How to import certificate in trusted root certification authorities \ Local Computer “WorkGroup PCs” and “Non Domain”

Simply you have two Snapshots from this pass: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSFOT\SYSTEMCERTIFCATES\ROOT\CERTIFCATES

 Before and after import Certificate

And you will export the difference as the below snapshot

1-Open MMC.exe 

2- File /Add/remove Snap in

3-Select certificate   / Computer Account

4- Import certificate   at trusted Root certification Authorities

Check Regedit  

HKEY_LOCAL_MACHINE\SOFTWARE\MICROSFOT\SYSTEMCERTIFCATES\ROOT\CERTIFCATES

Now you can import certificate in trusted root certification authorities \ Local Computer without GUI interface Just One Press on the Certifcate.reg

Error 1053 the services did not respond to the start or control request in timey fashion

the error 1053 the services did not respond to the start or control request in timey fashion

the event ID 4001 or 7000 or 5001

Erorr 1053

windows cannot start the Microsoft exchange transport services on local computer

This Erorr happened After  Microsoft Exchange 2007  SP2

This problem occurs because the affected computer cannot reach the following Microsoft Web site:

http://crl.microsoft.com/pki/crl/products/CSPCA.crl

This problem occurs because of the following behavior:

• When the Microsoft .NET Framework 2.0 loads a managed assembly, the managed assembly calls the CryptoAPI function to verify the Authenticode signature on the assembly files to generate publisher evidence for the managed assembly.
• The CryptoAPI function checks a Certificate Revocation List (CRL) that is available at http://crl.microsoft.com. This action requires an Internet connection.
• If the Internet connection is blocked, the outgoing HTTP requests may be dropped. Therefore, an error message is not returned. This problem may also occur if the computer cannot resolve http://crl.microsoft.com. This long delay causes the CRL check to time out.
• The Service Control Manager (SCM) determines that the service is taking too long to start and that the service has exceeded the maximum service start time. Therefore, the SCM reports the error message, and the Exchange managed code services are not started.

For more Info : http://support.microsoft.com/kb/944752

__________________________________________________________

If you have no Internet Connection ,,, just add in hosts file the below

crl.microsoft.com 127.0.0.1

DAG “ Database availability groups ”

Database Availability Groups

 Database Availability Groups combine CCR and SCR functionality to provide a single solution for both scenarios.  What happens here is that you install a DAG member and it behind the scenes installs Failover Clustering making the High Availability deployment more intuitive for the administrator.  There was one scenario we ran into here where we had two source CCR Clusters wanting to replicate to the same target SCR Standby.  The problem here is that when you recover CMS on the SCR Standby, the replication fails with the other source CCR that was still working because the target SCR server can only ever have 1 CMS.  DAGs fix that issue.

allows Exchange administrators to have multiple copies of a database reside on multiple Exchange servers.

We Have One Datebase ” LinkDev” with Two

Copy  

“EXNODE1  - healthy”   “EXNODE2  – Mounted”exchange 2010

 

In the event of a failure, the Exchange admin can bring up that secondary live copy of the database on another already working Exchange server.

EXNODE2 ServicesDown  – - – -    EXNODE1 still Healthy for Moments 

 

 

 

 

 

 

 

 

 

 

  

 Then The EXNODE1 will be Mounted and Still EXNODE2 ServicesDown

 Then I repair EXNODE2 to be Healthy and Wait to Failover Clusters

 

“OCS R2 Cisco ” Caller ID/Name

The Mediation Server role of Microsoft Office Communications Server 2007 R2 does not forward the Display Name information that is associated with the calling party. This information should be forwarded from the gateway side to the proxy side or from the proxy side to the gateway side for an initial invitation.

To resolve this issue, apply the following update:

For more information, click the following article number to view the article in the Microsoft Knowledge Base:

970679   (http://support.microsoft.com/kb/970679/ ) Description of the update package for Office Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redist 64-bit: July 2009

Update 970679 introduces functionality for the Mediation Server role of Communications Server 2007 R2 to forward Display Name information that is part of the From header between its gateway side and its proxy side.

To make sure that the mediation server correctly operates together with private branch exchanges (PBXs), update 970679 adds a new Mediation Server configuration file setting for Communications Server 2007 R2. This configuration file setting is called forwardDisplayName, and it contains a value that is true or false.

Note This setting only controls whether the Display Name information is forwarded from the proxy side to the gateway side of the mediation server when this software update is applied. After this software update is applied, the Display Name information is always forwarded from the gateway side of the mediation server to the proxy side of the mediation server regardless of the forwardDisplayName configuration setting.

This configuration file is named “MediationServerSvc.exe.config.” You should put this file in the directory in which the mediation server is installed. To locate this directory, search for the Microsoft.RTC.MediationServerCore.dll file and note the directory in which it appears. Then, put the MediationServerSvc.exe.config file in the same directory.

Note By default, the mediation server is installed in the following directory:

c:\Program Files\Microsoft Office Communications Server 2007\Mediation Server

If the MediationServerSvc.exe.config file is set to forward the Display Name information from the proxy to the gateway side of the mediation server, the MediationServerSvc.exe.config file should have the following contents:

<?xml version="1.0" encoding="utf-8" ?>
<configuration>
                 <appSettings>
                                <add key="forwardDisplayName" value="True" />
                 </appSettings>
</configuration>

 

If the file does not exist, or if the file exists but does not have the forwardDisplayName setting, the setting is assumed to be false

So let’s look at how this is handled by OCS.

Below is a screenshot of incoming call into OCS, in this case the Callers extension is not in Active Directory

The name is shown in OCS  ” LinkDev-Cisco-User “   to show that the Callers Name has come from the PBX in this case a Cisco Call Manager rather than from Active Directory

 

 

 

 

 

 

 

 

The final part is an OCS User calling a PBX Phone, this functionality is not enabled by default and requires a changed on the Mediation Servers.

The screenshot below is the Cisco IP Communicator; the Phone Number is not known to the PBX and as such would result in just the Callers Phone Number being displayed prior to the July Update. 

 

Lookup or Channnel Services at Group Chat OCS R2 Stop

1. Verify the certificate assigned to the group chat server it should have both Server and Client Authentication. If you have only server authentication, sign in to admin console will fail with above error.

2. Above service accounts must be part of RTCUniversalServerAdmins group and also Administrators group of the group chat server. Also add the user name (admin account) with which you are going to sign in to group chat.

3. Enable the admin account along with the above five service accounts for SIP communication on OCS 2007 server R2. Configure them for Federation,PIC,Remote User Access and Enhanced presence.

4. From SQL server management studio ->Security->Logins, Make sure all the above service accounts and admin account, are there. Then here Login properties, General-> default database for each of the account should be “GCDB”, Under user mapping->check db_owner for all the service accounts.

5. Under GC admin sign in console->Edit Accounts Settings->Automatic
Configuration->Uncheck “Use my Windows credentials to log in automatically” , then under Office communications Server leave Host “blank”, select encrypted radio button, under Group Chat Server Settings leave Use default server address box
unchecked and server address as “OCSchat service account uri”

6. C:\Documents and Settings\All Users\Application
Data\Microsoft\Crypto\RSA\MachineKeys re-add the Lookup Service account and the Channel Service account and give them full control to this folder and re-apply full control to all the files in it and try to restart the services.

IF YOU DID AND TEST ALL OF IT AND NOT WORKING

 

1- Remove the Group Chat Server  Role

2- Keep the Database checkbox

3- Reinstall Group Chat Server  Role Again

It will working   ,,,,,,,, GOOD LUCK

What ports do I need? Group Chat Server OCS R2

What ports do I need?

Server	Port	Protocol	Notes
Group Chat Server	443	HTTPS	Used for secure file transfer with the Group Chat Web service.
Group Chat Server	8010	TLS	Used for peer server synchronization/WCF ports for the Lookup Server.
Group Chat Server	8011	TLS	Used for peer server synchronization/WCF ports for the Channel Server.
Group Chat Server	5041	MTLS	Used for listening port for the Channel service.
Group Chat Server	5061	MTLS	Used to communicate to internal servers using SIP/TLS.

OCS 2007 R2 Group Chat Lookup Service fails to start

OCS 2007 R2 Group Chat Lookup Service fails to start

 Office Communications Server Group Chat Lookup Service fails to start and you see the following Event in the Event Viewer: Event Type: Error Event Source: OCS MGC Event Category: (1098) Event ID: 6381 Date: DATE Time: TIME User: N/A Computer: SERVERNAME Description: An error MGCLOOKU is stopping due to an unhandled exception has occurred due to an unhandled exception The certificate ‘CN=gcf.domain.com’ must have a private key that is capable of key exchange. The process must have access rights for the private key… Reset the permissions so the Lookup Service and Channel Service have full control to the C:\documents and settings\all users\application data\microsoft\crypto\RSA\MachineKeys folder and the files in the folder and restart the service

Group Chat Stop both the channel and the lookup servers

 

You can make these AD DS group modifications so that the Group Chat Server installation wizard can run successfully. These modifications bypass the error message that the Group Chat Server installation wizard returns, and then you can use the installation wizard to successfully install the Group Chat Server.

To do this, follow these steps:

1. On the computer where the Group Chat Server installation failed, locate the following folder:
   %appdata%\Microsoft\GroupChat\Server Config Tool\Logs

   Use Notepad to open the ServerConfigTool.log file that is in this folder.

2. Search for the following phrase in the ServerConfigTool.log file:
   RTCComponentUniversalServices

   Note Next to this phrase in the log file there is a global catalog component. Note the domain in which this global catalog is hosted. The temporary groups must be created in this domain.

3. In the domain that you noted in step 2, create the following temporary universal security groups in the Users OU.
   • RTCComponentUniversalServices
   • RTCUniversalServerAdmins
   • RTCUniversalUserReadOnlyGroup
   • RTCUniversalServerReadOnlyGroup
   • RTCUniversalGlobalReadOnlyGroup
4. Make the RTCComponentUniversalServices group a member of the following three groups:
   • RTCUniversalUserReadOnlyGroup
   • RTCUniversalServerReadOnlyGroup
   • RTCUniversalGlobalReadOnlyGroup
5. Make the RTCComponentService group and the RTCService groups members of the RTCComponentUniversalServices group.Notes
   • Step 5 requires cross-domain nesting of groups. Therefore, all the domains that are involved must be at the same domain functional level. In this case, mixed mode cannot be used.
   • The RTCComponentService group and the RTCService group must be available in the domain where the OCS pool is installed. Also, notice that these groups were not created in step 3.
   • You create this membership structure to mirror the membership structure of the “real” RTCComponentUniversalServices.
6. Do one of the following, as appropriate for your situation:
   • If this server is the first server in the Group Chat Server pool, delete the Group Chat Server database that was used when the installation error occurred. Create a new database for the installation, and then go step 7.
   • If this server is not the first server in this installation (This means that you have a Group Chat Server pool, and this server is second or third server that you are installing into this pool), skip step 6, and go to step 7.
7. Log on to the server by using a domain admin account, and start the Group Chat Server installation. This domain admin must have domain admin credentials in the domain where the Group Chat Server is to be installed. Also, the account must have domain admin credentials in the domain where the temporary groups were created in step 3. Make sure that the domain admin account also has local administrative credentials. For example, an Enterprise domain administrator has administrative credentials in all domains in the enterprise. You can use this Enterprise account if it is necessary.
8. After the installation is successful, delete all the temporary groups that you created in step 3. Be careful not to delete the real RTC<SecurityGroupName> security groups. These original groups are created during the OCS installation and are in a domain that the OCS administrator chooses.
9. Create a new security group that is named RtcGroupChatServices in the domain where Group Chat Server is being deployed.
10. Add the service accounts to the RtcGroupChatServices security group.
11. Make RtcGroupChatServices an owner of the message queues for group chat. To do this, follow these steps:
    1. On the Communications Server 2007 R2 Group Chat server, right-click My Computer, and then click Manage.
    2. In the panel on the right side, click Services and Applications, right-click Message Queuing, and then click the Security tab.
    3. Add RtcGroupChatServices, and grant it Full Control permissions.
12. Stop both the channel and the lookup servers, and then restart them.

OCS R2 with Window Server 2008 64 bit R2

 

 Event ID 10005 “Product: Microsoft Office Communications Server 2007 R2, Core Components — Setup cannot continue because the operating system on this computer is not supported. Please install Microsoft Office Communications Server 2007 R2, Core Components on a computer that has one of the following operating systems: Windows Server 2008, Windows Vista SP1, or Windows Server 2003 SP2. The latest service packs for your operating system are also recommended.”

 1- You need to install the Desktop Experience Feature. 

2- the problem in the Windows media format runtime is required And the Run time The supported run-time environment for the deployment of a Unified Communications Managed API 2.0 Core SDK application is either of the following: The latest Microsoft Windows Server 2003 R2 (64-Bit Editions) service pack The latest Microsoft Windows Server 2008 (64-Bit Editions) service pack

http://msdn.microsoft.com/en-us/library/dd280145(office.13).aspx