Mino – The UC Guy

Microsoft Unified Communications Blog

Posts Tagged ‘Exchange UM voice mail’

How to Fix Exchange UM Certificate errors when Integrating with OCS 2007

Posted by Mino on May 19, 2009

Typically When Exchange 2007 is installed, it generates a self-issued certificate for use with IIS, SMTP, and SIP (if you’re using UM).  This certificate generally isn’t ideal for Outlook and OWA clients because it’s not trusted by any machines except for the Exchange server, and one of the first tasks to do is replace this certificate with one that is trusted by the user’s machines.

So typically you would request to buy a Public certificate for the Exchange and usually people don’t include the internal FQDN of the servers in this request.

On the Other Hand when you deploy the OCS 2007 you will require Certificate for each OCS server and this is required for securing the communication internally between OCS to OCS servers and OCS to Client. So you will deploy internal Enterprise CA in your domain to issue the certificates for the OCS , and since this is Enterprise CA so it will be published in the Active directory and it will be trusted by default for all internal domain user computers.

However when you try to integrate the OCS 2007 with the Exchange UM by this design , the first thing you will notice that the Voice mail is not accessible from the Communicator client  and it is giving you communicator error whenever you click on voice mail ,and you will find lots of Certificate event logs and OCS Protocol stack errors on both OCS front end and Exchange UM Server.

The reason behind that is because the Exchange UM server is still using the Exchange Self Signed certificate for its internal name and it is trying to communicate with the OCS using this certificate , and since the OCS doesn’t know anything about this issuer so it drops the connection.

To solve this problem we will have to replace the Exchange UM self signed certificate with one from the same CA that the OCS 2007 is using. To accomplish this task simply run the below command on the Exchange command shell.

New-ExchangeCertificate -GenerateRequest -Path c:\UMrequest.req -SubjectName “c=US, o=Contoso, cn=umsrv.mydomain.local” -DomainName mydomain.local  -PrivateKeyExportable $true

This will generate a request on the C: drive under the name of UMrequest.req  for the UM server internal FQDN umsrv.mydomain.local , open it with notepad and copy the content and then go to the PKI auto enrolment page https:\\pkisrv.mydomain.local\certsrv   to issue the certificate and save it locally .

Then we need to import the certificate to exchange and Enable it for UM service usage , my certificate is saved on the C: drive with the name of UMCertificate.cer

Import-ExchangeCertificate -Path c:\UMCertificate.cer

The last thing we will do is to enable this certificate for UM usage, first make sure to copy the Thumbprint of the certificate that you will see in the command shell then run the below command .

Enable-ExchangeCertificate -Thumbprint 5113ae0233a72fccb75b1d0198628675333d010e –Services UM

Restart UM service and restart OCS Front End Server and now you will get the UM working fine with the OCS and you will no longer see the protocol stack errors.

Posted in Certificates, Common Errors, communicator client, Front End Server, Mediation Server, OCS & Exchange07, OCS 2007 R2, Phone Edition, Unified Messaging | Tagged: , , , , , , , , , , | 3 Comments »

How to Integrate Exchange UM Voicemail into Cisco IP Phones

Posted by Mino on March 27, 2009

I am working with a client who is using Cisco CUCM with Cisco Phones, along with Microsoft Exchange 2007 voice mail on the UM , but when you divert the phone to voicemail you are not prompted with the users voicemail prompt – you are prompted with the Subscriber access greeting of “ Welcome , you are connected to Microsoft exchange ,…etc )

Usually when you call someone and there is no answer then you are transferred to the Pilot number, the extension of the person you are calling is sent also in the request so that you would be directly transferred to the users voice mail not to the Welcome greeting.

This Problem Happens when Diverted Calls are not accepted because both sides cannot agree on DTMF handling , the MTP is important, because it deals with differences in how DTMF is signaled between the phones and gateways and the sip trunk

Just make sure the following on the Cisco SIP trunk:

  1. Accept Out-of-Dialog REFER
  2. Accept unsolicited Notification
  3. Accept Replaces Header
  4. Have the SIP trunk configured to use MTP, once I’d configured MTP and MRG/MGRL

The changes detailed below are based on a new installation of Call Manager 5. As this environment been created for the purpose of testing the integration between platforms, it contains only minimum configuration. The required Changes are with:

·         Media Termination Point (MTP)

·         Changes to security profile

Media Termination Point: The Cisco Call Manager installation builds the default media termination point.

Media Resource Group: Create a media resource group “MRG_CCM5” and add the media resource (MTP) to the group. Multicast is not required.

Media Resource Group List: Create a media resource group list “MRGL_CCM5” and add the media resource group “MRG_CCM5” to the list.

Device Pools: By default Cisco Call Manager creates the “default” device pool. Open the device pool “default” and select the new media resource group list “MRGL_CCM5”.

SIP Trunk Security Profiles: Copy the “Non Secure SIP Trunk Profile” to “E2K7 Non Secure SIP Trunk Profile” and enable “Accept Unsolicited Notifications”.

Partition Configuration: Create a Class of Control Partition “Local”.

Calling Search Space: Create a Class of Control Calling Search Space “CCS_Local” and add the Partition “Local” to the calling search space.

Trunk Configuration:

Trunk Configuration

General

Setting

Device Name

E2K7

Description

Exchange UM

Device Pool

Default

Call Classification

Use System Default

Media Resource Group List

<None>

Location

Hub_None

AAR Group

<None>

Packet Capture Mode

None

Packet Capture Duration

0

Media Termination Point Required

Enabled

Retry Video Calls as Audio

Disabled

Transmit UTF-8 for Calling Party Name

Disabled

Unattended Port

Disabled

MLPP Domain Information

<None>

   

Trunk Configuration
Call Routing Information

Setting

Inbound Calls

Significant Digits

All

Connected Line ID Presentation

Default

Connected Name Presentation

Default

Calling Search Space

CCS_Local

ARR Calling Search Space

<None>

Prefix DN

<Blank>

Redirecting Diversion Header Delivery

Disabled

Outbound Calls

Calling Party Selection

First Redirect Number

Connected Line ID Presentation

Default

Connected Name Presentation

Default

Caller ID DN

<Blank>

Caller Name

<Blank>

Redirecting Diversion Header Delivery

Enabled

Trunk Configuration

SIP Information

Setting

Destination Address

<IP Address of E2K7 Server>

Destination Address is an SRV

Disabled

Destination Port

5060

MTP Preferred Originating Codec

711alaw

Presence Group

Standard Presence Group

SIP Trunk Security Profile

E2K7 Non Secure SIP Trunk Profile

Rerouting Calling Search Space

<None>

Out-of-Dialog Refer Calling Search Space

<None>

SUBSCRIBE Calling Search Space

Default

SIP Profile

Standard SIP Profile

DTMF Signalling Method

No Preference

Posted in Cisco 4.x Integration, Cisco 5.x Integration, Cisco 6.x Integration, Cisco 7.x Integration, Good Articles take from Other Blogs, OCS & Exchange07, Unified Messaging | Tagged: , , , , , , , , | 8 Comments »