Posted by Mino on July 7, 2009
Any Post starting with this disclaimer means that this post was not written by me however I have liked it and added to my blog. I am also including the link to the original or similar post to provide credit to the original author.
http://www.unifysquare.com/blog/post/Single-certificate-for-OCSExchange-firewall-usage.aspx
Internal certificates work wonders for your Active Directory Domain Services members. For Unified Communications, where OCS and Exchange are going to be using the same ISA 2006 server as the firewall, utilizing a Subject Alternative Name (SAN) certificate for your edge configuration and your ISA configuration can save you time, management hassles, and possibly provide cost savings as well. For internal servers, an internal PKI is just fine, but for the public interface of your system, you should most likely be looking at using a public-sourced key such as Go-Daddy, Thawte, DigiCert, etc. OCS Federation, remote users, and Public Instant Messaging Connectivity (PIC) demand public certificates.
The following table shows the SAN names needed on a certificate to support the base OCS and Exchange functions on ISA 2006 – and I imagine that this certificate construction will work just fine on many other firewalls as well. The table comes from my test domain; you should replace my test domain with your own domain name.
Obtain a public SAN (UCC) certificate from your favorite provider, import the certificate into your OCS Edge server and your ISA server computer account Trusted Root Certificate store and then you can use one certificate for all these uses. This approach leaves you with only the one certificate to manage and renew, or, if life treats you badly, move to a new server.
| |
SAN Name
|
Usage
|
Notes
|
|
1
|
SIP.domain.com
|
OCS Edge Server
|
IM, Presence, Federation, PIC
|
|
2
|
webconf.domain.com
|
OCS Edge Server
|
Web Conferencing
|
|
3
|
AV.domain.com
|
OCS Edge Server
|
A/V
|
|
4
|
revproxy.domain.com
|
ISA Reverse Proxy
|
Web Components
|
|
5
|
CWA.domain.com
|
ISA Web Listener
|
Communicator Web Access
|
|
6
|
DOWNLOAD.CWA.domain.com
|
ISA Web Listener
|
CNAME for CWA desktop sharing
|
|
7
|
AS.CWA.domain.com
|
ISA Web Listener
|
CNAME for CWA desktop sharing
|
|
8
|
MAIL.domain.com
|
ISA publisher
|
Outlook Anywhere, OWA, POP, IMAP
|
|
9
|
AUTODISCOVER.domain.com
|
ISA Web Listener
|
Autodiscover for outlook and OCS.
|
Posted in A/V Edge Server, Certificates, Communicator Web Access, Consolidated Edge, Edge Server, Good Articles take from Other Blogs, OCS & Exchange07, OCS 2007 R2 | Tagged: autodiscover, av, certificate, Communicator web access certificate, cwa, digicert certificate, download.cwa, Entrust certificate, Exchange 2007 Certificate, OCS 2007 CWA Certificate, OCS Edge Certificate, office communications server 2007 Certificate, revproxy, SAN Certificate, sip, Subject Alternative Name certificate, UC Certificate, UCC certificate, webconf | 6 Comments »
Posted by Mino on April 26, 2009
I have been into a deployment within the GULF countries where the language of the application is much more important than the application itself.
English is not commonly used and the localized language was requested even on the OCS level.
Microsoft Provides localized MUI (Multilingual User Interface ) for Both Communicator Client 2007 R2 and Communicator Web Access. However there is no MUI yet for the Communicator Phone Edition 
This MUI Package for Office Communicator 2007 R2 includes the following languages:
· Arabic
· Bulgarian
· Catalan
· Chinese – Simplified
· Chinese – Traditional
· Chinese Hong Kong
· Croatian
· Czech
· Danish
· Dutch
· English
· Estonian
· Finnish
· French
· German
· Greek
· Hebrew
· Hindi
· Hungarian
· Italian
· Japanese
· Korean
· Latvian
· Lithuanian
· Norwegian
· Polish
· Portuguese (Portugal)
· Portuguese (Brazil)
· Romanian
· Russian
· Serbian
· Slovak
· Slovenian
· Spanish
· Swedish
· Thai
· Turkish
· Ukrainian
Posted in Communicator Web Access, OCS 2007 R2, communicator client | Tagged: Multilingual User Interface Package, Office communicator 2007 R2, Office Communicator in Arabic, User Interface Package | Leave a Comment »
Posted by Mino on March 27, 2009
Apparently there is a bug with CWA and Windows 2008 where the Service Principal Name (SPN) isn’t created for the FQDN of your CWA site. The result is the following error when you attempt to sign in with integrated Windows authentication
Cannot sign in because your computer clock is not set correctly or your
account is invalid (error code: 0-1-492)
The Windows authentication site will fail with the error if your site is running on Windows 2008 Server
HOW TO FIX IT:
· You need to add an SPN matching the FQDN of your internal site (cwa.contoso.com) to the user account you assigned in AD for CWA.
· Open ADSIEDIT and navigate to the OU where your CWA service account is stored.
· Locate the CWA service account (mine is called ‘CWAService’) and right-click then choose Properties.
· Turn on the checkbox to ‘Show only attributes that have values’ and scroll down to an entry called ’servicePrincipalName’.
· Click the Edit button.
· Type in the SPN using the following format (http/). For example, if your site is called “cwa.contoso.com” then type in “http/cwa.contoso.com”.
NOTE: Do NOT type http://.
· Click OK and you’re done!
Thanks to the following blogs :
http://jasonshave.blogspot.com/2009/01/communcator-web-access-error-0-1-492.html
http://www.confusedamused.com/notebook/cwa-2007-r2-login-fails/
Posted in Communicator Web Access, Good Articles take from Other Blogs, OCS 2007 R2 | Tagged: error 0-1-492, Communcator Web Access R2, Cannot sign in because your computer clock is not set correctly or your, CWA on Windows 2008, Service Principal Name, SPN, integrated Windows authentication, ADSIEDIT, CWAService, http/ | 7 Comments »
