Microsoft Office Communications Server 2007 图文部署指南

Microsoft Office Communications Server 2007  图文部署指南

Assumed Pre-Existing Environment

 

image

This will be the first part of many in showing the steps necessary for standing up an OCS 2007 server. In the examples that follow the internal domain name is ptown.com and the SIP domain, or my external facing address will be confusedamused.com

tap-dc-2k3.ptown.com

  • Domain Controller for ptown.com
  • DNS Server for ptown.com
  • Certificate Authority named P-Town Certificate Authority
  • Domain in 2003 Native Mode
  • IP Configuration: 192.168.0.10 / 24
  • Gateway: 192.168.0.1
  • DNS: 127.0.0.1

tap-ocs-2k7.ptown.com

  • Blank Windows 2003 Server joined to the ptown.com domain
  • IIS Installed with ASP.net enabled
  • Adminpak.exe installed
  • IP Configuration: 192.168.0.20 / 24
  • Gateway: 192.168.0.1
  • DNS: 192.168.0.10

Schema Preparation

On tap-ocs-2k7.ptown.com run the setup.exe application to start the installation. You’ll see a message that the Visual C++ 2005 redistributable must be installed. Click Yes.

clip_image002[6]

On the main setup screen click Deploy Standard Edition Server.

clip_image004[6]

Now click Prepare Active Directory.

clip_image006[6]

Press the Run button under Prep Schema.

clip_image008[6]

The Schema Preparation Wizard starts. Click Next.

clip_image010[6]

Assuming the installation media has not been modified, the schema files should be in the same directory as setup so press Next.

clip_image012[6]

Press Next again to start the schema preparation.

clip_image014[6]

A success dialog will appear when it finishes. Check the box to view the log if desired, but press Finish to continue.

clip_image016[6]

At this point you should wait and then verify the schema has replicated to all domain controllers in the forest before continuing.

Forest Preparation

Press the Run button under Prep Forest.

The Forest Preparation Wizard starts. Press Next.

clip_image018[6]

Leave the default selection of System container in the root domain and press Next.

clip_image020[6]

Select forest root domain, ptown.com in the drop down and press Next.

clip_image022[6]

Select the external SIP domain, confusedamused.com, for default routing and press Next.

clip_image024[6]

Confirm the forest preparation settings and press Next.

clip_image026[6]

A success dialog will appear when it finishes. Check the box to view the log if desired, but press Finish to continue.

clip_image028[6]

Again, wait for the changes to be replicated to the entire forest before continuing.

Domain Preparation

Press the Run button under Prep Domain.

The Domain Preparation Wizard starts. Press Next.

clip_image030[6]

Press Next to acknowledge the warning about group creation.

clip_image032[6]

Confirm the domain preparation settings and press Next.
clip_image034[6]

A success dialog will appear when it finishes. Check the box to view the log if desired, but press Finish to continue.

clip_image036[6]

This time wait for the changes to be replicated to the entire domain OCS is being deployed within. Run the domain preparation wizard for any other domains hosting OCS.

At this point OCS admin rights can be delegated to users and groups. This can also be accomplished later by running the wizard again. Press the Deploy Standard Edition link at the top to go back and deploy the Standard Edition Server.

Deploy Server

Click the Run button under Deploy Server to start the installation process.

The Deploy Server Wizard starts. Press Next.

clip_image038[6]

Accept the license terms and press Next.

clip_image040[6]

Choose an installation location and press Next.

clip_image042[6]

Enter a password for the RTCService account and press Next.

clip_image044[6]

Enter a password for the RTCComponent account and press Next.

clip_image046[6]

Accept the default blank external web farm FQDN’s for now. The external address will adjusted later. Press Next.

clip_image048[6]

Select a location for the database and transaction logs. Ideally, these should be on separate disk controllers. Press Next.

clip_image050[6]

Review the configuration settings and press Next to start the installation.

clip_image052[6]

A success dialog will appear when it finishes. Check the box to view the log if desired, but press Finish to continue.

clip_image054[6]

Configure Server

The Deploy Server section should now have a green checkmark next to it. Click the Run button under Configure Server to continue.

clip_image056[6]

The Configure Pool/Server Wizard should start. Press Next to continue.

clip_image058[6]

Press Next to accept the only server installed so far, tap-ocs-2k7.ptown.com.

clip_image060[6]

The SIP domain was already entered earlier, but additional SIP domains can be added here. Press Next to continue.

clip_image062[6]

Choose the option Some or all clients will use DNS SRV records for automatic logon and check the box Use this server or pool to authenticate and redirect automatic client logon requests. Press Next.

clip_image064[6]

Choose the SIP domain for automatic logon, confusedamused.com and press Next.

clip_image066[6]

Select Do not configure for external access now and press Next.

clip_image068[6]

Review the configuration settings and press Next to begin the configuration.

clip_image070[6]

A success dialog will appear when it finishes. Check the box to view the log if desired, but press Finish to continue.

clip_image072[6]

That concludes Part 1 of this series. Not very interesting yet, or hard to screw up either. The other parts should be much more interesting.

Configure Internal Certificate

The Configure Server section should now have a green checkmark next to it. Click the Run button under Configure Certificate to continue.

clip_image002

The Configure Certificate Wizard should start. Press Next to continue.

clip_image004

Choose Create a new certificate and press Next.

clip_image006

Choose Send the request immediately to an online certification authority and press Next.

clip_image008

Give the certificate a meaningful friendly name, uncheck Mark cert as exportable and press Next. We shouldn’t ever need to export the certificate from the front-end server.

clip_image010

Fill in organization and organization unit names and press Next.

clip_image012

Leave the subject name as the fully qualified name of the internal OCS machine, tap-ocs-2k7.ptown.com. In the subject alternate name (SAN) box enter tap-ocs-2k7.ptown.com,sip.confusedamused.com. Press Next.

cert1

Note: The reason the first SAN listed must be the same as the subject name is because of how ISA 2006 handles the reverse proxy. If we only left sip.confusedamused.com as the sole SAN entry everything would work fine internally, but we’d run into problems with the reverse proxy later. Since we’ll later tell ISA the internal site name is tap-ocs-2k7.ptown.com, but when it connects it tries to match the subject name to the first SAN listed. When it doesn’t line up ISA throws an Error 500 – Service Principal Name Incorrect. Doing the certificate this way now removes some unnecessary work later. You can read some more about this ISA issue here.

Enter a state and province and press Next.

clip_image016

The certificate authority, tap-dc-2k3.ptown.com\P-Town Certificate Authority, should already be detected. Press Next.

clip_image018

Review the certificate information and press Next to generate the certificate.

cert2

The success message should appear. Press the Assign button to use the certificate just created for OCS services.

clip_image022

A message indicating the certificate was applied should appear. Press OK.

clip_image024

Click Finish to close the certificate wizard.

Assign Web Components Certificate

Open IIS Manager, expand the Web Sites folder, right-click on the Default Web Site and choose Properties.

clip_image002[5]

Click on the Directory Security tab.

clip_image004[5]

Click the Server Certificate button to start the Web Server Certificate Wizard.

Press Next to start the process.

clip_image006[5]

Choose Assign an existing certificate and press Next.

clip_image008[5]

Select the certificate that was issued to tap-ocs-2k7.ptown.com and press Next.

cert3

Leave the default SSL port of 443 and press Next.

clip_image012[5]

Review the certificate summary and press Next.

clip_image014[5]

A success message appears. Click Finish to close the wizard.

clip_image016[5]

Warning: The service accounts RTCService and RTCComponentService do not have have the Password Never Expires option selected by default. Unless you want those account passwords to be changed with the default domain policy I would recommend going into Active Directory Users & Computers and making sure those passwords don’t expire. If they do expire your OCS services won’t start.

Start Services

At this point the OCS services can started. Flip back to the OCS installer and click the Run button under Start Services.

clip_image002[7]

The Start ServicesWizard should open. Press Next to continue.

clip_image004[7]

Press Next again to start the list of services found.

clip_image006[7]

A success dialog will appear when it finishes. Check the box to view the log if desired, but press Finish to continue.

clip_image008[7]

At this point, OCS is up and running, but will not pass many of the validation tests. Exit the installer completely. I’ll cover the DNS configuration in the next part of this series.

This should be a short post, we’ll just be finishing up the installation so you can start some OCS 2007 testing internally. I purposely chose a different internal and external domain like many companies will do so that you can see how you have to use a “split-brain” DNS model. The split part simply means that you need to have a zone defined internally that matches your externalSIP domain, which is also likely to be your e-mail domain.

Configure Internal DNS

Open the DNS management tool and expand the Forward Lookup Zones folder.

clip_image002

In the file menu choose Action and then New Zone.

clip_image004

The New ZoneWizard should open. Press Next to continue.

clip_image006

Choose Primary zone and check the box Store the zone in Active Directory. Press Next.

clip_image008

Choose To all DNS servers in the Active Directory forest ptown.com and press Next.

clip_image010

Enter the external domain name, confusedamused.com and press Next.

clip_image012

Choose Allow only secure dynamic updates and press Next.

clip_image014

Press Finish to complete the wizard.

clip_image016

Now click once on the new zone, confusedamused.com, then in the file menu choose Action and then New Host (A).

clip_image018

Enter sip as the hostname, verify that sip.confusedamused.com is the fully qualified domain name (FQDN), enter the IP address of the OCS box, 192.168.0.20, and check the box Create associated (PTR) record. Press Add Host.

clip_image020

Press OK and then Done to exit.

clip_image022

In the file menu click the Action item and choose Other New Records.

clip_image028

Choose Service Location (SRV) and press Create Record.

clip_image030

Enter the service as _sipinternaltls, change the port number to 5061 and enter sip.confusedamused.com as the host offering the service. Leave the defaults for everything else and press OK.

clip_image032

A record for _sipinternaltls should now exist, pointing to sip.confusedamused.com. Close the DNS management console.

clip_image034

The only thing left to do at this point is enable some users to actually sign-in to OCS.

Enable User Accounts

Open the Active Directory Users & Computers snap-in and locate an OU with users.

clip_image002[5]

Select the user accounts and right-click, then choose Enable users for Communications Server.

clip_image004[5]

Note: These options won’t actually be present in ADUC unless you’re using a server that has the OCS 2007 console installed. You might want to install the admin console on any machine you’re planning on managing OCS users from.

The Enable Office Communications Server Users Wizard opens. Press Next.

clip_image006[5]

Select to assign users to the tap-ocs-2k7.ptown.com pool.

clip_image008[5]

Select a format for the user SIP URIs. The firstname.lastname@confusedamused.com format is a good choice. If Exchange is installed in your organization you would probably choose the Use user’s e-mail address option for consistency.

clip_image010[5]

The wizard should succeed and generate the SIP URIs. Press Finish.

clip_image012[5]

Now just install Office Communicator on a client PC and try to sign-in.

Note: If you’re on a domain machine logged in with the account you’re trying to access in OCS all you should need to enter is your SIP URI.  If you’re accessing a different account you’ll be prompted for your domain credentials. You can enter them in either format, but remember it’s your internal domain URI in this case. So for example, if you’re logged on to a PC as Roger Daltrey, but you enter mick.jagger@confusedamused.com as your SIP URI you’ll be prompted for your username and password. You could enter the username as either PTOWN\mick.jagger or mick.jagger@ptown.com. I’d recommend the former because giving users two different URIs is likely to be confusing unless your internal and external domain names are the same.

From:http://www.confusedamused.com/notebook/ocs-2007-installation-part-1/

***********************************************************************前言:

微软在前不久正式发布了LCS 2005的下一个新版本:Office Communicators Server 2007。相对之前版本,OCS在优化性能的同时新增了很多功能,集成了Live Meeting 2007

OCS两种版本:

Standard Edition 适用于小型组织。在不需要 Enterprise Edition 性能、可伸缩性和高可用性的组织中,也建议使用 Standard Edition

Enterprise Edition 适用于大型组织常用的大型部署。企业版池是使用一个中央 SQL Server 数据库的 Enterprise Edition Server 的集合。在 Enterprise Edition 部署中,多个 Office Communications Server Enterprise Edition 服务器通常作为池部署在负载平衡器后面。池中的服务器共享存储用户数据的中央 Microsoft SQL Server™ 数据库。

Office Communications Server Enterprise Edition 包括几个服务器角色:

• 前端服务器,用于存放即时消息、状态、电话、会议服务器,以及所有必需的用户服务操作。

Web 会议服务器,用于启用内部会议。

• 音频/视频会议服务器,允许用户共享音频和视频流。

Web 组件服务器,允许用户执行以下操作:

Web 会议访问会议演示文稿和其他内容。

下载通讯簿服务器文件来为 Communicator 提供全局地址列表信息。

扩展通讯组中的成员身份和 Web 会议服务器使用的其他数据。

•边缘服务器:相对于LCS的代理服务器

Office Communications Server 企业版池配置

·在扩展配置中,前面所述的每个服务器角色(前端服务器、Web 组件服务器、Web 会议服务器和音频/视频会议服务器)都安装在各自专用的计算机上。扩展配置最适用于重视高可用性和最大性能吞吐量的组织。这种配置的优点在于可伸缩性和高可用性,但在池的管理和部署中,也增大了复杂性。

·Enterprise Edition 也支持在合并配置中进行部署;所有服务器角色都一起安装在池中每一个 Enterprise Edition Server 上。这种配置简化了部署和管理。合并配置在保持高可用性的同时减少了所需服务器的数目,因此,对于需要以最少部署成本实现高可用性的大中型组织,适合采用这种配置。但是,这些优点都以每个服务器的性能吞吐量减少为代价。

部署OCS前提条件:

·AD环境 IIS  消息队列 CA证书服务器

· 后端数据库必需为SQL Server 2000+SP4SQL Server 2005+SP1以上版本。

部署OCS 2007

测试环境为两台虚机:

PC1FQDN: OCS.kk.com

SQL Server 2005 企业版+SP2+IIS

Pc2: FQDN:DC.kk.com

DC+IIS+证书服务(CA)

步骤一:准备活动目录

点击开始运行 运行DCPROMO命令

开始AD安装向导















配置DNS转发,使客户端可以自动升级

OCS 2007服务器加入到域

步骤二:安装SQL Server 2005+SP2

 





安装如下角色,别的也可以装,但是没什么用






安装SQL 2005 SP2




 

步骤三:为OCS企业版准备环境

首先要创建DNS信息

打开dnsmgmt.msc,为OCS企业池创建一条相关A记录:kkpool.kk.com

配置信息如下:(为了方便我们选择不使用TLS方式让客户端登录)

服务:_sipinternal

协议:_tcp

端口号: 5060

主机:kkpool.kk.com


安装组件:(IIS,消息队列)


安装证书服务:





提升域功能级别和林功能级别到WIN 2003纯模式



步骤四:安装OCS 2007

放进OCS 2007安装盘开始安装OCS 2007










第二步:准备林架构






第三步:准备域架构



步骤4.2创建企业版池

至此,完成对基础架构的整合,接下来我们来配置企业版池:










步骤4.3部署消息存档服务器

接下来我们需要安装消息存档服务器
















步骤4.4配置企业版池

下面我们来配置企业版池:










步骤4.5添加服务器到企业版池中

下面我们要把服务器添加到池:









步骤4.6OCS配置证书

下面我们来配置OCS 2007所需的证书:








 

点击下一步完成证书申请

接下来我们来为IIS配置所需的证书


注意:应分配企业版池的证书

步骤4.7启动服务

之后我们需要启动服务:



步骤五:配置OCS 2007

下面我们来一起配置OCS 2007 首先我们要实现TCP方式的登录:




使用TCP方式优势主要在于不用给每台客户端安装证书,如果网络内不加入域的计算机很多推荐使用TCP方式登录,缺点在于有可能通过嗅探等方式截获聊天数据。

From:http://www.cnblogs.com/kksip/archive/2008/01/08/1030700.html

发表评论