A while ago I wrote about virtualization of Office Communication Server 2007 R2, OCS 2007 R2 had a limited supportability for virtualization” Only the Presence, IM (including remote access, federation, and PIC) and Group Chat workloads”.
The next release of Office Communications Server and Communicator together with Exchange 2010 is currently referred to as UC “Wave 14″ (code-name). The latest publicly available release date is in “late 2010”.
With Wave 14, OCS 2010 will support virtualization .. Yes it will 😀
- Virtualization of specific Communications Server roles
- SQL, Exchange, and AD virtualization where appropriate
- Hyper-V R2 (not R1)
- Client virtualization (except Audio / video) – use IP phone
“client virtualization technologies such as Citrix is supported for IM and meetings but audio and video is NOT supported . Microsoft’s recommendations is to use an IP phone if virtualized desktops are used.”
What’s not supported?
- Branch office / gateway only / mediation server + gateway
- Standard edition servers (already a single box)
- Live Migration of Communications Server VMs
Today I got this mail from Omar El Sherif Microsoft TSP. this is some amazing news for all virtualization fans. finally the OCS will go virtual.
“We are pleased to announce that the Office Communications Group will soon release the virtualization story of Office Communications Server 2007 R2.
With this type of server deployment, we will support both a fully distributed virtualized topology across several hypervisors and a single server virtualized topology. This will include ability to deploy those topologies onto Windows Server 2008 Hyper-V, or onto any Server Virtualization Validation Program (SVVP) certified partners (http://www.windowsservercatalog.com/svvp.aspx?svvppage=svvp.htm). Note that there are some limitations to this support.
Only the Presence, IM (including remote access, federation, and PIC) and Group Chat workloads will be supported. The following server roles can be deployed: Consolidated Front-End Servers, Back-End SQL Server 2008 64 bits, Group Chat Channel Servers, Group Chat Compliance Servers and Edge Access Servers. Those virtual machines will be running on Windows Server 2008 64 bits. The topology has been tested to handle up to 40,000 users, including 10,000 group chat users.
All other workloads will not be supported as part of this announcement. That means voice, video, live meeting and application sharing workloads will not be part of the architecture, even for P2P communications. Therefore audio/video/web conferencing servers, audio/video/web edge conferencing servers, dial-in conferencing, archiving/monitoring server, Communicator Web Access, enterprise voice, or Remote Call Control will not be deployed as part of the “virtualized” pool. When these workloads are required, then a new pool with physical servers should be deployed for those users.
In order to help customers scope their topologies, the product group will also release Microsoft® Office Communications Server 2007 R2 Capacity Planning Tool, capable of simulating user load for the available workloads. This will help customer to quickly validate the hypervisor load and scalability before going to production.
Along with this future announcement, a whitepaper detailing the tested architecture, the performance, the way to setup the load simulation tool, and a methodology to select a successful architecture will be released.”
Support for the Microsoft unified communications clients in Application Virtualization environments
Today We have Passed Microsoft assessment and Became officially UC Voice Partner and we will be listed on Microsoft website http://www.microsoft.com/uc/partners/voice.mspx
Yes Officially on Microsoft UC Page along with Nortel , Siemens ,Gold System and other Big Boys
We are also officially now part of highest UC technical program, Microsoft Technical Adoption Program (TAP).
More Info here : http://msdn.microsoft.com/en-us/isv/bb190413.aspx
Special thanks for Katherine Green and Keith Hanna from Microsoft for thier time and support
I have to really thank two of our great team members who have been working really hard on that to pass Microsoft requirements and deadlines , Thanks to Mina Nagy our UC team lead for outstanding effort and the great work he did and thanks to Caroline Ramzy who has shown great troubleshooting skills in solving all problems we faced.
Let Everyone Know …They are playing with the Big Boys now
This post based on Mina Nagy E-mail.
OCS Server Failed during forest Prepration although the domain prep worked fine.Reading the logs doesn’t turn up anything obvious in terms of what fields are not available.
Failure [0xC3EC78CA] At least one built-in display specifier object could not be found. Please make sure all display specifier objects were created successfully during DcPromo process by checking log files (%Windir%\Debug\Dcpromohelp.log and %Windir%\Debug\Csv.log).
Realizing that Prep Forest adds the required OCS containers, you may have a write error or you could have problems with your AD schema.
This issue may occur if the Display Identifiers object cannot be located in Active Directory.
To solve this problem:
1-Click Start, click Run, type cmd in the Open box, and then click OK.
2- Type the following command, and then press ENTER:
csvde -i -f %windir%\system32\mui\dispspec\dcpromo.csv -c DOMAINPLACEHOLDER domain distinguished name (DN) -j %windir%\debug -k
* Replace domain distinguished name (DN) in the command with the DN of the domain, such as dc=domain_name,dc=local.
For more Info check Microsoft KB
After long time of the first release of Office Communication Server 2007 and mystery about X64 Support Microsoft announced that Next release of OCS will support 64 Bit OS (x64).
As a part of the broad initiative across Microsoft to support 64 bit versions across many of its product lines, the next release of OCS will support 64-bit operating systems only. This decision will help meet customer demand and is a natural progression of the product that aligns with the same approach taken by the Exchange team (with Exchange 2007) and the SharePoint team (with SharePoint 2007) to support 64 bit operating systems only.
For the next release of OCS, Microsoft will support deployments on 64 bit operating systems – Windows Server 2003 x64 (R2) and Windows Server 2008 x64.
I faced problem in implementation Client Web Access server on windows 2003 R2 SP2.
The problem prevent client web access…first I thought it is configuration problem but when I checked the event viewer I saw that Error
ErrorID : 2274
Source : W3SVC-WP
This error on CWA server related to cwsauth.dll file that can’t be loaded.
I contact Microsoft for the error and got the following replay:
- The 64-bit edition of SQL Server™ 2005 SP2 on the Back-End Database of an Enterprise pool or the Archiving and CDR database.
- Running the 32-bit version of the Access Edge Server on 64-bit hardware with WOW (Windows on Windows) 64 mode on the 64-bit edition of Windows Server 2003 SP1 and later.
- Running the 64-bit kernel driver component of the A/V Edge Server natively on 64-bit hardware plus the A/V Edge Server service component with WOW64 mode on the 64-bit edition of Windows Server 2003 SP1 and later.
- Running the 32-bit version of Standard Edition server on 64-bit hardware with WOW64 mode on the 64-bit edition of Windows Server 2003 SP1 and later.
Support for 64-bit Operating Systems
Office Communications Server 2007 supports the following tested 64-bit configurations:
Like you see it does not give any answer for my problem.. Actually deploying OCS in X64 bit system is not the best practice since the setup for OCS and the console run under the WOW64 subsystem since they are 32bit programs.
I searched the internet and find more problems related to this problem
Comment : Deploy your OCS server in win X86 mode..It is better.
Aside:Actually, I think your situation has a better solution that solve X64 problem. I think it is known issue with application running in IIS in WOW64 mode.
If you check your Event Log entries, you will likely find several of the following entry, followed by another entry declaring that the Application Pool is being disabled.
Event Type: Error
Event Source: W3SVC-WP
Event Category: None
Event ID: 2274
Could not load all ISAPI filters for site/service.
I think the reason why you are getting this event is straight forward:
- On 64bit Windows, the “bitness” (i.e. 32bit or 64bit) of a process must match the bitness of the DLLs loaded by that process. In other words, a 64bit EXE can only load 64bit DLLs, and 32bit EXE can only load 32bit DLLs ( the problem of the cwsauth.dll file ).
- By default, IIS6 on 64bit Windows runs with 64bit W3WP.EXE worker processes
- .NET Framework 2 has ASP.Net implemented through 32bit ISAPI DLLs.
What is happening when OCS wizard install .NET Framework 2 on IIS6 on 64bit Windows is that while IIS6 runs W3WP.EXE as 64bit, you are configuring it to load some 32bit ISAPI DLLs. This does not work and leads to the event log entry. Since the ISAPI DLLs are loaded for every request, this failure immediately happens again and again, thus triggering the “Rapid Fail Protection” health monitoring check of IIS6. This leads to this Application Pool being taken offline .
One way to fix this issue is to:
- Change IIS6 run W3WP.EXE as 32bit
- *** IMPORTANT *** Then restart the CWA Application Pool that returns the error since it is stopped. You cannot fix any error without restarting the Application Pool.
Changing IIS6 to run W3WP.EXE as 32bit allows the 32bit ISAPI DLLs installed by .NET Framework 2 for ASP.NET to load and run inside of it. This is done by running the following commandline:
CSCRIPT %SYSTEMDRIVE%\Inetpub\AdminScripts\adsutil.vbs SET W3SVC/AppPools/Enable32bitAppOnWin64 1
This command switches IIS6 into running WOW64 (i.e. 32bit compatibility) mode on 64bit Windows on-the-fly so that IIS6 can immediately run 32bit ISAPI DLLs… unless that Application Pool is ALREADY returning 503 errors, in which case you MUST restart the Application Pool to have the bitness switch take effect. It makes sense because a 503 error means the Application Pool is offline and not running, so you must restart it to have setting changes take effect.
You can do this by either:
- Restarting the Application Pool in question
- Restarting IIS
NET STOP W3SVC /y & NET START W3SVC
- Reboot the server
SHUTDOWN -r -t 0
Now, I cannot guarantee that this works for you because you may have other applications that must run as 64bit, in which case you have a conflicting need to simultaneously run 32bit and 64bit code in IIS6, which is not allowed.
See KB 895976 for more details.
Automatic configuration allows Communicator to find and connect to the appropriate OCS server without manually entering a server name into its settings. Communicator has special requirements for DNS and certificates to make this work properly.
The problem that OCS likes other Microsoft UC solutions does not support multiple SIP name. Most of organizations need DNS splitting as security requirement.
Here you are the Scenario: We have organization that its internal domain name is Contoso.ad and have E2K3 server with E-mail Policy @contoso.com, they need to implement new OCS server to support internal and external users.
Easy, maybe it looks like that…The problem that office communicator is designed to log-on using server within same domain name i.e. the OCS FQDN must be in our case OCSSRV.contoso.ad.
Until now, it is okay but the user must log-on with name firstname.lastname@example.org so we have to support contoso.com SIP domain.
Are you confused? It is little tricky… here you are the solution
Hosting Domain Contoso.ad, Contoso.com
OCS Computer FQDN OCSSRV.contoso.ad
Supported SIP Domains:
Contoso.ad (default inherited from AD)
DNS Records (Internal)
Split DNS configuration is a requirement for automatic configuration. Simply put, split DNS means you have two DNS zones for one domain name. One DNS zone exists on internal DNS servers and provides name resolution only for internal clients. Another DNS zone exists on external DNS servers to service external clients.
Split DNS is required so that users can use the same sign-on name in Communicator and have their correct login server resolved inside and outside the network.
First, we have to create primary DNS zone in internal domain with name Contoso.com. Create A record in it for OCSSRV server.
The following SRV records need to be created. Note that these records must be created in the DNS database of the servers authoritative for the particular zone.
Service Records (SRV)
To support multiple domains for encrypted communications we require that all front-ends in the Pool be configured with a certificate. The certificate must match the FQDN returned by any DNS SRV query. Therefore, the certificate must contain multiple entries. We call these SANs (Subject Alternate Name) and the certificate must include the FQDN of the pool and one entry for each supported SIP domain.
Subject Alternate Name
I tried to do that through the OCS certificate configuration wizard …It should work.
but if it failed you can do it through another way.
You have to obtain Subject Alternative Name (SAN) to your OCS certificate. The OCS certificate is submitted to a certification authority (CA) that is configured on a Microsoft Windows Server 2003-based computer. The SAN lets you connect to a domain controller by using a Domain Name System (DNS) name other than the computer name. I will explain how to add SAN attributes to a certification request that is submitted to an enterprise CA (ContosoCA)
How to configure a CA to accept a SAN attribute from a certificate request
By default, a CA that is configured on a Windows Server 2003-based computer does not issue certificates that contain the SAN extension. If SAN entries are included in the certificate request, these entries are omitted from the issued certificate. To change this behavior, run the following commands at a command prompt on the server that runs the Certification Authority service.
Certutil -setreg policy\EditFlags +EDITF_ATTRIBUTESUBJECTALTNAME2
net stop certsvc
net start certsvc
How to create and submit a certificate request
When you submit a certificate request to an enterprise CA, the certificate template must be configured to use the SAN in the request instead of using information from the Active Directory directory service.
How to use Web enrollment pages to submit a certificate request to an enterprise CA
To submit a certificate request that contains a SAN to an enterprise CA, follow these steps:
- In Internet Explorer, connect to http://contoso.ad/certsrv.
- Click Request a Certificate.
- Click Advanced certificate request.
- Click Create and submit a request to this CA.
- In the Certificate Template list, click Web Server.
- Provide identifying information as required.
- In the Name box, type the fully qualified domain name of the OCS server.
- Under Key Options, set the following options:
- Create a new key set
- CSP: Microsoft RSA SChannel Cryptographic Provider
- Key Usage: Exchange
- Key Size: 1024
- Automatic key container name
- Store certificate in the local computer certificate store
- Under Advanced Options, set the request format to CMC.
- In the Attributes box, type the desired SAN attributes. SAN attributes take the following form:
Multiple DNS names are separated by an ampersand (&).
- Click Submit.
- If you see the Certificate Issued Web page, click Install this Certificate.
Now return to OCS deployment and choose configure certificate wizard,
Choose to assign existing certificate and choose OCSSRV.contoso.ad server authentication certificate.
Assign the certificate in the IIS and restart it.
Now you can sign in with email@example.com although your pool is OCSSRV.contoso.ad.
Check this also at the UC Guy