Microsoft Office Communications Server2007R2
Small-to-Medium Business Deployment Walkthrough
Published: July 2009
Updated: April 2010
For the most up-to-date version of the Small-to-Medium Business Deployment Walkthrough documentation and the complete set of the Microsoft® Office Communications Server 2007 R2 online documentation, see the Office Communications Server TechNet Library at
Note: In order to find topics that are referenced by this document but not contained within it, search for the topic title in the TechNet library at
1
This document is provided “as-is”. Information and views expressed in this document, including URL and other Internet Web site references, may change without notice. You bear the risk of using it.
Some examples depicted herein are provided for illustration only and are fictitious. No real association or connection is intended or should be inferred.
This document does not provide you with any legal rights to any intellectual property in any Microsoft product. You may copy and use this document for your internal, reference purposes.
Copyright © 2010 Microsoft Corporation. All rights reserved.
Microsoft, Active Directory, Outlook, SQL Server, Visio, Visual C++, Windows, Windows Media, Windows PowerShell, Windows Server, and Windows Vista are trademarks of the Microsoft group of companies. All other trademarks are property of their respective owners.
1
Contents
Small-to-Medium Business Deployment Walkthrough
Walkthrough: Planning and Architecture
Walkthrough: Additional Roles and Services
Walkthrough: Hardware and Software Requirements
Walkthrough: Hardware Requirements
Walkthrough: Software Requirements
Walkthrough: Deployment Topology
Walkthrough: Deployment Process
Walkthrough: Deploying Standard Edition Server
Walkthrough: Verify Active Directory Infrastructure Requirements
Walkthrough: Prepare the Active Directory Domain Services (AD DS) Schema
Walkthrough: Prepare the schema of the current forest
Walkthrough: Manually verify schema preparation and replication
Walkthrough: Prepare the forest
Walkthrough: Prepare the domain
Walkthrough: Create and Verify DNS Records
Walkthrough: Prepare Windows for Setup
Walkthrough: Windows Server 2008 Windows Updates
Walkthrough: Windows Firewall
Walkthrough: Remote Administration
Walkthrough: Configure Internet Information Services (IIS) for Office Communications Server 2007 R2
Walkthrough: Install Message Queuing
Walkthrough: Install Active Directory Domain Service (AD DS) Tools
Walkthrough: Verify trusted root certificate installed
Walkthrough: Install and Activate Standard Edition Server
Walkthrough: Configure Standard Edition Server
Walkthrough: Configure Certificates
Walkthrough: Assign the certificate to the Web Components Server using IIS Manager
Walkthrough: Start services
Walkthrough: Validate Server Configuration
Walkthrough: Validate your Web Components Server configuration
Walkthrough: Validate the Web Conferencing Server configuration
Walkthrough: Validate your A/V Conferencing Server configuration
Walkthrough: Validate your Application Sharing Server configuration
Walkthrough: Validate your unified communications application configuration
Walkthrough: Create and Enable Users
Walkthrough: Create User Accounts
Walkthrough: Enable User Accounts
Walkthrough: Configure Users for Office Communications Server
Walkthrough: Deploying Communicator Web Access Server
Walkthrough: Verify Prerequisites for Communicator Web Access
Walkthrough: Configure Communicator Web Access DNS Records
Walkthrough: Create a host record for a Communications Web Access server
Walkthrough: Create canonical name records for a Communications Web Access server
Walkthrough: Configuring Internet Information Services (IIS) for Communicator Web Access
Walkthrough: Install Windows Process Activation Service on a Windows 2008 computer
Walkthrough: Install Internet Information Services (IIS) 7.0
Walkthrough: Preparing Certificates for Communicator Web Access
Walkthrough: Request a Web Server certificate from a Windows Server CA
Walkthrough: Verify installation of the Web Server certificate
Walkthrough: Install and Activate Communicator Web Access
Walkthrough: Install the Communicator Web Access files
Walkthrough: Activate Communicator Web Access
Walkthrough: Creating a Communicator Web Access Virtual Server
Walkthrough: Create the first virtual server
Walkthrough: Publishing Communicator Web Access URLs
Walkthrough: Publish Communicator Web Access URLs during deployment
Walkthrough: Deploying the Communicator Web Access Snap-in
Walkthrough: Using a Reverse Proxy to Enable Remote User Access
Walkthrough: Configuring Communicator Web Access
Walkthrough: Configure a next-hop server
Walkthrough: Deploying Edge Server
Walkthrough: The Deployment Process
Walkthrough: Configure a Reverse Proxy
Walkthrough: Configure Network Adapters
Walkthrough: Configure the network adapter cards on the reverse proxy computer
Walkthrough: Request and Configure a Certificate for Your Reverse HTTP Proxy
Walkthrough: Configure Web Publishing Rules
Walkthrough: Create a Web server publishing rule on the computer running ISA Server 2006
Walkthrough: Create and Verify a DNS Record
Walkthrough: Verify Access through the Reverse Proxy
Walkthrough: Set up Edge Server
Walkthrough: Install an Edge Server
Walkthrough: Activate an Edge Server
Walkthrough: Configure an Edge Server
Walkthrough: Setup Certificates for the Internal Interface
Configuring the Certificates on your Internal Interface
Prepare for Edge Server Internal Certificates
Walkthrough: Import the CA certification path for the internal interface
Walkthrough: Verify that your CA is in the list of trusted root CAs
Walkthrough: Create the certificate request for the internal interface
Walkthrough: Import the certificate for the internal interface
Walkthrough: Assign the certificate to the internal interface of the Edge Servers
Walkthrough: Configuring the Certificates on the External Interfaces
Walkthrough: Create the certificate request for the external interface of the Edge Server
Walkthrough: Submit a request to a public certification authority
Walkthrough: Import the certificate for the external interface of the Edge Server
Walkthrough: Assign the certificate for the external interface of the Edge Server
Walkthrough: Set up Certificates for A/V Authentication
Walkthrough: Set up A/V authentication certificates
Walkthrough: Create the A/V authentication certificate request for Edge Servers
Walkthrough: Import the A/V authentication certificate on the first Edge Server
Walkthrough: Assign the A/V authentication certificate on the Edge Server
Walkthrough: Start services (Set up for A/V Authentication)
Walkthrough: Post-Deployment Configuration
Walkthrough: Connect your internal server with your Edge Servers
Walkthrough: Validate your Edge Server configuration
Walkthrough: Meeting Policy
Walkthrough: Configure the meeting policy for a specific user account
Walkthrough: Desktop Sharing
Walkthrough: Configuring Desktop Sharing
Walkthrough: Configure desktop sharing
Walkthrough: Enabling distribution group support
Walkthrough: Enable distribution group support
1
Small-to-Medium Business Deployment Walkthrough
Microsoft Office Communications Server 2007 R2 offers many features that are attractive to business users. Instant messaging (IM) with presence, Web Conferencing, and federation with business partners help users to efficiently conduct meetings without needing a formal conference facility. Edge services enable telecommuting by providing remote users, including business partners, access to meetings, messaging, and presence information.
This walkthrough explains how to deploy Office Communications Server 2007 R2 for an organization that has fewer than 5000 users. This document is targeted at IT professionals who have experience working with Microsoft server technologies, networking technologies, and complex Active Directory topologies.
The deployment described in this paper includes IM, presence, audio/video (A/V) conferencing, and Web conferencing. We assume that this deployment is not mission-critical, and so backup and failover are beyond the scope of the paper. For details about deploying Office Communications Server 2007 R2 Enterprise Voice and integrating Exchange 2007 Unified Messaging, see the Office Communications Server 2007 R2 Enterprise Voice Deployment Guide documentation and Integration with Exchange Server Unified Messaging in the Planning and Architecture documentation.
For the complete set of the Microsoft Office Communications Server 2007 R2 documentation, see the Office Communications Server TechNet Library at
In This Document
Walkthrough: Planning and Architecture
Walkthrough: Hardware and Software Requirements
Walkthrough: Deployment Topology
Walkthrough: Deployment Process
Walkthrough: Deploying Standard Edition Server
Walkthrough: Deploying Communicator Web Access Server
Walkthrough: Deploying Edge Server
Walkthrough: Set up Edge Server
Walkthrough: Post-Deployment Configuration
Walkthrough: Planning and Architecture
The Planning and Architecture documentation covers in detail the many decisions organizations must make when planning a deployment. For organizations with fewer than 5000 users who intend to deploy only instant messaging (IM), presence, A/V conferencing, and Web conferencing, a deployment that contains a single Standard Edition server with a single Edge Server is normally sufficient. If you intend to use a Web-based client instead of deploying Microsoft Office Communicator 2007 R2 to all your users, you also need to deploy Communicator Web Access and a reverse proxy. Figure 1 shows the reference topology that we use in this walkthrough.
Figure 1. Deployment architecture
In this deployment, the Standard Edition server supports IM, presence, A/V conferencing and Web conferencing. The Edge Server provides remote user access, federation, and conferencing with anonymous users. Communicator Web Access provides a browser-based client that extends IM and presence information to internal and external users, including users who are running operating systems other than Microsoft Windows.
Walkthrough: Additional Roles and Services
You need additional roles and services to complete the Office Communications Server 2007 R2 deployment. For a complete list of components required for deployment, see Determining Your Infrastructure Requirements in the Planning and Architecture documentation.
Active Directory Domain Services. In this walkthrough, we assume a single Active Directory forest with a single domain. We also assume that the forest and domain are controlled by the Windows Server 2008 operating system. The final assumption is that the domain controller hosts a certification authority (CA) and a Domain Name System (DNS) service. Additionally, Active Directory Domain Administrator tools are installed during deployment.
Certificates (PKI). Office Communications Server 2007 R2 requires a public key infrastructure (PKI) to support Transport Layer Security (TLS) and mutual TLS (MTLS) connections. By default, Office Communications Server 2007 R2 is configured to use TLS for client-to-server connections. Office Communications Server 2007 R2 uses MTLS for connections between servers. External connections are secured by Secure Sockets Layer (SSL).
Domain Name System (DNS). Domain Name System (DNS) is required by Office Communications Server and Communicator Web Access. Office Communications Server uses DNS to do the following:
Discover internal servers or pools for server-to-server communications.
Allow clients to discover the Standard Edition server that is used for various Session Initiation Protocol (SIP) transactions.
Allow external servers and clients to connect to Edge Servers or the HTTP reverse proxy for instant messaging (IM) or conferencing content.
Reverse Proxy. A reverse HTTP proxy is required for Edge Server topologies in the perimeter network to support Web conferencing and other features for external users. Because different reverse proxy servers are configured in different ways, this walkthrough does not discuss the detailed steps for setting up a reverse proxy server. For details, see the documentation for your reverse proxy server.
Internet Information Services (IIS). Several Office Communications Server 2007 R2 components require Internet Information Services (IIS). The following versions of IIS are supported for Office Communications Server:
IIS version 6.0 running on Windows Server 2003
IIS version 7.0 running on Windows Server 2008 in IIS 6.0 compatibility mode
Network Protocols. Only IPv4 addresses and networking protocols are supported in Office Communications Server. The dual stack is supported, but IPv6 protocols alone are not supported.
Walkthrough: Hardware and Software Requirements
In This Section
Walkthrough: Hardware Requirements
Walkthrough: Software Requirements
Walkthrough: Hardware Requirements
The hardware requirements for deployment of the three server roles for Office Communications Server 2007 R2 used in this walkthrough are shown in the following tables.
Table 1. Hardware Requirements for Standard Edition and Communicator Web Access
Hardware component / Minimum requirementCPU / Dual Processor, quad-core 2.0 GHz+
4-way processor, dual core 2.0 GHz+
Memory / 8 GB
Disk / 2 x 72 GB, 15k or 10k RPM, RAID 0 or equivalent
Network / 2 x 1 Gbps network adapter
Table 2. Hardware Requirements for Edge Server
Hardware component / Minimum requirementCPU / Dual Processor, quad-core 2.66 GHz+
4-way processor, dual core 2.66 GHz+
Memory / 8 GB
Disk / 2 x 72 GB, 15k RPM, RAID 0 or equivalent
Network / 2 x 1 Gbps network adapter
Walkthrough: Software Requirements
The software requirements for deployment of the three server roles for Office Communications Server 2007 R2 for the deployment in this walkthrough are shown below:
The 64-bit edition of Windows Server 2008 Standard, Enterprise or Datacenter
Office Communications Server 2007 R2
The following operating system updates are prerequisites for deploying Office Communications Server 2007 R2:
Microsoft Knowledge Base article 953582, "You may be unable to install a program that tries to register extensions under the IQueryForm registry entry in Windows Server 2008 or in Windows Vista," at This update must be installed before you install Office Communications Server 2007 R2 Administrative Tools in the following situations only:
On computers that are running the Windows Vista operating system, if you also install Remote Server Administration Tools (RSAT)
On computers running Windows Server 2008, if Active Directory Domain Services (ADDS) administrative tools are installed
Microsoft Knowledge Base article 953990, “AV at mscorwks!SetAsyncResultProperties,” at
Microsoft Knowledge Base article 967674, “Description of the update package for Communications Server 2007 R2, Unified Communications Managed API 2.0 Core Redist 64-bit: April 2009,” at
Microsoft Knowledge Base article 967827, “Description of the update package for Communications Server 2007 R2, Core Components: April 2009,” at
The following components are also required. If you do not have them, Setup will automatically install them for you.
Microsoft .NET Framework 3.5 (64-bit)
Microsoft Visual C++ 2008 redistributable
Walkthrough: Deployment Topology
Before you begin deployment of Office Communications Server 2007 R2, please review the reference architecture shown in the following figure. This deployment uses the Litwareinc.com Active Directory forest. For the purposes of this paper, we assume that the network infrastructure requirements, naming conventions, and server roles are used as shown. For your organization, substitute the relevant information and follow the guidelines outlined in the Walkthrough: Deployment Process.
Figure 1. Reference architecture
Walkthrough: Deployment Process
The deployment process for Office Communications Server 2007 R2 Standard Edition is described in the following table. After completing the installation of Standard Edition, Communicator Web Access server and Edge Server installation procedures follow. It is a good practice to print this table and mark steps as completed as you proceed through the deployment process.
Table 1. Standard Edition Deployment Process
Phase / Steps / Permissions / DocumentationVerify Active Directory Infrastructure requirements / Set domain and forest functional levels / DomainAdmins group / Active Directory Domain Services Requirements in the Planning and Architecture documentation
Prepare Active Directory Domain Services (ADDS) / Prepare the schema, forest, and domain for Office Communications Server 2007 R2. / Member of Schema Admins group and Administrator rights on the schema master
Member of EnterpriseAdmins group for the forest root domain
Member of EnterpriseAdmins or DomainAdmins group / Office Communications Server 2007 R2 Active Directory Guide in the Deployment documentation set
Create and verify Domain Name System (DNS) records / Configure DNS A and SRV records as described in DNS Requirements for Servers. / DNS Admins group / Domain Name System (DNS) Requirements in the Planning and Architecture documentation
Create and Verify DNS Records for Your Server or Pool in the Deploying Office Communications Server2007R2 Standard Edition documentation
Prepare Windows for Setup / Install required Windows Updates, configure Windows Firewall, and then disable all services not required by Office Communications Server. / Administrators group / Prepare Windows for Setup in the Deployment documentation
Install and activate Standard Edition server and applications / Run Office Communications Server 2007 R2 Setup to install and activate Standard Edition server and, optionally, any unified communications applications that you want to deploy. / RTCUniversalServerAdmins group
DomainAdmins group / Install Standard Edition Server in the Deploying Office Communications Server2007R2 Standard Edition documentation
Configure Standard Edition server / Configure settings for the server, including Session Initiation Protocol (SIP) domain, unified communications applications, and client logon settings. / RTCUniversalServerAdmins group / Configure Standard Edition Server in the Deploying Office Communications Server2007R2 Standard Edition documentation
Configure certificates for Office Communications Server / Request a mutual TLS (MTLS) certificate for Office Communications Server, and then assign the certificate to the server by using both Setup and Internet Information Services (IIS) Manager. / Administrators group
RTCUniversalServerAdmins group / Create a New Certificate in the Deploying Office Communications Server2007R2 Standard Edition documentation
Assign an Existing Certificate
Configure the Web Components Server IIS Certificate
(topics in the Deploying Office Communications Server2007R2 Standard Edition documentation)
Start the services / Confirm that ADDS replication has completed, and then start Office Communications Server services. / RTCUniversalServerAdmins group / Start the Services in the Deploying Office Communications Server2007R2 Standard Edition documentation
Validate your server configuration / With the services running, run the validation wizard to verify the configuration of the server. / RTCUniversalServerAdmins group / Validate Your Standard Edition Server Configuration in the Deploying Office Communications Server2007R2 Standard Edition documentation
Create and enable users / Enable users in ADDS so that they can connect to Office Communications Server 2007 R2, and then configure user settings to enable access to features of Office Communications Server. / To create users, DomainAdmins group
To enable users and configure user accounts for Office Communications Server, RTCUniversalServerAdmins group / Create and Enable Users for Office Communications Server
Configure Users
(topics in the Deploying Office Communications Server2007R2 Standard Edition documentation)
Walkthrough: Deploying Standard Edition Server
In This Section