Monday, November 9, 2009
MS09-056 may stop OCS services
Event ID: 12299
Description:The service is shutting down due to an internal error.
Error Code: C3E93C23 (SIPPROXY_E_INVALID_INSTALLATION_DATA)Cause: Check the previous entries in the event log for the failure reason.Resolution:Check the previous event log entries and resolve them. Restart the server. If the problem persists contact Product Support Services.
and the following one as well:
Event ID: 12290
Description:The evaluation period for Microsoft Office Communications Server 2007 R2 has expired. Please upgrade from the evaluation version to the full released version of the product.
---------------------------------------------------------
That was funny! I was sure that I am using licensed copy of the product, so what is the problem.
I found the KB974571, which state clearly the following:
"Services that are required by Communications Server are not started after you install this update and then restart a computer that is running any of the following versions of Communications Server:
Live Communications Server 2005 (LCS)
Live Communications Server 2005 SP1
Office Communications Server 2007 Enterprise edition (OCS)
Office Communications Server 2007 Standard edition
Office Communications Server 2007 R2 Enterprise edition
Office Communications Server 2007 R2 Standard edition
Office Communicator 2007 Evaluation version only*
Office Communicator 2007 R2 Evaluation version only*
Office Communicator 2005 Evaluation version only*"
MS had released a HotFix to resolve this issue.
after running the fix, the service start normally.
Tuesday, September 1, 2009
Certificate issue (Private key not installed)
Recently , I was working on OCS certificate issue. The issue in summary, is that I have requested a certificate for the OCS edge server as well as the Reverse proxy server (ISA 2006), the certificate holds multiple SANs in order to utilize it in both the OCS edge server for the Edge and the web conference roles, and also the Reverse proxy to allow downloading meeting contends and the address list.
Anyway, I have received the certificate, I import it on the ISA server and once I tried to select it on the web listener I get the error: Private Key not installed.
There is a very similar scenario in the exchange team blog ,the missing thing is that I should import the received certificate first on the machine that generate the request to get the private key pairs.
In my case I was requesting the certificate on the Edge server. So, we need to first import the certificate on the edge server to get the certificate working properly with its private key, and then export it to be installed on the ISA server.
So let's go to the edge server
Click the certificate link on the right pane to launch the certificate wizard, click next
Then we have to choose process an offline certificate……
Then browse to the path of the certificate file that has been downloaded from the 3rd party CA, and finish.
Assigning the certificate
Let's access the certificate wizard, but this time we shall choose Assign an existing certificate
On the Available Certificate screen choose the imported certificate and click Next
On the next screen, I shall choose two options
I choose to assign the certificate for both the access edge and web conference, because I had already requested a certificate with multiple SANs that include them.
And Next then Finish.
Now to export the certificate we should run new MMC, from the file menu choose Add/remove snap-ins
Then add, and choose Certificates, and
make sure to choose computer account, and click Next
Then click finish.
From the certificate console, go to the certificate folder under personal, you should find the imported certificate there, right click it and choose export from all tasks.
Click Next on the Welcome to the certificate export wizard
Make sure to choose the first option on the next dialog and click Next
And ensure to choose enable strong protection and click Next
On the next window, set a password and click Next.
Then specify a name for the file and location.
And finally finish.
We can use the same way now to import it on the ISA server, from the certificate console we shall right click certificate and choose Import from all tasks
Click Next on the welcome screen,
Specify the path of the file on next screen and click Next,
Specify the password for the file and click Next,
Make sure you choose the second option on the Certificate store screen, and click Next
And then finish.
Now back to the ISA console, trying to select the imported certificate on the web listener is successful
You can notice that the private key is correctly installed.
Moreover testing the rule is giving successful completion.
To verify access through the Reverse Proxy:
Open a Web browser, type the URLs in the Address bar that are used by clients to access the
Address Book files, Live Meeting content and Distribution Group expansion where
https://externalwebfarmFQDN is the external FQDN of the reverse proxy server.
• For Address Book Server type https://externalWebFarmFQDN/abs/ext User should
receive an HTTP challenge.
• For Web conferencing, type https://externalWebFarmFQDN/conf/ext/Tshoot.html
This URL should display the troubleshooting page for Web conferencing.
• For group expansion type
https://externalWebFarmFQDN/GroupExpansion/ext/service.asmx User should receive an HTTP challenge.
Tuesday, July 28, 2009
How to update Tanjay polycom (1.0.522.34)
Symptoms:
OCS 2007 R2 Enterprise edition deployed over windows 2008, everything is working fine. Updating polycom CX700 device that came with an old version (1.0.522.34) to R2 phone edition fail with no errors!
The IIS 7 log is giving the 200 success entry, which indicates everything is fine.
And the imageupdate log on the OCS server (under Logs\Server\Audit\imageUpdates) is not giving any errors, showing that the device is requesting the correct URL.
In our situation, the device should be updated in two phases. It should be updated first to the Interim version (1.0.522.103), then updated to the latest version which is (3.5.6907.31) at the time of writing this article.
Troubleshooting:
In order to make sure that your device is capable of accessing the new updates, you should be able to browse the internal URL for the updates: http://Pool_FQDN/DeviceUpdateFiles_Int/UCPhone/Polycom/CX700/A/ENU/3.5.6907.31/CPE/CPE.nbt
You should be prompted with a dialog to save the file. In my case I was getting a blank page! , there were no errors and the IIS log is showing the same 200 success entry!
That was really odd.
While I am trying to figure out this issue I came across the Microsoft Office Communicator 2007 R2 Phone Edition Release Notes which are very useful. I notice that I have some missed WMI settings, those where ExternalUpdatesDownloadURL and ExternalUpdatesStoreURL.
I edited those settings as the MS notes recommended (at the end of the notes), but that does not solve my problem.
I realized that my problem is much related to IIS, in other words, the IIS is not giving the correct information. So I start searching about IIS7 errors on the MS TechNet, I noticed that my IIS is missing some component, that was HTTP Errors (a role service under IIS role).I installed this service. Then I tried to access the internal URL, and I get the error 500.19…. This one has been solved clearly by this MS KB942055
After that I do manual restart my polycom cx700 device, and get updated successfully to the interim version then to the (3.5.6907.31) version.
Lack of Documentation:
Well the problem has been sorted out, but! I really wonder if I had missed to install this role service by mistake or because of any other reason.
Back to the MS documentation that has been released for the R2 edition, I had double checked the document OCS 2007 R2 Deploying Enterprise Edition; I foxed on Configuring IIS 7.0 on Windows Server 2008, the requirements there are not including the HTTP Errors feature. It's very obvious that OCS 2007 R2 installation well run smoothly without this feature, but at least adding a Note to the document recommending this feature for troubleshooting purposes will save a lot of time.
For me, I waste a lot of time troubleshooting this issue till sorted out, and I shouldn't if that feature was recommended by the document.