Configuring your Enviroment for the Microsoft Phone Edition (Tanjay) (OCS) (Jun 19 2008)

Friday, January 8, 2010 at 12:35AM
Rob Sealock

This is informative purposes only.  

 

At a minimum you will need to have the following configured on your network in order for the Tanjay to connect:

 

• DNS
• DHCP
• NTP
• Certificate Service registered in AD

 

DNS

The DNS zone for the domain containing your Tanjay device must have the following 2 records:

 

1.       An A record for the SIP domain you want the Tanjay to connect to; for example:

 

(internal access)  sipinternal.yourDomain.com   IPAddressOfAccessProxy

(external access)  sip.yourDomain.com      IPAddressOfSEServer

 

 

2.       A UDP SRV record for the NTP service (stored under yourDomain.com/_udp); for example:

 

_ntp      port:123      NTPServerFQDN

 

3.   SRV records for the OCS service discovery internally

 

_sipinternaltls._tcp.<FQDN of SIP Server (Director or OCS Server, pool or pool VIP)>

 

_sipinternal._tcp.<FQDN of SIP Server (Director or OCS Server, pool or pool VIP)>

 

4.       SRV records for the OCS service discovery externally (for remote access)

 

_sip._tls.<FQDN of SIP Server (Director or OCS Server, pool or pool VIP)>

 

_sip._tcp.<FQDN of SIP Server (Director or OCS Server, pool or pool VIP)>

 

 

DHCP

Starting with build 421 running against an OCS 2007 RTM server, Tanjay now supports DHCP Option 119 which allows an Administrator to define a list of DNS Suffixes to try if the default DNS Domain Name defined in DHCP Option 015 does not produce a valid DC. The Tanjay will attempt to form a valid FQDN by appending each suffix in sequence.

To enable DHCP Option 119:

1. From DHCP Administrator, right click DHCP server name and select Set Predefined Options
2. Leave Option class: as DHCP Standard Options and click Add
3. For Name: enter DNS Search List, set Code: to 119 and Data Type to String, leave the Array check box unchecked (it is not an array) and click OK
4. Right click Scope Options, select Configure Options, check Option 119 DNS Search List
5. In the Value section in the String list box, enter a list of domain suffixes in your organization delimited by a semi-colon

 

Example: contoso.com;dev.contoso.com;corp.contoso.com

 

1. Click OK to close the Predefined Options and Values page

 

NTP

Reference:

“Configuring the Windows Time service to use an internal hardware clock” in this document:

http://support.microsoft.com/kb/816042/

 

Enabling the time service is done via group policy on the domain object containing the NTP server using the following steps:

 

1. Open Active Directory Users and Computers
2. Right click on the domain containing your NTP server and select Properties
3. Click the Group Policy tab, make sure the Default Domain Policy is highlighted and click the Edit button
4. Expand Computer Configuration, Administrative Templates, System, Windows Time Service
5. Click on Time Providers and in the right pane double-click Enable Windows NTP Server, confirm the Enabled radio button is selected and click OK
6. From the Group Policy Object Editor menu select File and click Exit

 

Note:  Once you connect your Tanjay device to the network and power it up, the logon display should appear within approximately 2 minutes. If that doesn’t happen confirm that your network connection, DHCP and NTP settings are working properly.

 

Certificates

The Tanjay device registers the internal certificate authority in its “Trusted Authorities” store which requires the following two conditions to be in effect:

 

• Certificate AutoEnrollment is enabled
• Certificate Authorities has to contain the Internal CA name

 

Enabling certificate AutoEnrollment is done via group policy on the domain object containing the Tanjay device using the following steps:

 

1. Open Active Directory Users and Computers
2. Right click on the domain containing your Tanjay device and select Properties
3. Click the Group Policy tab, make sure the Default Domain Policy is highlighted and click the Edit button
4. Expand Computer Configuration, Windows Settings, Security Settings
5. Click on Public Key Policies and in the right pane double-click Autoenrollment Settings, confirm the Enroll certificates automatically radio button is selected and click OK
6. From the Group Policy Object Editor menu select File and click Exit

 

Build 421 and above:

Starting with build 421 the Tanjay will continue to go to the Certificate Authority if AutoEnrollment is enabled. However for companies that do not enable AutoEnrollment it’s now possible to upload the path to a .CER file into Active Directory Certification Authority container (Figure 5) and have the Tanjay pull it down from there.

 

To upload the path to a .CER file run the following command from a domain controller:

 

certutil -f -dspublish ".CER file location" RootCA

 

 

If you are using a 3^rd party certificate, the following table contains a list of the default trusted root CAs built into the Tanjay. If your 3^rd party vendor is on this list it is not necessary to publish anything related to certificates in Active Directory.

 

 

 

Vendor	Certificate Name	Expiry Date	Key length
Comodo	AAA Certificate Services	12/31/2020	2048
Comodo	AddTrust External CA Root	5/30/2020	2048
Cybertrust	Baltimore CyberTrust Root	5/12/2025	2048
Cybertrust	GlobalSign Root CA	1/28/2014	2048
Cybertrust	GTE CyberTrust Global Root	8/13/2018	1024
Verisign	Class 2 Public Primary Certification Authority	8/1/2028	1024
Verisign	Thawte Premium Server CA	12/31/2020	1024
Verisign	Thawte Server CA	12/31/2020	1024
Verisign	Secure Server Certification Authority	1/7/2010	1000
Verisign	Class 3 Public Primary Certification Authority	8/1/2028	1024
Entrust	Entrust.net Certification Authority (2048)	12/24/2019	2048
Entrust	Entrust.net Secure Server Certification Authority	5/25/2019	1024
Equifax	Equifax Secure Certificate Authority	8/22/2018	1024
Geotrust	GeoTrust Global CA	5/20/2022	2048
Godaddy	Go Daddy Class 2 Certification Authority	6/29/2034	2048
Godaddy	http://www.valicert.com/	6/25/2019	1024
Godaddy	Starfield Class 2 Certification Authority	6/29/2034	2048

 

 

OCS Settings

In order to complete the Tanjay boot up process it is necessary for certain VOIP properties to be set at the forest level and then mapped to the Front End properties of the pool. The following steps detail the process:

 

1. Click Start, Programs, Administrative Tools, Office Communications Server 2007, Administrative Tools
2. Right-click on Forest and choose Properties and click VOIP Properties
3. Click the Normalization Rules tab and if no Normalization Rules are defined, click the Add button and create one.

Phone Pattern: ^([0-9]{7})$

Translation: +1403$1

Here the 403 is my area code.

4.       Under the Locations Profiles tab click the Add a Location

5.       Right Click on the OCS Pool and choose Front End Properties

6.       Choose Voice, Location Profile, select the Location Profile you just created as the default location.

 

Article originally appeared on (Still) Heavy on the Technical (http://robsealock.squarespace.com/).