Packages\Microsoft-Windows-Media-Format-Package~31bf3856ad364e35~amd64~~6.0.6001.18000.mum"

For Windows Server 2008 R2 the command is:

pkgmgr.exe /ip /m:"%windir%\servicing\Packages\Microsoft-Windows-Media-Format-Package~31bf3856ad364e35~amd64~~6.1.7600.16385.mum"

Here’s another blog post I was able to find: http://it-proknowledge.blogspot.com/2009/09/ocs-2007-r2-on-windows-server-2008-r2.html

-------------------------------------------------------------------------------------------------------------------------------------------------------------------

Step #3

Install the Hotfix that is described in KB 975858 for Windows Server 2008 R2.

975858 (http://support.microsoft.com/kb/975858/ ) An application or service that calls the InitializeSecurityContext function together with the ISC_REQ_EXTENDED_ERROR flag may encounter a TLS/SSL negotiation failure on a computer that is running Windows Server 2008 R2 or Windows 7 operating system

image

image

image

image

image

Step #4

Install Office Communications Server 2007 R2 Server Roles

image

-------------------------------------------------------------------------------------------------------------------------------------------------------------------

Note: If you run into the error message:

Microsoft Office Communications Server 2007 R2, Microsoft Unified Communications Managed API 2.0 Core Redist 64-bit installation or uninstallation requires that VC++ 2008 Redistribute is already install.

image

Please see my previous blog post: http://terenceluk.blogspot.com/2010/11/problem-installing-ocs-2007-r2-on.html

-------------------------------------------------------------------------------------------------------------------------------------------------------------------

image

image

image

Step #5

For Office Communications Server 2007 R2, Standard Edition, or Enterprise Edition, or Edge Server role, when KB 974571 is installed, Activation of the Office Communications Server 2007 R2 server role fails. To fix this problem, follow these steps:

  1. Apply the OCSASNFix.exe file. To download the Ocsasnfix.exe file, visit the following Microsoft Web site:

    Install the OCSASNFix.exe file (http://go.microsoft.com/fwlink/?LinkId=168248)

  2. Rerun Office Communications Server 2007 R2 Activation

image

I made the mistake of executing the hotfix by double clicking it so when I re-ran the hotfix in the command prompt to get the screenshot, it indicates the hotfix ha already been applied.

image

Step #6

Install updates for Office Communications Server 2007 R2 that are dated October 2009 (3.5.6907.56), or install later versions. To download the updates for Office Communications Server 2007 R2, visit the following Microsoft Web site:

Microsoft Office Communications Server 2007 R2 Hotfix KB 968802 (http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=b3b02475-150c-41fa-844a-c10a517040f4)

image

Step #7

Install updates for Office Communications Server 2007 R2, Group Chat Server, Office Communications Server 2007 R2, Group Chat Admin Tool and Office Communications Server 2007 R2, Group Chat Client that are dated May 2010 (3.5.6907.200), or install later versions.
Note You will experience the issue that is described in
Microsoft Knowledge Base article 982129 (http://support.microsoft.com/kb/982129) if you do not apply the the update that is mentioned in the previous step. To download the updates for Office Communications Server 2007 R2, Group Chat Server, visit the following Microsoft website:

Microsoft Office Communications Server 2007 R2 Group Chat Server Hotfix 980042 (http://support.microsoft.com/kb/980042)

To download the updates for Office Communications Server 2007 R2 Group Chat Administration Tool, visit the following Microsoft website:

Microsoft Office Communications Server 2007 R2 Group Chat Administration Tool Hotfix 982128 (http://support.microsoft.com/kb/982128)

To download the updates for Office Communications Server 2007 R2 Group Chat Client, visit the following Microsoft website:

Microsoft Office Communications Server 2007 R2 Group Chat Client Hotfix 980043 (http://support.microsoft.com/kb/980043)

Step #8

  1. The default security setting on Windows Server 2008 R2 operating system for NTLM SSP requires 128-bit encryption. Depending on the client operating system mix in the enterprise, you may have to reduce this setting on a Windows Server 2008 R2 operating system that is running Office Communications Server 2007 R2 as a down level operating system. The key is set to "No requirement."
    1. For any down level operating system, such as Windows XP or for Windows Vista, the default value is set to "No Minimum."
    2. For a Windows 7 operating system, the default value is set to "Requires 128-bit encryption."

For more information about the “Changes in NTLM Authentication” as it applies to Windows 2008 R2 and Windows 7 operating systems, please visit the following Microsoft Web site:

Learn more about the changes in NTLM Authentication (http://technet.microsoft.com/pl-pl/library/dd566199(WS.10).aspx)

If you want to change the NTLM setting, follow these steps:

  1. Start secpol.msc on a Windows Server 2008 R2 operating system server.
  2. Click to select Local Policies and then click Security Options node.
  3. Make sure that the following values of the policies are set to "No Minimum."
    • Network Security: Minimum session security for NTLM SSP based (including secure RPC)
    • Network Security: Minimum session security for NTLM SSP based (including secure RPC) servers

image

image

image

image

image

While searching on the internet to see if there were any other issues not mentioned in the KB, I managed to find a post from another blogger’s post (Aaron Tiensivu):

2 new recently discovered issues with Server 2008 R2 and OCS 2007 R2 - ABServer errors and moving users

http://blog.tiensivu.com/aaron/archives/1939-2-new-recently-discovered-issues-with-Server-2008-R2-and-OCS-2007-R2-ABServer-errors-and-moving-users.html

Hope this serves to show an idea of what installing OCS 2007 R2 Edge on a Windows Server 2008 R2 64-bit looks like.

Monday, November 29, 2010

Problem installing OCS 2007 R2 on Windows Server 2008 R2 with error: “…requires that VC++ 2008 Redistributable is already installed.”

I ran into an interesting problem last week while deploying an OCS 2007 R2 Edge Server on a Windows Server 2008 R2 for an existing client and found little documentation that was able to help me with the problem so I thought this would be worth while blogging in case anyone else happens to come across it.

Problem

While installing the binaries for an OCS 2007 R2 Edge Server via the: Install Files for Edge Server:

image

on a freshly deployed Windows Server 2008 R2 64-bit server, you receive the following message:

Microsoft Office Communications Server 2007 R2, Microsoft Unified Communications Managed API 2.0 Core Redist 64-bit installation or uninstallation requires that VC++ 2008 Redistribute is already install.

image

The following KB is found:

http://support.microsoft.com/kb/981253

…and the KB clearly states the following:

You have a computer that has the Microsoft Visual C++ 2008 Service Pack 1 Redistributable Package version 9.0.30729 installed. If you try to install Microsoft Unified Communications Managed API Redistributable (UCMARedist.msi), the installation process fails. Additionally, you receive the following error message:

Microsoft Unified Communications Managed API 2.0 Core Redist installation or uninstallation requires that VC++ 2008 Redistributable is already installed.

This error message is not clear because it does not indicate that a specific version of Visual C++ 2008 Redistributable package is required.

To resolve the problem of failing to install the Microsoft Unified Communications Managed API Redistributable, download and install the Microsoft Visual C++ 2008 Redistributable Package version 9.0.21022 from the following Microsoft Web site:

Download Microsoft Visual C++ 2008 Redistributable Package version 9.0.21022

http://www.microsoft.com/downloads/en/details.aspx?familyid=9B2DA534-3E03-4391-8A4D-074B9F2BC1BF&displaylang=en

image

However, the error indicated early continues to be thrown even after installing the Microsoft Visual C++ 2008 Redistributable Package (x86).

image

There’s actually a KB article (http://support.microsoft.com/kb/982021) that describes all the additional steps that you need to do when installing OCS 2007 R2 on a Windows Server 2008 R2 64-bit server because this OS was not originally supported but even after installing all the additional prerequisites and hotfixes, the error remained.

Solution

The solution was actually simple because after exhausting all the blogs, KBs and forum posts I was able to find with this error without any luck, I ended up sitting back and really re-reading the error message again to think about why the install was complaining. What I ended up noticing was that the KB with information that closely maps to this issue had the link to the Microsoft Visual C++ 2008 Redistributable Package (x86) package and OCS 2007 R2 was actually a 64-bit application. When I finally figured this out and went ahead to download and install the 64-bit version:

http://www.microsoft.com/downloads/en/details.aspx?familyid=bd2a6171-e2d6-4230-b809-9a8d7548c1b6&displaylang=en

image

image

image

image

image

… then proceeded with the install:

image

image

image

image

… the installation continued as expected and I was on my way to completely the install.

Quite the interesting problem that took up an additional 45 minutes of my time and I found it interesting that I was unable to find any documentation and information on the internet that provides a direct match to my situation. I hope anyone that may end up going down the same path comes across this blog post so they can save a bit of time during their deployment.

Friday, November 26, 2010

How do I export/import Exchange 2007/2010 receive connectors’ allow relay IPs?

I’ve been meaning to write a blog post about an interesting challenge I faced a few months ago while doing a hardware refresh for a client with their Exchange 2007 environment. They had one hub transport server that was on older hardware and had purchased two new servers to provide redundancy which gave us the opportunity to plan and design the changes required. I won’t go into the details of the other aspects of the project but as I was building the new hub transport servers, I noticed that they had a few receive connectors to get moved. I did not foresee that to be a problem initially until I opened up the properties and saw lists of 40+ IPs in the Receive mail from remote servers that have these IP address list under the Network tab.

image

There were three of these Receive Connectors so it was very time consuming to recreate these for each server. So in the case of these 2 hub transport servers, that would be 3 receive connectors each with, say 40 remote server IPs, which would equate to 2 x 3 x 40 = 240 entries!

Since I was sure there had to be some way of making this easier, I went ahead and posted a question on our Microsoft Support forum to see if what response I would get. While I did get a solution, it’s not as easy as I thought it would be so the following shows exactly what needs to be done:

Step #1 - Exporting the information

Open up Exchange Management Console and navigate to the Receive Connectors window and write down the name of the receive connector you would like to export.:

image

You can also use PowerShell to list the connectors with the command:

Get-ReceiveConnector

image

[PS] C:\Documents and Settings\tluk\Desktop>Get-ReceiveConnector

Identity Bindings Enabled
-------- -------- -------
EXCH1\Default EXCH1 {0.0.0.0:25} True
EXCH1\Client EXCH1 {0.0.0.0:587} True
EXCH1\Imail {0.0.0.0:25} True
EXCH1\For Relay Servers {0.0.0.0:25} True
EXCH2\Default EXCH2 {0.0.0.0:25} True
EXCH2\Client EXCH2 {0.0.0.0:587} True
EXCH2\For Relay Servers {0.0.0.0:25} True
EXCH2\mail {0.0.0.0:25} True
EXCHCAS3\Default EXCHCAS3 {0.0.0.0:25} True
EXCHCAS3\Client EXCHCAS3 {0.0.0.0:587} True
EXCHCAS3\For Relay Servers {0.0.0.0:25} True

Now to get the list of IPs allowed to relay off of this connector, we can execute the cmdlet: Get-ReceiveConnector “ServerName\ReceiveConnectorName” fl RemoteIPRanges.

Note that the reason why I used quotes is because the receive connector I was working with had spaces in the name.

[PS] C:\Documents and Settings\tluk\Desktop>Get-ReceiveConnector "EXCH1\For R
elay Servers" fl RemoteIPRanges

RemoteIPRanges : {10.1.1.77, 10.10.1.93, 10.1.1.101, 10.10.1.211, 10.10.128.42,
10.1.18.41, 10.1.4.72, 10.1.1.89, 10.1.4.73, 10.10.23.42, 10.
10.23.55, 10.10.23.43, 10.1.18.31-10.1.18.34, 10.10.23.31-10.1
0.23.44, 10.5.128.27, 10.10.128.5...}

[PS] C:\Documents and Settings\tluk\Desktop>

As shown in the output above, the RemoteIPRanges output gets truncated when the list has more than 16 entries which means if the list has less than 16, you’re set to go but if you have more then you’ll have to continue on with the following:

To get a full list of the IPs for a receive connector that contains more than 16 entries, you can issue the following cmdlet to dump the information into a text file:

$list=(Get-ReceiveConnector "ServerName\ReceiveConnectorName").RemoteIPRanges > c:\relayIPs.txt

In the case of the environment I was working in, you would execute:

[PS] C:\Documents and Settings\tluk\Desktop>$list=(Get-ReceiveConnector "Exch1\For Relay Servers").RemoteIPRanges > c:\relayIPs.txt

[PS] C:\Documents and Settings\tluk\Desktop>

image

After executing this command and opening up the text file, you’ll see something like this:

image

Not exactly what we wanted but this is apparently the best we can get from using PowerShell so with a little work in your preferred editor (in my base, I use Excel), you can reorganize the information and remove unneeded lines to format the IPs as such:

x.x.x.x,x.x.x.x,x.x.x.x….

Step #2 - Importing the information

Once you have the information formatted appropriately, all you need to do now is use the cmdlet: Set-ReceiveConnector “newServerName\newReceiveConnector” –RemoteIPRanges xxxx,xxxx,xxxx…

…to enter the IPs. Here’s what the process would look like if I was going to add these IPs to a receive connector named “Test”:

image

Execute the cmdlet to set the allowed IP:

[PS] C:\Documents and Settings\tluk\Desktop>Set-ReceiveConnector "Exch2\test" -RemoteIPRanges 1.1.1.1

image

Open up the receive connector to confirm that the IP has been set:

image

It’s not as simple as I thought but at least this makes the process less painful than copying and pasting all the entries.