Monthly Archives: September 2009

How to Disable “Schedule A Conference Call” button in Live Meeting Outlook Add-In

Some organizations will deploy LiveMeeting either without the existence of OCS, or without OCS Audio/Video Conferencing being enabled. By default, the conferencing addin for outlook has a Schedule A Conference Call button regardless of the environment you are connecting it to.

There is a registry entry that can be used to disable this button:

1. Locate and then click to select the following registry subkey:

HKEY_LOCAL_MACHINE\Software\Microsoft\Live Meeting\Addins

Note Use this subkey for x86-based systems. If you are running a x64-based system, locate and click the following subkey:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Live Meeting\Addins

2. After you select the subkey that is specified in step 3, point to New on the Edit menu, and then click DWORD Value.

3. Type RemoveConferenceCall, and then press ENTER.

4. Right-click RemoveConferenceCall, and then click Modify.

5. In the Value data box, type 1, and then click OK.

6. On the File menu, click Exit to close Registry Editor.

If you wish to remove this setting, simply change the Value to 0 and the button will be available again.

A full list of livemeeting registry keys can be found here: http://technet.microsoft.com/en-us/library/dd637135(office.13).aspx

tweetmeme_source = ‘winxnetuc’;
tweetmeme_service = ‘bit.ly’;

Advertisements

CWA Error through F5 Load Balancer: Your Connection was ended. Please Sign in Again. (Error Code: 0-1-482)

 

On a recent deployment we deployed CWA internally and externally using ISA Server 2006. The customer decided they wanted to provide high availability to the CWA service, so we introduced a hardware load balancer to provide that functionality. After we set the two servers with identical site settings behind the load balancer we started having users receive this error when connecting to the CWA site:

cwaerror1

At first glance deploying CWA through a load balancer would seem pretty basic, they are websites you access over https, however there is some key information in the R2 Documentation for deploying CWA behind a load balancer. http://technet.microsoft.com/en-us/library/dd441196(office.13).aspx

Communicator Web Access supports most hardware load balancers, provided that the load balancer:

  • Allows you to set the TCP idle timeout to 1,800 seconds (30 minutes). The TCP idle timeout represents the amount of time the server will wait for information during a session. If you are using a reverse proxy server (such as Microsoft Internet Security and Acceleration Server) then the TCP idle timeout on that computer should also be set to 1,800 seconds.
  • Allows you to use a source network address translation (SNAT) pool if you need to handle more than 65,000 simultaneous connections. SNAT is designed to "hide" multiple servers behind a single IP address (that is, a number of servers can be accessed using just one IP address). With a SNAT pool, servers can be hidden behind multiple IP addresses.
  • Allows you to use cookie persistence when configuring session affinity. With cookie persistence, information about the actual Communicator Web Access server being used for a session is stored in an Internet cookie on the client computer. When configuring the load balancer’s session persistence profile it is recommended that you use "HTTP Cookie Insert." With this configuration method, information about the server to which the client is connected is inserted in the header of the HTTP response from that server as a cookie.

Our issue was related to the persistence profile. When a user connects to CWA they must maintain a connection to the same server as the initial connection or it will not work. The persistence profile, using a HTTP Cookie Insert method will enable this persistence.

We were using an F5 BIG IP LTM Load balancer for this deployment, we actually chose “Source Address Affinity”. Below you can seen a screenshot of the persistence profile used in this configuration.

f5cwaconfig

tweetmeme_source = ‘winxnetuc’;
tweetmeme_service = ‘bit.ly’;

A/V Conferencing From External Issue- SIP 403 Forbidden Error

On a recent deployment I ran into an issue where everything was working correctly except an external user trying to join or create an Audio Video Conference. The customer had an enterprise edition consolidated configuration behind an F5 Load Balancer. Doing our initial sip traces we were able to see a 500 error when the external user would try to join or create a conference.

Start-Line: SIP/2.0 500 The server encountered an unexpected internal error

ms-diagnostics: 3080;reason="Internal Error: AddUser failed";source="front end server fqdn"

I removed most of the trace except the important parts. What you will see in the above trace is the SIP 500 error, and then at the bottom the AddUser is failing on the front end server. This exact symptom with an enterprise pool behind load balancers points to this KB article: http://support.microsoft.com/kb/946091. This fix explains an issue with the load balancer being in DNAT mode instead of SNAT mode. However our F5 was using SNAT for all of the OCS traffic, and the pool setting was correctly set to not be in DNAT mode.

Running more traces another error popped up which was a SIP 403 Forbidden:

SIP/2.0 403 Forbidden

SERVER: RTCC/3.5.0.0 MRAS/2.0
ms-edge-proxy-message-trust: ms-source-type=EdgeProxyGenerated;ms-ep-fqdn=Edge Internal interfacefqdn;ms-source-verified-user=verified
Ms-diagnostics: 9006;source="Edge Internal interfacefqdn";reason="Forbidden";component="Media Relay Authentication Service"

This basically means that the front end server is not able to get media relay authentication from the edge server A/V internal interface.

If this is happening you will also see an error in the event logs:

Log Name:      Office Communications Server
Source:        OCS Audio-Video Conferencing Server
Date:          9/25/2009 4:12:14 PM
Event ID:      32018
Task Category: (1017)
Level:         Error
Keywords:      Classic
User:          N/A
Computer:     FRONT END SERVER FQDN

Description:
The Audio-Video Conferencing Server encountered an error when requesting credentials from the A/V Edge Authentication Service.

A/V Authentication Service Service URI sip:EdgeInternalFQDN@swk.pri;gruu;opaque=srvr:MRAS:HqCEupOMck6C3onsDHul1wAA, Reason: The operation has failed. See the exception’s properties as well as the logs for additional information.
Cause: The Audio-Video Conferencing Server cannot communicate with A/V Authentication Service.
Resolution:
Check the A/V Authentication Service is alive and that network connectivity exists.

Connectivity was available through the internal edge VIP as well as each individual edge server’s internal interface. Also, if you ran an A/V Conferencing Validation on each of the front end servers it would succeed on all tests.

I ran through this with PSS and there were two things we discovered. The first potential issue was on the Internal tab setting of the edge server. Per the Microsoft documentation when doing an enterprise deployment the name that should be listed on the “Internal Servers Authorized to Connect to this edge server” setting is the pool FQDN, not each individual front end server. There has been some debate about whether you should add the FQDN of each front end server to this list as well, because we were seeing the front end servers get denied access to the A/V Authentication service we decided to try it anyways.

edgeinternalsetting(Pictures Modified to protect customer info)

The other change that was made was in the forest global settings section. On the general tab you specify your internal SIP domains and you check one for the default routing domain. In this case the customer AD domain was different from the SIP domain, both were listed, however the AD Domain was checked as the domain to be used for the default routing. Once we changed that setting to have the SIP Domain as the default routing domain and restarted the services on the front end servers, A/V conferencing started functioning properly.

globaldomainsettings 
(Pictures Modified to protect customer info)

I am hoping I can remove each setting and try to narrow it down to one ,but either way the internal interface setting has proved to fix some funky issues in deployments, so both of these may want to be set regardless.

tweetmeme_source = ‘winxnetuc’;
tweetmeme_service = ‘bit.ly’;

Join us for a special, invitation-only Microsoft launch event for Maine Information Technology Leaders and Professionals!

clip_image002

clip_image003

Join us for a special, invitation-only Microsoft launch event for Maine Information Technology Leaders and Professionals!

Wednesday, October 28th 9:00-4:00

The Wyndham Hotel, South Portland

Presented by Winxnet, VTEC & Microsoft

Hello,

I’d like to invite you to join a select group of Maine IT leaders to attend the Microsoft New Efficiency launch event in South Portland.  This event will focus on how businesses like yours are using innovations in Windows 7, Windows Server 2008 R2 and Microsoft Exchange Server 2010 to reduce costs and improve productivity.  Microsoft will be the key presenter at this event.  Seating is limited, so please register early to guarantee your seat.  REGISTER NOW!

LAUNCH OVERVIEW:

The New Efficiency – It is about how we can bring costs down and help increase business productivity while increasing IT control and reducing risk. In today’s challenging economy, Microsoft is providing the software innovations you need to help save money and be more efficient today and more effective tomorrow. Come see how these three Microsoft products will help save your business money and improve efficiency.

Windows 7: Optimized Desktop                              

· How Windows 7 can help you reduce management costs, raise productivity as part of the Windows Optimized Desktop, and manage risks through enhanced security and control.

Windows Server 2008 R2: Optimized Datacenter

· How Windows Server 2008 R2 enables dynamic provisioning and management of virtual workloads, reduces energy costs, and combines with Windows 7 to make branch offices more cost-effective and remote workers more productive.

Exchange Server 2010: Unified Communications

· How Exchange Server 2010 can simplify administration and deployment of messaging, improve archiving capabilities, and extend your messaging across multiple access points.

AGENDA

8:15-9:00 – Registration / Check In

9:00-10:00 – Keynote:  The New Efficiency

10:00-10:45 – Solutions for Optimized IT: Introduction to Windows 7, Windows Server 2008 R2, and Exchange Server 2010

10:45-11:45 – Windows 7: Optimized Desktop

11:45-1:00 – Lunch/Solution Showcase

1:00-2:00 – Windows Server 2008 R2: Optimized Datacenter

2:00-3:00 – Exchange Server 2010: Unified Communications

3:00 – 3:45 – Closing Remarks

4:00-5:00 – After Hours with Sponsors

CLICK  HERE TO REGISTER!

I look forward to meeting you in person at the event!

tweetmeme_source = ‘winxnetuc’;
tweetmeme_service = ‘bit.ly’;