. Remote users are unable to connect even

. Remote users are unable to connect even though everything seems to be set up correctly with LCS. Make sure the right ports are open on the firewall. The default port for TLS is 5061; for TCP it is 5060. Try to run the Diagnostic Client simulation test within the LCS Diagnostic tool, described later in this chapter. The test will provide you with a good snapshot of what is causing the connectivity issues. . I am trying to troubleshoot the connection between MOC and LCS. Where do I start? Enable client-side logging via regedit HKEY_Current_UserSoftwareMicrosoftTracing RTCDLL. Use Network Monitor or Siplogger (LCS 2003 Resource Kit) on the server to follow the traffic and see what is happening. . Why can t I send files, use audio/video, or enable data collaboration within Communicator when I am connected remotely? Audio/video communication, data collaboration with whiteboard, and file transfer are all peerto- peer sessions that do not run through an LCS server environment. When you are connecting remotely, your client is sending instant messages through your LCS environment remotely, but all of these additional sessions are run over the TCP stack. You need to use a virtual private network (VPN) to enable these features when on the road. . Why can t I use Group Instant Messaging as I could with IBM Sametime? Group IM did not make it into the current version of Live Communications Server 2005 SP1. This feature is scheduled for the next version. In the meantime, you can create groups in your Communicator client and then IM the entire group by clicking on the group name. . What is the difference between remote call control (RCC) and Voice over IP (VoIP)? RCC is used for Communicator control over a PBX system line (dial-tone). Using RCC, you can control your PBX phone as you would on the phone itself. With VoIP, you are connecting over the Internet using a PSTN service to establish an RTP media session. . Why can t I initiate an outbound call using Communicator? This is probably due to a bad configuration of your LCS environment s connection to a PSTN or PBX service. LCS requires a gateway between any PSTN or PBX system that is non SIP-compliant. Check with your LCS administrator to ensure that your LCS environment is configured appropriately. . I am unable to send hyperlinks through MOC. What could be the problem? Hyperlinks are not always recommended within a Live Communications Server environment. If you need to enable hyperlinks to be sent to each client, use the following steps: 1. Set the policy for Communicator to allow URLs to be clickable. 2. In the Windows registry editor, edit the following key to match the following settings: HKEY_LOCAL_MACHINESOFTWAREPoliciesMicrosoftCommunicatorEnableUrl 3. Make sure that the IMFilter.am on the server is not configured to block URLs in messages. If you use the GPO, Undefined is the same as Disabled, so you must explicitly allow URLs in Communicator. 197 Troubleshooting

Note: If you are looking for good and high quality web space to host and run your jsp application check Lunarwebhost jsp web hosting services

Microsoft has provided a Live Communications Server 2005

namespace that LCS is deployed within, you can create a listing of this alternate namespace within the LCS Forest Global Settings. If these are users from another domain altogether and they are trying to connect into a centrally deployed LCS environment, you can either use an LCS director to route these users and/or deploy a new certificate on each LCS server and modify this new certificate s subject alternative name (SAN) to include the additional domains you are supporting. More information on the SAN field of a certificate can be found in Chapter 4. . Why are users unable to communicate with their contacts that are hosted on another LCS server? This problem is usually related to TLS configuration. When you deploy more than one LCS server within an environment, you must enable an MTLS connection entry so that these servers can communicate with one another. MTLS, as described in Chapter 4, provides mutual authentication between servers. Please ensure that you have created an MTLS connection, as described in Chapter 4, on each LCS server in your environment. . Why can t I see the presence of my contacts when everyone is signed in? Usually this is attributed to network connectivity issues. Make sure that your Active Directory domain controller is functioning properly, that you can connect to your LCS servers without delayed responses, and that you have configured DNS correctly, as described in Chapter 4. If each of these settings has been correctly configured and you are using LCS Enterprise Edition with a hardware load balancer, ensure that the load balancer has been configured properly. Sometimes the load balancer is not set up correctly between LCS EE pool servers, which can cause SIP messages to disconnect, such as the BENOTIFY method, which is used for presence awareness. . What should I do when the LCS service does not start after activation? First, verify that the LCS service is running. Then, start looking for errors in activation logs and the Windows Server Application event log. Try connecting to the DB using the service account credentials and make sure no one has altered any of the permissions. . I don t seem to have enough privileges in Active Directory. Make sure that your account is a member of RTCDomainServerAdmins; and if you just ran DomainPrep, log off and log on again. This is required in order for Domain Prep granted permissions to take effect. . I am trying to deploy in a multi-forest environment and the trusts do not seem to work using Kerberos. In order for a Kerberos trust between forests to work correctly, both forests must be in Windows Server 2003 native mode. If one or both forests are running in Windows 2000 Server mixed mode, you must use NTLM as the authentication protocol. . I can t sign in with Microsoft Office Communicator 2005 with automatic configuration. This is usually related to a missing DNS host A record for the LCS server or pool; a missing DNS SRV record, as mentioned in Chapter 4; or a misconfigured TLS certificate. Please check DNS to ensure that you have a valid DNS host A record and SRV records matching what we outlined in Chapter 4, as well as a properly configured certificate infrastructure, also covered in Chapter 4. 196 Chapter 9

Note: If you are looking for good and high quality web space to host and run your jsp application check Lunarwebhost jsp web hosting services

Microsoft has provided a Live Communications Server 2005

Troubleshooting This chapter provides useful troubleshooting information related to Microsoft Office Live Communications Server 2005 SP1 and Communicator 2005. It includes a series of commonly asked questions and material that I and my co-authors believe is necessary to understand in order to deploy LCS and Communicator in a real-world environment, rather than a lab. Additional resource material is provided toward the end of this chapter, including a list of website links for obtaining support for LCS and Communicator online. General Troubleshooting (FAQs) Following are a few commonly asked questions specifically related to the configuration of Live Communications Server and Microsoft Office Communicator: . The Create Pool process fails when I try to complete the command. Why? This is usually due to SQL Server connectivity. You should run Create Pool on the SQL Server itself or on an LCS server that has the SQL Server DMO files installed on it. Also make sure that you have appropriate permissions to create these databases on the SQL Server itself. . Why can t I complete Prep Schema? This is usually due to Active Directory permissions. Prep Schema requires a user to have write permissions on the Active Directory schema to complete the task. Ensure that you have either Enterprise Administrator rights or write permissions to the schema. These are not commonly given out lightly in enterprise environments. . How can users with alternate login IDs/SIP URIs connect to my LCS environment? You can allow users who have alternate SIP URIs to connect to an LCS environment in a couple of different ways. If they are users within the same Active Directory domain and they have an e-mail alias that they want to use as their SIP URI that differs from the SIP

Note: If you are looking for good and high quality web space to host and run your jsp application check Lunarwebhost jsp web hosting services

Microsoft has provided a Live Communications Server 2005

Microsoft has provided a Live Communications Server 2005 Enterprise and Standard Edition Quick Start Guide that provides comprehensive information to enable a timely install. In our experience, an LCS environment can be set up, assuming that all software, hardware, network, and security components are enabled, in several hours if provided with an account with autonomous control. Such an installation would encompass only 20,000 users or less. Mobile Communications Communicator Mobile, known by its nickname CoMo, enables mobile operatives and vehicle transports with the power of unified communications on the go. As Microsoft has entered into automotive technology solutions, LCS client applications can be easily implemented within a mobile transport. This solution would coincide with the development of a mobile client, but would also include an integrated display panel to provide a user interface and input devices. Enabling LCS within a mobile transport provides secure Instant Messaging, audio, telephony, and video communications that are both monitored and archived. This solution provides a definitive solution for mobile and covert operations. Scenarios that include military raids, searches and rescues, target identifications, and other covert operations are greatly enhanced using Live Communications Server 2005. Enabling secured Instant Messaging, and audio and video communications, provides a better communications capability to both the base and field operators. Summary This chapter described several enterprise deployment lessons that have been learned from real-world scenarios. It also covered new ideas and concepts for implementing Live Communications Server 2005 SP1 in different environments, and various solutions were offered for challenging deployments. It also examined migrating from existing enterprise Instant Messaging platforms. In the next chapter, you will look at troubleshooting tasks within Live Communications Server 2005 SP1. 193 Enterprise Implementation Lessons Learned

Note: If you are looking for good and high quality web space to host and run your jsp application check Lunarwebhost jsp web hosting services

lcsimpac.wsf Last but not least, this script is

Locate and Communicate-Mapping Solutions In my professional opinion, a contact locator combined with the ability to provide IM and Voice over Internet Protocol (VoIP) is one of the most vital and utilized solutions for U.S. military and private sector agency use. Having the ability to track an asset or ops team located in a remote part of the world or only a few blocks away using a myriad of connections including GSM, GPRS, and GPS communications is simply awesome. This solution may sound complex, but combining the power of Microsoft Live Communications Server 2005 and Microsoft MapPoint 2005 provides a supported and moderately configurable solution to this scenario. Using the integration capability of LCS and MapPoint or Microsoft Virtual Earth, tracking an asset using location-based services and then communicating to the user via Live Communications Server 2005 SP1 using either secured VoIP or IM, while providing monitored and archived service, can be accomplished with ease. Protecting Communications Live Communications Server provides a secure Instant Messaging platform by utilizing Transport Layer Security (TLS) and Session Initiation Protocol (SIP). SIP is the structured message itself, while TLS is the transport in which the communication is carried. For U.S. military and private sector agencies, this level of security is desperately needed, as tapped communications are common. TLS provides the latest in secured communications since its predecessor, SSL, and provides a layer of encryption over the communication wire itself. For military and private sector agencies that require communication transmissions to be run on customized ports, LCS offers the functionality to modify the port used between LCS clients and servers. Logging of Instant Messaging Conversations Live Communications Server provides the ability to monitor and report Instant Messaging conversations through the LCS IM Archiving Service. The IM Archiving Service requires an additional server to support it, and the actual IM messages are stored in a SQL Server database. The LCS IM Archiving Service works by implementing an MSMQ (Microsoft Message Queue) service within the environment to capture Instant Messaging communications and then store them in a SQL Server database for recording and reporting purposes. This is a feature that can be turned on or off based on the required use of the service. Enabling the Live Communications Server 2005 IM Archiving Service will enable all LCS client communications to be stored in a back-end SQL Server database or SAN environment for reporting and recording purposes. This service is critical when communicating secret-level information, as the IM Archiving Service provides accountability and control. Deploying LCS for a Limited Duration Live Communications Server 2005 deployments can be accomplished in limited implantation time frames. The ability to deploy quickly for special operations is critical, as is the ability to tear down an LCS environment. 192 Chapter 8

Note: If you are looking for good and high quality web space to host and run your jsp application check Lunarwebhost jsp web hosting services

lcsimpac.wsf Last but not least, this script is

lcsimpac.wsf Last but not least, this script is used to convert the users Exchange IM permissions to their equivalent Live Communications Server presence permissions. It migrates the contacts to their respective LCS server. The Exchange IM access control lists (ACLs) are retrieved from Active Directory, and the users contacts from the files generated earlier by lcsmon.wsf. To run the script you must be logged on with Domain Administrator rights or be in the RTCDomainUserAdmins group. The script must run on a Standard Edition Server or on the Enterprise Edition pool back-end database. Further Information For further details on how to migrate users from Exchange IM to Live Communications Server, and for a more detailed view of the scripts that can be used, refer to the Microsoft Office Live Communications Server 2005 SP1 Resource Kit in the subfolder called Migration. The Live Communications Server 2005 SP1 Resource Kit can be found on the Microsoft LCS web site, at www.microsoft.com/lcs. Implementing LCS for Military and Private Sector Environments The purpose of this section is to provide guidance for the implementation of Live Communications Server for military and private sector use. The following topics are covered: . Satellite connectivity . Locate and communicate-Mapping Solutions . Protecting communications . Archiving communications . Deploying LCS for a limited duration . Mobile communications . Mobile clients . LCS within military transport . LCS for covert operations While policy will determine the ability to deploy LCS in the manner discussed in this section, this material provides an overview of how secured Instant Messaging can be a preferred communication tool for military and private sector operations. Deploying the appropriate devices and secured protocols will enable special forces and individual operations to be completed without compromising the security of the operation. 190 Chapter 8

Note: If you are looking for good and high quality web space to host and run your jsp application check Lunarwebhost jsp web hosting services

Keeping these differences in mind, we will split

Scripts Provided by Microsoft Microsoft provides four scripts to help the administrator perform certain steps described in the previous sections. Space not does permit a detailed description here, but it does offer a rough overview of how the scripts are used. lcsish.wsf lcsish.wsf has two uses. One is to generate a list of Exchange IM users in a specified Active Directory container. This script must be run from the command line with the following parameters: /eimdn and /genuserfile As the name indicates, this script goes to the specified Active Directory container and writes those users out to a specified file. The specified file is created in Unicode format. The output is written directly to the command console and you can redirect that to a file by using redirection. You can also use lcsish.wsf with these parameters: /userfile and /eimdn This initializes the file share and creates the user files, including permissions on the file so that only the user is able to open his or her own text file. lcsmon.wsf This script must be placed in the share created with lcsish.wsf and can only run from there. This script is used by every user, either by sending a link to the script or by using a login script. The script exports the user s contacts from the registry to the file created earlier for the user. It uses the user s login credentials to run the script and to validate the user against the Exchange IM server. If the user is not logged on to the domain, the script can be used with the /user switch with the user s name and FQDN, in the form user@fqdn. lcssipen.wsf The next script performs the steps to acquire a list of users to be enabled. It uses the /homeserverdn switch to determine which Enterprise Pool or Standard Edition Server should be used for the user, as well as a SIP mapping switch to determine and change the mapping of Exchange IM SIP domains to Live Communications Server SIP domains. If /force is not specified, the user will be skipped. The /onlysipenable switch can be used to only set the value in the msRTCSIP-UserEnabled attribute to TRUE. Another switch, /sipenable, is used to set the attribute msRTCSIP-UserEnabled to TRUE if provided, or FALSE if not. As with all the other scripts, everything is logged to the screen; to redirect the output, use the normal redirection option lcssipen.wsf param1 param2 paramx > logfile.txt. 189 Enterprise Implementation Lessons Learned

Note: If you are looking for good and high quality web space to host and run your jsp application check Lunarwebhost jsp web hosting services

Keeping these differences in mind, we will split

This approach consists of eight steps: 1. Capacity planning 2. Deploying the Live Communications Server Client Microsoft Office Communicator 3. Generating a list of Exchange IM users 4. Gathering and exporting user contact lists 5. Homing users 6. Importing user contact lists and permissions to Live Communications Server 7. Using dual contacts 8. Removing Exchange IM after a transition period Gradual Migration Importing Users Contacts and Permissions This migration path is mostly designed for large organizations with a significant number of IM users. The idea is to migrate users in batches over a period of time (days, weeks, or even longer). The intention is to make the migration seamless for users and enable them to use IM regardless of whether they or their contacts have been migrated. There are many reasons for doing it this way, including deployment of a pilot population, the time involved to install client computers, and the learning curve needed for help desk and support teams as they are trained on the new software. The migration process is more or less identical to that described earlier in the two immediate migration scenarios. Organizations just carry out the process over a longer period of time. Gradual Migration without Importing Users Contacts and Permissions As with the previous example, medium and large organizations with a significant base of Exchange IM users may find that a gradual migration is a more prudent and realistic path. The transition should be, as in the previous example, seamless and with nearly no user interaction. This approach provides two main benefits. One, users won t see dual contact entries, as they would when both Exchange IM and Live Communications Server services are enabled during the transition period. Two, IT administrators can confirm that everyone can log on to Live Communications Server services before actually needing to do so. The concept behind this migration path is similar to the previous one; however, the contact lists are migrated after all users are enabled and migrated to Live Communications Server. After all the users are enabled for Live Communications Server, you need to verify that they can log on, and that their contact lists and permissions have been migrated and the Exchange IM services disabled. In cases where a user s contacts list is not properly migrated, the administrator can migrate it again, because a copy of the user s contact list is stored in the file server that was stored during the export process. 188 Chapter 8

Note: If you are looking for good and high quality web space to host and run your jsp application check Lunarwebhost jsp web hosting services

Keeping these differences in mind, we will split

Keeping these differences in mind, we will split the migration into four scenarios: . The section Immediate Migration without Importing Users Contacts and Permissions explains how to migrate all users in a single phase without migrating users contacts and permissions. . The section Immediate Migration with Importing Users Contacts and Permissions explains how to migrate all users in a single phase along with migrating users contacts and permissions . The section Gradual Migration Importing Users Contacts and Permissions explains how to gradually migrate users with their contacts and permissions. . The section Gradual Migration without Importing Users Contacts and Permissions explains how to gradually migrate users without their contacts and permissions until all users are deployed on LCS. Generally, small organizations make use of an immediate migration strategy over the weekend. Mid-size and large organizations will probably use a gradual migration strategy. Immediate Migration without Importing Users Contacts and Permissions An immediate migration has the advantage of moving all users to LCS at once. It is an aggressive path and has a minimal risk because the Exchange IM service is kept operational for a certain amount of time to allow users to switch back in case of unforeseen issues. With this approach, users have to migrate their contacts themselves. The period of time during which you have two IM environments could be very short. This approach consists of four steps: 1. Capacity planning 2. Deploying the Live Communications Server Client Microsoft Office Communicator 3. Homing users 4. Removing Exchange IM after a transition period Immediate Migration with Importing Users Contacts and Permissions This migration path is most achievable in small or mid-size organizations, and as noted earlier it can typically be done during a weekend or overnight. Although it is an aggressive migration path, it presents minimal risk because the Exchange IM service can, and should, be kept operational for a short period of time to resolve unforeseen issues. System administrators must help users automate the transfer of contact lists from Exchange IM to Live Communications Server. 187 Enterprise Implementation Lessons Learned

Note: If you are looking for good and high quality web space to host and run your jsp application check Lunarwebhost jsp web hosting services

Language LCID Hex. LCID Dec. Spanish 0C0A 3082

Schedule Based upon the requirements outlined in the previous section, the following table lists the schedule of tasks, with estimated hours required to support the deployment scenario. The estimated schedule numbers have been derived based on customer experience: Tasks Timeline Consulting Estimate Hours Identify existing IBM Sametime users and enable users within 80 hours 80 hours Active Directory for Live Communications Server service. Export existing IBM Sametime users buddy/contact lists. 40 hours 40 hours Import IBM Sametime users buddy/contact lists using Live 40 hours 40 hours Communications Server 2005 with Service Pack 1 Resource Kit (Sametime Migration Utility). Verify matching buddy/contact lists within each system 40 hours 40 hours (Sametime/LCS) Testing 40 hours 40 hours Total Estimated Hours 240 hours 240 hours Exchange IM Migration Exchange Instant Messaging, or Exchange IM, is one of the two predecessors to Microsoft Office Live Communications Server 2005 with SP1. Exchange IM is a unique solution within Microsoft Exchange Server 2000 and served as the original enterprise Instant Messaging platform with its client, Windows Messenger. The migration path is straightforward and you do not have to migrate users to LCS 2003 and from there to LCS 2005 with SP1. As there is no upgrade of Exchange IM to LCS 2005 SP1, you can deploy the new environment in parallel with the old one. We will assume that this has been done and tested prior to moving users from Exchange IM to LCS. Furthermore, we recommend you retain the Exchange IM infrastructure for a while after all users have been moved to the new server. The Exchange IM Service should be stopped to prevent islands of Exchange IM users without access to Live Communications Server users and vice versa. The entire Exchange IM migration is mostly a server-side solution using a set of scripts provided by Microsoft in the resource kit. Because we are talking about Exchange IM migration, we have to talk about different possible scenarios and their effect on the user. First, however, let s start by comparing the differences between Microsoft Office Communicator as the preferred client for Live Communications Server and Windows Messenger as the client for Exchange IM. Both clients can talk SIP, and both can talk to an LCS environment. Windows Messenger is a so-called multi-stack client that is able to talk to MSN/Hotmail contacts as well, provided that the firewall is configured to allow that. Communicator can t do that unless you configure your LCS to allow Public Internet Cloud (PIC) federation, which would enable communication with MSN, AOL, and Yahoo. Communicator saves all your contacts in a central database either on the Standard Edition Server (MSDE) or the Enterprise Edition Server (SQL). The Allow and Block lists reside there along with a few other settings. Windows Messenger uses the local registry to save this information. 186 Chapter 8

Note: If you are looking for good and high quality web space to host and run your jsp application check Lunarwebhost jsp web hosting services