Live Meeting 2007 – Loading Image Issue

Recently I deployed a new Microsoft OCS 2007 R2 environment, which may well be my last now that Lync Server 2010 is available. When testing content uploads from both internal and external Live Meeting clients, whenever I attempted to upload a file of any format or create a new whiteboard I simply received a “Loading Image” message in the centre of the Live Meeting 2007 client. No matter how long I waited the “Loading Image” messaging never disappeared and my content was never displayed. It turned out, that for this content to work correctly you require the IIS 7 role service “Static Content” on your OCS 2007 R2 Standard Edition server. To resolve the “Loading Image” issue I performed the following actions:

1. Connect to your OCS 2007 R2 Standard Edition server and open the server manager console.

2. Expand the roles node and then right click Web Server (IIS) and then select Add Role Services.

3. In the Add Role Services wizard, under Common HTTP Features, select Static Content and click Next.

4. Wait for the role services to install and then click finish. At this point I would recommended rebooting the server, however if you want to perform this without distruptions to end users you can simply open the run command and type “iisreset” to restart the IIS web services.

5. Create a new Live Meeting and test either a new whiteboard or file upload, this should now work as required.

More information on Live Meeting 2007 can be found at the following URL: http://office.microsoft.com/en-us/live-meeting/

Uninstalling Microsoft Office Communications Server 2007 R2

Uninstalling Microsoft OCS 2007 R2 probably isn’t something your going to do on a regular basis. I recently had a requirement to perform this and to make sure the uninstalltion went accordingly I tested this a few times in a virtual lab environment. During my testing I followed several online guides, including those on TechNet and community blogs, however I always encountered issues when attempting to remove services and being prompted with error stating services were still active and associated data would be left in Active Directory. After a few failed attempts I decided to devise my own decommissioning method to remove all service attributes from Active Directory. To test this was successful I reinstalled OCS 2007 R2 in the same lab environment and everything worked as expected. My decommissioning steps are detailed below:

1. In the OCS 2007 R2 Administrative Console, expand Standard Edition Servers, expand your servers computer name and then right click the “Users” container and click “Delete Users”. Follow the presented wizard to remove all OCS attributes from your SIP enabled user accounts.

Note: This does not delete your Active Directory user accounts, it simply SIP disables the users.

2. Right click your servers computer name and select “Deactivate”, then proceed to deactivate each role in the following order. Performing these steps in the incorrect order will impact the uninstallation of the product.

Response Group Service
Outside Voice Control
Conferencing Announcement Service
Conferencing Attendant
Application Host
Application Sharing Server
A/V Conferencing Server
Web Conferencing Server
Web Components Server
Front End Server – If deactivation fails, run this again but check the force option.

3. Once the deactivation is complete, go to the control panel of your server and select either Add/Remove Programs or Programs & Features depending on your operating system version. Proceed and remove the following services in the below order.

Application Host
Application Sharing Server
Audio/Video Conferencing Server
Conferencing Announcement Service
Conferencing Attendant
Outside Voice Control
Response Group Service
Web Conferencing Server
Standard Edition Server (Front-End)
Managed API 2.0 Core 64-bit
Managed API 2.0 Speech x64
Managed API 2.0 Windows Workflow Activities Server Speech Language Pack
OCS 2007 R2 Administrative Tools
Web Components Server
Core Components

4. Demote your server from the domain and proceed to delete it’s Active Directory computer account and its associated DNS A and SRV records.

That’s it, you have successfully removed Office Communications Server 2007 R2 from your environment. If you have a requirement to unprepare your domain or forest there is some good information on performing this here.

OCS 2007 R2 – External Audio/Video Conferencing Issues

The successful implementation of external audio/video conferencing in Microsoft OCS 2007 R2 appears to be an issue that many people face when deploying the product. I too have experienced this issue and this post will detail both the errors and resolutions put in place to enable external A/V conferencing on an OCS 2007 R2 Standard Edition deployment with a Consolidated Edge server. The implementation item’s listed in this post assume you have a firewall product in front of the Consolidated Edge server that is performing both resverse proxy and NAT features.

1. External A/V Conferencing – Errors

When testing multiparty A/V conferences I experienced the following errors. These errors were produced when adding a third participant to an existing two party (peer to peer) A/V conference.

Cannot perform the selected action. This action may not be permitted by the conferencing service. Please try again. If the problem persists, please contact your system administrator.

The call was disconnected because you stopped receiving audio from user@externaldomain.co.uk. Please try the call again.

An error occurred while trying to take the call off hold. If the problem persists, contact your system administrator. More details (ID:500)

An error occurred while trying to start the conference. More details (ID:52031)

As you can see, there is not a single persistent error that is produced which unfortunately makes troubleshooting slightly more difficult. After spending some time performing SIPStack traces and reviewing Communicator logs via the Snooper Tool, I narrowed the errors down to a firewall and consolidated edge server configuration issue.

2. External A/V Conferencing – Resolution Items

The item’s listed below resolved the external A/V conferencing issues I was experiencing. These steps are also included in the official Microsoft production documentation for Consolidated Edge server deployments.

A/V Edge Service Name Resolution- Configure the Edge Server to resolve the FQDN associated with public A/V Edge service to the publicly routable IP Address, not it’s internal NAT’d IP address. For example, if your A/V Edge service has a public IP address of 100.200.255.255 and a NAT’d IP address of 10.45.16.5, if you run a command prompt from the Edge Server and type ping av.externaldomain.co.uk it must return 100.200.255.255. A good way of achieving this is making a hosts file entry on your Edge Server to force the FQDN to resolve to the public IP address.

A/V Edge Service NAT- Assuming you have a firewall product (ISA/TMG) in front of your Consolidated Edge server that is performing NAT, configure the A/V Edge service to support NAT by checking the “External IP address is translated by NAT” checkbox. This setting can be found under the Edge Servers properties dialog box.

Firewall Access Rules- Configure your firewall product with the following protocol definitions to allow A/V traffic to be passed to your Consolidated Edge server. Once you have performed this, create a new server publishing rule that targets your Consolidate Edge server and utilises the protocols you have just created.  Please note the below protocol definitions target ISA/Forefront TMG deployments specifically. A very useful article on performing this can be found here.

Protocol nameAV TCP In
Protocol typeTCP
DirectionInbound
Port Range50000-59999
Protocol nameAV UDP in
Protocol typeUDP
DirectionReceive/Send
Port Range3478, 50000-59999

Testing Access - If you are using internal clients to perform multiparty A/V testing then ensure those clients have unrestricted access through your internal firewall. I experienced an issue where outbound traffic from my test clients was being blocked by my internal firewall, which in turn created additional issues. Ensure you have complete outbound access for your test clients and then scale back access from there.

I hope this assists your external A/V conferencing implementation.

OCS 2007 R2 – Public IM Provisioning

I recently had to assist a customer with public IM provisioning for OCS 2007 R2, and while there are some relatively good guides on how to perform this on the internet, I haven’t found any that actually show you the provisioning form itself. Here are the steps to take in order to provision your SIP Domain(s) for public instant messaging connectivity.

1. Navigate to the Microsoft PIC provisioning website at the following URL: https://ocspic.livemeeting.com/ and sign in with your Windows Live ID.

2. Once logged in with your Windows Live ID you will be presented with the following screen:

PIC Provisioning License Type 300x170 OCS 2007 R2   Public IM Provisioning

On this screen you will need to select your organisations Microsoft Licensing Agreement type, and hopefully you have already purchased the public IM CAL’s you need to federate with Yahoo!, MSN and AOL. Select the appropriate agreement radio button for your organisation, check to agree to the terms of service and you will then be asked for your Microsoft Agreement Number. If you do not supply this number, you will be unable to proceed with the provisioning process.

3. On entering your agreement number you will also see a small area of information that will be required later on in the provisioning process as shown below:

PIC Provisioning Information 300x142 OCS 2007 R2   Public IM Provisioning

In our case, we need to pay particular attention to the information listed under the “Initiation of new service” section. Once you agreement number is entered click Submit, and you will then be asked for your contact details. Please ensure these are correct, as Microsoft uses these details to send you information on the status of the provisioning process. Once you have filled in your contact details click Next.

4. Select the “Initiation of new service” link and you should then find yourself at the most important screen of the process, this is the area where you specify the FDQN of your Access Edge server and the SIP Domain names you wish to utilise. It is very important both of these values are correct, if the FQDN you specify in the provisioning form is different to that of the subject name specified in your public SSL certificate for your Access Edge service, federation with public IM providers will fail. Likewise this will also occur if you specify the wrong SIP domain names.

Public IM Provisioning Form 300x139 OCS 2007 R2   Public IM Provisioning

For example, if my Access Edge SSL certificate had been generated with the subject name of sip.mycompany.com, the FQDN I would enter in the form would be sip.mycompany.com. In turn, my SIP domain would then be mycompany.com, this is assuming you had configured this external domain name as an additional SIP domain on your Front-End and Consolidated Edge servers.

5. Once you have completed all the required information, click Next and your all done. The lead time on completing public IM provisioning is 30 days, as Microsoft will need to submit this information to both AOL and Yahoo! if you have chosen to federate with the providers as well.

More information on the prerequisites for public IM and completing the provisioning process can be found at the following URL: http://go.microsoft.com/fwlink/?LinkId=155970